Demystifying IROs: What You Need to Know About Compliance Under a CIA
Healthicity
Share:
When healthcare organizations find themselves under a Corporate Integrity Agreement (CIA), the process can feel overwhelming. But there’s one partner that plays a pivotal role in navigating the requirements: the Independent Review Organization, or IRO.
In a recent episode of Compliance Conversations, CJ Wolf spoke with Stephani Scott, VP of AAPC Services, about what it's like to serve as an IRO—and why it’s more than just running audits.
Stephani shared the ins and outs of IRO responsibilities, including performing unbiased documentation and coding reviews, navigating strict timelines, and working closely with compliance and legal teams. She emphasized the importance of independence, explaining how IROs must be free of bias, with no prior connections to the organizations they review.
One particularly useful insight? The role of statistical sampling, including how tools like RAT-STATS are used to ensure valid, randomized claim reviews. Whether reviewing level 4 E/M services or modifier 25 usage, every CIA has specific requirements that IROs must meet.
Her parting advice? Don’t fear a CIA—embrace it. It's a chance to improve processes, expand compliance practices across your organization, and emerge stronger on the other side.
Ready to get smart on IROs and CIA compliance?
Episode Transcript
Welcome everybody to another episode of compliance conversations. I am CJ Wolf with Healthicity.
And today, our guest is Stephani Scott. Stephani, welcome to the podcast.
Thank you, CJ.
I am so excited that you agreed to talk to us a little bit today. We've got a great topic. Stephani has a lot of experience, in many areas, but especially in the one we're gonna talk about too. But, Stephani, before we get into our topic, we always love to have our guests tell us a little bit about themselves, maybe your professional background, what you're doing currently, anything you're comfortable sharing.
Sure. Would love to. So my name is Stephani Scott. I am the VP over AAPC Services here at AAPC. I've been with the company over thirteen years.
And during that time, I I do have to say it's been my favorite part of my career. I've I've been in health care for thirty years.
And, here at AAPC, I get a wonderful opportunity of working with different practice organizations from one dot practices to large academic health systems. I work with health plans. I work with other, revenue cycle groups. And so it's really super fun to work with all these different organizations and help, partner through the rev cycle, you know, the different challenges that they may have. So I'm very happy to be here. Thanks for asking me to join.
Yeah. And you guys do audits. You also probably do, like, proactive training. And, tell us a little bit more, if you're okay, about the kinds of things, the breadth. I just I'm always surprised. You guys do a lot.
Of course. So our main focus of services that we provide are coding and documentation audits for professional services as well as facility services.
So we get the opportunity to work with these different groups and help participate in their compliance program around the coding and documentation reviews or focus reviews, at risk reviews, things like that.
We also work with different attorney groups as subject matter experts if we, need to review specific cases and or do, expert witness testimony.
So we've got a a team that does that. We also have a team of of trainers that will come in and do either, new provider education training. Mostly, we provide training and education based off of the audits that we do where, you know, there's different opportunities for clinical documentation improvement.
So we might work Right.
With individual doctors or or do those sessions in groups or even go on-site. You know?
Now the last couple years, we've been starting to get quite a few requests for from customers to come on-site and organization.
Very good. Very good. And I I know Stephani well, and I know a lot of her team members, and they're a great group of of, professionals. So if you need help in those areas, I highly recommend you reach out to to Stephani.
And, Stephani, we wanna talk today about one of the things I know you guys do, and that are that is IROs or independent review organizations. You you do that line of work, don't you?
We absolutely do.
Yeah. Tell us just for our listeners. You know, our listeners, we have a lot of coders and auditors, but we have a lot of compliance professionals as well. Not everyone might everyone might not know what an IRO is and and what context that's in. You wanna tell us a little bit about what an IRO is?
Sure. So if an organization is found, by the OIG to have some discrepancies in their documentation and coding on bill claims that they might have to go under help me out, CJ.
What's the Yeah.
The the CIA or the corporate integrity agreement.
