Skip to main content
Integrated Healthcare Executive

Audits and Compliance: Ensuring Staff Members Are Accurately and Efficiently Performing Within the Organization

June 2021

Headshot of Amy Turner

In a recent episode of PopHealth Perspectives Amy Turner, director of Advisory Solutions at abeo, discussed auditing in health care, reviewed documentation processes that need to be in place to justify billing and coding decisions during an audit, and provided helpful tips to help health systems and organizations ensure that their staff is ahead of the curve and being as compliant as possible. The following is an edited excerpt from that podcast.

My name is Amy Turner and I currently serve as the director of abeo’s Advisory Solutions division. I am going to explore auditing compliance and other subjects that you and your staff need to be aware of to be as compliant and ahead of the curve as you can be.

I have been a registered nurse since 1989 and am also certified in health care compliance, coding, and internal audit. In my current position with abeo, we provide billing revenue cycle services, business services, and technology services for physicians, both inside and outside the hospital.

Auditing Workflows in Health Care

As far as our Advisory Solutions division, we are focused on helping people to take a deep dive looking at their coding and their documentation. Auditing is different from coding a claim and getting it out the door. We are looking for inconsistencies in documentation and trying to help you align your people, processes, and technology.

What are the workflows? Maybe they are impacting your claim processing. What does the payer regulation say regarding how a claim is being filed? It is a lot of due diligence work. We focus on being proactive with internal monitoring, which is part of the seven steps of an effective compliance plan.

One of the questions I often receive is: how are physicians selected for audit? One of the most prominent ways is that a provider is going to show up is as a data outlier. Auditors are going to look at the bell-shaped curves of how you conduct visits compared to the curves of your peers, and then within the payer itself.

Are you someone that is billing the highest level of visit for every visit if you are not in an office setting? If you process many preauthorizations with a payer, do you have a denial rate that is exceedingly high for your authorization? That could prompt a payer to take a deeper dive and a deeper look.

Another way that people are targeted for audit is due to a whistleblower—for which there are actually financial incentives. However, they do have to be able to present a case to the government that garners interest, but if there is a whistleblower, government intervention is not far behind.

If you are not familiar with what is on the Office of Inspector General’s (OIG) work plan, I would suggest that you take a moment and familiarize yourself with the topics. This is going to cover a large variety of specialties, facility, and nonfacility, but these are some of the things that payers will focus on.

Once the government has identified an area that’s going to hit the OIG work plan, commercial payers may follow suit. That gives you a good idea of where auditing could possibly be focused.

Another area is comparative billing reports, similar to PEPPER reports, but a comparative billing report is more provider oriented. This is another factor for which a provider is compared to their peers and it is measured in percentages.

You are either scoring higher, significantly higher, or lower than your peers. They look at a variety of data points including anything that you ordered. You need to stop and think about your practice in general. What about my practices isn’t consistent with my peers?

They are also going to examine pharmacy claims. This isn’t necessarily just about what you are billing out. For example, we have an opioid epidemic right now—agents are going to look at the data and see how many more fentanyl equivalents you are providing.

The same concept applies for expensive drugs. If they observe a high utilizer of a newer drug on the market, that could probe somebody to question if there are any kickback issues, and/or they’re going to look outside of your claims submitted in your NPI number. 

Audit Varieties

There are different types of audits. General third audits, for example, are just doing their due diligence. Once they find an issue, they will start requesting more records. The hard part is that you don’t always know that you’re being investigated, or your claims are being looked at, because the requests can come in a variety of ways. 

You can have a payer send you a random request for a single claim that they have questions on. They can also request a list of individual clients. They may send you a list and say, “I need these 20 patients’ claims from this specific date of service,” or they may send you something like, “These 20 patients, but I need a year’s worth of claims on each of them.”

Sometimes, we’ll see that with skilled nursing facility (SNF) claims. They request a range of claims because they want to look at the details of how often a patient is being seen in the SNF and whether it’s medically necessary.

