June 2006

Collections Agency Controls

One health-care provider embarks on a companywide project to monitor collection practices and ensure all customers are treated with dignity and respect. 

Jerome R. Gardner, CFE, CISM, CFS
Vice President, Special Projects and Consulting Services
INTEGRIS Health

At 3:30 in the afternoon, Warren Darcey greets his children, who have just gotten off the school bus. At the same time, a police cruiser pulls up, and while Darcey's children and their classmates stand by in disbelief, an officer handcuffs the young widowed father and takes him to jail. A local newspaper reporter happens to witness the arrest and videotapes a record of the event with his camcorder. As it turns out, Darcey is being charged with missing a court hearing for an outstanding patient hospitalization debt stemming from care given to his wife shortly before her death.

Although this particular story is fictitious, the type of scenario described has been reported in the media. Organizations like the hospital in this story have made headlines for their collection methods. What can you do to keep your organization from facing a significant reputation risk such as this?

EXAMINING COLLECTION PRACTICES

In 2004, INTEGRIS Health, an integrated system of 11 hospitals in Oklahoma, sought to reduce the likelihood that one day the organization might experience negative publicity over a Warren Darcey-type story. As vice president of Special Projects and Consulting Services, I began a project to review the controls for all collection work performed for INTEGRIS and to monitor collectors' techniques and conduct. Aptly titled "Dignity and Respect," the project had a scope that included contract compliance, account reconciliation processes, vendor adherence to specific aspects of the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Federal Fair Debt Collection Practices Act of 1996, record handling, and security controls.

To facilitate the review process, I began by putting together a list of all known agencies that held INTEGRIS' bad debt accounts. I obtained copies of available contracts and developed a questionnaire to address inventory questions related to the number of accounts held, the age of the accounts, and respective dollars. The questionnaire also included general questions relating to account handling regulatory controls. I then made on-site visits to 13 agencies and used another questionnaire to obtain information pertaining to account recalling rights, legal actions taken on accounts held, physical and virtual account controls, quality of services, training programs, and human resources issues such as background checks.

CONTRACT CONCERNS

Contract reviews and on-site interviews revealed that vendor expectations and operational performance factors were not always formally documented in the contract. Among the control concerns and possible future actions were:

  • There was no standard contract language to recall INTEGRIS accounts being held by agencies. The guidelines and the criteria for recalling accounts should be set in the contracts, particularly to ensure continued access in the event that a vendor's services are discontinued.
  • Additional charges could be made to existing accounts. Interest, fees, and return check charges allowed by the courts should be specified as the only permissible add-on charges to the debtor's account.
  • Account classification status was ill-defined. If the agency uses "active" and "inactive" account classifications, these classifications and the methodologies used for each account classification category should be defined clearly.
  • There was a lack of reconciliation controls; facilities relied solely on the agency to keep account balances. Previous balances and all monthly activities should be reconciled against account balances. Reconciliation requirements should be established, even if the vendor is still working on old accounts instead of new business.
  • There was no validation to ensure that patient account information was both physically and virtually secure. The organization should determine what policies and procedures would be necessary to acknowledge, hold, and safeguard accounts in some form of secure media, in a way that ensures accountability over time.
  • Vendor performance evaluations were lacking. The organization should consider developing a benchmarking process to better meet communication and performance expectation requirements and creating a scorecard, or performance-rating tool.
  • Agency account transfers could occur due to business mergers, acquisitions, or transfers, with no formal prior contractual tie. The organization should formally eliminate the possibility of contracted agencies using third parties to collect accounts without consent. Contracts should include transfer approval validation as a condition for acceptance.
  • Expectations regarding "how far to go" in collection efforts were not well defined. During the on-site visits, vendor agencies noted that collection methods are client-specific and should be reflected in the contract language to meet expectations. This is especially important in today's world of ownership changes. Some factors to consider when defining the limits of collection practices are hospital administration expectations, the business climate, and the corporate image.

Of course, all contracts should also have a "right to audit" clause, ensuring the availability of books and records. For example, the right to audit clause may state: "The collection agency agrees, upon prior written notice, to make available, during normal business hours at collection agency offices, all records, books, agreements, policies and procedures, and internal practices relating to the use and/or disclosure of protected health information to Hospital XYZ to enable Hospital XYZ to determine the collection agency's compliance with the terms of this agreement and applicable laws and regulations governing protected health information, including physical and technical security measures."

