In Brief: Revenue cycle compliance is a dynamic organizational issue that carries significant downside risk and requires a high level of managerial commitment to remain consistent in its achievement.
As healthcare expenditures continue to rise at a rapid pace across the industry, providers are increasingly challenged to achieve positive operating margins by maximizing collections through efficient revenue cycle management, which includes all administrative and clinical functions that contribute to the capture and collection of patient service revenue.
Streamlining the reimbursement process from patient registration and chart documentation to claims submission and payment posting is key to receiving cash from realized revenue in a timely manner. However, speed can be a killer in the billing process if the proper steps to ensure compliant, error-free claims are ignored or poorly executed. Claims submitted hastily without the proper pre-visit documentation, in a manner that compromises the patient’s privacy, or that seek improper payments from government-funded payors could place providers at risk of non-compliance.
Administrative, civil, and criminal penalties that provider organizations could face for illegal Medicare or Medicaid billing practices can be disastrous from both financial and public relations perspectives. Fortunately, preventive measures can be implemented to mitigate many of these downside organizational risks. Examples include:
- Implementing changes to front-office/admitting work flows that trigger mandatory compliance activities.
- Mandating organization-wide compliance trainings for all employed staff, vendors, and contract staff.
- Adopting proper compliance management checks-and-balance processes.
This blog post on patient-focused compliance issues is the first in a three-part series highlighting the top revenue cycle management issues impacting compliance in the healthcare industry today. Subsequent posts will highlight back-office and payment compliance issues as well as overall compliance governance best practices to limit overall downside risk.
Below are four patient-focused compliance issues that providers should address within their organizations, including the potential negative outcomes of noncompliance and mitigation strategies.
Providers and staff play a key role in communicating with patients about their health coverage availability. In order to ensure the proper collection of patient self-pay reimbursement, Medicare requires that the Advance Beneficiary Notice of Noncoverage (ABN) form be given to patients when providers believe Medicare will deny payment for services due to a lack of medical necessity.
Risk of Noncompliance
If providers do not comply with ABN requirements, they risk losing the ability to bill patients for elective procedures.
- Incorporate appropriate work flows into front-end and point-of-care operations in order to alert clinic staff to Medicare patients who are not pre-authorized for a scheduled service/procedure/surgery.
- Conduct robust training and scripting activities with providers and registration staff who are in charge of obtaining pre-authorizations.
Medicare requires a Medicare Secondary Payer (MSP) questionnaire be given to patients, when appropriate, to identify any alternative payor priority status.
Risk of Noncompliance
Consistently failing to identify alternative primary payors may put providers at risk of violating the provider agreement with Medicare. Providers could be terminated from Medicare reimbursement as well as face civil and criminal penalties.
Build hard stops and edits into the practice management system registration and patient arrival processes to ensure proper completion of the MSP questionnaire for patients with Medicare coverage.
HIPAA Compliance: Providers, Billing Staff, and Vendors
Providers are required by HIPAA to document, store, and transmit patients’ individually identifiable health information (IIHI) in a private, secure manner. Under the HIPAA Privacy Rule, provider organizations that electronically transmit health information in connection with reimbursement claims, benefit eligibility inquiries, referral authorization requests, or any other administrative functions involving a patient’s IIHI are required to secure such data from all unauthorized disclosure.
The HIPAA Privacy Rule applies to a healthcare provider whether it directly transmits these transactions electronically or uses a billing service or other third party to do so on its behalf. While some providers choose to outsource operational functions to third-party organizations located outside of the United States, these organizations may not comply with the HIPAA Privacy Rule and other requirements.
Risk of Noncompliance
Providers who fail to comply voluntarily with the HIPAA Privacy Rule and other standards may be subject to civil monetary penalties (CMPs) and/or criminal prosecution.
- Individuals who “knowingly” obtain or disclose IIHI in violation of the HIPAA Privacy Rule face fines of up to $50,000 and imprisonment for up to one year.
- When these offenses are committed under false pretenses, CMPs can increase to a $100,000 fine and up to five years in prison.
- Finally, if it is proved that the individual’s intent was to sell, transfer, or use IIHI for commercial advantage, personal gain, or malicious harm, the punishment is increased to a fine of $250,000 and imprisonment for up to 10 years.
- Mandate that all hospital personnel who may come into contact with IIHI take mandatory HIPAA compliance training upon hire and regularly participate in refresher education sessions.
- Review existing and new vendor contract agreements to ensure HIPAA compliance provisions are included.
- Conduct site checks, when appropriate, to ensure compliance with contract requirements.
Utilization review is used by hospitals to proactively monitor and control cases that are at risk for improperly submitted claims, rejected reimbursement, and inefficient care.
Risk of Noncompliance
If inappropriate admissions are found, penalties from Medicare can be severe, including CMPs, sanctions, and termination of Medicare participation.
- Ensure that those staff members who are managing utilization review are actively communicating with medical personnel and have access to real-time clinical data on admissions through a case management system that is integrated with the provider’s EHR in order to fully understand case details.
- Ensure compliance staff are actively monitoring changes to reimbursement rules and guidelines and incorporating all key updates into decision-making work flows.
Compliance risk exists throughout the provider revenue cycle and begins the moment patients enter through the front door of an outpatient or inpatient setting. Penalties for non-compliance can be severe; however, organizations that take proactive measures to implement proper checks can mitigate downside legal risk, protect patient IIHI, and ensure timely, accurate reimbursement payments.
Stay tuned in the coming weeks for part two in our three-part series highlighting the top back-end revenue cycle management issues affecting compliance in the healthcare industry today.