don’t let auditors in at · $1 trillion in hhs spending, including grants and contracts hhs oig...
TRANSCRIPT
3/16/2016
1
Don’t Let Auditors Cash In At Your Table:
EFFECTIVE AND EFFICIENT BILLING COMPLIANCE PROGRAM
STRATEGIES
PresentersGloria L. Jarmon
CPA, CGFM, Deputy Inspector General for Audit Services, HHS, OIG
Timothy Cleary
CHPC, CHRC, SVP Compliance, Internal Audit & Privacy, Health Quest Systems Inc.
Tcleary@health‐quest.org
Dara Quinn
MHA, CHC, CHPC, VP Compliance and Internal Audit, CarePoint Health
Learning Objectives
Provide an introductory overview of the HHS OIG and its mission
Explain through a real time tutorial where and how to utilize the tools on the HHS OIG website
Construct a “toolbox” of information and resources you can take with you to assist with future compliance
3/16/2016
2
What is the HHS OIG?Mission: To protect the integrity of programs and the welfare of the people they serve
What does the HHS OIG oversee?
100+ HHS programs, including those operated by the Centers for Medicare & Medicaid Services, the Office of the National Coordinator, the National Institute of Health, the Center for Disease Control, and the Food and Drug Administration
$1 trillion in HHS spending, including grants and contracts
HHS OIG Components
3/16/2016
3
HHS OIG Components
HHS OIG Components
HHS OIG Components
3/16/2016
4
HHS OIG Components
How does the HHS OIG accomplish its mission?
Prevent/Inform
Detect
Enforce
Prevent/Inform
Reports and recommendations
Industry guidance
Integrity agreements
“Sentinel” and deterrent effect
External outreach (e.g., congressional testimony and media interviews)
3/16/2016
5
Detect (how we identify work)
Risk analysis
Results of audits and evaluations
Self‐disclosure of potential legal violations
Complaints, referrals, and requests
Mandated work
Enforce
Civil monetary penalties
Federal health care program exclusions
Recommendations for affirmative litigation and suspension and debarment
Federal, state, and local partnerships
The OIG Comes Knocking…Now What?You Should Understand:
Whether this is an audit or investigation
What the scope of the audit is
What the potential exposure is for the findings
What kind of team you need to assemble
What the auditors would like you to do
That if problems are found, the audit could expand to include more records or issues
3/16/2016
6
What can be done to ensure compliance?
Involvement from the Board of Directors
Effective communication across the organization
Continually review procedures and be proactive
Read the OIG Workplan prior to audit
Do a risk assessment
Be organized and proactive
Be aware of common issues found in audits of your type of organization
Your ToolboxTRAINING
A Roadmap for New Physicians
Compliance Program Guidance
Provider Compliance Training
Guidance for Board of Directors
Self‐Disclosure Protocol
PUBLICATIONS
Workplan
Top Management Challenges
Watch the headlines
A Roadmap for New Physicians
3/16/2016
7
Compliance Program Guidance & Provider Compliance Training
Guidance for Board of Directors
Self‐Disclosure Protocol
3/16/2016
8
Workplan
Top Management Challenges
Headlines
3/16/2016
9
Questions
Stay Connected:
OIG Hospital Compliance Reviews
Provider experiences with OIG Hospital Compliance Reviews
• Audit notice and initial request received via telephone call and facsimile
• OIG is typically onsite within 2‐4 weeks after this notification
• The initial OIG request typically includes 200 or more records, with larger facilities typically being asked for 300 or more
− 66% Inpatient
− 33% Outpatient
• The OIG audit team is typically on‐site for several weeks, but this can vary
• OIG typically expects the provider to review all of the records first and have the provider complete an OIG worksheet/audit tool
• The review may be expanded while the OIG is on site. All cases where the OIG requires a medical opinion will be sent to theirindependent medical review contractor or, in some cases, the hospitals’ jurisdictional MAC
• In addition to agreeing or disagreeing with the findings, providers are asked to provide brief written “corrective action plans” to the OIG for each audit area
• Hospital Compliance Reviews use statistical sampling when the OIG deems it appropriate and necessary to do so. The results of any statistical samples may be extrapolated. The OIG will explain the sampling methods used in the audit and how the results will becalculated.
• Depending on the error rates noted, the OIG may request that the provider conduct a follow‐up self‐audit of one or more areas using OIG‐approved sampling methodology and extrapolation over the designated review period (e.g., modifier 25 reviews)
3/16/2016
10
OIG Hospital Compliance Reviews –Inpatient Risk Areas
• Short hospital stays (0 and 1 day)
• High‐severity level MS‐DRGs
• Same day discharge and readmission
• Transfers to post‐acute care providers
• Transfers to inpatient hospice care
• Manufacturer medical device credits
• Claims paid amount in excess of claims charged amount
• Claims with payments greater than $150,000
• Blood‐clotting factor drugs
• Hospital–acquired conditions and present on admission reporting
• Outlier payments
OIG Hospital Compliance Reviews –Outpatient Risk Areas
• Observation outlier payments
• Facility E&M coding and “new” vs. “established” patient
• Manufacturer medical device credits
• Services billed with modifier 59
• E&M services billed with surgical services (modifier 25)
• Claims paid amount in excess of claims charged amount
• Outpatient services billed during inpatient stays
• Thee‐day payment window rule
• Surgeries billed with units greater than one
• Services billed during skilled nursing facility stays
• Outpatient dental services
Other OIG Risk Areas
o Inpatient psychiatric facility emergency department adjustments
o Skilled Nursing Facility payments for ultra high therapy
o Inpatient Rehabilitation Facility documentation requirements
o Outpatient brachytherapy reimbursement
o Outpatient claims billed using “J” codes
o Observation services during outpatient visits
o Hemophilia services and septicemia services
o Intensity modulated radiation therapy planning services
o Outpatient claim payments greater than $25,000
o Medical device credits for replaced medical devices
o Medicare payments during MS‐DRG payment
o CMS validation of hospital‐submitted quality reporting data window
o Skilled nursing facility prospective payment system requirements
o Orthotic braces – reasonableness of Medicare payments compared to amount paid by other payers
o Increased billing for ventilators
o Physicians – referring/ordering Medicare services and supplies
o Anesthesia services – non‐covered Services
o Part B payments for drugs purchased under 340B program
3/16/2016
11
What can you do to prepare?
