Most of us remember the “Enron Scandal” and the effects it had on the financial industry. A key change to the law was passed in 2002 with The Sarbanes-Oxley Act http://www.gpo.gov/fdsys/pkg/PLAW-107publ204/html/PLAW-107publ204.htm (also known as Corporate and Auditing Accountability and Responsibility Act). Sarbanes-Oxley aimed to prevent fraudulent accounting practices by; ensuring the accuracy of financial reporting, granting more independence to outside audits, enhancing financial disclosures and more. It a nutshell it created a set of controls, used to make it a lot harder to “cook the books”.
If you’ve heard of this law you’ve probably heard it referred to as the SOX law, and possibly have peers who have to endure “SOX Audits”. In large hospital systems, these are annual events. These audits don’t just focus on the business controls set up for the finance department, but they can have strict standards that they place on the Billing and I.T. Department (all key pieces of the entire Revenue Cycle). I’ve endured many in my former life as an I.T. Director supporting large hospital clients in the Boston Area.
The first one happened in 2004. Auditors sifted through everything and wanted controls everywhere. They wanted to see if we could reconcile every number we reported to some other number on some other report that was out of our control. They didn’t want the same staff posting refunds that were posting payments. One programmer could write the code, but he couldn’t publish it. Only his manager could do that, and she had to prove it tied out to a request that came from the business group. I had to show them nearly every calculation used in every report contained in our analytics system. This went on for days.
For the first couple of years we really dreaded these audits, but we learned a lot and frankly took a lot away from them. The auditors were experts on the “best practice” standards and helped us learn how we could apply them to our needs (and when we didn’t have to). One key concept that we walked away with was an agreement with our clients on a single “Source of Truth” and it’s important to set one for your organization.
A single Source of Truth is one report, which every other report can be tied down to. It’s the report that the Board can hang their hats on. In some cases, billing departments will say that bank deposit log and one Source of Truth, but by itself it’s not a single control. Your financial statements have all sorts of other credits on them (e.g. Write-Offs, Contractual Adjustments, Misdirected cash, etc), none of which will show up on your deposit log.
If you can’t follow all of these transactions in your billing system, and boil down one report that lists them all without any other filters…and reconcile the payments to your bank deposit statement, you should. Once you get this set of reports you have something to lean back on. All of your other reports need to reconcile at some level back to that Source of Truth regardless of what system they were produced from. If they can’t you need to speak to your software vendor or RCM partner.
If you really want to know that your reports are accurate, and trust me the healthcare finance world has its eyes set on FQHCs, you need one Source of Truth.