Auditing and Monitoring

The following is an excerpt from the Human & Health Services – Guidelines for 3rd Part Medical Billing Companies


Program Guidance for Third Party Medical Billing Companies
1. Introduction
A. Benefits of a Compliance Program
B. Application of Compliance Program Guidance
II. Compliance Program Elements
A. Written Policies and Procedures – Part I | Part II
B. Designation of a Compliance Officer and a Compliance Committee
C. Conducting Effective Training and Education
D. Developing Effective Lines of Communication
E. Enforcing Standards Through Well-Publicized Disciplinary Guidelines
F. Auditing and Monitoring
G. Responding to Detected Offenses and Developing Corrective Action Initiatives
III. Conclusion

F. Auditing and Monitoring

An ongoing evaluation process is critical to a successful compliance program. The OIG believes an effective program should incorporate thorough monitoring of its implementation and regular reporting to senior company officers.85 Compliance reports created by this ongoing monitoring, including reports of suspected noncompliance, should be maintained by the compliance officer and reviewed with the billing company’s senior management and the compliance committee. The extent and frequency of the audit function may vary depending on factors such as the size of the company, the resources available to the company, the company’s prior history of noncompliance and the risk factors that are prevalent in a particular billing company.

Although many monitoring techniques are available, one effective tool to promote and ensure compliance is the performance of regular, periodic compliance audits by internal or external auditors who have expertise in Federal and State health care statutes, regulations, and Federal, State and private payer health care program requirements. The audits should focus on the billing company’s programs or divisions, including external relationships with third-party contractors, specifically those with substantive exposure to Government enforcement actions. At a minimum, these audits should be designed to address the billing company’s compliance with laws governing kickback arrangements, coding practices, claim submission, reimbursement and marketing. In addition, the audits and reviews should examine the billing company’s compliance with specific rules and policies that have been the focus of particular attention on the part of the Medicare fiscal intermediaries or carriers, and law enforcement, as evidenced by OIG Special Fraud Alerts, OIG audits and evaluations and law enforcement’s initiatives.86 In addition, the billing company should focus on any areas of specific concern identified within that billing company and those that may have been identified by any outside agency, whether Federal or State.

Monitoring techniques may include sampling protocols that permit the compliance officer to identify and review variations from an established baseline.87 Significant variations from the baseline should trigger a reasonable inquiry to determine the cause of the deviation. If the inquiry determines that the deviation occurred for legitimate, explainable reasons, the compliance officer or manager may want to limit any corrective action or take no action. If it is determined that the deviation was caused by improper procedures, misunderstanding of rules, including fraud and systemic problems, the billing company should take prompt steps to correct the problem.88 Any overpayments discovered as a result of such deviations should be reported promptly to the appropriate provider, with appropriate documentation and a thorough explanation of the reason for the overpayment.89

An effective compliance program should also incorporate periodic (at a minimum, annual) reviews of whether the program’s compliance elements have been satisfied, e.g., whether there has been appropriate dissemination of the program’s standards, training, ongoing educational programs and disciplinary actions, among others.90 This process will verify actual conformance by all departments with the compliance program. Such reviews could support a determination that appropriate records have been created and maintained to document the implementation of an effective program. However, when monitoring discloses deviations were not detected in a timely manner due to program deficiencies, appropriate modifications must be implemented. Such evaluations, when developed with the support of management, can help ensure compliance with the billing company’s policies and procedures.

As part of the review process, the compliance officer or reviewers should consider techniques such as:

• On-site visits;
• Testing billing and coding staff on their knowledge of reimbursement and coverage criteria (e.g., presenting hypothetical scenarios of situations experienced in daily practice and assess responses);
• Unannounced mock surveys, audits and investigations;
• Examination of the billing company’s complaint logs;
• Checking personnel records to determine whether any individuals who have been reprimanded for compliance issues in the past are among those currently engaged in improper conduct;
• Interviews with personnel involved in management, operations, coding, claim development and submission and other related activities;
• Questionnaires developed to solicit impressions of a broad cross-section of the billing company’s employees and staff;
• Reviews of written materials and documentation prepared by the different divisions of a billing company; and
• Trend analyses, or longitudinal studies, that seek deviations, positive or negative, in specific areas over a given period.
The reviewers should:
• Possess the qualifications and experience necessary to adequately identify potential issues with the subject matter to be reviewed;
• Be objective and independent of line management; 91
• Have access to existing audit and health care resources, relevant personnel and all relevant areas of operation;
• Present written evaluative reports on compliance activities to the CEO, governing body members of the compliance committee and its provider clients on a regular basis, but not less than annually; 92 and direct responsibility for or involvement with all Federal health care programs.
• Specifically identify areas where corrective actions are needed. With these reports, management can take whatever steps are necessary to correct past problems and prevent them from recurring. In certain cases, subsequent reviews or studies would be advisable to ensure that the recommended corrective actions have been implemented successfully.

The billing company should document its efforts to comply with applicable statutes, regulations and Federal health care program requirements. For example, where a billing company, in its efforts to comply with a particular statute, regulation or program requirement, requests advice from a Government agency (including a Medicare fiscal intermediary or carrier) charged with administering a Federal health care program, the billing company should document and retain a record of the request and any written or oral response. This step is extremely important if the billing company intends to rely on that response to guide it in future decisions, actions or claim reimbursement requests or appeals. A log of oral inquiries between the billing company and third parties will help the organization document its attempts at compliance. In addition, the billing company should maintain records relevant to the issue of whether its reliance was ‘‘reasonable,’’ and whether it exercised due diligence in developing procedures to implement the advice.