By: Carmen Vitton, MS, CCC-SLP, TSHA Business Management Committee Member.
Do you know how hungry your organization is for identification of or tolerance for risk? “Appetite” refers to the level of risk an organization is willing to accept in pursuit of its business objectives before action is deemed necessary. “Tolerance” is the acceptable level of variation in performance related to achieving a company’s business objectives. Risk management is a structured process for identifying, evaluating, and prioritizing legal and regulatory risks that could negatively impact the organization. It allows the organization to focus essential resources on the most significant risks and areas lacking adequate compliance controls.
If an organization is going through growth, it may have an increased risk for both appetite and tolerance. If an organization is stable and not anticipating significant growth, there may be decreased risk appetite; however, its risk tolerance can vary depending on complacency around controls in place. Controls speak to whether or not an organization not only has policies in place that address specific practices and processes but also demonstrates an eager interest in ensuring all procedures are actually being followed by all clinicians.
While compliance and risk management do share some overlap, compliance focuses more on adherence to regulations and ensures the organization remains current with regulatory changes in the industry environment, such as coding and documentation requirements. Risk management focuses on the process of identification perhaps via formalized audits or investigations and assesses potential legal penalties if service provision was not rendered as billed, for example, and potential financial losses such as denied claims. At the heart of risk mitigation is your response as a leader to ensure that routine monitoring and auditing of internal systems occurs.
As medical speech-language pathologists (SLPs), we face risk from multiple sources—patients, families, staff, facilities, reimbursement auditors, federal/state regulations, vendors, insurance providers, the media, and the list goes on. As a business owner, one can remain in compliance by identifying trends through various approaches. First will be a retrospective audit that requires corrective action to ensure the issue does not recur but also necessitates remedies to third-parties. An example in this case may be a clinician whose license expired in January yet rendered services to patients in February, which would necessitate the removal of charges for services provided post-expiration date as well as repayment of any monies received for reimbursement, board-reporting, etc. Secondly, a concurrent audit of all staff licensure expiration dates will identify potential problems as they arise and before they can cause harm to the organization or another party. This approach allows immediate correction of the related process and helps identify any other processes that may require modification, such as disallowance of a therapist to access software pending licensure renewal. Regardless of the approach, do not fail to act when it comes to monitoring and auditing documentation. Do not enable staff “to grade their own papers,” so to speak. Always be sensitive to the fact that there are audiences watching.
The one area of compliance to be especially attentive to are the Targeted Probe and Educate (TPE) audits. TPE audits focus on over-utilization of Current Procedural Terminology (CPT) codes; they typically encompass a review of 20 to 40 claims. A determination is made of low, significant, or high error-rate classifications and can continue for up to three rounds of audits. Further action, known as “pre-pay review” may be the resulting analysis should your error rate be deemed high over the course of the audit rounds. This is a risk no business owner wants to face given the impending cash-flow issues the pre-pay status may create. This is particularly important if subsequent rounds of review indicate that little or no education has been provided or understood by the provider in an attempt to modify or correct inaccurate CPT code usage that may last more than a year in duration and would place significant risk to the organization’s daily operations.
For medical SLPs, the routine overuse of CPT Code 92507, Speech, Language, Voice, Communication Treatment, may be a risk for audit. While this code may be appropriate for cognitive-communication when treatment goals are language-based for patients with chronic, progressive brain conditions without potential for improvement or restoration, it is not intended for all patients. The compliance concern in this example is the failure of the clinician to adhere to the accurate utilization of the CPT code(s) definition/application, which may be the root cause of an eventual pre-pay audit conducted by the Centers for Medicare and Medicaid Services (CMS) contractor.
What does a treatment encounter note represent? You may learn via internal audit that the daily treatment note more accurately reflects a CPT code other than what was billed, particularly if the note is repetitive, which may be out of compliance with the company’s established policy and which could lead to regulatory penalties and/or denial of reimbursement. To avoid this risk, ensure treatment documentation encompasses all goals specific to that patient and that modifications are actively being made to the plan of care to progress/simplify goals according to progress being made.
To further illustrate the compliance/risk management relationship, the following example is provided. If the focus of treatment is primarily cognitive function for patients with acquired cognitive impairment from head trauma or acute neurological events such as a CVA, the SLP may record 97129 (initial 15 minutes) and/or 97130 (for subsequent 15-minute intervals). Therapeutic interventions that focus on attention, memory, reasoning, executive function, problem-solving, and/or pragmatic skills and/or compensatory strategies to manage the performance of an activity (e.g., time management, schedules, initiation, organization, and sequencing tasks) may be better suited for these CPT codes versus CPT code 92527. Prevent TPE probe audits to lower your risk by educating the staff regarding subtle differences in the definitions between the codes to facilitate correct and appropriate billing practices and to ensure diversification of code utilization.
For organizations with multiple locations, having a centralized managed care authorization process in place protects providers against the risk for technical denial of claims secondary to lack of authorization. Ensure that the discipline-specific authorization number is documented on the UB-04 Form. Closely monitor any Part B cases on program longer than 45 days as these will be at higher risk for audit as well.
Additionally, confirm that orders, evaluations, and re-certifications are signed in a timely manner by the physician; electronic signatures can significantly reduce this risk. Train staff to record exact minutes rendered versus subscribing to the inaccurate practice of rounding minutes up in increments of five, and ensure therapists consistently obtain written consents to services rendered via the telehealth delivery mode. Also, ensure nursing notes are reflective of the patient’s progress in therapy, and confirm that the medical record represents a consistent and coherent narrative about the patient.
Compliance risks are always changing, and monitoring them regularly helps us identify these risks before they happen. A dynamic audit and monitoring plan alerts compliance to the need for reprioritization of all risks. Our profession can be considered a risky business.
Sources
Health Care Compliance Association. HCCA Compliance 101, 5th edition. Debbie Troklus & Sheryl Vacca with Derrell W. Contreras
Centers for Medicare and Medicaid. CMS.gov Medicare Benefit Policy Manual Part B Chapter 15.