Part 2: Make numbers five through one part of your compliance plan.
Marcella Bucknam, CPC, CPC-H, CPC-P, CPC-I, CCC, COBGC, CCS-P, CCS
Last month, we began exploring the top 10 compliance concerns for which all physician practices, regardless of specialty or size, should be on the lookout (“Overcome Coders’ Top 10 Compliance Concerns,” February 2012). This month, we conclude this two-part series with a look at the top five compliance risks, and some tips to ensure you meet these challenges effectively.
No. 5: Signatures
There is renewed Medicare focus on what constitutes a signature, whether handwritten or electronic. The Medicare rules for signature requirements will be applied any time a document is reviewed for payment, or in retrospective review. Recovery audit contractors (RACs) also are looking at signatures when they review records.
Handwritten signatures are defined as, “A mark or sign by an individual on a document to signify knowledge, approval, acceptance, or obligation.” Medicare has taken the position that if a signature is illegible, a signature log or attestation statement is needed. Logs may also be used to identify individuals who signed by initialing. Attestations and logs must be signed by the individual who created the original entry. If someone has left your practice without signing his or her records, those records—including any orders arising from those records—are considered invalid.
Electronic signatures must be password protected. The electronic record must track with an audit trail anyone who writes in the record. An electronic signature is not just a typed-in name. The signature must “freeze” the record, so no changes can be made, except by a separate addendum. Each signature must also include a date.
Other signature rules include:
- “Dictated but not read” is unacceptable.
- Signature stamps are unacceptable.
- Unsigned records are unacceptable.
- Unsigned orders are not recognized at all.
- No one may sign for anyone else.
- Sign as soon as possible.
- If signature is delayed, use attestation instead.
No. 4: Excluded Providers, Credentialing, and PECOS
Providers who have been excluded from the Medicare program may not bill services, order services, or prescribe services for Medicare beneficiaries. If participating Medicare providers perform services referred or ordered by excluded providers, the services will not be paid. There are minor exceptions for emergencies.
Practices must screen all new providers and employees. Exclusions can be checked by referencing the Office of Inspector General’s (OIG’s) List of Excluded Individuals/Entities Search. The newest Medicare Advantage contracts specify annual screening of all providers and employees. You will also need to track any rejections because of referrals from excluded providers, and create a process for making sure referrals are not accepted from those individuals.
Practices also need to be aware of the Provider Enrollment and Chain Ownership System (PECOS) and make sure both referring and ordering providers are enrolled. The system manages, tracks, and validates enrollment data, but is not always accurate. Providers not listed may not prescribe or order tests or supplies for Medicare beneficiaries. Providers are deactivated if they have no active claims processed within one year. Deactivated providers are notified after deletion from the system, so infrequent Medicare billers should verify their status regularly.
No. 3: Medical Necessity
The Centers for Medicare & Medicaid Services (CMS) says medical necessity “is ‘complex medical judgment’ made after consideration of the severity of the signs and symptoms; medical probability of an adverse outcome for the patient; and the need and availability of diagnostic studies.”
The Comprehensive Error Rate Testing (CERT) program, Medicare administrative contractors (MACs) and carriers, commercial insurers, RACs, and others make medical necessity determinations. These entities are advised by CMS not to challenge the physician’s judgment; but, that judgment must be clearly documented in the record.
Medical documentation must “contain sufficient, accurate information to: 1) support the diagnoses, 2) justify the treatment/procedures, 3) document the course of care, 4) identify treatment/diagnostic test results, and 5) promote continuity of care,” according to MLN Matters® SE1027 (www.cms.gov/MLNMattersArticles/downloads/SE1027.pdf).
No. 2: Cloned Notes
The proliferation of electronic health records (EHRs) has led to new problems related to copied and templated documentation. The OIG calls these “cloned notes,” and identifies these as records where so much of the information is copied forward from visit to visit that the record is no longer unique to the specific service provided, or when all of the records created on a single date are so similar they are not specific to the patient.
Both government and commercial payers are refusing to pay for services when documentation is copied or defaulted into every note or record for the same patient. Payers want documentation that uniquely reflects the care provided during the specific patient encounter. Note that when errors creep in due to copied records, there are not only payment issues, but also serious patient care issues.
Each patient and encounter should have unique documentation. The challenge for the practice is to develop processes that allow practitioners to make use of the copying, templating, and defaulted information for easier documentation without creating cloned notes. Some hospitals are dealing with the problem by banning the use of copy and paste functions.
No. 1: Alphabet Soup (RAC, MIP, MIC, ZPIC, CERT)
The number one concern for health care practices is the many government audit programs scrutinizing your practice. The affect on your practice is not just the cost of recoupment, but also the cost to your practice to review and respond to requests for information. Here are some of the main programs to be aware of:
RACs: These companies contract with Medicare to recoup money from inappropriately paid claims. They receive information from Medicare about paid claims, and then “data mine” for potential claims payment errors using computer programs. The contractors are paid a percentage of the money they recover, and are highly motivated to find claims errors.
The cost and time associated with reviewing records and disputing payment “recoveries” can be significant, but the recoveries themselves are often small. Many practices feel that the cost of reviewing and appealing these small claims is too high; however, RACs can report their findings to other investigating entities (including the OIG), and a failure to appeal may be seen as an admission of error.
Medicaid Integrity Program (MIP): These are state programs that indentify and recover inappropriate Medicaid payments. They work with Medicaid integrity contractors (MICs), which are federal programs that also look for inappropriate Medicaid payments. Like RACs, these programs use data mining to identify potentially incorrect payments.
Zone Program Integrity Contractors (ZPIC): ZPICs replaced the Medicare program safeguard contractors (PSCs) and Medicare drug integrity contractors (MEDICs). These programs were consolidated in a hope for increased efficiency in coordinating with MACs. They focus on reviewing claims paid to providers who submit more claims to Medicare than the majority of providers in the community. If fraud or abuse is detected, ZPICs report to the OIG.
CERT: CERT programs look for inappropriate payment by carriers and MACs. They calculate the Medicare fee-for-service error rates based on a review of records. The most frequent problem they identify is lack of documentation, including no response; however, their findings are also used to form OIG target issues lists and identify “error prone” providers.
All of these investigative organizations can give their findings to other contractors and agencies, and any identified problems can end up magnified when viewed from different perspectives. Best practice is to not ignore these entities. They will not just go away.
These steps will not guarantee your practice never encounters errors or violations, but they will make it possible to detect internal problems early on and fix them before they escalate into more serious issues.
Quick Tips to Handle Compliance Concerns
Even the smallest of practices should establish a compliance program. Use the rules for creating an effective compliance program as set out in the Federal Sentencing Guidelines Manual (www.ussc.gov/guidelines/index.cfm) to make sure you have all of the required compliance program elements, including:
- Create a written compliance plan.
- Designate a compliance officer and compliance committee.
- Develop effective lines of communication.
- Conduct auditing and monitoring.
- Create written policies and procedures.
- Conduct appropriate training.
- Create a process for responding to violations.
- Enforce disciplinary actions through well-publicized guidelines.
- Conduct an annual risk assessment.
Marcella Bucknam, CPC, CPC-H, CPC-P, CPC-I, CCC, COBGC, CCS-P, CCS, is the manager of compliance education for a large university practice group. She is the long-time consulting editor for General Surgery Coding Alert, and has presented at five AAPC National Conferences.
March 1st, 2012