Who is in our audience today?

Transcription

1 Best Practices Ideas for Compliance Auditing and Monitoring Health Care Compliance Association Compliance Institute 2015 Presented by: Jim Passey Director, Compliance Auditing & Monitoring Sutter Health Gloria Jarmon Deputy Inspector General for Audit Services Office of Inspector General Who is in our audience today? Compliance officers? Attorneys/Law firm? Health care providers? Health plans? Pharmaceutical industry? Physicians? Coders? Government/trade association? 1

2 Auditing & Monitoring Best Practices Why should you audit and monitor? Listed as one of the elements of an effective compliance program Represents the single most important way to determine the effectiveness of your compliance program Where do I start with my auditing and monitoring activities? Auditing and monitoring should be prioritized based on a comprehensive risk assessment. Remember, an assessment, by definition, is not an exact measurement. It is a general judgment based on logical assumptions. Risk Assessment Define your organization s compliance risk universe. Consider the following factors in determining your compliance risk universe: OIG Annual Work Plan Industry journals/periodicals Interviews with key organizational stakeholders CIAs, Fraud Alerts, Advisory Opinions, etc. Recent government enforcement activity Interviews with industry experts Recently reported compliance concerns or audit results Compliance program effectiveness reviews Any other resource that sheds light on compliance risk to your organization 2

3 Risk Assessment What format should your risk assessment take? High, medium, low risk? Heat map? Risk matrix? Red, yellow, green? Rainbow charts? Impact vs. likelihood quadrants? Spider web diagrams? Use whatever format works best for your organization s needs Remember, the risk assessment is essentially a resource prioritization tool to tell you where you should dedicate your time and attention it does not need to be an exact metric Annual Compliance Work Plan The risk assessment drives your annual Compliance Work Plan The Work Plan should include the topics you will audit or monitor for the year The Work Plan should include general timeframes for the audit process Compliance Program effectiveness efforts should be included on the Work Plan and may require auditing and monitoring activities 3

4 Core Components of an Audit Audit scope The pre determined, stated purpose, scope and timing of the audit. The audit focus should stay within the definition of the audit scope. Work Papers Captures the facts, analysis, conclusions and findings of the audit work. Audit Report Communicates the findings of the audit to the process owners and key stakeholders. Corrective Action Plan Lists actions taken to mitigate/ eliminate the risks identified in the audit. Auditing Billing and Coding Topics Much of your audit focus will likely be on billing and coding topics (since this is where much of the government s focus is). Billing and coding audits should be performed by individuals with expertise in, or an understanding of, the area being audited. Make sure the audit scope and work is clearly focused on the key topic at hand. 4

5 Auditing Billing and Coding Topics Types of audits: Data Mining: An analytical review of data to determine whether or not a risk exists and, if so, where to focus further auditing efforts. Probe Audit: Evaluating a small sample (e.g., 30 samples) to determine whether or not a problem exists. This approach is generally not used to extrapolate a re payment across an entire universe. Extrapolation Audit: An audit of >100 samples for the purpose of extrapolating across the entire universe for purposes of re payment. Auditing Billing and Coding Topics Some types of sampling: Random: Performed using RAT STATS or some other truly random number generation process. Sampling for extrapolation purposes should normally be done using random sampling. Judgmental: Passing judgment on the types of samples you will review. Might be based on pulling a variety of different samples by time, quality, category or other intentional selection method. Many more: Stratified random, nth record sampling, cluster sampling, nonprobability sampling, availability sampling, quota sampling, purposive sampling, snowball sampling 5

6 Auditing Billing and Coding Topics How do I know if I need to make an overpayment refund? Each organization decides its own net reimbursement error rate threshold to trigger an extrapolation audit based on the judgment of the organization, types of errors or issue being audited. If your probe sample results in a high net reimbursement error overpayment rate, an extrapolation audit may be necessary. The net reimbursement error rate should take into account both overpayments and underpayments. Remember, there is a difference between coding error rates and net reimbursement error rates. Any individually identified audit sample that is incorrectly overpaid must be refunded even if the net reimbursement error rate is less than your error rate threshold Extrapolation audits for purposes of overpayment should be based on a review of >100 samples Always work with your reimbursement attorney on re payments to the government Monitoring Monitoring is defined as observing and reporting the progress or quality of a process evaluated consistently over a period of time. Your annual physical is an audit, your daily BP check is a monitor. Monitoring is the concurrent, real time trending of a process. Most audits result in corrective action plans (CAPs). CAPs should normally include some kind of monitoring function to ensure that corrective action plans are effectively implemented Can be independent or self monitoring 6

7 Monitoring Billing and coding audits are particularly well suited for monitoring functions Monitoring should be conducted consistently over time to ensure that corrective action is working as designed Any topic in the OIG s Work Plan would be beneficial to monitor whether or not you perform a formal audit Monitoring of a specific topic can be discontinued if control limits are sustained for an appropriate period of time (based on the nature or severity of the topic) 7

8 Gloria Jarmon Deputy Inspector General for Audit Services HHS, Office of the Inspector General Best Practices in Compliance: Lessons Learned from CIAs 8

9 Best Practices in Compliance: Culture BAL(5 Best Practices in Compliance: Effective Compliance System Compliance systems need: Flexibility Regular, periodic compliance audits Audits by auditors with expertise in health care statutes, regulations, and requirements 9

10 Slide 18 BAL(5 Sheri, in light of changes to the "lessons learned from CIAs" slide, I think that this slide is OK because the distinction has already been made between risk assessment and regular audits. This is the slide I'm struggling the most on. Barbee, Alexandra L (OIG/OAS), 2/24/2015

11 CIAs are not part of the cost of doing business Resources for compliance Videos Compliance guides Safe harbor information Self disclosure information Compliance 101 course How should organizations respond to audits? Don t do this! Cooperation is key 10

12 Proper Controls on Internal Matters Future High Risk Areas New payment and delivery models Data integrity and security Consumer fraud protection Remember, traditional risk areas still apply! 11

13 Questions? Contact Information Jim Passey, MPH, FACHE, CHC Director, Compliance Auditing & Monitoring Sutter Health, Sacramento, CA (916) Gloria Jarmon, CPA, CGFM Deputy Inspector General for Audit Services Office of Inspector General, U.S. Department of Health and Human Services Website: 12