How to develop an effective audit protocol

In the Philadelphia-based Health Care Compliance Association’s latest survey of compliance officers (COs), monitoring/auditing emerged, along with dealing with the Healthcare Portability and Accountability Act, as the top challenge COs expect to face over the next three years. In fact, the two items finished in a statistical dead heat.

Developing an audit plan is not a one-time event, warns Sheryl Vacca, a director with Deloitte & Touche in Sacramento, CA. "It is an evolution," she says. In developing the audit plan, she says it is essential to know not only what kinds of resources are available to identify risks but to leave room for the unexpected so that not every resource is being utilized when something unforeseen surfaces.

It also is essential to make sure senior management and the governing board endorse the audit plan.

In addition to the HHS Office of Inspector General’s (OIG) workplan, the latest of which was released earlier this month, there is an abundance of literature to help define risk areas. But it is also critical to understand the state and local environment, she adds.

Dan Roach, vice president and corporate compliance officer at Catholic Healthcare West in San Francisco, says that while OIG guidance and fraud alerts are critical resources, some COs overlook investigations taking place regionally. "I have experienced both in Minnesota and in California situations where the U.S. Attorney literally goes from hospital system to hospital system once they have identified a situation that has been lucrative," he says.

Similarly, Vacca reports that in California the state attorney general is targeting skilled nursing using a team that includes the FBI and numerous other agencies. The team functions much like "a SWAT team," she says.

In developing an audit protocol, Vacca says compliance officers also must look internally. At a large health system with a full continuum of care, however, that could mean auditing virtually non-stop. "You have to prioritize your high-risk business priorities that are going to mitigate risk for your organization to the greatest extent," she says.

Roach says that in his experience as a compliance officer with two large health care systems, the most frequent mistake he’s seen is trying to accomplish too much. "We have a tendency to bite off more than we can reasonably chew," he warns. "Don’t create an entire laundry list, because I don’t think you can do an effective job," he says. Instead, compliance officers should focus on the top 10 to 15 priority issues the organization expects to face, along with benchmarks that then can be presented to the board, he advises.

One way to establish those priorities in terms of both money and people is through the use of a template, which prioritizes items on a quarterly basis and includes a column for methodology and frequency.

It also is critical to understand the plan’s goals and objectives, says Roach. The reality is that many audits are not very useful in helping physicians change their behavior, he warns.

Compliance officers must start by determining the principle purpose of their audits. Are you just trying to measure the process, the adequacy of the process, or the accuracy of your claims? he asks. Or do you want to use the audits to drive your educational activities, which may, in turn, influence the structure of the audits?

Likewise, Roach says that compliance officers must determine if they want to look at processes or outcomes. Even the best billing office in the world will fall short if the admitting personnel do not collect the right information about payer sources and other critical information during the intake, he warns.

In addition to "substance compliance" such as adherence to the three-day window and not billing Medicare for self-administered medications in the outpatient context, Roach says that compliance officers must also look at "structural compliance."

He reports that his initial audits focused heavily on substantive areas only to learn that not everybody was implementing the necessary measures identified such as refunding claims.

"Now the balance in our audit protocol is about 50/50 — 50% substantive and 50% procedural or structural," he reports. "I think it is almost as important to make sure that we are following our rules, policies, and procedures as it is to make sure that we are in rigid compliance with the law," he explains.

Clinical expertise is critical in certain audits, says Vacca. However, clinical auditors are not always available so COs must learn how to use human resources within their own organization to maximize efficiency. One way to accomplish that is to use a clinical expert in the arena you are auditing as "a shadow," she advises.

That way the auditors maintain their independence and develop the criteria with the clinical expert providing feedback. "Meanwhile, you have a paired couple that are learning from each other," she explains.

Another caveat is that it is not always wise to bank on technology alone when it comes to assuring that you have a clean claim, adds Roach. "Those edits are great, and they will screen out certain things, but they don’t go to the root of the issue, which is usually documentation," he says.

Providers also can use auditing in a manner that will help demonstrate outcomes and the return on investment for your organization. "It also helps to identify and increase the perception within the culture that it is a proven methodology that will help to identify for your culture that you are doing the right thing in many different ways," Vacca explains.