Episode 84:
Spotting the Red Flags: Identifying Coding Compliance Risks Within Your Organization

Watch the demo:

Compliance Manager

See the only all-in-one compliance solution today.

Compliance Manager

Uncover the secrets to spotting coding compliance red flags in the latest episode of Compliance Conversations!

Our latest Compliance Conversations episode is a must-listen for anyone in healthcare compliance or coding. We invited Leslie Boles, Co-Owner and President of Revu Healthcare, to chat about identifying coding compliance risks within healthcare organizations. 

Tune in to Leslie and CJ Wolf’s discussion for more on:  

  • The importance of staying curious and adaptable 
  • The significance of regular audits and assessments in proactively identifying compliance risks 
  • Common coding compliance risks and blind spots within organizations 
  • Strategies for mitigating compliance risks, including the role of data analytics and technology 

They also talk about one of the most important things to keep top-of-mind – staying humble and acknowledging gaps in knowledge to drive continuous improvement. 


Interested in being a guest on the show? Email CJ directly here.

Episode Transcript

CJ: Welcome everybody to another episode of Compliance Conversations. My name is CJ Wolf with Healthicity. I'm excited to have a wonderful guest today, Leslie Boles. Welcome. Leslie, we're so excited to have you! 

Leslie: Thank you so much! It's such an honor to be here.  

CJ: We are so grateful that you've taken some time to kind of share with us some of your thoughts. You know our audience; coding, compliance, all those sorts of things. And I know you have extensive background in all of that. And so we're going to, we're going to get into all of that. But Leslie, you know, we always love to have our guests share a little bit about themselves, kind of what brought you to this, right? Like none of us grow up thinking; "I'm going to be in compliance, Sir. I'm going to be a coder." Maybe some of us do nowadays, I don't know, but love to hear kind of your journey and what you're doing now if you like to share that.  

Leslie: Yeah! So, you know, I really like sharing my story because it's not the typical story. I always like to tell people I have somewhat of an underdog story because I had no intention of being in coding and compliance whatsoever. I actually had aspirations of being in healthcare but did not know anything about coding or compliance. But it just so happened I was working in the audiology department of a hospital when I was living in New Jersey and I came into contact with the Chief Compliance Officer at the time and she shared this Medicare article that sort of provided an overview of some new changes that were going to take place in audiology coding and because of my super inquisitive mind and just, you know, being overly ambitious, I was able to interpret what that Medicare, which I now know is an MLN matters article that was just going over new coding changes and she was so impressed by that, she said to me; "You know, you really should think about a career in compliance, specifically around coding.'' And she did say; once I have an opportunity in my department you know, you should apply. And I kind of looked at her because I'm like; "I have no idea what any of that is, but okay!" But it ended up a little later on, I was able to apply and take an entry-level position in the compliance department and my career, that was the beginning of my purpose, I would say when it comes to healthcare, so yeah.  

CJ: That's awesome. I love the way you said that because it's like we all kind of either fall into it or maybe because of our inquisitive minds or curiosity or something. It's like people recognizing it like; "You know you'd make a really good coder or compliance person."  

Leslie: Right, right.  

CJ: I love that. Yeah! And tell us a little anything else you'd like to share about maybe what you're doing now or anything else about that?  

Leslie: Yeah! No, absolutely. And just to, I always kind of tag myself as nosey by nature. So that's another reason why I was able to do so well in compliance.  

CJ: I love it.  

Leslie: But right now, my career has ended in, well not ended. This is just the beginning. But where I've landed, I am now the co-owner and president of REVU Healthcare.  

REVU Healthcare is a healthcare consulting firm and we offer regulatory compliance, and revenue cycle revenue integrity solutions to our clients. I am very proud of the organization that we have created myself and my partner. We are women-owned and a minority-owned firm and just really trying to make a mark in the healthcare industry. So yeah, that's the current position that I have now.  

