This article is initially available on our podcast. Click here to listen.

We’re going to touch on compliance and data, and analytics to help ensure regulatory compliance from coding and billing.

How are you addressing compliance?

One of the things that we would challenge people to consider is, “How are you thinking about compliance?” We don’t even mean like, “What’s your thought process?” or “What structure are you using?” There are fundamental existential kinds of questions like, “What do you know? What do you think you know versus what do you know? And how do you know it?” In other words, how do you measure compliance? Is it qualitative, or is it quantitative? Are you using analytical tools now to ensure compliance?

Why is this significant?

Part of why this is so important is the question of, “Are you staying ahead of enforcement?” Nobody wants to be in some newspaper article indicating a problem with a particular healthcare organization, provider organization, and hospital system. We’re not saying that you have to do something different because we don’t know what you’re doing at this stage. But consider a different approach. Using data can improve things.

The ever-expanding regulatory landscape

A couple of years ago, back in 2018, the penalties got a lot larger for fraud and abuse under the Bipartisan Budget Act of 2018. It went up essentially to $11,000 per claim. Yes, that’s right—$ 11,000 per claim. If you’ve got 1,000 claims that were billed fraudulently, that’s an $11 million price tag. It’s staggering. It’s an enormous amount of money.

But that’s not all.

The benefits to whistleblowers have now also gotten massive. That means that if you’re not really on top of things and somebody has access to that information inside, who can see it, and they share that information, they have an enormous profit motivation now to do so. Be careful!

Analytics in compliance has moved into the mainstream. Once upon a time, we thought that this was futuristic, but it’s been going on for a long time. 

Even something like the IRS, the Department of Justice, Securities and Exchange Commission, all kinds of regulatory organizations now use analytics to ensure compliance and find organizations and individuals who are not in compliance. Everybody’s through with the IRS, obviously, and submitting their taxes, whether they do it individually or they have an accountant or an accounting firm do it for them.

Automated analytics replaces manual audits

IRS audits have dropped in recent years. The reason why audits have declined is that they’re effectively auditing everyone using analytics. When you have an accurate “audit,” that’s not what we used to think of. We used to think of auditing as like, “Oh, they’re now going to request records and dive into your information and try to figure out what’s going on.” That ship sailed. They’re doing that on everybody now automatically because they have access to so much data that they can cross-reference everywhere and mine that data. 

So they’re doing auditing on everybody in the traditional sense we used to think of. Now, because they do those analytics on everybody, their version of audit is effectively they’ve caught you, and they’re coming after you once you get the letter in the mail. That’s not an audit. You’re in trouble.

As we mentioned, the Department of Justice, the DOJ, and the SEC are all using analytics. Even those kinds of organizations require the companies that they monitor to use analytics in their compliance programs. The critical element is what they say “identification controls and detection through analysis and information gathering.” 

Are your processes compliant?

Thus, there are specific requirements for compliance. Not only do they use analytics, but they require the organizations that they monitor to themselves use analytics in their compliance programs to be compliant.

It’s a little bit meta, but you need to be using data and analytics to be compliant, not just because you have to find the problem, but because you have to be using analytics to be compliant. Otherwise, you’re not in compliance. 

Even if you don’t have any issues, you’re out of compliance if you’re not using analytic tools to ensure compliance. I know that sounds crazy, but that’s the world we’re living in now. The SEC has been doing this for a long time, actually, and CMS has increased its focus on compliance lately.

I all comes down to this.

How long is it going to be before the OIG files a suit? He’s essentially analyzing probably already every claim, using analytics to uncover and identify fraud and then nailing people to the wall. We’ll get to that in another podcast.

Final thought

Shortly, I would expect to see a much greater incidence of fraud claims and, at the very least, abuse claims against a widespread path of organizations, provider organizations in the United States, where they identify some irregularity or error.