welcome to the "medicare and medicaid reviews, audits, and investigations: a primer for physicians and other health care professionals" presentation. the purpose of this presentation is to provide a general understanding of the different kinds of federal and state reviews, audits, and investigations possibly encountered by physicians or other medicare and medicaid health care professionals.
more specifically, the presentation examines: similarities and differences of various medicare and medicaid reviews, audits, and investigations; strategies to prepare for them; and strategies to minimize compliance risk. at the conclusion of this presentation, the learner will be able to: define "program integrity"; differentiate between review, audit, and investigation; describe the entities doing
program integrity work; explain what goes on before, during, and after a program integrity project; illustrate possible outcomes and potential results; describe how to prepare for a review, audit, or investigation; and list sources of help, guidance, and referral. the entities and activities discussed in this presentation are often described as engaging in "program integrity." a shared understanding
of what this frequently heard phrase means is important and discussed next. "program integrity" encompasses the various efforts that seek to improve stewardship of program funds and resources by reducing fraud, waste, abuse, and improper payments. this basically means paying claims for health care products and services correctly. this presentation focuses on the work performed
to ensure that medicare and medicaid "pay the right amount for covered and correctly coded services rendered to eligible beneficiaries by legitimate providers." this presentation refers to the activities that pursue these ends as "program integrity work." the first step in preparing for a program integrity review, audit, or investigation is understanding their similarities and differences.
in some ways, they are the same, and in other ways, they are quite different. we first explore their similarities. all program integrity reviews, audits, and investigations provide the monitoring needed to maintain fiscal health and ensure that products and services go to those who need them most. program integrity work benefits all americans, including physicians and other
more specifically, these monitoring efforts: strengthen program integrity by providing checks and balances, identifying vulnerabilities, and improving payments for proper services rendered; reduce mistakes and associated costs by identifying repetitive errors for billing improvements, reducing the need to submit claims multiple times, and ensuring services paid for are rendered as required by the program;
improve quality of care through billing improvements, which aligns claims with medical necessity and improves claim accuracy; and increase the efficiency, effectiveness, and economy of the entire health care supply chain. yet, health care reviews and audits on the one hand, and investigations on the other, pursue these goals differently. let's compare and contrast reviews and audits first.
while a "review" and "audit" are not the same thing, typically their processes are remarkably similar. reviewers and auditors commonly follow these steps: analyze claims data to determine if a review or audit of a physician or other health care professional might be appropriate; identify providers of a pending review or audit, followed by an on-site or desk review of documents;
discuss any issues found. in some cases, contact the provider's staff or beneficiaries. in some cases, the reviewers or auditors may use physicians, dentists, or other medical experts to examine beneficiaries; once information is gathered and analyzed, a written communication typically goes out to the given provider for review and comment, usually over the next 30 days; provider responses and additional information are considered for
inclusion in the final document; and the given provider may get a letter requiring recoupment of overpayments. a designated entity will pursue collection of any overpayments, and the physician or other health care professionals can initiate an appeal. if the review or audit finds more underpayments than overpayments, additional dollars may be paid to the provider. if reviewers and auditors find
potential fraud, they must refer the matter to the appropriate entity for investigation. we will now explore some key differences between reviews and audits. reviews can be more flexible than audits and can explore a broader range of issues. they may also examine overall compliance with rules, regulations, and applicable criteria, and other financial, administrative, and managerial issues.
reviews can only assess whether anything came to the reviewer's attention that would cause one to conclude that applicable criteria were not followed or information presented is not materially correct. this is called "negative assurance." remember that identifying and concluding the information presented is not materially correct does not indicate review results are immaterial. information gathered from a
review or audit is valuable. audits are more formal than reviews and are methodical inspections, governed by specific professional standards, which can differ with audit objectives. the standards generally used for government audits are in the yellow book put out by the government accountability office (gao) and available for free by searching "yellow book" on the gao website.
audits also generally seek to determine whether criteria were followed or whether information is materially correct. this is called "positive assurance." note that reviewers and auditors do not pursue criminal prosecution. the yellow book requires auditors to refer suspected wrongdoing to legal authorities. the investigations that result from referrals differ from both reviews and audits.
