Audit Analytics and Continuous Monitoring
Palomar Pomerado goes on RAC Attack with continuous monitoring
By Tom Boyle, CIA, CISA, CFE, CCP, MBA
When Congress launched the Medicare Recovery Audit Contractor Program (RAC) in 2005, it sent health care providers scrambling to plug vulnerabilities in their billing and data systems. Designed to identify improper payments to Medicare beneficiaries, the program uses private firms and contractors to examine physician, hospital, nursing home and other service claims to pinpoint government overpayments to these providers.
In the RAC demonstration period between 2005 and 2008, the Centers for Medicare and Medicaid Services recouped over $900 million in overpayments and found nearly $38 million in underpayments returned to health care providers. The program will be permanent in all 50 states by January 1, 2010, and is expected to return many more hundreds of million dollars in improper payments back to government coffers.
Clearly, RAC audits can be extremely costly for providers. One small, 362-bed Maryland hospital, for example, had errors in approximately 40 percent of its audited claims – resulting in a payback of over $1.5 million to CMS. Their experience alone should convince health care providers to get their houses in order, or risk returning millions of unexpected dollars to government regulators.
At Palomar Pomerado Health in North San Diego County, we identified RAC as a top priority for our Internal Audit department. To augment our small, two-person audit shop, we formed a multi-disciplinary RAC task force comprised of stakeholders from all areas of the revenue cycle – including nursing, patient financial services, case management, coding, quality review, medical staff, and more. We developed a mission statement and a driving goal to identify and correct vulnerabilities and ensure more accurate billing throughout our organization.
Next, our “RAC Attack” began to educate task force members with information from CMS, HFMA, VHA and AHA consultants. We learned important lessons about the RAC program and gathered as many applicable details as possible. By analyzing the RAC pilot project, we discovered that the overwhelming majority of reported Medicare payment errors stemmed from what CMS classified as “Medically Unnecessary Service / Setting” issues (at 62 percent of the total). A good example of this issue occurs when admissions are incorrectly coded as in-patients instead of observation status patents – a pricey error, given that Medicare pays higher reimbursement rates for inpatients versus observation patients.
We began to evaluate our in-house processes and broke the patient experience into individual steps – from scheduling and pre-registration through to discharge – and examined critical decision-making points, and the controls in place to ensure those decisions are accurate. We applied audit analytics technology (ACL) to develop a script that extracts patient accounting system data entered during the previous 24 hours. The daily report contains all Medicare admissions and the chief complaint that led to admission, regardless of where the patient is located in the facility.
Based on the report, we quickly found inconsistencies in our determination of admission versus observation patients. Most of the confusion stemmed from misinterpreting the terminology. To address the problem, we developed additional training for staff, clinicians, and other employees involved in patient classifications. We also decided it was critical to continuously audit the accuracy of each classification. Our system lacked a mechanism to identify Medicare patients on a daily basis and to review each designation – before the patient’s final bill is generated and billing records can no longer be corrected.
The Internal Audit team used audit analytics to develop a script that directly (and securely) accesses daily mainframe data from the production system. The script runs automatically at 7:15 a.m. and sends an email to the Case Management department and bed assignment staff. The team can audit the validity of inpatient-status admissions and immediately authorize or change incorrect classifications. There are no complex reports to prepare or time-consuming downloads. It’s a streamlined solution that saves our team many hours of manual labor and promotes an accuracy level that would be nearly impossible to replicate without technology.
By continually auditing patient status determinations in a 24-hour window, we are minimizing and ideally, eliminating incorrect classifications – a key RAC risk area. The continuous monitoring is also an efficient use of resources. Our staff can quickly pinpoint discrepancies and feel comfortable reviewing the data on a daily basis.
For any organization developing a continuous monitoring or RAC audit-focused program, strong management support is critical. Our Internal Audit team reports to the CEO and audit & compliance committee of the board and the RAC attack redirected our efforts away from more traditional audit projects, so it was important to have full management backing.
In the last year, we’ve developed a series of additional continuous monitoring projects with audit analytics technology – many of which could be subject to RAC auditing – including Charge Capture Assurance. This project is designed to identify discrepancies and trends in our billing system, which often exposes problem areas for RAC audits. Using ACL, we developed an interactive tool for both auditors and the Managed Care department to analyze and monitor the financial performance of individual payer plans. The standard outputs include individual trends and anomalies based on contract terms.
With the Charge Capture script, users can also modify these outputs on an ad-hoc basis. We can calculate variance at any level without IT intervention or technical expertise, and quickly load several years of data in mere minutes. It’s a program that we now use on a regular basis to query different types of plans, and we’re consistently recovering big dollars and opportunities to re-negotiate contracts.
As health care providers look to the future of RAC auditing and other CMS analysis efforts, it’s increasingly important to prevent improper payments. Continuous monitoring is the most effective way to identify vulnerabilities in your systems, processes and data. Our RAC Attack has put us in excellent shape for any upcoming audits. Take corrective actions now and make sure you have watertight billing practices in place. It’s the best way to prevent those badly-needed dollars from flying out the window, today and tomorrow.
Tom Boyle, CIA, CISA, CFE, CCP, MBA
Tom is a healthcare specialist and the District Audit Officer for Palomar Pomerado Health District, where he is responsible for audit activities involving corporate compliance, operations, clinical audit, information systems, financial and fraud investigations. He has been an active member of the Association of Healthcare Internal Auditors (AHIA) for two decades and currently serves as Immediate Past Chair. Tom was also selected as a National Examiner for the Malcolm Baldridge Quality Award. Tom holds a Bachelor of Arts in Accounting from Pennsylvania State University and an Honors MBA from the University of South Florida.
The opinions, beliefs and viewpoints expressed by the various authors and forum participants on this web site do not necessarily reflect the opinions, beliefs and viewpoints of AuditNet®