Audit Insights Blog

This blog provides tips, tools and information about all audits that affect the revenue of healthcare facilities, including Recovery Audit Contractor (RAC) audits. Authored by Lori Brocato, industry expert and HealthPort Audit Product Manager, Audit Insights gives healthcare professionals a comprehensive look at healthcare audits, the risks they present and ways to effectively manage and understand the entire process.

About Lori...
Lori Brocato is a long standing expert on audit management, including the RACs. In 2010 and 2011, Lori served as a monthly contributor for Advance Magazine for Health Information Professional's e-newsletter and online audit advice column where she discussed case-specific audits experienced by HIM professionals.

Check this page often for the latest news, education and information on healthcare audits.

Click here to see all of Lori's upcoming speaking engagements.

• The Real World of Audit: Inquisitive Minds Ask 5 Questions

  April 22, 2013

  This month’s RACMonitor includes an interview with the former network director of audits and compliance at a 6-hospital health system in Missouri. My inquisitive mind asked her five tough questions about the real-world of audit management. 
  
  See if her answers resonate with you! Or meet her in person at the HCCA Compliance Institute on Monday, April 22nd. 
  
  What were your two biggest challenges?
  Juggling all the different types of audits, and incoming communications.
  Financially reconciling the audits with findings.
  
  How did you deal with requests?
  We used a comprehensive audit management software application, HealthPort AudaPro™, for all our audits: RACs, MACs, QIO, CERT, etc.
  
  What was your staffing? 
  We managed the audit program centrally with four FTEs. HIM managed the view-and-approve process and HealthPort, our outsourced ROI vendor, processed the releases. 
  
  What were your most common requests? 
  Short-stay medical necessity denials
  
  What’s ahead?
  More audit activity and more delays in the appeal process.
  
  Click here to read the entire RACMonitor article.

• AHA RAC Update

  April 11, 2013

  AHA has issued a Regulatory Action Alert to AHA members to encourage comments to a new CMS proposed rule on rebilling.  The proposed rule would permit rebilling for some Part A claims that have been denied because the hospital inpatient admission was later determined not to be medically reasonable and necessary. However, AHA believes the proposal, as drafted, restricts a hospital’s ability to rebill claims. 

  Let your voice be heard by providing comments on the proposed regulation before May 17th.  AHA has provided a model letter addressing this important issue to help guide you as you draft your comments. Visit www.aha.org/rac and select the Action Alert link for more detailed information.

• CMS Issues Updated Medical Record Request Guidance

  April 10, 2013

  Hospitals are focused on caring for patients, but also challenged with more audits of payment claims, including by recovery audit contractors (RACs), which subject them to additional administrative burden and costly payment denials.

  In this April 5 RAC Update from the American Hospital Association, the Centers for Medicare and Medicaid Services has reduced the minimum number of medical records that Recovery Audit Contractors may request from Medicare providers other than physicians and suppliers.

  Key changes include:
  

  • Effective April 15, RACs may issue a minimum request of 20 records in a 45-day period from hospital and other provider campuses, down from a previous minimum of 35 records. 
  • Only 75% of a hospital’s record request limit may be used for a particular type of claim, such as inpatient, down from 100% previously.
  • The AHA-supported Medicare Audit Improvement Act (H.R. 1250), introduced March 19, would limit RAC medical record requests by campus to 2% of the Medicare claims submitted for a particular care setting, such as inpatient, outpatient, skilled nursing facility or inpatient rehabilitation.

  Click here to read the article in its entirety.

• Four Criteria to Evaluate RAC Software at HIMSS13

  February 27, 2013

  I recently authored an article in Health Management Technology for February 2013 titled, Four Criteria to Evaluate RAC Software at HIMSS13.

  Click here to read full article.

• Audits 2013: Recognize Which Ones Threaten Your Revenue

  February 25, 2013

  With each passing year, the number of bodies auditing healthcare providers grows. What started as a recovery contractor demonstration project launched by Medicare in 2005 has blossomed into an increasingly complex alphabet soup of agency acronyms presenting financial risk. Many of these recovery contractors threaten to take back revenue; a few do not.
  
