Hospitals: Audits and Compliance
Hospitals are under intense scrutiny. The federal government knows that one sure way to reduce healthcare costs is to get hospitals to lower their costs. Hospitals feel the pinch given the need to generate revenue but know that the federal government is looking over their shoulders to make sure everything is done right.
Hospitals have a significant number of risks. You have to sympathize with the chief compliance officer for any hospital. Aside from a number of regulatory compliance risks (e.g. privacy and data security issues (HIPAA and meaningful use), anti-kickback and Stark law), hospitals have a significant number of payment/reimbursement risks, including quality of care issues, over-utilization, and coding practices, which are all exacerbated by use of electronic health records.
Hospitals have to comply with laws and regulations which govern abuse, fraud and waste. Abuse covers those actions which result in unnecessary costs, services that fall below basic standards or are medically unnecessary. Fraud includes knowing illegal schemes to obtain money from a healthcare program. Waste related to the over-utilization or other practices which result in unnecessary costs or misuse of resources.
Coding of services is a core function for hospitals, which requires compliance with complex regulatory requirements and ethical challenges. Given the complexity of the issue and the risks, auditing is an essential proactive tool.
Hospitals are under the gun from Recovery Audit Contractors who are conducting audits of Medicare payments under Parts A (hospitals) and B (doctors). RACs are contractors who are paid a “bounty” fee, a certain percentage of “recoveries” for overpayments of hospitals and doctors. They also identify services for which hospitals were underpaid.
Through June 2012, RACs identified over $1.7 billion in overpayments. RACs targeted medical necessity documentation for cardiovascular procedures as the most recurring problem. The RACs also noted the improper billing for minor surgical procedures as in-patient procedures.
The RAC audit process is painful and time-consuming. RAC auditors begin with a defined look-back period. RACs are required to make referrals to CMS for potential fraud and to Quality improvement Organizations for potential quality issues. RACs are encouraged to use data to extrapolate their findings. Initially, RACs focused on acute care providers but their mandate has been expanded to include review of all types of claims for all types of services.
Chief compliance officers work closely with coding and finance professionals in their hospitals to prepare for the auditing process. Some hospitals conduct their own internal audits as often as every quarter but most stick to a bi-annual schedule.
In designing an audit program, hospitals have to focus carefully on the sample size and target specific risk areas (e.g. observation periods, one and two-day stays, and medical support for procedures to avoid over-utilization risks). The audit report should lead to a specific action plan which should be implemented quickly.
Hospitals want to stay out of the hot seat. Regular audits and actions plans are a basic procedure which should be the foundation of every hospital’s compliance plan.