How can you you conduct a self-audit?
Elite Learning recently interviewed Kathleen D. Schaum, MS, president of Kathleen D. Schaum & Associates, Inc., Lake Worth, FL., about why and how healthcare providers should implement a self-audit into their revenue cycle processes.
Disclaimer: The content of this article is intended for general information purposes only. Because each payer has a different audit process, all healthcare providers should investigate each of their payer’s audit processes.
Elite Learning (EL): What is the importance of conducting a self-audit for any healthcare business?
Kathleen D. Schaum (KDS): If healthcare providers routinely conduct internal self-audits, they catch documentation, coding, and charging errors, and have the opportunity to refine their unfavorable processes. Then, if/when these providers are selected for external audits, they should feel secure that the payers will find they are compliant with coding, coverage, and payment regulations and guidelines. Because the penalty for violating the False Claims Act has risen to three times the government’s losses, plus $11,000 per false claim, providers should resolve to conduct internal self-audits to detect anything that can be perceived as a false claim.
EL: Which types of providers should conduct self-audits, and which of their staff members should conduct the audits?
KDS: All healthcare providers who submit claims to insurance companies should conduct internal self-audits. Members of the clinical and revenue integrity team should participate in the various steps of each audit. Internal self-audits should be an educational process for physicians and other qualified healthcare professionals (QHPs), such as nurses, therapists, front and back office staff, charge description master personnel, coders, billers, compliance officers, and financial officers.
EL: It is probably assumed that all healthcare stakeholders can benefit from conducting self-audits, but what are some of the telltale signs that you REALLY should conduct a self-audit in the near future?
KDS: As a reimbursement strategy consultant, I am always surprised when I learn that a large majority of healthcare providers do not conduct internal self-audits. When queried about this, they often say: “We do not know what to audit,” or “We do not have time to conduct audits,” or “We are getting reimbursed, so audits are unnecessary.” Actually, providers are surrounded by telltale signs that they should conduct internal self-audits. However, they cannot audit all topics at once. They should not waste time and energy auditing topics that they know will always pass external audits. When reviewing the following list, providers should select audit topics that they believe may not pass external audits, that can provide documentation education to the providers and coders/billers, that can help ensure accurate claim submission, and that can prevent claim denials and/or repayments
- Every claim that is submitted either results in a payment, a denial, or a rejection. Someone in the provider’s business should be responsible for reviewing the reasons for denial or rejection (which are stated on the remittance advices) and for informing the specific people who need to know. These denial and rejection reasons should be brought to the attention of the appropriate clinical and revenue cycle team members and are great topics to include on internal self-audits.
- Payers often request additional documentation before they process a claim or in a post-payment review after they processed the claim. The appropriate clinical and revenue cycle team members should be informed of the additional documentation request and should participate in assembling all the documentation from the medical record that “paints a clear picture” of the why, what, who, and how that pertains to the requested encounter(s). The team should identify the pertinent issues that the payer is investigating and should add pertinent issues to the list of internal self-audits.
- All Medicare Administrative Contractors (MACs) post topics that they audit as well as results and findings from completed external audits. If these topics are pertinent to their businesses, providers should add them to their list of internal self-audit topics.
- The Office of Inspector (OIG) updates its work plan every month. Someone from the provider’s business should be assigned to review the work plan for topics that pertain to their business and to inform the appropriate stakeholders about the items on the OIG work plan. Then, add the pertinent topics to the internal self-audit list.
- Each year, new ICD-10, Healthcare Common Procedure Coding System, and Current Procedural Terminology codes are received. The new codes usually have specific guidelines for their use. Providers should conduct internal self-audits on pertinent new codes to be sure everyone understands the new coding guidelines and is following them.
- Each year, the Centers for Medicare & Medicaid Services (CMS) releases final rules pertaining to the payment for all major providers. Providers may want to include any new payment regulations that require a process change to be included on the internal self-audit list.
- When CMS releases new or revised national coverage determinations (NCDs), when the MACs release new or revised local coverage determinations (LCDs), and when private payers of the providers’ patients release new or revised medical policies, someone should be assigned to review the coverage guidelines and to share them with the appropriate stakeholders. If the guidelines require a change in clinical and/or revenue cycle processes, providers may want to add those topics to their internal self-audit list.
EL: For those providers who have never conducted a self-audit, what is the best way to begin?
KDS: When providers are going to conduct internal self-audits for the first time, they need to identify if their organization has policies and procedures about conducting self-audits. If so, the providers should read and make a plan to implement the self-audit in accordance with the policies and procedures. Most organizations require providers to clear the audit with a compliance officer and one or more members of the legal team. Once the audit topic is agreed upon and the processes have been implemented to follow the organization’s policies and procedures, the audit should begin.
When the audit is complete and the results have been evaluated, the results should be shared with the compliance officer and the legal team. Then, the providers and/or departments that were audited should be congratulated for favorable audit results and educated about ways to improve findings that fell below acceptable standards. In the case of self-audits with unfavorable findings, the affected stakeholders should be given an adequate period of time to make the required refinements and then should be re-audited.
EL: How often should a self-audit ideally be conducted, and how should follow-up audits both mimic as well as improve upon prior audits?
