MDaudit Road MapPreparing for Change: 7 Steps to Risk-based Audits

ROAD MAP

1

Six out of ten Chief Audit Executives identified an increased focus on risk management as their top initiative in a recently conducted survey. That should come as no surprise given the increased onslaught of governmental, commercial and performance-based audits.

Preparing for Change: 7 Steps to Risk-based Audits

From fiscal year (FY) 2009 through FY2013, recovery auditor reviews resulted in a total of $5.4 billion returned to the Medicare Trust Fund and over $350 million paid to Medicare providers for underpayment. The recent doubling of fines under the False Claims Act means you can be hit with a $20,000 penalty for a single mistaken claim.

But it’s not just compliance risk that worrisome. Ensuring proper billing and claims submittals also affects your revenue cycle. Incorrect coding and insufficient charge capture can result in missed or under billing for services performed and can negatively impact cash flow and the bottom line.

As a result, more organizations are shifting from scheduled, reactive audits to a proactive, risk-based audit program. With only so much time available for auditing, it’s critical for organizations to target specific areas of interest and not devote time to areas with little or no significant impact. Moving from an annual audit program to a risk-based audit plan could be one of the most important moves you can make to defend against the siege of compliance challenges.

Transitioning to a risk-based auditing program is a significant change for most organizations and you may not be sure where to begin. Here are seven steps to help you implement the shift.

Annual Auditing

• Reviews all providers/areas over a 1-2 year period

Risk-based Auditing

• Focuses on specific practices/codes of potential negative issues

• Performed on an ad-hoc, unscheduled basis

• Zero in on trouble areas regardless of location or provider

2

1. Establish your transition teamThe move to risk-based auditing is an organization-wide shift and is most effective when both the compliance and revenue cycle audit teams are involved. Breaking down silos should be your fi rst order of business since everyone in the organization needs to be committed and pulling in the same direction. The fi rst step in accomplishing that goal is to make sure the transition team encompasses representatives from each group.

Consider including members of your internal IT group as well as a representative from your system vendor. They know the capabilities of your auditing software and will be critical in helping to integrate the technology with the decisions you will need to make. If there are limiting factors in the software, it will be crucial to understand and resolve at the beginning.

The transition team needs to work closely with all stakeholders to gather feedback and gain commitment from the entire organization.

2. Review your existing audit planBefore you can design your future state you need to review your existing audit plan to establish a baseline. This will provide you with valuable insight into what pieces of the current plan are working effectively and should remain active in the new program.

This is a good time to consider potential redesign and of your current compli-ance process and methodology and possible updating based on a best practice analysis. This would include reviewing existing audit standards and development of an audit standards reference manual if one doesn’t exist.

This will also give you a good idea of what resources both the compliance and revenue cycle audit groups are expending and how they can most effectively be deployed when risk-based auditing is included.

Preparing for Change: 7 Steps to Risk-based Audits

3

Preparing for Change: 7 Steps to Risk-based Audits

3. Develop your new audit planIt’s not realistic or prudent to totally move from traditional to risk-based audits all at once. It is more likely that the two audit tracks will exist together in your new program. Over time, you will probably see a significant shift to risk-based but traditional auditing will still have a place in your overall auditing program.

When developing your new risk-based audit plan, it’s often helpful to engage the expertise of a third party consultant with experience in audit program implementation. A partner can help lead you through the decision making process when considering key areas including system settings, audit escalation plans, new provider onboarding process, risk area identification methodology, suspending and releasing claims, data sources and resource assignments.

KEY AREAS OF AUDIT PROGRAM:

SYSTEM SETTINGS

AUDIT ESCALATION PLANS

NEW PROVIDER ONBOARDING PROCESS

RISK AREA IDENTIFICATION

SUSPENDING AND RELEASING CLAIMS

DATA SOURCES

RESOURCE ASSIGNMENTS

4

Preparing for Change: 7 Steps to Risk-based Audits

4. Establish your audit and test targetsThe next step in developing your risk-based auditing plan is to identify the greatest risks to the organization. There are five basic ways to develop your targets.

Internal Review Be aware of chatter or rumors of potential risk areas within the organization. Review prior internal audit results for trends that could lead you to potential risk areas. Look at referral relationships and arrangements, prior privacy breaches and quality-related events. Using up-to-date analytics software can mine your billing data to uncover trends that could prove to be trouble over time.

External GuidanceStay in tune with agencies that regulate Medicare or Medicaid and review the annual OIG work plan that outlines what federal regulators are focusing on in their audits. Monitor provider questions, payor requests and hotline submissions. PEPPER reports, which target particular areas for short-term acute-care hospitals involving coding and admission necessity areas is also an effective source to uncover trouble areas.

Target OutliersParticular areas include high-level E&M billing, teaching physician modifiers and specialty procedures such as Modifier 25 and Critical Care Time.

