Skip to Main Content

blogpost

Save time and effort—our list of tips to prepare for
year-end
reporting

By: Preston Kinney,

Melissa is a senior in the firm’s Healthcare/Not-For-Profit Group, responsible for overseeing onsite audit processes as well as performing financial and employee benefit audits and preparing Medicare and Medicaid cost reports. Melissa strives to cultivate client relationships that include one-on-one interaction and constant communication, allowing her to offer solutions and suggestions based on best practices she has observed in the industry.

Melissa is a member of the Maine chapter of HFMA and keeps abreast of changes in the healthcare industry through her participation in industry related association meetings and educational offerings.

Melissa Baez
12.19.19

Editor's note: read this if you are a CFO, controller, accountant, or business manager.

We auditors can be annoying, especially when we send multiple follow-up emails after being in the field for consecutive days. Over the years, we have worked with our clients to create best practices you can use to prepare for our arrival on site for year-end work. Time and time again these have proven to reduce follow-up requests and can help you and your organization get back to your day-to-day operations quickly. 

  1. Reconcile early and often to save time.
    Performing reconciliations to the general ledger for an entire year's worth of activity is a very time consuming process. Reconciling accounts on a monthly or quarterly basis will help identify potential variances or issues that need to be investigated; these potential variances and issues could be an underlying problem within the general ledger or control system that, if not addressed early, will require more time and resources at year-end. Accounts with significant activity (cash, accounts receivable, investments, fixed assets, accounts payable and accrued expenses and debt), should be reconciled on a monthly basis. Accounts with less activity (prepaids, other assets, accrued expenses, other liabilities and equity) can be reconciled on a different schedule.
  2. Scan the trial balance to avoid surprises.
    As auditors, one of the first procedures we perform is to scan the trial balance for year-over-year anomalies. This allows us to identify any significant irregularities that require immediate follow up. Does the year-over-year change make sense? Should this account be a debit balance or a credit balance? Are there any accounts with exactly the same balance as the prior year and should they have the same balance? By performing this task and answering these questions prior to year-end fieldwork, you will be able to reduce our follow up by providing explanations ahead of time or by making correcting entries in advance, if necessary. 
  3. Provide support to be proactive.
    On an annual basis, your organization may go through changes that will require you to provide us documented contractual support.  Such events may include new or a refinancing of debt, large fixed asset additions, new construction, renovations, or changes in ownership structure.  Gathering and providing the documentation for these events prior to fieldwork will help reduce auditor inquiries and will allow us to gain an understanding of the details of the transaction in advance of performing substantive audit procedures. 
  4. Utilize the schedule request to stay organized.
    Each member of your team should have a clear understanding of their role in preparing for year-end. Creating columns on the schedule request for responsibility, completion date and reviewer assigned will help maintain organization and help ensure all items are addressed and available prior to arrival of the audit team. 
  5. Be available to maximize efficiency. 
    It is important for key members of the team to be available during the scheduled time of the engagement.  Minimizing commitments outside of the audit engagement during on site fieldwork and having all year-end schedules prepared prior to our arrival will allow us to work more efficiently and effectively and help reduce follow up after fieldwork has been completed. 

Careful consideration and performance of these tasks will help your organization better prepare for the year-end audit engagement, reduce lingering auditor inquiries, and ultimately reduce the time your internal resources spend on the annual audit process. See you soon. 

Related Professionals

In our consulting work with Skilled Nursing Facilities (SNFs) we have identified some early trends in PDPM implementation we would like to share. PDPM has been in place for a little over three months and while there were some hiccups in the first month, claims appear to be processing normally. SNFs are reporting that PDPM has been positive for their facilities. Many are reporting increases in Medicare revenues and feel PDPM has also been positive for the industry. However, it will still be a few months until we can really measure the financial and operational impacts of PDPM. As we continue to evaluate the early results, here are several lessons learned thus far:

  1. The good news is we were ready! 
    There were predictions that SNFs were not going to be prepared and smaller providers were going to go out of business because they could not adapt to PDPM. This has not been the case. Providers report they have been able to successfully bill under PDPM and most providers are reporting increased reimbursement under PDPM. Initial PDPM news is positive for the industry, but to be successful providers must continue to adapt.
  2. There still needs to be more education on the Minimum Data Set (MDS) to optimize reimbursement.
    SNFs are unsure how sections of the MDS work together under PDPM. MDS nurses need more training on what section to enter diagnosis codes and they are unsure when a diagnosis or a check box will generate the PDPM score. Diagnoses that impact Speech Language Pathology (SLP) and any diagnoses that impact Non-Therapy Ancillaries (NTAs) should be recorded on MDS Section I8000. Some diagnoses entered in Section I8000 also have check boxes in Section I that must be checked in order to be properly reimbursed.
  3. There were some missed reimbursement opportunities.
    There are several factors contributing to missed reimbursement opportunities, including delays in receiving information from physicians and other departments. Facilities need to build better relationships with physicians and provider networks to improve communication that focuses on clinical conditions and co-morbidities of the resident. Additionally, procedures need to be in place to gather clinical information within the first three days in order to get all relevant information on the five-day MDS.
  4. Diagnosis should be supported by patient care plan.
    To be in compliance with Medicare regulations and prevent takebacks on audit, diagnoses must be supported by the resident care plan. For example, if a diagnosis code for malnutrition is entered in Section I, then the resident care plan and medical records need to support the diagnosis. The care plan should document information, such as specific risk factors, lab results, and weight tracking results. Reimbursement and treatment decisions need to have a demonstrable benefit to the resident and must be supported by the resident care plan.
  5. Providers need to evaluate how they provide therapy.
    Before making significant changes to their therapy programs, facilities should analyze their therapy utilization and outcomes under PDPM, as compared to outcomes and utilization under RUGS IV. This ensures you are providing high-quality care at the lowest cost. Things to consider are per patient day utilization ratios, cost per minute under PDPM vs RUGS IV, productivity standards under PDPM, and outcomes. SNFs that are decreasing their therapy minutes should be sure they still have good quality outcomes. 
  6. The bad news? Rate adjustments may be coming sooner than expected.
    PDPM was intended to be budget neutral. Based on early results, this does not seem to be the case. More SNFs are reporting they are winners rather than losers under PDPM. The belief is if PDPM continues to track with early results there will be a rate adjustment that could come as early as mid-year. However, it is more likely that CMS will make an adjustment to weights and rates as part of the 2020 rulemaking process.

