Who Can It Be Knocking at Your Door? Are You Prepared?

by  Sean M. Weiss, CHC CEMA CMCO CPMA CPC-P CMPE CPC
Sep 9th, 2016 - Reviewed/Updated Aug 17th

The truth is you can never be fully prepared when a Special Investigative Unit (SIU) from Medicare or Medicaid shows up unannounced. With that said, you can use this tip to help understand what your obligations are and how to act to ensure it is as smooth a process as possible and does not lead to your being booted from participating with The Centers for Medicare and Medicaid Services (CMS). I have followed a very simple business philosophy throughout my 20+ years in this industry as outlined by Sir Henri Deterding: "There is a master key to success with which no man can fail. Its name is simplicity. Simplicity, I mean, in the sense of reducing to the simplest possible terms every problem that besets us. Whenever I have met a business proposition, which, after taking thought, I could not reduce to simplicity, I have left it alone."

Too often we work against ourselves, over thinking situations and running through all of the possible downsides that could present themselves rather than focusing on what it is that's in front of us and finding the best way to get from point A to point B. That is really what

an audit and its findings are... how they got from A to B. Our job is then to figure out if the audit findings met all of the steps between point A and point B.

Receiving a letter from a carrier, investigatory agency or private payer is stressful enough. But what happens when someone shows up at your door with a business card and a letter and wants everything right then and there? This is a situation that is becoming more familiar and one that if you are not willing to accept that this can and possibly will happen to your practice, then the outcome will have serious adverse effects.

During the last month, we at DoctorsManagement have had multiple practices reach out to us for support and guidance because they had someone show up from AdvanceMed (ZPIC) and/or the Special Investigative Unit (SIU-Medicaid) demanding access to medical records, provider schedules, sign-in sheets, and imaging studies. The organizations were varied in geographic location, size and specialty, so there is no real detectable pattern as of yet.

The following are things you can do to ensure you are feeling good about your outcome with one of these groups:

• Understand Your Risks. This can be accomplished by using a program such as Compliance Risk Analyzer by the Frank Cohen Group. Programs like this use applied statistics and data-mining algorithms to rank your risk from 0-100 and then create a specific audit plan based on high and moderate risks. Using methods such as probe audits or auditing what everyone else is auditing may not give you an accurate picture of what your true risk(s) might actually be.

• Perform Audits of Providers' Documentation on a Regular Basis Under Attorney Client Privilege Focus on the medical necessity and the subjective portions of the encounter (i.e. HX and MDM), but do not ignore the exam. Audit focus should be on Dx

codes, modifier application, ancillary services, minor procedures, time as a controlling factor, etc. inaddition to E&M services. The purpose of a provider's documentation is to "paint a clear picture for the auditor who will be reviewing the information at some point but more importantly to ensure that any provider assuming the care of the patient can do so in a safe and prudent manner." In addition, ensure that documentation exists and that is complete and legible, ensure that anyone making an entry into the record is logged for identification purposes, ensure all notes are signed, and validate supervision of NPPs and whether or not incident-to or split/shared guidelines are met.

• If Issues Have Been Detected that did not require you to make a refund, file a corrected claim or self- disclosure. Use the Corrective Action Plan (CAP) process to ensure compliance in the future.

• Monitor and Update your OIG Compliance Plan and policies at a minimum, annually. Some will need to be reviewed much more often

Even following the steps above does not ensure you will never be audited, but when it does happen at least you know where you stand. When an unannounced site review takes place, the following are steps you should take to make the process less arduous:

• Ask for their business card and a letter. It should be on official letterhead and addressed either from CMS, your carrier, or the private payer they are representing.

• If it is an official review, they will have a letter outlining the number of patients in their audit sample, the dates of service in question, and your rights under your participation agreement.

• Contact your legal counsel, consultant, or compliance representative immediately to inform them of what is happening and what guidance they can provide.

• Speak with the representative who is onsite, ensuring them that your organization is happy to comply with any requests they have, however, request patience if they have a long list and require multiple dates to be copied.

• Never allow them access to your EMR without supervision. I have found many times these individuals try to look at how you document for other payers by going into various patient records. This is not only a breach or their participation agreement with your practice, but it is a violation of HIPAA.

• Do not refuse them access. This will result in them leaving and you will most likely receive a letter within 10-12 business days notifying you that you are no longer a participating provider or that they have suspended all payments to your organization until you comply with their request.

• Do not pick a fight with them, be rude/snide with remarks, or keep them waiting for an extended period of time. This only agitates the situation.

• Offer them some coffee or a beverage and direct them to a quiet space away from your patients. Nothing crushes patient confidence in a provider's practice like seeing officials from the insurance companies, or worse, the government lurking around.

• Get them what they ask for as quickly as possible to get them out of your office and minimize disruptions. Keep chatter to a minimum while they are there and if they ask to interview members of the practice, contact your legal counsel immediately as you do not want to incriminate yourself or disclose something that should not be disclosed.

"Everything should be made as simple as possible, but not simpler"- Albert Einstein

By now, you can see that I like to approach things simplistically. While an unannounced site visit can be a very nerve wracking experience, taking a simple approach and following the suggested steps above can make the experience less stressful and complicated for all involved. In addition, implementing proactive measures such as performing routine audits, and understanding your true risk can greatly reduce the level of stress and worry should an onsite visit to your practice occur.