|
Release of Information’s Relationship with Audits: An Executive Overview
Healthcare providers have been releasing information contained in patient medical records for a very long time (known as the release of information process or ROI). They are legally required to release it and often receive up to thousands of requests a day. Many of these requests are time sensitive, due to patient continuation of care needs, payment for services, litigation, or insurance deadlines, so they must be expedited.
Requestors reimburse the healthcare provider for the records they receive. As such, they expect confidentiality and privacy of the information requested, promptness, accuracy, and high-levels of customer service for their money. Providers must comply with HIPAA guidelines while also meeting requestors’ turn-around time demands. Proper management and tracking of each request along with the knowledge and expertise of a highly skilled ROI specialist is essential to ensure a smooth, compliant and expeditious process.
HITECH Elevates Importance and Cost of ROI
Announced in 2009 and implemented in 2010, new HIPAA privacy and security rules under the American Recovery and Reinvestment Act’s (ARRA) HITECH provisions have elevated the importance of ROI even further and increased its cost.
Regulatory rules for the process vary from state to state and many differ from federal regulations. Worse yet, some diagnoses and/or medical issues have their own specific set of rules. Not only has the complexity of ROI risen sharply, but also has the cost as penalties for breaches of protected health information (PHI) continue to climb; reaching up to $1.5 million per year.
The point is that an increased number of requests for information needs to be managed and monitored, including those made by RACs and other auditors. Many organizations have moved toward a centralized audit management strategy and supporting audit tracking system. The centralized audit strategy has emerged as an industry best practice.
|
Medicare recovery audit contractors (RACs) and other auditors have become common record requestors. Parts of the medical record are often called into question (diagnosis, physician notes, etc) during audits. The American Hospital Association (AHA) reports that through the 1st quarter of 2011, over 173,496 requests for records were received for the 1,960 providers that reported into the AHA’s RACTrac system.
These auditors have been very successful in recouping revenue from healthcare providers. Again using AHA’s RACTrac totals, there have been over $167 million in denied claims through the 1st quarter of 2011.
Auditor record requests have had two major effects on healthcare institutions. First, they have greatly increased the amount of information that must be released in order to comply with the auditors as information must be provided initially and also during the appeals process. Secondly, Medicare has been so successful that other governmental and third party payers are implementing (or have already implemented) their own audit strategy.
We believe that their are eight key actions that need to be put in place to ensure each and every audit request is optimally managed and facility revenue is protected:
|
- Education– Provide key facility stakeholders with access to historical information about the various types of audits so they can better understand how each can potentially affect revenue.
- Communication – Identify a core team to include different areas of the facility and diverse expertise and schedule regularly occurring meetings to discuss audit related issues.
- Tracking – Create a specific workflow or use database and tracking technology that follows a specific process, to manage audit requests.
- Request letter management process – Proper management of medical record requests is vital to optimal audit management.
- Decision letter management process– The decision letter must be reviewed and processed quickly.
- Appeals management process– Appeals must be meticulously tracked to ensure that deadlines are not missed.
- Establish real-time financial management and a dashboard review process– Tracking the dollars at risk is key to understanding the potential impact audits can have on revenue.
- Establish a process and procedures to prevent denial issues from reoccuring– Conduct internal audits and track and review the results regularly.
This white paper focuses specifically on the management of medical record requests and describes the dependency and therelationship of the recovery audit process and ROI. Fine-tuning tips of the ROI process and the oversight are presented along with practical advice on how to mitigate audit risk and revenue loss. Finally, new developments in record request, release and exchange will be presented.
|
Fine Tuning the ROI Process Boosts Audit Success
ROI is an intricate process requiring 32 specific steps. The first step in ROI is also the first step in audit management: receiving a request for records. The medical record is often called into question during these complex reviews. In addition, the ramp up of other audits including MICs, MACs, Certs and others are adding considerable volume to an already complex and labor-intensive process.