As we move further into 2020, you can expect to see more data on PDPM claims and reimbursements, which will help you make operational and financial decisions about your facility. In the meantime, you should keep focusing on patient care and achieving quality outcomes while thinking about what you can do now to adapt to be successful under PDPM.

Blog
Patient Driven Payment Model (PDPM) implementation lessons learned

Editor’s note: read this if you work for, or are affiliated with, a charitable organization that receives donations. Even the most mature nonprofit organizations may miss one of these filings once in a while. Some items (e.g., the donor acknowledgement letter) may feel commonplace, but a refresher—especially at a particularly busy time of the year as it pertains to giving—can fend off fines.

As the holiday season is now in full swing, the season of giving is also upon us. Perhaps not surprisingly, the month of December is by far the most charitable month of the year, accounting for almost one-third of all charitable gifts made annually. And with all that giving comes the requirement of charitable organizations to provide donor acknowledgements, a formal “thank you” of the gift being received. Different gifts require differing levels of acknowledgement, and in some cases an additional IRS form (or two) may need to be filed. Doing some work now may save you time (and a fine or two) later. 

While children are currently busy making lists for Santa Claus, in the spirit of giving we present to you our list of donor acknowledgement requirements―and best practices―to help you gain control of this issue for the holiday season and beyond.

Donor acknowledgement letters

Charitable (i.e., 501(c)(3)) organizations are required to provide a donor acknowledgement letter to each donor contributing $250 or more to the organization, whether it be cash or non-cash items (i.e., publicly traded securities, real estate, artwork, vehicles, etc.) received. The letter should include the following: 

  1. Name of the organization
  2. Amount of cash contribution
  3. Description of non-cash items (but not the value) 
  4. Statement that no goods and services were provided (assuming this is the case)
  5. Description and good faith estimate of the value of goods and services provided by the organization in return for the contribution, if any
  6. Statement that goods or services provided by the organization in return for the contribution consisted entirely of intangible religious benefit, if any

It is not necessary to include either the donor’s social security number or tax identification number on the written acknowledgment and as a best practice should not be included in the letter.

In addition to including the elements above, the written acknowledgement is also required to be contemporaneous, that is, sent out in a timely fashion. According to the IRS, a donor must receive the acknowledgment by the earlier of:

  • The date on which the donor actually files his or her individual federal income tax return for the year of the contribution
  • The due date (including extensions) of the return in order to be considered contemporaneous

Quid pro quo disclosure statements

When a donor makes a payment greater than $75 to a charitable organization partly as a contribution and partly as a payment for goods and services, a disclosure statement is required to notify the donor of the value of the goods and services received in order for the donor to determine the charitable contribution component of their payment.

An example of this would be if the organization sold tickets to its annual fundraising dinner event. Assume the ticket costs $100 and at the event the ticketholder receives a dinner valued at $40. In this example, the donor’s tax deduction may not exceed $60. Because the donor’s payment (quid pro quo contribution) exceeds $75, the charitable organization must furnish a disclosure statement to the donor, even though the deductible amount doesn’t exceed $75.

It’s important to note that there are some exclusions to these requirements if the value received is considered to be de minimis (known as the Token Exception), but the value received needs to be relatively small (ex: receiving a coffee mug with a picture of the organization’s logo on it). Please consult your tax advisor for more details.

If the organization does not issue disclosure statements, the IRS can issue penalties of $10 per contribution, not to exceed $5,000 per fundraising event or mailing. An organization may be able to avoid the penalty if reasonable cause can be demonstrated.

Receiving or selling donated noncash property? Forms 8283 & 8282 may be required.

If a charitable organization receives noncash donations, it may be asked to sign Form 8283. This form is required to be filed by the donor and included with their personal income tax return. If a donor contributes noncash property (excluding publicly traded securities) valued at over $5,000, the organization will need to sign Form 8283, Section B, Part IV acknowledging receipt of the noncash item(s) received.

By signing Form 8283, the donee organization is not only acknowledging receipt, but is also affirming that if the property being received is sold, exchanged, or otherwise disposed of within three years of the original donation date, the organization will be required to file Form 8282. A copy of this form is filed with the IRS and must also be provided to the original donor. Form 8282 is not required for sales of donated publicly traded securities. The penalty for failure to file Form 8282 when required is generally $50 per form.

Cars, boats, and yes, even airplanes? That would be Form 1098-C.

An airplane? Yes, even an airplane can be donated, and the donee organization must file a separate Form 1098-C, Contributions of Motor Vehicles, Boats, and Airplanes, with the IRS for each contribution of a qualified vehicle that has a claimed value of more than $500. Contemporaneous written acknowledgement requirements apply here too, and Form 1098-C can act as acknowledgement for this purpose. An acknowledgment is considered contemporaneous if it is furnished to the donor no later than 30 days after the date of the contribution if you plan to use the item for a mission-related purpose, or 30 days after the date of the sale of the item to an unrelated third party.

Penalties for failure to provide contemporaneous written acknowledgement for qualified vehicles can be pretty stiff, generally calculated as a percentage of the sale price if sold, or a percentage of the claimed value if not sold. Should you have any questions or receive a request regarding any of the forms noted above, please consult your tax advisor.

