Category Archives: Compliance & RACs

Regulatory Audit Contractors; ABN; Advanced Beneficiary Notice; Centers for Medicaid & Medicare Services; CMS news; CMS rules; CMS regulations; Medical Necessity; Recovery Audit Contractors; Compliance; RAC audit

A Gift from the OIG That Could Be Worth Millions

Not convinced of the importance of administrative and financial data integrity in health care? Consider – both OIG and OCR (Office of Civil Rights) are monitoring healthcare provider’s (facility and professional) compliance patterns. Whether it is a HIPAA violation or claim error, they are able to determine if the problem is due to a simple mistake or emblematic of larger systems issues. Repeated non compliance patterns are revealed in monitored data.

On June 5, 2014 the OIG released results of an audit performed on a large medical center for calendar years 2010 and 2011. Unfortunately, the medical center was found to be in non compliance with about 50 percent of the claims reviewed. The OIG’s data monitoring efforts identify areas of concern – even when an organization believes it is compliant. Just like banking and other regulated industries, data integrity is crucial to both providers and monitors. Every aspect of compliance – especially those that are most complicated – becomes critical. Continue reading

Why Are We Complaining about ICD 10? The Cost of Non-Compliance (Again)

In my May blog, I talked about the cost of non-compliance versus the cost of implementing ICD-10. My hypothesis: human nature is the real cost driver in health care – not code set changes. A recently released study by OIG revealed that physicians increased the billing of all E/M (Evaluation and Management) services from 2001 to 2010 (the years studied). The higher the level of E/M codes assigned, the greater the reimbursement. CMS found that E/M services are 50 percent more likely to be paid in error than other Part B services. Why? Because they are coded to a higher level which results in more money paid to the provider – physician and non physician alike. CMS identified the root cause of the overpayments – no surprise here, coding error and poor documentation. Continue reading

A Culture of Openness Pays Off

When I read the results of a recent survey on helpline calls completed by the two prominent compliance associations, the Society of Corporate Compliance and Ethics (SCCE) and the Health Care Compliance Association (HCCA), I started to think about the organizations I’ve worked for in the past. What made me comfortable telling the organization of a perceived situation requiring change? How was the report received?

As noted in the survey results, employees are mainly reporting through internal means. While a company may not know for years of a whistleblower lawsuit, the survey respondents did not indicate a significant rise in these reports made outside of the organization even with the increased attention being paid to whistleblowers and the incentives involved.

What can we do to create an environment where employees are willing to report to their organization? Continue reading

Accepting the Status Quo: Cost of Non-Compliance vs. ICD-10

Like many in the healthcare industry, I’ve spent the last few weeks reading about the ICD-10 delay. Depending on which camp you are in, the opinions are lining up predictably. I’ve read a lot of comments about the ”cost of ICD-10.” Though many agree the adoption of a more sophisticated code set brings important benefits, the conversation always circles around to the expense of implementation.

If high costs are really the issue with ICD-10, why do we continue to ignore known cost-saving measures that would easily offset the expense of implementation for the average physician practice? For instance, I find the willingness to accept the enormous cost of years of non-compliance with medical necessity perplexing. Or consider the continued practice of submitting poorly coded claims based on subpar clinical documentation. What about the cost of claim denials, write-offs, and fraud in ICD-9 – or any other coding language for that matter? In my opinion, complaints about the cost of doing business have less to do with the expense of implementing ICD-10 and more to do with human nature. Continue reading

Listen so we don’t have to Drop, Cover, and Hold On

Each region of the country has emergency preparedness according to the area’s potential natural disasters. Living in Utah, we have to be prepared for a possible earthquake and there was the recent Drop, Cover and Hold On efforts to test our readiness. In the workplace, we also have to prepare for situations that may arise suddenly and unexpectedly. It’s the way we prepare in advance that will determine if we have to drop, cover, and hold on or are able to systematically handle the situation.

