Compliance officers can delegate monitoring processes to managers and supervisors.
The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) highlights auditing and monitoring as essential processes to a successful compliance program. At first glance, these words may seem like they imply the same actions amidst general compliance oversight.
However, there are separate processes you should follow when monitoring versus when you’re auditing. In her presentation “Difference in Monitoring and Auditing” for AAPC’s AUDITCON 2024, Stephanie Sjogren, CPC, COC, CRC, CPMA, CDEO, CCS, CPC-I HCAFA, provided tips for distinguishing these two processes and strengthening your organization’s compliance program. Sjogren shared ways to bolster your monitoring processes to keep your whole compliance program agile and effective.
Note Time When You’re Contemplating the Definitions
One easy way to differentiate monitoring from auditing is to think about the time involved. Monitoring is an ongoing process of evaluation in order to note potential compliance issues. Auditing is a more comprehensive review with a defined scope and timeline, which is performed to verify compliance and evaluate the effectiveness of the program.
Monitoring programs and processes probably fall under a practice manager’s or other supervisor’s purview, while the compliance program at large is more the responsibility of the compliance officer, Sjogren said. Knowing how the responsibilities break down can help you organize your processes and programs more effectively.
“Having a robust compliance program in place really helps the healthcare system proactively identify where we have noncompliance issues before it escalates into mandatory reporting and things like that; and ultimately, it protects our patients and our organization’s reputation,” Sjogren said.
Auditing programs can be especially helpful in catching fraud, waste, and abuse involving government funds, which, when remedied — when possible — by returning funds, practices can avoid even bigger repercussions, like being excluded from working with federal agencies.
Stay On Top of Updates
Local, state, and federal governments release updated guidance and regulations regularly, so make sure that incorporating those updates is part of your monitoring program.
Sjogren provided an example with the Centers for Medicare & Medicaid Services (CMS) November 2024 expansion of preparatory services, including preparatory medications for HIV, which now has a cost share waived under Medicare programs. This specific expansion requires both waiving cost share and allowing HIV testing on a periodic basis.
“When I monitor this, I need to make sure, not only from a compliance perspective monitoring this, I’m going to have to look at my claims data and ensure that I’m using the correct diagnosis codes, that I’m making sure that I’m not billing a member for any sort of cost share, even if the insurance has applied it in error, I need to make sure that I’m not doing that,” she explained. “And, so, I’m going to run reports to make sure I’m not having the member in the middle, and that I’m getting paid by insurance correctly.”
A payer would look at the same situation and need to check that they’re not applying cost share to member claims, as well as making sure to pay for preparatory medications under the new codes.
“By implementing the programs and proactively monitoring it, at the end of the day, it’s going to potentially cost us less in the long run,” she said. Beyond remaining in compliance with HIPAA, noncompliance can mean huge fines and lawsuits.
Aim to Be Proactive and Fluid
If you have a good monitoring process as part of your compliance program, your approach is always going to be proactive.
Design your program so it tests for inconsistency, duplication, and other errors, Sjogren said. Look for policy violations, prior approval or pre-approval issues, incomplete patient data, and dollar or volume unit errors.
One easy way to implement a consistent monitoring process is to look at claims before they go out. Having a regular, standard moment to inspect claims can make finding inconsistencies even easier, because irregularities may be more obvious. Sjogren said you can also look at submissions after they go through a clearinghouse, because clearinghouses usually have a sort of scrubbing process, which can help with the monitoring process.
Like auditing processes, monitoring programs may want to use sampling as an evaluation tool to look for inconsistencies or variations from a baseline, which may be easy to facilitate via electronic medical records systems. One example Sjogren mentioned is looking at evaluation and management (E/M) level codes, and seeing whether there are any deviations in the amount of higher-level codes used.
The federal compliance program guidance stipulates that staff should engage in mandatory training annually to make sure everyone is on the same page with responsibilities regarding regulations like those required by HIPAA. This annual training can be a good time to evaluate the monitoring program — but it may be important to do this even more frequently, like on a monthly or quarterly basis.
Assessing your monitoring processes and programs allows you and your practice a lot of flexibility to identify and fix any issues — and then monitor the resolutions to make sure the changes are effective. You can implement a monitoring process on a short-term basis and then pause or wrap it up once you feel more certain that the issue is resolved. This kind of flexibility and fluidity allows a compliance program to remain nimble and proactive, as well as helping to highlight both potential issues and possible resolutions.
Rachel Dorrell, MA, MS, CPC-A, CPPM, Development Editor, AAPC
