How to Identify and Address High-Risk Coding Errors
Eradicating high-risk coding errors is a critical priority for many healthcare organizations as they seek to avoid revenue loss and mitigate the risk of fines, penalties, and reputational damage should they wind up on the wrong end of a third-party audit. This is especially true as the Department of Health and Human Services (HHS) Office of the Inspector General (OIG), and the Centers for Medicare and Medicaid Services (CMS) Recovery Audit Contractors (RACs) and Medicare Administrative Contractors (MACs) continue to rachet up scrutiny on provider and payer claims.
The OIG has had Hierarchical Condition Category (HCC) assignments in its crosshairs for several years. In its 2023 Semi-Annual Report to Congress covering actions taken between October 2022 and March 2023, the OIG identified $200.1 million in expected audit recoveries and $277.2 million in questioned costs. For fiscal year 2022, the Government Accountability Organization (GAO) identified $128 billion in estimated improper payments made by Medicare and Medicaid to health plans and providers — much of which was rooted in missing or insufficient documentation support for the level of care billing codes.
The latest catalysts for audit surges can be found in the expiration of the national public health emergency (PHE) – triggering reviews of claims that had been off-limits throughout the pandemic – and changes to Risk Adjustment Data Validation (RADV) that CMS estimates will net an estimated recovery of $4.7 billion from Medicare Advantage plans over the next decade.
In terms of audit targets, inpatient rehabilitation encounters, epidural steroid injections, malnutrition documentation, and neuro-stimulator implants are under the OIG microscope, while individual provider organizations will have their own vulnerable coding areas based on their facility type and service lines — areas that may or may not align with those areas being monitored by federal agencies.
For healthcare organizations, the best strategy for protecting against high-risk coding errors and the potential repercussions they bring is to have a clear understanding of problem areas and a plan to address them. The best place to start developing a compliance strategy is to evaluate where most denials are happening, and trend information that will deliver valuable insights into systemic issues with coding, documentation, and/or billing practices that leave the organization exposed.
High-risk Areas and Repercussions
While high-risk areas will vary by individual facilities, many are shared across the healthcare system. Those being closely watched by the OIG and CMS include severe malnutrition diagnosis codes which, according to an OIG report, were incorrectly assigned 82 percent of the time and resulted in hospitals overbilling Medicare by $1 billion in fiscal years 2016 and 2017.
Neurostimulator implant surgeries are also being closely monitored in the wake of an OIG audit, which found that 40 percent of providers failed to provide sufficient documentation to support Medicare coverage requirements. Based on its findings, the OIG estimates that providers received $636 million in unallowable Medicare payments, and beneficiaries paid $54 million in related unnecessary copays and deductibles.
Other focus areas are mechanical ventilation, remote patient monitoring, telehealth, psychotherapy procedures, and inaccurate use of modifiers. High-risk ICD-10-CM diagnosis codes and physician documentation for conditions such as acute stroke, acute heart attack, acute stroke and heart attack combination, malignancy status, embolism, vascular claudication, and major depression also continue to be an audit focus.
As we noted above, individual facilities will have their own internal “watch” areas that lead to problematic third-party audits findings and repayment requests that, unlike the OIG and CMS investigation findings, are not made public.
Based on research across AGS Health’s client base, for in- and out-patient facility coding, those typically include:
- MS-DRG Focus Areas
- Cardiac surgical Medicare-Severity Diagnosis-Related Groups (MS-DRGs) (246, 247, and 251) and cardiac medical MS-DRGs (291 and 292)
- Stroke medical MS-DRGs (061-069)
- Respiratory medical MS-DRGs (189, 190, 193, 194, and 202)
- Sepsis medical MS-DRGs (871 and 872)
- Neonatal medical MS-DRGs with comorbid conditions (789, 790, and 793)
- ICD-10-PCS Procedure Focus
- Spinal fusion, ventilation, and debridement
- CPT Procedure Focus
- Screening versus diagnostic colonoscopy
- High-dollar cardiac procedures such as pacemaker and defibrillator placement
- Pain management procedures such as epidural steroid and facet joint injections
- Bronchoscopy procedures
- Shoulder arthroscopy procedures
- Critical care evaluation and management (E/M) code assignment
On the professional coding side of the house, common problem areas include:
- CPT Code Assignment
- Breast procedures
- Spinal arthrodesis
- Cardiac, cardiothoracic, and vascular procedures such as:
- Aneurysm repair, thrombectomy, and embolectomy
- Ablation procedures
- Angioplasty stent procedures - all artery/vein
- Dialysis circuit intervention
- Stimulator procedures (spinal/sacral/brain) - Stage 1/Stage 2
- Modifier Accuracy
- Modifiers such as:
- 59 (distinct procedural service)
- GZ (item or service expected to be denied as not reasonable and necessary)
- QW (indicate that the diagnostic lab service is a clinical laboratory improvement amendment [CLIA] waived test and that the provider holds at least a certificate of waiver)
- Modifiers such as:
- Global Surgical Package modifiers
- 78 (unplanned return to the operating/procedure room by the same physician or other qualified health care professional following initial procedure for a related procedure during the postoperative period
- 79 (unrelated procedure or service by the same physician or other qualified healthcare professional during the postoperative period)
- ICD-10-CM Diagnosis Focus
- High-risk diagnosis code review to ensure the diagnosis meets reportable diagnosis criteria.
Additionally, the following quality measures and service lines are also under scrutiny to ensure they are being accurately documented, recorded, and reported: hospital acquired conditions (HACs), mortality reviews, and patient safety indicators (PSIs).