CJ: That's wonderful. And I think we'll all be able to put some links to your company and other things in the show notes for those who are listening like to reach out to Leslie and her group. If that kind of expertise is needed. So, thank you so much for sharing that. I love this nosy by nature. I'm that way too, my wife calls me the nosiest person; like we are staying at my grandparents, this was years and years ago and we were staying in this guest room and the first. This is terrible of me, but the first thing that I do is I like open all the drawers in the clothing cabinets and things. And she's like, "What are you doing?" I'm like. I don't know. I just need to know what's in it.  

Leslie: Well, we are kindred spirits because I can pretty much tell you who, you know, who's gotten a new car on my street whose car doesn't belong. Yes, so we have a lot in common.  

CJ: And I think that's so cool because it's like those personality characteristics do lend themselves, I think, to a career in this field, right? Like we're maybe detail oriented we want to know like, why and what's that and what did you do. And so, I think it does. It's kind of funny.  

Leslie: Yep!  

CJ: I love it though, so thank you for sharing that. And today, everybody, we wanted to talk about, let's say has this great kind of topic; Spotting the red flags, subtitled; identifying coding compliance risks within your organization what a great topic, right, that's kind of why we have jobs. Before we delve into that topic, what made you write it that way, or what makes what do you think about when you hear that title?  

Leslie: You know, one of the reasons why I chose this topic is because I feel like there is such a need to get back to the basics of coding compliance for many organizations I come across every day, numerous articles or recent enforcement activity from governmental agencies about simple coding mistakes and I think it's a topic that needed to be revisited, especially post-pandemic when our focus was elsewhere and just sort of repositioning the importance of coding compliance and the many different the different impact it has on an organization by not getting it right. So, yeah, it's a really, I'm very passionate about it. It's a really important one and I think it's one that organizations really need to pay attention to. 

CJ: Yeah, I'm right there with you. You know, I've been doing this now for 25 years and it's like, so I've been around long enough now that I start to see the same issues recur. It's like; "How did nobody learn this?" It's like, well, maybe it's a new generation coming and just making the same mistakes that the old generation did. And you know, in position coding the documentation or hospital whatever it is. And so, it's like, "Okay, now I'm getting old because I'm reliving some of the same mistakes that have been made, but I'm there with you." It's like it's such an important thing to kind of see these you know pitfalls.  

Leslie: Absolutely!  

CJ: So, with kind of that introduction, with that said, tell us a little bit about what you think the importance of regular audits, assessments, and those types of activities are as it relates to identifying risks?  

Leslie: Yeah, I think it's very important, right? I think I had this conversation with someone recently where I said; "The function of compliance as a whole should be equated to the duty of paying your taxes to the IRS, right?" It's a necessity.  

CJ: Yes!!  

Leslie: It's not an option, it shouldn't be thought of as a financial burden for an organization. And when you really dig down into coding compliance, you know the one thing that blows my mind about it is the reality is coding is the data that people use to judge your organization on many different levels.  

CJ: Yes! 

Leslie: It goes beyond reimbursement. It's how they assess, you know, quality, you know strategic initiatives for the federal government. It's how they assess how you relate to your peer as far as growth, it's how they assess how much money you're going to receive for a particular population of patients that you may serve or particular demographic. I think we have to place those really important things around the auditing and monitoring piece because I think in many, many organizations, it's in no fault of their own. They associated only with, well, the way in which we get paid.  

CJ: Right, right!  

Leslie: And it's so much bigger than that. I, same as you, I think I've been doing this way too long. But one of the downfalls that I have been seeing, especially with this big shift or change that's happening with the current workforce in compliance, you're right. There are new professionals in compliance and a lot of these new professionals, there is a gap there when it comes to coding. They can't equate it to really important regulations that coding trickles into coding just is not associated with the False Claims Act. There are implications under Anti-kickback and STARK that all have to be considered. So, the importance of auditing and monitoring should be placed on the same pedestal as like I said earlier, paying your taxes. It is a very important function. I sort of repeat this to organizations a lot. What I say to them is; "There is no point in collecting if you can't keep it, right?"  

