Do you understand your organization’s compliance risk?

In the middle of a busy day, most physicians are thinking about their patients, not about their practice’s compliance risk.

Not enough people – even at the executive level of health systems – worry about compliance risk on a daily basis. It’s easy to think an audit won’t happen to you.

Unfortunately it’s not uncommon – for even well-respected organizations – to receive a negative audit outcome. Last year, a leading physician management company was fined $60 million by CMS. Don’t wait until it’s too late. Here are the organizational characteristics that increase compliance risk, and four steps you should take to mitigate risk on an ongoing basis.

What increases compliance risk?
Organizations with disparate EHRs and geographically diverse operations are at a heightened risk. The most vulnerable organization type is physician groups because they employ so many different providers who practice in multiple facilities but have centralized billing. These companies may not have easy access to physician documentation, or may not have access at all, especially if they’re working in the subacute market.

Other types of healthcare organizations should worry about compliance risk too. Payers are better at analyzing large volumes of claims data than in the past, making it easier for them to identify discrepancies that lead to an audit. In a research survey of 63 healthcare executives conducted by Ingenious Med last year, more than half (54 percent) of respondents were not highly confident in their ability to immediately retrieve clinical documentation to support clinician charges in the event of an audit. It was surprising that, even though they’re spending significantly on leading EHRs, these organizations still don’t feel like they’re getting the level of compliance security that they need. Physicians and administrators should not assume their EHR will take care of coding and documentation compliance. Instead, take these four proactive steps to safeguard yourself against a negative audit outcome.

What steps should be taken to minimize this risk?

1. Conduct internal audits
The best way to prepare for an external audit is to conduct periodic internal audits. However, this seems to be the exception rather than the norm. I’ve heard customers say they do not audit because of a lack of time and resources, but by allowing themselves to be reactive they are running the risk of being hit with fines. Don’t fall into this trap.

David T. Womack, president and CEO of Practice Management Institute, noted in a recent company announcement, “Many practices don't realize that if you are billing Medicare, you are required to have a working compliance plan that includes regular auditing and monitoring of claims.”

Audits should be initiated and led by the director of revenue cycle management or another executive annually. A good rule of thumb recommended by the Office of the Inspector General is to audit 10 visit notes per provider per year to ensure coding is accurate. Putting a compliance plan in place that includes internal audits takes time and resources, but it’s the best way to prevent a negative external audit outcome.

2. Benchmark compliance to identify outliers
A second way to minimize risk is to measure, analyze, and benchmark individual physician compliance. By looking at diagnosis codes at multiple sites across the system organizations can filter out physicians who might be continuously coding at a higher level than his or her peers.

In a physician-to-physician comparison, an administrator can compare evaluation and management, or E&M codes, across several dimensions – by history and physical examination, discharge, or progress note, or by the provider’s total RVUs over a period of time. The administrator can then guide the internal audit to focus on certain physicians and pull specific documentation rather than conduct the exercise for the entire physician pool. Having the right tools to conduct this kind of analysis quickly and easily increases the effectiveness of internal audits and can significantly reduce compliance risk.

3. Train physicians how to code accurately
This is the easiest, least time-consuming activity that does the most to minimize compliance risk – but it’s shocking how often organizations adopt a culture that encourages under- or over-coding. In my own experience as a nurse practitioner in the emergency department, I was told to make everything a level three because most of the time that’s where the encounter would fall. That was the extent of my training on coding. The expectation was that the coder would scrub the charge and match the documentation. On the other hand, some physicians rely on their EHR’s template to guide their coding. This is problematic because EHR templates can prompt the physician with questions that result in higher than necessary coding, rather than guiding the physician to select an appropriate code based on actual services rendered. Reliance on coders and EHRs both expose the organization to compliance risk – after all, no one understands the patient’s condition and the acuity of care actually administered better than the physician.

Often, coding is on-the-job training, which means providers may actually get no training at all. Instead, giving physicians the tools they need to capture their own charges easily and accurately, with the right documentation, ensures their coding practices don’t become a compliance risk down the line. This allows the organization to bill the right amount for the encounter and eliminates an administrative and cost layer – the coders. It can also become part of a strategic move to centralize governance over billing.

4. Capture documentation efficiently
Organizations that struggle with accessing patient medical records across facilities are at higher risk because of the potential lack of clinical documentation needed to support claims. This was the primary driver of the $60 million fine I referenced earlier. Shipping or faxing documentation can be time consuming, and the lag between when services are rendered and when documentation is submitted can slow the revenue cycle. Secure digital image capture for clinical documentation makes the clinical note immediately accessible where EHR integrations aren’t feasible, mitigates compliance risk, and optimizes the revenue cycle by allowing payment to happen more quickly.

It’s easy to read the headlines about OIG audits and think, “That organization must have done something wrong – that would never happen to my organization.” Unfortunately, that mindset is all too common. The organization that was fined is extremely organized and innovative and is a market leader amongst other physician management groups. If this can happen to them, it can happen to you, too. Protect your organization against compliance risk by conducting internal audits, and by arming yourself with the proper tools to benchmark compliance, code accurately, and ensure efficient documentation capture. A little extra work up front can prevent a very costly fine in the future.

Felice Felser, MBA, MSN, APRN, is a Senior Product Manager at Ingenious Med.

The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars