The Power of a Quality Review: Your Best Defense Against OIG Audits

The following is a guest article by Rebecca Darnall, Risk Adjustment Leader at Episource.

You don’t have to be a fortune teller to see the future of auditing at the Office of Inspector General (or OIG). It has given every indication that it intends to investigate fraud, waste, and abuse more robustly in the foreseeable future. To that end, the agency doubled its budget for audits in 2022. The clear message is to expect — and prepare for — more audits.

These actions are more than just saber-rattling. The risk of audits is a legitimate threat to all payer organizations. As proof, several health plans have been making headlines for coding errors and other issues that surfaced during audits:

• In just the third quarter of 2022, at least four audits have specifically targeted Medicare Advantage plans.
• The Justice Department has joined the fraud case against one large national insurer.
• The New York Times claimed eight of the 10 largest Medicare Advantage insurers had padded their bills.

You don’t want to be the next health plan to make headlines for all the wrong reasons. The best way to prevent a potentially damaging OIG audit is to audit yourself proactively. Realize that, in this era of increased scrutiny, the industry gold standard of 95% coding accuracy might not be good enough anymore.

When you dig into the audits and lawsuits mentioned above, trends emerge. In most of these situations, the problems boiled down to one central issue: ineffective policies and procedures to prevent, detect, and correct noncompliance.

For many reasons, a quality assurance program might be a payer organization’s best friend. These programs stress the importance of arriving at supportable diagnoses and charting the diagnoses effectively, which leads to more accurate submissions to the Centers for Medicare & Medicaid Services (or CMS). In turn, this should also build more meaningful connections between providers and members as they work together to document and promote patient health.

Building Your Quality Assurance Audit

So, how do you install a quality assurance audit into your process? The first step is to determine which type of audit best supports your organization:

• Mock RADV audits are ideal for verifying data accuracy. As the name suggests, this option is helpful for organizations preparing for risk adjustment data validation audits.
• Random audits are good choices for vendor oversight or to gauge the performance of internal coding teams.
• Target audits highlight areas for provider education. You can audit by condition, individual provider, demographic, provider group, or facility.
• Training audits reveal opportunities to improve your internal team and help prepare feedback for individual coders or the team as a whole.

The next step is to plan the audit. Begin by setting the scope to establish clear parameters regarding the time period you want to cover and the error categories you will look for in the audit. Then, decide on the frequency of the audit. Does it make sense to perform annual audits, or is it better to audit on a per-project basis? The scope and frequency will dictate the number of auditors you will need. Finally, clarify your expectations. What results are you looking for, and how will the results be reported?

Understand which metrics will be most meaningful to you. Every organization is different, so monitor the metrics that best fit your needs. Some common quality assurance metrics are:

• Coding errors and unsupported conditions: Regularly looking for coding errors and unsupported conditions will allow you to spot trends early, which gives you an opportunity to educate providers or coders (or both) on proper documentation.
• Demographic errors: Common demographic errors include wrong members and missing member identifiers.
• Encounter errors: Incorrect dates of service, missing provider signatures, and flagged provider credentials are all errors that can occur during patient encounters. Not only is it imperative to get this information correct for CMS submission, but good data also supports care coordination.
• Missed conditions: If a member has a condition that is being treated or monitored, it must be documented. Missed conditions misrepresent member profiles for care coordination programs and create waste.
• Provider Education: This helps identify missed or incorrect (or both) usage of ICD-10 codes from locations where education was provided (i.e., did the provider education improve documentation?).

One last note about conducting quality assurance audits: Remember to close the loop. Audit findings should be used to provide feedback to vendors or internal coders. The information can also serve as the basis for provider education. If you don’t close the loop, you will likely see the same errors popping up again on future audits.

A Quality Assurance Audit Case Study

The power of quality assurance audits might be best illustrated by health plans that have successfully incorporated this step into their processes. Episource works with a regional healthcare organization that has added an annual compliance retrospective in the months leading up to the final submission deadline.

In the most recent audit, the organization looked at more than 15,000 beneficiaries in the payment year 2021. Invalidated diagnoses surfaced for more than 1% of beneficiaries through targeting suspicious fact patterns, followed by a coder audit assisted by natural language processing. This led to 64 replacements of invalid diagnosis codes with negative incremental change. At $1,000 per code, these errors pointed to a possible overpayment of $64,000 for the identified members.

Furthermore, the audit identified trends that the organization will need to monitor. For example, it was discovered that 23% of the diagnoses found only once on claims were not supported by medical records. Information like this revealed the gaps in the process and provided direction for education efforts and procedural improvements.

The process of identifying diagnoses, collecting codes, and transmitting information to CMS is lengthy, with numerous individuals involved. With so many touchpoints, it is no surprise that errors often occur. But CMS has made it clear that these errors will not be tolerated. Now is the time to install a repeatable, well-documented review process to catch and eliminate errors. In the current environment, a proactive review is your best protection from formal audits.

About Rebecca Darnall

Rebecca Darnall is a risk adjustment leader at Episource, which provides services and products to simplify the way Medicare, Commercial, and Medicaid health plans manage their risk adjustment and quality programs. Rebecca provides leadership and oversight into new product and business development, growth, and strategy to assist health plans in the optimization of revenue and risk mitigation. With more than 18+ years of healthcare experience, Rebecca is known for creating and establishing solid operating policies and procedures for all risk adjustment programs that comply with CMS requirements and industry practices.