CJ: Love that!  

Leslie: Auditing and monitoring sort of ensure the integrity of that reimbursement that you are collecting on, so it has many different important factors that I think coding compliance professionals, in particular, they need to become more equipped with the right rationale to support the function other than just reimbursement, if that makes sense?  

CJ: It totally does and I have used this analogy that you used over and over again over the years. You know, it's like paying your taxes. You know, I even take that analogy to go to say; "Look, do you know the tax code in and out? Don't you know that the tax code has tweaks and changes to it every year? Don't you often rely on a tax consultant?" And know whether this is right or not? It is kind of the reality of life right now. It's like you need to have experts around you. That's what they do for a career. Whether you like that that exists is a different conversation.  

Leslie: Yep!  

CJ: And you also don't, maybe you don't like a tax law, or maybe you don't like the fact that you can't you know, count that as a deduction, but the way around it, you don't go around it and do your taxes wrong to get around it, you have to change the tax law. So, you have to get involved in the process. And so, I love this analogy and I've used it so often that that you're talking about that.  

Leslie: Right!  

CJ: We need to know the rules. We don't want to lose legitimate money. So, we want all the legitimate money, legitimate reimbursement that's on the table. But we don't want to overdo it so that we get an IRS audit so that we have to return money just like you're saying. What's the point if you can't keep it? So that's such a great analogy and a lot of people kind of like it because they also don't love taxes and a lot of traditions love coding, so they kind of get that analogy, right? 

Leslie: Right, right! Yeah, no, absolutely. And I always say when it comes to the physician, sometimes they're disdain for coding. It's mainly because it's not their job, right? I think we have conflated, which has led to burnout for physicians, but we have given the physicians too much and also given them the ultimate responsibility of healing people in the world. And I think we have to really reevaluate functionality or functions when it comes to our clinicians and our providers. So that we don't overload them. And we put the right people in the right seats. That's important. There is an entire coding profession for a reason and I think that organizations need to see that function when it comes to whether they're just coding operationally or from a compliance function, or they're utilizing maybe and as far as revenue integrity as a necessity and not necessarily a financial burden to the organization. 

CJ: Spot on! So, with all of that said, do anything, does anything come to mind as far as common coding, compliance risks that you see maybe with your clients who just in general in your experience and how those might manifest in different kinds of healthcare settings?  

Leslie: Yeah. So, I see quite a bit, right, you have your what I like to call your traditional coding sort of snafus when it comes to you know wrong incorrect coding modifier. We know sort of the basic run-of-the-mill stuff. But I think one of the biggest blind spots that organizations have in this day and age is not knowing what their revenue cycle, their automated coding, and their coding software is doing without their knowledge. That's one of the biggest things that I see. So, they'll pay for a vendor to come in and say; "Hey, we can, you know, take all of your outpatient, the hospital departments where you're just coding the same thing repetitively and will put in the software and it'll do it for you." And they never check it. They never audit it. They never check to see; "Well, did what we put in this is it actually correct? When's the last time we looked at our chart prescription master to see if the codes that are in there that we're using or the charges are connected to codes that are correct."  

I think another big snafu that happens and this is this can be equated to any organization, we focus from a hospital operational standpoint or just from a standard business operation, we tend to focus on the areas that make us the most money. It makes sense, right? So, if you're working in a hospital setting everyone's interested in the inpatient claim before the claim goes out the door at least 38 people have touched that one claim, right? But then on the outpatient side, we have less controls, right? We have less people reviewing it. We spend less time educating the folks that code and manage those claims. And it incurs the most risk. And so, I think organizations of all types have to start looking at it differently, right? Of course, high dollar, high reimbursed claims of course, they deserve our attention of course they're important, but they have to flip it. You should have the same amount of controls across the board for many different reasons for payment perspective. From a risk perspective. And I think a lot of organizations missed that mark. They miss that mark a lot.  