As you can see, the rules around donor acknowledgements can seem a lot like Grandma’s fruitcake―complex and perhaps a bit on the nutty side. When issuing donor acknowledgements this holiday season and beyond, be sure to review the list above and check it twice. Doing so may end up keeping you off of the IRS’s naughty list!

Blog
Donor acknowledgements: We have to file what?

Editor's note: Read this if you are a CTO, CIO, or administrator at a college or university. This is the first blog in a series on business lessons and best practices from American literature. For this series, interviewees select from a list of American literary quotes through which to view, and discuss, their focus or industry. The goal? To generate some novel insight.

The interviewees: David Houle and Joseph Traino, consultants at BerryDunn
The focus: Higher education
The quote: “Our inventions are wont to be pretty toys . . . They are but improved means to an unimproved end.”  -- Henry David Thoreau, Walden; or, Life in the Woods

Thoreau wrote this shortly after the Industrial Revolution. How does its cynicism apply to higher education during the Digital Revolution?

David Houle (DH): It speaks to my basic philosophy about applying technology to the needs of higher education clients. I’m not a “technology for the sake of technology” cheerleader. 

Joseph Traino (JT): People often believe that applying new technology to a business problem is going to solve the business problem. That rarely happens. For example, most higher education clients have a student information system. These clients often feel that, in order to resolve certain issues, they should update the system software, whereas the issues are often resolved by updating business practices to be more efficient and effective. 

DH: Right. We are often brought in to identify needed technology changes but end up stressing practices, processes, and people. If staff can’t correctly use a new technology, then the technology will not provide a real, valuable service.

When implementing a new technology, what’s the #1 thing that a higher education institution can do to prevent or avoid “an unimproved end”?

JT: Fully understand the technology’s impact on stakeholders, such as students, faculty, and staff, and answer the “why?”

DH: Keep people in mind and gain their buy-in when making technology decisions.

What technology, or technology-related change, is going to have the biggest effect on higher education over the next five years?

DH: Clients love to ask us this question (laughs). And if I truly knew the answer, I’d be on some Caribbean island right now, filthy rich and sipping a piña colada. That said, I think the technology demands of the new workforce are going to have the biggest effect. To paraphrase the new workforce: “I don’t want to stare at a green screen. And what in the world is DOS?” Conversely, the personnel who used to support these homegrown, in-house “green screen” products want to retire and leave the workforce. 

JT: I agree that the demands of the new workforce will continue to affect higher education and steer institutions away from term-based courses and programs and toward more flexible, student-centric courses and programs. From a technology standpoint, I think AI and bots are going to replace many of the manual processes that we still see today in higher education. These new technologies will create greater efficiencies—but also possibly reduce jobs—at institutions.

DH: Higher education leaders with vision have already grasped this idea of cutting administrative costs wherever possible, because those costs are not what place students in seats—or in front of screens. On the flip side, advising is currently an underserved area in higher education. So there is an opportunity for leaders to reallocate administrative resources to fulfill advising roles and to help students—such as at-risk and first-generation students—not just in the classroom, but through their learning journey.

Circling back to the Thoreau quote, I’m sure many higher education staff fear technology will lead to “unimproved ends” for their careers. How do you navigate those fears when working with clients? 

JT: It’s certainly a challenge. We currently face some of those fears when working with IT departments—more services are being moved to the cloud, and there is less of a need for on-site database administrators and system administrators, as an example. Alluding to what Dave said about advising, I think many higher education jobs can be shifted to provide interactive high-tech, high-touch services to students.

DH: And to be blunt, some people don’t want to shift, don’t want to change. The people part is the most challenging part of technology adoption. 

In this discussion about technology, we keep returning to people—and the people side of change. Are higher education clients typically responsive to the concept of change management?

JT: There’s typically some reticence, and a lack of understanding about the value of change management. In most cases, change management requires an investment beyond the technology investment. But change management is key to success. 

DH: Reticence is a good word. Yet I do think that views about change management are changing rapidly. Higher education leaders who have been through a significant system or process change now seem to understand the value of change management and know that change management is a necessity, not a luxury. 

In the end, are you confident that new technology is going to benefit students and their educational goals? 

DH: I’m unsure if technology improves the quality of education. However, I am sure that technology increases the options for the delivery of education. And greater flexibility in education delivery is certainly beneficial, especially because the traditional student is now non-traditional. Ongoing and 24/7 access demands in education are here to stay.

JT: I agree with Dave wholeheartedly. I think technology will help improve the means to the end, but I’m not sure if technology is going to improve the end. Technology is just one part of the education equation. 
 

Blog
Technology ≠ Education

This spring, I published a blog about the importance of data governance in higher education institutions. In the summer, a second blog covered implementing baseline principles for data governance. With fall upon us, it is time to transition to discussing three critical steps to create a data governance culture. 

1.    Understand the people side of change.

The culture of any organization begins and ends with its people. As you know, people are notoriously finicky when it comes to change (especially change like data governance initiatives that may alter the way we have to understand or interact with institutional data). I recommend that any higher education institution apply a change management methodology (e.g., Prosci®, Lewin’s Change Management Model) in order to gauge the awareness of, the desire for, and the practical realities of this change. If you apply your chosen methodology in an effective and consistent manner, change management will help you increase buy-in and break down resistance. 

2.    Identify and empower the right people for the right roles.

Higher education institutions often focus on data governance processes and technologies. While this is necessary, you can’t overlook the people part of data governance. In fact, you can argue it is the most important part, because without people, there will be no one to follow the processes you create or use the technologies you implement. 

