12/9/2014

Tuesday, December 9, 2014 | 2 3 p.m. Central time

Internal Audit Revenue Cycle Risks

Sally A. Hardgrove, RHIA
Director
BKD, LLP
shardgrove@bkd.com

To Receive CPE Credit

Participate in entire webinar
Answer polls when they are provided
If you are viewing this webinar in a group
o

Complete group attendance form with

Title & date of live webinar
Your company name
Your printed name, signature & email address

o
o

All group attendance sheets must be submitted to training@bkd.com

within 24 hours of live webinar
Answer polls when they are provided

If all eligibility requirements are met, each participant will be

emailed their CPE certificates within 15 business days of live
webinar

2 // experience access

12/9/2014

Learning Objectives
Upon completion of this program, participants will be able to:
Discuss types of risk
Identify areas of revenue cycle risk
Describe various procedures that can be used to assess risk

3 // experience access

Revenue Cycle
Front End

Scheduling

Pre-Registration

Financial
Counseling

Registration Admission

Charge Capture

Services Provided

Patient Billing and

Collections

Account
Collections and
Write Offs

Authorization
Check Benefits

Middle
Coding & Chart
Completion

Clinical
Documentation

Back End

Claim
Submission

3rd Party
Payment &
Denials Mgmt

Payer Follow Up
& Secondary
Billing

Disclaimer: Not intended to be inclusive of all revenue cycle functions

4 // experience access

12/9/2014

Revenue Cycle

Types of Risk
Compliance
o
o

Payer specific requirements for billing process

Risk in the event of pre- and post- payment review

Accuracy & Completeness

o
o

Charge capture
Technical billing requirements

5 // experience access

Revenue Cycle
Starting a revenue cycle internal audit program
Conduct a risk assessment
o
o
o

Identify areas of high risk in the industry

Identify previously identified risks at the facility
Identify processes that are sub-optimal

Validate areas of risk

o
o
o

Interviews
Data mining
Focused sampling

Design the internal audit plan

6 // experience access

12/9/2014

Risk Assessment
Identify Industry Risks
o
o
o

OIG work plan

RAC approved issues
New regulatory requirements

Revisit previously identified risks at the facility

o
o
o
o
o
o

RAC findings
CERT findings
Frequent denials
Consultant reports
Results from prior internal audit activities
New service lines or post-acute subparts

7 // experience access

Risk Assessment
Identify suboptimal processes
o
o
o

Revenue & compliance risks

Benchmarking key performance indicators
Where is manual intervention taking place?
Charge capture
Coding
Reworking bills

Recent system conversion

Linkages
Order sets

8 // experience access

12/9/2014

OIG Work Plan

It can be incomprehensible!
Translate payment issues for the contractor into provider
risks
o

We assess relative risks in the programs for which we have oversight

authority to identify the areas most in need of attention and,
accordingly, to set priorities for the sequence & proportion of
resources to be allocated.
OIG 2015 Work Plan, page 4 How do we plan our work?

o
o

Who owns the risk provider, supplier, or contractor

If provider, which type of provider

Decide whether the work plan issue applies to current

billings, or historic liability
o

New versus Established hospital based clinic visits

9 // experience access

Validate Areas of Risk

Interviews & survey instruments
o
o
o

End users
Clinical staff
Corporate compliance personnel

Data mining the RACs do it!

o
o
o

Decision support
Query development
Link clinical/HIM & IT skills and capabilities
May require outsourcing depending on hospital capabilities

Focused sampling
o

Can also be part of the audit plan

10 // experience access

12/9/2014

Design Internal Audit Plan

Audit plan topics:
Defined & validated
Objective & measurable
Determine testing procedures & required time & skills to
perform procedures
o

Use data mining techniques wherever possible

Know the process owner

11 // experience access

What Happens Next

Define expectations for action after conclusion of the
procedures
o
o
o
o

Action plan development

Define priorities
Expected timing of completion of the action plan
Project management of implementation
Project management office
Department head or designee

o
o

Define how results will be measured

Determine when follow up is required
Thresholds for error rates
Potential financial impact
Potential risk to the organization

12 // experience access

12/9/2014

Middle & Back End Revenue Cycle Areas of Risk

It wasnt done at all, or services werent documented
o Pre- or Post- payment review by payers
It wasnt coded correctly or completely
o Compliance risk or financial impact
o Inaccurate or incomplete CPT code assignment
LCD/NCD
It wasnt billed correctly or completely
o Units of service, modifiers, NPI numbers
o Diagnosis code linkage with ancillary services on CMS-1500
o Dates of service, 3 day window violations, code
unbundling
Regulatory requirements arent met
13 // experience access

Potential Areas of Risk for Hospital Providers

Mid-Revenue Cycle
1. Coding & documentation across the continuum of
care
2. Compliance with 2 Midnight Rule
3. Billing Evaluation & Management (E/M) codes in
addition to minor procedures
4. Units, J-codes & billing for waste for outpatient
drugs
5. Hard coded CPT/HCPCS codes in the CDM

14 // experience access

12/9/2014

Potential Areas of Risk for Hospital Providers

Back-end Revenue Cycle
1. Three-Day Window Compliance
2. Provider-Based Entities & split billing
3. Incorrect billing for self-administered drugs
4. Medicare Secondary Payers
5. Denials Management

15 // experience access

Revenue Cycle Billing of Self Administered

Drugs
Why is it important:
Limited coverage of drugs administered in a hospital outpatient setting. Policies, IT build and manual
processes must support compliant billing of non-covered, self administered drugs to Medicare outpatient
beneficiaries.

