DENISE HALL

PERSHING, YOAKLEY,& ASSOCIATES, P.C.

THE HIDDEN DANGERS OF TRYING TO “DO THE RIGHT

THING”A Practical Look at Auditing, Monitoring,

Investigation, and Corrective Action

AHLA/HCCA FRAUD AND COMPLIANCE FORUMSeptember 29–October 1, 2013 | Baltimore, MD

MICHELLE CALLOWAY

HANCOCK, DANIEL, JOHNSON & NAGLE, P.C.

Credit: HCCA, “Compliance Babies.” (available at http://youtu.be/znUAyLqyEgQ) 2

WHY WE ARE HERE

• “To Do the Right Thing” in an effective manner.

• Today’s presentation will focus on the following elements of an effective Compliance Program: Internal auditing and monitoring‒ Routine and investigative

Responding to detected offenses – ‒ Investigating reported or identified compliance

concerns and undertaking corrective action‒ We will also offer some:

Tools for “doing it right” Hidden dangers to watch out for

3

4

INTERNAL AUDITING

INTERNAL AUDITING

• Routine Audits Audit prospectively, not retrospectively.

Define methodology at the outset.

Start with a small investigative sample (5-15 units).

Depending on results, it may be necessary to expand the scope of the audit (e.g. 30, 50, 100, statistically valid sample).

Expanded audits should include Compliance Officer’s involvement.

• Investigative Audits Directed by Compliance Department.

Start with a small probe audit (e.g. 30 claims) unless you know the scope of the problem.

Determine the “trigger point.”

Assess whether attorney/client privilege should be invoked.

Methodology driven by the specific facts and issue.5

AUDITING TECHNIQUES AND METHODS

• Retrospective Audits – claims that have already been billed/paid. Used to investigate past billing compliance issues.

Audit results may lead to a repayment obligation.

• Concurrent Audits – claims that have not yet been billed. Used to monitor ongoing compliance concerns or

scheduled audits per the Audit Plan.

If planned correctly, improperly billed claims can be corrected by submitting an adjustment claim.

May reveal need for retrospective auditing (“deliberate ignorance”).

6

ROUTINE AUDITING

• Annual Risk Assessment and Audit Plan Resources to identify potential risk areas:‒ Annual OIG Work Plan

‒ OIG Compliance Guidance Risk Areas

‒ RAC Approved Issues List

‒ PEPPER reports

‒ State and federal survey and certification reports

‒ Complaint and grievance reports

‒ CIAs with similar facilities

Prioritization is key. Be realistic. Consider all your potential risks – not just

billing/coding. 7

COMPLIANCE IS NOT JUST A BILLING ISSUE

8

RISK ASSESSMENT TOOL

9

ANNUAL AUDIT PLAN

• Utilize your Working Compliance Committee.

• Working Compliance Committee members should seek assistance from relevant staff.

• Determine the organizations’ specific strengths and weaknesses within the identified risk area.

• Develop an improvement plan and audit methodology to review compliance in areas of potential weakness.

• Audit compliance and track improvement monthly/quarterly.

10

INVESTIGATIVE AUDITING

• Internal Identification Annual risk assessment Compliance Hotline Compliance reports Internal department audits Questions from staff

• External Identification External auditors (MAC, RAC, ZPIC, OIG, state

Medicaid, OCR) Being proactive in responding to external audits

heightens chances to minimize penalties and further scrutiny. 11

AUDIT DESIGN & ERROR RATE

• Audit Design

Review Criteria

Universe/Sample Size Determination

Random vs. Risk-Based Sampling

Probe vs. Statistical sample

• Definition of “error”

Financial vs. claim error rate

Net vs. Gross

Internal error rate thresholds12

AUDITING TOOLS

Audit Report: used to document audit results and rationale.

13

POTENTIAL IMPACT OF SIGNIFICANT ERROR RATES• Self Disclosure

• Significant Overpayment Extrapolation

• Possible Payment Suspension

• Referral to Enforcement Agencies

• Increased External Scrutiny

• Public Perception

14

HIDDEN DANGERS

• Overexposure An improperly defined audit scope can “cast the net too wide.” Don’t overwhelm yourself or create liability for the organization.

• Invalid Sample Selection Selecting the sample size requires expertise and familiarity with the types of

services being audited, the patient population, and payer mix.  The sample selection should be performed with potential for extrapolation in

mind.

• Error Rate Thresholds Should be defined ahead of time by the organization. A conservative error rate threshold is a 5 percent error rate, as this is the rate

typically used in OIG Corporate Integrity Agreements.

• Not Just a Billing Issue Proper billing and payment is only a piece of the compliance puzzle. Don’t forget about ADA compliance, HIPAA compliance, EEOC compliance, FDA

compliance, CLIA compliance, etc.

• Conflicts of Interest The audit should be conducted with independence. Results must appear reliable to internal and external authorities.