Without such a clause, audits may be more difficult to perform, and may even be denied.

VENDOR CONSIDERATIONS

Health-care Pressures

During the past decade, the U.S. health-care industry has changed dramatically. In the past, relatively little attention was given to "bad debts," a once written-off receivable. Health-care organizations didn't spend technological or personnel resources to reconcile or follow bad debts once they were sent out for collections. In fact, it's likely that some hospitals — due to mergers, acquisitions, or a change in both administrative and business office support — did not even know where all prior accounts were held.

Several factors have contributed to a change in the way today's health-care collections are approached:

  • Health-care providers are under financial stress to collect for entitled services, due to small profit margins and budget concerns.
  • Sixty-six percent of U.S. hospitals have no profits.
  • The poor and uninsured population is growing. A study by the Commonwealth Fund, a foundation that supports research on health care, found that an estimated 61 million U.S. adults — 35 percent of the adult population — were either uninsured or underinsured in 2003, and nearly half of underinsured adults were contacted by a collection agency regarding their medical bills.
  • Many state laws require hospitals to attempt collections as fiscal prudence.
  • Some states, such as Oklahoma and Texas, do not require collection agency licensing or bonding; anyone can collect.
  • There are higher costs associated with litigation. If a hospital sues a patient and receives a judgment, the collector becomes obligated to use all legal means to collect.

Given these changes, it's no wonder that collection agencies are busy in 2006. Although many collection firms follow legitimate business practices, some have used unscrupulous methods to collect debts. The U.S. Federal Fair Debt Collection Practices Act was introduced in 1996 to protect individuals from abusive collection practices. Directed toward companies whose principal business is collecting money for others, the act helps shield consumers from abusive treatment such as threats of violence, harassing phone calls, all forms of false or misleading representation, and the publication of "shame lists" of defaulting debtors.

Meanwhile, under opposing demands to soften their focus on collections, health-care providers are faced with:

  • Criticism from consumer advocates who argue non-profits should not hassle people to pay their bills.
  • Allegations — leading to a class action lawsuit — that low-income and uninsured patients are treated poorly at billing time.
  • Accusations — leading to a class action lawsuit — that hospitals charge uninsured patients far more.

Once I had analyzed the returned questionnaires and completed on-site review work, several additional findings surfaced:

  • Account inventories far exceeded the levels and dollars known by INTEGRIS. Hospital facilities that had stopped placing accounts with certain agencies did not maintain inventory accountability for accounts or funds held. Management was therefore surprised to learn the actual total inventory amounts.
  • The sophistication of routine agency reconciliation varied greatly among vendors. Routine reconciliation varied from acknowledgment of account transfer reporting that could be run against the balances from INTEGRIS vendor file information, to no formal account level detail reconciliation on vendors no longer used by INTEGRIS. This is problematic, because INTEGRIS does not have an electronic data interchange (EDI) system for real-time electronic tracking and instead relies on the integrity and accuracy of the vendor agency's records. Moreover, some of the vendors do not have EDI systems themselves. Thus, the internal auditor must weigh the risk of inaccurate reconciliation, or nonexisting reconciliations, against the cost of creating a real-time EDI control process for tracking reconciliation and mitigating the risks associated with database management.
  • The vendors' hiring and screening practices varied. Several of the agencies involved in the project did not perform criminal background checks on their new hires, which is concerning due to the confidential patient account information available to collection agency employees.
  • All collection representatives underwent some degree of training. To ensure compliance with the contract and agency policies regarding federal and state laws, collection representatives must be required to go through extensive training and re-training in areas such as client policies, HIPAA, and the Federal Fair Debt Collection Practices Act.
  • An analysis of the vendors' credit revealed that no predetermined credit criteria were used to select vendors. The organization should always check collection agency credit ratings, especially since many states do not require agencies to be licensed or bonded. Moreover, vendors may lack the resources to keep up with needed technology or the ability to return gross collection dollars in a timely manner, before fees are paid. INTEGRIS turns over millions of dollars annually of potential recovery, and management requires assurance that those funds are handled appropriately.
  • Agency background checks were not always performed. In fact, the Dignity and Respect review revealed that one vendor contracted by INTEGRIS had settled with the U.S. Federal Trade Commission for US $1.5 million in 2004 over a case that involved the timing of credit-bureau reporting. Background checks should be performed routinely to identify any lawsuits filed against the agency in state or federal courts. Collection agency vendors should notify clients when their business activities involve compliance issues with local, state, or federal authorities.
  • The degree and sophistication of both physical and virtual patient record security varied greatly. During on-site visits, observational reviews revealed that some agencies were not fully automated in monitoring their call system, internal surveillance hardware or applications, accounting data and record processing activity, or record maintenance. Some agencies' data were restricted due to their use of old proprietary applications that did not operate in the real-time environment. As a result, data such as active or inactive account balances and information on properties that had been seized, garnished, attached, or sold could not be obtained without custom programming.

Review of these findings led me to ponder several additional questions regarding security breach issues, including whether collection vendors should disclose breaches related to INTEGRIS accounts, whether this should be noted in the contract, and what could be the possible financial impact — including damages to reputation — of security breaches? A 2005 study by RSA Security Inc., an information security firm, found that approximately 40 percent of consumers say they would stop doing business with a company if one security breach occurs. If a second breach occurs, that number jumps to 70 percent; and 90 percent would leave after three breaches. If these same statistics were applied to patients (the hospital's customers), the impact would be substantial.

QUALITY IMPROVEMENT

Certain industry financial standards enable companies to evaluate collection agency performance. At INTEGRIS' business office, the revenue cycle management team uses a simple financial percentage ratio to evaluate agency collection performance: gross return over gross placements should be greater than 7 percent. However, there are no established communication expectations or scorecards for continuously improving collection work processes. Therefore, INTEGRIS is working with its agencies to develop a quality-monitoring tool for accountability and process improvement. This simple, Microsoft Excel-based reporting tool aims to enhance ongoing reporting communications as well as establish a scorecard of performance expectations from each party to improve collection processes.

In creating such a tool, expectation criteria and associated matrices need to be developed jointly. Examples of some areas in which expectation criteria may be set include:

  • Account cancellation codes — By establishing these codes, the cause of inappropriate placement can be identified and analyzed for improvement.
  • Call back accounts, or accounts that returned in error — Establishing reason codes for call back accounts and performing a cause analysis can improve efficiency and decrease time spent on inappropriate account placements.
  • Account aging — Requesting and analyzing detailed information regarding how long accounts have been held as well as what collection activity occurred on those accounts can shed light on areas for improvement.
  • Authorization timing issues — Analyzing the reasons for delays in necessary authorizations may help reduce these delays.
  • Time frame expectations — Documenting requested, required information such as answers needed for disputes or settlements and analyzing this information can help eliminate delay factors.

To improve the quality of INTEGRIS' charity care application process, a financial criteria process that determines whether a person qualifies for charity care, the company is evaluating whether to begin using a "second time around" approach. That is, when an agency receives an account that has been deemed "unable to be paid by the debtor" — because the responsible party refused, did not apply for charity care, or was unable to be located after moving — the agency pursues the charity care application process with the hospital on behalf of the debtor. This approach yields several benefits, including process improvement, because hospital employees may ultimately gain a greater understanding of the charity care application process up front — before accounts are sent to the agencies.

INTEGRIS has also benefited from ensuring appropriate classification of charity care, as there is often a significant difference between "bad debt" and debt that the responsible party is simply unable to pay. With increasing public scrutiny of not-for-profit hospitals, it behooves these health-care organizations to analyze the reasons why certain customers who would qualify for charity care "fell through the cracks."

WORTHWHILE REVIEW

Although the Dignity and Respect review did not reveal any instances in which collection agencies used unscrupulous methods to collect patient debts for INTEGRIS, it did identify several potential areas for improvement in collection techniques and conduct. In fact, ongoing auditing of agencies' practices for adherence to performance expectations, maintenance of ethical standards, and contract and legal compliance yields a positive customer focus that protects not only the consumer, but also the health-care corporation that delivers the services.

Any audit group working in an organization that deals with third-party collections can benefit from a similar review. Site visits to collection facilities keep them aware of the organization's attention to detail and desire for constant improvement. After all, by working on your behalf, collection agencies aren't just handling your money, but also your customers.

To comment on this article, e-mail the author at jerome.gardner@theiia.org.

 


Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.

Name:

Email:

Subject:

Comment:

To make something bold:
<strong>Text to bold</strong>

To make something italic:
<em>Text to italicize</em>

To make a hyperlink:
<a href="URL">Text to link</a>

April 2012 IA Online Cover

CCH 2012-2

UCMC 2012 

 International Conference Boston 2012

 

GRC August 2012 

 

 Twitter 
 

facebook IAO 

IA APP