  As we enter 2013, it is important to identify which federal and state auditors present financial risk and to understand the extent of that risk. This month’s article summarizes those topics and also outlines four types of audits that are troublesome and labor-intensive, but won’t take a bite out of cash flow.  Revenue-Threatening Federal and State Audits 
  
  The two types of most daunting revenue-threatening audits are those that focus on Medicare payments to hospitals: These are conducted by Recovery Audit Contractors (RACs) and Medicare Administrative Contractors (MACs). The RAC “pay-and-chase” program has been live since 2008, and as such, RAC risk generally is fully understood by healthcare providers. However, organizations must remain vigilant in defending against such risk.
  
  We advise organizations to monitor regional RAC activity continuously via the RAC websites. Also, shore up clinical documentation improvement (CDI) programs with an eye on known RAC targets and documented issues. Finally, centralize the management of RAC audits across all locations, including owned physician practices, medical groups and clinics. As discussed in my December 2012 article, “RACs Expand into Physician Practices, Adding Pressure to Existing Audit Burdens,” the RACs are planning reviews of practices and medical groups in 2013. 
  
  A similar approach is suggested in dealing with MACs. MAC prepayment reviews can represent an even more serious revenue risk since payments are held back before, rather than after, reimbursement. One HealthPort customer, INTEGRIS Health, has been experiencing MAC prepayment reviews since 2009 and advises others to focus on timely submission of medical record documentation as a key step in mitigating revenue takebacks. Beyond RAC and MAC activity, there are seven other types of audit providers should know about and understand fully.
  
  Other Forms of Revenue Risk
  Other revenue-threatening audits to recognize and discuss with internal teams include the following:

  • Quality improvement organization (QIO) audits
  • Comprehensive Error Rate Testing (CERT)
  • Medicaid Integrity Contractor (MIC) audits
  • Medicare HMO/Advantage Plan audits
  • Zone Program Integrity Contractor (ZPICS) audits
  • Payment Error Rate Measurement (PERM)
  • Disproportionate Share Hospital (DSH) audits

  Of these, the Medicare HMO/Advantage Plan audits in particular are creating heightened concern among healthcare providers in 2013.
  
  Spike in Medicare HMO/Advantage Plan Audits Expected
  For providers with large populations of Medicare HMO/Advantage patients as compared with traditional Medicare patients, Medicare HMO/Advantage Plan audits can be numerous, laborious and costly.
  
  Currently, the actual plan carriers are conducting these audits, but in 2013 we expect that Medicare Part C RACs also will begin auditing Advantage Plan encounters, as the RAC program was expanded to include Medicare Part C under the Patient Protection and Affordable Care Act. The possibility of both the health plan and RACs looking at cases means there is a high probability for duplication of audits.
  
  In 2013, keep an eye on these Medicare HMO/Advantage Plan audits and use some type of electronic audit tracking tool to identify duplicates. If a duplicate audit is identified, providers are encouraged to dispute the duplicative request. Standard “dispute letter” templates can be created to use in these situations.
  
  DSH Audits are Rare, but Deadly
  DSH audits are triggered by very specific events and typically involve scrutiny of existing cost reporting tools along with hospital cost reports and audited financial statements. While DSH audits don’t occur often, when they do occur, they represent a very serious matter.
  
  One large, multi-location health system experienced a 2009 DSH audit in which more than $3 million was paid back to the Medicaid program. Large organizations should gather additional information regarding these audits and should be fully aware of their specific triggers. Additional information on DSH audits can be found online at the national Medicaid website.
  
  Non-Revenue Threatening Audits can be Equally Laborious
  As mentioned, there are three other types of audits to keep in mind in 2013 (Medicare risk adjustment audits, HEDIS and Medicare Advantage Plan quality audits). While no revenue is taken back through these audits, the burden to staff and internal cost to prepare medical records and send information along certainly lends a comparison to the revenue-threatening audits mentioned above. Volumes of these three types of audits also often are considerable, further burdening staff and audit management teams. In addition to familiarizing yourself with these matters,, it’s important to be aware of any internal audits your organization may be performing in the coming year.
  
