PYA Principal Denise Hall and Michelle Calloway of Hancock, Daniel, Johnson & Nagle, P.C., copresented at the 2013 American Health Lawyers Association/Health Care Compliance Association Fraud & Compliance Forum in Baltimore. They addressed “The Hidden Dangers of Trying to ‘Do the Right Thing:’ A Practical Look at Auditing, Monitoring and Investigation Pitfalls.” The presentation covered best practices for investigating reported compliance concerns, compliance auditing techniques, repayment practices, and corrective action implementation and monitoring procedures.
Call Girls Amritsar Just Call 8250077686 Top Class Call Girl Service Available
The Hidden Dangers of Trying to ‘Do the Right Thing:’ A Practical Look at Auditing, Monitoring and Investigation Pitfalls
1. DENISE HALL
PERSHING, YOAKLEY,
& ASSOCIATES, P.C.
THE HIDDEN DANGERS OF TRYING
TO “DO THE RIGHT THING”
A Practical Look at Auditing, Monitoring,
Investigation, and Corrective Action
AHLA/HCCA FRAUD AND COMPLIANCE FORUM
September 29–October 1, 2013 | Baltimore, MD
MICHELLE CALLOWAY
HANCOCK, DANIEL,
JOHNSON & NAGLE, P.C.
3. WHY WE ARE HERE
• “To Do the Right Thing” in an effective
manner.
• Today’s presentation will focus on the
following elements of an effective
Compliance Program:
Internal auditing and monitoring
‒ Routine and investigative
Responding to detected offenses –
‒ Investigating reported or identified compliance
concerns and undertaking corrective action
‒ We will also offer some:
Tools for “doing it right”
Hidden dangers to watch out for
3
5. INTERNAL AUDITING
• Routine Audits
Audit prospectively, not retrospectively.
Define methodology at the outset.
Start with a small investigative sample (5-15 units).
Depending on results, it may be necessary to expand the scope of the
audit (e.g. 30, 50, 100, statistically valid sample).
Expanded audits should include Compliance Officer’s involvement.
• Investigative Audits
Directed by Compliance Department.
Start with a small probe audit (e.g. 30 claims) unless you know the scope
of the problem.
Determine the “trigger point.”
Assess whether attorney/client privilege should be invoked.
Methodology driven by the specific facts and issue.
5
6. AUDITING TECHNIQUES
AND METHODS
• Retrospective Audits – claims that have already
been billed/paid.
Used to investigate past billing compliance issues.
Audit results may lead to a repayment obligation.
• Concurrent Audits – claims that have not yet
been billed.
Used to monitor ongoing compliance concerns or
scheduled audits per the Audit Plan.
If planned correctly, improperly billed claims can be
corrected by submitting an adjustment claim.
May reveal need for retrospective auditing (“deliberate
ignorance”).
6
7. ROUTINE AUDITING
• Annual Risk Assessment and Audit Plan
Resources to identify potential risk areas:
‒ Annual OIG Work Plan
‒ OIG Compliance Guidance Risk Areas
‒ RAC Approved Issues List
‒ PEPPER reports
‒ State and federal survey and certification reports
‒ Complaint and grievance reports
‒ CIAs with similar facilities
Prioritization is key.
Be realistic.
Consider all your potential risks – not just billing/coding.
7
10. ANNUAL AUDIT PLAN
• Utilize your Working Compliance Committee.
• Working Compliance Committee members
should seek assistance from relevant staff.
• Determine the organizations’ specific
strengths and weaknesses within the identified
risk area.
• Develop an improvement plan and audit
methodology to review compliance in areas
of potential weakness.
• Audit compliance and track improvement
monthly/quarterly.
10
11. INVESTIGATIVE AUDITING
• Internal Identification
Annual risk assessment
Compliance Hotline
Compliance reports
Internal department audits
Questions from staff
• External Identification
External auditors (MAC, RAC, ZPIC, OIG, state
Medicaid, OCR)
Being proactive in responding to external audits
heightens chances to minimize penalties and
further scrutiny. 11
12. AUDIT DESIGN & ERROR RATE
• Audit Design
Review Criteria
Universe/Sample Size Determination
Random vs. Risk-Based Sampling
Probe vs. Statistical sample
• Definition of “error”
Financial vs. claim error rate
Net vs. Gross
Internal error rate thresholds
12
14. POTENTIAL IMPACT OF
SIGNIFICANT ERROR RATES
• Self Disclosure
• Significant Overpayment Extrapolation
• Possible Payment Suspension
• Referral to Enforcement Agencies
• Increased External Scrutiny
• Public Perception
14
15. HIDDEN DANGERS
• Overexposure
An improperly defined audit scope can “cast the net too wide.”
Don’t overwhelm yourself or create liability for the organization.
• Invalid Sample Selection
Selecting the sample size requires expertise and familiarity with the types of
services being audited, the patient population, and payer mix.
The sample selection should be performed with potential for extrapolation in mind.
• Error Rate Thresholds
Should be defined ahead of time by the organization.
A conservative error rate threshold is a 5 percent error rate, as this is the rate
typically used in OIG Corporate Integrity Agreements.