There are three specific ways that healthcare providers can fine-tune their ROI processes to reduce risk of audit financial take backs. These include ensuring timely submission of requested information, implementing a view and approve workflow process, and confirming delivery of records to the audit contractor.
Tip #1: Ensure timely submission of requested information to auditing body.
Being on time with requests is imperative. Not meeting timelines can result in technical denials which equate to lost revenue. There are multiple potential timelines to track throughout the process.
First and foremost, the initial request for information must be responded to within the dates allotted by the auditing body (these timelines vary from auditor to auditor). Following the initial request, there are numerous paperwork and communication deadlines for both the healthcare provider and the audit contractor throughout the multi-level appeal process, as an example there are approximately five appeal levels for RAC.
|
Technology Supports View and Approve Workflow
HealthPort’s AudaPro™ solutions includes a View and Approve component for auditor requests.
- Audit requests come in and are entered into the audit management and tracking system.
- Documents are electronically “pulled” from the EHR or digitally captured from the paper record.
- Documents and auditor request letter are sent to a processing queue.
- All information travels to the view and approve queue for manual review.
- If disapproved, documents are sent back with a note as to why. The packet is then fixed and sent back to the pending queue
- Once approved, the packet of information is sent to the auditor.
|
If providers intend to appeal a RAC denial they must do so promptly. Deadlines to submit an appeal range from 10-45 days depending on the type of audit, with most averaging about 30 days. However, offsets to reimbursements occur on day 41. To prevent this offset, the re-determination request must be submitted prior to day 30. With so many deadlines and appeal levels, staying on top of the timing process is a best practice in order to minimize cash flow disruption.
Tip #2: Implement a View and Approve Workflow Process
Once records are gathered to fulfill a request they should be double checked to verify compliance. This step is called “view and approve”. Most providers are doing this to some extent. Due to volume issues and budget constraints, a sampling technique is most prevalent and technology to facilitate the process is ideal.
The view and approve step has some major workflow ramifications as it involves additional human resources and technology support. However, the upside of implementing a view and approve workflow are many. First, it is an important compliance step to assure the request is handled in a HIPAA- compliant manner and that only the appropriate information is forwarded on to the auditor. Secondly, reviewing records before they are sent to the auditor gives providers the opportunity to perform a self-assessment (how are they doing with the issue being reviewed). They can also check to make sure there are not other items in the packet that may carry additional risk. Finally, the view and approve step helps hospitals determine if they have a selfdisclosure issue and automatically provides a double check for the chart completion and other quality issues.
|
Tip #3: Delivery Confirmation
The industry is still seeing sporadic problems with auditors regarding delivery of records, particularly with the RACs. Either RACs are stating they never received records or contractors are reimbursing providers beneath agreed-upon levels or both. Both issues cause financial concerns for healthcare providers:
- Unjustified technical denials
- Failure to win appeals if records are not received
- Needless, repeat paperwork for providers
- Non-reimbursement of ROI expenses
First, the auditors often request batch submissions of multiple requests (again, this is seen particularly with the RACs). Providers must closely track the delivery and receipt of the box as well as each individual case contained within the submission. Receipt of delivery must be obtained and maintained by the provider. In order to alleviate this issue, some providers continue to send records individually thereby ensuring the “trackability” of each submission. In other cases, when the provider notifies the auditor that a specific case was sent in a batch shipment and who signed for it, they magically found the record.
|
"In cases, when the
provider notifies the
auditor that a specific
case was sent in a
batch shipment and
who signed for it, the
record was easily
found. "
|
Secondly, there are reports of auditors under-reimbursing providers for records received. There have been instances of the auditor arguing that a lesser number of pages were received than were submitted by the provider. Retain proof of each page sent to help ensure correct reimbursement. And be aware that going back after these dollars may not be successful.
To mitigate these concerns, providers should be aware of any reported problems within their regions and incorporate the following steps into the ROI process:
- Keep a confirmation data base with such information as the FedEx tracking number and a scanned signature page.