  Cost to Comply is Your Biggest Risk in 2013
  Provider focus should be concentrated in five areas in order to effectively reduce these costs over time:

  • Prevent audits before they occur through strong CDI, coding and revenue integrity programs.
  • Centralize audit management to make the most of focused resources, and identify duplicate audits.
  • Implement technology to track, monitor and manage audits as they occur.
  • Take advantage of electronic requests and electronic delivery when available.
  • Learn from your experiences, creating a feedback loop for future audit prevention initiatives.

  Time and motion studies demonstrate that there are formidable costs associated with audit compliance, regardless of audit type. Both revenue-threatening and non-revenue threatening audits demand FTEs, paper production, postage, shipping, tracking, monitoring and appeal management.

  References:
  The INTEGRIS Pre-Payment Audit Experience: https://healthport.com/campaigns/prepayment_reviews_article.aspx
  
  DSH Audit Information: http://www.medicaid.gov/Medicaid-CHIP-Program-Information/By-Topics/Financing-and-Reimbursement/Downloads/General_DSH_Audit_Reporting_Protocol.pdf

• RACs Take Aim at Physicians in 2013

  January 09, 2013

  Hospitals have worked hard to forge stronger relationships with physician practices. They must now stay vigilant of audit activity directed at those practices. In today’s blog post, I hope to provide insight into current RAC and other regional audit activity, information that will help your organization get up to speed and in control in 2013.  
  
  Two RACs make first moves. Two RACs in particular recently mentioned upcoming reviews in physician practices and medical groups. The Region C contractor says they’ll take a generic approach while the Region D RAC plans to focus on specific issues by provider type. Regardless of methodology, we predict that other RACs will follow suit.
  
  RACs expand code auditing. The American Academy of Family Physicians (AAFP) recently confirmed that Region C states will be audited for E/M coding. They’ve also promised that E/M code auditing will expand to the other three RAC regions. Hospitals that own physician practices must make sure that offices are not billing for services beyond those they actually deliver.
  
  Several HealthPort customers report RAC reviews of E/M coding for CPT codes that cover routine office visits. To this point, the RAC has reviewed records to ensure that higher E/M levels, which are justified during initial office visits, are not duplicated in subsequent, repeat or routine visits.
  
  Physical records are now being requested from practices. RACs are also starting to request physical copies of medical records from physician practices whereas in the past only automated reviews were conducted. Providers must now take additional steps to ensure that practices are sharing any and all RAC requests. Centralized audit management must incorporate owned practices and medical groups to ensure that all audit activity is correctly logged, processed and tracked. 
  
  Medical requests growing. Finally, RACs aren’t the only auditors chasing down physician practice records. Long-standing, regional health plan auditors are also actively requesting and reviewing records. As a result, practices are seeing medical request volumes grow at an alarming rate. We’ll cover these other, regional health plan audits in a future blog post. 
  
  How to get relief. As with hospital settings, centralizing the audit management process is an important step in relieving staff burdens and reducing production costs. Other steps to take include interviewing each practice administrator to identify and track all RAC/other auditor activity and record requests; keep abreast of all RAC announcements and issue postings, and educate practices accordingly; keep lines of communication open with practice administrators to ensure that all RAC requests are properly communicated, logged and processed; and assign a health plan advocate to ensure that non-RAC audits are being managed properly, record retrieval is performed safely and efficiently, and due date extensions are pursued when necessary. 
  
  The trend toward stronger hospital and physician relationships won’t end any time soon, so providers are wise to incorporate RAC and other audit management discussions into their long-term partnerships discussions. Check back regularly as my future blog posts will provide additional guidance in staying abreast of RAC audit practices.

  
  

  
  

• Four Tips to Avoid Audits, Reduce Costs, and Minimize Revenue Disruptions in 2013

  January 03, 2013

  Over the past twelve months, the volume of Medicare claim review audits has grown. And other payers are following suit. Audits tax your human resources and increase operational expense. To reduce costs and minimize revenue disruptions, I’ve pulled together four tips to help prevent audits in 2013. Happy New Year and happy reading!
  
  

  Know the target areas. Medicare administrative contractors (MACs) and recovery audit contractors (RACs) are focusing on certain DRGs. Some MACs may focus on different DRGs specific to their geographical areas if they feel that these DRGs are prone to overpayment issues. (See Cahaba Government Benefit Administrators LLC for an easy online reference.) For RACs, respiratory DRGs and stroke DRGs seem to be some of the main targets. 
  