• Not Just a Billing Issue
Proper billing and payment is only a piece of the compliance puzzle.
Don’t forget about ADA compliance, HIPAA compliance, EEOC compliance, FDA
compliance, CLIA compliance, etc.
• Conflicts of Interest
The audit should be conducted with independence.
Results must appear reliable to internal and external authorities. 15
17. CONDUCTING THE
INVESTIGATION
• Scope
Define the issues involved.
Establish the relevant time frame.
If reimbursement:
‒ Identify payer sources involved.
‒ Determine “trigger” and universe of potentially affected
claims.
Consider staff interviews, documentation review, claims
audits.
Limit (if possible) to specific individuals involved or
events triggering the investigation.
Keep the scope narrow to design the process around
the key issues as you uncover the “real issue.”
17
18. CONDUCTING THE
INVESTIGATION
• Carefully consider the need to hit the “Panic
Button” to stop the problem immediately.
Document/billing hold
Pre-payment reviews
Repayments/adjustment bills
Don’t over-react!
Don’t under-react!
18
19. CONDUCTING THE
INVESTIGATION
• Attorney-client privilege
Consider for issues with potential high exposure:
‒ Potential dollar amount at stake;
‒ Complexity or severity of the regulatory issue involved;
‒ Number of beneficiaries potentially affected;
‒ Likelihood of uncovering a serious problem requiring a voluntary disclosure
to Medicare or other federal payers;
‒ The government’s likelihood of identifying the issue before repayment can
be made.
‒ Length of potential non-compliance.
Consider outside legal counsel.
‒ Independence
‒ Develop a strong working relationship
‒ Mark all documentation including investigative notes and
correspondence: “CONFIDENTIAL / ATTORNEY-CLIENT PRIVILEGED /
ATTORNEY WORK PRODUCT” 19
20. CONDUCTING THE
INVESTIGATION
• Identify the investigative team considering:
The workloads of internal compliance staff and the
availability of other internal resources;
The complexity or specialization of the issue;
The scope of the investigation (e.g. the universe of
claims and mass of documentation to be reviewed);
The dollar amount potentially at stake; and
The sensitivity of the issue being investigated.
The ability of the staff to exercise independence.
When is it appropriate to escalate to executive team /
Board.
20
21. CONDUCTING THE
INVESTIGATION
• Interviewing
Time is of the essence, but don’t rush.
Confidentiality is key.
Awareness and enforcement of non-retaliation
policy is imperative.
Corporate attorney represents the organization, not
the individual.
Consider environment / tone / possible demeanor
of the witness (cooperative / defensive / veracity).
“Who’s the best man [or woman] for the job?”
21
22. HIDDEN DANGERS
• Whistleblowers
Employers cannot retaliate against whistleblowers.
Consider exit interviews / severance agreements.
• Attorney-client privilege
Must document appropriately.
Document the scope of the engagement in writing
• Conflicts of Interest
Make sure you have the right
people conducting the investigation.
• Jumping to Conclusions
Keep an open-mind and don’t overreact. 22
24. CORRECTIVE ACTION
“Next to doing the right thing, the most
important thing is to let people know you
are doing the right thing.”
- John D. Rockefeller
24
25. CORRECTIVE ACTION
PLANS
• Document, document, document – but consider whether
the information is protected;
• Description of the compliance issue;
• Description of the investigative audit findings;
• Summary of the applicable regulation or policy at issue;
• Identification of the cause of the non-compliant practice;
• A list of steps taken by the provider to correct the issue:
Immediate cessation of the problem;
Retrospective corrective action (e.g. repayment)
Prospective corrective action (e.g. education of staff, revisions to
processes, etc.); and
• A plan for future compliance monitoring of the issue to
ensure that the corrective actions have remedied the
problem permanently (recidivism is a big issue).
25
26. CORRECTIVE ACTION
PLANS
• Organizational Culture
Internal communications
Potential relator considerations
• Having all the right parties involved in this step
• Must have support from all levels – staff to
organizational leadership
• Putting it in writing – nature, purpose and
design
• Having responsible parties dedicated to
taking the corrective steps 26
28. FALSE CLAIMS ACT
LIABILITY
• PPACA expanded False Claims Act (FCA) liability to
include “identified” overpayments not returned to
federal health care programs within 60 days.
• “Identified” = the provider “has actual knowledge of
the existence of the overpayment or acts in reckless
disregard or deliberate ignorance of the existence of
the overpayment.”
• Required to act “with all deliberate speed” to
conduct a “reasonable inquiry” to determine
whether an overpayment exists
• CMS proposed to implement a 10-year look-back
period for purposes of making repayments under the
60-day rule.
28
29. FALSE CLAIMS ACT
LIABILITY
• CMS’ Examples of “Identified” Overpayments
A provider reviews billing or payment records and learns that it
incorrectly coded certain services, resulting in increased
reimbursement.
A provider learns that a patient death occurred prior to the
service date on a claim that has been submitted for payment.
A provider learns that services were provided by an unlicensed or
excluded individual on its behalf.
A provider performs an internal audit and discovers that
overpayments exist.