reviewers and auditors do not do investigations. in fact, the yellow book uses the word "investigation" only with respect to law enforcement and legal proceedings. auditors are required to report, rather than investigate, suspected illegalities. when reviews and audits become investigations, law enforcement entities are likely to be involved.
those entities include the united states department of justice (usdoj); u.s. department of health and human services, office of inspector general (hhs-oig) federal bureau of investigation (fbi); state attorneys general; state medicaid fraud control units (mfcus); department of public safety; county or municipal authorities; and so on.
finally, investigations seek facts. that is, they seek to determine whether noncompliance occurred. criminal investigations must meet the standard of "beyond a reasonable doubt." reviews and audits, by contrast, pursue some level of "reasonable assurance," either negative or positive, and documents must reflect compliance, as discussed earlier. this is not the same thing as establishing the truth
of an event or assertion. investigations directly support civil or criminal enforcement while reviews and audits do not, though the results of a review or audit might prompt an investigation. for example, each individual violation in a criminal case, a so-called "count," can itself generate a conviction. moreover, if a court confirms multiple "counts," incarceration may occur.
on the other hand, finding 10 claims in error in an audit sample may not warrant action beyond their recoupment. in addition, while a review, audit, or investigation might involve examination of beneficiaries by an appropriate health care professional, such examinations are more likely during an investigation given the greater likelihood that an enforcement necessitates collection
of actual physical evidence. now that we have compared and contrasted the general types of program integrity work, let's broadly address which entities perform this work, what they do, and how you can be better prepared and, thereby, make the process faster and easier. the focus in this section of the presentation is on reviews and audits. we will start
by discussing their general objectives. program integrity work is designed to do what anyone does when solving a problem, measure it, correct it, prevent it, and strengthen the process to make things better. a physician or other health care professional might receive a notification letter because medicare or medicaid wants to: 1. measure improper payments; 2. correct improper
payments, including recovery of overpayments and reimbursement of underpayments; 3. prevent future improper payments and educate physicians and other health care professionals; and 4. strengthen the program by detecting, preventing, and eliminating fraud, waste, and abuse. while various entities perform program integrity work, they all service one or more of these objectives in conducting a review or audit.
let's get a better sense of who these entities are, what they do, and how they do it. the entities performing program integrity in medicare are different from those doing such work in medicaid. the acronyms by which these entities are generally known appear in the table on this slide. measuring improper payments is done via the annual comprehensive error rate testing (cert)
in medicare fee-for-service and via payment error rate measurement (perm) in medicaid and the children's health insurance program (chip), which occurs every 3 years. both projects are national in scope and involve post-payment reviews of all claims and provider types. in perm, the state, not the provider, is the auditee. note that neither cert nor perm audits assess whether improper payments are fraud.
medicare and medicaid use recovery audit contractors, or racs, to perform post-payment review of claims with a look-back period of 3 years. as their name suggests, these audits recover improper payment amounts. these contractors are paid on a contingency fee basis. in medicare, the medicare administrative contractors (macs), generally handle improper payment prevention. the macs can perform prepayment and post-payment
reviews, though they primarily perform prepayment reviews and can deny claims before payment. in medicaid, a variety of state-level entities seek to prevent improper payments. although it is optional, single state agencies (ssas), may use their medicaid management information system, and a surveillance and utilization review subsystem; fiscal intermediaries; claims administrators; contractors; their own inspectorates; or
internal audit offices for this purpose. state auditor and state comptroller offices may also request or review claims related to the work they perform, such as single audit (a-133) work. the financial and compliance prepayment and post- payment audits and investigations of the zone program integrity contractors (zpics). moreover, a single national medicare drug integrity contractor conducts compliance and financial audits.