Yes. The corporate integrity agreement. And, usually, those last for a couple of years. Typically, we see about three years that they're under that, corporate integrity agreement.
And so one of those requirements is that that organization search out an independent review organization to perform those audits on a monthly or quarterly cadence. It really depends on what those different stipulations are with that agreement that they have. So that's how we get pulled in is, you know, we can serve as that independent review organization where there we don't have any bias or any, connections with those organizations. We actually have to sign a certificate of independence Right.
That attest to that. And then we Yeah. That opportunity to work with with the different groups under that, agreement.
Yeah. Yeah. And you and I were talking about this, a few weeks ago, I think, and and, you know, I read a lot of corporate integrity agreements, and most of some of our listeners do as well, and we all know that CIAs are public. So you can go on the OIG's website.
You can look at those. And when a CIA requires an IRO, there's usually, like, an appendix of kind of the requirements. And and to Stephani's point, you you have to certify to being independent. Right?
So you haven't worked for them before or have some sort of bias potentially. And so you certify to some independence because the OIG wants, you know, an entity external to to go in, to do a review, and to give, you know, as independent as possible type of opinion on how the coding and reimbursement is going. So so so you so do organizations reach out to you when they're or maybe their attorneys reach out to you when they're in in in search for an IRO? Is that basically how it begins?
Yes. That's that's exactly correct. It's usually through their their compliance. Sometimes it is through their attorneys.
That's true.
So they do reach out to us and they, you know, go through that discovery process. Is it a a specialty or a services that we have experts in? And, you know, we we go through that process. And once we're under engagement, then we can begin that work. So one thing that often when organizations reach out to us, they really misunderstand what our role is.
Yeah.
You know, typically with our customers, we like to partner with our customers as we're part of their compliance program, program, and we're helping them work through some of that, and doing training. But in this instance, we we have to stay independent. And so they that organization that are under that corporate integrity agreement have to do all the work, and they have to meet the requirements of that agreement. We're just here to do that work. And so I often, we have to work through some of those logistics with customers where, you know, where this is a new experience for them.
Yeah. And I and I'm sure it is new for people because, you know, corporate integrity agreements, they are common enough that we see them, but not, you know, common in every, like, provider. Right? It's such a small percentage of providers that that might need those. And so they might be used to working with third parties that, you know, are you know, they're embedded in the organization, and they're helping this and that. And so that's a good point. You have to first kind of clarify that, well, our role is very, very specified by the OIG.
Right? It's it's independent. We're supposed to follow certain rules. We're supposed to do a review of some of some sort.
Tell me a little bit about the reviews. So, like, what topics are you reviewing? Is it coding, hospital, professional, technical, all of the above? What tell us about those kinds of things.
It's really been all of the above. We've had many different projects for where we were the IRO, and, you know, it can span across different specialties, from, ophthalmology, DME, so like lenses and, contacts, things like that. It could be facility services. It could be other professional services, pediatric surgery, podiatry. I mean, it it really has been across the spectrum of of the different services and specialties out there. But I will say that every CIA has been very different, and and exactly what we do as the IRO has been a little bit different.
But overall, the process is, you know, we we understand what those requirements are, and then we set up a schedule because these, CIA agreements are very time, sensitive. Like, you have to perform certain pieces of the project within certain, time lamp lines. And then, you know, we're held to the that same timeline for our customers that that we are the IRO for.
So we kind of That makes sense.
That way.
Yeah. Because you're probably gonna be reporting or or I don't know if you report directly to the OIG or if you report to the organization and then the organization reports to the OIG. But somehow the OIG is expecting some sort of report back. Right?
That's right. We in in not one instance have we reported directly to the OIG. We report directly to the the organization that has the CIA agreement.
Gotcha.
And, you know, we're just we help them. Like, we'll we always do reminders because everybody gets really busy, and you we make sure that the sample selection for the review meets the specific requirements.
We make sure that we do the work.
