OIG 2010 Work Plan: What Hospitals Should Know
Payors Targeting Overpayments
Other areas that the OIG is reviewing that have particular potential to impact reimbursement include Medicare disproportionate share payments, hospital admissions coded with present-on -admission, hospital readmissions, and various reviews for adverse events.
In general, mining data for overpayments has become more prevalent for both government and private payors, says a partner with the healthcare services group of EisnerAmper LLP, an accounting and consulting firm with offices in New York, New Jersey, and Pennsylvania.
Health care reform has government payors trying to protect government funding and private payors fearing for their profit margins. While there is nothing new about government or private payor audits for overpayments, what’s changed is the amounts. About 10 years ago, the requests for repayment were typically in the $5,000 range for outpatient services and in the $50,000 range for inpatient services. In contrast, today the figures are closer to $500,000 for overpayment requests on the outpatient side and $5 million and up on the inpatient side.
"I think it's only going to get worse in the next five to 10 years because a lot of these organizations perceive that they won’t have funds," according to the healthcare services group partner.
In preparation for the possibility of an audit and subsequent return of overpayment, hospitals and health systems need to implement a compliance program—and they need to adhere to it.
"Hospitals have these set up; we just find that different parts of the hospital aren’t following them,".
The Compliance Program
A compliance program consists of:
- A formal risk assessment of compliance practices
- A compliance manual documenting processes
- Staff training on compliance processes
A risk assessment identifies weaknesses in compliance processes. The review can be conducted internally or by an outside expert. A formal assessment should be conducted at least annually, while less formal, internal reviews should take place about quarterly.
When compliance programs are in place, payors are more likely to consider a problem uncovered during an audit to to be an oversight rather than a case of fraud. That’s particularly important, because if fraud is considered a possibility, a payor can review records going back five to seven years. If fraud is not the case, a review can encompass only a year or two, depending upon state law.
Even if the payor rules out fraud, the cost of attorney and consulting fees and payments can add up quickly. “You still can be talking a significant amount of money. It’s become a very complicated and challenging battle.”
Once compliance processes have been reviewed, they should be documented in a compliance manual. A common problem is that providers often reverse these steps. “I find what happens a lot is people create manuals and then force the process to the manuals. But, what should happen is all the process work should be done first. Everything should be modified to a point where people feel it’s effective, it’s efficient, and most importantly, staff can comply with this approach. And, then you document that. I see it a lot of times done backwards,”.
Finally, all staff should be trained on the compliance manual and on proper coding and documentation, he says.
While a compliance program, and the risk assessment in particular, is an expense, if the right expertise is involved in these reviews, they can lead to improvements in billing accuracy, collections percentages, reimbursement rates and, ultimately, cash flow. Even a high-level review of compliance processes every six months to check whether there have been any significant changes is suggested, so the appropriate action can be taken. “The purpose of these programs is to change behavior. When a governmental payor or a private payor comes in, if the behaviors have never changed as far as they’re concerned, you don’t really have a program.”
Some in the industry advocate not performing a risk assessment because if problems are found and the hospital doesn’t take steps to rectify them, then the hospital may be held liable for knowingly ignoring the compliance rule. But hospitals shouldn’t be ignoring their responsibility in the compliance process.
"If there’s a risk and a liability, then it's your responsibility to take care of it,".