--- name: managing-billing-compliance language: en description: Structures billing compliance programs with audit methodology and corrective action protocols. Use when auditing billing practices, managing compliance programs, or implementing corrective actions. tags: - management - healthcare-compliance - compliance - audit metadata: author: casemark practice_areas: - Healthcare Compliance - HIPAA - Healthcare Regulation document_types: - Management Report skill_modes: - Management - Coordination --- # Managing Billing Compliance A structured framework for building and operating healthcare billing compliance programs, including audit methodology, coding accuracy assessment, documentation adequacy review, corrective action protocols, and integration with OIG compliance program requirements and False Claims Act risk mitigation. ## Why This Skill Exists Healthcare billing compliance is the intersection of clinical documentation, coding accuracy, regulatory requirements, and financial integrity. OIG has consistently identified billing errors as the leading source of Medicare overpayments—the 2023 HHS/OIG improper payment estimate for Medicare FFS was 7.38%, representing billions in overpayments. Billing errors range from innocent mistakes to systematic upcoding, unbundling, and billing for services not rendered—each carrying escalating legal consequences from overpayment refund obligations through FCA treble damages. The 60-day overpayment return rule (42 U.S.C. § 1320a-7k(d)) means that identified billing errors must be investigated, quantified, and refunded within 60 days or risk FCA liability. OIG's Compliance Program Guidance for hospitals and physician practices specifically identifies billing as a primary compliance focus area. A rigorous billing compliance program prevents overpayments, detects errors before external audit, satisfies OIG compliance expectations, and protects against FCA enforcement. --- ## Checkpoint A — Program Assessment ### Intake Questions 1. Does the organization have a dedicated billing compliance function, and where does it sit organizationally (compliance, revenue cycle, finance)? 2. What billing modalities does the organization submit—professional (CMS-1500/837P), institutional (UB-04/837I), or both? 3. What coding systems are in use (ICD-10-CM/PCS, CPT, HCPCS, DRG, APC), and what is the coder certification level (CPC, CCS, RHIT, RHIA)? 4. Does the organization use computer-assisted coding (CAC) or AI-based coding tools? 5. What is the organization's denial rate, and what are the top denial reasons? 6. Has the organization been subject to RAC, ZPIC/UPIC, MAC, or OIG audits, and what were the findings? 7. Does the organization have a process for the 60-day overpayment identification and return obligation? 8. What is the organization's charge description master (CDM) governance process? 9. Does the organization conduct pre-billing and post-billing audits? 10. What education and feedback mechanisms exist for physicians regarding documentation and coding? ### Required Documents - Billing compliance plan and policies - Coding accuracy audit reports (internal and external) - Denial management reports and trending analysis - CDM maintenance policies and review documentation - RAC/ZPIC/UPIC/MAC audit correspondence and response - OIG Work Plan items relevant to the organization's services - Documentation improvement program materials - Coder education and training records - Physician query policies and procedures - Overpayment identification and refund tracking - Claims edit configuration and override reports --- ## Step 1 — Coding Accuracy Audit Program Establish a systematic coding accuracy audit methodology: - **Audit Design**: Conduct prospective (pre-billing) and retrospective (post-billing) coding audits. Retrospective audits should use random sampling and targeted sampling based on risk indicators. - **Sample Selection**: Use statistically valid random samples (minimum 30 records per provider or service line per quarter for prospective monitoring). Targeted samples should focus on: high-risk CPT/HCPCS codes (OIG Work Plan targets), E/M code distribution anomalies, modifier utilization patterns, and newly credentialed providers. - **Audit Methodology**: For each audited record, the auditor should independently: review the medical record, assign diagnosis and procedure codes, determine the appropriate E/M level, identify any modifiers, and compare the result to the submitted claim. Document discrepancies as overcoding, undercoding, or unbundling. - **Accuracy Targets**: Industry benchmarks target ≥ 95% coding accuracy. Accuracy below 90% indicates a systemic problem requiring immediate intervention. - **E/M Level Accuracy**: E/M coding is the highest-volume area for physician