There is the case of urine drug testing. If you’ve got many consistent urine drug screens in a row and you are still testing that patient every time they walk in, that is going to be a question of medical necessity. These can start small and grow into something larger. As an example, a client undergoes a Unified Program Integrity Contractors (UPIC) audit. They have only looked at a handful of clients, so they only requested about $2500 in an overpayment. People are going to pay that back and think, “I’m off the hook.”

When you talk to a UPIC, they will tell you—and this legitimately happened—that they requested you do a self-assessment. They’ll say, “You can either self-disclose, or we are going to come back and look at this harder.” Audits are meant to be taken seriously.

Documentation Best Practices

It may sound obvious but if you find out you are being audited, do not panic and start amending records. It is important to send the appropriate records. You want all your documentation to be concise. Make sure, from the beginning, that your documentation supports what you are doing. If you include medical necessity in your encounter note, you can send in that note. 

Also, include a note for services provided. For example, when looking for medical records, I was once told, “It might take a few months for the provider to get the note in there, so we just code it based on what is on the consent form,” which is not appropriate at all.

Spend some time educating your medical record staff on what they need to be cognizant of as they are processing and doing their daily work. Staff should be able to identify the big picture in what records are being requested. Do they have the tools and are they educated enough to do their job? 

Your coding staff also needs to have an open door to go back to you as an administrator or provider and say, “Here’s some of the things that I’m noticing in your documentation.” You want that relationship so you can be clearer and more concise.

If you order a lot of diagnostic tests, document your medical necessity for them. Also, document how tests are impacting your plan of care. If you are in an outpatient office setting, we have new guidelines for 2021 for evaluation and management services.

If you are ordering a piece of durable medical equipment—say, a knee brace—payers have guidelines. The orthotic devices are back on the OIG work plan. This is an area that is fraught with kickback schemes, so you must ensure you are aware of the correct modifiers needed and the medical necessity. 

Make sure that billing is correct to begin with because if you are doing a new procedure, that means somebody else is doing a new procedure. That’s a new technology and could be considered investigational, so payers are going to look at your client.

Are you billing any incident to split shared services? Make sure that your documentation is supporting that. Just because you might be using a third-party billing company doesn’t mean you should not be monitoring yourself.

It might be costly to have someone come to your office and make sure that you have your “Is” dotted and “Ts” crossed. But the expense of an audit plus penalties, fines, and extrapolation over 6 years is going to be much higher than money spent on implementing a compliance plan.

Former US Deputy Attorney General Paul McNulty said, “The cost of noncompliance is great. If you think compliance is expensive, try noncompliance.”

Creating a Compliant Culture

Now, what are some of the strategies that we can employ to convince the partners and stakeholders in the organization to take this compliance in billing seriously?

At conferences, we hear lectures that scare people to death. For some people, the scare tactics get them going. For others, by the time they get scared, it is too late because the audit’s already happening. I like to encourage the proactive vs reactive approach. Sometimes it comes down to the culture of your organization. Do you have a compliant culture? Is the leader of the organization embracing that culture and promoting that culture from within?

Do you have a compliance officer? We are talking a gamut of a large, multi-institutional organization vs somebody who has one physician and one physician’s assistant. You may not have someone whose sole responsibility is compliance, but you can still have that culture. 

Do you have a compliance plan? It doesn’t have to be overly detailed. You want your compliance claim to be something that’s obtainable.

Do you have a way for your employees to be able to voice a concern? You may prevent someone from becoming a whistleblower. 

I think the best way to get people to take this seriously is to lay out some guidelines. Do your homework and educate upfront if you’re going to start doing a new procedure.

It must start at the top and be reiterated consistently. If you are providing that education to your staff, to your providers, to other leaders in your organization, then that’s going to be a much easier way to get people on board rather than panicking.

Final Thoughts

The message that I would like to leave everybody with is do not wait until you are under audit to prepare to be under audit. Think about your documentation and staffing needs ahead of time.

I have heard people say that the next couple of years are going to be dubbed “the years of the audit” because we have so much fraud right now with telehealth and personal protective equipment loans. I believe we are in a good position to motivate ourselves to create those compliant cultures.