10.6 Fraud Prevention and Compliance Escalation

Preventing Fraud Through Revenue Cycle Controls

Domain 4 includes fraud prevention within revenue integrity. The RHIA candidate is not a prosecutor; the role is to recognize risk patterns, preserve documentation integrity, use audits and monitoring, and escalate concerns through approved compliance channels with due process. Fraud and abuse risk rises when payment pressure overrides documentation and rules.

The Governing Laws (High-Yield)

The exam expects you to match the conduct to the right statute:

A frequent trap is confusing AKS (requires intent) with Stark (strict liability — a violation occurs even without bad intent).

The 60-Day Overpayment Rule

Under §6402 of the Affordable Care Act, a provider that has identified a Medicare or Medicaid overpayment must report and return it within 60 days of identification (or by the cost-report due date, whichever is later). A retained overpayment past that window becomes an "obligation" that can trigger False Claims Act liability. CMS's updated rule aligns "identified" with the FCA scienter standard (actual knowledge, willful blindness, or reckless disregard) and allows a good-faith investigation period before the 60-day clock to quantify finishes running.

This is exactly why a retrospective audit that finds unsupported billing cannot simply be filed away.

Recognizing Risk Patterns

Escalation With Due Process

The RHIA approach is careful and factual. A concerning pattern usually calls for investigation, record preservation, compliance notification, and a focused audit — not an immediate accusation of an individual. Fraud-prevention programs need due process, confidentiality, evidence, and consistent policy. Prevention controls include written coding/billing/query/amendment/charge/refund policies, risk-based audits, broad education, system edits that flag high-risk combinations, denial and payer-audit trend review, and clear thresholds for compliance referral.

Culture matters too. Staff must be able to report concerns without retaliation (a protection echoed by the FCA's qui tam and anti-retaliation provisions). A coder pressured to add unsupported diagnoses must have a path to raise it; an analyst who finds repeated duplicate charges must not be told to ignore them because they help revenue.

Error vs. Misconduct

Distinguish the two but ignore neither. A single accidental mistake calls for correction and education. A repeated pattern after education, a deliberate override, altered documentation, or pressure to bill unsupported services calls for compliance escalation. The action must fit the severity and evidence.

A Worked Escalation Scenario

A revenue integrity analyst notices that one clinic appends modifier -25 ("significant, separately identifiable E/M service on the same day as a procedure") to nearly every visit, far above peer rates, and a sample shows the documentation rarely supports a separate E/M service. What should the RHIA do? Not accuse the physician, and not ignore it because the claims paid.

The correct sequence is: preserve the records, run a focused audit with defined criteria, classify whether this is an education gap or a deliberate pattern, notify compliance per the referral threshold, correct and refund any confirmed overpayments within the 60-day window, and monitor for recurrence. Premature accusation, altering records, or telling staff to keep the practice on high-dollar accounts are all exam-wrong answers because they violate due process, record integrity, or the law.

The Compliance Program Backbone

Fraud prevention sits inside a formal compliance program whose elements the OIG describes: written standards and policies, a designated compliance officer and committee, effective training and education, open lines of communication (including an anonymous hotline), auditing and monitoring, enforcement through well-publicized disciplinary guidelines, and prompt corrective action with reporting. The RHIA's revenue cycle controls — query policy, coding audits, CDM review, denial trending, refund procedures — are operational expressions of these elements.

On the exam, an answer that strengthens one of these program elements (for example, adding a non-retaliation reporting path or a referral threshold) usually beats an answer that handles the incident informally.

Protecting the Record First

The through-line for the whole chapter: the medical record is the source of truth, and its integrity is non-negotiable. Amendments must follow a compliant amendment process (clear authorship, date, time, and reason; original entry preserved, never deleted). "Fix the note to match the bill" is never acceptable — the bill must match the documented care. The best RHIA answer protects the record first, uses official guidelines and policy to decide what must be corrected and refunded, and ensures the organization learns so the same risk does not recur.