  

  A second trigger for review is the coding of secondary ICD-9 codes not related to the principal diagnosis. Though these non-related codes may be perfectly legitimate, they may also signal billing for duplicate services, non-covered services, or services not considered necessary and reasonable.
  
  

  One-day and short stays are another target for Medicare claims review audits. 
  
  

  Watch your EHR and cloned codes. Recent concerns have risen over the use of EHRs and Medicare billing. The federal government has paid out billions of dollars to hospitals and physicians, incenting them to use EHRs, with the goal of reducing healthcare costs. However, an unintended consequence of EHR use appears to be heightened volumes of billing codes, triggering a spike in Medicare reimbursements to providers. 
  
  

  At this point, CMS is unclear if the problem is fraud-driven by upcoding, cloning of notes, and gaming of the system. It may be that EHRs simply allow for the capture of more relevant information and automatically correct previous undercoding and underpayment problems. 
  
  

  CMS is already increasing its fraud detection efforts. One MAC recently notified providers that it will be denying claims based on cloned notes. The RACTrac survey found millions of dollars in underpayments by the RACs, an indication that undercoding and underpayment is occurring.
  
  

  Better documentation cures all ills. Denials are usually due to lack of documentation, insufficient documentation, or non-specific documentation. Therefore, the number one way to mitigate denials is to launch an in-depth clinical documentation improvement (CDI) program. Identify audit targets or those cases that cost the most in human resources and revenue loss. Next, conduct internal self-audits to review documentation and check records of targeted DRGs. This process helps hospitals and health systems to correct deficiencies upfront rather than spending time and resources on a formal audit.
  
  

  Centralize audit management. A centralized audit function supported by tracking software allows for optimum management of the audit and appeals process and minimizes the risk of technical denials because of missing dates. Duplicate audits are easily identified and curbed. 
  
  

  Taking these preventive steps will not stop audits, but it will decrease denials and mitigate revenue risk. Welcome to another year of protecting your revenue stream. 
  

  
  

• Tell us your experiences with the RAC audits...

  December 28, 2012

  Would you like to participate in a survey on RAC audits to help give insight on how your facility is dealing with such an intricate process?  HCPro, a provider of information, education, training, and consulting products, is conducting a “comprehensive assessment of the Recovery Audit Program” to discover what plans and processes have been put in place by facilities like yours, as well as track experiences with the RAC audits. 

  Click here to complete the survey.

• What Executives Need to Know About the Audit World

  October 09, 2012

  In this month’s issue of Health Management Technology, I teamed up with HealthPort customer, Kim Wheeler, System Director of HIM for St. Vincent’s Healthcare, to discuss the challenges of recovery audits and how to mitigate risk in the article, “What Executives Need to Know About the Audit World.”

  Kim provides a real world example of how audits can affect the workflow and processes of healthcare and we both offer up practical strategies to cope. 

  Click here to read the article in its entirety.

• Real Life Story of Prepayment Reviews

  September 06, 2012

  Recently, Jenny Jones, an esteemed HealthPort customer and Director of Revenue Recovery for INTEGRIS Health in Oklahoma City, OK, participated in a panel presentation for the American Hospital Association’s webinar on Medicare Prepayment Review. She shared strategies to survive prepayment review. Upon learning of the webinar, I reached out to Jenny to learn more about her prepayment review experiences so I could share her story with you, my Audit Insights blog subscribers.
  
  Here is what I have learned: INTEGRIS is not a part of the RAC Prepayment Demonstration but they have been experiencing MAC Prepayment reviews since 2009.  According to Jenny, “One challenge with the prepayment review process is the timely submission of the medical records.”

  She noted several reasons for this, including:

  • Hospitals have only 30 calendar days to submit medical records (including mail time).  There is not a process to request an extension to the due date like with the RAC record requests.  The MAC will deny for non-receipt of documentation if the records are not received timely.
  • Often requests are for records on patients recently discharged and the chart may be incomplete.  The discharge summary and all physician signatures should be obtained prior to submission of the record to avoid a denial for an incomplete medical record.
  • For several hospital services, such as total joint replacements, pertinent documentation from the physician’s office record must be included in the hospital record to substantiate services provided.  Ideally these records are obtained prior to the surgery.  Attempts to obtain the documentation once the record has been requested for prepay review delays record submission. 

