Government and private payers use computer algorithms to identify atypical billing patterns and coding outliers. Cheryl Toth, MBA, talked with Patricia Hofstra, JD, a partner at Duane Morris LLC, and Michael J. Sacopulos, JD, president of the Medical Risk Institute, about what orthopaedic surgeons can do to reduce the risk that their billing and coding could trigger an audit or takeback.
Ms. Toth: What are some common audit trends you’re seeing with payers?
Ms. Hofstra: Medical necessity is a big one. The surgeon may feel that his or her treatment recommendations are medically necessary. But if they are not documented properly, it’s an issue. I’ve been on calls with the insurance company where the doctor explains all the reasons why the surgery was medically necessary, and the insurance company says, “That’s fine, but that’s not what you documented.” Then they request a takeback.
Another is the use of algorithms to monitor evaluation and management (E/M) levels and the use of time in the choice of E/M level. If you use certain codes or modifiers more than your peers, you will stand out, and this could trigger a request for records. Many physicians use the same level of service repeatedly. From the payer’s perspective, that means the physician isn’t paying attention to individual patient circumstances. If you almost always bill a level 4, you may trigger an audit. If your coding is accurate and documentation supports the level 4, that’s good. But you should still be prepared to be audited because of this pattern, especially if you are using time as a component of selecting an E/M code, in which case a payer may ask you to share your appointment schedules to verify that the volume of longer visits is possible within clinic hours.
When it comes to mitigating audit risk, where should practices start?
Ms. Hofstra: Every practice should have a compliance plan in place and require regular internal audits to help identify areas of vulnerability. If a self-audit shows there may be a problem with a physician’s coding and documentation, you know you have a problem before the payer does.
Mr. Sacopulos: Agreed, and a compliance plan is no longer optional; it’s a legal requirement. If you are billing the government, they want to know that you have a plan for submitting accurate claims, training people, policing yourself, and striving to do better. Yet, I find that only about 10 percent to 15 percent of practices have a properly developed plan. Many practices have portions of it or are following unwritten policies. That won’t cut it with an auditor. Your policies and plan must be in writing.
What is included in a good plan?
Mr. Sacopulos: The Centers for Medicare & Medicaid Services wants to see evidence that physicians are serious about compliance and take action to correct problems. Your plan should outline quality-assurance procedures, such as internal audits, which indicate you are monitoring coding and documentation compliance. The plan should also spell out consequences in a disciplinary action policy and remedial education plan.
A good plan also should include staff-training policies and requirements, the name of the go-to person in charge of compliance, and a Q&A log of coding questions that arise from physicians and staff in the practice. This log serves as your single point of truth for answers from credible sources that can be cited. Each time your team learns something from a reputable coding resource or gets an answer from a payer, it should be written in this log, which becomes a reference document for all staff, physicians, and new hires.
Both of you suggest that practices conduct internal audits. Which steps do you suggest practices follow and how often?
Mr. Sacopulos: I prefer smaller, more frequent internal audits and suggest twice a year. Start with a tool like the E/M Profile Analyzer (available within the Academy’s Code-X product), which creates a line graph of the service-level patterns for all healthcare professionals after staff enters those numbers from your billing system. You’ll quickly see which physicians are on either end of the bell curve or have too narrow a curve, and the Analyzer compares the pattern to peers in your state and nationally.
Ms. Hofstra: If a self-audit indicates that one or more physicians’ coding and documentation patterns are outside the pattern, pull some records and make sure the codes match the documentation. In a typical orthopaedic practice, reviewing 10 notes per physician is usually enough.
At what point should physicians involve an attorney in the audit process?
Mr. Sacopulos: If an internal audit is part of routine quality assurance, as defined in your compliance plan, you can conduct it without involving an attorney. However, if while conducting the internal audit you identify a pattern or become fairly convinced that there is an issue, pick up the phone and call an attorney to make your findings privileged. Under the work product doctrine, an attorney can protect you by contacting the insurance company on your behalf. This is the best way to handle more significant issues.
Ms. Hofstra: I agree and would add that if you get an audit request from a third-party auditor, you need legal counsel. No matter what the payer says in the letter, it’s not routine, especially if you see Special Investigations Unit on the letterhead. Hire an expert lawyer as soon as you can so that the information you uncover is privileged and the attorney can best guide you in conversations with the payer.
What kind of coding training should orthopaedic practices conduct?
Mr. Sacopulos: In addition to reading coding publications and attending webinars throughout the year, I suggest clients send several physicians and billing staff to coding and reimbursement workshops each year. As part of their preparation, attendees should have all physicians and staff write up questions they would like to have answered so those attending the workshop can bring back answers. Workshop attendees should hold an in-service for the rest of the team and provide copies of materials distributed at the workshop.
Ms. Hofstra: Coding and documentation training for physicians, midlevel professionals, billing staff, and coders is essential. Arrange for it at least annually. And assign staff to attend webinars and read coding publications and Medicare transmittals.
Mr. Sacopulos: Don’t forget to log all this training in the compliance plan; include course dates, titles, content covered, and any coding certification programs staff have attended. It indicates to an auditor that the practice is serious about learning and quality improvement.
Do you have any other advice relative to coding and compliance audits?
Ms. Hofstra: If you get a request for records or audit, don’t ignore it. Act quickly. If you don’t, you could end up in prepayment review, be excluded from a clinical network, or be subject to state and federal fraud statutes or state insurance laws.
Contact your attorney before you reach out to the payer or auditor. It’s relatively inexpensive to set up an audit under attorney-client privilege, so do it. Don’t wait until it’s a prepayment audit or huge refund request before calling, because at that point, it might be too late for optimal legal advice.
Mr. Sacopulos: Something I don’t see often enough is giving the compliance officer a direct reporting relationship to the governing body of a practice, such as the Board, when it comes to reporting or addressing compliance issues. It indicates a commitment to compliance. I also think it’s wise to have an hourly arrangement with a coding expert or consulting firm, so physicians and staff can get answers when they need them and not wait until an annual workshop. What you do not want to have happen is for the staff to try to get answers from a listserv, where you have no idea of the quality or accuracy of the responses and where they are making a public record of what may, in fact, be improper coding advice.
Cheryl Toth, MBA, is the director of content development for KarenZupko & Associates, Inc., which develops and sells the E/M Analyzer and delivers the national coding and reimbursement workshops for AAOS.