for DR. SAMUELSON only!!!!

profilefrguerradi
week_7_lecture_notes.pdf

MHCM 6320 Corporate Compliance and Legal Issues in Healthcare

Chapter 10: The Internal Audit

Chapter 11: External Audit

Week 7 Lecture Notes

There are a number or indications recognized as clues of fraud in compliance. These

are the first and most important things to look for through internal audits. Statistical

comparisons of rejections/denials of claims that indicate a high number of such

rejections is a very strong indicator of non-compliance. On the opposite side, too high a

rate of approved/paid claims may indicate underbilling or undercoding. Finally, there

may be activities that don’t show up in a statistical analysis that require internal audit

procedures to uncover.

Internal audits are those that are instigated and performed within the organizations own

structure. External audits are those which are required and performed by outsiders to

the organization. There is also a separation between audits that are carried out

simultaneously with the continuing performance of the business, called “concurrent”,

and those that look back at business that has been carried out and completed – called

“retrospective”. Both of these may be done both internally and externally.

Then there are levels of comprehensiveness for audits, called sampling or

comprehensive. When the sampling method is used it is imperative that a large enough

sample be pulled to reflect the realities of the situation.

Audit scope is determined by the policy, law or element of compliance sought to be

investigated. Such scope should be clearly determined and stated at the beginning of

the process.

The audit framework must be determined, along with a time frame, and team members

should be informed of a deadline for reporting at the outset. Then a reporting format or

template needs to be defined so that the audit team can be certain to gather all

necessary information to complete all aspects of the report.

In actually conducting the audit, the issue of concurrent or retrospective timing has a

substantial affect. Both approaches have pros and cons that should be weighed for

desired testing. Concurrency provides more of a sense of responsibility in current

activities, while retrospective audits tend to provide “warning” periods where personnel

may be tempted to alter outcomes due to a need for “survival”. Choices should be

made with these factors, as well as others, in mind.

Exit interviews provide an added form of audit, with the employee now free to confess or

criticize in a different environment. “Suggestion” or “Complaint” boxes provide yet

another opportunity for a form of audit.

Finally, no audit produces fruit until it has been completed and appropriately analyzed

and reported. Such analysis and reporting benefits from a familiarity with statistical

methodology, drawn from any available source.

The Health Care Fraud and Abuse Control program recovered about $1.1 billion per

year during the eight years from 1997 to 2005.

While that can be no doubt that the most affected entities are Medicare and Medicaid,

yet they are not the only payers that are affected by fraudulent claims. State

governments, Blue Cross and Blue Shield, Aetna, Prudential, United and all of the other

insurers and payers are also affected.

Because of this there are a large number of investigative agencies, a list of which is in

the Text, that are each empowered to review a provider’s claims. Blue Cross Blue

Shield Association states that in 2005, 70% of their corporate and financial

investigations were begun as a result of a report called in to their fraud hotline. The

agencies mentioned also have the ability to program their computers to review claims

and gather particular stats that will expose trends of possible illegal activities.

Often, an investigation will begin with a request for documentation, in which the agency

may request either a random sampling of case files or the request may be very specific.

HIPAA rules specifically allow for the sharing of information with health oversight

agencies for their legitimate purposes.

Such requests for information should bed responded to promptly but with care.

Information should be provided only when the identity of the individual or organization

requesting it has been verified. When supplying the information, care must be taken

that it is complete and accurate, and that originals are never sent. Response should

always be within the time limit stated in the request and the documents sent by a

method that provides for tracking.

Subpoenas are orders from a court of law demanding evidence be provided. The two

types of subpoenas used in healthcare documentation are a subpoena duces tecum,

which requires delivery of specific documents, and a subpoena ad testificandum,

requiring an individual to appear in court to testify. Failure to respond may result in a

finding of Contempt of Court which can result in fines and imprisonment. Again, HIPAA

specifically allows for these responses.

The organization may expect to receive a notice of the results of the audit of the

provided information. This notice may take the form of a notification of underpayment,

or a notice of improper payment. This latter notice provides three different levels of

responsibility that may be assessed: Negligence; reckless disregard for the law; or

criminal intent.

After findings of overpayment or improper payment, penalties assessed may include:

denial of payment; return of overpayment; criminal action;initiation of civil monetary

penalties; administrative sanctions.

None of these findings need be the end result, as there is the right of appeal where you

or your staff feel that there has been a misevaluation. Each organization has its own

appellate process, and it is up to the appealing organization to determine the proper

course of action and to follow it.