CERT Audit 2026: The 6 DME Documentation Gaps Medicare Keeps Finding
Medicare's Comprehensive Error Rate Testing program flagged DMEPOS claims at some of the highest error rates in the program's history last year. The failures aren't complex fraud — they're documentation gaps your intake team could fix before the claim ever goes out.
April 2026:CMS's latest CERT report shows DMEPOS with an improper payment rate significantly above the Medicare fee-for-service average. The primary driver in over 70% of cited claims is not fraudulent billing — it is insufficient documentation. Suppliers selected for CERT review have 45 days to respond with a complete medical record. Many cannot locate or assemble what they need in time.
What the CERT program actually is — and why it matters right now
Most DME billing teams know what a denial is. Fewer track the other cost center sitting quietly in their operations: the CERT audit. The Comprehensive Error Rate Testing program is CMS's mechanism for measuring Medicare's improper payment rate — but for the individual supplier selected, it functions as a retroactive documentation review with real repayment consequences.
CERT contractors pull a random sample of paid claims each year and request the full medical record that supported them. If the documentation provided does not meet CMS's coverage and policy requirements — regardless of whether the patient genuinely needed the equipment — the claim is classified as an improper payment and the supplier faces a repayment demand.
CERT doesn't audit for fraud. It audits for documentation. And most of the time, the documentation exists — it just can't be found fast enough, or it arrived incomplete in the first place.
The distinction matters. In the majority of CERT findings against DME suppliers, the patient's medical need was legitimate. The equipment was appropriate. The claim was properly coded. What failed was the paper trail — missing signatures, outdated CMNs, clinical notes that didn't explicitly support the ordered diagnosis, or prior authorization letters that had expired before the delivery date. These are not billing errors. They are documentation management failures, and they are entirely preventable.
Why DMEPOS is disproportionately targeted
DMEPOS has consistently appeared at the top of CMS's improper payment categories for one structural reason: the documentation requirements are more complex than almost any other Medicare benefit, and they are highly variable by equipment category, payer, and Local Coverage Determination. A claim for a power wheelchair and a claim for a urological catheter resupply both land in the same "DMEPOS" category — but they have entirely different CMN requirements, face-to-face visit windows, LCD criteria, and physician documentation standards.
What looks like an industry-wide compliance failure is actually a documentation infrastructure problem. Suppliers who process dozens of different equipment types across multiple payers are managing a matrix of requirements that is nearly impossible to apply consistently by hand. The inevitable result is variability — and variability is what CERT catches.
The six documentation failures CERT cites most often in DME claims
Based on CMS CERT findings and Medicare contractor audit reports, the following gaps account for the overwhelming majority of DMEPOS improper payment classifications. These are not edge cases — they are the routine failures that accumulate when documentation is collected at receipt but never validated against payer requirements before the claim goes out.
| Documentation Failure | What CERT Looks For | Most Affected Categories | Audit Risk |
|---|---|---|---|
| CMN incomplete or outdated | Fully completed sections, valid physician signature, dates within required timeframe, diagnosis matching HCPCS code | CPAP, Home Oxygen, Power Wheelchairs, Enteral Nutrition | High |
| Face-to-face documentation absent or insufficient | Encounter note from treating physician within required window, explicitly documenting functional limitation for equipment | Power Mobility, CPAP, Home Oxygen, Orthotics | High |
| Clinical notes don't support the LCD qualifying diagnosis | Notes must demonstrate the specific clinical threshold required under the LCD — not just a matching diagnosis code | Home Oxygen, CPAP, Power Wheelchairs, Wound Care | High |
| DWO missing required specificity | Quantity, product description, provider signature, date. 'As directed' or open-ended quantities are not accepted | Urological Supplies, Diabetic Supplies, Ostomy, Wound Care | High |
| Prior authorization expired or mismatched | Authorization active on date of service — not date of order. NPI on auth must match the billing NPI exactly | Power Mobility, High-cost Infusion, Custom Orthotics | Moderate |
| Records cannot be produced within 45-day window | CERT requires the complete medical record within 45 days. Unindexed files fail on retrieval, not content | All categories — highest risk for high-volume fax intake | High |
The last row in that table deserves particular attention. An increasing share of CERT findings in recent years are not documentation failures in the traditional sense — the record exists, the content is adequate, but the supplier cannot locate and produce it within the response window. For DME operations still running primarily on paper and fax, record retrieval under audit timelines is a serious operational risk that has nothing to do with clinical appropriateness.
Not sure where your documentation gaps are?DocuFindr offers a documentation readiness assessment. We map your current intake workflow against the CERT and LCD requirements that most commonly drive findings — before an audit letter arrives.
Book a Readiness Assessment →The intake moment that determines your audit exposure
Here is what most DME operations get backwards: audit risk is set at intake, not at billing. By the time a claim is billed and paid, the documentation file is fixed. If it was incomplete when the order was received and not corrected before submission, the gap is baked in. When a CERT contractor requests that record months later, nothing can be changed retroactively.
The practical implication is that every file that enters your intake queue is either building audit resilience or accumulating audit liability — and most operations have no systematic way to tell which is which until a denial or a CERT letter forces the issue.
By the time a CERT letter arrives, the documentation file has been closed for months. The only moment you can fix it is before the claim goes out — not after it's paid.
This is not a criticism of intake coordinators. The volume of documentation types, the payer-specific variation in requirements, and the throughput expected of intake teams make systematic validation by hand functionally impossible at scale. A coordinator processing 80 to 120 files a day cannot cross-reference every CMN against its LCD criteria, verify every prior authorization against the submission NPI, and confirm every F2F note is within the required encounter window — not without a system that surfaces those gaps in real time.
What audit-resilient documentation practices actually look like
The following checklist covers the documentation standards that CERT reviewers apply. These are not aspirational standards — they are the minimum threshold for a claim to be classified as properly supported under Medicare's current coverage policies.
CERT-Ready Documentation — Intake Checklist
Three actions worth taking before the next CERT cycle
You cannot predict whether your claims will be selected. You can control how well-documented they are when they are. These three steps have the highest return on the time invested:
1. Run a retroactive review of your last 12 months of paid claims against the checklist above
Pick a sample of 20 to 30 paid claims across your highest-volume equipment categories and pull the documentation file for each. Apply the CERT standards — not your internal intake standards — to evaluate whether each file would survive a documentation request. The gaps you find in this exercise are the gaps that are already in your live claim population.
2. Map your equipment categories to their specific LCD coverage thresholds
Most DME operations validate against a single internal checklist. CERT reviewers validate against the LCD. If you supply three different equipment categories under three different LCDs, your intake team needs to validate against three different clinical thresholds — not a consolidated generic list. Identifying where your current validation diverges from LCD standards is the most direct path to reducing audit exposure.
3. Assess your record retrieval capability, not just your documentation quality
Ask yourself: if a CERT letter arrived today for a claim billed eight months ago, how long would it take your team to locate, assemble, and transmit that record? If the honest answer is "more than a few hours," your retrieval infrastructure is an audit risk independent of your documentation quality. Digital indexing and centralized record storage are not just operational conveniences — they are audit defense mechanisms.
CERT selection is random. Documentation quality is not. The suppliers who emerge from CERT reviews without repayment demands are not the ones who got lucky — they are the ones whose intake workflows produced complete, LCD-compliant, retrievable records on every claim.
Let DocuFindr assess your audit readiness — before CMS does
We work with DME suppliers and home health agencies to validate documentation completeness at intake, map clinical records against LCD coverage criteria, and build retrieval infrastructure that holds up under CERT timelines. If you want to understand your current exposure, we'll walk through it with your team.