How to implement effective monitoring and auditing
How to implement effective monitoring and auditing
Monitoring and auditing compliance programs is now the top priority for health care providers, according to the latest annual survey released by the Philadelphia-based Health Care Compliance Association last month. But Michael Hemsley, vice president or corporate compliance and legal services at Catholic Healthcare East, says those two functions are often misunderstood and poorly implemented.
According to Hemsley, compliance officers must first make sure that their compliance programs include effective monitoring and auditing that include the periodic assessment of the compliance program itself as well as operational risk areas. He also argues that these functions should be implemented with a risk priority focus and conducted on a day-to-day basis for clinical and operational managers and employees.
David Rogers, a partner with Deloitte & Touche in Boston, takes a similar view. He says the first step is understanding the distinction between the two functions. According to Rogers, one type of monitoring focuses on what is happening in the compliance program itself in areas such as training and hotlines.
He says another type of monitoring utilizes those activities to identify compliance risks. He says that type of analysis focuses on the characteristics of the overall population rather than individual transactions. It then analyzes data to determine whether or not trend lines discover something unexpected. On the other hand, it usually will not provide specific reasons behind what is being observed.
For example, Rogers says DRG frequency analysis might reveal patterns that differ from the past or from patterns at peer organizations. "That points out a potential area that you may want to look into, but it does not tell you the underlying cause," he explains.
Rogers says other examples of this type of monitoring include physician billing code profiles, CPT/HCPCS procedure/test volume analysis, denial testing trending, 72-hour edits, zero-pay APC reporting, annual employee feedback surveys, and risk assessment results.
Auditing focuses mainly on detailed transactions, according to Rogers. He says these data usually require extrapolation to a population to have the audit results make sense and to put them in context. Examples include testing a sample of Medicare DRGs, testing a sample of specific physician claims, and testing claims submitted by specific coders or claims submitted during certain timeframes. "You might have some system interface glitches," he explains. "Whatever parameters are established, auditing looks at the detailed transactions."
Rogers says it is also a challenge to figure out what the data reveals. "It requires a fair amount of operational knowledge to execute monitoring activities and have [these data] make sense," he says. According to Rogers, that is why it makes sense for operations people to perform many of these tasks. "They really are the first line of knowledge’ about whether those numbers make sense," he explains. "Sometimes there is information in monitoring reports that does not trigger concern but should."
From an auditing perspective, he says the challenge is to relate findings to overall populations. While statistical extrapolations are the most common way of interrelating audit results to an overall conclusion, he says hospitals may decide that auditing actually can’t be accomplished in a way that can generate statistical conclusions.
For example, hospitals may want to perform an audit on a current or pre-bill basis. Normally, a sample designed to gauge an overall conclusion about a six-month or one-year population of transactions would require samples from that entire population. However, a pre-bill review does not offer that opportunity, and hospitals may not be able to draw statistical conclusions.
According to Rogers, monitoring poses significant challenges, including figuring out what to monitor. He says organizations should begin with essential functions such as coding and then consider what problems might arise. From that, they should determine what systems and data can do to help point out problems.
"Even defining what the populations are can be complicated," says Rogers. For example, a retrospective sample of outpatient claims might reveal potential problems such as billing for self-administered drugs. But if the sample was selected from all types of outpatient claims, it might be a mistake to extrapolate that error rate to the entire population. "Auditing often results in redefining the populations that you are looking at," he says. "It is always a good idea to narrow populations and sub-populations down as much as you can."
Hemsley says the OIG expects reviews of key compliance activity be undertaken at least annually. Such reviews can provide an early warning system about potential problems and help save scarce internal resources. But even at large systems like CHE, internal audits are very rare.
Rogers notes that the OIG merely advises providers to conduct monitoring on a regular basis. "You have to take into consideration the history of your organization, the complexity of your operations and prior audit results, and put it in the context of the overall organization to determine how frequently these things need to be done," he says.
Rogers adds that the frequencies can evolve as history is developed. He says that starting down that path is more important than setting regimentation on how often it occurs. In terms of scope, he says hospitals may want to consider initially focusing on where most of the dollars are spent and most of the activity takes place as opposed to covering every physician.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.