Governmental agencies and certain private entities are authorized to conduct healthcare audits of healthcare entities.
Broadly speaking, an audit is a review or investigation of an entity’s compliance with external requirements (e.g., laws and regulations) and/or internal requirements (e.g., its own policies, procedures, and processes). Audits may be conducted internally—that is, by the healthcare entity itself—or by an outside auditor.
Two examples of outside auditors are the Centers for Medicare and Medicaid Services (CMS), and the insurance payors. The Centers for Medicare Services (CMS) sometimes conducts certain audits of its programs. Insurance payors may conduct audits of affiliated healthcare providers with whom they are affiliated.
In this article, we’ll explore the various types of healthcare audits that an entity might be subject to. We’ll also discuss how compliance software can play an important role as you navigate an audit.
What is an Audit in Healthcare?
A healthcare audit, as noted above, is a review or investigation of an entity’s compliance, internal and/or external. An audit in healthcare serves, in part, to hold healthcare entities accountable for adherence to laws, policies, and processes.
This includes healthcare laws such as HIPAA, the Anti-Kickback Statute, Medicare, and Medicaid. Policies describe the measures taken by an organization to adhere to a law, a standard, or a process of some kind. Processes include processes for, identifying errors, discrepancies, or deficiencies in practices or documentation, among other things.
A healthcare audit can be instructive: a healthcare audit can unearth factors contributing to nonadherence to law, policy, or practice in the form of errors, mistakes, inaction, or misconduct. The findings of an audit might provide a healthcare entity with the opportunity to remedy its deficiencies, which in turn gives the entity an opportunity to improve its compliance postures.
Types of Healthcare Audits
A healthcare organization typically faces many types of audits, which can be classified as internal or external.
Internal Audits
An internal audit identifies areas for improvement within the organization to ensure compliance with healthcare regulations, policies, and/or processes. The audit is conducted by a designated individual within the entity. An internal audit is an excellent opportunity to detect factors contributing to non-compliance, mitigate risk, and address potential problems.
A variety of internal audits can be conducted. Some of these include:
- Clinical audit: Identifies needed improvements in practices related to patient care.
- Coding and documentation audit: Assesses the accuracy and completeness of medical documentation and billing codes.
- Financial audit: Determines the accuracy of the organization’s financial statements and records and its compliance with financial laws and regulations.
- Operational audit: Consists of an evaluation of systems and processes that contribute to the organization’s business performance.
- Privacy and security audit: Assesses the organization’s infrastructure security and information privacy and the extent to which they comply with Health Insurance Portability and Accountability Act standards and other data privacy and security laws, regulations, practices, or frameworks.
- Quality improvement audit: Investigates the patient experience and identifies and implements improvements in care.
External Audits
A governmental entity or an insurance payor may conduct an external healthcare audit.
Many hospitals and other healthcare organizations are subject to external audits by the government. The U.S. Office of Inspector General in the Department of Health and Human Services maintains oversight over healthcare audits at the federal level. As OIG notes, one purpose of audits is to “[ ] assist HHS-OIG in fulfilling its oversight responsibility to provide assurance that non-Federal entities receiving Federal funds for HHS programs are properly administering and using the funds for their intended purposes and in compliance with Federal requirements.”
An insurance payor may conduct an audit to determine whether the healthcare entity is complying with the terms of its agreement(s) with that payor. The insurance payor may, for example, as part of its audit, evaluate whether an entity is observing proper billing and coding practices.
Other types of audits may include a third-party “expert” audit. These audits are typically specialized investigations of specific compliance aspects, such as cybersecurity or adherence to data privacy requirements. Sometimes, a governmental agency may delegate an auditing function to a third-party expert.
Healthcare Audit Solutions From Compliance Software
When facing an internal or external audit, keeping track of the necessary documentation and demonstrating adherence to regulations, policies, and processes can be difficult. Fortunately, compliance service providers like Compliancy Group offer software to help you prepare and respond to an audit.
With the right software, you can prepare for and handle a healthcare audit like a pro. A comprehensive software package from Compliancy Group will help you track the progress of your audit and make it easier for you to:
- Keep track of standards across various sets of healthcare regulations
- Manage, store, share, and create documents
- Simplify information retrieval
- Conduct risk assessments and report the results
- Send training renewal reminders
- Streamline incident reporting
At Compliancy Group, we provide healthcare audit solutions for various organizations. Before facing your next healthcare audit, contact Compliancy Group today to learn how to make the process easier for your organization.
