Audit Subject |
Purpose |
Scope |
Lead Person Responsible |
Department |
Projected Timing |
---|---|---|---|---|---|
Medical Necessity of Diagnostic CT and MRI |
To determine compliance with CMS guidelines including physician order, place of service, prior authorization, documentation requirements, specificity of exam, etc. |
Small physician practice may be 100% prospective review with large organizations at 10% prospective review |
[name] |
Compliance |
1st Quarter |
Exclusion Review of Employees, Contractors, Vendors |
To validate that exclusion review is being performed at hire and every 30 days on physicians, employees, contractors, vendors |
100% review of exclusion monitoring reports for past 12 months; validate a random sample of exclusion reviews reported |
[name] |
Compliance |
1st Quarter |
Evaluation & Management Documentation & Coding |
To determine compliance with E/M coding guidelines. |
Retrospective review of medical records with DOS January 1-March 31, 20xx Statistically valid random sample |
[name] |
Compliance |
2nd Quarter |
Physician Contract Review |
To assess compliance with Stark and/or Anti-Kickback Statute; to assess compliance with terms of contract; to review physician compensation |
Small physician practice – all contracts. Large organization – random sample |
[name] |
Compliance and Legal |
3rd Quarter |
HIPAA Privacy & Security Measures Implemented for Telehealth |
To determine if provider is using approved telehealth platform; to determine whether a BAA exists; to determine if informed consent for telemedicine was obtained from the patient; to determine whether a system for monitoring communications containing ePHI have been implemented; to determine whether only authorized users have access to ePHI |
Statistically valid random sample |
[name] |
Privacy and Compliance |
4th Quarter |
Note: This is only a sample of a simple Compliance Program Audit Plan. Actual audit subjects, purpose, scope, department, and projected timing will be based on the specific provider type (i.e., small physician practice, outpatient clinic, inpatient facility), the provider’s high-risk areas, and available resources.