CJ: Yeah, I think you're spot on. Like you know, I spent a lot of my time when I worked in the House for hospital systems on outpatient coding and charge master, and like you said people like who's choosing the code like I, you know, a lot of times it's when a nurse or a tech selects a charge code, they don't recognize that there's a CPT code or hectic code hard coded to that charge number and they don't think they're the coder, but no one else is in between the steps of them picking the charge code and it dropping on the claim and there was one charge master I reviewed where somebody had hard coded and modifier 25 in there for ER visits. Because they said, well, all of our visits have procedures done with them and like, well, that may be the case, but you still have to make a conscious decision is 25 modifier truly appropriate, right, on this claim.  

Leslie: Absolutely! And those you know, those are the things that go beyond the purview of the traditional risk that we as compliance folks are. Are used to right? This is human behavior and human interpretation, and one of the things that you know I have really prided myself on doing working in coding compliance for as long as I have is really understanding the operational structure and setup in which the of the coding or charging process because lots of times we tend to come in and just say this is incorrect, it's just incorrect and that's it and you need to fix it well without realizing, hey, 10 years ago, someone who doesn't work here anymore, hard coded modifier 25 on all ED visits. We have no idea why they did it. We've never looked to change it, but yet we're telling you we need to fix it. And so it's a part of my nosey-by-nature sort of posture, right? I need to go beyond what's being presented and really understand is there some sort of structural mistake here and a lot of time organizations do miss that opportunity to evaluate something as simple as hey, you're rolling out a new EMR or there's a new upgrade within your EMR that changes the way in which, you know, something simple as hey, how we manage our incident two claim incident two process workflow and so now that. You know, causes chaos, and looking at the structure, looking at the setup, looking at the why is really important too from a coding compliance standpoint.  

CJ: Absolutely! Let's keep talking about that in a moment. We're going to take a really quick break everybody, and we'll be right back with Leslie in a moment.  

Welcome back everyone from the break. We are speaking with Leslie Boles, an expert in all things coding and compliance and we've been talking about some really interesting topics. Leslie I wanted to continue on where we kind of left off and maybe move into strategies for mitigating some of those identified risks like we just talked about some of those and gave some examples, but what do you think about strategies for that?  

Leslie: Yeah. So I love having this discussion, I get super excited talking about it because I think there's a lot of really cool, innovative ways that organizations can strategize on coding compliance. One of the first ways or the first things that comes to mind that I think all organizations, no matter what size, what specialty, what state, is risk-based, right? Risk based is the best approach. It allows you to identify; "Okay, what is unique to our organization from a risk perspective, while incorporating all of the external risk focus areas. But looking at where do we have the most exposure?"  

And that approach allows you to essentially really duplicate what the federal government is doing anyway, for you or all of the governmental agencies or commercial payer agencies they're looking at you as an organization. They're thinking about all the specialties or the services that you provide and saying, well, how do you compare to your peers and How do you compare to your region and how do you compare it to the rest of the nation? And so having this risk-based approach allows you to think outside the box. I remember when I was working in compliance in the hospital setting, I was again I'll say it again, nosey by nature and I was like man, there's got to be a better way to identify coding errors. Why are we not looking at denial reports? That seems simple enough. And so, I started this whole effort where we looked at denial report.  

CJ: Right!  

Leslie: And so, from there that's somewhat expanded because the Nile reports turned into, "Hey, just tell me what your most common ADR requests are, and then tell me what the most common trends are as it relates to your targeted probe and educate." Okay, so let's translate that to true audits. Oh, and then I started to see this seamless pattern, right that started from coding denials that ended up with audit activity. And so, it became like this loop for us where we learned how to do a root cause analysis from coding denials from just what I call those first-level denials that many people tend to ignore, like Oh well, you know, we probably had this issue or that issue, but those coding denials add up to bigger things that lead to audits. So I think thinking about that loop is really important. Another really important thing that organizations can look at is utilization reports to me are like the golden ticket to risk, you find so much information in utilization reports you can find that doctor X is seeing 200 patients in a day. Well, that's impossible. We need to take a look at that, right?  

CJ: Yeah! 