  INTEGRIS utilizes HealthPort ROI services and comprehensive audit management technology, AudaPro, to manage the documentation and deadlines. “Our volume of Medicare audits has dramatically increased the past year. AudaPro helps us monitor important deadlines, including the record due date, to avoid denials for failure to submit records timely,” said Jenny Jones.
   
  HealthPort AudaPro has assisted INTEGRIS in other ways as well. Several INTEGRIS claims reviewed by the MAC on a prepay basis were requested by the RAC for a post-pay review. The duplicate requests were identified when the new RAC requests were entered into AudaPro.  INTEGRIS contacted CMS for guidance because the RAC felt they were within their rights to do a post-payment review on records previously reviewed by the MAC on a prepay basis.  CMS clarified this was in fact a duplicate review and the RAC rescinded the requests.

  I’m curious to learn how your facility has handled pre-payment reviews. Are your experiences similar to  Jenny’s? Inquiring minds want to know!

• Sending Records to Auditors: Taking Paper out of the Submission Process

  August 16, 2012

  In the August 9th edition of the www.RACmonitor.com enewsletter, I share my expert insight into the current audit landscape in the article, “Sending Records to Auditors: Taking Paper out of the Submission Process.”  As part of the articles focus, I discuss the specifics of electronic submission via esMD and the importance of centralizing the audit process to avoid pitfalls.  Click here to read the article in its entirety and feel free to forward to customers or prospects as well.

• Recovery Audits Is One Area that Providers Should Not Ignore

  August 08, 2012

  It’s no secret that the number of auditing bodies is increasing and the number of records they can review is rising, as well.  As a result, providers are doing more for less. I discuss the impact that these various audits are having on providers and why they should not be ignored in the article, “Recovery Audits is One Area that Providers Should Not Ignore,” featured in this month’s Advance for Health Information Professionals enewsletter.  

  Click here to read the article in its entirety and use the comments section below to tell me and other blog readers what your experience has been with recovery audits.

• Eight Key Steps to Optimal Audit Management

  July 16, 2012

  Going forward, I will serve as a monthly contributor to the www.RACmonitor.com enewsletter which highlights regulatory audit news and information. In my very first article, I take a step back to discuss the eight key steps to optimal audit management. Audit management is an ongoing activity and not a “one-and-done” effort. The process needs to be reviewed and refined, with adjustments made for each new audit.  I consider these eight steps, the initial actions that need to take place to ensure that each and every audit request is managed properly. Click here to read the article in its entirety.
  

• HealthPort Announces the Compatibility of its RAC Management Capabilities within HealthPort AudaPro, with the American Hospital Association’s RACTrac

  June 12, 2012

  This week, HealthPort announced that its comprehensive audit management solution, HealthPort AudaPro, has been deemed compatible with the American Hospital Association’s (AHA) newest version of RACTrac which allows for further definition of the types of medical necessity denials taking place.  This status designation indicates that HealthPort AudaPro includes a mechanism that will aggregate RAC experience data at the hospital level in a manner that is consistent with the AHA RACTrac survey questions. 
   
  

  Click here to access the HealthPort press release that was distributed to media outlets.

• Coping in the Age of the Audit

  May 08, 2012

  Governmental audits have ramped up and, with the recent addition of RAC prepayment reviews, providers will experience an increase in audit volume. Preparation and readiness are key to mitigating technical denials and financial risk, and management of the audit workload will require additional staff, and possibly technology, to track what’s going on.

  In the article, Coping in the Age of the Audit,  which appears in For the Record Magazine’s May 7th online edition, I explain what the new audit landscape will mean for providers and the personnel demands that should be considered. 

  Click here to read the article in its entirety.

• One Size Fits All... Record Reimbursement Changes

  April 11, 2012

  We’ve seen a lot of consternation around the reimbursement for RAC-requested record submissions. Many have expressed concern that they’re not receiving the full amount, particularly for pages they are required to submit (like a copy of the request letter).
   
