Corporate Compliance

1. Audit your top compliance risk areas
2. Seven steps to test HIPAA information security
3. Gov't audit insider

Healthcare Auditing Weekly, July 1, 2003

Health Care Auditing Strategies
NEW Newsletter
Guide to Compliance Auditing: Applying OIG Techniques and Tools
Strategies for Health Care Compliance
July 1, 2003
Vol. 1, No. 9

SUBSCRIBE to Health Care Auditing Weekly



Confused about how to code injections and infusions? Join the club.

Hundreds, perhaps thousands of your colleagues are in a similar spot, struggling to understand how to handle this significant portion of health care billing. Our earlier audioconference on this subject was so popular we're bringing back the speakers for another, new program. You'll want to be with us again. Bring your questions! To learn more or to register, CLICK HERE or call our customer service department at 800/650-6787. Be sure to mention source code EZ1295D.



Auditing news and tips

Sample audit programs (For subscribers to Health Care Auditing Strategies only)

Sample compliance policies and procedures. (For subscribers to Strategies for Health Care Compliance only)

The OIG Work Plan for Fiscal Year 2003

Ask the Expert

Tip of the Week

Compliance Hot Topics: Auditing, Billing and Coding, EMTALA, Stark, HIPAA

Question of the Week

In This Week's Issue

  1. Audit your top compliance risk areas
  2. Seven steps to test HIPAA information security
  3. Gov't audit insider

This Week's Headlines

1. Audit your top compliance risk areas

Use a "finders and fixers" plan to review and correct your organization's biggest compliance issues. After performing your audit, help staff members identify their problem areas, then show each worker how you uncovered them and how they can prevent them. The list below is a starting point for some of the key areas to audit internally:

  • All areas of risk as identified in the Office of Inspector General (OIG) work plan
  • The UB-92 and chargemaster for new codes, old codes, and deleted codes
  • Review your denial management process-are back-end fixes being made
  • Review billing of pass-though items, especially from 2001 to 2002
  • Review units of service reporting, especially for drugs; determine whether rebilling opportunities exist
  • Review the charge capture process in the emergency department, as well as other departments
  • Audit modifier usage, especially -25, -52, 59, 72, and 74
  • Check evaluation and management guidelines created and the distribution of code levels

    For more on analyzing your outlier exposure, order the book "Compliance Troubleshooter: Tackling the Top 10 Compliance Challenges." This book features information on The False Claims Act, outlier payments, quality of care, economic and traditional economic credentialing criteria, EMTALA, nonphysician practitioners, billing and documentation, outpatient prospective payment system, Stark, and inpatient compliance issues. Click here for more information or to order.

    Back to top

    Health Care Auditing Strategies

    "Health Care Auditing Strategies," the new 12-page monthly newsletter, can help you get the most out of your audits. It offers practical how-to articles, sample policies and procedures, best practices, and auditing techniques for specific areas, including coding systems, billing systems, cost reports, credentialing processes, employee background checks, education and training programs, and quality of care. For more information, including how you can save 10%, go to Or, call 800/650-6787 and mention Source Code EN1231A.

    2. Seven steps to test HIPAA information security

    The security portion of the Health Insurance Portability and Accountability Act of 1996 requires organizations to test their information security programs. Testing the different aspects of your security program can be daunting, so don't expect to get it done in one week-and don't consider it a one-time task.

    Instead, develop an annual plan of ongoing tests and assessments, says Rick Ensenbach, CISSP, CISA, director of information security at Conseco Finance Corporation in St. Paul, MN. "If you have a well-developed plan and some help, you should be able to cover all of the systems by the end of the year."

    He recommends including the following seven steps in your plan:

    1. Assessing network perimeter. Check your organization's external network perimeter to determine what services (firewall ports) you have open.
    2. Vulnerability scanning. This type of testing comes in two flavors-network-based (external) or host-based (internal). You should do both.
    3. Penetration testing. This involves trying to break into your organization's network using known security weaknesses or vulnerabilities.

    For all seven steps, and more information on these three steps, order the pay-per-view article "HIPAA: How to test information security." The article costs $10. Subscribers to the online version of Health Care Auditing Strategies have free access to it. Subscribers to the print edition can find it in their June issues.

    Or for only $23 per month, you can get even more auditing best practices and how-to articles by subscribing to Health Care Auditing Strategies. Click here to save 10% by ordering online.

    Back to top


    In addition to each 12-page monthly newsletter, Health Care Auditing Strategies (HCAS) subscribers receive the following benefits:

  • Audit talk-This is a free forum to network, share ideas, and solve problems for HCAS subscribers.

  • Audit advantage-Readers log on each month to the HCAS subscriber-only Web page that lists sample audit plans and government documents. Go to and enter the password that is printed in each issue of HCAS.

  • Fax and email alerts-When there's late breaking news that just can't wait until the next issue of HCAS, we'll fax or email the pertinent information to you immediately.

  • Editorial special reports-When there's a new regulation or news on laws related to health care auditors, our expert writers gather the necessary information and compile a special report. Subscribers received a free special report on the Sarbanes-Oxley Act with their May issues.

    Take advantage of these subscriber benefits, as well as auditing best practices and how-to articles by subscribing to Health Care Auditing Strategies. Save 10% by ordering online.


    Disproportionate share hospital payments

    The Office of Inspector General (OIG) performed this audit to verify that state disproportionate share hospital (DSH) payments made in fiscal year 1998 to the six Los Angeles County (LAC) hospitals did not exceed the hospital specific limits as imposed by the Omnibus Budget Reconciliation Act of 1993.

    The OIG used the following methodology:

    1. Analyzed data elements used by the state in the calculation of limits for LAC hospitals to determine compliance with applicable federal Medicaid states, code of federal regulations, and CMS guidance pertaining to the Medicaid programs. The review focused on the determination of the limit for the Medicaid inpatient DSH program.

    2. Applied the state's methodology using 1998 data obtained from the state's limit calculations, state provided demonstration expenses, and state payment schedules. The OIG also used Medicare cost report data that it obtained from CMS.

    3. Adjusted limits based on data provided by the state and CMS. The OIG's review of Medicaid revenues provided by the state was limited to Medicaid billing policy and provider numbers. It did not include transaction testing of the data processing systems used to identify and aggregate Medicaid revenues.

    4. Used the LAC hospitals' Medicare cost reports to identify the amounts for cost report adjustments and non-reimbursable cost centers. The OIG contacted each LAC hospital and the LAC Department of Health Services to learn the types of hospital activities reported in selected non-reimbursable cost centers on the LAC hospitals' cost reports.

    5. Obtained written confirmations from public hospitals to determine the amounts of funds transferred to public entities after receipt of DSH payments.

    6. Reviewed federal Medicaid statutes, codes of federal regulations, CMS guidance, California Welfare and Institutions Code, and the state plan for information on DSH payments. The OIG also interviewed CMS Region IX staff, as well as state personnel and copies of pertinent documentation.

    For more information on the OIG's "Audit of California's Medicaid Inpatient Disproportionate Share Hospital Payments for Los Angeles County Hospitals, State Fiscal Year 1998," go to

    Back to top


    To learn more about the Sarbanes-Oxley Act and how it affects internal auditors and compliance officers, order the special report "Sarbanes-Oxley Act: Impact on Health Care Organizations"

    Share the news!

    You've been benefiting from our informative e-mail newsletter, so why not pass on this resource to your peers? Sign up a colleague and get $20 off your next purchase on HCPro's Healthcare Marketplace!

    Send your comments and questions about Health Care Auditing Weekly to:

    Melissa Osborn
    Managing Editor

  • Health Care Auditing Weekly (c) 2003 HCPro, Inc. You have permission to forward Health Care Auditing Weekly, in its entirety only, to your colleagues, provided this copyright notice remains part of your transmission. Better yet, send them to where they can subscribe to the newsletter directly. All other rights reserved. None of this material may be reprinted without the expressed written permission of HCPro, Inc.

    DISCLAIMER Advice given is general, and readers should consult professional counsel for specific legal, ethical, or clinical questions. Users of this service should consult attorneys who are familiar with federal and state health laws.

    SPONSORSHIPS For information about sponsoring Health Care Auditing Weekly, contact Margo Padios at or call 781/639-1872 ext 3145. If you would like further information about any of HCPro's products, including books, seminars, videos, consulting services, or newsletters please visit

    YOUR SUBSCRIPTION You are receiving this message as a subscriber to Health Care Auditing Weekly. If you would like to unsubscribe, please visit If you do not have web access, please forward this email to: and type "Remove" in the body.

    Copyright 2003 HCPro, Inc.

    Most Popular