All of our work has a a second tier of quality review that will go over that. Sometimes it's just a coding and documentation review. Other times, we also include the rev cycle piece where we're seeing those claims. When once that random sample selection is made, we'll do the review from the start to the end.
Meaning, you know, we're not just looking at the the documentation coding, but we're also following the process of the claim. You know, was that properly done within the organization and and payments received and it was proper and and all of that.
So once that's done, then we put together a formal executive report, making sure that we're meeting all the the specific elements required in that c a CIA, and then we deliver that to the customer. And then the customer will then, complete a few other items and forward that along forward our documentation along to the I to the OIG.
Gotcha. It makes a lot of sense.
We're gonna take a quick break, everybody, and then we're gonna come back, and ask Stephani some more questions. I got some more questions about IROs, but I just think it's a fascinating topic. So, hang tight, everybody, and, we'll be right back.
Welcome back from the break, everybody.
I'm talking with Stephani Scott who, works for AAPC Audit Services and, leads that team, leads that whole, enterprise and work. And we're specifically talking about IROs.
And and, Stephani, you you were talking about picking a a good sample size. Do you I don't know if you do this or maybe you have experts on your team that that use certain, like, statistical software or, or how are you picking those samples? If you don't know details, that's fine, but maybe just principles.
Yeah. Absolutely. That's such a great question because it's a such an important part of, performing the the work as an IRO.
Usually, in the agreement, there's a set sample size that needs to be had, you know, thirty, fifty Okay. You know, somewhere along those lines.
And it and it really depends on if it's individual providers, that we're looking at or if it's as as a group. So once we identify those parameters in the sample selection, we we do perform those. And if it's required, that the sample is done by rat stats, then we put that through the rat stat calculator. We'll get all of the claim data for that specific universe in time. It's usually, by the quarter, paid claims, the previous quarters. We'll get that sample selection, run it through rat stats.
Other times, the sample selection, within agreement would have more of a focus sample selection. Maybe we're just looking at specific types of claims, like level four e and m services or what have you.
Mhmm. Yeah. That makes sorry. Go ahead.
No. You go ahead.
I was gonna say that makes a lot of sense.
And I was just gonna say, some of our listeners might not know about rat stats. So I was just gonna say, rat you correct me if I'm wrong, but Rat Stats is a free statistical sampling software that OIG offers on their website. And I think I can probably, get everybody the link, for to the OIG's website. But it's it's a software system you can use to help. If you have a sample size of ten thousand, it helps you do the statistics to know what your size has to be or I'm sorry. Your universe is ten thousand, and then the sample size would be an appropriate, size depending on the confidence interval you want and all those sorts of things.
Am I am I am I somewhat right in You're spot on, Steve.
Yep. You're spot on. But what it also does is it not only gives you that the sample size for a valid statistical sample, it will also randomize and and select the sample for you. So it's completely one hundred percent unbiased.
Gotcha. Yeah. So a lot of people think, you know, random is, oh, I'm just gonna take every fourth one. That's actually not even random. So I think this statistical software is doing all that science, right, to to figure out what is truly random.
That's correct. The other thing that's important with your sampling is to make sure that you identify a couple of extras.
There's Okay. Oftentimes a situation where, for whatever reason, documentation is not complete or, you know, something happened where the the a random encounter is isn't doesn't meet the the requirement or isn't available for review.
Yeah.
So you always wanna make sure you have a couple of extra, and in your report, you call that out specifically.
Gotcha. Yeah. That makes good sense.
And I'm assuming, Steph you know, so a lot of our listeners probably might not ever be under a CIA, but they're these skills that you're talking about and these processes are probably useful if you're just internally trying. Let's say you've identified a problem and you might have a potential payback and you wanna give the government, you know, kind of sound reasoning as to the dollar amount you came up with. Because let's say it is it's been going on for four years and, you know, you've got twenty thousand claims. I don't think anyone expects you to review all twenty thousand, but you could use rat stats in a, you know, like, in an investigation that your compliance program's doing. And then that same kind of reasoning would, I think, most of the time be acceptable to the government when you're kinda self disclosing.
