RAC audits pose major risk, require extensive response plan
RAC audits pose major risk, require extensive response plan
Claims audit can result in paying back millions of dollars
Are you ready for a "RAC attack?" It's coming for you eventually, and you need to prepare now to minimize the damage. The Medicare Recovery Audit Contractor Program (RAC), which will become permanent across the United States in 2010, was created through the Medicare Modernization Act of 2003 to identify and recover improper Medicare payments paid to health care providers under fee-for-service Medicare plans. The U.S. Department of Health and Human Services is required by law to make the program permanent for all states by Jan. 1, 2010.
The goal of the program is to recoup money that according to the outside consultants hired to conduct the audits never should have been paid to health care providers in the first place. If organizations don't take steps to ensure their billing and data systems are in order, future RAC audits could prove extremely costly. In fact, during the RAC demonstration period, one hospital reportedly was found to have errors in about 40% of its audited claims resulting in a payback of more than $1.5 million. In 2007, the three-state pilot RAC program returned a whopping $247 million to its coffers.
Many providers are taking steps to address specific areas of coding accuracy and medical necessity, working with case management, utilization management and physicians to ensure that admissions and supporting documentation are in order. Many health care organizations are forming RAC committees that will deal with RAC-related record requests, denials, and appeals.
Rebekah Plowman, JD, an attorney specializing in health care litigation with the law firm of Epstein Becker in Atlanta, says there is no avoiding a RAC audit. And just as with a personal tax audit from the Internal Revenue Service, best intentions and generally clean records won't keep you out of trouble. Once auditors start poking around, they are likely to find something that will bring you grief. Following best practices and ensuring the highest-quality coding and billing are your best strategies for minimizing the damage, but few will emerge from a RAC audit completely unscathed, Plowman says.
"The RAC auditors in the demonstration project were paid on a contingency basis. As long as they got through the second level of review, which is not difficult for the contractors to get through, they were paid," she explains. "The fascinating thing about that is that over 50% of the appeals were won by providers, which shows that the contractors were incentivized to identify problems."
New rules are different
In the regular RAC program, not the demonstration project, the rules are different. If the provider wins the appeal at any point in the process, the auditor does not get paid. So, there may be somewhat less motivation for the contractor to cite problems, Plowman says, but the incentive is still there.
"CMS has agreed that they will post areas to be audited, partly as a result of the backlash against the demonstration project, but the list is pretty much everything that you could possibly be audited on as a health care provider. That's because with the current economic situation, the government really needs the money," Plowman says. "There really is no way to avoid being audited and having them find something."
Plowman says most health care providers are not adequately preparing for RAC audits. In particular, she says, providers are not preparing a system to track and respond to RAC audits. Particularly with large health care systems, there can be multiple RAC audits taking place and in various stages of the process, so there must be a system to make sure nothing falls through the cracks.
Need one RAC manager
A multidisciplinary team will be necessary to prepare for and respond to RAC audits, Plowman says, but one person at the organization should be identified as the RAC audit manager, and all information about RAC audits should be funneled through this person. Plowman says the risk manager is an excellent choice.
"Each risk manager or compliance officer who is responsible for managing the RAC audits should let the RAC contractor know that you are the key contact," she says. "That is the only way to make sure that you meet those time frames for submitting additional information. If you miss those deadlines and don't submit additional information, you're going to lose."
Tracking system is important
A tracking system also is important, she says, to keep track of each audit and the timing of each request and deadline. Once you have several audits going simultaneously, it can be easy to lose track without a dedicated system, she says. Various state and local hospital associations offer free software systems for tracking RAC audits.
Another tip comes from Michelle O'Daniel, MHA, MSG, director of member relations at the West Coast office of VHA, the national health care alliance, in El Segundo, CA. She says it is important for the RAC manager to have a separate mailing address that is dedicated only to RAC correspondence.
"So much of the interaction is extremely time-sensitive, and you cannot risk having correspondence misdirected or delayed. If someone in the mail room doesn't realize that this material is RAC-related and that it should go to you, the RAC manager, that could cost a lot of dollars," O'Daniel says.
