Avoid Audits and Thwart Fraud with Front Desk Strategies

Your front desk is as important to your practice as is the medical staff. As the face of the practice, the reception team sets the overall tone for customer service, patient satisfaction, and the culture of the practice. However, the frontline staff also ties directly to HIPAA compliance, overall collections, and the financial health of the practice. Unfortunately, statistics show that ancillary staff could be losing you both patients and money. However, there are steps you can take to avoid HIPAA and customer service disasters, discourage embezzlement and fraud, and improve your front desk collections.

Provide Guidelines for Staff to Ensure Proper Payments

To start, you should have—and regularly update—a written policies and procedures manual. All new employees must be given a copy of this manual and be trained on its contents. Periodic review sessions also should be scheduled for current employees.

All staff must understand the rules, guidelines, and contractual policies of your third-party payers and know how to apply them to patients. It is helpful to prepare “cheat sheets” for each payer so the staff can reference them as needed. Generally, the following points should be confirmed while the patient is in the office:

• Does the bill and/or code support today’s patient visit?

• Are the demographics correct?

• Does the patient understand his or her financial responsibility?

If you treat Medicare patients, an audit is always possible even if you think you are following all of the rules and regulations. Following is a brief summary of what you must know about Medicare audits and how to be sure that you are ready if you are audited. Although you may not be able to avoid an audit, you can make sure you’re totally prepared to face one.

Medicare Audits

Common mistakes to avoid in your documentation include the following:

• Use of a stamp instead of an actual signature on documents;

• Missing physician signatures;

• Failure to recertify the plan of care when appropriate;

• Noncompliance with frequency/duration rules indicated within a local coverage decision;

• Insufficient documentation;

• Post-denial modification to documentation; and

• Failure to supply records when asked by Medicare.

Certain billing practices also can initiate a Medicare audit:

• Billing for one-on-one time for a patient participating in group therapy;

• Billing for cotreatment that did not occur;

• Knowingly submitting claims for services that normally are covered when “reasonable and necessary” without showing medical necessity in the documentation;

• Unbundling or upcoding services;

• Failing to execute an advanced beneficiary notice of noncoverage before providing non–medically necessary services and then billing Medicare under the false premise of medical necessity;

• Billing for a duration or frequency that falls outside the norm for the service in question; and

• Billing for services not furnished or services furnished by a student.

You can avoid audits by educating yourself and your staff on Medicare’s local and national coverage policies by taking Medicare-related insurance continuing education courses or signing up for Medicare compliance training.

This brings us to the importance of having a compliance plan in place as part of your written policies and procedures manual. This plan should ensure that all staff can recognize potential compliance issues and includes processes and procedures for dealing with misconduct. The compliance plan should be headed by a designated compliance officer. The plan should include the following elements:

• A purpose or mission statement that succinctly describes the goal of the plan;

• A clear definition of the practice’s standards of conduct;

• Information on how new employees are trained;

• A clear statement on how employees who do not follow the standards are disciplined;

• Enumeration of the responsibilities of the compliance officer or committee;

• A description of how internal audits will be conducted;

• Information on how violations identified as a result of an audit will be handled;

• Educational content specific to your services and risk areas; and

• Advice on how to avoid raising red flags.

Since 2010, CMS has worked to reduce the money wasted on improper Medicare payments by cutting errors. The following sections discuss some of the audit programs currently in place. (For a complete list and more details, refer to Medicare Claim Review Programs, available at https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/Downloads/MCRP-Booklet-Text-Only.pdf .)

Recovery Audit Contractor Audits

The Recovery Audit Contractor program was developed as part of the Medicare Modernization Act of 2003. This program reclaims money by conducting retrospective reviews of fee-for-service claims or “claw backs.” Each contractor conducts audits in one of the country’s four regions and receives payment based on the amount recovered.

Certified Error Rate Testing Audits

Certified Error Rate Testing audits are conducted annually using a statistically valid random sample of claims. Auditors review the selected claims to determine whether they were paid properly under Medicare coverage, coding, and billing rules.

Probe Audits

Probe audits target either particular services or particular specialties. If you meet the criteria for a particular probe, auditors will pull a sample of your submitted claims for review prior to payment. You will receive a request for additional documentation by a specified deadline. If you fail to comply, you will not receive reimbursement. If the documentation you provide does not support what you billed, you will not receive reimbursement for the claim. If the audit uncovers any actions deemed fraudulent, your Medicare Administrative Contractor will refer your case to the appropriate agency for further investigation.

Watch for Fraud

Properly documenting and collecting payments are no longer enough to keep your practice financially healthy. Recent news reports have described embezzlement of funds at businesses, nonprofit organizations, and government entities. Medical practices are not immune from possible fraud, especially when there are numerous cash transactions. To help counter this, conduct complete background checks on new employees before they are hired. To help protect the practice, obtain an insurance bond for the bookkeeper and the office manager, but keep in mind that this does not cover financial neglect by the practice owners.

Embezzlement can occur at many locations throughout the office. It can be at the front desk, the billing department, the payroll system, or accounts payable. The financial principles of the practice should be discussed during employee orientation to emphasize that you will not tolerate deceit, fraud, or theft. Establish strong financial practices in your office and adhere to them. Existing employees will appreciate a solid foundation and a clear understanding of how things need to be done. New hires will recognize how much you respect finances and know what is expected of them. They will understand this is a practice that “minds the money.”