To find the right people, you need to identify and establish three specific roles for your institution: data trustees, data stewards, and data managers. Once you have organized these roles and responsibilities, data governance becomes easier to manage. Some definitions:

Data trustees (the sponsors) – senior leadership (or designees) who oversee data policy, planning, and management. Their responsibilities include: 

  • Promoting data governance 
  • Approving and updating data policies​​
  • Assigning and overseeing data stewards
  • Being responsible for data governance

Data stewards (the owners) – directors, managers, associate deans, or associate vice presidents who manage one or more data types. Their responsibilities include:

  • Applying and overseeing data governance policies in their functional areas
  • Following legal requirements pertaining to data in their functional areas
  • Classifying data and identifying data safeguards
  • Being accountable for data governance

Data managers (the caretakers) – data system managers, senior data analysts, or functional users (registrar, financial aid, human resources, etc.) who perform day-to-day data collection and management operations. Their responsibilities include:

  • Implementing data governance policies in their functional areas
  • Resolving data issues in their functional areas 
  • Provide training and appropriate documentation to data users
  • Being informed and consulted about data governance

3.    Be consistent and hold people accountable.

Ultimately, your data governance team needs accountability in order to thrive. Therefore, it is up to data trustees, data stewards, and data managers to hold regular meetings, take and distribute meeting notes, and identify and follow up on meeting action items. Without this follow through, data governance initiatives will likely stall or stop altogether. 

More information on data governance 

Are you still curious about additional guiding principles of data governance in higher education? Please contact the team
 

Blog
People Power: Enacting Sustainable Data Governance

Editors note: read this if you are a leader in an accountable care organization and interested in value-based contracting.

Accountable Care Organizations (ACOs) and value-based payments: an introduction

With the goal of slowing the rising cost of healthcare while maintaining the delivery of high-quality care, the Centers for Medicare & Medicaid Services (CMS) and private payers utilize a number of different provider payment models. The primary approach to address increasing healthcare costs has been to move away from fee-for-service payment models—which incentivize increasing the volume of care provided—to value-based payment models, which hold providers accountable for both the cost and quality of care they provide. The models have the potential to lead to reduced revenue for some providers, an outcome that can be avoided by successfully attracting larger patient populations. 

Value-based payment model options 

CMS has been a driver in this transition by moving physician reimbursement from being solely based on the Resource-Based Relative Value Scale (RBRVS) fee-for-service methodology to one that adds performance-based elements either through the Merit-based Incentive Payment System (MIPS) or Advanced Alternative Payment Models (Advanced APMs):

  • Providers that are MIPS eligible will have up to 9% of their RBRVS-based payments adjusted for four categories: quality, cost, clinical practice improvement activities, and promoting interoperability.
  • Providers in an Advanced APM may earn an incentive payment based on their participation in an innovative payment model―with more opportunity for incentive rewards being given to those who take downside financial risk. 

On the hospital side, CMS developed the Hospital Value-Based Purchasing (VBP) Program in order to move away from reimbursement based strictly on Diagnosis Related Groups (DRGs). The Hospital VBP Program rewards hospitals with incentive payments based on the quality of care they provide to Medicare beneficiaries. 

ACO value-based payment models are APMs that typically incorporate quality and the total cost of care for all services for a specific population, rather than just a specific clinical condition or care episode. Under the ACO model, CMS contracts with providers to assume increasing financial risk and reward opportunities while also being held accountable for their quality performance managing defined sub-populations they serve. These types of models are also employed by private payers.

How can ACOs succeed with payment models constantly changing?

ACOs should proceed with caution as they enter models with accountability for financial risk such as the newly finalized CMS Pathways to Success program and certain private payer commercial models. In order to be successful in any model, it is critical that ACOs have an adequate foundation in place and a provider network built to provide coordinated care. Some of the key elements for your success include:

  • Population data: Data for the ACO members that is a comprehensive record of their recent health utilization and spending history is critical.
  • Eligibility reporting: Require that eligibility files are provided on a monthly basis, and understand the way in which members are attributed or assigned. 
  • Claims data: Ensure accurate and complete claims data will be provided by payers monthly for the ACO members.
  • Financial/quality reporting: Ensure creation of infrastructure to generate reporting from the population data on a timely basis. Without timely reporting, the actual performance against benchmarks will not be known until it is too late to take any action.
  • Actuarial support: Validating spending targets and performance settlement should draw on the expertise of a qualified actuary.
  • Clinical documentation: Ambulatory clinical documentation categorizes patients based on the complexity of their diagnoses, which can be a predictor of future health care costs and used to identify at risk members for care management, disease management, and other programs. 
  • Population health management tools: Establish capabilities around population health management, specifically data aggregation and analysis that results in actionable recommendations
  • Audit capability: Verify the accuracy of payer financial and quality reports including the risk adjustment methodology.

Success in value-based payment models will require ACOs to understand changes to their population and quickly respond to address quality, utilization, and cost trends. 

WEBINAR
Demystifying Value-Based Contracting: Key Steps To Empower Your Organization

Want to learn more? Watch our value-based contracting webinar.

Blog
Success in value-based payment for ACOs

Follow these six steps to help your senior living organization improve cash flow, decrease days in accounts receivable, and reduce write offs.

From regulatory and reimbursement rule changes to new software and staff turnover, senior living facilities deal with a variety of issues that can result in eroding margins. Monitoring days in accounts receivable and creeping increases in bad debt should be part of a regular review of your facility’s financial indicators.

Here are six steps you and your organization can take to make your review more efficient and potentially improve your bottom line:

Step 1: Understand your facility’s current payer mix.

Understanding your payer mix and various billing requirements and reimbursement schedules will help you set reasonable goals and make an accurate cash flow forecast. For example, government payers often have a two-week reimbursement turn-around for a clean claim, while commercial insurance reimbursement may take up to 90 days. Discovering what actions you can take to keep the payment process as short as possible can lessen your average days in accounts receivable and improve cash flow.

Step 2: Gain clarity on your facility’s billing calendar.

Using data from Step 1, review (or develop) your team’s billing calendar. The faster you send a complete and accurate bill, the sooner you will receive payment.

Have a candid discussion with your billers and work on removing (or at least reducing) existing or perceived barriers to producing timely and accurate bills. Facilities frequently find opportunities for cash flow optimization by communicating their expectations for vendors and care partners. For example, some facilities rely on their vendors to provide billing logs for therapy and ancillary services in order to finalize Resource Utilization Groups (RUGs) and bill Medicare and advantage plans. Delayed medical supply and pharmacy invoices frequently hold up private pay billing. Working with vendors to shorten turnaround time is critical to receiving faster payments.

Interdependencies and areas outside the billers’ control can also negatively influence revenue cycle and contribute to payment delays. Nursing and therapy department schedules, documentation, and the clinical team’s understanding of the principles of reimbursement all play significant roles in timeliness and accuracy of Minimum Data Sets (MDSs) — a key component of Medicare and Medicaid billing. Review these interdependencies for internal holdups and shorten time to get claims produced.

Step 3: Review billing practices.

Observe your staff and monitor the billing logs and insurance claim acceptance reports to locate and review rejected invoices. Since rejected claims are not accepted into the insurer’s system, they will never be reflected as denied on remittance advice documents. Review of submitted claims for rejections is also important as frequently billing software marks claims as billed after a claim is generated. Instruct billers to review rejections immediately after submitting the bill, so rework, resubmission, and payment are timely.

Encourage your billers to generate pull communications (using available reporting tools on insurance portals) to review claim status and resolve any unpaid or suspended claims. This is usually a quicker process than waiting for a push communication (remittance advice) to identify unpaid claims.

Step 4: Review how your facility receives payments.

Challenge any delays in depositing money. Many insurance companies offer payment via ACH transfer. Discuss remote check deposit solutions with your financial institution to eliminate delays. If the facility acts as a representative payee for residents, make sure social security checks are directly deposited to the appropriate account. If you use a separate non-operating account to receive residents’ pensions, consider same day bill pay transfer to the operating account.

Step 5: Review industry benchmarks.

This is critical to understanding where your facility stands and seeing where you can make improvements. BerryDunn’s database of SNF Medicare cost reports filed for FY 2015 - 2018 shows:

Skilled Nursing Facilities: Days in Accounts Receivable

Step 6: Celebrate successes!

Clearly some facilities are doing it very well, while some need to take corrective action. This information can also help you set reasonable goals overall (see Step 1) as well as payer-specific reimbursement goals that make sense for your facility. Review them with the revenue cycle team and question any significant variances; challenge staff to both identify reasons for variances and propose remedial action. Helping your staff see the big picture and understanding how they play a role in achieving department and company goals are critical to sustaining lasting change AND constant improvement.

Change, even if it brings intrinsic rewards (like decreased days in accounts receivable, increased margin to facilitate growth), can be difficult. Acknowledge that changing processes can be tough and people may have to do things differently or learn new skills to meet the facility’s goal. By celebrating the improvements — even little ones — like putting new processes in place, you encourage and engage people to take ownership of the process. Celebrating the wins helps create advocates and lets your team know you appreciate their work. 

To learn more, contact one of our revenue cycle specialists.

Blog
Six steps to gain speed on collections

A version of this article was previously published on the Massachusetts Nonprofit Network

Editor’s note: while this blog is not technical in nature, you should read it if you are involved in IT security, auditing, and management of organizations that may participate in strategic planning and business activities where considerations of compliance and controls is required.

As we find ourselves in a fast-moving, strong business growth environment, there is no better time to consider the controls needed to enhance your IT security as you implement new, high-demand technology and software to allow your organization to thrive and grow. Here are five risks you need to take care of if you want to build or maintain strong IT security.

1. Third-party risk management―It’s still your fault

We rely daily on our business partners and vendors to make the work we do happen. With a focus on IT, third-party vendors are a potential weak link in the information security chain and may expose your organization to risk. However, though a data breach may be the fault of a third-party, you are still responsible for it. Potential data breaches and exposure of customer information may occur, leaving you to explain to customers and clients answers and explanations you may not have. 

Though software as a service (SaaS) providers, along with other IT third-party services, have been around for well over a decade now, we still neglect our businesses by not considering and addressing third-party risk. These third-party providers likely store, maintain, and access company data, which could potentially contain personally identifiable information (names, social security numbers, dates of birth, addresses), financial information (credit cards or banking information), and healthcare information of your customers. 

While many of the third-party providers have comprehensive security programs in place to protect that sensitive information, a study in 2017 found that 30% of data breaches were caused by employee error or while under the control of third-party vendors.1  This study reemphasizes that when data leaves your control, it is at risk of exposure. 

In many cases, procurement and contracting policies likely have language in contracts that already establish requirements for third-parties related to IT security; however the enforcement of such requirements and awareness of what is written in the contract is not enforced or is collected, put in a file, and not reviewed. What can you do about it?

Improved vendor management

It is paramount that all organizations (no matter their size) have a comprehensive vendor management program that goes beyond contracting requirements in place to defend themselves against third-party risk which includes:

  1. An inventory of all third-parties used and their criticality and risk ranking. Criticality should be assigned using a “critical, high, medium or low” scoring matrix. 
  2. At time of onboarding or RFP, develop a standardized approach for evaluating if potential vendors have sufficient IT security controls in place. This may be done through an IT questionnaire, review of a Systems and Organization Controls (SOC report) or other audit/certifications, and/or policy review. Additional research may be conducted that focuses on management and the company’s financial stability. 
  3. As a result of the steps in #2, develop a vendor risk assessment using a high, medium and low scoring approach. Higher risk vendors should have specific concerns addressed in contracts and are subject to more in depth annual due diligence procedures. 
  4. Reporting to senior management and/or the board annually on the vendors used by the organization, the services they perform, their risk, and ways the organization monitors the vendors. 

2. Regulation and privacy laws―They are coming 

2018 saw the implementation of the European Union’s General Data Privacy Regulation (GDPR) which was the first major data privacy law pushed onto any organization that possesses, handles, or has access to any citizen of EU’s personal information. Enforcement has started and the Information Commissioner’s Office has begun fining some of the world’s most famous companies, including substantial fines to Marriott International and British Airways of $125 million and $183 million Euros, respectively.2  Gone are the days where regulations lacked the teeth to force companies into compliance. 