Mine Your DataRisk-based audit and test targets shouldn’t be selected solely in terms of total revenue at risk. A more effective method is to analyze claims and billing data that may reveal trends that could actually lead to problems. These areas may not have the same total value as higher profiled areas, but may, in fact, present a higher risk.

An integrated software solution is needed to leverage billing and remit data to monitor key hospital and provider risks and hone in on provider billing patterns that stand out when compared to peers. Analyzing this data systemically is much more effective and productive for anomaly detection than laboriously combing through Excel spreadsheets manually.

Benchmark Other OrganizationAn automated auditing and risk assessment solution like MDaudit creates a common work file where high level customer data is aggregated. Consolidated data can then be used to allow benchmarking of multiple organizations to uncover larger industry trends.

5

Preparing for Change: 7 Steps to Risk-based Audits

5. Evaluate technology solutionsThe key to success of a risk-based audit and test approach lies in the ability to extract, analyze and covert data into actionable information. Leveraging claims and system data for an effective testing and auditing program requires the use of an audit analytics tool that delivers much more than simple reporting.

There are a number of audit automation, anomaly detection and visualization software packages on the market but which are right for you? The key to success is an integrated solution that performs all three functions in one continuous loop, not a series of systems working separately.

Using data analytics to improve and monitor the audit and compliance functions must be an iterative, investigative process. The tool your organization chooses must be able to dive into your identified risk areas – something not possible with a periodic, static or traditional audit and testing solution. The analytics tool needs to support the ability to explore, investigate and make judgments as well as utilize the developed skills and experience of your auditing and compliance teams.

6. Institute a regular reporting processIt’s critical for a risk-based audit program to include a feedback loop that is best accomplished with a comprehensive reporting process. This is crucial for keeping all members of the organization up to date on the effectiveness of the program.

It’s important to establish a schedule for regular reporting cycles to senior managers, staff, and other stakeholders in the organization. This is also an effective process for gathering feedback from the staff that is involved with the program on a day-to-day basis.

6

Preparing for Change: 7 Steps to Risk-based Audits

7. Establish an ongoing monitoring, verification and validation processAnother key requirement for your audit analytics tool is the ability to enable continuous monitoring, something that can’t be accomplished with static reports. Ongoing monitoring is necessary in order to make needed adjustments to ensure the program is working. You need a solution that integrates the process of gathering the data and then seamlessly feeding it back into the test audit mode in an automated fashion. That ensures that nothing is lost in the transfer, which can be the case when using separate tools for data gathering and testing.

You should also consider initiating an independent verification and validation (IV&V) process. Using an objective third party ensures a fresh set of eyes that can help surface any lingering issues. The verification and validation process is the crucial final step and reinforces that your plan is an ongoing process, not simply a static event.

7

Risked-based audits can be more effective because they proactively seek out areas that could be problems allowing for earlier, faster resolution before any damage is done. They provide more frequent education for those who need it and offer consistent reporting, keeping compliance and revenue cycle optimization in the forefront rather than making audits simply an annual presence.

The key benefit of a risk-based audit and test program is that it allows you to stay ahead of third party entities that are trying put a magnifying glass on your organization and helps you optimize your revenue stream.

Chances are that traditional provider-based auditing and testing will remain in some form, but as compliance and revenue cycle demands grow and resources become strained, a risk-based audit and test program will likely become a key weapon in your compliance and auditing arsenal.

Summary

8

Sources

1 Executive Perspectives on Top Risks of 2015, report from NC State Pool College of Management and Protivity Consulting.2 Update from CMS on the Center for Program Integrity, AAMC 2015 Compliance Officers’ Forum, June 10 2015

Once you’ve established a baseline, the next step is to make improvements by initiating a corrective action program that addresses your people, process, and technology.

PeopleFocus on training and education so everyone in the organization understands the depth and impact of the problem and what their role in solving it should be. Specific actions to take include:

• Establish accountability and self-reporting by root cause owner and process owner

• Set a zero to low tolerance for finger pointing and excuses

• Recognize improvement and determine conse-quences for unacceptable outcomes

WorkflowA thorough process review will help highlight re-dundancies and time-wasting tasks and will quantify the outcome or performance expectation for each task. The most effective way to improve the work-flow process is to eliminate errors that could result in a denial Key points to include:

• Develop robust pre-visit/visit management pro-cess

About Hayes and MDauditHayes Management Consulting is a leading, national healthcare consulting firm and software developer that partners with healthcare organizations to streamline operations, improve revenue and enhance technology to drive success in an evolving healthcare landscape.

Hayes’ MDaudit™ software automates administrative tasks involved in the billing audit process, dramatically improving productivity and helping healthcare organizations reducebilling compliance risk.

To learn how MDaudit can help you streamline your auditing and compliance program, call 617-559-0404 or email mdaudit@hayesmanagement.com. You can also request a demo at www.hayesmanagement.com/software.

1320 Centre Street, Suite 402 | Newton Center, MA 02459Phone: 617-559-0404 | Fax: 617-559-0415www.hayesmanagement.com | info@hayesmanagement.com