Risk Assessment Policy

Objective

To develop and implement an audit structure for the Office for Billing Compliance ("OFBC”) to better protect the University and its providers from non-compliant billing, ensure sound and correct billing practices and avoid unnecessary refunds of monies received. This structure is designed to provide assessments and auditing routines to capture compliance issues that may arise in a division or a department or the institution as a whole.

Summary of the audit structure:

  1. Annual compliance provider audits scheduled after a risk assessment in each department by departmental compliance personnel with OFBC oversight. Annual audit shall consist of 15 services per provider and will include services of the type identified by the risk assessment and some services randomly selected for review. Any necessary subsequent follow up in education and re-audit will be completed. Providers will be audited each year.
  2. An annual institution wide compliance risk based assessment will be conducted by OFBC to determine areas of practice and billing which pose significant risk. This risk assessment is in addition to departmental risk assessments described above and will focus on issues that affect the institution as a whole. Targeted audits or corrective actions will be a result of the assessment.

Annual Compliance Audits

Utilizing MD Audit – Departmental compliance personnel will perform one annual audit per physician per year. The sample size is 15 patient claims based in part upon identified risk areas and some randomly selected, all billed within the prior 12 months. All other pass and fail requirements are unchanged for the annual audits. Meetings with Physicians, education sessions and re-auditing in 30 days will still take place as usual. Annual audits will be scheduled throughout the year (but after an annual risk assessment) to maintain year round auditing.

Reducing the compliance audit to once a year will allow us to complete risk assessments for each department.

Recommended factors to be taken into consideration for risk assessment:

  • High volume billing
  • High volume billing of higher paid services
  • Departmental systemic failures (MD audit statistical failures)
  • Repeated individual physician failures and repeated education sessions
  • External audit activity – CMS, OMIG, and commercial, work plans for federal payor
  • Claims denial patterns
  • Top 20 CPT-4 codes billed by volume and charge for both E&M and procedures
  • CPT-4/ICD-10 changes to codes – new and modified (January & October, of each year)
  • Medicare and Medicaid policy changes
  • Implementation of new programs, new ventures and processes with billing of services and codes
  • Critical Care Services
  • High level evaluation and managment services
  • Modifier -25

Compliance Risk Based Assessment by OFBC- Institution-wide

A risk based assessment will be performed in aggregate for the FPO, Dental School, and the School of Nursing by the OFBC once a year to be completed by the end of the of the year. The outcome of the assessment will inform the audit activity by the OFBC for the year for the entire institution.

The criteria for the assessment will be the same as above with an emphasis as how the data appears to affect the institution as a whole. This will be different than the departmental focus to some degree.

This risk based assessment will be completed by the central compliance office.

 

Some factors to be taken into consideration for Risk Assessment – institution wide:

  • Departmental systemic failures (Reflected in audit results)
  • Repeated individual physician failures and repeated education sessions
  • External audit activity – CMS, OMIG, and commercial
  • Claims denial patterns
  • Top 20 CPT-4 codes billed by volume and charge for both E&M’s and procedures
  • CPT-4 /ICD-10 changes to codes – new and modified (January & October of each year)
  • Medicare and Medicaid policy changes
  • Implementation of new programs, new ventures and processes with billing of services and codes
  • Departmental Credit Balance statistics and creation rates
  • Acquisition of outside practices
  • MD Audit utilization by departments
  • NYP and CU shared personnel
  • The Hotline
  • A confidential source
  • Departmental personnel
  • Patient complaints, and any other source from which comes an issue that affects the entire institution.

Research Risk Based Assessment Institution

A Research risk based assessment will be performed for the institution once a year by the OFBC. The outcome of the assessment will inform the research audit activity for the year for the entire institution.

Process for Research Risk Based Assessment

  • Studies with a large volume of clinical services in the budget
  • Implantable device studies
  • Studies expected to have high enrollment number of subjects
  • Previous history of compliance concerns
  • No research coordinator or few study personnel associated with the study
  • New Investigators
  • Departments with large number of studies
  • Studies involving minors

Process for Research Risk Based Assessment

  1. Obtain information from Clinical Trials Office, Institutional Review Board, Rascal, study coordinators on the number of studies and categorize then into the criteria above
  2. Review for studies that fit the criteria and choose a targeted sample of studies to review for the year
  3. Review each study


    Office for Billing Compliance
    Policy#: OFBC 1009
    Original Date of Issue:1996
    Revised: 3/22/2023
    Reviewed: 3/1/2024