With thanks to other major data breaches where hundreds of millions’ consumers private information was lost or obtained (e.g., Experian), more regulation is coming. Although there is little expectation of an American federal requirement for data protection, individual states and other regulating organizations are introducing requirements. Each new regulation seeks to protect consumer privacy but the specifics and enforcement of each differ. 

Expected to be most impactful in 2019 is the California Consumer Privacy Act,  which applies to organizations that handle, collect, or process consumer information and do business in the state of California (you do not have to be located in CA to be under the umbrella of enforcement).

In 2018, Maine passed the toughest law on telecommunications providers for selling consumer information. Massachusetts’ long standing privacy and data breach laws were amended with stronger requirements in January of 2019. Additional privacy and breach laws are in discussion or on the table for many states including Colorado, Delaware, Ohio, Oregon, Ohio, Vermont, and Washington, amongst others.      

Preparation and awareness are key

All organizations, no matter your line of business must be aware of and understand current laws and proposed legislation. New laws are expected to not only address the protection of customer data, but also employee information. All organizations should monitor proposed legislation and be aware of the potential enforceable requirements. The good news is that there are a lot of resources out there and, in most cases, legislative requirements allow for grace periods to allow organizations to develop a complete understanding of proposed laws and implement needed controls. 

3. Data management―Time to cut through the clutter 

We all work with people who have thousands of emails in their inbox (in some cases, dating back several years). Those users’ biggest fears may start to come to fruition―that their “organizational” approach of not deleting anything may come to an end with a simple email and data retention policy put in place by their employer. 

The amount of data we generate in a day is massive. Forbes estimates that we generate 2.5 quintillion bytes of data each day and that 90% of all the world’s data was generated in the last two years alone.3 While data is a gold mine for analytics and market research, it is also an increasing liability and security risk. 

Inc. Magazine says that 73% of the data we have available to us is not used.4 Within that data could be personally identifiable information (such as social security numbers, names, addresses, etc.); financial information (bank accounts, credit cards etc.); and/or confidential business data. That data is valuable to hackers and corporate spies and in many cases data’s existence and location is unknown by the organizations that have it. 

In addition to the security risk that all this data poses, it also may expose an organization to liability in the event of a lawsuit of investigation. Emails and other communications are a favorite target of subpoenas and investigations and should be deleted within 90 days (including deleted items folders). 

Take an inventory before you act

Organizations should first complete a full data inventory and understand what types of data they maintain and handle, and where and how they store that data. Next, organizations can develop a data retention policy that meets their needs. Utilizing backup storage media may be a solution that helps reduce the need to store and maintain a large amount of data on internal systems. 

4. Doing the basics right―The simple things work 

Across industries and regardless of organization size, the most common problem we see is the absence of basic controls for IT security. Every organization, no matter their size, should work to ensure they have controls in place. Some must-haves:

  • Established IT security policies
  • Routine, monitored patch management practices (for all servers and workstations)
  • Change management controls (for both software and hardware changes)
  • Anti-virus/malware on all servers and workstations
  • Specific IT security risk assessments 
  • User access reviews
  • System logging and monitoring 
  • Employee security training

Go back to the basics 

We often see organizations that focus on new and emerging technologies, but have not taken the time to put basic security controls in place. Simple deterrents will help thwarting hackers. I often tell my clients a locked car scares away most ill-willed people, but a thief can still smash the window.  

Smaller organizations can consider using third-party security providers, if they are not able to implement basic IT security measures. From our experience, small organizations are being held to the same data security and privacy expectations by their customers as larger competitors and need to be able to provide assurance that controls are in place.  

5. Employee retention and training 

Unemployment rates are at an all-time low, and the demand for IT security experts at an all-time high. In fact, Monster.com reported that in 2019 the unemployment rate for IT security professionals is 0%.5 

Organizations should be highly focused on employee retention and training to keep current employees up-to-speed on technology and security trends. One study found that only 15% of IT security professionals were not looking to switch jobs within one year.6  

Surprisingly, money is not the top factor for turnover―68% of respondents prioritized working for a company that takes their opinions seriously.6 

For years we have told our clients they need to create and foster a culture of security from the top down, and that IT security must be considered more than just an overhead cost. It needs to align with overall business strategy and goals. Organizations need to create designated roles and responsibilities for security that provide your security personnel with a sense of direction―and the ability to truly protect the organization, their people, and the data. 

Training and support goes a long way

Offering training to security personnel allows them to stay abreast of current topics, but it also shows those employees you value their knowledge and the work they do. You need to train technology workers to be aware of new threats, and on techniques to best defend and protect from such risks. 

Reducing turnover rate of IT personnel is critical to IT security success. Continuously having to retrain and onboard employees is both costly and time-consuming. High turnover impacts your culture and also hampers your ability to grow and expand a security program. 

Making the effort to empower and train all employees is a powerful way to demonstrate your appreciation and support of the employees within your organization—and keep your data more secure.  

Our IT security consultants can help

Ensuring that you have a stable and established IT security program in place by considering the above risks will help your organization adapt to technology changes and create more than just an IT security program, but a culture of security minded employees. 

Our team of IT security and control experts can help your organization create and implement controls needed to consider emerging IT risks. For more information, contact the team
 

Sources:
[1] https://iapp.org/news/a/surprising-stats-on-third-party-vendor-risk-and-breach-likelihood/  
[2] https://resources.infosecinstitute.com/first-big-gdpr-fines/
[3] https://www.forbes.com/sites/bernardmarr/2018/05/21/how-much-data-do-we-create-every-day-the-mind-blowing-stats-everyone-should-read/#458b58860ba9
[4] https://www.inc.com/jeff-barrett/misusing-data-could-be-costing-your-business-heres-how.html
[5] https://www.monster.com/career-advice/article/tech-cybersecurity-zero-percent-unemployment-1016
[6] https://www.securitymagazine.com/articles/88833-what-will-improve-cyber-talent-retention

Blog
Five IT risks everyone should be aware of

Editor’s note: If you are a higher education CFO, CIO, CTO or other C-suite leader, this blog is for you.

