Editor’s Note:

Denise Williams, RN, CPC-H, is the senior vice president for Health Revenue Assurance Associates, Inc. She has been involved with APCs since their initiation. Ms. Williams has worked as corporate chargemaster manager for two health care systems and is heavily involved in compliance and coding/billing edits and issues.

Preparing for, and responding to, recovery audit contractor (RAC) reviews can be intimidating. You can lessen the pain, however, by understanding Medicare billing and coding rules and requirements, and being proactive in implementing controls to ensure compliance.

RACs Review Across the Nation

Section 302 of the Tax Relief and Health Care Act of 2006 made the Recovery Audit Program permanent, and required that it be expanded to all 50 states by 2010. The Recovery Audit Program’s mission is to reduce Medicare improper payments by detecting and recovering overpayments, identifying underpayments, and developing methods to prevent future improper payments. There are four RACs, each serving a specific region in the country (see next page for the regional split).

RACs review claims on a post-payment basis following Medicare policies. RACs are required to employ a staff consisting of nurses, therapists, certified coders, and a physician medical director. There are two types of reviews: automated and complex. Complex reviews require a medical record to complete the review. According to the Statement of Work for the Recovery Audit Program, “The Recovery Auditor shall not attempt to identify any overpayment or underpayment more than three years past the date of the initial determination made on the claim. The initial determination date is defined as the claim paid date.”

What to Watch

Each RAC publishes a list of improper coding issues approved by the Centers for Medicare & Medicaid Services (CMS) on its website. Each issue indicates which type of provider(s) is subject to review. Many of the inpatient issues relate to medical necessity for certain diagnostic-related groups (DRGs) and are considered to be “complex” reviews. For outpatient facility services and physician practices, many of the approved issues are automated. These issues test for Medicare billing and coding guideline compliance, which CMS publishes on its website.

Some examples of approved issues include:

• Once-in-a-lifetime procedures (e.g., “welcome to Medicare” exam)
• Medically-unlikely edits (expected units per encounter)
• Add-on codes without a primary code
• National Correct Coding Initiative (NCCI) column 1/column 2 edits
• Procedures with no corresponding device code
• Minor surgery and other treatments billed as an inpatient stay
• Outpatient services within 72 hours of admission
• Exact duplicate outpatient claims
• Outpatient claims billed within a prospective payment system (PPS) inpatient admission
• Skilled nursing facility (SNF) consolidated billing

Prepare to Prevail

Don’t wait for a RAC to knock on your door. Be proactive and follow these RAC review preparatory tips:

Research improper payments found by RACs, the Office of Inspector General (OIG), and comprehensive error rate testing (CERT).

• Review the RAC-approved issues on each contractor’s website.
• Peruse the OIG and CERT audit reports online.

Conduct an internal assessment to identify if you are in compliance with Medicare rules. For example:

• Take one RAC-approved issue per week and do your own random audit of claims to identify questionable areas of compliance.
• Use existing quality assurance/audit professionals to incorporate RAC-approved issues into your routine audit process.
• Review existing bill scrubber edits/rules to ensure edits are in place to capture claims with specific codes (or code pairs). For example, there should be a pre-billing edit to catch claims that have an implant procedure code, but no implantable device code.

Identify corrective actions to promote compliance.

• Educate charge entry (or coding) staff when trends of non-compliance are noted.
• Implement a quality assurance process (either human or automated) to review complex claims prior to claims release.
• Be sure to maintain the most updated provider manuals and CMS regulations, and disseminate the information to all appropriate parties.
• Review the RAC-approved issues periodically for changes.
• If issues are found, work with the billing office to determine whether it is appropriate to re-bill the noncompliant claims.

Prepare to respond quickly to RAC requests.

• Understand who receives RAC request letters and ensure he or she is educated about the importance of a timely response.
• Have a process in place to release records as requested within the appropriate time frame.
• Be sure whoever is releasing the information understands the components of the legal medical record and where to find all required information.

Appeal when necessary (within 120 days).

• There are specific steps to take when appealing decisions outlined in detail on the CMS and RAC websites.
• Appeal when you disagree with the decision; appeals must be completed in a timely manner.

Learn from past experiences; track denials and look for patterns.

• When a RAC repayment is made, correct the problem going forward. Educate the offending department(s) to ensure they understand how to charge and code correctly. If you have multiple facilities, share knowledge across all facilities.
• Work with your billing office to identify trends of billing denials prior to RAC reviews; follow the same mitigation steps to avoid future RAC findings.
• Review pre-billing edits to identify patterns of misuse and educate the departments accordingly.

