Mock Compliance Audits
Organizations face complex regulatory and legal requirements in today’s highly regulated, ever-changing healthcare environment. They may fall short of what is required to remain in compliance. If deficiencies are not identified and addressed, it can result in potential liabilities.
One way to meet the challenges is to have mock audits of compliance high-risk areas to identify and address any weaknesses.
What is a Mock Audit?
A mock audit is a proactive tool used to prepare for official regulatory audits. While the definition of mock audit does not explicitly state it must be run by an external organization, it is typically run by an expert third-party. The review and assessment process simulates the form and substance of a typical regulatory audit or examination.
This enables organizations to identify and mitigate potential liabilities before they are flagged by real audits – helping them avoid potential penalties and fines. It will typically include two key elements:
- Reviewing existing policies, procedures, internal controls, and practices against regulatory standards and mandates in process or systems review contexts.
- Running transactional reviews, such as claims audits, arrangements audits, and others
The scope will vary according to needs but typically reviews operational processes or documents (claims, contracts) against specific standards. The whole point is to simulate closely what will take place during an actual program audit or transactions review.
Why Mock Audits Are Important in the Healthcare Industry
Mock audits are essential to help manage the level of regulatory scrutiny healthcare organizations face. They
- Improve Compliance: An outside perspective helps to identify compliance blind spots that may be less obvious to individuals working within an organization. Existing processes, policies, or protocols may contain hidden risks that become invisible when you follow them every day.
- Prepare for Audits: Mock audits help compliance teams understand and prepare for future audits. Not only does this mean improving compliance, but it can also mean getting the right paperwork in place to prove specific forms of compliance.
- Evidence Compliance Efforts: Healthcare organizations are expected to prove ongoing efforts to improve their compliance posture and adapt to changing requirements. This is particularly important as it pertains to technology, as healthcare tech is quickly evolving and the potential risks to patients must be carefully and effectively addressed at all times. Mock audits also help to build a culture of continuous improvement, as they keep employees aware of the importance of compliance.
Ultimately, mock audits help to protect patients through improved compliance; ensure organizations avoid non-compliance fines and reputation damage; and create a safer and more compliance-focused culture.
How Mock Audits Help Navigate Healthcare Compliance
Preparing for Key Healthcare Regulatory Audits
The decision to have a mock audit is usually triggered by an event, identified program weaknesses, increased focus of regulatory agencies, expectation of audit by outside authority, requests by boards, etc..
A few common examples include:
- CMS audits
- Joint Commission surveys
- State health department inspections
- HIPAA compliance reviews
For the Compliance Program, periodic evaluations (mock audits) by outside experts are called for by the OIG and mandated in numerous CIAs.
What Can Mock Audits Cover?
Mock audits help healthcare compliance teams prepare for a wide range of potential regulatory audits. The most common mock audits are for:
- HIPAA Privacy/Security: Evaluating the efficacy of your data privacy and security controls, ranging from IT infrastructure to employee training.
- Claims Processing: Ensuring your current billing system aligns with requirements from the CMS. All treatments and conditions must be accurately coded and submitted for risk adjustment, along with clear evidence that they were medically necessary
- Physician Arrangements: Assessing your physician arrangements ensure compliance with the Anti-Kickback Statute, Stark Law, and other key regulations. This would require a thorough analysis of existing arrangements, as well as the systems designed to manage and mitigate the risks of negative incentives.
- EMTALA: Identifying potential non-compliance with the Emergency Medical Treatment and Labor Act (EMTALA). This would involve barriers that keep patients from accessing potentially life-saving care based on their insurance situation.
- OSHA: Scrutinizing your workplace practices to ensure they align with the latest Occupational Safety and Health Administration (OSHA) guidelines. This typically involves evaluating workers safety and hazard management, including the management of potentially contagious patients and the provision of personal protective equipment (PPE)
- Research Compliance: Reviewing your research practices and funding processes to ensure they are safe and compliant
There are also key regulations that apply to specific areas of the healthcare industry, such as physicians at teaching hospitals (PATH).
How to Perform Effective Mock Audits
To conduct a mock audit, a team of experts will (a) request and review existing process documentation and documentary evidence, (b) examine internal controls, (c) conduct a process review or transactions review, (d) interview program staff, (e) evaluate the evidence, and (f) prepare a report of findings and recommendations. But the process is far from simple and there are a few key factors to consider:
Key Personnel: Who is Responsible for Mock Audits?
One critical component of a successful mock audit is to have subject matter experts knowledgeable of the audit area. Mock audits can be performed using internal staff but commonly involve engaging qualified third-party consultants with expertise and experience in the area to be reviewed and audit processes being mimicked. Results of reviews by outside experts also generally carry greater weight and credibility to outside authorities.
Audit Complexity: Developing a Comprehensive Mock Audit Checklist for Healthcare
Healthcare compliance audits are complex and often a wide range of factors – making it easy to overlook key factors. That is why most mock audit teams require a checklist to guide their assessments and ensure they cover all elements that might be touched upon, including:
- Data privacy and security controls
- Emergency preparedness and contingency planning
- Operational integrity and efficiency
Along with any other area in which you have specific compliance concerns.
Objective Output: Understanding the Mock Audit Report
Your mock audit should produce a comprehensive report that codifies the findings and provides clear guidance on remediation action. This should include:
- An executive summary
- Key findings, broken into distinct categories
- Observations based on the audit process
- Remediation recommendations
Most importantly, it should be written in clear language that makes its findings immediately clear and actionable.
Conduct Mock Audits with Strategic Management Services
Mock audits are a vital resource for healthcare compliance teams, but many struggle to find a partner with the requisite industry expertise – which is why so many rely upon Strategic Management Services.
Our team runs comprehensive mock audits to quickly evaluate your posture and recommend remediation measures across all areas of healthcare compliance. From identifying HIPAA blindspots to ensuring your billing is safe and compliant, we can assess your entire organization.
Want to prepare for your next audit with confidence?
Subscribe to blog