May 29, 2009

RAC Internal Monitoring and Auditing: Avoiding Financial Risk

By

bbissey120dsBy: Bret S. Bissey, MBA, FACHE

 

For the last two articles I have written for the RAC Monitor, we presented a thesis that the elements of a Model Compliance Program, as detailed to us on numerous occasions by the Department of Health and Human Services, Office of Inspector General's office, does provide to healthcare providers an appropriate structure from which to prepare for RAC. As a refresher, the seven elements of a model compliance program are as follows:

 

• Designation of a compliance officer and compliance committee;
• Development of compliance policies and procedures, including standards of conduct;
• Development of open lines of communication;
• Appropriate training and education;
• Internal monitoring and auditing;
• Response to Detected Deficiencies
• Enforcement of disciplinary actions

 

I am asked frequently, "which is most important element" or "do I really need to complete all elements." My responses include that I don't think you can say that one element is always most important and certainly "yes" you need to address each element or you are opening your organization up for increased risk. Having said this, I must comment that a very important element for all of your compliance efforts is always your ability to do accomplish effective internal monitoring and auditing.

 

Auditing/Monitoring and RAC

 

For those of us assigned to manage or prepare our organizations for RAC, one of things that keep us "up at night" is asking the question, "how much risk do we have with RAC?" Like with all risk areas the way to answer the question with clarity and a sense of validation is to perform an assessment.

 

This does not just apply to healthcare but many other areas of life as well. Has anyone added a teenage driver to their insurance policy lately? Your coverage rates increase significantly because the insurance company knows (statistically based upon data) that there is an increased likelihood of a traffic accident occurring with this driver on your policy. In order for the insurance company to make that determination regarding how much risk that young driver presents they need to perform an assessment of their historical claims data.

 

Back to healthcare and RACS - one of the methods that healthcare systems are adopting to assess their RAC risk is to perform audits. When performing audits there are a number of different factors to consider (sample size, focus, who is the auditor, review time period, etc...).

 

What Are You Doing?

 

I would suggest, however, that before those items are addressed in your organization you need to answer a very important question; "what are you going to do with your audit results?" Many organizations understand that via their contract with Medicare called the "Conditions of Participation" and their Compliance Program framework that if they find (have knowledge of) a billing inconsistency or claims that don't comply with the Medicare rules that they must repay the owed monies and put a process in place to assure correct claims are being submitted in the future.

 

Understanding this requirement, some organizations and many in the legal profession routinely advise that when performing audits, whose findings may potentially present a financial risk to the organization, that the practice of engaging the audit through an attorney who represents the organization be considered. This is called "Attorney-Client Privilege." When performing RAC or other audits we are routinely asked our opinion of this concept, we consistently respond that this is a matter you should discuss with your Counsel.


 

What is Your Focus?

 

There are several considerations to think about in regards to initiating a RAC audit. What is the focus of your review? Do you have the internal expertise to decide that focus? Will you use the findings of the RAC demonstration project to direct that focus on cases to validate medical necessity and proper coding? There are many alternatives to discuss. One consideration is to review available data mining tools to try and identify your cases that may also be identified by the RAC when they visit your town.

 

You will need to determine how many accounts to review, whether this number is representative of your billing universe or just a random sample. These are questions that need to be decided and reviewed to make sure you are making the proper decisions. There is no perfect answer for every provider. My experience is that these decisions always are unique to each different facility. The key point, however, is that these questions need to be asked so that your institution is proceeding on the proper path in developing your RAC audit plan.

 

Internal Audit Team

 

One thing that is not unique to each facility is that you must be confident that your audits are being performed by individuals who are "independent." Many hospitals have developed internal audit departments that are able to perform reviews that are defined and structured as being independent. In addition, you must be confident that your internal audit team has the appropriate skill set to perform the varied RAC related audits. For those facilities that do not have the resources to perform the audits internally consideration should be given to sub-contracting this function or a portion of this function. When selecting a vendor you want to make sure you are engaging a firm that has RAC experience and the skill set of Clinical Auditors who will give you the service and skill set you need. You will want to make sure your audit results can be matched with confidence against the RAC just in case any audit findings differ.

 

Hopefully, this information can assist you to serve as a starting or refresher point for the goals of your RAC preparation efforts. In future sessions we will continue to discuss other aspects of performing your RAC Internal Monitoring and Audit activities.

 

About the Author


Bret S. Bissey is a nationally recognized expert in healthcare compliance. He is the author of the Compliance Officer's Handbook, published in 2006, and has presented at more than 40 regional and national industry conferences/meetings on numerous compliance topics. He has over 25 years of diversified health care management, operations and compliance experience.

 

###

 

Mr. Bissey is a Director at IMA Consulting

Contact the AuthorAbout the Author

Bret Bissey, MBA, FACHE, CHC

A veteran in healthcare compliance (since 1997), Bret Bissey has served as senior vice president and chief ethics compliance officer at UMDNJ in Northern New Jersey. The author of the Compliance Officer’s Handbook, he has been a thought leader and popular speaker at industry conferences and meetings for many years. Bissey has more than 30 years of diversified healthcare management, operations, consulting, and compliance experience.

This email address is being protected from spambots. You need JavaScript enabled to view it.