Leslie: You can find out that the infusion department. They're never using add-on codes, oh wow! So, we have a big issue with infusion coding. I think organizations have to stop looking at it all the time as oh I need a I need another software vend. I need another vendor. I need another software. I need this. I need that no you need the data you possess because that is what all of the governmental agencies and commercial payer agencies are reviewing anyway when they scrutinize you. So, if you learn how to manipulate your data for the purposes of the function, because that's where a lot of organizations fall short. They focus on data solely. They're looking at it as data. Well, we can't take the finance report data and identify compliance risk. Yes, you can. Yes, you can. You absolutely can. It's already there. And so that's what I had. I really taught myself to do and sort of taught other organizations to do when it came to creating these really robust coding compliance programs that are essentially in my opinion revenue integrity, right, you teach them how to use the data that they have to identify the risk proactively before someone external does.  

CJ: That's exactly right! One example that that I ran across in my past career, as you were, as you were speaking, it made me think of single-use drugs, so you know some drugs come in vials that are deemed single-use. And so, you're only supposed to enter those vials one time and remove the drug going to use it so there's drug wasted, right? And there's proper ways to go for that. Sometimes you're allowed to. Sometimes you use modifier, but to your point, you could, you know, go talk to your pharmacy folks and say tell us which drugs are single use. Like when you order drugs, which ones are ordered as single use. Then find those on the either the charge master or the codes or whatever. And then you know you can drill down and you can use your data like you're saying. Use the data that's there to try to find the risks before someone else does is what as opposed to just waiting around.  

Leslie: Yeah! And we've actually used this approach to with our clients. Just what I call low-hanging fruit but to them, it's not something as simple as if you have modified modifier 95 for telehealth, which a lot of people started to do during the course of the pandemic.  

CJ: Yes, right.  

Leslie: Because they were providing services via telehealth. But if you have it on colonoscopies, well, we have a problem because you can't perform a colonoscopy via telehealth, right? That's an easy...  

CJ: That is interesting, right? The patients inserting the probe themselves.  

Leslie: Exactly! I mean, there's a lot of really cool ways to utilize data if you have, you know, strong skilled expert folks in your organization that can just right away can tell you; "Oh, we've got a problem here. We're using this modifier on this code. These two don't even go together" And I think that data analytics, data mining, sifting through data needs to be sort of an added skill set that a coder needs to acquire because it's a huge, huge, huge value add when it comes to any organization to be able to do it so.  

CJ: Yeah, things have changed in coding since this story. I'm going to tell you. But many years ago, under the OPS, the outpatient prospective payment system in nuclear medicine department, there were certain heart perfusion scans that were done and then there were add-on codes, those add-on codes, this is years back. Since then, they've been bundled in. But years back, those add-on codes actually paid separately. They were reimbursed separately. So, we were doing we took a little bit of our clinical knowledge and then we were doing some data mining to say; "Oh, Hospital X reported the parent code. You know this many times, but only the add-on code 2% of the time, whereas we know they're doing it more than 2% of the time." So, it's like it's to your point, another skill set for coders is to make those connections and then to meet with the right data miners or the people who can mine your data to kind of come up with solutions for it.  

Leslie: No, correct. Absolutely! Absolutely! And I talked about this, I preached this quite a bit I think to your point coding has changed evolved so much. I mean coders in my opinion have to have three very important skills, which is the ability to code, audit, and educate. There used to be a time where they could just code, but that's over, right? Because organizations, they don't have the bandwidth. There's lack of resources and you know, there's a lot of new people migrating into the fields and they're just trying to get the first part right, which is coding, but I think as time goes on, it's going to become a very, very necessary component for the coding professionals.  

CJ: Yeah, spot on. Well, and one thing to that point, technology, right? So like back when I was starting encoding and got my first certification, I was using these things called paper books and now there's this technology that, you know, all sorts of electronic software and this and that. So tell us what you think the role of technology might have in monitoring, and managing compliance risks, right? That's something that I didn't have 25 years ago.  

