HBE is pleased to present the second part of our Compliance Program Recommendations Series. In our first part, we discussed the importance of the ability to access accurate data for analysis and sampling. This week, we are discussing audit design.
The requirement to audit is a familiar element of every compliance program. There is an abundance of guidance and regulation instructing providers about their obligation to conduct auditing. However, there is little that spells out exactly how a provider’s audit program should look in order to be “effective.” Some providers audit as few as 5 records per provider, per year, consistent with the almost 20-year-old OIG Compliance Guidance. Some providers conduct more expansive reviews based on current, published risk areas while others fall somewhere in between and yes, there are still those providers who do not audit at all. We are often asked how many records a provider should review as part of a routine compliance evaluation. The answer: there is not a magic number, you should audit enough to feel confident that you will find the problem(s) that exist.
In assisting clients with important auditing decisions, we often lean in to our IRO experience and look to the most recently published CIAs to identify auditing expectations. As mentioned in the first part of our series, CIAs are government mandated compliance programs, and therefore offer insight in to what the government would reasonably expect as a minimum for any compliance program. As you would imagine, there are some variations in the auditing requirements defined within various CIAs. However, there are minimum requirements that extend across all CIAs that are worth considering when evaluating your own program.
- Minimum sample size of 30 claims, per year
- Claims should be selected from a universe of ALL paid claims
- Additional focused samples should be selected from known, high risk or high error rate services
The sampled claims should be reviewed to determine the following:
- Whether the documentation is adequate to support the claim
- Whether the claim was correctly coded (CPT, HCPCS, units, modifiers, ICD-10, POA)
- Whether the billing provider was reported correctly
- Whether coverage criteria were met
- Whether the services were medically necessary
- Whether the payments received were correct
If errors are identified in the sampled claims you will need to identify the cause of the error(s) and determine the appropriate steps to prevent future errors. You will also need to determine whether the need for additional sampling is required and for any errors resulting in an overpayment, a refund will be required.
It is important to note, for providers subject to a CIA, the government does not consider underpayments when evaluating financial impact or overpayment error rates. Historically, it has been a common practice to “net” underpayments against overpayments to determine compliance risk and corrective action plans. However, the practice of considering underpayments in determining an overpayment error rate was removed from standard CIA language several years ago. The current practice of determining an overpayment error rate is based solely on the pure overpayments in the sample. Identifying underpayments and capturing all revenue opportunities is important to the financial success of any organization, but compliance officers should exercise caution in using those dollars to offset overpayment percentages or reduce compliance risk.
In the next part of our compliance series, we will take a more in-depth look at corrective action plans.