Don’t Be Afraid to Appeal

Do not wait for RACs to request records or data before conducting these internal assessments. Keep in mind that RAC reviewers are not necessarily certified coders. Moreover, they are human, and they make mistakes. If you feel repayment is requested in error, appeal the decision. It is well worth the expended resources when you win an appeal.

Remember to be proactive—don’t wait for a RAC to appear. If one has not already visited you, it is only a matter of time. No provider is exempt from RAC review. Conduct internal assessments based on the published, approved issues. If your claims are submitted in compliance with Medicare regulations, you should not encounter any serious issues with a RAC.

Amy Lee Smith, MBA, CPC, CPC-H, CPMA, CIA, CRMA, is manager of internal audit at Bon Secours Health System, Inc., where she primarily performs coding and billing audits. She earned her bachelor’s and master’s degrees in business administration with a concentration in finance from The College of William and Mary in Virginia. Ms. Smith is also a Certified Internal Auditor and certified in risk management assurance.

“Compliance” often conjures up images of boring lectures, law enforcement, huge fines, scary “I’m from the government and I’m here to help” mentality, and worse. In reality, compliance is an integral part of the health field. And with health care reform and the Patient Protection and Affordable Care Act (ACA), compliance programs are mandatory.

Compliance is also inextricably linked to coding. With health care reform putting pressure on accurate documentation, coding, and billing, there are many benefits to having strong and accurate coding skills, a positive coding-compliance team, and an effective compliance program to ensure correct reimbursement. Having good partnerships may also strengthen an organization’s overall compliance program by increasing a hospital or medical practice’s revenue. Finally, coding and compliance working together can support audit or recoupment efforts and quality measurements; and cooperation can help meet electronic health record (EHR) meaningful use requirements.

Fraud. Waste. Abuse.

These three little words form the government’s mantra for audits and legal actions conducted by the Office of Inspector General (OIG), the U.S. Department of Justice (DOJ), the Office of Civil Rights (OCR), and the Centers for Medicare & Medicaid Services (CMS). As these government agencies look for ways to prevent fraud, waste, and abuse, there are four important federal laws that form the framework for an effective compliance program. Appropriate and effective coding is tied to each of them:

• False Claims Act (31 USC§3729).
  This Civil War era statute has been revised over the years to strengthen the legal underpinnings and penalties for any individual or entity that presents a false (i.e., inaccurate or wrong) claim to the government (i.e., Medicare or Medicaid or other federal health insurance program). When a submitted claim from a hospital is inaccurate, there is the potential that the False Claims Act is being violated.

• Anti-kickback Statute (42 USC§1320a). This law prohibits offering, paying, soliciting, or receiving anything of value to induce or reward referrals or generate federal health care program business. This law directly affects referrals from physicians to hospitals for services and patient care.
• Stark law (42 USC§1395) or the physician self-referral law. Stark law is named after the California congressman who spearheaded the massive legislation. This law prohibits a physician from referring Medicare patients for designated health services to an entity with which the physician (or an immediate family member) has a financial relationship. Given the breadth of this law, any hospital referrals from a physician who receives any form of compensation from that hospital need to be regulated and monitored. Because hospitals, clinics, and physicians are inextricably linked, it is critical to meet the safe harbors, or exceptions, provided in these comprehensive laws regulating provider-hospital relationships. Huge fines, penalties, Corporate Integrity Agreements (CIAs), exclusion from Medicare, and jail are consequences of violation. Although typically not directly involved in physician financial arrangements, coders should at a minimum have confidence that all physician/hospital financial arrangements are appropriate. Coders are often the first to see irregular patterns of referrals, elevated service levels, and inappropriate orders—all possible signs of violations. You can ask managers, compliance officers, and legal departments how physician financial arrangements are monitored. When necessary, question any inappropriate or excessive referrals from a particular provider.
• Health Insurance Portability and Accountability Act (HIPAA) (45 CFR Parts 160, 162, and 164). This law, familiar to all coders, governs the transmission of medical records containing important medical information. HIPAA—under the purview of the OCR—also regulates the disclosure of patient protected health information (PHI). Professional coders know the importance of adhering to strict confidentiality when dealing with the thousands of bits of private medical information coming across their desks each day. With implementation of EHRs, HIPAA kicks in with full force. The Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009 increased regulations and requirements for preventing and reporting PHI breaches. For instance, a PHI breach affecting more than 500 patients in one geographical area requires notification to the U.S. Department of Health & Human Services (HHS), notification to affected patients within 60 days of learning about the breach, establishing a specific hotline number for patients to call, and other possible consequences. Data nationally indicates the cost for mitigating and responding to each breach is over $200 per record. Any misuse of patient PHI can cause the OCR to audit, investigate, and fine the perpetrator. The OCR has initiated over 100 HIPAA audits in 2012 to review practices of hospitals, clinics, and physicians across the United States. More HIPAA audits are probably on the horizon.

