Internal Audits Help Combat Payer Risk

By Dawn Crump, MA, CHC, SSBB for For the Record

Wonder Woman has a golden lasso. Captain America has an impenetrable shield. Thor has a lightning hammer. Just as these magical tools bolster superheroes’ defenses, insights gleaned from internal audits are your organization’s superpower to prevent revenue recoupment and drive down risk.

Audits identify revenue compliance gaps. They also illuminate internal problems requiring immediate remediation and can support external payer review and denial activities. Wisdom gleaned from audits is most powerful when it works both ways.

To take full advantage of time spent on internal audits, successful provider organizations implement the following three important audit strategies:

• remain aware of all audit activity, including internal, external, inpatient, and outpatient;
• define specific data that should be gleaned from audits; and
• build full-cycle audit loops to proactively prevent denials and mitigate risk.

This article takes a deep dive into each of these strategies with specific actions and examples of the coding and clinical documentation that HIM and revenue cycle leaders should consider to boost defenses and make the most of internal audit efforts.

Track the Details

A plethora of internal audits are commonly conducted on both the inpatient and outpatient sides. Internal revenue cycle audits on the physician side are performed frequently across standard problem areas such as evaluation and management levels, new patients vs existing patients, telehealth, and overall emergency department utilization. Regular inpatient audit activity for 2022 includes reviews based on PEPPER reports, the Recovery Audit Contractor–approved list, cardiac procedures, and total knee replacement and spinal surgeries.

All these target areas continue to be audited internally by provider organizations to ensure compliance throughout the revenue cycle.

Best practice to drive greater efficiency from your internal audits begins with a thorough inventory of all audit activity. This listing maximizes audit efforts enterprisewide and leverages time and resources spent by all the associated teams. The goal is to know everything your internal departments and top payers are auditing, and then ask “why” these audits are being performed.

By understanding the rationale behind each audit, organizations eliminate redundant reviews while also filling gaps in revenue cycle compliance. In some cases, the audit activity makes absolute sense.

For example, audit teams should always review high-dollar procedures with direct impact on the organization’s bottom line. This ensures cases are documented, coded, and billed correctly per established payers’ local coverage and national coverage determinations, and Medicare updates. Documentation must match what is expected and be available in the printed version (or electronically printed version) of the medical record to ensure easy sharing and communication with the payer. It’s better to start with a large sample and then shrink it down.

The list of most common payer denials and audits also should be reviewed continuously and used to guide internal activity on both the inpatient and outpatient sides. As mentioned, audit wisdom is a two-way street.

Be Proactive, Not Reactive

Data are another essential tool for successful revenue integrity, compliance, and audit programs. Data should be used throughout the internal audit process to identify issues, implement corrective measures, compare findings, and report results. For inpatient audits, data such as misapplied codes, improper code sequencing, and missed codes that might elevate the case (undercoding) should be closely analyzed and tracked with educational feedback provided to the appropriate teams and departments.

New medical services being introduced are another good target area for proactive data analysis. Work with your internal teams to know what new service lines are being planned and when they will debut. Build these new service lines into your overall strategy with planned audits at 30, 60, and 90 days post–go-live. Audits of new doctors shortly after their onboarding is another smart measure to avoid any poor clinical documentation habits.

Take this example: Recent audit data demonstrated an outlier physician and his team were constantly entering the wrong time frame. Charges were elevated, modifiers were missed, and denials occurred. Proactive collaboration with clinical documentation improvement teams and physician education were implemented to prevent mass denials for these very specific types of documentation errors and cases. Sharing the financial impact of such errors further helps physicians and improves revenue integrity.

Data are powerful, and peer-to-peer comparisons are persuasive.

Drug Administration

High-cost drugs have become another target for payers in 2022. Payers are specifically citing a missed J-code when the medication administration record (MAR) that they receive or view within the EHR lacks start and stop times for the drug infusion.

