Blog Post

Compliance Program Oversight of Revenue Cycle Management (RCM)

Richard P. Kusserow | September 2019

Get tips and suggestions for proper RCM compliance oversight from compliance expert Dr. Cornelia Dorfschmid, PhD

Earlier this year, the DOJ’s Criminal Division issued updated guidance on what prosecutors would consider when they evaluate corporate compliance programs in prosecution situations. One key feature the DOJ will review to assess the quality and effectiveness of compliance programs involves how well risk assessments are conducted. It is also noteworthy that an annual risk assessment and review process is often included in Department of Health and Human Services Office of Inspector General Corporate Integrity Agreements (CIAs). The absence of controls are among the biggest risks faced by health care entities. These include the undesirable consequences arising from: (a) inappropriate arrangements with providers (Anti-Kickback Statute and Stark Law); and (b) revenue integrity/revenue cycle management (RI/RCM) processes. Properly addressing RCM requires a multi-dimensional approach. On the operational level, it must be deployed through appropriate monitoring strategies. On the compliance front, appropriate compliance auditing and oversight responsibilities must be dedicated to RCM. Leadership and the board must be provided with sufficient and actionable information to make strategic decisions. However, many compliance officers are often busy keeping up with the ever-changing legal and regulatory environment, and they are reduced to firefighting numerous complaints and delivering compliance reports. In many cases compliance officers are not sufficiently versed in RCM to understand what is needed or how to do it.  Failure to take a strategic approach to address this issue area could be a costly mistake.

Carving out a separate RCM compliance oversight function will keep risk assessment processes focused. It will automatically tackle challenges while showing a path to demonstrating “reasonable diligence” in the era of the Medicare Overpayment Rule that requires proactive compliance auditing strategies. As a key in meeting the RCM challenge, organizations should establish a subcommittee for their Executive Compliance Committee to oversee common RCM vulnerabilities and risk areas such as denials management, credit balances, write-offs, Medicare secondary payor and coordination of benefits, licensure and certification issues, billing accuracy, billing and coding staff skill sets, 60-day report and refund processes, and regulatory update tracking, among other things.  Organizations should also develop: (a) an annual plan; (b) acquire RCM subject matter experts to advise and assist; and (c) establish reporting duties.

For more information on this subject, contact Dr. Cornelia Dorfschmid at or via phone at (703) 535-1419.

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 3,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog