Being audited is rarely fun. After all, you're probably going to lose money, face a fine, or both. More and more entities are auditing healthcare claims-Recovery Auditors, Medicare Integrity Contractors, MACs, FIs, commercial payers, and on and on.
Recovery Auditor overpayment and underpayment statistics are released by CMS at the close of each fiscal year (FY) quarter, and with FY 2012 in the books, CMS has published its year-end improper payment figures. In FY 2012, the numbers continued to ascend, as CMS more than doubled its total correction amount from the previous year.
There are six generic approaches to managing risk, and the approach an organization chooses to use will depend on many factors. For example, how real is this risk? Can it actually become a problem, or is it merely theoretical? Management will want to decide whether the risk is likely to happen and whether it is possible to determine when it may happen. This will also assist in appropriate allocation of resources to focus on material risk areas.
One thing is certain: You don't want to wait until you receive a notification letter from OCR before you begin preparing for a HIPAA audit, says Dena Boggan, CPC, CMC, CCP, HIPAA privacy/security officer at St. Dominic Jackson (Miss.) Memorial Hospital.
