Care Meets Money: A CFE's Guide to the Medical Revenue Cycle

Dr. Cerre Monroe loved practicing medicine; it was something she had always wanted to do. After years of medical school, residency, board exams and working at a hospital, she opened a private practice. At first, things went well. But as patient volume increased and the insurance regulations became more complex, Monroe started to fall behind — slowly at first, until the shortcuts became routine. 

When her most experienced administrative nurse, Rachel, moved to another state, it created a gap in both operations and oversight. A year later, the insurance audit came, then the search warrant at her home and clinic. As she reviewed files to respond to a grand jury subpoena, she wondered what was next. She thought, “Maybe if I had been more diligent and involved in the business side of things, I wouldn’t be in this mess.”  

Understanding the Business of Health 

The above scenario is fictional, but it represents a common reality that fraud examiners encounter. What starts out as well-meaning, mission-oriented work can quickly become overwhelming, and many providers do not pay attention to the intricacies of billing, revenue collection and cost control. Providers and health care leaders need to pay specific attention to the business side of their practice — there is a need and a requirement to have a full-scale compliance and fraud prevention program. Not only will it protect them from being taken advantage of by staff or others they trust, but it is essential because their professional reputation and personal liability is at stake. In fact, federal law requires an effective compliance program as a requirement for participation in programs such as Medicare and Medicaid. Compliance in health care is not optional. 

Failures to have a strong compliance program can be devastating. In one recent case, defense attorneys for a nurse practitioner said that their client was in over his head:  

Part of the reason why [the Defendant] failed to rectify the situation was because his business was chaotic. His employees and third parties billed Medicare and Medicaid with billing codes that many times should not have been used. [The Defendant] was not on top of the billings and should have spent more time understanding the billing codes and when they were appropriate. But turning a blind eye is no excuse and the buck stopped with [the Defendant].”

While they infer that others are to blame, the real issue was a lack of compliance infrastructure, leadership and understanding of the business side of healthcare delivery. 

Driving the Circle 

A challenge that many of these providers face is the failure to understand the medical revenue cycle (MRC). The MRC, sometimes simply referred to as the revenue cycle, is a standard way of describing the full scope of patient care, documentation, billing and reimbursement. The documentation and protocols that are derived from the MRC are vital for providers and their staff to understand and follow. 

In "Understanding Healthcare Financial Management", Drs. Louis Gapenski and George Pink define MRC as a “set of reoccurring business activities and related information processing associated with providing and collecting [funds] for goods or services provided to [patients].” Most models of MRCs follow a three-phased approach: 

Pre-Care Activities	Patient Care Activities	Post-Care Activities
Scheduling   Patient registration  Insurance verification  Care authorization   Insurance certification  Obtain co-payment	Insurance verification  Data collection (vitals, symptoms, etc.)  Service coded appropriately  Medical record updated	Submission of claim  Monitoring payments  Collect underpayments  Repay overpayments  Appealing denials  Reporting and follow-up

Fraud Risks in the MRC 

Risk abounds in the revenue cycle, particularly fraud risk. For example, in the Pre-Care Activities phase, patient information could be misappropriated and used in identity theft schemes (including the misuse of the patient's Medicare, Medicaid or insurance information). Staff accepting the registration information could embezzle cash co-payments. Insurance certifications could be misused and altered in a way that enables the practice to collect directly from the patient.  

Auditors and investigators must be especially vigilant during the Patient Care and Post-Care Activity phases, where the bulk of fraud schemes arise. The constant pressure of health insurance reimbursement and the inability to get paid timely can exert enormous stress on providers, which could lead to shortcuts, like Dr. Monroe’s situation.  

Common fraud risks to be on the lookout for include: 

• Bribery, kickbacks and self-dealing (e.g., referrals to self-owned facilities). 
• Upcoding (services that are higher than necessary). 
• Unbundling (services billed separately but should be billed as one CPT code). 
• Double billing. 
• Billing for services not rendered or medically unnecessary. 
• Billing for medical procedures or services not covered by insurance. 
• Billing for one procedure but identifying it as something else to mask the true nature of the service (misrepresentation of services to ensure payment).
• Routine waiving of co-payments (in violation of insurance policies/contracts). 

Challenges and Opportunities 

Today’s health care is shaped by staffing shortages, large-scale service disruptions resulting from hospital closures and bankruptcies, cost increases, regulatory uncertainty and legislative changes. However, understanding the implications of these issues — which all present risks — is key, and applying them to the MRC will help fraud examiners appreciate the unique nature of these engagements.  

Conducting audits and evaluations of revenue cycle processes can be a specific area that fraud examiners can assist. In addition to putting controls in place to prevent and detect fraud, fraud examiners can be proactive and support the risk posture of the organization through targeted performance improvement reviews. For example, an audit can help identify specific risk levels and trends when it comes to adequately protecting the practice, hospital or organization. A 2019 internal audit report from the University of Texas Southwest hospital is a good example of using the MRC process to assess the effectiveness of controls.  

Know The MRC And Know the Schemes 

A strong understanding of the revenue cycle is a core part of a fraud examiner’s professional toolkit, as the MRC is fundamental to the industry. Fraud examiners need to educate themselves about health care fraud schemes and learn more about the revenue cycle. Specifically, each engagement should include a close review of the organization’s MRC policies, process and how the staff use them in their daily work. 

One industry expert explained to the National Academy of Sciences in 2011:  

Providers are paid more if they overuse resources and if they provide poor care leading to rework. They are paid less if they provide such good care that other care is not necessary. They are paid more for technical and episodic tasks and little for cognitive, coordinative work."

It all comes back to the Fraud Triangle: pressure, opportunity and rationalization.  

Comprehending the revenue cycle, the health care landscape, fraud schemes and controls is essential for fraud examiners as we work to prevent, detect and investigate fraud, waste and abuse in health care.