compliance risk management · 2012-04-24 · kpmg forensic is a service mark of kpmg international....
TRANSCRIPT
Compliance Risk Management
The importance of compliance risk assessments in the
current regulatory environment
FORENSIC
A D V I S O R Y
1© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Agenda
1. The importance of performing compliance risk assessments and
addressing new regulatory trends in the risk assessment process
2. How to develop organizational support and sponsorship
3. How to conduct a compliance risk assessment
4. Utilizing data analytics in the risk assessment process
5. Reporting the results: leadership and the Board
6. Corrective action planning and implementation
2© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Chapter 1
The importance of performing a compliance risk assessment and
addressing new regulatory trends in the risk assessment process
The learning objective is to provide an understanding of why the
current regulatory and competitive landscape requires
organizations to undertake a compliance risk assessment
Regulatory influences - more now than ever
An overview of government capabilities
The benefit of being proactive
The risk of being complacent
3© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Why Perform a Formal Compliance Risk Assessment?
Regulatory Influences
CMS national strategy to combat waste, fraud & abuse in Medicaid program (www.cms.hhs.gov)
State Program Integrity Units
HHS-OIG Medicaid Audits
CMS-Perm Auditors & MIP Auditors
Medicare ZPICS & RACS
U.S. Federal Sentencing Guidelines requirement
Strongly recommended by OIG/AHLA guidance for healthcare boards
Thompson and McNulty memos
Boards have a heightened awareness and liability post Enron/Worldcom/SOX
NY State – Office of the Medicaid Inspector General – compliance program effectiveness – what is the board doing?
4© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Convergence of Regulatory Challenges:A Time Line
U.S. Department of Justice Enforcement Guidance
(Holder Memo)1999
1980s1980s 1990s1990s 20002000 20012001 20022002 20032003 20042004 20062006
U.S. Sentencing Guidelines
1999
COSO1992
CaremarkCase1996
USA PATRIOT Act2001
Sarbanes-OxleyAct of 2002
U.S. Department of Justice
EnforcementGuidance
(Thompson Memo 2003)
NYSE andNASDAQ Listing
Standards2003
Revised U.S.SentencingGuidelines
2004
McNulty Memo
HHS OIG Healthcare Compliance Program Guidance Documents
1998 - 2005
2007 & 82007 & 8
CMS first nationalStrategy to combat Medicaid fraud &
abuse
State Program Integrity Units
HHS-OIG Medicaid Audits
CMS – Perm Auditors & MIP Auditors
MedicareZPICS & RACS
5© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Medicaid & Medicare Providers
HHS OIG
State Pay and Chase
Program (if separate
from Single State
Agency):
State Auditor,
Comptroller or IG
Single State
Agency:
Program
Integrity Unit
State MPI & AG PLUS NEW DRA/CMS:PERM/MIP/ZPIC, RACS, QIOs and CPC
New Implementation for 2009-2010
HHS-Secretary
Federal Regulation & Enforcement
CMS
State Regulation & Enforcement
AG Medicaid
Fraud Control
Units: funded by
OIG
Run by states
Investigate and
audit
Federal
Investigators/auditors/
contractors
*NEW:
+$25 Million to
enforce and audit
Medicaid
33221B1B1A1A
Medicaid Integrity Group (MIG)
Medicaid Integrity
Program (MIP) CMS-OFM
*NEW:
PERM Auditors-23
month Cycle-
Identify overpayments-
state MUST collect them
Sets State/Program Error
Rate
*NEW:
MIP Auditors-
HIGH ROI-Project
Based for MIP
Division
44 55 6, 76, 7 8,98,9
Medicare
ZPICS & RACS,
QIOs and CPC
*The Deficit Reduction Act of 2005*The Deficit Reduction Act of 2005*The Deficit Reduction Act of 2005
6© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
If You Are Still in Doubt…
U.S. Federal Sentencing Guidelines Culpability Score and resulting
fines/penalties may increase significantly if your organization is deemed
to not have an effective compliance program
You should be able to answer “Yes” to the following questions:
Did your organization incorporate and follow applicable industry practices?
Was the Compliance program given adequate resources?
If your organization is large did you devote more formal operations and greater resources in meeting the requirements than a small organization?
Did your organization perform a periodic risk assessment and develop a risk assessment tool which is re-evaluated on a regular basis to assess whether you are addressing specific industry high risk areas?
7© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
If You Are Still in Doubt…
You should be able to answer “Yes” to the following question:
Did your organization incorporate and follow applicable industry
practices?
Industry practice is moving towards utilizing data analytics to
identify trends/outliers
8© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
If You Are Still in Doubt…
You should be able to answer “Yes” to the following questions:
Did your organization incorporate and follow applicable industry
practices?
Was the Compliance program given adequate resources?
Do your compliance peers have what appears to be a more
effective program with less resources because they are using
technology to aid in identifying risks via data mining/analysis
9© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
If You Are Still in Doubt…
You should be able to answer “Yes” to the following question:
Did your organization perform a periodic risk assessment and
develop a risk assessment tool which is re-evaluated on a regular
basis to assess whether you are addressing specific industry high
risk areas?
This is the key. What if the regulators are utilizing data analysis to
identify specific industry high risk areas and you are not?
10© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Who Is Currently Mining Your Data?
The following entities may be mining your data:
MIP – Medicaid Integrity Program
QIO – Quality Improvement Organization
MAC – Medicare Administrative Contractor
PSC – Program Safety Contractor
OIG – Office of Inspector General
RAC – Recovery Audit Contractor
OMIG – Office of Medicaid Inspector General
PERM – Payment Error Rate Measurement
ZPIC – Zone Program Integrity Contractor
11© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Who is Currently Mining Your Data?
MIPs, MACs, OIG, PSCs, RACs, OMIGs, PERMs and ZPICs
Inpatient admissions v. outpatient observation services
Diagnosis Related Group (DRG) outliers
Short-stay targeted DRGs
Other targeted DRGs (e.g., debridement, septicemia, etc)
Inpatient-only procedures in hospital outpatient settings
Medical necessity
Consultations
Evaluation and Management (E/M) services
Time-based E/M services
12© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Who is Currently Mining Your Data?
QIOs
Hospital Acquired Conditions (HAC)
Medically Unlikely Edits (MUEs)
Infections
Pressure ulcers
Care transitions
Chronic kidney disease – kidney failure
Diabetes (e.g., self-management education activities)
13© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Chapter 2
How to develop organizational support and sponsorship
The learning objectives are to provide understanding of key
organizational dynamics that enhance or serve as obstacles to
getting this process approved and implemented
Past experiences
Timing
Available resources
Alignment with key organizational objectives
Budgeting & other considerations
14© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Developing Organizational Support
Past Experiences to Consider
Is this the first risk assessment?
What is the organizational appetite for risk assessment?
When was the last risk assessment?
How was the last one received?
Were you the person that initiated the last one?
Is the same management team at the helm?
Did the organization effect necessary change?
Do you sense organizational resistance?
15© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Make or Buy?
Short Answer – Both
Buying
Good business practice is to periodically have outside objective advisors perform a compliance risk assessment which provides:
Objectivity may lend more credibility with the Board and top management
Multiple, objective and varied knowledgeable resources – a fresh look
Results - auditing and monitoring compliance plan
Make
In interim periods, use the methodology and format used by the outside advisors to perform annual compliance risk assessments with internal compliance personnel
Tag-along with the outside advisors during the formal risk assessment to understand how they conduct the interviews
Take advantage of knowledge that you may acquire through the use of outside resources
16© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Developing Organizational Support
Timing
Where are you in the fiscal year?
Are there competing initiatives?
Are there other outside initiatives?
Are key players going to be available?
What is the attention span of the organization?
When are the next board meetings?
Are there any significant internal inquiries ongoing?
17© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Developing Organizational Support
Available resources
What is the availability of internal participants?
The Board, CEO, CFO, COO, GC, Med Director, others
If performing the assessment internally, do you have:
Self-regulating objectivity?
Knowledge to establish a broad risk profile?
An understanding of the relative risks?
The familiarity of a regulations resource?
A methodology that has been validated?
The time to perform the assessment?
The organizational presence?
The interview skills?
The facilitation skills?
18© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Developing Organizational Support
Alignment with key organizational objectives
Where is the organization from a strategic perspective?
Is the organization pro-active or re-active?
Is your program a “real” program?
Is your organization obsessed with growth?
Are you included in key strategic planning sessions?
Do you really have support from the top?
Do you really have the resources you need?
Are your compliance committee meetings well attended?
19© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Developing Organizational Support
Budgeting and other considerations
Make or Buy?
How much can you spend on external consultants?
