How comprehensive are documentation and coding rules in your risk adjustment (RA) organization? Coders and auditors following ICD-10-CM guidelines and conventions, regulations from the Centers for Medicare & Medicaid Services (CMS), and the American Hospital Association’s Coding Clinic can get you to a 90 percent accuracy rate. But in an industry that expects 95 percent, closing the remaining quality gap could be expensive, especially in these days of extrapolation.
The answer is not cheap, fast, or easy, but it is necessary: Create internal risk adjustment documentation and coding guidelines for the grey areas that cost your organization time or money or have a direct effect on quality. Internal coding guidelines can ensure that all appropriate codes are captured with consistency and compliance across your team, and they provide the framework for defense arguments in any negative audit.
Internal coding policies are an investment to create and maintain. Some organizations pay consultants to develop gap-fill coding policies that can be acquired off-the-shelf or customized for specialty needs. Others choose to assign responsibility of policy development to an individual or to a department like coding education, quality assurance, or clinical documentation integrity (CDI). Whether created internally or externally, the policies will require ongoing maintenance.
Establishing Internal Coding Policies
There are seven essential steps to creating internal coding policies for risk adjustment:
- Research to ensure that a policy does not exist in ICD-10-CM, CMS regulations, or Coding Clinic.
- If a policy gap does exist, determine whether your organization should address it with a new policy due to lost revenue, lost productivity, or audit risk. Some issues are simply too insignificant for the resources required to fix them. But the risks of continuing without a policy should be examined.
- Research and draft the policy.
- Engage leadership. A new policy may affect revenues to such a degree that leadership would prefer to shoulder negative audit risks. Alternately, a new policy may have no impact on revenue but improve productivity significantly and therefore be a favorable change. Be prepared to discuss the impact of a policy proposal based on data analytics and compliance trends.
- Finalize the policy language and get leadership’s final approval. The policy itself should use plain, direct language.
- Deploy and manage the policy. Begin with an announcement of the new policy and train the health information technology team on how the policy was derived, providing citations and logic. Place the policy in an online, accessible database or document containing all internal policies for coding and documentation.
- Manage the policy over time. New guidance or new codes may render the new policy obsolete, at which time this should be communicated to all parties so the policy can be archived. Keep all archived policies indefinitely, as they may be useful in a future audit.
When creating internal policies, the biggest resource your organization has are the staff coders, auditors, and CDI teams. They will know where the problems are and appreciate participating. Providers may also be able to point out problem areas. Increasingly, CMS is looking at clinical validation issues in outpatient claims, too. It may be appropriate to review specialty diagnostic guidelines and address them in the coding policies.
Examining Government Audit Reports
To see what the government auditors are thinking, study Office of Inspector General (OIG) risk adjustment audit reports online and apply filters for Audit as the Report Type, with Medicare Part C and Medicare Part D as the financial groups. Review of a few recent reports published online will give readers a clear view of what the OIG is targeting and why.
For example, one audit states that while the claim reported that the patient has major depressive disorder, the patient had no behavioral health encounters or prescriptions for the entire calendar year. This diagnosis was denied for lack of clinical validity. Another claim was denied because, while the patient was documented as having a history of systemic lupus erythematosus (SLE), SLE was identified only in past medical history and not monitored or treated in the current year. It was therefore ineligible for validation. This finding runs counter to many organizations’ chronic condition coding policies but aligns with CMS’ Contract-Level RADV Medical Record Reviewer Guidance, page 42, which states, “Evaluate conditions listed for chronicity and support in the full medical record, such as history, medications, and final assessment.”
When choosing where to begin, consider what is self-apparent to the team. A great topic to tackle is what constitutes “support” of a diagnosis, as CMS requires “support” for each hierarchal condition category (HCC) being validated in an audit, but does not really define what is considered sufficient for “support,” though the Medical Record Reviewer Guidance and OIG audit reports define in many cases what doesn’t qualify as “support.”
Each organization has its own handful of thorny topics, and these should be considered, too. For example, if your coders are confused that ICD-10-CM uses Sepsis 2 definitions in the classification, but the providers are sometimes documenting using Sepsis 3 criteria (which is quite different), a policy could help. Your electronic health record (EHR) may be preloading past documentation into a new encounter, and coders may be uncertain how to determine whether the information should be considered part of today’s encounter.
When you begin to research your topic, remember to stick to sources with the highest levels of authority: CMS documents, ICD-10-CM itself, and AHA’s Coding Clinic. Specialty societies and peer-reviewed journals may be helpful. Objectivity and timeliness are the key. Avoid all crowdsourcing, bloggers, and opinions, unless you are asking for citations.
When we create robust policies and procedures for risk adjustment coding, it brings consistency to our coding results and reduces our risk of an audit, as well as reducing our error rate if we are audited. It increases productivity as well as quality because everyone is playing by the same rules. Most importantly, when an organization invests in developing and maintaining coding policies and procedures, it telegraphs to coders that leadership understands coding issues and is willing to invest in its coders. It also communicates to prospective and existing employees and to CMS that quality counts in your organization, a reputation all risk adjustment organizations should be striving to attain.
Sheri Poe Bernard, CCS-P, CRC, CPC, is the managing risk adjustment consultant at Granite GRC Consulting and is based in Salt Lake City. She is the author of the AMA publication’s Risk Adjustment Documentation & Coding, which provides guidance for providers and coders, and Netter’s Atlas of Surgical Anatomy for CPT Coding. You can watch her presentation, "Risk Adjustment Policies and Procedures to Protect Your Organization," from the AHIMA 2025 Virtual Coding Summit on demand.
By Sheri Poe Bernard, CCS-P, CRC, CPC