Six key steps to reduce the impact of telehealth audits

Telehealth is almost as old as the telephone itself. In 1879 – just three years after Bell patented the telephone – an article in Lancet described the concept and advocated its adoption. 

A law that’s even older can trigger many telehealth audits today. The 1863 False Claims Act (FCA) was enacted to keep profiteering contractors from defrauding the Union army. It can trigger serious problems for hospitals that don’t take proactive steps to make sure their telehealth practices are audit-proof.  

That’s because the 2010 Affordable Care Act updated the FCA to make healthcare providers liable for “retention of any overpayments” from Medicare and Medicaid. This even includes overpayments resulting from accident or error. Indexing penalties for inflation each year, a requirement added in 2015, increased hospital liabilities. This puts liabilities at three times the amount of the overpayment(s) plus $11,803 to $23,607 for each instance. (Some 29 states and the District of Columbia have additional False Claim laws.) 

These laws’ implications and requirements touch every part of the hospital. Keeping the whole organization in compliance means that all departments have to work together. 

New laws, new regs, new worries for telehealth 

Even before COVID, the government audited claims from what was then a smaller, rural telehealth system. Regulators found a trend of incorrect payments to doctors outside rural areas, who were therefore ineligible to receive them. 

Telehealth is on the latest Office of the Inspector General (OIG) work plan, too. The OIG will be addressing remote patient monitoring by telehealth as an area of concern. 

The public health emergency, with its series of 90-day waivers, made it possible for telehealth to grow so fast. Now, as the COVID emergency ebbs, Congress is considering making its current, expanded status permanent. (Two bills were introduced in May. One would enable audio-only telehealth services for Medicare enrollee. The other would expand telehealth for Medicaid and Children’s Health Insurance Programs.) 

That’s good. But with laws come regulations covering acceptable types, locations and forms of delivery of telehealth services. And with regulations come scrutiny and audits. That can create challenges, especially with the specter of FCA liability in the background. 

The best way to cope with audits is to prevent the need for them in the first place. Here are six steps to follow: 

  1. Know what you’re up against. Keep up to date with all the developing federal and state regulations, waivers, and other requirements. That in itself can take up most, if not all, of your personal and your compliance team’s time.  
     
    Related: Find out how a team of expert compliance professionals and a nationally respected law firm track and analyze the latest regulatory changes, keep you updated, and give you actionable ways to adapt your process.  
     
  1. Inventory your waivers. Which waivers do you rely on, in which departments and facilities? Do the providers and staff that they apply to know about them? And who makes sure the requirements are met and documents it? 
  1. Check your records. One of the biggest causes of noncompliance isn’t malice. It’s error. Did an accidental typo in Coding result in an incorrect claim? Does everyone in Billing know which states require what reimbursement levels for telehealth services? Are certain telehealth records missing? Who’s responsible for keeping the signed doctors’ orders and documents that establish medical necessity? Do patients and services meet billing guidelines? Do you have a telehealth compliance policy? Does it need changing? Start conducting spot-checks to find out. 

    Related: Find out about state requirements for telehealth billing.  
     
  2. Audit your process. Another big cause of noncompliance is miscommunication – particularly the assumption that someone else is taking care of something. So put together an internal audit team, with each department represented. That way, each can learn from the other. Hold an entrance conference to highlight what you learned from your spot checks, define the internal audit’s scope, set expectations, and assign specific tasks and timelines. 
  1. Fix whatever’s broken. Reconvene the internal audit team and communicate the findings. Together, use that input to find opportunities to correct or cure what’s wrong in your process. Then, create a Corrective Action Plan (CAP) that will include needed education, training, policy, and process changes. Monitor your CAP over time, to see how it’s working and to spot anything else that needs fixing. 
  1. Rebill and repay. If your internal audit and CAP were successful, you’ll have discovered missing or insufficient documentation. Report it. You may have also have found instances of incorrect payments. Rebill and repay. Yes, it will cost your hospital money. But not nearly as much as a full-blown government audit. A Department of Justice investigation could end up costing you time, legal fees, and FCA triple damages. 

Patient demand for telehealth isn’t going away. Neither are the costs of noncompliance with telehealth regulations. As the public health emergency expires, fines from regulators and denial of claims from payers are sure to add up. The best way for your healthcare organization to solve these potentially massive financial problems is to work together to prevent them. Proactively partnering with colleagues in all relevant departments, your compliance team can lead the efforts to identify and fix issues before they become major problems. That way, you’ll be able to provide the telehealth services patients want in compliance with what the regulations demand. 

