There are many type of audits your medical practice will likely encounter, below are summaries of the major types of audits and how we can help you pass them with flying colors!
Physician’s offices are busy places, and often it takes everything you and your staff has just to get through the day seeing patients. Keeping track of records for errors and omissions may be a burdensome task and sometimes even impossible. While errors and omissions are not uncommon they may be costing your office more than you realize.
Auditing medical charts is the first step and a critical part of any successful medical office operation. Although chart auditing may seem intimidating for many physicians, there are many positive aspects of chart auditing including increased revenue, treatment efficacy research, and peace of mind in the event of third party audits. New attention from the OIG, RACs, and other third-party auditors makes this built-in practice self-check more important than ever.
Consolidated MD offers concurrent and retrospective audits for a charge based payer population. These audits can be performed remotely from our office. We can prepare an off-site audit of approximately 10-15 patient charts to ensure compliance with Medicare (CMS) guidelines and to establish proper billing and documentation procedures to protect you and your practice from a Medicare audit. It is important to make sure all of your records are in order in the event of an audit.
We can also assess your reimbursement and account receivable balances and current billing practices, whether it’s currently being done in house or with another billing company. Our goal is to keep you within compliance, while providing you with the maximum amount of fee income. Improved coding and auditing guidelines can also improve the relationship between physicians, their patients, and third party payers.
An essential key to long-term practice success is adapting a Total Quality Improvement system used by professional auditors. Below are 10 easy steps for a successful practice:
- Have a proactive and knowledgeable stance when it comes to your office records.
- Communicate confidently with physicians and staff about proper chart documentation.
- Find under or over documentation in your charts that can create improper code selection.
- Implement controls to help prevent coding errors.
- Ensure that appropriate levels of service are identified and billed.
- Learn how to audit based on coding facts and potentially uncover missed revenue.
- Learn the proper steps for choosing appropriate levels of history, exam, and medical decision-making.
- Get the chart audit forms to implement your internal audit program.
- Receive a thorough E/M documentation guidelines review.
- Make chart auditing an essential component of your practice compliance plan.
Although these tips are very helpful to get you started in maintaining and verifying your medical charts, we encourage you to allow Consolidated MD provide your practice with more extensive training in chart auditing that will prove invaluable to your office operations. Our professionals will not only give you the tools that you need to complete thorough chart audits to address your specific Total Quality Improvement goals, but will also walk you through the process so that the staff understands the various and sometimes complex aspects of medical coding.
An external billing audit can help ensure appropriate payment and compliance with applicable laws.
Auditing physician charges and billing practices is burdensome, but it will typically provide improved claims management processes, cash flow and compliance with applicable laws and regulations. An annual audit allows providers and practice staff to identify specific coding and other issues that may recur in similar claims submissions. Careful pre-submission monitoring and review of these similar claims may safeguard against errors that could result in claim denial. An external audit allows the physician and practice staff to identify incorrect billing patterns before claims are denied or outside (payer) auditors access penalties.
A prospective or retrospective billing audit is commonly performed to ensure the physician is submitting appropriately coded claims as the physician is ultimately responsible for claims submission, even if a billing service or clearinghouse is used for claims submission to payers.
Meaningful Use Audits
Regardless of how much providers complain about their EHRs if a hospital or medical practice accepts federal incentive money to put them in place, it must prove it’s using these electronic tools in a meaningful way, as defined by the Centers for Medicare and Medicaid Services.
The CMS is performing pre-payment and post-payment audits on 5-10% of healthcare providers, choosing some of them randomly and others based on a CMS risk profile of suspicious or anomalous data. It’s easy to get complacent when there’s only a one in 10 chance of being audited, but that statistic is misleading. If 10% of all incentive recipients are audited in 2014, another 10% in 2015, and so on, eventually your organization will be targeted.
One of the keys to passing a Meaningful Use audit is good documentation, which, by the way, needs to be retained for six years after attestation.
The prospect of an MU audit needn’t keep physicians up at night, but if you hope to survive the process without having to pay back the incentive dollars, your organization must organize the necessary documentation long before it gets that dreaded CMS letter.
Consolidated MD can help your organization to pre-audit all of your documentation prior to attestation to ensure that all measures are met and well documented. If you have already submitted, we can audit what was attested to ensure that all measures were met and that the required documentation is in place in case of a CMS audit. Already receive a letter? We also help support our clients with this process, knowing the specific documentation that the CMS auditors are requiring.
HIPAA Compliance Audits
When the OCR comes knocking, will your practice be ready for a HIPAA Audit?
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) will soon begin a second phase of audits (Phase 2 Audits) of compliance with Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy, security and breach notification standards (HIPAA Standards) as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act.
Covered entities and business associates should take the following steps to ensure that they are prepared for a potential Phase 2 Audit:
- Confirm that the organization has recently completed a comprehensive assessment of potential security risks and vulnerabilities to the organization (the Risk Assessment);
- Confirm that all action items identified in the Risk Assessment have been completed or are on a reasonable timeline to completion;
- Ensure that the organization has a complete inventory of business associates for purposes of the Phase 2 Audit data requests;
- If the organization has not implemented any of the Security Standards’ addressable implementation standards for any of its information systems, confirm that the organization has documented (i) why any such addressable implementation standard was not reasonable and appropriate and (ii) all alternative security measures that were implemented;
- Ensure that the organization has implemented a breach notification policy that accurately reflects the content and deadline requirements for breach notification under the Breach Notification Standards;
- Health care provider and health plan covered entities should ensure that they have a compliant Notice of Privacy Practices and not only a website privacy notice;
- Ensure that the organization has reasonable and appropriate safeguards in place for PHI that exists in any form, including paper and verbal PHI;
- Confirm that workforce members have received training on the HIPAA Standards that are necessary or appropriate for a workforce member to perform his/her job duties;
- Confirm that the organization maintains an inventory of information system assets, including mobile devices (even in a bring your own device environment);
- Confirm that all systems and software that transmit electronic PHI employ encryption technology or that the organization has a documented the risk analysis supporting the decision not to employ encryption;
- Confirm that the organization has adopted a facility security plan for each physical location that stores or otherwise has access to PHI, in addition to a security policy that requires a physical security plan; and
- Review the organization’s HIPAA security policies to identify any actions that have not been completed as required (e.g., physical security plans, disaster recovery plan, emergency access procedures, etc.)