on the medicaid side, medicaid integrity contractors (mics) perform post-payment audits using yellow book standards. the mics can audit any physician or provider type and are allowed a 5-year look-back period from the date the audit notification letter is issued. let's now look at the general process that these entities use in doing their work. many tools exist to identify which population,
products, services, and payments are the best focus for program integrity fieldwork. for example, risk analysis might identify new or emerging areas of program, medical, or service vulnerability associated with particular types of health care claims, goods, services, or activities. analysis of actual claims data might also be performed via such methods as application of electronic information system edits and audits,
and business rules; peer group comparison; trend analysis; analysis of outlier volume or value; or running algorithms, targeted queries, or predictive models. new or proposed future electronic edits and audits might also play a role in program integrity pre-production, as can expansion of the number or type of providers. in some cases, a review or audit might arise from congressional, legislative, or public stakeholder
concerns or even from tips from other sources, though these stimuli are relatively less common. some reviews occur on a pre-established schedule, as with the annual cert reviews and the triennial perm work. state medicaid agencies may also review or audit particular types of services or providers on specified multi-year cycles, particularly when resources are limited but demand for coverage
is great. let's now consider typical procedures of program integrity reviews and audits. once the population of products, services, and payments on which the review or audit will focus are known, program integrity fieldwork begins and generally follows the process shown on the slide. the first step is for the reviewer or auditor to select a sample of claims from the population of transactions related to
the given products and services. keep these samples small to reduce the burden on both the program integrity team and the provider. while specific types of claims may warrant special and separate attention, samples are often random to avoid the bias that can accompany selecting samples on a nonrandom, that is, purposeful or judgmental, basis. next comes a request for the documents
and other evidence related to the claims that have been sampled. the request usually comes in a paper letter seeking the various medical and financial records associated with given transactions. it is important to note that failure to submit medical records in response to the record request may lead the reviewer to assume that the claim lacks documentary support and to conclude there
was an improper payment subject to recoupment. the third step is reviewing the claims in the context of applicable regulatory and program criteria. the specific criteria will vary from one project to another. for example, medicaid racs use state-specific criteria, which can vary from state to state. in addition, the medicaid rac work does not include chip. however, a given state may still review chip
claims for overpayments or underpayments. the analyses of claims and other information can be completely automated, semi-automated, or complex, the last of which "involve requesting, receiving, and medical review of additional documentation associated with a claim." given that expert judgment may be needed to review claims for payment, program integrity entities often use clinicians and certified coders.
evidence may be gathered through interviews with relevant provider staff or contractors of providers and may include conversations with or examinations of beneficiaries. although many reviews and audits focus on whether claims were correctly paid, program integrity reviews and audits address a broad spectrum of data integrity, internal control, and payment administration issues, beyond whether a given claim was correctly paid.
generally speaking, the criteria applied in an audit or review assesses the following aspects of the documentation, service, or payment: availability; adequacy; acceptability; allowability; appropriateness; and accuracy. when assessing claims, the focus is on ensuring that paid claims were: for services provided and properly documented; for services billed properly, using correct and appropriate procedure codes;
for covered services; and paid according to federal and state laws, regulations, and policies. experience has shown that errors commonly found in claims reviews are due to: no or insufficient documentation; medically unnecessary service; incorrect coding; duplicate payment; non-covered or unallowable services; and incorrect number of units. when a review identifies improper payments in a
random claim sample, estimation or extrapolation of improper payment rates and amounts can occur. program integrity reviews and audits often assess both overpayments and underpayments and may offset the latter against the former before total overpayment estimates and extrapolations are calculated. once the estimates and extrapolations of overpayments, if any, are developed, they are communicated in writing
to the provider along with other compliance and control information relevant to the particular program integrity project. the provider can present additional evidence and otherwise respond to the assertions arising from the review or audit, then the final project deliverable is crafted and released. depending on the specific type of project, reviewed or audited physicians or other health
care professionals can also appeal overpayment determinations and other aspects of the review or audit at various stages of the process. while appeals are not covered in detail here, note that appeals processes will vary and some states allow informal or administrative hearings. program integrity and recovery audit contractors generally continue to provide support to the federal or state contracting entity, as applicable,
throughout the administrative appeals process and during an appeal to court. the range of outcomes from program integrity reviews and audits may include: recoupment of overpayments; issue tracking for further action; publicizing issues identified; educating relevant individuals and groups on program integrity concerns identified and
how compliance can be improved; and initiating corrective action plans; pursuing various sanctions; or referrals to authorities. if improper payments are involved, overpayment collections are pursued. overpayments and underpayments may offset one another in the recoupment process. reviewers send overpayment notices or adjust overpaid or underpaid claims.