In most cases, internal audits reveal that start and stop times were correctly recorded but were documented in a different system that didn’t correctly map to the printed version of the MAR received by the payer. In these cases where clinical documentation is captured in another system, work with the IT department to pull the data back into the EHR and coding workflow so payers receive a complete, electronically printed version of the medical record.

This is an example of an internal audit with high-dollar ramifications that provides valuable insights on how to implement an internal fix and better support external audit teams. Based on the internal audit data, organizations could also work with their managed care and physician advisor teams to negotiate a recoupment agreement on a group of appeals instead of tackling the burdensome single appeal process. During this process, the provider should ensure the payer that the issue has been identified and a process is ongoing to correct the problem, and there’s no longer a need for the payer to continue auditing.

Another strategy is to negotiate a lower settlement.

Build Full-Cycle Audit Loops
One leading specialty hospital in the Northeast realized that proper coding and billing also played an important role in protecting the organization’s reputation. Revenue cycle leaders didn’t want to first hear about revenue integrity issues from local newspapers or health care e-newsletters.

By implementing a full-cycle audit loop program, the revenue integrity team delivered positive impacts beyond compliance—it also safeguarded the organization’s reputation.

The full-cycle loop begins at the patient’s first point of entry and continues through any postpayment internal and external audits. Four key pillars support the loop: plan, do, study, and act. At every step in the process ask questions such as: “Are we complying with payer rules?,” “Does our documentation support the services billed?,” and “What is our risk?”

Start the full cycle loop where it makes the most sense for the organization, whether that be ambulatory, inpatient, or somewhere else. Since this particular organization had high outpatient volumes, the team first implemented full-cycle loops in the ambulatory service areas. Auditing software was used to support the entire process.

The following are nine important strategies adopted and the lessons learned.

• Shift from random case auditing to risk-based auditing. Start with a large sample and decrease it. Common criteria used for case selection may include admission/discharge dates, date of service, provider name, coder, diagnosis code, CPT code, and modifiers.
• Give new providers one-on-one educational sessions via Zoom on the EHR’s clinical documentation templates and speech recognition software. Deliver education at the provider’s convenience and prior to seeing their first clinic patient.
• Produce scorecards from the auditing software and upload them into Excel with comments from internal auditing teams.
• Share one-page summaries with providers and department managers (vs cumbersome multipage reports).
• Update error reasons (root causes) on a continual basis and refocus audit plans to address emerging hot topics. Fine-tune audit parameters from past reviews instead of reinventing processes for each new initiative.
• Use risk assessment algorithms to develop an annual work plan. Brainstorm risk areas and identify vulnerabilities for each of these areas.
• Analyze outcomes (eg, how many code additions, deletions, diagnosis-related group changes occurred). Determine whether the accuracy rate is within an acceptable range for the organization.
• Implement a corrective action plan, including who needs to be on the team, all areas for improvement, risks if errors are not corrected within three to six months, and realistic deadlines.
• Rate completion by quarter, and investigate when activities fall behind. Sometimes delays are justified—for example, in the case of staffing issues or other pop-up priorities.

A Hero’s Work Is Never Done

Remember that even when the corrective action plan is completed and the loop is closed, an internal audit team’s work is not done. Go back and repeat the steps listed above. Regularly reaudit to ensure the action plan is still effective.

An organization that continually finds multiple issues and problems with documentation, coding, and improper billing should consult the internal compliance officer to determine whether repayment in accordance with the 60-day rule is appropriate. Organizations have 60 days to rebill or correct a claim from the time errors and improper billing are identified. Conduct internal discussions and assign a patient financial expert to weigh the benefit against the staffing demands required to rebill. Many organizations lack the staff to recode and rebill large volumes of cases.

If the errors are egregious enough, cases may be put under attorney-client privilege to limit the organization’s Medicare exposure. Once the attorney-client privilege is in place, issues that could be construed as fraud and abuse should be self-reported.