15

16

CONDUCTING AN INVESTIGATION

CONDUCTING THE INVESTIGATION

• Scope Define the issues involved. Establish the relevant time frame. If reimbursement:‒ Identify payer sources involved.

‒ Determine “trigger” and universe of potentially affected claims.

Consider staff interviews, documentation review, claims audits.

Limit (if possible) to specific individuals involved or events triggering the investigation.

Keep the scope narrow to design the process around the key issues as you uncover the “real issue.”

17

CONDUCTING THE INVESTIGATION

• Carefully consider the need to hit the “Panic Button” to stop the problem immediately.

Document/billing hold

Pre-payment reviews

Repayments/adjustment bills

Don’t over-react!

Don’t under-react!

18

CONDUCTING THE INVESTIGATION

• Attorney-client privilege Consider for issues with potential high exposure:‒ Potential dollar amount at stake;

‒ Complexity or severity of the regulatory issue involved;

‒ Number of beneficiaries potentially affected;

‒ Likelihood of uncovering a serious problem requiring a voluntary disclosure to Medicare or other federal payers;

‒ The government’s likelihood of identifying the issue before repayment can be made.

‒ Length of potential non-compliance.

Consider outside legal counsel.‒ Independence

‒ Develop a strong working relationship

‒ Mark all documentation including investigative notes and correspondence: “CONFIDENTIAL / ATTORNEY-CLIENT PRIVILEGED / ATTORNEY WORK PRODUCT”

19

CONDUCTING THE INVESTIGATION

• Identify the investigative team considering: The workloads of internal compliance staff and the

availability of other internal resources;

The complexity or specialization of the issue;

The scope of the investigation (e.g. the universe of claims and mass of documentation to be reviewed);

The dollar amount potentially at stake; and

The sensitivity of the issue being investigated.

The ability of the staff to exercise independence.

When is it appropriate to escalate to executive team / Board.

20

CONDUCTING THE INVESTIGATION

• Interviewing

Time is of the essence, but don’t rush.

Confidentiality is key.

Awareness and enforcement of non-retaliation policy is imperative.

Corporate attorney represents the organization, not the individual.

Consider environment / tone / possible demeanor of the witness (cooperative / defensive / veracity).

“Who’s the best man [or woman] for the job?” 21

HIDDEN DANGERS

• Whistleblowers Employers cannot retaliate against whistleblowers.

Consider exit interviews / severance agreements.

• Attorney-client privilege Must document appropriately.

Document the scope of the engagement in writing

• Conflicts of Interest Make sure you have the right

people conducting the investigation.

• Jumping to Conclusions Keep an open-mind and don’t overreact. 22

23

TAKING CORRECTIVE ACTION

CORRECTIVE ACTION PLANS

CORRECTIVE ACTION

“Next to doing the right thing, the most important thing is to let people know you are doing the right thing.”

- John D. Rockefeller 

24

CORRECTIVE ACTION PLANS

• Document, document, document – but consider whether the information is protected;

• Description of the compliance issue;• Description of the investigative audit findings;• Summary of the applicable regulation or policy at issue;• Identification of the cause of the non-compliant

practice;• A list of steps taken by the provider to correct the issue:

Immediate cessation of the problem; Retrospective corrective action (e.g. repayment) Prospective corrective action (e.g. education of staff, revisions

to processes, etc.); and

• A plan for future compliance monitoring of the issue to ensure that the corrective actions have remedied the problem permanently (recidivism is a big issue). 25

CORRECTIVE ACTION PLANS

• Organizational Culture Internal communications

Potential relator considerations

• Having all the right parties involved in this step

• Must have support from all levels – staff to organizational leadership

• Putting it in writing – nature, purpose and design

• Having responsible parties dedicated to taking the corrective steps

26

27

TAKING CORRECTIVE ACTION

MAKING REPAYMENTS

FALSE CLAIMS ACT LIABILITY

• PPACA expanded False Claims Act (FCA) liability to include “identified” overpayments not returned to federal health care programs within 60 days.

• “Identified” = the provider “has actual knowledge of the existence of the overpayment or acts in reckless disregard or deliberate ignorance of the existence of the overpayment.”

• Required to act “with all deliberate speed” to conduct a “reasonable inquiry” to determine whether an overpayment exists

• CMS proposed to implement a 10-year look-back period for purposes of making repayments under the 60-day rule.

28

FALSE CLAIMS ACT LIABILITY

• CMS’ Examples of “Identified” Overpayments A provider reviews billing or payment records and learns that it

incorrectly coded certain services, resulting in increased reimbursement.

A provider learns that a patient death occurred prior to the service date on a claim that has been submitted for payment.

A provider learns that services were provided by an unlicensed or excluded individual on its behalf.

A provider performs an internal audit and discovers that overpayments exist.

A provider is informed by a government agency of an audit that discovered a potential overpayment and the provider or supplier fails to make a reasonable inquiry.