There are a number of ways for employees to misappropriate funds from the handling of monies—from copays and insurance reimbursements, to processing payroll and reconciling bank accounts, to having regular access to cash boxes. Regular audits and internal controls to monitor and guide proper employee conduct should be implemented to help prevent and detect fraud in medical practices.

In many medical practices, efficiency requires streamlining procedures and avoiding duplication of tasks, with employees taking on a wide range of responsibilities, frequently without management review or oversight. However, it is important that multiple people be involved in finances to properly separate accounting functions, particularly those dealing with cash. Proper controls are needed to prevent employees from voiding or manipulating transactions such as a charge after it’s posted to the system or other means to override existing internal controls. You do not want to have the same person auditing the cash drawer, posting the charge and payment, and taking the money to the bank. Nor do you want the person who prepares the checks to be the one who reconciles the bank statement. Create essential financial role diversity by requiring anyone handling finances to rotate out of their position for a period of at least two weeks each year.

Develop processes that ensure there is clear and appropriate documentation to support all financial transactions: money in and money out. Establish system-wide audit trails, and make sure the computer system also has a proper audit trail. Financial procedures in the practice should be designed to provide sufficient oversight for all financial transactions, including charges, adjustments, and payments on patient accounts. Your practice management system, accounting system, banking system, and payroll records must be able to track all transactions and identify which employee completed each one. This allows the practice to spot check to ensure financial procedures are being adhered to. This is one case where duplicate efforts are a powerful financial tool. Looking over someone’s shoulder occasionally helps keep him or her honest. In a small practice, the doctor or an independent source such as the accountant or consultant can be the point person for accountability. A larger practice may use an independent source or have an audit committee made up of employees from various departments.

Common practices that often lack controls and oversight that could lead to employee theft include the following:

• Copayments aren’t posted to the system at the time a patient checks in or leaves the practice.

• Patients are told to pay a higher amount than what is entered into the system.

• Cash receipt processes are cumbersome.

• Credit card machines aren’t closed out by management, allowing employees to make adjustments to their personal accounts.

• No payment reconciliation process is in place.

• Payments are posted prior to deposit at the bank.

• Deposits are made only weekly, or as needed.

• No cash is posted or deposited the last two days of the month.

• Cash drawers are not locked.

The following procedures can be implemented to counter the above practices and other embezzlement temptations:

• Issue receipts for all payments received.

• Have the front desk perform reconciliation prior to close for the day.

• Close out the credit card machine daily, with manager oversight to approve refunds or voids.

• Keep cash boxes in a fireproof safe overnight, and store the key away from the front-office area. Audit daily.

• Define discounts and copay collection procedures.

• Implement access controls, such as codes for receipt modules on billing systems.

• Reconcile the amount posted in the billing system with the amount deposited in the bank.

• Pay bills on line or using an automated check writing system that does not allow alterations.

• Use electronic remittance for payment from third-party payers, if available, and a bank drop box for checks.

• Do not use signature stamps with the same names as the signers on bank accounts.

• If a non-owner of the practice is permitted to be a signer on the bank account, limit the dollar amount approved.

• Audit payroll records quarterly or, at a minimum, semiannually to prevent potential unauthorized raises, bonuses, or overtime pay.

To further prevent fraud, a medical practice should involve more than one employee in each step of the accounting process. For instance, the cash drawer should be reconciled at the end of the day and placed in the safe. The next day, a different employee verifies the amount from the day before and deposits it into the bank.

It is important to test and audit internal controls regularly to ensure they are working as envisioned. Every few months, a random selection of bank reconciliations should be reviewed against the billing system. Payments should be followed through to bank deposit using these steps:

• Select a sample of receipts;

• Check if posted to the patient’s account;

• Verify the lag;

• Confirm the daily deposit matches the dollar amount received as recorded in the receipt book; and

• Confirm that any patient discount matches the practice’s policy.

Set an Example

Easy access to cash and lax controls can tempt even the most loyal employee. If you regularly or even occasionally “borrow” funds from the cash drawer for lunch or until you get to an ATM, employees may feel they can do the same. When the missing funds are not noticed due to poor reconciliation policies, the employee may “forget” to return that $20 and may “borrow” more when short on cash.

Although you have employees handling financial transactions, you also need to track receipts and expenses. Read the monthly bank statements. Look for unusual withdrawals and irregular expenditures. See where checks or ACH transfers were actually cashed. That check with the memo for supplies actually may have been written to an employee or an unknown entity. Question why deposits are low from an unusually busy day. Conduct occasional reviews of each aspect of your practice’s finances.

Listen to your instincts. If you become suspicious, start digging. If the person handling the money seems territorial and protective of his or her position or begins living a more extravagant lifestyle or avoids going on vacation, something is wrong, and it’s important to dig deeper to make sure the practice’s finances are in proper order.

Summary

Maintaining your practice’s fiscal health can be challenging. Having written policies and procedures that are reviewed and updated on a regular basis is the foundation. Providing “cheat sheets” for easy reference helps all staff keep track of the myriad rules for the different payers. Screening and training new employees and periodic training updates for all employees are important. Keeping adequate records and documentation is vital if faced with an audit. Establishing financial checks and balances and following the money can help discourage embezzlement.