practices. Audit E/M code distribution against specialty benchmarks (AMA/CMS E/M guidelines, specialty society data) and flag providers whose distribution significantly skews to higher levels. - **Diagnosis Coding**: Verify diagnosis codes are supported by documentation, assigned to the highest level of specificity, and appropriate for the services rendered. Assess compliance with coding guidelines for specificity, laterality, 7th character extensions, and sequencing. --- ## Step 2 — High-Risk Billing Area Assessment Evaluate compliance in areas identified as high-risk by OIG, CMS, and payer audits: | Risk Area | Key Compliance Requirements | |-----------|---------------------------| | E/M Services | Documentation supports level billed; 2021 E/M guidelines applied for outpatient; medical decision-making or time-based criteria met | | Modifier Usage | Modifier 25 (significant, separately identifiable E/M) supported by documentation; modifier 59/X modifiers used only for truly distinct services | | Incident-To Billing | Services meet all incident-to requirements: direct supervision, established patient, physician-initiated plan of care | | Teaching Physician | Teaching physician physically present and personally performs key portions per CMS Teaching Physician rules; primary care exception documented | | Same-Day Services | Separate and distinct services documented; NCCI edit compliance; medical necessity for each service documented | | Medical Necessity | Every service billed has documented medical necessity; ABN (Advance Beneficiary Notice) issued for non-covered services | | Place of Service | Correct POS code used; telehealth POS codes applied correctly | | Provider Enrollment | Only enrolled, eligible providers bill Medicare; PECOS enrollment current; NPI assignment correct | | Timely Filing | Claims filed within payer-specific deadlines; Medicare timely filing is 12 months from date of service | --- ## Step 3 — Documentation Adequacy Assessment Evaluate the link between clinical documentation and billing: - **Clinical Documentation Improvement (CDI)**: Assess whether the organization has a CDI program to ensure documentation accurately reflects the severity of illness and complexity of care. CDI programs improve coding accuracy for DRG assignment, risk adjustment (HCC coding), and quality measure reporting. - **Physician Query Process**: Verify a compliant physician query process exists. Queries must be non-leading (not suggest a specific diagnosis), clinically relevant, and consistent with AHIMA/ACDIS guidelines. Leading queries that suggest diagnoses without clinical basis can constitute false claims. - **Cloning/Copy-Paste**: Assess the extent of copy-paste documentation and its impact on billing accuracy. Documentation that is cloned without updating to reflect the current encounter can support claims for services not actually rendered or overstated complexity. - **Medical Necessity Documentation**: Verify that orders and documentation establish medical necessity for each service—particularly for diagnostic tests, imaging, therapy services, and DME where medical necessity denials are common. - **Signature Requirements**: Verify provider signatures and authentication meet CMS requirements. Unsigned or undated orders, authentication beyond the acceptable timeframe, and use of signatures by unauthorized personnel are common audit findings. --- ## Step 4 — Overpayment Identification and Return Operationalize the 60-day overpayment return obligation: - **Identification Process**: Define what constitutes "identification" of an overpayment—per CMS guidance and case law (UnitedHealthcare Insurance Company v. Azar), this includes when the entity has or should have through reasonable diligence identified the overpayment. - **Investigation Protocol**: When a potential overpayment is identified (through internal audit, hotline report, external audit, or payer inquiry), conduct a timely investigation to determine the scope and amount. - **Quantification**: Use appropriate methodology to quantify the overpayment—claim-by-claim review for small populations, statistical sampling with extrapolation for large populations. - **Lookback Period**: Apply the applicable reopening period (3 years for Medicare per 42 CFR § 405.980) as the lookback period for overpayment identification. - **Reporting and Refund**: Report and return the overpayment within 60 days of identification to the appropriate entity (MAC for Medicare FFS, MA plan for Medicare Advantage, state Medicaid agency for Medicaid). Include an explanation of the overpayment, affected claims, and methodology. - **Documentation**: Maintain complete documentation of the overpayment identification, investigation, quantification, and refund for a minimum of 10 