Absolutely. It it, the process is very, very similar.
Oftentimes, organizations will want an external vendor to come in, almost act like an IRO. Right? Because that that just is better. If they're if you're doing a self disclosure, it just adds value to, when you're disclosing to the the payer.
Right. You know, the error that that occurred and and what what you're suggesting the the payback might be. But, yeah, that's exactly correct. You get that that paid universe by payer.
Let's say, for example, it was an issue with an EMR update and something happened and and claims went out, in error because of this EHR issue. Right?
Right.
You would have to do, RAT stats by payer.
Some some people think you take the entire unit verse, but that would be incorrect because you're gonna send a separate self disclosure to each payer. So you would run that process by payer.
Yeah. No. That that makes sense.
You know, and I'm thinking, that when I mean, because RAT sets us free, so any compliance program could could use it, or or coding or revenue cycle program.
Is it hard to use?
It it's a little tricky. You do just need to read the instructions and follow it.
But, you know, we we haven't had any trouble.
Our our noncoder staff usually runs through that process for us, and and we have found it fairly easy to use.
Every once in a while, we'll get a file that will kick out, and we just need to change the file format. And, you know, we didn't maybe we didn't have the exact, information that we needed on a couple of the the line items.
Yeah.
So you just kinda have to, you know, troubleshoot that a little on your own. But for the most part, it's fairly easy to use. You just need to read read the instructions that CMS has out there, and, you know, it's very easy to find, and and troubleshoot from that way. We haven't had to, you know, call CMS, for example, up and and ask for help or anything like that.
Okay. Yeah. Good to know. And I know in reading sometimes I read OIG audits, like, where they're doing an audit of, you know, service x y z.
And and sometimes in their appendices of their reports, they'll outline the steps they took to identify their sample. And so, sometimes they'll I've even seen them say they've used rat stats themselves. And so, it it is a pretty methodical process, and I think most of us could probably figure it out. Like you said, if you just read those instructions and follow those instructions.
I wanted to ask too, are you aware of, like, acceptable error rates, or is that kinda beyond what you guys do?
Sometimes I've seen this has been a long time ago. I don't know if the OIG is doing it anymore, where they'll say, like, in their CIA or in their review expectations that, you know, if it's greater than a five percent error rate, they expect, you know, you to do x, y, and z. Do those types of percentages or error rates acceptable error rates ever come up that you're aware of?
Absolutely. So OIG still has a standard of a five percent error rate. I have not seen any changes with that in since I started at health care and started doing these types of audits.
So that that is the industry standard that we use with the CIA, agreements. It I've often see have seen the them call out the five percent error rate. I have not seen anything greater than that.
Okay.
And, of course, they're in some agreements, I have seen a a a less than a five percent acceptable error rate. So those have been kinda far and few in between, and it it really it kinda depends on on the particular scenario.
Yeah. Well, you know, with Medicare and the different payment methodologies, I would I would imagine they might have different instructions. So, like, you know, nursing homes are paid, you know, through a different methodology than, you know, physicians, Medicare Part b fee schedule, for example, or, you know, I'm thinking also now through Medicare Advantage.
I I do your IRO activities get involved in those other payment systems, like Medicare Advantage and risk adjustment and those sorts of things, or are those different kinds of audits?
No. We we have.
Most often as an IRO, we've been tasked with performing the coding and documentation piece, and then the organization has has followed up on their own for the rev cycle, the billing piece of it. We have been involved in a few instances for the rev cycle piece where we are looking following that claim.
And it's it's really all been on the the professional side and facility side at this point.
It has I have not had an IRO with the different payment models like a method two hospital or, PDMP with for skilled nursing, that type of thing.
Okay.
I would imagine it would be the same regardless.
Right? You're still following the claim.