The Gramm-Leach-Bliley Act (GLBA) has been in the news recently as the Federal Trade Commission (FTC) has agreed to extend a deadline for public comment regarding proposed changes to the Safeguards Rule. Here’s what you need to know.

GLBA, also known as the Financial Modernization Act, is a 1999 federal law providing rules to financial institutions for protecting consumer information. Colleges and universities fall under this act because they conduct financial activities (e.g., administration of financial aid, loans, and other financial services).

Under the Safeguards Rule financial Institutions must develop, implement, and maintain a comprehensive information security program that consists of safeguards to handle customer information.

Proposed changes

The FTC is proposing five modifications to the Safeguards Rule. The new act will:

  • Provide more detailed guidance to impacted institutions regarding how to develop and implement specific aspects of an overall information security program.
  • Improve the accountability of an institution’s information security programs.
  • Exempt small business from certain requirements.
  • Expand the definition of “financial institutions” to include entities engaged in activities that the Federal Reserve Board determines to be incidental to financial activities.
  • Propose to include the definition of “financial institutions” and related examples in the rule itself rather than cross-reference them from a related FTC rule (Privacy of Consumer Financial Information Rule).

Potential impacts for your institution

The Federal Register, Volume 84, Number 65, published the notice of proposed changes that once approved by the FTC would add more prescriptive rules that could have significant impact on your institution. For example, these rules would require institutions to:

  1. Expand existing security programs with additional resources.
  2. Produce additional documentation.
  3. Create and implement additional policies and procedures.
  4. Offer various forms of training and education for security personnel.

The proposed rules could require institutions to increase their commitment in time and staffing, and may create hardships for institutions with limited or challenging resources.

Prepare now

While these changes are not final and the FTC is requesting public comment, here are some things you can do to prepare for these potential changes:

  • Evaluate whether your institution is compliant to the current Safeguards Rule.
  • Identify gaps between current status and proposed changes.
  • Perform a risk assessment.
  • Ensure there is an employee designated to lead the information security program.
  • Monitor the FTC site for final Safeguard Rules updates.

In the meantime, reach out to us if you would like to discuss the impact GLBA will have on your institution or if you would like assistance with any of the recommendations above. You can view a comprehensive list of potential changes here.

Source: Federal Trade Commission. Safeguards Rule. Federal Register, Vol. 84, No. 65. FTC.gov. April 4, 2019. https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/safeguards-rule

Blog
Higher ed: GLBA is the new four-letter word, but it's not as bad as you think

In light of the recent cyberattacks in higher education across the US, more and more institutions are finding themselves no longer immune to these activities. Security by obscurity is no longer an effective approach—all  institutions are potential targets. Colleges and universities must take action to ensure processes and documentation are in place to prepare for and respond appropriately to a potential cybersecurity incident.

BerryDunn’s Rick Gamache recently published several blog articles on incident response that are relevant to the recent cyberattacks. Below I have provided several of his points tailored to higher education leaders to help them prepare for cybersecurity incidents at their institutions.

What are some examples of incidents that managers need to prepare for?

Examples range from external breaches and insider threats to instances of malfeasance or incompetence. Different types of incidents lead to the same types of results—yet you can’t have a broad view of incidents. Managers should work with their teams to create incident response plans that reflect the threats associated with higher education institutions. A handful of general incident response plans isn’t going to cut it.

Managers need to work with their teams to develop a specific incident response plan for each specific type of incident. Why? Well, think of it this way: Your response to a careless employee should be different from your response to a malicious employee, for a whole host of legal reasons. Incident response is not a cookie-cutter process. In fact, it is quite the opposite. This is one of the reasons I highly suggest security teams include staff members outside of IT. When you’re responding to incidents, you want people who can look at a problem or situation from an external perspective, not just a technical or operational perspective within IT. These team members can help answer questions such as, what does the world see when they look at our institution? What institutional information might be valuable to, or targeted by, malicious actors? You’ll get some valuable fresh perspectives.

How short or long should the typical incident response plan be?

I often see good incident response plans no more than three or four pages in length. However, it is important that incident response plans are task oriented, so that it is clear who does what next. And when people follow an incident response plan, they should physically or digitally check off each activity, then record each activity.

What system or software do you recommend for recording incidents and responses?

There are all types of help desk software you can use, including free and open source software. I recommend using help desk software with workflow capabilities, so your team can assign and track tasks.

Any other tips for developing incident response plans?

First, managers should work with, and solicit feedback from across the academic and administrative areas within the institution when developing incident response plans. If you create these documents in a vacuum, they will be useless.

Second, managers and their teams should take their time and develop the most “solid” incident response plans possible. Don’t rush the process. The effectiveness of your incident response plans will be critical in assessing your institution’s ability to survive a breach. Because of this, you should be measuring your response plans through periodic testing, like conducting tabletop exercises.

Third, keep your students and external stakeholders in mind when developing these plans. You want to make sure external communications are consistent, accurate, and within the legal requirements for your institution. The last thing you want is students and stakeholders receiving conflicting messages about the incident. 

Are there any decent incident response plans in the public domain that managers and their teams can adapt for their own purposes?

Yes. My default reference is the National Institute of Standards and Technology (NIST). NIST has many special publications that describe the incident response process, how to develop a solid plan, and how to test your plan.

Should institutions have dedicated incident response teams?

Definitely. Institutions should identify and staff teams using internal resources. Some institutions may want to consider hiring a reputable third party to act as an incident response team. The key with hiring a third party? Don’t wait until an incident occurs! If you wait, you’re going to panic, and make panic-based decisions. Be proactive and hire a third party on retainer.