It’s a big effort to keep your compliance champions connected and communicating. See how YouCompli can help you manage the rollout of new regulations and verify best efforts to regulators and your board. YouCompli is the only healthcare compliance software combining actionable regulatory analysis with a simple SaaS workflow. 

Differing state regulations make telehealth compliance more complex

The beauty of telehealth is that it connects patients and providers through technology that transcends boundaries. But when that connection crosses state lines, your healthcare organization could find itself responsible for complying with regulations from jurisdictions hundreds, maybe thousands, of miles away.  

Or from states just down the road. 

Many of those are stricter than the federal regulations, and many cover issues that the federal government doesn’t. Here are some of the key issues to look out for. 

Related: Growth in telemedicine could mean trouble if you are not careful   

Differing reimbursement structures and rates 

Reimbursement structure and rates vary by state and form of telehealth. For instance, all states pay Medicaid reimbursement for some form of live telehealth, but in different ways, and all states reimburse for interactive, real-time telehealth. However, only 14 reimburse for sessions where the patient records a call for later physician review (store-and-forward), and only 22 reimburse for remote patient monitoring of recently discharged hospital patients. There are eight states that reimburse for all three telehealth methods. 

There are two opposite views about reimbursement rates. One view is that a service is a service, so being virtual or in person shouldn’t affect reimbursement. 

The other penalizes telehealth for its efficiencies. In face-to-face visits, “there are built-in inefficiencies that isn’t time spending with the person,” says Dr. Katherine Dallow, vice president of Clinical Programs at Blue Shield Blue Cross of Massachusetts. “I probably spend somewhere between two to five minutes per patient moving from one room to another or pausing to document or checking something on their file or handing something off.” With less provider time and less pro rata overhead, some states reason, there should be less reimbursement. 

Forty states have their own private payer telehealth reimbursement policies, and six have private payer parity laws requiring the same reimbursement for in-person and telehealth care. 

Stricter privacy protections 

The Health Insurance Portability and Accountability Act (HIPAA) is the federal umbrella protecting privacy and confidentiality of patient records, but states are allowed to go beyond it. Many do. 

For example, if there’s a breach of privacy, HIPAA requires that the patient be notified within 60 days. Some states shorten that to 30 days, and California shortens it to ten. Some states also require hospitals to notify the state attorney general and the three major credit reporting companies: Equifax, Experian, and TransUnion. If there’s a breach of an out-of-state telehealth patient’s confidentiality, do you know what the originating state requires? 

Multi-state provider licensure 

Almost all states require physician licensure where the patient is (also known as the originating location). Same for nurses, nurse practitioners, physicians’ assistants, clinical psychologists, registered dieticians, and physical therapists. Different states have different licensing procedures, and there’s no federal umbrella. That’s something you’ll need to look out for, not only with faraway states, but also in New York, New York; Chicago/Hammond, Ind.; Texahoma, Texas/Okla.; or any of 84 other communities that straddle state lines. 

(Speaking of licensure, is your hospital licensed to provide telehealth services? In how many states?) 

Can doctors prescribe online? 

State regulations for phone-in prescriptions from the late 1990s adapt pretty well to online prescriptions today. The problem is, they differ from one state to the next. Different states have different regulations on just what a valid prescription is. About whether the doctor can prescribe without seeing the patient first, and whether seeing a patient on a computer screen is really “seeing.” About whether there has to be a previous doctor/patient relationship, and whether that relationship can be remote or has to be face-to-face. 

Related: Interstate regulations aren’t the only telehealth complexity. Check out this blog post for more: Telehealth compliance considerations: looking ahead

Two ways to keep up; one is practical. 

Complying with more than 50 sets of regulations takes a lot of attention to detail and a lot of reading. One way to keep up is with sheer effort: health organizations designate one or more people to read and track all the regulations that affect them.  

A better, more practical way is to rely on expert compliance professionals and nationally respected law firms to keep you up to date on interstate issues in telehealth regulation. YouCompli users select the agencies that matter to their organizations and receive updates and resources to help them know about new regulations, decide their applicability, manage policy changes, and verify compliance.  

Are you looking for ways to track telehealth regulations in all the states your patients receive treatment? Take a look at YouCompli, the only healthcare compliance software combining actionable, regulatory analysis with a simple SaaS workflow.  

Jerry Shafran is the founder of YouCompli. 