- Retain a copy of the exact pages that were sent with the who, what and when information maintained in a central database.
- Have the exact record available after the fact for the appeals process and repeat submissions. It is difficult to go back and try to recreate what was sent.
- Maintain the integrity of the package during processing and the integrity of the record throughout the entire appeal process.
Delivering Records to Auditors: An Opportunity for Innovation
Currently, medical records are provided electronically as well as in paper format. For most requestors, electronic delivery is preferred. In fact, HealthPort currently delivers over 50% of requested records via electronic methods thereby reducing the need
|
for paper production, expediting requests and providing overall better service to requestors. Electronic delivery also saves time, money and subsequent re-scanning of information once received.
However, in the case of record delivery to auditors, paper is the preferred methodology; primarily because of the concerns and issues mentioned above. HealthPort is working diligently with the Centers for Medicare and Medicaid Services (CMS) to change this paradigm and fast-forward the record delivery process for auditors into the 21st century by actively participating in the organization’s Electronic Submission of Medical Documents (esMD) Gateway project.
On February 21, 2011 HealthPort publically announced its involvement as the largest health information handler (HIH) approved to participate in the test phase of CMS’s gateway services for information exchange from healthcare providers. In June, it was announced that HealthPort successfully passed the esMD HIH connectivity testing and has now entered into the functionality testing phase.
|
"A solid release of information
process is needed to expedite
delivery of requests, eliminate
technical denials and reduce
the risk of financial penalties."
|
As a participant, HealthPort will utilize its technology for the secure electronic transmittal of medical records in response to requests by RACs and other Medicare and Medicaid related audit requestors via the esMD gateway. CMS projects the “live” date for the first real transactions are estimated to be late 2011.
Electronic submission will help as there will be electronic tracking of request submissions as well as electronic tracking of page counts. Many of the issues and concerns addressed earlier in this paper will be alleviated. The project is starting with the submission of record delivery, but it is anticipated that it will move further to include requests and letters of denial, etc.
Audits and ROI: Dependency and Relationship
ROI is the first step in the audit management process and as such, its’ impact on reimbursement and the revenue cycle must be considered. Recovery audits have driven up the cost of retaining even less of providers’ revenue. Furthermore, the volume of audits is increasing as a plethora of federal agencies and commercial payers follow in CMS’s footsteps. Never before have so many dollars been at risk for such easy loss.
A solid release of information process is needed to expedite delivery of requests, eliminate technical denials and reduce the risk of financial penalties. Now is the time for healthcare executives to take a closer look at this hidden, but critical, process within HIM. By implementing the tips mentioned in this white paper alongside robust, audit management and tracking technology, providers can solve many of the problems mentioned while also minimizing costs and mitigating revenue risk.
|
Audit Definitions
MIC – Medicaid Integrity Contractors
- Reviews provider claims, audits provider claims, identifies overpayments and educates or trains Medicaid employees
- Not involved in collections for over payments
PERM – Payment Error Rate Measurement
- Measures payment accuracy rate
- Each state is reviewed once every three years
CERT – Comprehensive Error Rate Testing
- Calculates a national paid claims error rate for Medicare Fee-for-Service program
- Reports on Carriers, and Fiscal Intermediaries
OIG – Office of the Inspector General
- Oversees all programs
- Conducts independent investigations, audits, inspections and special reviews
MAC – Medicare Administrative Contractor
- New contract entitiy
- Will eventually replace current payment contractors
QIO – Quality Improvement Organization
- Staffed by healthcare professionals trained to review medical care and implement quality improvement
- Contracts last for three years
|
HealthPort is the authority on the compliant exchange of protected health information through comprehensive audit management and tracking technology that includes integrated release of information services. By automating, managing and tracking the entire audit process, this combination helps healthcare facilities successfully protect their revenue from the financial ravages of audit-take-backs and breach-related penalties.
|
|