Type of Risk: Compliance

Self-administered drugs are non-covered under Medicare Part B and should be billed to the patient.
Inducement and Stark issues may be invoked if charges are written off. Reputational risks patients do not
understand when admitted versus outpatient status in observation or Emergency Department.

Starting Point in Assessment:

Hospitals should have processes, policies and procedures that can be tested for compliance and effectiveness
of controls
o
Does the facility have processes in place to prevent billing self administered drugs to Medicare
o
Have organization wide policies been created and reviewed by counsel to address billing to patient
o
Does the IT infrastructure support compliant billing
Can queries be written to compare the use of revenue code 637 in outpatient claims with a predetermined benchmark? Can billed charges for self-administered drugs be traced to patient
responsibility?

16 // experience access

12/9/2014

Revenue Cycle Compliance with 2 Midnight

Rule
Why is it important:
Subjective assignment of inpatient status has changed to a 2 midnight benchmark and assumption

Type of Risk: Compliance

Instead of simplifying patient status assignment, the new 2 midnight rule has muddied the waters. Medical
necessity still trumps all

Starting Point in Assessment:

Processes hospitals should have that can be tested for effectiveness and design of controls
o
Multidisciplinary approach
o
IT infrastructure supports compliant billing
o
Physician documentation sufficient
o
Ongoing monitoring
What was the hospitals experience in the Probe and Educate period?
Can the billing system and/or decision support data be queried to get a snapshot of length of stay and
associated midnights?

17 // experience access

Revenue Cycle Compliance with 3 Day

Window
Why is it important:
Policies, IT build and manual processes support compliant billing of diagnostic services provided within 3 days
of admission to a PPS facility. Particular risk with off-campus wholly owned, non provider based entities

Type of Risk: Compliance

Failing to re-bundle diagnostic and related therapeutic services into the inpatient bill can result in
overpayment and noncompliance with Medicare

Starting Point in Assessment:

Processes the hospital should have that can be tested for effectiveness and design of controls
o
Is a specific policy and procedure in place for bundling services provided by wholly owned and/or
operated entities into the inpatient claim
o
Does the IT infrastructure support compliant billing
o
Confirm existence of manual procedures to bundle services provided at an off campus entity if
necessary
Query billing system(s) of main provider and wholly owned entities. Merge by dates of service. Assess a
focused sample to confirm appropriate billing of outpatient services provided within the 3 day window.

18 // experience access

12/9/2014

Revenue Cycle Compliance with Provider

Based Designation Requirements
Why is it important:
Policies, IT infrastructure, signage and other attestation requirements are met for locations with provider
based designation

Type of Risk: Compliance

Failing to meet the requirements for provider based designation and can result in overpayment and
noncompliance with Medicare billing requirements.

Starting Point in Assessment:

Processes the hospital should have that can be tested for effectiveness and design of controls
o
Does the hospital have supporting documentation on file for all provider based entities
o
Has an attestation been filed with CMS for all provider based entities
o
Does the IT infrastructure support compliant billing
Evaluate how long entities have been designated as provider based with Medicare. Has anything related
to the attestation requirements changed since the initial attestation (IT billing infrastructure, E.M.R.,
relationship with physicians)
Use a survey instrument to do a mini attestation and confirm entities are in compliance

19 // experience access

Revenue Cycle Coding for Outpatient Drugs

and Drug Administration
Why is it important:
Documentation and IT systems should support compliant billing of drug administration, drug units, and J-codes

Type of Risk: Compliance

Drug administration codes should be supported by documentation, and assigned based on CPT coding
hierarchy. J-code units should be assigned based on code definition, and represent what was ordered and
administered. Inaccurate CPT/HCPCS codes and units could result in overpayment and noncompliance with
Medicare billing requirements.

Starting Point in Assessment:

Processes the hospital should have that can be tested for effectiveness and design of controls
o
Is the unit conversion module in the billing system accurately translating unit doses to billed units
when required
o
Has the organization clearly identified responsibility for updating and maintenance of the coding and
units aspects of the formulary and pharmacy billing system
o
Does the IT infrastructure support compliant billing
o
Is coding for drug administration included in routine coding quality monitoring
Can a query be defined to identify claims with higher than average units of separately payable drugs for
Medicare outpatient services
Can the unit conversion module be downloaded or printed for review
20 // experience access

10

12/9/2014

Questions?

Thank You!

Sally A. Hardgrove, RHIA, Director | shardgrove@bkd.com | 317.383.3791

11

12/9/2014

Continuing Professional Education (CPE) Credits

BKD, LLP is registered with the National Association of State Boards of
Accountancy (NASBA) as a sponsor of continuing professional
education on the National Registry of CPE Sponsors. State boards of
accountancy have final authority on the acceptance of individual
courses for CPE credit. Complaints regarding registered sponsors may
be submitted to the National Registry of CPE Sponsors through its
website: www.learningmarket.org.

The information in BKD webinars is presented by BKD professionals, but applying specific information to your
situation requires careful consideration of facts & circumstances. Consult your BKD advisor before acting on any
matters covered in these webinars.
23 // experience access

CPE Credit
CPE credit will be awarded upon verification of participant
attendance
For questions, concerns or comments regarding CPE credit,
please email the BKD Learning & Development Department
at training@bkd.com

24 // experience access

12

12/9/2014

13