BY: DAN CLAYTON, CPA, CKM, JULIE WARD, RN, M.B.A., M.H.A. and MICHAEL TAORMINA
There is no better place to gain insight into emerging health care issues than a hospital governance audit committee meeting. The last decade of public pressure for greater accountability and transparency has promoted the idea that audit committee directors have a significant responsibility to provide oversight for the management of organizational risk.
CHAN Healthcare is a health-care-focused, internal audit and consulting company. Our auditors serve more than 10 percent of U.S. tax-exempt hospitals. An important part of our mission is providing data necessary for senior management and governance members to make decisions with full understanding of operational weaknesses and external threats. Our risk assessments and audit results are reported in over 200 governance audit committee meetings each year, serving over 600 entities.
We have witnessed a transformation in audit committee conversations. Once they focused mainly on financial oversight — now, audit committee responsibilities have increased. There is greater emphasis on understanding emerging industry trends and issues, and we repeatedly hear about two of their most pressing concerns: ongoing government audits and the integration and oversight of newly acquired physician practices.
Here is how we advise them to address those worries.
PREPARING FOR GOVERNMENT AUDITS
The Department of Health and Human Services announced a few months ago that its health care fraud prevention and enforcement program with the Justice Department recovered $4.1 billion in "stolen or otherwise improperly obtained" federal health care dollars for the fiscal year ending in September 2011. That success — the largest such amount recovered in any single year — led to allocation of an additional $300 million for more auditors and investigators.
Not all recoveries involve activities like Medicare fraud. Billing errors, inaccurate interpretation of complex requirements and lack of adequate oversight also contribute, and missing or incorrect documentation may lead to stiff penalties and paybacks with interest, as well.
Today, we are most familiar with audits by Medicare Recovery Audit Contractors (RAC), whom the government pays based on errors identified and monies recovered. This pilot effort by the Centers for Medicare and Medicaid Services (CMS) originated only a few years ago, but it was so successful in identifying billing errors and claims not supported by medical documentation that it has become permanent.
New rules are expanding its scope into Medicare Parts D and C, as well as Medicaid, based on regulations written in support of the Accountable Care Act. This threat is hitting the bottom line at many facilities.
However, RACs are not the only government auditors. Others who focus on health care — and the acronyms they are known by — are:
MICs (Medicaid Integrity Contractors). MICs are likely to be reconciled with 2012 Medicaid RAC efforts, but for now they have rules defined by the states. They have much more flexibility to audit without limitations and are not paid based on what they recover. They have an additional responsibility to educate providers on issues of payment integrity and quality of care.
MACs (Medicare Administrative Contractors). MACs are companies hired by Medicare to process Medicare Part A and Part B claims. They have a responsibility to audit providers, typically through logical data comparisons.
ZPICs (Zone Program Integrity Contractors. ZPICs have a Medicare fraud focus, auditing where there is suspicion of egregious conduct based on data mined by the CMS. ZPICs work with the Office of Inspector General and the Department of Justice, and their efforts can overlap those of other auditors. ZPICs also can arrive on site without notice and request access to an unlimited number of records.
HEAT (Health Care Fraud Prevention and Enforcement Action Team). HEAT is a multi-agency strike force composed of federal and state agencies with a focus on eliminating Medicare fraud. In 2011, HEAT was responsible for convicting nearly 200 defendants of fraud.
OCR-HIPAA Contractors (Office for Civil Rights HIPAA Audit Program). While most of the auditors above focus on billing errors and fraud, it is important to also mention that the Office for Civil Rights in the Department of Health and Human Services recently completed pilot efforts for HIPAA auditing based on HITECH law, which governs the use of health information technology. The Office for Civil Rights hired an international accounting firm to perform 150 audits in 2012 as part of a formal HIPAA audit program going forward.
PREPARATION AND BEST PRACTICES
Many government health care auditors approach their task much like an Internal Revenue Service tax audit. You must prove that you have appropriately captured and documented all of your information. Establishing strong processes in the following areas can help you develop an infrastructure to mitigate risks, and it starts with making a chain of accountability clear. Best practices won't help if no one knows who is responsible for what.
Start by asking these questions:
- Audit response. Is the organization set up to handle and manage an audit in a way that proactively protects organizational interests and leverages opportunities to appeal?
- Documentation accuracy. Are services that have been billed to the government supported by clinical documentation?
- Data storage and recovery. Can the data be quickly recovered and produced upon notice of an audit?
- Staff training. Do staffers know how to handle audit requests, and have they been trained on the organization's position related to audit findings?
- Process improvement. Is the organization set up to know trouble spots in advance and be able to demonstrate activities in place to rectify issues?
Then put plans into place:
- Proactively plan to be audited. Identify who within the organization receives and manages notices of government audits. Define and document the process for responding appropriately to these audits and educate the people involved. For example, a primary point person can help coordinate responses from various functions responsible for different parts of the charging, coding and billing process.
- Develop expertise. Being aware of your obligation to the auditors can help you limit their scope appropriately and prepare you to appeal findings that are only marginally substantiated.
- Leverage lessons learned. Audits will uncover issues. Audit-proofing your operation requires that the root cause of an issue be identified and corrected. Most organizations have internal auditors, compliance auditors and individuals responsible for coding and revenue integrity. Use these in-house experts to define your process, develop a continuous monitoring program, review government audit findings, clarify the root causes and develop action plans to prevent such errors in the future. Central authority for audit-proofing operations should be clarified to enforce process changes that cross many departments.
Following these leading practices in managing government audits reflects good organizational strategy and strengthens the ability to appeal findings. In February 2012, the American Hospital Association reported that about one-third of auditor findings were being appealed and that of those appealed, 74 percent were successful. Taking advantage of the appeals processes will usually be a worthwhile effort.