KDS: Internal self-audits should be conducted on an ongoing basis. Ideally, small audits on new topics should be conducted once per month. In addition, follow-up audits should be conducted as needed.
EL: Let’s assume that a provider has learned that a payer is conducting an external audit of the practice and the provider has NOT conducted a self-audit on that topic. What is the best way for the provider to proceed?
KDS: Once an external audit has been announced, it is too late to do an internal self-audit on that topic, and the medical records cannot be altered before they are submitted to the auditor. At that point the provider and the internal revenue integrity team should:
- Identify who is conducting the audit.
- Determine the reason for the audit and identify the requested documentation components that are typically outlined in the additional documentation requests (ADR).
- Confirm how to submit a complete and timely response.
- Assemble the original ADR, a specific point of contact, and the requested documentation in chronological order so that the external auditor will get a clear, organized picture about the why, what, who, and how of each case.
- Number each of the pages in the packet and make a copy of the entire packet that is submitted.
- Submit the packet at least two weeks before the specified deadline.
EL: Let’s assume that a provider has learned that a payer is conducting an external audit on the practice and the provider has ALREADY conducted a self-audit on that topic. What is the best way to proceed?
KDS: If the provider has already conducted an internal self-audit on a topic that is about to be audited externally, the provider should feel more comfortable about what the external auditor will find. If the external audit is conducted on dates of service before the internal self-audit occurred, the compliance officer may want to inform the external auditor when the internal self-audit was conducted, the audit findings, and the processes that were implemented to rectify any unfavorable findings.
Then, the provider and the internal revenue integrity team should follow the steps for responding to the ADR previously discussed.
EL: What are some of the more significant risks that providers face if they do not conduct internal self-audits?
KDS: Providers should make a standard practice of conducting internal self-audits to detect compliance issues, to correct those issues, and to enter into external audits with the confidence that their practice aligns with all the pertinent coding, coverage, and payment guidelines. If the providers do not conduct internal self-audits, they have a much higher probability of being out of compliance with one or more of the regulations. That compliance can lead to repayments, fines, possible incarceration, and loss of ability to bill the payer in the future.
EL: For those who have dutifully practiced internal self-audits, even though this is to be commended, what are some of the more common mistakes or oversights that people make that they should be aware of for next time?
KDS: It is amazing that after all the years that payers have been conducting audits, they find the same major errors repeatedly. Before listing some of the common mistakes or oversights found in audits, consider these observations:
- First, providers rarely look at their actual submitted claims to be sure that their coding and charging system drops the correct codes, units, and charges on the claims. Then, during external audits, the providers are surprised when these inconsistencies are identified.
- Second, electronic health records (EHRs) are a blessing in many ways, but in some ways they have been part of the reason for unfavorable external audit results. Lack of in-service education about the flow of the EHR system and how to coordinate the EHR system flow with the provider’s actual workflow is a problem. In fact, providers often do not print patient records to see how the information they entered into their electronic systems actually reads.
Once providers take the time to conduct internal self-audits from the printed records that they will have to provide external auditors, they quickly see how they could improve their use of their EHRs. For example, during many reimbursement seminars that I host, physicians and other QHPs argued with me when I explained why unspecified diagnosis codes usually do not justify medical necessity. The physicians/QHPs said, “I select the unspecified diagnosis codes because they are the first ICD-10-CM codes that appear on the drop-down screen on the electronic medical record.” That is a perfect example of not setting up your EHR system to align with good clinical practice.
Now that I have shared my observations, here are some of the external audit findings that negatively impact providers and that should be easily detected and rectified via internal self-audits:
- No signed physician/QHP order for the service, procedure, or product that was billed.
- No documentation for a service, procedure, or product that was billed.
- Documentation was incomplete according to standards of care, clinical practice guidelines, NCDs, LCDs, and medical policies.
- Documentation that requires time lacks the necessary time component.
- Lack of physician/QHP signature on documentation.
- Information submitted contains an invalid/illegible provider signature.
- Lack of documented medical necessity.
- Cloned diagnosis codes do not justify medical necessity for service, procedure, or product.
- Billing for a non-covered service, procedure, product, or condition.
- Billing for services, procedures, or products that have exceeded the maximum number allowed for that patient in that period of time.
- Billing for a service, procedure, or product that was not performed/provided
- Billing for more services, procedures, or product(s) than were performed/provided.
- Billing separately for services, procedures, or product(s) that are part of a bundled payment.
- Using the wrong modifiers or using the modifiers incorrectly.
- Reporting the incorrect place of service on the claim.
- Claim is missing required information.
- Billing a payer for a patient who is no longer covered by the plan – due to lack of insurance benefit verification prior to each encounter.
- Submitting a duplicate claim before the original claim is processed.
- Reporting diagnoses that are not relevant to the care provided.
- Documentation submitted to auditor contains incorrect/incomplete/invalid patient identification or date of service.
- The patient’s or his/her authorized representative’s signature is missing from required documents, such as Advanced Beneficiary Notices of Noncoverage.
- Documentation requested by the auditor was not submitted.
Kathleen D. Schaum is president of Kathleen D. Schaum & Associates, Inc., Lake Worth, FL. She can be reached for questions and consultations at email@example.com, or by calling her office at 561-964-2470 or her mobile phone at 561-670-7176.