March 2014

Inside Job
By Selena Chavis
For The Record
Vol. 26 No. 3 P. 18

Make the most of internal audit programs to stay on top of the evolving regulatory landscape.

Health care’s regulatory audit front has never been noisier. In fact, there’s palpable acrimony toward acronyms. From MACs and RACs to CERT and the ever-present reach of HIPAA and the Centers for Medicare & Medicaid Services (CMS), HIM departments and hospitals executives must be on guard at all times to avoid the fallout of penalties.

Keeping up with the current compliance challenge and staying one step ahead of new regulations and requirements isn’t for the faint of heart. And while there’s sufficient reason for HIM departments to feel some anxiety about having the CMS knock on their door, most professionals agree that the best defense is to go on the offensive.

Health care organizations that successfully navigate compliance know that it takes a combination of proactive governance and solid internal auditing programs to achieve positive results. Christi Roberts, BS, RHIT, CCA, director of operations for Woodham HIM Solutions, notes that most HIM departments are performing admirably, but it’s not easy. “It’s challenging to keep up. Just your day-to-day workflow to meet your goals makes it difficult to manage,” she says. “As far as giving it the attention it needs, I think it’s a real challenge. They do it because they have to.”

Today’s health care facilities no longer ask the question of whether it’s necessary to have a fully implemented and ongoing internal audit program. It’s simply a must for survival in an industry under increasingly heavy government scrutiny. “Hospitals do a great job of staying on top of it,” says Kelly McLendon, RHIA, CHPS, managing director for CompliancePro Solutions, specifically referencing his experience with HIPAA audits, adding that smaller health care groups and physicians often struggle with ongoing audit initiatives. “Larger organizations just tend to have more sophisticated staff resources to dedicate.”

While each particular audit type has its own nuances, experts say most successful programs sport several key characteristics. Those who have worked in the trenches and regularly consult on how to fully leverage internal auditing initiatives say health care organizations must consider the following best practices.

Narrow the Focus
With so many national audit initiatives converging at the same time, health care providers must identify a starting point and specific areas of focus, according to Melody Mulaik, MSHS, CPC, CPC-H, RCC, president of Coding Strategies, who says adopting a broader perspective becomes overwhelming and taxes resources. “For any organization, you have to think about the purpose of your auditing plan. What is your philosophy as it pertains to audits?” she says, adding that most organizations must identify issues and needs specific to their workflow.

When it comes to coding audits, organizations should determine whether their auditing philosophy will have a general focus based on a specific type of audit—such as recovery audit contractors (RACs)—or if they want audits to concentrate on broader areas such as revenue, quality, diagnosis-related groups, and regional trends. “I see a lot of variation in programs, and some of that is based on what their focus is,” Mulaik points out. For example, in some regions, a facility may choose to align with key areas outlined by the state attorney general.

Other considerations that may come into play are whether to conduct a random audit, in which a representative sample of a facility’s case mix is reviewed, or a focused audit directed at a preidentified problem or specialty.

Prioritize Risks
Because time and resources are scarce commodities in today’s harried environment, audit professionals agree that, alongside an identified philosophy, risks must be prioritized to better develop a realistic plan of action. “It’s always a balancing act,” Mulaik says. “You want to identify the problem areas, but you don’t want to overuse resources for auditing. Look at the minimum needed to be done and the resources needed to accomplish that.”

In the case of an internal HIPAA audit plan, McLendon points to the need to conduct an initial privacy and security analysis to identify risks. Similar analyses can be performed for other HIM audit types. Once the audits are identified, health care organizations can leverage industry-accepted methodologies for calculating risks to better prioritize efforts, he says, adding that “it comes down to looking at the vulnerabilities and impact of each issue to an operation.”

For coding audits, Darlene Hyman, RHIT, CCS, CPC-H, director of education for Auditing and Coding Experts, recommends starting “with the OIG [Office of Inspector General] Work Plan and then RAC, as well as monitoring PEPPER [Program for Evaluating Payment Patterns Electronic Report] to measure your facility’s performance against peers.” Employee, patient, and visitor complaints are other possible risk areas that can’t be overlooked, she notes.

Twana Robtison, CCS, director of quality for Auditing and Coding Experts, says the arrival of anything new, be it staff or codes, can raise a facility’s chances of falling below standard. “Focus on codes within time of change; monitor new employees, new contractors,” she suggests.

Find the Most Effective Approach
Roberts says health care organizations either can take a front- or back-end approach to internal coding audits. In the case of front-end approaches, errors are caught before a bill is processed and released, as opposed to a back-end strategy where errors are identified after the fact. She recommends adopting the former as a best practice even though these workflows can sometimes be time consuming and slow down the process.

“If you do it consistently each month or prebill, you can identify errors before they become an issue,” she explains, adding that even if bills take longer to process, organizations are better off if they can proactively catch errors. “We sometimes conduct peer reviews, which provide the advantage of always having a second set of eyes looking at another’s work.”