in most cases, these notices go to the provider. in perm work on medicaid claims, the state refunds overall overpayments and then seeks to recoup the funds from the provider. if issues are identified across the given program or geographic area, they might be publicized to inform or educate providers and the public of newly found or emerging risks. identified concerns may also be tracked
over time and, if sufficiently persistent, may become inputs into future program integrity work. physicians or other health care professionals may get additional education and may be subject to various levels of corrective action plans to help ensure better compliance and control in the future. these can include: refining error rate measurement processes; improving system edits and audits; and
updating policies and manuals. various sanctions also are possible, including: payment holds; prepayment review; payment garnishment; exclusion; suspension; and debarment. reviews and audits can also result in various internal or external referrals, such as to the ssa, a state or mcp integrity unit, usdoj, a state mfcu, hhs-oig, or law enforcement particularly when fraud is suspected.
while it is helpful to understand the different types and processes of program integrity work, few things help more than ensuring that your practice or business is well prepared. generally, this means: not waiting for notification of the review or audit; and having a team in place that understands the process and can appropriately respond to review or audit
questions about budgeting, finance, compliance, clinical leadership, and other relevant areas. for what steps should a business or practice prepare? if you are reviewed or audited, be sure to respond timely, fully, and appropriately to document requests, and remember that the health insurance portability and accountability act of 1996 (hipaa) generally does not prohibit
disclosing information in beneficiary or provider files when the government seeks the information for use in government audits, reviews, or investigations. be sure to have relevant staff, policies, procedures, and documentation at hand. be able to demonstrate and document prior efforts to identify and correct compliance issues.
this will show that you care about program integrity, too. a single point-of-contact can also greatly simplify the process. it also helps to know which questions to ask, as the next slide explores. do not be afraid to ask questions of your reviewers or auditors, especially at the beginning of the process. questions may include: why was i selected, and
what standards will apply? is this a review, an audit, contract monitoring, performance assessment process, or other type of work? what are the scope and time frame of this project? should i submit electronic or paper records, and should they be originals or copies? when will my records be returned? who is my single point of contact
with the project team? what criteria and attributes will be used to test claims, and what can i do if i disagree? might i be subject to a corrective action plan? how long will i have to implement it, and how will it be monitored? the best preparation is to document each claim as though it will be audited. complete and accurate documentation both
strengthens business practice and improves the audit process and its results. documentation of each patient encounter should be complete and legible. for example, the documentation of an evaluation and management patient encounter should include the following: reason for the encounter, relevant history, physical examination findings, and prior diagnostic results;
assessment, clinical impression, or diagnosis; medical plan of care; and date and legible identity of the observer. if documentation gives a third party a complete and accurate understanding of the whole service process with no additional information, it is likely to be sufficient and appropriate. explanation of benefits (eob) forms can be very useful.
provider eobs are direct provider-client communications that typically verify the nature, scope, timing, and attribution of services. whether you use eobs monthly or quarterly, be prepared to follow up via mail, email, or telephone to help ensure that the eobs were received and that relevant service verification data is acquired. cms has developed models and a single integrated template for
medicare-medicaid eob data gathering. for details, search for "integrated eob" on the cms home page. without a doubt, the best way to prepare for an external audit is to do a self-audit. with this in mind, we next explore the basics of self-auditing. a self-audit has two basic parts, risk assessment and monitoring.
we will address these separately in the following slides. risk assessment is the foundation for a methodical, measured, and proactive approach to minimizing risk and increasing compliance and control. risk assessment answers four critical questions: what are the compliance issues and risks areas? what matters?
what is the vulnerability to each risk, what is likely to happen? what are the legal, financial, operational, and reputational impacts of each risk, what is the likely effect? what are the priorities among these risks, what can we do about it? the approach to answering the last question need not be complicated:
high: issues noted in the risk assessment that are hard to detect, are very likely to occur, or whose occurrence impact would be significant; medium: issues noted in the risk assessment that are relatively less likely to occur but are still of concern or difficult to detect; and low: risks that are unlikely to arise or that have low potential impact. the second key component of self-auditing,
monitoring, seeks to apply the results of the risk assessments to identify and address specific compliance concerns. when constructing a particular self-audit, one needs to answer five general questions: which types and how many claims should be reviewed? which criteria and procedures apply to the review? where is the documentation and other information needed to perform the review?