O'Daniel is the national lead for VHA on RAC and has led seven educational sessions with more than 2,000 participants from hospitals across the country since January 2009. She leads efforts to help VHA hospitals in California improve their coding practices. VHA's members include more than 1,400 not-for-profit hospitals and 23,000 nonacute care organizations nationwide.
Survey: 90% appealed rulings overturned
O'Daniel surveyed 31 member hospitals in the three RAC demonstration states (California, Florida, and New York) and found that they were required to return nearly $46 million to CMS as a result of RAC audits. Most of the repayments were challenged by the RAC because of issues relating to medical necessity and coding/documentation issues. But once appealed, approximately 90% of the RAC rulings were overturned. That is not all good news, however, because the appeals process is lengthy and costly. Furthermore, hospitals that appeal an initial repayment request still have to pay for the cost of the appeal even if they win.
In addition, O'Daniel estimates that the average California hospital could lose $2.4 million from CMS changes and RAC audits $750,000 per year as a result of poor coding practices (meaning hospital staff are failing to report a patient's need for treatment or accurately describing the true clinical severity upon admission) and $1.65 million annually because independent auditors hired by CMS report that treatment was unnecessary.
"The auditors are coming, and they're coming fast," O'Daniel says. "We had one organization, a five-hospital system that had $10 million taken back. There is huge potential here for a very negative impact."
Providers can feel helpless
O'Daniel points out that some health care providers can feel helpless in the face of RAC audits, because they concern coding and billing that already has taken place and, aside from the potentially hazardous internal audit and self- disclosure, there is little they can do to protect the organization. But O'Daniel reminds risk managers that today's billing and coding practices will soon be "in the past" also and subject to future RAC audits. So, ensuring that your organization follows best practices now can be the most effective defense against future audits.
"Also, it's good to remember that while RAC audits are mostly about CMS taking away dollars, there is the opportunity to actually get money back for underpayments," she says. "We don't see that a lot, but it does happen."
One hospital taking an aggressive approach in preparing for RAC audits is Palomar Pomerado Health (PPH) based in Escondido, CA, serving communities in an 800-square-mile area in Southern California. PPH has implemented a strategic "RAC Attack" program to prepare for future RAC audits. Tom Boyle, director of internal audit at PPH, has spent several months assembling and educating a multidisciplinary RAC task force, reviewing protocols, analyzing "lessons learned" from the initial RAC demonstration pilot, and most importantly, completing an internal audit of the patient admittance process to identify vulnerabilities and implement controls to result in more accurate billing practices.
PPH was involved in the RAC demonstration project, so it has considerable experience.
"We've tried our best to be proactive on minimizing our risk. This is just another risk for health care providers, so we address it with the same proactive attitude that we apply to other risks," Boyle says. "We look to ensure that we have efficient processes, proper documentation, and billing accuracy. It involves both people and processes, and it often gets to the point of training, redesigning, and re-engineering."
Identifying risk areas
PPH tries to find potential problems before they become coding and billing errors that could be uncovered in a RAC audit.
"We want to find those problems before they do," he says. "We've identified the top five to 10 risk areas, and we concentrate on those. We identified those risk areas both from our own audits of how well we're doing, as well as the published materials from the RAC audits."
Boyle says PPH sets up parameters that can alert investigators to any trends or anomalies that could prove problematic in a RAC audit later unusual charges, excess charges, or days charged, for instance. Once those outliers are identified, PPH seeks the documentation to justify them, and if they cannot be accounted for adequately, conducts a root-cause analysis. The results of that analysis led to a plan for changing the processes, so that the problem does not recur.
"I try to put myself in the shoes of the RAC auditor and say, 'If I had this information, what would I be looking for as a red flag for noncompliance or billing issues?'" Boyle says.
Sources
For more information on RAC audits, contact:
Tom Boyle, Director, Internal Audit, Palomar Pomerado Health, Escondido, CA. Telephone: (760) 739-3000.
Michelle O'Daniel, MHA, MSG, Director, Member Relations, VHA Inc., El Segundo, CA. Telephone: (310) 726-4079. E-mail: [email protected].
Rebekah Plowman, JD, Epstein Becker Green, Atlanta. Telephone: (404) 923-9080. E-mail: [email protected].
Are you ready for a "RAC attack?" It's coming for you eventually, and you need to prepare now to minimize the damage.Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.