These four main laws, along with Medicare and Medicaid rules and regulations, and other state and federal laws, provide tools to guide effective compliance and coding practices. These laws also provide the leverage for the government to audit and review coding practices, patterns, and claims.

You Can’t Stick Your Head in the Sand

Historically, coders have said, “I just code what is given me; compliance is not my concern.” And in the past, perhaps, knowledge or awareness of some of the aforementioned compliance laws were not on the coder’s radar.

The landscape has changed. As these laws are revised and updated, deliberate knowledge is being removed as a requirement for violation. Laws now contain the verbiage “known or should have known.” For instance, the Anti-kickback Statute is an “intent-based” statute. This means that specific intent to violate the Anti-kickback Statute must be shown to prove a violation. Historically, however, federal courts have interpreted this statute broadly, ruling, for instance, that intent to violate this statute may be inferred from other circumstances.

Conversely, the Stark law is a “strict liability” law. This means that under Stark, lack of deliberate intent or knowledge is not an excuse and proof of intent is not necessary. If there is an improper or illegal physician financial arrangement in place, every referral from that physician is affected as long as the arrangement was noncompliant, and all claims coded and submitted by that physician are suspect.

The False Claims Act was modified in 2009 to make it clearly illegal—defining it as “fraud”—for a hospital or physician to knowingly keep overpayments or money paid to them due to a billing error or wrong payment (i.e., “credit balance”). Entities now have 60 days to repay an overpayment after they know, or should have known, about the improper payment.

In a nutshell: Ignorance of compliance in the changing health care landscape is not bliss. Compliance offices will need to work closely with coding and billing offices to ensure systems and practices are in place to adhere to strict law compliance.

The Government Is Watching

Hospitals and physician practices have seen an exponential increase in government audits and claim reviews. Coders will often be the front end of defense and offense when government auditors review and audit health claims.

The Recovery Audit Contractor (RAC) program is perhaps the most familiar these days, but Medicaid integrity contractors (MICs), Zone Program integrity contractors (ZPICs), Medicare administrative contractors (MACs), and the Comprehensive Error Rate Testing (CERT) program are closely related. All are designed to help the government discern fraud, waste, and abuse—and to recoup federal health care dollars that have been improperly paid.

The U.S. government has repeatedly reported that incorrect claims cost the taxpayers billions of dollars. Consequently, over the past several congressional sessions (both Republican and Democrat led), the OIG enforcement budget has increased dramatically. Government data shows that every dollar invested in compliance recoups anywhere from six to 10 dollars for the government.

The same holds true for third-party payers who have increased their scrutiny of claims, instigating their own independent reviews and audits. From a taxpayer viewpoint, RAC, MIC, MAC, ZPIC, OIG enforcement, etc. are all good ways to ensure Medicare/Medicaid dollars are being paid accurately. But from a hospital or physician practice viewpoint, these programs have added huge administrative burden and costs.

Good News for Coders

The “good news” for professional coders is that these governmental and third-party payer audits reinforce the importance of accurate coding, professional coding standards, and the involvement of coding in an entity’s overall compliance program.

One of the key seven elements of an effective compliance program, according to the OIG, is to have regular auditing and monitoring in place. The basis for most audits of claims is the medical documentation, underlying medical necessity, and then how that translates into the codes and the bill. Coders should increasingly be called upon to help review coding internally, set up effective coding practices, protocols, and procedures, and meet accurate coding benchmarks.

David Lane, PhD, CHC, CPC, CAPPM, is chief compliance and privacy officer at Hawaii Health Systems Corporation.

I’ve worked with physicians for almost 30 years. Looking back, I remember thinking each time we added a new provider, “I wish I could have taught you what you need to know about coding while you were learning to be a doctor.” If medical students took a coding class while they were learning and practicing medical procedures, perhaps they would be able to see the vital connection between caring for their patients and coding for their services.

Living the Dream

Recently, I had the chance to live out my fantasy of teaching medical students about coding. I was invited to speak to students at the Saint Louis University School of Medicine. Approximately 35 students made up the audience, forming a new focus group of potential physicians who are interested in learning the financial side of their profession.