You get what you pay for – make sure you get what you
need
Do you have the resources you need to do it internally?
Regulatory resource / internal counsel / access to counsel
Be careful what you ask for….you may find it!
Now what?
Is the organization ready for required next steps?
20© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Chapter 3
How to conduct a compliance risk assessment
The learning objective is to provide an understanding of key steps to designing and implementing an effective risk assessment
Planning and kick off
Document review
Conducting management interviews
Utilizing data analytics ( Covered in Chapter 4 )
Rating and ranking methodologies
Compiling the risk profile
Analyzing and sharing the data
Prioritizing the risk profile
21© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
How Are You Assessing Risk?
Are you conducting an “effective” risk assessment?
Compiling a list vs. identifying risk vs. assessing and prioritizing risks
What type of risk assessment process are you utilizing:
OIG Workplan
Check the box
Interview based
Who completes the current risk assessment?
Who participates in the process?
Do you use data analytics ?
22© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Conducting the Risk Assessment
Planning and kick off
Scheduling interviews
How much time do you need and when do you need it?
Targeting the right areas (80/20)
Effectively communicating the objectives
Who, what, why, where, when
What do you need me to do?
What is your plan and how are you staying on plan?
Consistent treatment across the board
Ensuring people are prepared when you arrive
Privilege or not privilege?
If external – how should you be involved?
23© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Conducting the Risk Assessment
Document review
Why do you need to review documents?
What documents do you need?
Previous audits
Hotline reports
External evaluations
Previous risk assessment reports
Documentation of controls
Corrective action plans
Policies and procedures
Detail or high level review?
24© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Conducting the Risk Assessment
Conducting management interviews
Who do you need to speak with?
Alone or assisted?
Communicating the objectives
Ensuring the interviewee is prepared
A level playing field....if you build it they will come
Are you a capable interviewer?
What are you going to ask?
Asking the tough questions
Getting a tough answer
Keeping the conversation on track and meaningful
25© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Conducting the Risk Assessment
Rating and ranking methodologies
Consistency is critical
Likelihood of the risk
Significance or impact if the risk occurs
Mitigating factors to consider
Red, Yellow, Green
One through Ten
High, Medium, Low
Embracing the organizational vernacular
26© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Conducting the Risk Assessment
Compiling the risk profile
How to organize the data
By functional area
By risk categories
By High, Medium, Low
All of the above?
None of the above?
27© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Conducting the Risk Assessment
Analyzing and sharing the data
Understanding the data
Anticipating the reaction to the data
Is this really what you said?
Is this really what you meant?
Who needs to see the results (at this point)?
Avoiding data overload
28© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Conducting the Risk Assessment
Prioritizing the risk profile
So many risks…so little time
Which high risks are really high risks ?
Why is THAT a high risk ?
What does high risk really mean ?
He said low risk, she said high risk…now what ?
Understanding your vulnerabilities
Protecting the innocent
29© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Chapter 4 – Utilizing Data Analytics
The learning objective is to provide an understanding of some initial
planning and execution factors related to data analytics, to provide
some samples of data analytics topics/issues, and to describe how the
information obtained from your data analytics activities can be
incorporated into your risk assessment process.
Factors to consider in undertaking data analytics
Samples of data analytics topics/projects
Incorporating data analytics into the risk assessment process
30© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Data Analytics - Factors to Consider
Data availability
Data integrity
Ability to effectively and accurately review data
Ability to develop algorithms/models
Ability to identify the baseline/outliers
Ability to energize necessary resources (e.g., IT, human, etc.)
Ability to design useful/accurate reports
Ability to incorporate results into the risk assessment/risk profile
Ability to immediately correct (or address) identified problems/issues
31© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Data Analytics Targets
Research
Effort reporting/activity confirmation
Cost transfers
Cost allowability
Salary caps
Procurement
Indirect costs
Conflicts of interest
32© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Data Analytics Targets
Hospital Quality/Patient Safety Issues
Wrong-site surgeries
Never events
Patient falls
Infections
Hospital-acquired conditions
Other Quality Improvement Organization (QIO) targets
33© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Data Analytics Targets
Hospital and MD Billing
Hospital inpatient and corresponding physician
payments
Inpatient admissions/outpatient observation services
Diagnosis Related Group (DRG) ratios/complication
rates
Identified DRG outliers
Targeted Short-stay DRGs
Evaluation and Management (E/M) services
Consultations
34© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Data Analytics Targets – Hospital/MD Billing
Inpatient-only procedures in hospital outpatient setting
Other medical necessity issues
Wrong setting/site-of-service issues
Payment denials
Readmissions within 30 days
Invalid CPT codes
Demographic errors/issues
Hospital-Acquired Conditions (HACs)
Medically Unlikely Edits (MUEs)
Time-based CPT codes
35© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Data Analytics Targets – Hospital/MD Billing
♦ Instances in which the physician's/provider's claim was paid, but the
involved hospital's charges were denied, as well as the opposite (i.e.,
hospital claim paid, physician's claim denied).