  In response to this issue CMS just instituted a $25 cap on reimbursement for copying and first class postage. Note that I said a cap. If the cost per page process does not reach $25, you get less.
   
  CMS indicates that $25 is their average reimbursement for larger records, including first class postage. However, most providers do not use first class postage. Instead, they use Federal Express or some other, more expensive, carrier to ensure verification of receipt.
   
  In addition, CMS has upped the number of records RACs can request in any 45 day period. They’re also considering expanding the RAC look back period from the current 3 years to a full 10 years.
   
  

  The potential upside from this change is that providers should see expedited reimbursement. They will not have to reconcile the number of pages, except for those under the $25 cap. 

  The unanswered questions in this policy include:

  • Will it be $25 for pre-payment reviews?
  • What about Electronic Submission of Medical Documentation (esMD)? Will the $25 rule apply?

• Take The HCCA Survey-Auditing the Auditors

  April 09, 2012

  It’s no secret that the number of audits performed on health care providers has grown over the years. There are now literally dozens of different agencies performing them. The Health Care Compliance Association (HCCA) has recently launched a new (anonymous) survey for healthcare professionals to help determine which auditor(s) is the most aggressive, and how much time these audits are taking out of your day to prepare and respond.
  
  Click here to take the survey. HCCA will share the results so that we all can see how our audit activities compare.

• CMS Publishes Medicaid RAC Program FAQs

  January 23, 2012

  In September, I alerted you of the availability of the Medicaid RAC Program Final Rule. I also discussed similarities and differences between this new RAC program and the Medicare RAC Program, which has been in existence for some time.

  Those affected need to be aware that Medicaid RACs are required to identify overpayments and underpayments, and the deadline for States to implement their respective RAC programs was January 1, 2012. The recently published CMS FAQs outline operational guidance to states and general information regarding the Medicaid RAC Program such as:

  • Options that States have if they are unable to implement a Medicaid RAC program by January 1, 2012
  • CHIP is not included within the scope of the Medicaid RAC final rule
  • States may exclude Medicaid-managed care claims from review by Medicaid RACs, as currently, “CMS is only requiring State Medicaid RAC programs to review fee-for-service claims”
  • Medicaid RAC audits must not exceed three years from the date the claim was filed, unless the contractor receives approval from the state. However, CMS is granting a lot of exceptions to the three year look back rule, with several states being extended a five year look back period.

  Click here to access the entire FAQ document. 

• Medicaid RACs are on their way: Be prepared with the right questions to ensure your success

  January 20, 2012

  The final rule for the Medicaid RAC program was published in September with an effective date of January 1st (see previous blog post dated September 26th). There are significant differences between the current Medicare RAC program and the Medicaid RAC program, including the actual limit and frequency of requests being left up to individual states and no specific time frame for how long providers will have to respond to record requests.

  Being prepared is key and knowing the right questions to ask can help you get the most out of Rule-mandated Medicaid RAC education and outreach programs that you may attend. Below is a check list of questions you should ask to help you navigate the Medicaid RAC program and mitigate financial risk for your facility:

  • How often will we get requests?
  • What is the expected turnaround time?
  • What is the maximum number of records we can expect in a given timeframe?
  • What is the Medicaid RAC appeals process?
  • Will Medicaid RAC, like Medicare RAC, reimburse our facility for requests?
  • When will the ‘Provider Portal’ be made available so we can identify the contact point for mailing request letters?
  • How can we expect to be notified of the RAC’s findings (letter, remittance advice, remark code, etc.)?
  • What types of reviews will be conducted (automated, complex, semi-automated), how will these be specified?

  By taking a proactive stance, you will be a step ahead of the Medicaid RAC program and financial loss!

• Happy New Year!

  January 04, 2012

  HealthPort customer, Dawn Crump, network director of compliance for seven-hospital SSM Health Care - St. Louis, contributes to the health information technology regulatory to-do list in this month’s Health Data Management article, “Where to Start?” In the article, Dawn adds the focus on audits to the 2012 list and discusses how HealthPort’s comprehensive audit management tool, HealthPort AudaPro, which includes integrated HealthPort Release of Information services, assists her facility with responding to audit requests.

  Click here to read the article in its entirety.

2. 1
3. 2
4. Next page