Leslie: Yeah! No, I like technology, right? I'm an advocate of technology because there's no running from it. It's here. There's nothing we can do about it. I think that what we as coding professionals have to think about is whether there are some functionalities or certain functions that our brain can manage that technology will not be able to in the next five years, ten years, and I just think it's going to be a very long time before an AI or any other sort of technology can learn the way our human brains can.  

And so going back to my earlier point, you know, I really think that the entire this is my, this is the Leslie Boles prediction, this is no one else's prediction. But I think the entire coding profession because of all of automated coding and all the rest is going to transition into more of an audit or safety net sort of function for organizations, which is equally as important because once you have a system that can repetitively code the same procedure over and over again and learn to do it, that does eliminate that function for coders but then that doesn't mean that it's going to completely go away. And I think coders have to start thinking about utilizing audit software and tools that are going to be needed to manage this humongous output that technology is going to create for many organizations, I don't think many organizations are thinking about that. The more automated coding operational tools are adopted, which a lot of organizations are, the more output and the more you have to monitor. And so really investing in good coding auditing professionals and good auditing software is the way a lot of organizations should be thinking about for the future.  

CJ: Yeah, I think your prediction I'm going to vote and bet on your prediction. I think you're right. It's, you know, it's very similar to you know, years ago before a calculator was created, people did math a certain way. Because the calculator was created in a computer that can do computations quickly, that didn't take away the need for mathematicians to exist, they now can focus their time on higher problem, higher level problem solving, and leave the computation to a machine, right? And you, you still have to every now and then check that to make sure it's working or if something doesn't work, you're like, OK, did the machine screw up? So I think you're right. I think it's going to be something very similar to that and I agree with the technology can be a lot of help.  

So, we're Leslie we're getting kind of towards the end here. I could talk to you all day, It's fascinating. You got great ideas and obviously you have great experience and you know exactly how stuff works in the real world. What kind of any last-minute thoughts or comments on kind of this topic of kind of spotting the red flags and being smart.  

Leslie: Yeah, you know, I would recommend organizations, and especially chief compliance officers, I've had the great pleasure of working with chief compliance officers who have hired me and said; "I have no idea how to manage this coding compliance function. I need help" And we don't look at that interaction or that acknowledgment as spotting the red flag. But it is, right?  

I think those who are in positions of power, especially audit executives and compliance executives, you have to lower your pride and your ego and make the statement loud and proud and say; "I don't know, I need help," right? I think that's a really big component when it comes to a lot of this recent enforcement activity that you're seeing across the US right now, but for something as simple as coding compliance, we have a lot of folks who are not acknowledging that I don't have the skill sets or the resources within my organization to even know where to start. And so, sort of lowering that guard and acknowledging where you have a gap. I think is a really, really important part of all of this. It's extremely important.  

CJ: Yeah, I agree with you. So, there you have it, folks, straight from Leslie Boles. I think that's great advice and that's just great advice in life, right, like lower the ego, strip it down, learn together, we all get better when it's not about egos, but when it's about, you know, really finding the truth or finding the answer. And so, I love that. That's great kind of concluding philosophy. Well, Leslie, thank you so much for being here.  

Leslie: Thank you for having me. I've had a blast today. Thank you! 

CJ: Yeah. Yes, it has been a pleasure and we wish you and your company much success. Again, for those of you who are listening in the show notes, I'm sure we'll have links so you can reach out to Leslie and her company. And thank you all for always listening to these episodes. We really appreciate your support. If you like these please, you know, hit those like buttons, hit subscribe, and share with colleagues. And I always try to make this pitch, you know, if you know of somebody, that would be a good guest or if there's a topic that you just think, why are they not covering that topic? Because I can't think. I don't know what I don't know, folks. So, if there's, if there are topics and things that you would like to hear about, please feel comfortable in reaching out to us. We want to make these podcast episodes as beneficial for you as possible, so thank you all for listening, and until next time, please be safe and be happy. Thanks everyone! Bye, Bye!