♦ Instances in which the hospital billed an inpatient admission, but the
physician reported an outpatient observation (as well as the opposite).
Observation services billed during an inpatient stay.
Respiratory infection v. simple pneumonia.
Short stays (up to 48 hours) in which the patient should have been
outpatient/observation status, and not an inpatient.
Excisional debridement.
Surgical Procedures in the wrong setting (i.e., hospital outpatient
claims for inpatient-only codes).
36© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
The results of your data analytics activities should be used to make your annual compliance risk assessments:
More precise (i.e., target the real issue/problem)
More accurate (in terms of identifying the risk score)
More effective (in terms of developing more effective mitigatingfactors/corrective action plans)
Once you begin the process, data analytics must become an ongoing activity.
Conducting data analytics, along with performing an annual risk assessment, should lead to the development of more effective and/or precise monitoring plans.
Data analytics can also assist an organization in more effectively allocating limited resources.
Incorporating the Results into the Process
37© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Chapter 5
Reporting the results: Leadership and the Board
The learning objective is to understand how to properly lay the
groundwork for presenting the findings
Understanding potential pitfalls
Reporting to interviewees
Reporting to your compliance committee
Reporting to executive leadership
Reporting to the Board
Selling the message to the Board
Obtaining necessary endorsements and resources
38© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Reporting the Results
Understanding potential pitfalls
Vetting the data – “I didn’t say that”
Changing of the guard
The messenger
You can’t “unring the bell”
I am trying to run a business here
Now what do you want me to do ?
39© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Reporting the Results
Reporting to interviewees
When will I see the report?
You may or may not
What do you need me to do next?
Please stand by
Keeping constituents appropriately informed
Big picture objective
Probable next steps
Specific responsibilities
40© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Reporting the Results
Reporting to your compliance committee
Vetting the data
Distilling key information
Strategic planning of next steps
What are realistic objectives?
What are you trying to achieve?
How are you going to get there?
Setting time frames for next steps
41© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Reporting the Results
Reporting to executive leadership & the Board
Understanding the dynamics
Understanding the big picture
Understanding your obligations and responsibilities
Real life examples
What are the implications?
What do you need me (us) to do?
What if it does not go well?
What’s your back up plan?
Educating the Board
Getting commitment on next steps
42© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Chapter 6
Corrective action planning and implementation
The learning objectives will be to provide an understanding for
necessary steps to manage the identified risks
Establishing accountability
Trust but verify….What’s your corrective action plan?
43© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Corrective Action Planning and Implementation
Establishing accountability
Who owns it?
Who controls it?
Understanding “upstream and downstream implications”
Where is it broken?
Documenting the ownership
44© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Corrective Action Planning and Implementation
Trust but verify …. What’s your corrective action plan?
Where is it broken?
Policy and procedure development
Developing and delivering effective training
Developing and implementing auditing and monitoring plans
45© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Questions?
46© 2009 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. KPMG and the KPMG logo are registered trademarks of KPMG
International. KPMG Forensic is a service mark of KPMG International. Service offerings are subject to legal and regulatory restrictions. Some service offerings may not be available to KPMG’s audit or other attest service clients.
Contact Information
Ken ZekoDirector
KPMG LLPDallas, TX
214-840-6497
Ken ZekoDirector
KPMG LLPDallas, TX
214-840-6497
All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation.
Dieter LehnorttInstitutional Compliance Officer
UT Southwestern Med. Cntr.Dallas, TX
214-648-6108
Dieter LehnorttInstitutional Compliance Officer
UT Southwestern Med. Cntr.Dallas, TX
214-648-6108
Joel DziengielewskiDirector
KPMG LLPNew York, NY
Joel DziengielewskiDirector
KPMG LLPNew York, NY