March 5, 2021 | By Stephanie Allard, CPC, CEMA, RHIT
When I begin to work with a new client on an auditing project, I like to set up a meeting with them before we begin, to talk through the steps that I take as an auditor and to discuss their reason for the audit request. During this meeting I go over the documentation and coding guidelines that will be followed throughout the reviews and also inquire about any internal coding and billing policies that I need to be aware of. I often find that the documentation and coding practices that have been followed are based on outdated information or a process is being followed by staff who are unaware of why they are doing what they do. While an outdated process is concerning, the reason for the audit request itself often surprises me the most. Over the past year, I have had multiple discussions surrounding the misconception that an external audit could completely prevent an insurance company audit or would be proof of the organization’s total compliance simply because they conducted an external audit review.
When we think about the audit process in general, we need to recognize what can and should be done with the results. First and foremost, education is one of the most important steps to take once an audit is complete. The results of an audit will specifically identify the following:
- Who needs additional education (provider(s), clinical staff, coding staff, billing staff, etc.)
- Changes needed in the current workflow process
- Areas of compliance risk and opportunities for improvement when it comes to documentation and coding practices
Secondly, an audit is not only about discovery; the information within the documents are only as valuable as an organization makes it. From my perspective, if an audit yields concerning results but nothing is done with the findings, the level of risk to the organization is high regardless of whether I audited and provided education or not.
As an external auditor myself I know that I and others cannot prevent an audit from an insurance payer. I often hear of providers’ fears of being audited, but at the end of the day it is not about whether or not an insurance company wants to review your documentation; instead, it is about what has been done to ensure your compliance. An organization should look not only at whether they have audits performed but also whether or not they have a Compliance Plan and how their audits fit into that plan. In the event of an insurance payer audit that has variances, they may request to see what has been done internally to ensure compliance, but what will that show about your organization? Were changes initiated based on previous audit results? Or were the same adverse findings present at the time the insurance payer reviewed the documentation?
There are multiple reasons for an insurance payer to request records and they are not avoidable. External payer audits should not be feared; they should instead be something that is prepared for via adherence to guidelines, regular reviews, and provider education and resources when necessary. As we have heard many of the great speakers at NAMAS discuss, compliance should be a culture throughout an organization and not something that is done just to go through the motions.