Practical considerations for conducting effective billing audits - Business

Healthcare Financial Management, April, 2002 by Robert F. Bacon

Healthcare organizations need to ensure that they are in compliance with government regulations, especially with the increased vigilance by the HHS Office of Inspector General (OIG) in investigating fraud and abuse. After an OIG audit of claims submitted to Medicare by its teaching and resident physicians, the Clinical Practices of the University of Pennsylvania (CPUP), Philadelphia, Pennsylvania, entered into a settlement that included significant financial penalties and a five-year corporate integrity agreement. Lessons learned from the experience may be helpful to other providers in ensuring that their billing practices are in regulatory compliance.

As a precautionary measure, providers can undertake their own audits, whether routine or focused. Audits can help providers uncover areas of potential abuse and take steps to correct the problems.

A necessary part of the business of health care for most, if not all, providers is the submission of claims to Medicare to secure payment for the services they have provided. Yet conducting business with Medicare also exposes providers to the possibility of being audited by the HHS Office of Inspector General (OIG), regardless of the provider's size or financial status.

The Clinical Practices of the University of Pennsylvania (CPUP), Philadelphia, Pennsylvania, was the first academic medical practice in the country to undergo an OIG audit of claims submitted to Medicare by its teaching and resident physicians. The OIG's audit concluded that some of the university's teaching physicians had billed Medicare inappropriately, because medical records did not adequately document their involvement in services provided by residents. In addition, the audit uncovered upcoding of claims by some physicians. Without admitting wrongdoing, CPUP entered into a voluntary settlement in 1995 with the U.S. Department of Justice (DOJ), agreeing to pay about $30 million to cover disputed Medicare billings by the university's teaching physicians. As a result of that audit, the GIG and DOJ developed the Physicians at Teaching Hospitals (PATH) audits, a nationwide initiative to review teaching physicians' compliance with Medicare billing rules.

Since the CPUP settlement, the healthcare industry has experienced a significant increase in the number and magnitude of fraud allegations resulting in corporate integrity agreements with the Federal government. The government has executed about 500 corporate integrity agreements with healthcare providers nationally These agreements vary significantly with respect to obligations and reporting requirements levied upon the specific entity.

Lessons Learned from the CPUP Settlement

In the summer of 2001, the CPUP successfully completed its corporate integrity agreement with the GIG and was formally released from further mandated activities. As a result, CPUP was able to reengineer its billing compliance program in a manner that would ensure compliance with Medicare regulations and minimize risk while making effective and efficient use of all resources. Admittedly, after the execution of a corporate integrity agreement, life is not the same for the organization and the individuals working there. Lessons learned from the experience, however, may help other healthcare providers.

The most important lessons that CPUP learned from its experience with its corporate integrity agreement were centered on effective communication, education for faculty and support staff, and auditing of billing activity.

Elements of an Effective Audit Program

An effective audit program should be designed to minimize potential risk to the organization by recognizing areas of vulnerability Senior management should be charged with identifying critical elements of the program, including the scope of the annual audit. Specific areas of risk to be assessed should include coding and billing to ensure accuracy of claims submission, physician documentation in support of the claims, and assurances of no improprieties with respect to kickbacks, fraudulent inducements, and/or self-referrals.

When establishing an audit program, the organization's senior executives should consider the 80/20 rule: 20 percent of the organization's activity represents 80 percent of its risk. For example, 20 percent of the insurance carriers representing outstanding accounts receivable typically represent 80 percent of total outstanding dollars due to the organization. Likewise, 20 percent of clinical activity typically represents 80 percent of the organization's compliance risk.

To use a coding analogy; evaluation and management (E&M) services rendered by a surgical practice typically represent 20 percent of net patient revenue compared with diagnostic and therapeutic services. However, the E&M claims represent 80 percent of the practice's risk because of the complexities of reporting these services, such as documentation requirements for recording history, physical examination, and medical decision making. Management needs to identify the high-risk areas that represent the 20 percent of the organization's activity and minimize the organization's risk by ensuring that the compliance program addresses these areas within the context of both the annual audit plan and compliance education program.