Protecting Hospital Finances in the Post-Pandemic Environment

It’s become a cliche, especially in healthcare, to say that COVID-19 has changed “everything”. One thing that has clearly changed, however, is hospital finances.

Pandemic response stretched every healthcare system in the United States, many to the breaking point. Revenues from non-COVID procedures were significantly reduced, to the point that furloughs of vital medical staff have become necessary.

In this environment, compliance professionals have an important role to play. Ensuring that all payment compliance regulations are being followed helps to protect existing revenue streams, and helps to get the system back on a strong financial footing. As hospitals are getting “back to normal” and trying to find ways to bolster their budgets, good compliance practices are vital.

Outstanding Payments and Patient Insurance

In-hospital treatments declined during the pandemic; however, virtual health visits significantly increased. It’s crucial to continuously monitor payment compliance practices, which include patient insurance information, especially when offering this new treatment vector.

Pre-pandemic, the number of Medicare patients increased by 11 million since 2014, and at least 37 states expanded Medicare eligibility in 2019. While it’s hard to say where Medicare coverage will go as government budgets also come under pressure, these numbers could mean that some outstanding medical bills may be covered.

Historically, about 1% to 5% of self-pay accounts, or patient out of pocket costs, are written off by hospitals as bad debt. Checking and double-checking that your institution has the right information about patients, now and going forward, can be a key step in keeping the hospital financially strong.

The number of uninsured patients has continued to grow — by 12% towards the last months of 2017, and 27 million Americans have lost their employer-provided insurance during the pandemic. Overall, improving payment compliance practices in relation to insurance is an important step in effectively managing these, and other, challenges with patient payment balances.

Reducing Readmission Rates and Penalties

If your hospital serves Medicare and Medicaid patients, you probably know the high number of readmissions that occur in typical months. Readmissions that take place within 30 days of an initial visit cost hospitals a staggering $41.3 billion. In a post-COVID world, these patterns may not hold — but that could mean that readmissions are going to go up, not down.

CMS instituted several programs to try to manage these readmission challenges.

  • The Hospital Readmissions Reduction Program (HRRP): rewards hospitals for lowering readmission rates for common health conditions like heart attacks, pneumonia, COPD, and total hip and knee replacement surgery
  • The Hospital-Acquired Condition Reduction Program (HACRP): encourages a reduction in avoidable infections resulting from colon surgeries and hysterectomies, bedsores, sepsis, and even blood clots

Hospitals with, according to CMS, higher than average readmission rates face steep penalties and lower claims reimbursement. In the fiscal year 2020, pandemic notwithstanding, 83% of the 3,300 hospitals in the U.S. were projected to face penalties. And these penalties can be as high as a 3% reduction in repayment. Across the United States, CMS penalizes the worst-performing hospitals with a 1% reduction in total claim reimbursement.

As hospitals reopen and restart regular procedures and treatment, and try to rapidly scale revenue generation, more hospitals may face penalties, if compliance practices are not strong. Surprisingly, at least 12% of readmission cases of readmission cases are preventable, according to the Medicare Payment Advisory Commission (MedPAC).

Two ways hospitals can comply with CMS’ regulations and boost patient care are:

  1. Embrace a process that sends discharge summaries to the primary care physician
  2. Assign staff follow-up on post-discharge test results.

Setting up such a process can be tricky, especially in larger hospital facilities and in facilities that are still challenged in the aftermath of COVID. Medical staff need to be able to consistently and quickly assign, track, and review summaries and test results.

Monitoring each step of the process is necessary to ensure that your organization is taking the proper steps to adhere to Medicare and Medicaid requirements. That way, your hospital easily avoids significant penalties while boosting patient care. CMS also recommends that hospitals be on the lookout for hospital-related illnesses, which can derail patient care standards.

What You Can Do

Staying on top of the ever-changing world of CMS regulations isn’t easy, especially as we emerge from the pandemic crisis. But we can help by providing you with expert advice and tools that target the regulations and policies needed to run your hospital compliance program more effectively.

Our fully customizable software helps you and your revenue cycle team stay on top of every regulation, so you’ll have the best possible chance of meeting essential mandates, keeping cash flowing and avoiding penalties.

See YouCompli in Action

Easier, faster, more effective compliance is possible

Learn More

5 Payer Audit Errors Every Hospital Must Avoid

5 payer audit errors

Revised September 2022

Most healthcare providers, from large hospitals to solo practitioners, experience an external audit at some point. The scrutiny can unveil errors and violations, which can lead to hefty penalties. 