years. --- ## Step 5 — Corrective Action and Monitoring For identified billing compliance deficiencies: - **Root Cause Analysis**: Determine whether the deficiency is caused by: individual coder/provider error, systemic process failure, EHR configuration issue, training gap, or intentional misconduct. - **Immediate Corrective Action**: Implement immediate corrections—claims adjustments, overpayment refunds, claims edit adjustments, provider re-education. - **Systemic Correction**: Address root causes—update billing policies, reconfigure EHR templates or coding tools, revise CDM entries, implement new pre-billing edits, redesign workflows. - **Provider Education**: Deliver targeted education to providers with identified documentation or coding deficiencies. Education should be specific to the deficiency, include examples from the provider's own records (de-identified), and be documented with content, date, and attendee records. - **Follow-Up Audit**: Conduct follow-up audits within 90 days to verify corrective action effectiveness. If deficiencies persist, escalate to the compliance committee and consider enhanced monitoring. - **Trend Monitoring**: Establish ongoing monitoring dashboards tracking: coding accuracy rates, E/M level distribution, modifier utilization, denial rates by reason, overpayment refund activity, and audit finding recurrence. --- ## Checkpoint B — Program Validation 1. Confirm coding audits are conducted using statistically valid sampling methodology with documented results. 2. Verify coding accuracy meets the ≥ 95% benchmark, and providers below 90% are in active corrective action. 3. Confirm high-risk billing areas are addressed with specific audit protocols and monitoring. 4. Verify CDI program queries are non-leading and comply with AHIMA/ACDIS guidelines. 5. Confirm 60-day overpayment return obligation is operationalized with tracking and documentation. 6. Verify corrective actions address root causes, not just symptoms, and include effectiveness monitoring. 7. Confirm billing compliance reports are provided to the compliance committee and organizational leadership. 8. Verify the OIG Work Plan is reviewed annually and high-risk items are integrated into the audit plan. --- ## Quality Audit - [ ] Coding accuracy audit program established with statistically valid sampling - [ ] Prospective (pre-billing) audits conducted for high-risk services - [ ] E/M code distribution analyzed against specialty benchmarks - [ ] Modifier usage (25, 59/X modifiers) audited for documentation support - [ ] Incident-to billing requirements verified for applicable services - [ ] Teaching physician documentation requirements assessed - [ ] CDI program operational with compliant physician query process - [ ] Copy/paste documentation monitored and addressed - [ ] 60-day overpayment return obligation operationalized with tracking - [ ] Corrective action includes root cause analysis and effectiveness verification - [ ] OIG Work Plan integrated into annual audit plan - [ ] Billing compliance metrics reported to compliance committee and leadership --- ## Guidelines - Billing compliance is not just a revenue cycle function—it is a core compliance obligation. OIG's Compliance Program Guidance specifically identifies billing as a primary focus area, and billing errors are the most common basis for FCA enforcement. - The 60-day overpayment return rule transforms identified overpayments into potential FCA violations. Once an overpayment is identified (or should have been identified through reasonable diligence), the clock starts. Delaying investigation or refund creates independent FCA liability. - Coding accuracy audits must use independent review—coders auditing their own work is not an effective control. External coding audits provide the most objective assessment. - Physician queries must be non-leading. A query that suggests a specific diagnosis without clinical basis (e.g., "Would you agree the patient has sepsis?") can constitute a false claim if it results in an unsupported diagnosis code being assigned. - E/M coding under the 2021 guidelines allows time-based or medical decision-making (MDM) based selection for outpatient services. Ensure auditors and coders are trained on the current guidelines and not applying outdated 1995/1997 documentation requirements. - RAC, ZPIC/UPIC, and MAC audits are external validation of billing compliance. Organizations that proactively audit the same risk areas these entities target are better prepared to respond and have lower error rates. - This skill produces billing compliance assessment output, not legal advice. Overpayment disclosure decisions, FCA risk assessments, and responses to government audits should involve qualified healthcare fraud and compliance counsel.