A provider supplier experiences a significant increase in Medicare revenue with no apparent reason (such as a new partner added to a group practice or a new focus on a particular area of medicine) and fails to make a reasonable inquiry.

29

EXTRAPOLATION

• OIG Corporate Integrity Agreement standard:

The sample should be designed to estimate the overpayment with a 90% confidence level and with a maximum relative precision of 25% of the point estimate.

• Use OIG RAT-STATS software.

• Consider use of expert statistician to perform extrapolation for higher likelihood of acceptance by payer.

30

REPAYMENT LETTERS

• Voluntary Repayment process outlined in Chapter 4 of the Medicare Financial Management Manual. Use form on MAC websites.

• The repayment letter should include: A summary of how the error was discovered; A clear outline of the methodology used to quantify the

overpayment (including whether statistical sampling was used);

What corrective actions were taken as a result of the discovery; and

Other information necessary to identify the affected claims (including, when possible, a copy of the audit spreadsheet).

• Understand differences in government and private payer processes.

31

REPAYMENT LETTERS

32

Medicare Repayment letters must include the following:

REBILLING

• For most Medicare claims, the timely filing limit is 12 months from the date of service.

• If an audit identifies improperly billed claims within the timely filing period, the claims can typically be re-billed or adjusted with the MAC.

• CMS has implemented a new process for rebilling improper Part A inpatient hospital claims under Part B.

Payment Policies Related to Patient Status, 78 Fed. Reg. 50495 (August 19, 2013).

33

HIDDEN DANGERS

• 60-Day Rule The date of “identification” is often hard to determine. Must clearly identify any overpayments – the clock starts

running at identification.

• Documentation Consider attorney-client privilege Compliance documents are not automatically protected

• Excessive Rebilling Can raise red flags

• Beneficiary Repayment and Collection Responsibility to repay copayments to beneficiaries. Providers must also collect from beneficiaries if they rebill

claims and a copay or deductible is owed.34

MONITORING

35

MONITORING

• Where do you start?• Who is responsible?• How do you keep track of it all?• Is there available technology?• Are we tracking all corrective action plans? How often?• Are we tracking all governmental pre- and post-

payment activity?• Did we miss any response to inquiry deadlines?• What percentage of repayment requests are appealed?

(ex. RAC Appeals)• Are we reviewing denial activity and determining root

cause?• Do we have corrective action plans developed for our

unique root cause(s)? 36

DEFINE YOUR MONITORING PROCESS

• Obtain leadership buy-in

• Must eliminate silos/protective behavior

• Communicate expected outcomes and financial risk

• Define which regulatory requirements are relevant to the organization

• Establish Risk Tolerance

• Establish Risk Ownership

37

QUESTIONS LEADERSHIPMAY ASK

• What regulations changed in FY2013/anticipated to change in FY2014 and what new processes are needed to address?

• What is the impact of regulatory activities?

• How effective is our monitoring process?

• How do we know our internal efforts are working?

• What should we expect for remainder of our fiscal year?

Consider a dashboard to report and monitor.38

HIDDEN DANGERS

• Failing to Monitor The compliance department should add any identified

compliance concerns to the organization’s Audit Plan and create a schedule for follow up audits to ensure ongoing compliance.

Inevitably, staff and processes revert to their “old habits.”

• Failing to Follow CAP Failing to abide by a CAP can increase risk for FCA liability

for future overpayments because the provider was already on notice of the issue.

Particularly critical when promised in a repayment letter.

• Culture / Buy-in Resources are slim for everyone

39

40

CASE STUDIES

SCENARIO 1

• Issue: Employee performing a daily task of up-coding on very expensive DRGs on I/P with all payers. The CCO received an Alertline report that the caller was instructed by

their supervisor to bill a higher level of service then is recorded on the documentation and told if they did not do it they would be fired and the supervisor would find another sucker to do it. They up-coded for several months and then decide to report to the CCO. They placed their concern through the Compliance AlertLine and felt that way they could stay anonymous and not lose their job.

• What is the next step? Once reported to the Compliance Dept/CCO, the investigation begins;

initially an internal review is conducted on what is known at this point, which was assumed to be only one employee doing this. With the volume discovered from the baseline audit, it was decided to expand the audit to include 2 other coders, which uncovered they were also up-coding. This opens up an unknown timeframe, number of personnel and finance impact to the organization.

• What do you do now? 41

SCENARIO 2

• Issue: Wound care services investigation Compliance auditors express concerns to

Compliance Office regarding physician documentation and quality of care.

• Considerations Closed community with physician being heavy

admitter. How far do you take this investigation before

involving counsel? How do you adequately prove or disprove quality

of care issues? How do you protect your organization given the

community culture?42

THANK YOU

We are happy to answer any questions.

Michelle CallowayHDJN

(804) 967-9604mcalloway@hdjn.com

Denise HallPYA

(404) 266-9876Dhall@pyapc.com

43