A provider is informed by a government agency of an audit that
discovered a potential overpayment and the provider or supplier
fails to make a reasonable inquiry.
A provider supplier experiences a significant increase in
Medicare revenue with no apparent reason (such as a new
partner added to a group practice or a new focus on a
particular area of medicine) and fails to make a reasonable
inquiry.
29
30. EXTRAPOLATION
• OIG Corporate Integrity Agreement standard:
The sample should be designed to estimate the
overpayment with a 90% confidence level and with
a maximum relative precision of 25% of the point
estimate.
• Use OIG RAT-STATS software.
• Consider use of expert statistician to perform
extrapolation for higher likelihood of
acceptance by payer.
30
31. REPAYMENT LETTERS
• Voluntary Repayment process outlined in Chapter 4
of the Medicare Financial Management Manual.
Use form on MAC websites.
• The repayment letter should include:
A summary of how the error was discovered;
A clear outline of the methodology used to quantify the
overpayment (including whether statistical sampling was
used);
What corrective actions were taken as a result of the
discovery; and
Other information necessary to identify the affected claims
(including, when possible, a copy of the audit spreadsheet).
• Understand differences in government and private
payer processes.
31
33. REBILLING
• For most Medicare claims, the timely filing limit
is 12 months from the date of service.
• If an audit identifies improperly billed claims
within the timely filing period, the claims can
typically be re-billed or adjusted with the
MAC.
• CMS has implemented a new process for
rebilling improper Part A inpatient hospital
claims under Part B.
Payment Policies Related to Patient Status, 78 Fed.
Reg. 50495 (August 19, 2013).
33
34. HIDDEN DANGERS
• 60-Day Rule
The date of “identification” is often hard to determine.
Must clearly identify any overpayments – the clock starts
running at identification.
• Documentation
Consider attorney-client privilege
Compliance documents are not automatically protected
• Excessive Rebilling
Can raise red flags
• Beneficiary Repayment and Collection
Responsibility to repay copayments to beneficiaries.
Providers must also collect from beneficiaries if they rebill
claims and a copay or deductible is owed. 34
36. MONITORING
• Where do you start?
• Who is responsible?
• How do you keep track of it all?
• Is there available technology?
• Are we tracking all corrective action plans? How often?
• Are we tracking all governmental pre- and post- payment
activity?
• Did we miss any response to inquiry deadlines?
• What percentage of repayment requests are appealed?
(ex. RAC Appeals)
• Are we reviewing denial activity and determining root
cause?
• Do we have corrective action plans developed for our
unique root cause(s)? 36
37. DEFINE YOUR
MONITORING PROCESS
• Obtain leadership buy-in
• Must eliminate silos/protective behavior
• Communicate expected outcomes and
financial risk
• Define which regulatory requirements are
relevant to the organization
• Establish Risk Tolerance
• Establish Risk Ownership
37
38. QUESTIONS LEADERSHIP
MAY ASK
• What regulations changed in FY2013/anticipated
to change in FY2014 and what new processes
are needed to address?
• What is the impact of regulatory activities?
• How effective is our monitoring process?
• How do we know our internal efforts are working?
• What should we expect for remainder of our
fiscal year?
Consider a dashboard to report and monitor.
38
39. HIDDEN DANGERS
• Failing to Monitor
The compliance department should add any identified
compliance concerns to the organization’s Audit Plan and
create a schedule for follow up audits to ensure ongoing
compliance.
Inevitably, staff and processes revert to their “old habits.”
• Failing to Follow CAP
Failing to abide by a CAP can increase risk for FCA liability for
future overpayments because the provider was already on
notice of the issue.
Particularly critical when promised in a repayment letter.
• Culture / Buy-in
Resources are slim for everyone
39
41. SCENARIO 1
• Issue: Employee performing a daily task of up-
coding on very expensive DRGs on I/P with all
payers.
The CCO received an Alertline report that the caller was instructed by
their supervisor to bill a higher level of service then is recorded on the
documentation and told if they did not do it they would be fired and the
supervisor would find another sucker to do it. They up-coded for several
months and then decide to report to the CCO. They placed their
concern through the Compliance AlertLine and felt that way they could
stay anonymous and not lose their job.
• What is the next step?
Once reported to the Compliance Dept/CCO, the investigation begins;
initially an internal review is conducted on what is known at this point,
which was assumed to be only one employee doing this. With the
volume discovered from the baseline audit, it was decided to expand
the audit to include 2 other coders, which uncovered they were also up-
coding. This opens up an unknown timeframe, number of personnel and
finance impact to the organization.
• What do you do now? 41
42. SCENARIO 2
• Issue: Wound care services investigation
Compliance auditors express concerns to
Compliance Office regarding physician
documentation and quality of care.
• Considerations
Closed community with physician being heavy
admitter.
How far do you take this investigation before
involving counsel?
How do you adequately prove or disprove quality
of care issues?
How do you protect your organization given the
community culture? 42
43. THANK YOU
We are happy to answer any questions.
Michelle Calloway
HDJN
(804) 967-9604
mcalloway@hdjn.com
Denise Hall
PYA
(404) 266-9876
Dhall@pyapc.com
43