Compliance budgets rise as audit activity heats up

Healthcare organizations are facing significant challenges to control costs while complying with a growing number of regulatory requirements under healthcare reform. A recent study conducted by Compliance 360 shows that many companies are responding by boosting their compliance budgets in 2011.

To learn more about how healthcare organizations are preparing for increased regulatory oversight and claims audit activity, FierceHealthFinance spoke with John Brooke, general manager of healthcare at Compliance 360, and Scot McLeod, the vice president of marketing.

FH: Your study found that 40 percent of healthcare companies are increasing their compliance budgets. What types of compliance efforts do think these increased funds are being allocated for? Have you seen any shift in focus over the past few years?

Brooke: What you're seeing is an increase in the
attention paid to compliance activities in general. Up until recently, organizations were handling problems on a point-specific basis. For example, if they saw a problem, they would acquire a solution to fix that particular problem; and if they saw another issue, they'd acquire a different solution to address that issue. But now, with the focus specifically at the board level on overall compliance, these organizations are going to increase their budgets because the board is now involved and they need a holistic approach as far as reporting and other compliance-based activities.

FH: How would you describe the state of claims audits so far in 2011? Have the threats of 'RAC Attacks' held up?

Brooke: What we saw in the survey that reflects what we're seeing in the market this year is the fact that only 9 percent of the organizations were highly confident in their approach to handling claims based audits, regardless of the source of the audit.

The organization's ability to manage all types of claims--and all types of audits from all different types of payers--in a centralized fashion is really the challenge. We've gone into several organizations recently who had acquired software that was strictly focused on one type of audit--Medicare RAC. But what they found was that the audits coming their way are not just Medicare RACs, they're mixed. So, they had to revert to these manual processes--they're going back to the spreadsheets and utilizing email to notify everybody that something needs to be done. They're unable to report all of the audit exposure in a comprehensive way. They get a lot done with very little tools. But the confidence level is reflected in that inability to manage audits from all types of payers with a single solution.

FH: Fifty percent of respondents said the greatest challenge to managing medical claims audits is holding everyone accountable for their part of the process. Are there specific areas where staff's feet should be held to the fire? And why do you think healthcare organizations struggle with getting all of the staff on board with audit programs?

Brooke: I don't think it's a lack of desire. These compliance folks are like MacGyver, they can build a weapon out of a roll of duck tape and a box of paper clips, because they know they're not on the front line care-giving side of the business. They're more willing to sacrifice resources in order to further the mission-driven part of the organization rather than administrative-type functions. So, it's not a lack of desire or effort; it's really a lack of tools and time to make things happen. You can only do so much with Microsoft Office products. These people have to sleep, they have to go home periodically, they get to take vacation, and when you're reliant on Outlook to send you a reminder that something in due at a particular time period, that's going to fall through the cracks.

Some of that is reflected in the concerns. They're afraid they're going to miss a deadline. And that's because of that lack of automation. I wouldn't go punitive on the staff. It's making due with what you have.

FH: Respondents also listed data mining as a major challenge. Are there any little-known tips for how can healthcare organizations execute data mining in their own compliance programs?

Brooke: There's data everywhere. The issue is being able to put it into a form that people can act on, go to a single place to find it, and have confidence that what they're looking at actually reflects what the situation is on the ground at that particular point in time.

We see a lot of customers wanting to know what their exposure is to a particular area that a RAC has published. They want to have an ability to look at their claims population and figure out how many of those claims this RAC is getting ready to look at do they have in the hopper. Let's get an idea of what the breadth of the issue is and then let's see what it's going to take to be able to make fixes, self-report or reissue claims. That, in addition to them being able to mine the informationthey found out about their own claims population, is something folks want to see.

FH: According to the report, 46 percent of respondents are "confident" in their current approach to managing medical claims audits, while 42 percent said they are "not confident" or "somewhat confident." Why do you think that is?

Brooke: It gets to what we talked about earlier, that inability to manage audits that are other than RACs. In 2010, the RACs were not active in all regions on an equal basis. In Region A--in New York--they were not active until the end of the year. The organizations faced activity that was all around MIC and other types of audits. If they had acquired a solution that didn't allow them to handle anything but Medicare RACs, then they're confidence level is going to go down because they have to revert to Excel and other things.

We believe that's really the issue that allowed only 9 percent of these organizations to be "highly confident" that they've go

t it covered. They didn't have a solution or they hadn't done the fire drills or the processes for audit types other than Medicare RAC. Once those audits showed up, they weren't prepared for them, and they had to revert to manual processes.

FH: How can healthcare organizations improve and demonstrate their compliance program effectiveness?

McLeod: We're seeing a shift taking place at CMS in particular, and it probably ties back to the overall changes coming through with healthcare reform, where in the past you were likely to be probed in detail if you had an issue. For instance, if you had a whistleblower issue, you might draw the curiosity of the reviewers. Now, they're becoming more proactive with these investigations. You don't necessarily need to have an issue that draws this interest in the effectiveness of your compliance program.

In reaction to this, healthcare organizations are shifting to being more proactively ready to demonstrate the effectiveness of their compliance programs at any given time; whether or not they had an issue, it really doesn't matter.

What these organizations need to be able to do now is on a continual basis compile this body of evidence of compliance, which does more than show they have a compliance program in place. It's one thing to be able to show we have sent out our code of conduct to all employees and the employees have all attested that they have read it; but it's another thing to show that the employees actually demonstrate it.

The example we frequently see are not only sending the code of conduct out to the employees through a centralized system, such that as they attest that they've read it you gather all those attestations in a centralized database, but you also include some questions about the content of the code of conduct that they employees answer. Then you can look at their responses almost like you would look at test responses, and score them to see if, in fact, they really do understand the code of conduct. And from those scores you would identity gaps in compliance and that might then lead to enhanced training programs to make sure those gaps are remediated.

FH: How can healthcare organizations implement such compliance programs when resources are already limited? 

Brooke: It has to be a priority. The compliance effectiveness was something that was added to the guidelines. It wasn't enough just to have a compliance program; it had to be an effective compliance program. "We tried really hard" is no longer deemed a valid excuse for not complying with regulations. So, it has to be a priority for the healthcare organization; it has to be a priority at the board level. You'll see Daniel Levinson (Inspector General for the U.S. Department of Health and Human Services Office of Inspector General) has written extensively for publications targeted at boards of directors at healthcare organizations to help the boards understand why this is not only a good thing to do but it's the right thing to do, and it's the law as well.

FH: What should be a hospital's first line of defense against RAC recoupment?

Brooke: The first line of defense is obliviously before the claim goes out. But once they've gotten the request, it's an ability and a process that allow you to respond in a timely manner, to protect the things that are taken away. We've had customers who have never appealed audits early on. But when they had the information in hand, they were able to recover significant amounts of money that they had never had the time or opportunity to dispute in the past. Just having an ability to do those types of things has helped increase the visibility of their compliance program, and also brought significant dollars to the bottom line of the organization.

You'll also see that these organizations become a lot more efficient once they've got processes in place to be able to respond to this onslaught because they've done the fire drills, they've got goals and objectives that allow them to be ahead of the game. So if the requirement is to submit records in 45 days, one of our customers wants to get it done in 30 days and they have. Those are the factors that allow you to defend justifiable revenue.

This interview was condensed and edited for clarity.