While all internal coding audit programs have a slightly different focus, “the basis of any audit should be adherence to CPT coding guidelines and to the ICD-9-CM Official Guidelines for Coding and Reporting,” Hyman says. “The plan can then be broken into sections for each type of audit, with the section containing additional specifics: contacts, request and submission instructions, which departments should be involved in the audit process, etc.”

Dedicate Resources
Having the right team in place is critical to success. For coding audits, experts recommend turning to the HIM department for assistance. “Ultimately, coding directors should head this up, with compliance as a backup,” Roberts says. “Some facilities have an identified auditor on staff, someone responsible for the whole QA [quality assurance] process.”

While HIM likely will drive the process for coding-related audits, privacy and security officers—or someone in compliance—are ideal candidates to lead HIPAA audits, according to McLendon.

In terms of monitoring regulatory changes and staying in tune with the evolving landscape, Hyman suggests having a collective team of experts from inpatient and outpatient coding, billing, and the chargemaster gatekeeper. These individuals should subscribe to the CMS, OIG, RAC, and National Institutes of Health listservs. From there, it’s the team’s responsibility to spread the word about the latest news. “Dissemination of the information obtained from regulatory changes should be covered at a monthly compliance meeting, included in departmental newsletters, and documented in shared applications,” she says.

During the actual audit process, Hyman says it’s vital to have all key stakeholders involved. “Dependent on the scope of the audit, representatives from coding, compliance, case management, billing, and legal should be included to ensure a complete review,” she says, pointing out that consideration also should be given to having external consultants available for nonbiased advice.

Evaluate Processes Regularly
Audits should be viewed on the same level as coding patient records and getting bills out the door, Roberts says, adding that regular reviews and process tweaking must be a priority.

Mulaik agrees, noting that hospitals can’t neglect auditing initiatives despite the onslaught of numerous other projects that may seem more pressing. “Resources get pulled in different directions,” she explains. “If it’s dependent on a particular department or individual to pull data, and they don’t do it in a timely manner, the process will not be as effective as it should be.”

To combat possible neglect, a timeline should be established for how often internal audits will be conducted and a flowchart developed illustrating how the process will take place. Once under way, risks can be reevaluated regularly, and the flowchart can be adjusted, Roberts explains.

Mulaik cautions that while it’s important to be flexible enough with plans to allow for a change in course if necessary, health care organizations should avoid making it a habit to reengineer programs. “Stay focused on the big plan and make adjustments quarterly,” she says. “You can’t get anything done if you are tweaking all the time.”

The frequency of audits depends on many factors, including volume, patient mix, and risk levels. Experts agree that, at minimum, the process should be reevaluated annually.

Tracking and Reporting
Experts agree that documenting workflow processes is an important component of effective tracking. In fact, Hyman says this sort of detail can provide a solid foundation for training new staff. “It can also be beneficial during any external audit, demonstrating the thought processes behind consistent decision making,” she notes.

Mulaik says having a clear understanding of how information gets entered into systems makes the process of identifying where issues occur much easier. “Looking at the flow of data and what systems they go through is so important,” she says. “In hospitals, a lot of errors are process errors.”

When tracking information, Hyman points to the four Ws: who made the error, what type of error, why the error was made, and what corrective action was taken.
Once information is tracked, it can be formatted in a meaningful way in reports and spreadsheets, and used to develop an action plan for improvement. At this stage of the audit process, it becomes important to have management functioning effectively to ensure follow-through of any corrective action, according to McLendon. “A lot of it gets down to reporting and governance,” he says.

Educate, Educate, Educate
Don’t waste the effort and resources put into internal audits by not making the most of the resulting data, experts say. Follow-up education is critical to ensuring future success and measurable improvement, Roberts says. “At the end of any audit, there will always be educational opportunities,” she notes, suggesting that time should be set aside to review the findings, have those in error justify their choices, and educate staff why and where errors occurred.

Education is critical, especially in the hospital setting, according to Mulaik, who points out that because hospital coders typically are generalists, they have a broader view. “The disadvantage is that they don’t always become experts and miss the detail associated with certain specialty areas,” she notes.

Once initial goals are achieved, HIM experts recommend health care organizations take auditing efforts to the next level, identifying new areas of improvement that may not have been part of the initial target.

— Selena Chavis is a Florida-based freelance journalist whose writing regularly appears in various trade and consumer publications covering everything from corporate and managerial topics to health care and travel.

 

AHIMA’S Preparation Checklist
Recognizing the pressures faced by health care organizations that must dig out from under numerous requests, AHIMA suggests the following steps to prepare for government audits:

• Identify who needs to be involved in the process.

• Develop policies and procedures that clearly designate roles and responsibilities for those involved with the audit process, including coders, business office staff who may receive denials, revenue integrity auditors who review records, and HIM clerks who process or copy charts for each request.

• Develop an education plan focused on the need for clear and concise documentation.

• Develop education specific to each department in the revenue cycle process and define the department’s role in the audit program.

• Determine the different types of record requests and their time frames.

• Distinguish the various types of appeals to secure each claim.

— SC