Hospitals, like all healthcare organizations, are subject to numerous state and federal laws, rules, and regulations. However, unlike other medical institutions, hospitals often face scrutiny from state and federal authorities because of the huge role they play in the U.S. healthcare system.
As a result, compliance must be a priority for hospitals, while compliance must be a priority for all healthcare organizations. In particular Make sure you keep the ducks in line for risk management purposes. Hospital administrators and compliance officers must have confidence in the effectiveness of their compliance program and the internal controls of their healthcare organization. You must also demonstrate that you are operating effectively and be prepared to demonstrate this effectiveness to state and federal authorities when required.
“Performing regularly scheduled internal audits is a key component of an effective medical compliance program for a hospital. Hospitals conduct these audits to gain a clear understanding of the health of their compliance program. Not only is there a need, but being able to demonstrate an ongoing commitment to assessing and maintaining compliance can also be important when dealing with state or federal authorities.” – Dr. Nick Oberheiden, Oberheiden PC Founding Attorney
One of the most effective ways for healthcare organizations and hospitals to maintain and demonstrate compliance is to conduct regular internal audits and keep hospital boards informed throughout the internal audit process. In an ideal scenario, these internal audits act as risk assessments to ensure hospital compliance, and the documentation of hospital audits is a successful (or “passed”) simply added to the pile of records documenting the audit. However, if a hospital has compliance issues that need to be addressed, conducting regularly scheduled internal audits will ensure that the hospital identifies these failures and major issues before state or federal authorities (such as the Medicare Center). risk can be addressed in a timely manner. Medicaid Services (CMS) or Medicare Fraud Control Unit (MFCU)) will discover them during an external audit or investigation.
Conducting an effective audit is a multi-step process that requires structure, organization, accountability, teamwork, a disciplined approach, and in-depth knowledge of all relevant sources of state and federal authorities. It also requires an unbiased approach, as the goal is to accurately assess and understand the state of a hospital’s compliance program (how to check compliance to ensure a passing score, how to twist compliance failures, etc.). ). For hospitals, conducting internal audits also requires precision and resourcefulness, such as: (ii) failure to identify all relevant sources may result in a less comprehensive assessment; (iii) Failure to protect confidential information revealed during an audit may create unnecessary risk in the event of external inquiries.
10 Steps to Conducting an Internal Hospital Audit for Compliance
With all this in mind, what does it take to conduct an effective internal compliance audit for your hospital? Here are 10 key steps to a successful internal audit and assessment.
1. Start an internal audit
Initiating an internal audit should be a formal process. Hospitals should engage outside attorneys specifically for audits, and hospital contracts should make it clear that the attorney will advise and represent the facility during the internal audit process. This helps preserve attorney-client privilege. This can be important if an internal audit reveals adverse information.
Formalizing the internal audit also emphasizes the importance of the process and helps establish it as a time-limited event. Internal audits need to be efficient and not be dragged out by other priorities. Internal audits need a clear purpose, a clear beginning and a clear end.
2. Check your hospital’s compliance program
The purpose of an internal audit is to evaluate the effectiveness of a hospital’s compliance program and internal controls. Therefore, when conducting an internal audit, the compliance program itself must first be reviewed. All members of the internal audit team (both internal staff and external counsel) should have a clear understanding of what the hospital is doing. should do it This will help you identify clear compliance issues, concerns, key risks, or potential red flags.
Many hospitals and hospital departments have compliance checklists developed specifically for the purpose of evaluating compliance during internal audits. Providers who have these checklists have no problem using them as long as the checklists are current and reflect the hospital’s current compliance obligations.
3. Check current laws, rules and regulations
The laws, rules, and regulations that govern hospital operations change frequently. Conducting regularly scheduled internal audits serves not only as a mechanism for evaluating and maintaining hospital compliance with existing obligations, but also as a mechanism for identifying and addressing new obligations. . At the beginning of the audit process, hospital management and compliance personnel should work with outside legal counsel to ensure they are aware of any new applicable compliance obligations and to ensure that such obligations are communicated to the facility’s compliance program. and internal audit procedures. .
4. Assemble an internal audit team
Due to the size of the hospital and the complexity of its systems and operations, conducting an effective internal audit requires a carefully selected and talented team. The team should include the hospital’s Compliance Officer, Chief Information Officer, internal and external attorneys, and other individuals with relevant subject matter expertise that make up the internal audit team, such as claims managers and system managers. I have. In general, the same individual should continue to manage the hospital’s internal audit, but the hospital’s leadership and attorneys should ensure that certain individuals within the team fail to achieve the results of the audit process or jeopardize their interests. Risk must be carefully considered.
5. Assign roles, responsibilities and reporting obligations
Each member of the audit team should have a clearly defined role and defined operational responsibilities. Also, all team her members must have clear reporting obligations to ensure that all relevant findings are reflected in the audit report. Assigning the same roles and responsibilities to the same team members increases the efficiency of the audit process. However, again, hospital leaders and attorneys must be careful not to be overly comfortable or overly trusting of the teams they are staffed with. The audit process itself requires checks and balances to ensure it serves its intended purpose.
6. Identify all sources of relevant information
Comprehensiveness is key when conducting internal audits. The internal audit team must identify, collect, and research all relevant information from all data sources. If even one relevant source is overlooked (such as an employee’s smartphone or an off-site cloud server), internal audit effectiveness can be compromised. Importantly, in this scenario, there is more than just the risk that the audit will not discover relevant information. However, if this happened, hospital leadership would be unaware of the flaw. can get you into a dangerous situation.
7. Examine the data
Once the internal auditor and other members of the team have identified all relevant sources of information, the next step is to examine the evidence. This includes hospital billing data (including Medicare, private insurance, and other payer data), as well as information about hospital patient communication practices, privacy practices, telemedicine practices, prescribing practices, and other regulatory practices. is also included.there is many aspects of hospital compliance, and each aspect requires equal scrutiny. Again, if a hospital’s internal audit is not comprehensive in any way, it will compromise the effectiveness of the audit and prevent hospital management and the hospital board from making informed decisions. increase.
8. Conduct comprehensive compliance and risk management assessments
After reviewing the data, the hospital’s external compliance counsel conducts a comprehensive compliance assessment. This assessment has two main purposes. (i) to determine whether a hospital is adhering to its compliance program; (ii) determining whether the hospital’s compliance program meets all relevant legal and regulatory requirements; Evaluating compliance requires in-depth knowledge of all applicable laws, rules and regulations. As a result, it is imperative that healthcare organizations work with experienced outside attorneys who are specifically focused on their work in the area of healthcare compliance.
9. Properly document internal audits
In some respects, properly documenting an internal audit is just as important as conducting the audit itself. Without proof of audit completion and results, hospitals cannot demonstrate compliance to state or federal authorities. Similarly, the lack of critical information in a hospital’s internal audit documentation raises questions about the adequacy of the audit and, in turn, the adequacy of the hospital’s compliance program.
10. Determine (and Take) Appropriate Next Steps
Finally, once the audit process is complete, hospital management and compliance officers should work with outside counsel to determine (and take) appropriate next steps. If the audit confirms the hospital is fully compliant, the next step may simply be to maintain the status quo. However, if an audit reveals compliance deficiencies in any area of the hospital’s operations, hospital management should work with outside legal counsel to update the hospital’s compliance program and review the hospital’s past compliance. The deficiencies need to be addressed quickly, both in terms of correcting failures.
