Hospital compliance officers, your job is getting harder—and more important.
The Department of Health and Human Services has launched a new type of audit for Medicare payments, this one targeted at a range of specific risk areas and going much deeper than previous audits. Dubbed “Medicare compliance reviews,” they have so far netted the HHS Office of the Inspector General more than $4 million, and the process is only in its infancy, experts say.
Since Medicare compliance has long been a focus for OIG, the change is “evolutionary, not revolutionary,” says Donald White, a spokesman for the agency. “The only difference is that instead of auditors auditing one risk factor, they can go in and audit for multiple risk factors. The idea is to make better use of taxpayer funds.”
The reviews “are more comprehensive than I've seen in the past, looking at actual claims plus the systems hospitals have in place to make sure services are billed correctly,” says Joanne Erde, a partner at the law firm of Duane Morris. Significantly missing from the list is fraud; “these are just areas that are prone to error,” she notes.
So far, the OIG has disclosed the results of 16 such reviews, but the pace and volume of the audits appears to be accelerating. The first two months of 2012 yielded as many review reports as the total number disclosed in 2011, with six of the sixteen released in the month of February. The audits began in August 2010, with South Shore Hospital in Massachusetts, and the most recent ones disclosed extended as late as October 2011.
The audits are focused on Medicare claims submitted from 2008 through 2010, looking at risk areas that OIG identified “using computer matching, data mining, and analysis techniques,” according to the 16 reviews already completed. Those risk areas vary from audit to audit, but generally they include items focused on short-term stays; transfers and same-day readmissions that were erroneously coded as discharges; claims involving manufacturer credits for replaced medical devices that were under warranty; inpatient claims for blood clotting factor drugs; and claims over certain dollar thresholds.
The (somewhat) good news: “These are not new issues, but there is a new process,” Erde says. Part of the new process, she says, is a self-audit that a hospital must perform according to OIG directions, before OIG auditors come in.
OIG auditors are also taking bolder steps once inside the hospitals. “They're talking to employees they run into in the hallway and asking them if they know who to call if a problem arises,” says David Merriam, a partner in PwC's healthcare provider risk assurance practice. And compliance officers are expected to give a full report to the OIG of steps taken to remediate such problems, once the problems are resolved.
Of the 16 audits disclosed so far, hospitals have paid back an average of $283,589, and about $4.25 million in total, according to a Compliance Week analysis. The highest giveback, $784,000, was from University of California/San Francisco Medical Center; the lowest, $34,000, was from Springhill Medical Center in Alabama. The periods under review varied from hospital to hospital, as did the number of claims sampled. Error rates, or the percentage of charges sampled that were wrong, ranged from 8 percent to more than 50 percent in four cases.
Geographically the reviews were clustered in the Northeast, with five in Massachusetts alone. Three hospitals in Florida and three in California were reviewed, along with single hospitals in Alabama, Missouri, and Ohio. OIG watchers, however, say every hospital should be prepared for one of the new audits no matter its size, type, or location.
Details, Details
The responses to the audits from hospital compliance officers are rich reading; many go into detail about remedies as well as disputes on some of the particulars. In general, however, the compliance remedies revolve around additional education, better processes, more monitoring, and upgraded technology.
“The reviews are more comprehensive than I've seen in the past, looking at actual claims plus the systems hospitals have in place to make sure services are billed correctly.”
—Joanne Erde,
Partner,
Duane Morris
The response released from Kathleen Naughton, chief compliance and privacy officer for the University of California San Diego Medical Center Hospital, is illustrative. In response to the recommendation that the hospital “strengthen controls to ensure full compliance with Medicare billing requirements,” Naughton offered a long list of changes in her January 2012 letter.
Since the audit, the hospital has “implemented a number of educational programs, leveraged new and existing technology, and redesigned processes to strengthen controls in areas covered by the audit that impact billing.” On the partial list of details: regular coding and compliance education for billing staff, physician training regarding admissions workflow using a new electronic medical record system, an expansion of pre-billing validation of short-stay admissions, and minimizing manual activities within the billing process.
Andrew Quinn, chief ethics and compliance officer at Riverside Methodist, a 1,059-bed hospital in Columbus, Ohio, responded with a four-page letter, disclosed in February, that congratulated the hospital on having one of the lowest error rates and payback amounts in cases so far disclosed. He also praised “Herculean efforts” undertaken in the last part of the OIG's audit to remedy problems. Quinn ended the letter with more congratulations to the OIG, acknowledging the “professional and courteous nature” of their audit staff.
Among other items, Quinn pinpointed a difficulty that many of the reviewed hospitals faced: correctly tracking warranties and credits from device manufacturers that would negate the need for Medicare coverage. “Deficient vendor communication was undoubtedly the leading cause of RMH's difficulties with the processing of credits, since it is the manufacturer who controls a credit determination, not the provider,” noted Quinn. As a result of the audit, Riverside, like others, now requires more of its device vendors; in this case, accurate, complete, and timely reports of device credits.
RISK AREAS
Below is a list of risk areas from the OIG report template:
inpatient claims for short stays,
inpatient transfer claims,
inpatient claims with high severity level DRG codes,
inpatient claims for blood clotting factor drugs,
outpatient claims billed prior to and during inpatient stays,
outpatient claims billed with modifier -59 (indicating that a procedure or service was
distinct from other services performed on the same day),
inpatient and outpatient claims paid in excess of charges, and
inpatient and outpatient claims involving manufacturer credits for replaced medical
devices.
Source: OIG.
Of course, the length of the response sometimes hinges on the severity of the problems. At Springhill Medical Center, a 252-bed acute care facility in Mobile, Ala., which boasted one of the lowest error rates and the lowest payback amounts, General Counsel Timothy Kaufman offered three brief paragraphs, disclosed in early February.
At the moment, the only consequence of such audits is that hospitals must pay back the amount by which they were overpaid—and at least in Naughton's case, the amount was somewhat negotiable. After noting that U.C. San Diego Medical Center “disagrees with the quantification of overpayments and the qualification of errors,” Naughton said the hospital agreed on only $375,350 of $627,555 in alleged overpayments. Ultimately, the payback amount dropped to about $350,000 “because of adjustments made after issuance of the draft report,” the OIG noted in the hospital's response.
There may be room to negotiate with the OIG, but these audits are still likely to get more costly to the hospital industry as a whole, in several ways. “Right now, the OIG is not extrapolating,” or applying the error rates across the total of all similar claims, “but once they do, this becomes very expensive,” Erde says. It is also a real possibility that the items on the list will become viable recovery audit contractor (RAC) items, prompting a higher volume of audits and paybacks, she says.
And when might this new wave of audits recede? Don't hold your breath. “To the extent they continue to discover overpayments, these audits will continue,” says Merriam.
No comments yet