Doctors Wear Many Hats

I informed the students that they would be many things over their lifetime: a student, a resident, a doctor, a healer, a partner, a business person, and—most of all—a target. I opened their eyes when I explained that in the course of their career they would be reviewed, audited, and compared to peers by their patients, insurance carriers, and the government. The fact that the government has so many different agencies to monitor physicians really surprised the students. After explaining what the Centers for Medicare & Medicaid Services (CMS), recovery audit contractors (RACs), comprehensive error rate testing contractors (CERTs), and zone program integrity contractors (ZPICs) are, and how each department has a different focus, I told them that possibly the hardest lesson they’ll learn is what it takes to expertly document their services, and explained why it’s so important they make the effort.

Enter CPT^®, ICD-9-CM, and HCPCS

My first task was to introduce them to the tools of our trade: CPT®, ICD-9-CM, and HCPCS Level II codebooks. I held up each of the books and asked if anyone was familiar with the publications. Only one hand was raised, and I wasn’t surprised that this student’s dad was a physician. I told the other students that CPT®, ICD-9-CM, and HCPCS Level II books would become as important to them as their textbooks are today, and that they contained everything necessary to report any service performed for their patients.

Meet Your Diagnosis Codes

I explained that ICD-9 is an older set of codes, having been established originally in 1893. When the International Classification of Diseases (ICD) originally came about, it was meant as a reporting tool for the World Health Organization (WHO) to track the spread of epidemics and other diseases, but in the United States, insurance carriers had adopted ICD for assigning medical necessity to procedures. Over time, the U.S. insurance industry completely changed the original intent of the book.

I told them that ICD-9 was adopted in this country for use on claim forms in 1979 and was mandated by the Health Insurance Portability and Accountability Act (HIPAA) in 2003. I also told them that the medical world is currently preparing for the biggest change in the history of health care as we gear up for ICD-10. By the time the students graduate, ICD-10 will be in full swing, and there will be nearly five times the number of diagnoses codes from which to choose.

The students now know that tied correctly to the procedure codes in Current Procedure Terminology (CPT®), diagnosis codes establish medical necessity for every procedure billed. I explained that correct coding accompanied by good documentation establishes medical necessity for what they do, and it will keep them safe in a world swarming with audits.

Meet Your Procedure Codes

Next, I discussed how CPT® was established in 1966 by the American Medical Association (AMA). The AMA owns the copyright on these codes, and updates them quarterly. Providing a standard set of codes, CPT® makes it possible to report and bill services in a common language. In other words, learning medical coding and billing is like learning a foreign language — a language in which all doctors should be proficient. We also talked about the Resource Based Relative Value Scale (RBRVS), which was developed to assign a monetary value to each CPT® code. I shared with them why it is important for providers of medical services to know how properly assigned codes will affect their income.

We concentrated on the CPT® section containing the evaluation and management (E/M) codes because these are the most frequently used codes. We talked about:

• How it takes history, examination, and medical decision-making (MDM) to successfully document a patient visit;
• The subtle differences between a new patient visit, a consultation, and an established patient visit; and how to carefully document to obtain the correct reimbursement;
• How leaving out just one small fact or mistakenly reporting the location of a service can often change the level of a service drastically, and alter the reimbursement of a code; and
• How these errors can cost a practice proper reimbursement or overcharges to the patient and the carrier.

The students seemed surprised that small documentation oversights can affect the bottom line of a practice.

Meet Your Supplies and Other Services Codes

Lastly, I explained that HCPCs Level II codes are used to report durable medical goods, drugs and biologics, supplies, orthotics, ambulance charges, and other medical services not defined in CPT®. Although HCPCS Level II codes are not used as often as CPT® in most practices, the codebook that contains them is still a necessary part of a good set of coding books.

More to Coding than the Medical Book Trilogy

I told the students that there are other sources billers and coders use to help establish a successful practice. Following close behind is the need for a good medical dictionary, anatomy books, terminology guides, and a great network of peers through listserves, workshops, and conferences, all of which will keep their valuable coders up-to-date with coding guidance, and keep them safe in a changing industry.

Mission Accomplished

Although it may never become a requirement of medical school curriculum, I hope these students will remember what they learned in my class, and it will help them in their careers.

I encourage other coders to look around for opportunities to make an impact on the lives of medical students. Look to nearby medical schools and consider how you might enlighten our future doctors with this essential information. Share what you know. Make a difference.

Barbara Fontaine, CPC, serves on the AAPCCA Board of Directors and is business office supervisor at Mid County Orthopaedic Surgery and Sports Medicine, a part of Signature Health Services. She served on several committees before becoming a local chapter officer. In 2008, she earned the St. Louis West, Mo. local chapter and AAPC’s Coder of the Year awards.