INTEGRATING PHYSICIAN PRACTICES
An article posted Nov. 2, 2011, on the amednews.com site published by the American Medical Association noted 60 physician practice deals closed in 2010, and 70 deals closed in just the first nine months of 2011. Physician contracting has long been a compliance focus, but now that we are in an Affordable Care Act-spawned period of physician practice acquisition, there are many more physician-related emerging issues.
Regulation abounds in the relationships between physicians and the hospital. The federal Stark Law (effective in 1992, revised in 1993 and 2007) and anti-kickback laws (on the books since 1972) can bring severe civil and criminal penalties for any referrals from a physician to a facility in which he or she or a family member has a financial relationship.
These laws are the product of past behavior, when some physicians referred patients for unnecessary medical procedures provided by labs in which the physician had a financial interest. The current fee-for-service model facilitates this potential behavior, because it rewards physicians for the number of services performed.
While the laws, importantly, keep the physician's mind on the patient, they typically distance physician interests from cost/value considerations when ordering services — likely adding significant costs to the care system in a lawsuit-weary, defensive-medicine environment.
So what happens in a patient-centered care environment promoted by health care reform through its accountable care organizations (ACOs)? Interestingly, regulators have not removed Stark and anti-kickback laws just yet — and the Affordable Care Act actually makes them stronger. The CMS issued a rule on March 31, 2011, that gives the Secretary of HHS the authority to waive federal fraud and abuse laws when necessary to efforts like ACOs. However use of this waiver remains uncertain, and the current regulatory elements governing physician and hospital relationships largely continue to mirror a fee-for-service world, making it difficult to create new collaborations in Affordable Care Act-promoted efforts.
So with this regulatory wall still preventing fluid professional associations, how are physicians and hospitals supposed to improve patient-centered care? The answer for many appears to be employment of physicians and acquisition of physician clinics. "Safe harbors" under Stark allow a physician employee to integrate more fully with the organization.
OH NO, NOT AGAIN
Looking ahead, many hospitals have important operating objectives focused on successful physician practice integration and a more patient-centric care model. These objectives make it important for systems to avoid the kinds of mistakes they made during the 1990s, the last time there was a big wave of physician practice purchases.
- Continued bleeding. Randy Bauman, a physician practices consultant at Delta Health Care, Franklin, Tenn., published a white paper on deltahealthcare.com entitled, "Why Hospitals Are Buying Physician Practices ... Again." In it, he begins with his No. 1 concern, "You can't pay 10 times what a practice is worth and expect to recoup your investment."
- Compensation guarantees without productivity expectations. Productivity is king for a successful practice. Physician contracts without at-risk pay tend to produce less, and at potentially lower quality.
- Losing the talent. Physician practices are unique and cannot be managed in the same way as a hospital. Putting hospital administrators into the practice and removing all the ancillary services can strip it of the skill and staff goodwill necessary to be effective.
- Mend mistakes. If large, significant missteps like these have already been made, then successful practice integration must include a plan to mend the disadvantages created.
Here are leading practices in integrating and managing physician practices as they begin to become part of health systems:
- Risk assessment. Formally evaluate the issues related to physician practice integration and assign accountability for their resolution. Knowing the good and bad elements of physician agreements and practice operations is critical to planning successful and sustainable care processes. Periodically pausing to assess the risks related to physician practices can provide valuable information and recommendations for any needed course correction. Assessing realities is particularly important as care operations move toward new models more dependent on physicians.
- Physician contracts. Spend the time required to ensure physician contracts get thorough review from appropriate legal and clinical operations leadership. The legal review should focus on the complexities of the related laws. The operational review should ensure quality and productivity is part of every agreement. Successfully incorporated physicians will have compliant contracts that promote positive physician relationships. While this is far from easy, we have observed well-structured, compliant contracts that create productivity health care operations with appropriately vested physicians.
- Let the practice influence the hospital. It is easy to consider economies of scale and want to fold physician practices into existing hospital functions. However, the negatives from an incorporated practice may outweigh the positives, especially in a patient-centered care model driven primarily by physicians. Some innovation in this area leans towards allowing the practice to act like a network within the network. It leaves power in the physicians' hands (which is part of a patient-centered care model) and allows them to operate with the feel of a physician practice but with access to broader system resources. It may even give physicians power to innovate or influence traditional hospital functions that have become too fragmented to provide effective care.
PLANNING PROACTIVELY
Proactively planning and routinely reviewing the status of objectives and related processes are key elements of creating operations robust enough to resolve or eliminate risks. Government auditors are not likely to go away. However, the risks of lost revenue and penalties can be mitigated by planning responses ahead of time and being ready with an educated response team. Such a team must include people who can guide the auditors to the resources requested, quickly address any concerns and current efforts to resolve them, and leverage audit findings to make operations audit-proof going forward.
Physician practice integration is typically an important part of a larger vision of patient care. Integrating practices and managing them effectively require routine assessment of risks and knowledge of past mistakes. We will continue to see innovation as care models change, but the basics of current hospital physician contracting and the need for productive, incentivized physicians will not change.
Finally, a critical piece of managing emerging areas is staying informed. Monitor regulatory developments and lessons learned from other health systems. Be ready to capture developing trends and reevaluate the organization's risk position. Leverage skills within the internal audit, compliance and revenue cycle functions to keep your operations ready and robust as we face tomorrow.
DAN CLAYTON is director of knowledge management, CHAN Healthcare, Clayton, Mo.
JULIE WARD is senior vice president audit and compliance, CHAN Healthcare, Oakbrook Terrace, Ill.
MICHAEL TAORMINA is senior vice president, CHAN Healthcare, Oakbrook Terrace, Ill.