The key to surviving an external audit, with the least amount of frustration, is to avoid these five common mistakes. 

1. Late Responses

Your deadline to submit relevant documentation begins upon receiving that external audit request. 

External audits may be requested by a commercial health insurance payer, or government agencies such as the Centers for Medicare and Medicaid Services (CMS) or Office for Civil Rights (OCR). While the origin of the audit request doesn’t matter, a timely response is essential. 

Take all deadlines seriously. If an extension is needed, ask for one, immediately. Missing deadlines can result in hefty fines and penalties. 

2. The Wrong Documentation

A common trigger for payer audits is improper or lack of necessary documentation.  As a healthcare practitioner, you must prove the medical necessity of each test or procedure used to diagnose and treat your patients. 

Here’s the tricky part. Sometimes payers and providers disagree on what tests or procedures are medically necessary.  Additionally, medically necessary guidelines change frequently. CMS provides local coverage determinations (LCDs) and national coverage determinations (NCDs) to help with your documentation. Be sure you are aware of changes to these coverage determinations.  

The best way to mitigate this problem is to educate your staff on what services the payer considers medically necessary, and what documentation is required to establish medical necessity. 

 Additionally, clearly document the need for a particular procedure to treat or diagnose a patient. Finally, when required, ensure that authorization is received from the payer before rendering services. 

3. Billing the Wrong Codes

Incorrect billing and coding practices can raise suspicion of fraud, failed claims, or delayed reimbursement, and — you guessed it — external payer audits. Providers and patients overpay a whopping $68 billion annually due to incorrect billing. 

 Coding systems developed by the American Medical Association and the Centers for Medicare and Medicaid are designed to streamline the billing process. Every medical procedure and service from ambulance rides to chemotherapy drugs to doctor visits are contained within coding systems such as the ICD-10, CPT, and HCPCS. 

Studies show 80 percent of medical bills in the U.S. contain errors. This percentage can decrease by ensuring appropriate staff stay current with billing and coding updates and communicate those changes to the right clinical and administrative staff to avoid old and outdated codes. 

4. No Self-Audit

One way to prepare for payer audits is to perform regular self-audits within your facility.  Internal audits are great for identifying and eliminating weak spots that can potentially lead to headaches down the road, like rejected claims and costly compliance failures. 

 One drawback is the strain on precious resources like time and personnel. You can get around this problem by hiring a third-party audit service. Make sure you have HIPAA-compliant Business Associate Agreements (BAA) so that you’re allowed to share your patient health information with third parties providing auditing services.  

 Another option is to use software provides 24/7 access to survey compliance data. Ideally, this software will provide automatic tracking of all documentation and decisions involved in the process of running your organization. 

 This ensures that compliance professionals can get immediate reporting on how well their team is doing, conducting audits more efficiently and effectively. It’s a time and cost-effective solution to hiring an outside third-party provider. 

5. No Legal Help

Having a healthcare attorney in your corner can mean the difference between a smooth audit experience and an audit nightmare. 

Here’s how a healthcare legal team can benefit your health practice: 

  • Work intimately with your staff to analyze any risky billing procedures. 
  • Challenge any demands from payers for overpayment. 
  • Challenge any allegations of fraudulent billing practices. 
  • Push back on any denied claims and the overuse of service claims. 

 Again, software is a useful tool to support your attorney’s work. A system that stores all compliance information, including payment practices, and has search capability will provide your legal team with the information they need to fight payer audit discrepancies when the time arrives. 

 External payer audits don’t have to be a nightmare. By being adequately prepared and vigilant, your next audit experience can be more streamlined and less stress-inducing. 

Learn More About YouCompli

The best way to prepare for a payer audit is to carefully manage changes to regulatory changes and coverage determinations. YouCompli can help you establish a scalable, repeatable process so you don’t miss a relevant change and you can equip your clinical colleagues to respond to the change. Then, when the audit does happen, you’ll have an easy way to demonstrate your work to comply with the requirements. Find out more. 

Jerry Shafran is the founder and CEO of YouCompli. He is a serial entrepreneur who builds on a solid foundation of information technology and network solutions. Jerry launches, manages, and sells software and content solutions that simplify complex work. His innovations enable professionals to focus on their core business priorities.

Never Miss an Article on Healthcare Compliance

Get a 15-minute strategic overview of YouCompli