Failing to address these high-risk areas can have significant repercussions, particularly when they result in over- and under-payments. While underpayments have a financial impact in the form of revenue leakage, overpayments put healthcare organizations at even greater risk for poor audit outcomes, including repayment, penalties, and reputational harm — not to mention incorrect hospital report cards and the potential to disrupt payer contracts.
Identifying High-risk Areas
When it comes to mitigating the impact of high-risk coding errors, knowledge is power. The OIG regularly issues updates to its work plans, while CMS publishes ongoing communications on RAC and other audit findings, all of which should be continuously monitored for changes that may impact the healthcare organization. Additionally, a proactive and ongoing strategy is needed to ensure healthcare organizations stay ahead of problems within their coding departments by identifying and addressing high-risk areas.
The most effective strategy is one that is built on regular audits, analysis of identified defects in the coding process, and execution of process improvements based on those findings. It should include processes for continuously monitoring coding through quality assurance, rapidly intervening when corrections are required, and ongoing documentation improvement initiatives to achieve and maintain compliance.
Ideally, this strategy will focus on three key areas:
- Quality audit (QA) selection and training, including well-defined criteria for QA selection, a structured training program, and auditor assessments. The QA process flow should begin with conducting an audit inventory, during which key patient details, including account, financial, and encounter numbers and dates of service are gathered. Accounts are then selected using random, stratified, systematic, and rule/risk sampling methods. The method for the audit itself should be focus-driven and include a quality inspection plan.
Auditing and reporting should leverage stratified sampling, audit the auditors, and hold periodic feedback and education sessions. First, determine if the audit scoring methodology is defects per opportunity (DPO), defects per unit (DPU), or another weighted scoring method. Assign risk levels to each account based on such factors as coder quality, dollar value, etc., with higher-risk accounts prioritized for coding audits. Multiple levels of audits should be performed to ensure auditors are giving accurate feedback and audit the auditors themselves to ensure they are qualified to perform specific focus audits.
- Feedback should be shared with coders in real-time, providing ample opportunity for rebuttal before the audit is closed, and the findings are?? shared for action and intervention as needed. Documentation improvement opportunities should also be identified, and educational feedback provided to hospitals and physicians based on audit findings.
- Continuous improvement through root cause analysis, proactive management of sub-par performers, and an established action plan to drive ongoing improvements. This plan should be designed, evaluated, and periodically adjusted based on trends identified through the QA audit process. Doing so not only helps organizations to identify high-risk coding errors, which can then be singled out for ongoing monitoring and proactive intervention and education, but also adjust areas of focus when audits identify shifts in problem areas.
Correctly identifying and addressing high-risk areas is a resource-intensive process at a time when healthcare organizations are struggling with chronic labor and skill shortages on the clinical and administrative sides. For some, outsourcing to the right partner can be a viable solution, putting high-risk coding and audits in the hands of highly trained and credentialed professionals with experience in multiple practice settings. The right partner will also bring established best practices, strong leadership and governance, and critical technology tools, including automation, to the process — the latter of which is crucial to an effective high-risk coding improvement strategy.
The Role of Data and Technology
While the role of coding and auditing/compliance professionals is critical, the reality is that identifying and addressing high-risk coding errors is a data-intensive process. The right technology is needed to conduct the analytics necessary to identify historical error trends and ferret out root causes for targeted education and improvements.
Technology is advancing rapidly, and the introduction of artificial intelligence (AI), natural language processing (NLP), and machine learning (ML) into the audit process has changed the game on all sides. CMS, the OIG, and the Department of Justice (DOJ) have all invested in predictive modeling and AI tools to scrutinize claims more closely prior to adjudication and to reduce improper payments. Many commercial players also have these technologies in place.
Leveraging AI, NLP, and ML benefits the auditing process through advanced case-search and selection features that enable case sampling across a variety of parameters, as well as automated audit reports for audited cases with a code-by-code comparison of the coder and auditor versions. Collaborative platforms in particular allow coders to chat, review changes, and compare feedback, increasing efficiency, accuracy, and productivity.
Finally, AI-enabled reporting dashboards and quality management workflow tools make it easy to monitor variations and identify trends, streamlining and accelerating the organization’s ability to identify and respond to issues.
Avoiding a Costly Mistake
Failing to address high-risk coding errors can be a costly mistake in more ways than one. CMS and the OIG show no signs of backing down from their laser focus on HCC assignments — particularly considering that Medicare fee-for-service Comprehensive Error Rate Testing (CERT) identified $31.46 billion in improper payments during reporting year 2022 for an error rate of 7.46 percent. This puts healthcare organizations at risk for what can be a devastating financial and reputational blow if they come out on the losing side of an audit.
Nor is it just about audit risks. Ignoring high-risk coding errors or erring on the side of caution by under-coding can lead to significant revenue leakage at a time when hospitals are slowly emerging from a disastrous 2022 that saw billions in losses.
Having in place a strategic plan of action, coupled with the right technology solutions and, when appropriate, an outsourcing partner, can ensure healthcare organizations receive the highest appropriate reimbursement while mitigating the risk of external audits. Further, leveraging internal audit data analysis to identify trends and set up front-end custom edits based on those findings will help mitigate critical errors and improve overall coding quality.
Abhishek Kumar is senior vice president and global head of transformation with AGS Health, a provider of revenue cycle management technologies, services, and support.
Leigh Poland, RHIA, CCS, CDIP, is vice president of coding services and education with AGS Health.
Shanith Prabhakar, CPC, is associate director of operations with AGS Health.