By Karen Zupko
Source: Physicians Practice
Physicians are first concerned with treating patients. But they are also business owners. It is a
mistake not to review potential areas of risk.
The end of the year is a great time for physicians to review practice operations and policies and
assess what’s being done well, what can be improved, and where priorities for next year lie.
Reducing overhead and improving collections are no doubt high on that list. But don’t overlook the
importance of managing risks — here are five that we find, all too often, are unaddressed in
1. Not conducting background checks as part of the hiring process
Running a background check on your chosen candidate for any position is a critical aspect of
effective hiring. You’d be amazed at how many job candidates are up to their ears in debt, have been
convicted of a crime, or never attended the university listed on their resume (or perhaps any
university). For less than $100 per candidate, a background check provides valuable insight, and can
help you avoid adding unsavory characters to your team. Had one been conducted during a Chicago
practice’s recruitment process, for example, the physician wouldn’t have offered a position to a thief
who took off with $250,000 in practice receipts. The employee had previously been convicted of
embezzlement, and a background check would have exposed this. Reduce your risk by conducting background checks for all final candidates. Trusted Employees is one company that provides this service at reasonable rates.
2. Being too casual about electronic safety
Do front-desk staff members keep their computer and clearinghouse login credentials on a Post-It
Note stuck to their desk? Do some employees know each other’s passwords because they’ve been
set up using the names of children or pets? Do physicians and/or the outside billing service login to
the practice management system or EHR remotely, using an unencrypted Internet channel? Is your
practice still using email instead of secure messaging to communicate with patients? If you can
answer yes to any of these questions, you are not alone. A lackadaisical attitude about Internet
safety is a common risk in physician practices. But with the number of healthcare data breaches
increasing, it’s more important than ever to practice good cyber-hygiene.
Start with simple steps, such as insisting that staff use strong passwords and not share them. Hire an
IT consultant to conduct a data security assessment (an annual HIPAA requirement that many
practices skip). Establish encrypted connections between all electronic sites and devices. And cease
and desist with emailing patients; move to secure messaging instead.
3. Under-coding E&M services
This is a revenue risk that can double as an audit risk if you under-code consistently.
First, coding a level below the service you actually deliver and document is a financial faux pas. You
may think that under-coding five established visits each week is no big deal. But, for example, $25
less reimbursement each time you under-code, multiplied by 48 weeks per year, adds up to $6,000
annually. And assuming you under-code new patients at this same volume, you’re up to $12,000.
Second, consistent under-coding can also draw unwanted payer attention to the practice. For
example, CMS analyzes coding patterns of physicians in the same specialty and state, as well as
national averages. Falling outside the bell curve of your peers’ coding patterns can make you a
potential audit target.
If you haven’t reviewed E&M usage in recent memory, generate a report from the computer system
of all E&M codes used for each physician, for a one-year time frame. Create bar graphs that show
each physician’s usage pattern, and request your specialty and state data from CMS to compare it
against the coding patterns of your physician colleagues. Or, to significantly short cut this arduous
process, use a tool such as the E&M Profile Analyzer. Enter your CPT data for each physician and the
product does the rest, producing easy-to-read graphs for analysis.
4. Abdicating vital knowledge
Although physicians and administrators don’t need to know every last software feature or
operational protocol, the medical practice is at risk if physician leaders don’t understand essential
business functions and review vital reports. If you know how to read the clearinghouse report, for
example, you’ll notice when staff has stopped correcting and re-submitting daily front-end claim
edits. If you take the time to review the adjustments report at least quarterly, you’ll be more apt to
ask questions about why so much is being written off to categories you don’t recognize. And if you
ask the billing team to provide a status of the top 10 largest account balances each month, you’ll get
a sense of how well denials and revenue cycle are being managed.
5. Sloppy cash controls
Poor cash controls are still one of the most common risks we discover during our consultations. Make
sure the practice’s "daily close procedure" balances charges and collected amounts with the totals
shown on computer reports. Reconcile patient encounter forms and electronic numbers daily to be
sure each has been "closed out." Make sure the month-end bank balance matches the
practice-management system report of total collections. Don’t allow the person who opens the mail
to post payments or write refund checks. And no one but physician owners should sign checks.
Contact your accountant and arrange for a year-end assessment of cash handling procedures. Make
2017 the year you seal the holes and make cash controls airtight.
Karen Zupko is president of practice-management consulting and training firm KarenZupko &
Associates, Inc., which has been working for and with physicians for more than 30 years.