Apply Audit Processes Beyond Coding to Boost Compliance
Setting scope and communicating the results are crucial for any audit. Auditing coding is a go-to part of any compliance program, but you can check that the rest of your practice is also adhering to your policies and programs. Jaci Kipreos, CPC, COC, CDEO, CPMA, CRC, CPC-I, CEMC, shared guidance for applying the audit process to other parts of your practice during her AUDITCON 2025 presentation “Applying the Basic Steps to ANY Type of Audit, not just Coding.” Here’s what you need to decide before gathering data and reporting the results. Apply the Same Basic Concepts When people mention audits, they tend to think about coding and then evaluation and management (E/M), because that’s what comes up the most, Kipreos said. “In a lot of my conversations, I remind everybody: You can audit anything. You can audit anything in the revenue cycle, you can audit anything outside of that.” The Department of Health and Human Services (HHS) Office of Inspector General (OIG) includes audits as part of their General Compliance Program Guidance, which can provide an additional nudge for why auditing is important for a practice. If you’re auditing something outside the realm of E/M, CPT®, or diagnosis coding, you can follow the same auditing steps. “It’s not, ‘OK, yeah, we went and did that, seems OK!’ There still needs to be a structure, because someone’s asking you to review a policy,” she said. “If you’re going to call it an audit, those steps still need to be followed through.” Kipreos said steps should include: Kipreos said that as an external auditor called in to evaluate a practice’s work, this is how she conducts audits, but it’s not the end-all, be-all way to audit. Ground Your Auditing in Communication You can’t know whether a policy, regulation, or requirement is being managed appropriately without an audit, and you can audit any aspect of the patient encounter, she said. Audits are looking for risk, opportunity, accuracy, and conformity. “The only way to determine accuracy and compliance is to compare the process/service/action against the rule/policy/regulation,” she said. As an auditor, it’s your job to listen to whomever requested the audit and ascertain how to evaluate the information they’re looking for. A lot of this can come down to scope and is part of why scope is so important. “Anybody that knows me knows I spend more time talking about the scope than anything else, because it sets the tone, I know what I’ve got to do, I shouldn’t have any questions left, and if there’s a question later, I’m going to go back to that discussion and say, ‘This is what we agreed on; if you need me to change something, then we can go back to the table,’” Kipreos said. Asking a lot of questions at the beginning and in different ways helps make sure everyone’s on the same page. Auditors also need to explain the process, including helping prepare the requesting party for whatever results may arise. “It’s our job to explain the process: How it’s going to happen, who’s going to get the information, and verifying that someone is ready to accept and do something with whatever the findings are,” she said. Being thorough in your questioning and setting of scope demonstrates your commitment to the task. “Somebody knows you’re deeply vested in doing this correctly, and it sets the tone to say, ‘We’re looking at this from a perspective of compliance, we’re looking for these sorts of things,’” Kipreos said. Think Like an Auditor Once you’ve set the scope, figured out the sample size and timeframe, zeroed in on which providers/practices/people to audit, and gathered relevant resources (Medicare policies, CPT® guidance, etc.), you’ve set a strong foundation, and the rest of the process can begin. “You can go in and actually start working, which is such a good part to do!” she said. You’ll need a scoring methodology based on what you’re looking at, and you’re going to identify any areas of risk. Once you’ve performed the audit, you’ll need to format your findings and then construct the report. “I’m looking at all the results, I’ve got to come up with a nice way to communicate that, I have to find a nice way to put it in a box — put it together nice and neat,” Kipreos said. “Based on the conversation and scope, I’m thinking about what did they want from this? What was key to them? And finding a way through my reviewing the results to convey it in a nice way.” When you deliver the results, make sure you know who expects to receive them and whether the dispersal is staggered: Is the compliance team reviewing them first? Are you accepting rebuttals? Are the results available in a yes/no format or do they require more context? “You can break it down in a lot of different ways, so it’s thinking about what the question is, what’s the urgency, and deciding how layered you need it to give it back in a format that will give them the answers they were asking for,” she said. “The more you can break it down to make it very clear how close someone was or how far off the mark they were provides further information on where the education needs to go from there.” Rachel Dorrell, MA, MS, CPC-A, CPPM, Production Editor, AAPC
