Medicare Compliance & Reimbursement

Compliance:

Cut Audit Odds With This Expert Advice

Hint: Watch for number transposition with common codes.

As the Centers for Medicare & Medicaid Services (CMS) continues to streamline its documentation policies to reduce administrative burdens, you might be tempted to scale back on your internal reviews of your coding practices and billing processes. But evidence suggests that the feds want you to keep a running checklist of your practice road bumps as well as utilize risk-based auditing tactics.

That was the word from Frank Cohen, director of analytics and business intelligence at Doctors Management, during his Jan. 16 presentation, “Risk-based Auditing: New Tools and Techniques.”

He outlined this and other issues that medical practices might face in the coming years and offered advice for practices that want to avoid falling under insurer scrutiny. Check out nine of Cohen’s key ideas.

1. Private Payer Audits Comprise About One-Third of All Audits

Payers are using algorithms to predict whether claims are coded or billed inappropriately, Cohen said. “They’re trying to predict ahead of time whether a claim should be paid without opening the chart or looking at it, just by using the predictive algorithms,” he said.

And that isn’t limited just to Medicare, Cohen noted. “Private payer audits are said to account for 28 to 33 percent of all audits.”

2. Payers Are Examining These Top Issues

Payers are looking at these four key areas when they perform analyses on your claims:

  • Number one is mistakes, made up of simple errors, Cohen said. “Because coding is such a complex area, it’s really easy to see coding errors” such as transposed numbers or incorrect modifiers.
  • The next thing they look for is waste, which includes medically unnecessary services, bad coding practices, or other issues.
  • The third is abuse. “This is where we see the bending of resources sometimes, such as practices of upcoding or improper referrals or billing under other physicians’ numbers when they shouldn’t be,” he noted.
  • The fourth is fraud, which includes things like billing for services or supplies that were not provided. “For the most part, fraud has to have intent,” Cohen said. Healthcare fraud only accounts for about 3 percent of the nation’s healthcare spending, he noted.

3. E/M Codes, Modifiers Among Review Categories

For medical practices, there are five major categories considered by auditing entities when profiling claims, Cohen said: E/M codes, procedure code utilization by frequency, procedure code utilization by RVU, modifier utilization, and time.

Understand the “time” review: “For almost every procedure code that has a work RVU, there’s a certain number of minutes assigned to that code,” Cohen said. “In general, the HHS Office of Inspector General (OIG) says if any provider is reporting over 5,000 hours annualized per year, then the likelihood of an audit is significantly higher,” he added. That’s because 5,000 hours would comprise about 14 hours a day if the provider worked all 365 days of the year.

4. Modifiers 24, 78 Under the Microscope

Insurers are reviewing a variety of modifiers, not just the ones that practices may consider to be the usual suspects, Cohen noted. “We’ve always seen payers look at modifier 25 (Significant, separately identifiable evaluation and management service by the same physician or other qualified health care professional on the same day of the procedure or other service) and 59 (Distinct procedural service), but lately, 2019 in particular, I saw several audits where modifiers 24 (Unrelated evaluation and management service by the same physician or other qualified health care professional during a postoperative period) and 78 (Unplanned return to the operating/procedure room by the same physician or other qualified health care professional following initial procedure for a related procedure during the postoperative period) were targets as well,” he said. “Comprehensive Error Rate Testing (CERT) is supposed to start looking at modifier utilization errors as well, and when that happens, I think you’ll see a significant increase in modifier-generated errors noted by the payers.”

5. Automated Reviews Are First Step

Here’s basically how the audit works, Cohen said: Payers perform automated reviews to identify claims that are kicked out of the sequence based on predictive analytics from the fraud prevention system. Once that system identifies a particular claim, then a human gets involved. “They’ll pull a limited sample of data from that provider to see if a pattern can be found based on the issue identified by the automated review,” he said.

To know which issues are under a payer’s microscope at a particular time, practices should pay attention to the audit statistics and targets listed by the Recovery Audit Contractors, CERT results, and the OIG Work Plan.

6. Payers Expect You to Build an Audit Plan

“CMS and private payers expect — and often require — that you conduct your own internal self-audits on a regular basis and that you’ll report when you find an error,” Cohen said. The audit plan is a concise document or worksheet that details, at the physician level, the procedure codes and modifiers you plan to review internally.

“Without the audit plan, the compliance plan is nothing more than a policy and procedural binder stuck on a shelf somewhere,” he said.

7. Practices Should Understand Risk-Based Auditing

Knowing what to audit is critical, but knowing how to audit is also imperative, Cohen noted. “Most practices are not engaged in true predictive analytics, but they should be,” he notes. To quantitatively model, you’ll pick your top 10 or top 25 procedures you report, and then compare them to the rank order for your peers from national data for your specialty.

“Risk-based auditing, in my opinion, should be taking our industry by storm,” Cohen added. “CMS has said that’s how you should do it because that’s how they’re doing it.”

8. Base Number of Chart Reviews on Risk

Once you prepare to perform your chart reviews, you’ll select the number of records to audit based on whether you know your risk ahead of time, Cohen said. “A probe audit, without a priori risk assessment, requires dozens of charts per provider — or more,” he noted. “Audit posteriori requires only a few charts.”

If high risk, look at five charts, Cohen advised. If low risk, look at three. “If three out of five are improper, look at five more. If six out of 10 are improper, you may want to consider a statistically valid random sample (SVRS) of at least 30. It is never necessary to pull a SVRS unless you suspect a pattern of improper payments or you are conducting a self-disclosure audit,” he advised.

9. Calculate Pass/Fail Rates

Once you’ve completed your audit, you can then calculate pass/fail rates of the providers and create a schedule of when you re-audit those providers. “You can then track how the numbers look over time and create a return on investment so you can see the value of your education, remediation, and training,” Cohen said. “Quickly identify those that are serial offenders.”

You can also determine what the issues are for either individual providers or for your practice as a whole. For instance, you might say “For all our providers, incorrect modifiers are the number-one problem, followed by incorrect E/M codes, then inaccurate or incomplete documentation,” Cohen said. Then you can create a plan to tackle those issues.