You know, and and with all these, projects for, CIA, you're dealing with paid claims. If the claim hadn't been billed yet, it it doesn't qualify for the review for the independent organization to come in and do that review yet. Right? You're dealing with just paid claims, and so that's why it's very typical to have that that follow through with the claim and make sure that that it was processed correctly.
That makes sense. So do you know so, like, in the reviews you're doing, are they basically just overall claims reviews and they're having you look at CPT and ICD and modifier, like, everything on the claim, or do they get really specific? So, like, let's say a a practice, the reason they're under a a corporate integrity agreement was because they were using modifier twenty five inappropriately.
So that was the reason for their settlement, let's say. And then one of the requirements of their CIA is to have a an IRO. Do the IROs get that specific and say, okay. You're going to pull a sample size of x or whatever for modifier twenty five since that's what brought you here, or are they more general in nature where you're just you're reviewing kind of everything involved in that claim, ICD, CPT, and modifiers?
No. They're they are very specific.
Okay.
Yep. So that that scenario modifier twenty five is a great example. We have seen that often.
Level fours and level five e and m services, and ancillary service of of making sure that they're medically necessary.
We've seen, you know, projects like that as well. So they're very focused.
It's rare that we would look at the entire claim. We would just follow that claim for the particular element that was part of the the review.
Gotcha. Yeah. No. That make that makes a lot of sense.
You know, like you're saying, medical necessity reviews. I could see probably incident two. Yes. I don't know if those because I've seen a lot of settlements with incident two. So I can imagine that some reviews might be focused on that as well.
That's right. And and we have had, not just IROs for Medicare claims, but Medicaid claims as well. So we've actually worked with quite a few different pediatric organizations.
Yeah.
Yeah. That's interesting. Of course. Yeah.
I could see that for sure. That is so interesting.
Stephani, we're getting a little bit towards the end of our time, to the together, but I was you know, wanna always give you kinda last last comments. I don't know if you have any last minute thoughts or maybe a topic related to IRLs that I did not discuss or ask you about that that you think would be interesting for everyone?
Yeah. I I think if you're an organization and you're under, CIA, I think you should embrace it and look at it as it is an opportunity to really improve your organization as a whole.
Because, you know, typically, it's it's a focused area that the CIA, is is focusing on that you would need to bring in an IRR four, but that doesn't mean you can't apply a similar type of audit across your other specialties or other, practices within your organization. Right? So it it's really something that that organizations should embrace.
And then if you're looking for an IRO, I would be asking questions. Hey. Are you familiar with the process? Because if you're not familiar with it, it's it's it's a little tricky, and you need to make sure that you fully understand the process as you go in and fully understand what your responsibility as an IRO is and what it is not because you cannot overstep your ground when we're we're, talking, with dealing with the the OIG.
Right? So we have to make sure that that you understand that. So if you're looking for an IRO, I wouldn't ask those types of questions. I would also make sure that that IRO is an expert in that particular specialty.
There's a lot of groups out there that, hey. Yeah. We've we have the experience, but are they an expert? So you'd want them to ask those questions as well.
That's great advice. And I love your comment about kind of embracing it. I've seen a lot of organizations come out much better. In other word, after the CIA ends, and it's a shame if they just are like, oh, CIA is over. Let's stop all of those practices.
It's like, no.
These are the kinds of practices that will help prevent you from having to go through another CIA. And so so you put in the effort, you put in the sweat equity, if you will, to learn how to do these processes, keep those there. And like you said, apply them to other areas, and and, you know, kinda learn from the whole experience.
Absolutely.
Such great advice. Stephani, thank you so much for, taking the time to share your, expertise in this area. We really appreciate it.
Happy to. Thank you so much for having me.
And thank you to all our listeners for listening to another episode.
As always, we invite you to share with us any topics you might be interested in hearing more about, or if you know, Stephani Scott in your life that is an expert in something in something we'd love to to hear, names of of people who might be willing to to be on the podcast as well. So, until next time, everyone. Take care.
This transcript has been auto generated. Please forgive any errors.
Questions or Comments?