The industry is buzzing with news of Recovery Audit Contractors (RAC), and even word of period Comprehensive Error Rate Testing (CERT) drifts by now and again. But there are many other oversight entities that are conducting audits as well.

Conducting internal and external audits reduces or eliminates fraud and waste, and is an important way to keep healthcare costs under control. HHS has estimated that for every $1 it spends to stop fraud, it saves $1.55, according to a May, 7, 2009 news release.

There are four main areas that HHS and government contractors are continually auditing and monitoring electronically and through desk reviews:

1. Medical necessity claims
2. Fraudulent behavior
3. Fraudulent activity
4. Medicare services

The various types of audit activities conducted through HHS are:

• Benefit Integrity. CMS contractors review for benefit integrity to help identify patterns that may indicate fraudulent billing. Analyze your own internal profile of physician billing patterns to ensure they're not aberrant. If your numbers (e.g., your evaluation and management services) are above national benchmarks they will not go unnoticed regardless of the practice's size.
• Cost Report Auditing. CMS requires Medicare Part A providers (e.g., hospitals, nursing homes, home health agencies) to submit cost reports annually. CMS contractors review the cost reports to assess whether the reported costs are adequate and accurate. If not, it may decide a more comprehensive on-site audit is necessary. Therefore, it is important to audit the integrity of cost reports to ensure correct reporting and sufficient documentation to support the financial information. Many organizations rely on external auditors to perform an annually audit of the cost report and even previous annual reports to ensure compliance and proper reporting.
• Medical Review: Medical reviews help identify and prevent payment errors and billing mistakes. Medicare contractors review claims for medical necessity and to verify beneficiary eligibility. They also check incomplete or duplicate claims and coding errors, such as incorrect code combinations. Medicare contractors may review claims pre- or post-payment, and can request additional information from the provider or the beneficiaries to determine that the services billed were actually provided. Providers can mimic a claim review by using a claim scrubber prior to claim submission. Most sophisticated claim scrubbers have the functionality to allow customizable edits, and can include Local Coverage Determinations. Claim scrubbers also typically have the ability to perform a code check to ensure there are not any National Correct Coding Initiative edits. Taking steps such as this will help prevent contractors from conducting on-site audits.
• Medicare-Medicaid Data Match Program (Medi-Medi). CMS seeks to locate improper billing or fraudulent practices affecting both programs through Medi-Medi auditing, through which CMS identifies atypical billing patterns that might not be evident when analyzed separately. There are many services that are covered by both programs. Medi-Medi provides a crosswalk between both programs, and helps eliminate practices such as double-dipping.
• Medicare Secondary Payer (MSP). MSP auditing helps ensure Medicare only pays for services where it has primary responsibility-as opposed to a service where a third-party payer is responsible for payment. New reporting requirements for MSP became effective January 1, 2009. (The rules are available at www.cms.hhs.gov/MandatoryInsRep/). Registration and billing staff members must be aware of when Medicare is and is not a secondary payer to help ensure accurate billing.
• Provider Education. Contractors must regularly educate and provide outreach to providers. Contractors typically offer various types of education through free audio conferences, e-mail updates, and monthly communications. Keeping current on all the contractor rules and regulations will help ensure compliance. All of this provider education must be at no cost to the provider.

The FBI is the lead investigative agency fighting healthcare fraud. The OIG has authority to investigate fraud only in federal programs, however, the FBI has jurisdiction in both federal and private sector. CMS contractors, the OIG, and the FBI all refer potential healthcare fraud cases to the Department of Justice.

Even with all the transparency regarding governments audit functions, unfortunately there is still deliberate, reckless, and fraudulent behavior happening. FBI agents recently arrested 53 clinic owners, physicians, and other staff members who were defrauding Medicare for more than $50 million. The Medicare Fraud Strike Force used sophisticated analysis of Medicare data to find patterns of suspicious billing to uncover the fraud, according to HHS.

As you pull together their internal auditing and monitoring work plan for 2010, you should take a close look at each area that the government monitors. Too often practices and hospitals wait for the routine documents to come out each year to form their audit plan. But if that is an organization's sole source for their plan and compliance initiatives, it could miss significant areas of risk. You should have an active compliance and auditing department that forms a comprehensive and manageable plan on an annual basis, and that department should be prepared to handle any and all audit findings.

Joe Rivet, CCS-P, CPC, CEMC, CICA, is a regulatory specialist at HCPro, Inc. He serves as an instructor for the Certified Coder Boot Camp® - Original Version (covers physician and outpatient hospital coding) and the Evaluation & Management Boot Camp®. Rivet serves as a lead consultant for HCPro's Revenue Cycle Institute. He has extensive coding experience with both physician and facility coding. For more information, visit www.hcprobootcamps.com and www.revenuecycleinstitute.com.