how should the review be documented? what steps should follow the review? robust monitoring efforts contribute to your ability to show "due diligence" and "good-faith" compliance efforts. while there is no single "right" way to monitor, the process of looking at claims itself can improve compliance by having a "sentinel effect." one approach to a
claims review is to start with a small random sample of claims, preferably from a randomized population of claims that relate to previously identified risks but that staff members do not handpick. it helps to monitor regularly, perhaps monthly or quarterly. some providers choose to monitor when controls are under maximum stress;
others audit at randomly selected times. be sure that qualified persons review the claims selected for audit. consider a "peer review" by swapping review tasks with a similarly skilled physician or other health care professional, ensuring, of course, compliance with all applicable hipaa requirements. what should a reviewer look for when monitoring?
look at the highest risk areas first, such as areas where your business or similar entities have found errors. also, look where dollar values or service volumes are aberrant. when testing claims, recall that overpayments often occur because the services were: not rendered; not performed (phantom billing); not medically necessary; of low quality or
marginal utility; double billed, including cross-billing to medicare, medicaid, and private payer; upcoded (billed at a higher than allowed or appropriate rate); unbundled; billed separately even though they were part of a global fee; fragmented; fragmenting is like unbundling. procedures are not performed on the same day and may still be considered
to be in the global period. separate claims are submitted for each procedure that makes up the major procedure on different dates of service; delivered by unqualified or unlicensed staff; delivered by an excluded person or entity; undocumented; and misrepresented with incorrect dates, names, modifiers, or other data elements. remember, when submitting claims
for medicare or medicaid reimbursement, the physician or other party is typically required to certify that the claim is complete and accurate (for example, he or she has earned the payment requested and the claim meets the billing requirements.) you might also look for suspicious patterns in the timing, demography, or geography of services. how should you deal with possible fraud
or material noncompliance? an excellent option is using the oig self-disclosure processes described on the hhs-oig website. in general terms, self-disclosure provides an opportunity to demonstrate good faith and a robust, effective compliance program. self-disclosure to hhs-oig has potential benefits, such as: lower damages amounts
than are sought in a government-initiated investigation; less potential exposure under false claims laws; and possible release from permissive exclusion and corporate integrity measures. if you disclose improper claims for federal health care dollars to hhs-oig, you must return any overpayments, and you must conduct a review to estimate the improperly paid amount
and prepare a report of findings that follows oig requirements. the review may be based on either a census or a random sample of at least 100 of the claims. more information on hhs-oig's process is in the april 2013 update of oig's provider self-disclosure protocol. note that you can submit self-disclosure information to hhs-oig online, by mail, or by fax,
but do not report it to the oig hotline. no matter how you approach self-disclosure, remember the law requires you to return identified overpayments. another option is to contact the state medicaid agency or mfcu. for a link to the contact information, visit the cms website. who should you contact for technical assistance
or report concerns about potential fraud for technical assistance on the different kinds of program integrity work, doing self-audits, and general compliance matters, contact your sma, mac, or oig industry guidance branch. to report possible fraud or material noncompliance, contact hhs-oig, your sma, or mfcu. their contact information is available on the cms website.
let's review the overall discussion points of this presentation. we have: defined "program integrity"; differentiated reviews, audits, and investigations; described entities doing program integrity work; explained what goes on before, during, and after a program integrity project; illustrated possible outcomes and potential results; described how to prepare; and,
listed sources of help, guidance, and referral. program integrity reviews and audits need not be intimidating or complicated. with preparation and processes in place to minimize and control risk, a physician or other health care professional will be ready. this presentation was current at the time it was published or uploaded onto the web. medicaid and medicare policies change frequently
so links to the source documents have been provided within the document for your reference. this presentation was prepared as a service to the public and is not intended to grant rights or impose obligations. this presentation may contain references or links to statutes, regulations, or other policy materials. the information provided is only intended
to be a general summary. use of this material is voluntary. inclusion of a link does not constitute cms endorsement of the material. we encourage readers to review the specific statutes, regulations, and other interpretive materials for a full and accurate statement of their contents. february 2016
0 komentar:
Posting Komentar