The tool at the heart of good management is to listen to those around you. Sometimes that means hearing what a customer is saying, picking up on the complaint of an employee, or learning about something new in the organization. We have to listen beyond what is being said, focusing on the nonverbal communication as well as how this issue could impact others. Years ago my manager told me to stop and listen to the people who you dread the most. You know the type, the person who is always complaining, who seems to drain you of all your energy. Continue reading

Employees as the Teachers: What an Organization Can Learn

As a compliance officer I have the opportunity to publish training on various compliance topics to our workforce. We just completed a required training and I think I learned as much about how the organization works as the workforce may have learned from the training.

From an employee’s perspective, completing a required compliance training course may be the last thing they want to do, yet from the organization’s standpoint, it’s one of the most important things for them to do. Protecting the privacy and security of patient data is of utmost concern for any compliance officer in health care. The Ponemon Institute just published its Fourth Annual Benchmark Study on Patient Privacy and Data Security which emphasized the role employees have in detecting data breaches, while at the same time noted that employee negligence is considered a worry by many of the respondents to their survey. Organizations in the Ponemon study reported that they rely upon policies and procedures to achieve compliance and secure data. What this tells us is that training employees on proper security methods, policies and our code of conduct, as well as guidelines for how to report an issue is paramount. Continue reading

Don’t Blame ICD-10

Lately, OIG is reminding us we can’t seem to comply in ICD-9. I suggest that whatever happens by this time next year, don’t blame ICD-10. Coding is complicated with tons of rules and regulations. And yes, as soon as one learns something new the regulations change and even newer codes, modifiers, documentation, and incantitations are required. It’s been this way for years; and for years there has been noncompliance regardless of the code version. Not news you say? Where am I going with this? I just read another OIG audit report on yet another large provider. It makes me sad to learn they will have to pay back upwards of 1.6 million dollars in over payments for both inpatient and outpatient coding and billing issues. According to OIG, “The errors occurred primarily because they did not have adequate controls to prevent the incorrect billing of Medicare claims within the selected risk areas.” Continue reading

Goals Gone Wild: Setting the Wrong Tone at the Top

When I recently read that a former hospital Chief Financial Officer (CFO) had been charged with health care fraud for falsely attesting to Meaningful Use, I could not believe the corners that he decided to cut. My first thought was that he had not been aware of the Centers for Medicare and Medicaid Services (CMS) track record for auditing to stop improper payments. In fact within a few months of his alleged fraud, CMS announced their pre-payment audits for the Medicare Electronic Health Records Incentive Program which would audit the meaningful use attestations. (See my April 2013 blog on CMS Follows the Money with New Audits.)

Then I wondered, “What must his Chief Executive Officer be thinking of such behavior?” Continue reading

CMS: It’s All About Compliance Actually

I’ve spent years reading healthcare rules, regulations, and laws (I know what you are thinking – better you than me!). Often, it’s necessary to connect the dots with the regulations to clearly see their purpose. Lately, everyone in the industry is talking about ‘documentation compliance.’ Actually it’s nothing new – some providers have struggled with documentation for years. I admit, when I worked in the hospital, charting was not the favorite part of my day either. But CMS has been dogged in its documentation improvement efforts which have routinely been ignored by some.

Recalcitrant Providers

On 12/13/13 CMS released Transmittal 495, CR 8394, which became effective 1/15/14. According to CMS, “Any provider referred (to OIG) as a potential recalcitrant provider case should be an ‘outlier,’ meaning a provider who has been the least receptive to changing and has a significant history of non-compliance. Continue reading

Can EHR Convenience Features Lead to Fraud?

Well, it appears that the convenience features in Electronic Health Records (EHRs) can be perceived as a method to cheat the government. In a new report issued by the Office of Inspector General (OIG) on January 8, 2014, the function of copy-paste was highlighted as an area of concern. To conduct the study the OIG surveyed CMS administrative and program integrity contractors about their review methods related to EHRs and reviewed guidance provided by the contractors and CMS related to EHRs and possible vulnerabilities. The OIG found that little had changed in contractors’ practices since the shift to EHRs.

The OIG cited copy-paste functions and overdocumentation as two EHR practices that can be used to commit fraud. The issue with the copy-paste function was that it may be used without updating the information, leading to inaccuracies in the record and inflated payments. Continue reading