Utilize data which exist within the organization to enhance risk assessment processes
Establish processes to identify, mitigate and track compliance risks
Educate departments on recent audits, initiatives and settlements with other providers
Implement and audit policies and procedures for billing compliance with rules and regulations
Development and implement department-specific compliance plans and self-monitoring based on risks
Implement self-monitoring tools such as audit programs in selected departments
Arm yourself with InformationoData‐mining
oBenchmarking
oProbe reviews
oSurveys
oQuestionnaires
Why data mining? Everyone else is doing it…
MACs
ZIPCs
OIG
DOJ
Other
State RACs
MICs
RACs
Data analytics
MACs
ZIPCs
OIG
DOJ
Other
State RACs
Data Mining
MACs
ZPICs
OIG
DOJ
Other
6
3/16/2016
12
Monitoring Internal Data
• Stop focusing on the detail for a little bit to focus on the bigger picture• Pool data from multiple audit periods
• Look for trends that may not otherwise be apparent
• Put the data into a format that can be understood and digestible to leadership and physicians e.g. dashboard
• Identify data currently being used for other reasons that can be repurposed/mined by compliance/internal audits
• Run editing and denial reports • PEPPER Reports
34
Monitoring Internal Data
•Use it to grab the executive and physician audience before focused training is provided
•Everyone’s view of the same piece of data is going to be slightly different
•But at least we are all looking at the same data and talking about the issues
•Looking for potential lost revenue as well as potential overpayments
•Establishing tolerance levels of what is a “norm” is also necessary to manage and not micromanage the data.
35
Data Mining at the “Macro” Level
•Understand existing data sources and pitfalls associated with each source (e.g., late charges, downstream edits).
•Select the source that best meets your objective for the specific initiative underway (e.g., data by revenue and usage cost center vs. final billed data).
•Identify key data elements that will help identify high risk areas and ensure they are included in queries.
•“Clean” the data (e.g., remove duplicates) to facilitate accurate conclusions.
•Although “blind” applications of data mining can work to identify risks, it can also create more questions than answers in the end.
•Consider risk when determining areas of focus (e.g., services for which payment is bundled vs. services with high dollar pass through payments).
Tip: Clearly define goals and stay on track
3/16/2016
13
Data Mining at the “Micro” Level
Applicable to isolated areas or departments (e.g., laboratory billing). Consider the following examples:
� Obtain annual revenue and usage data for the department and sort by CPT code/Modifier and revenue. Identify trends and outliers, for example:
�Most frequently used codes Highest revenue codes High frequency modifiers and associated CPT codes
Partner with clinical department management in reviewing these items to assess reasonableness and follow up on any unexplained trends or aberrancies.
� Obtain claims data for a three month period and identify It relational characteristics within billing. For example, look for the following:
◦ Codes that most often appear together or appear with certain modifiers.
◦ Codes that may not be within the specialty you are reviewing but may indicate an error.
◦ Codes associated with high dollar services or stringent payment policies.
Use results to compile a list of potential aberrancies or errors. Be realistic in terms of the size of this list, focusing on higher risk or impact items first.
Data Mining: Other Guiding Principles
•Always verify/test the data before sharing it with key constituents.
•Consider potential risks before spending a lot of time analyzing data that has low risk impact.
•Provide context to users especially for data involving complex issues to ensure avoid misnomers or incorrect conclusions.
•Research external benchmarks available and use these whenever possible.
•Establish a process to follow up and make sure errors identified are corrected appropriately going forward.
38
Benchmarks•PEPPER Reports
•Physician Benchmarking of E&M Services for same specialty against peers
•Edits and denials reports
•Incomplete record reports
3/16/2016
14
Compliance Program Structure
•Health‐system Corporate Compliance Program
•Hospital‐based Compliance Program
•Department Specific Compliance Program •Self‐Monitoring – Reporting •Responding to systemic issues
Risk Assessments - Purpose
The objective of a risk assessment is to:
• Assess high risk areas within a selected department
• Provide support to management in mitigating these risk
• Provide assistance in establishing a compliance plan/plan at a corporate and department level
RISK ASSESSMENT
• Perform the risk assessment utilizing department‐specific, compliance‐risk questions.
• Question Sets are based on documented historical information and present compliance concerns of government enforcement agencies including:
•The Centers for Medicare and Medicaid Services• Office of Inspector General• Department of Justice
3/16/2016
15
Sample Tools•Risk Assessments
•Self‐monitoring tools
•Reporting tool
•Questionnaire
3/16/2016
16
3/16/2016
17
Questions
?