That said, institutions should consider hiring a third party on an annual basis to review incident response plans and processes. Why? Because every institution can grow complacent, and complacency kills. A third party can help gauge the strengths and weaknesses of your internal incident response teams, and provide suggestions for general or specific training. A third party can also educate your institution about the latest and greatest cyber threats.

Should managers empower their teams to conduct internal “hackathons” in order to test incident response?

Sure! It’s good practice, and it can be a lot of fun for team members. There are a few caveats. First, don’t call it a hackathon. The word can elicit negative or concerned reactions. Call it “active testing” or “continuous improvement exercises.” These activities allow team members to think creatively, and are opportunities for them to boost their cybersecurity knowledge. Second, be prepared for pushback. Some managers worry if team members gain more cybersecurity skills, then they’ll eventually leave the institution for another, higher-paying job. I think you should be committed to the growth of your team members―it’ll only make your institution more secure.

What are some best practices managers should follow when reporting incidents to their leadership?

Keep the update quick, brief, and to the point. Leave all the technical jargon out, and keep everything in an institutional context. This way leadership can grasp the ramifications of the event and understand what matters. Be prepared to outline how you’re responding and what actions leadership can take to support the incident response team and protect the institution. In the last chapter, I mentioned what I call the General Colin Powell method of reporting, and I suggest using that method when informing leadership. Tell them what you know, what you don’t know, what you think, and what you recommend. Have answers, or at least a plan.

How much institution-wide communication should there be about incidents?

That’s a great question, but a tough one to answer. Transparency is good, but it can also unintentionally lead to further incidents. Do you really want to let your whole institution know about an exploitable weakness? Also, employees can spread information about incidents on social media, which can actually lead to the spread of misinformation. If you are in doubt about whether or not to inform the entire institution about an incident, refer to your Legal Department. In general, institution-wide communication should be direct: We’ve had an incident; these are the facts; this is what you are allowed to say on social media; and this is what you’re not allowed to say on social media.

Another great but tough question: When do you tell the public about an incident? For this type of communication, you’re going to need buy-in from various sources: senior leadership, Legal, HR, and your PR team or external PR partners. You have to make sure the public messaging is consistent. Otherwise, citizens and the media will try to poke holes in your official story. And that can lead to even more issues.

What are the key takeaways for higher education leaders?

Here are key takeaways to help higher education leaders prepare for and respond appropriately to cybersecurity incidents:

  1. Understand your institution’s current cybersecurity environment. 
    Questions to consider: Do you have Chief Information Security Officer (CISO) and/or a dedicated cybersecurity team at your institution? Have you conducted the appropriate audits and assessments to understand your institution’s vulnerabilities and risks?
  2. Ensure you are prepared for cybersecurity incidents. 
    Questions to consider: Do you have a cybersecurity plan with the appropriate response, communication, and recovery plans/processes? Are you practicing your plan by walking through tabletop exercises? Do you have incident response teams?

Higher education continues to face growing threats of cybersecurity attacks – and it’s no longer a matter of if, but when. Leaders can help mitigate the risk to their institutions by proactively planning with incident response plans, communication plans, and table-top exercises. If you need help creating an incident response plan or wish to speak to us regarding preparing for cybersecurity threats, please reach out to us.
 

Blog
Cyberattacks in higher education—How prepared are you?

Editor’s note: read this if you are a Maine business owner or officer.

New state law aligns with federal rules for partnership audits

On June 18, 2019, the State of Maine enacted Legislative Document 1819, House Paper 1296, An Act to Harmonize State Income Tax Law and the Centralized Partnership Audit Rules of the Federal Internal Revenue Code of 1986

Just like it says, LD 1819 harmonizes Maine with updated federal rules for partnership audits by shifting state tax liability from individual partners to the partnership itself. It also establishes new rules for who can—and can’t—represent a partnership in audit proceedings, and what that representative’s powers are.

Classic tunes—The Tax Equity and Fiscal Responsibility Act of 1982

Until recently, the Tax Equity and Fiscal Responsibility Act of 1982 (TEFRA) set federal standards for IRS audits of partnerships and those entities treated as partnerships for income tax purposes (LLCs, etc.). Those rules changed, however, following passage of the Bipartisan Budget Act of 2015 (BBA) and the Protecting Americans from Tax Hikes Act of 2015 (PATH Act). Changes made by the BBA and PATH Act included:

  • Replacing the Tax Matters Partner (TMP) with a Partnership Representative (PR);
  • Generally establishing the partnership, and not individual partners, as liable for any imputed underpayment resulting from an audit, meaning current partners can be held responsible for the tax liabilities of past partners; and
  • Imputing tax on the net audit adjustments at the highest individual or corporate tax rates.

Unlike TEFRA, the BBA and PATH Act granted Partnership Representatives sole authority to act on behalf of a partnership for a given tax year. Individual partners, who previously held limited notification and participation rights, were now bound by their PR’s actions.

Fresh beats—new tax liability laws under LD 1819

LD 1819 echoes key provisions of the BBA and PATH Act by shifting state tax liability from individual partners to the partnership itself and replacing the Tax Matters Partner with a Partnership Representative.

Eligibility requirements for PRs are also less than those for TMPs. PRs need only demonstrate “substantial presence in the US” and don’t need to be a partner in the partnership, e.g., a CFO or other person involved in the business. Additionally, partnerships may have different PRs at the federal and state level, provided they establish reasonable qualifications and procedures for designating someone other than the partnership’s federal-level PR to be its state-level PR.

LD 1819 applies to Maine partnerships for tax years beginning on or after January 1, 2018. Any additional tax, penalties, and/or interest arising from audit are due no later than 180 days after the IRS’ final determination date, though some partnerships may be eligible for a 60-day extension. In addition, LD 1819 requires Maine partnerships to file a completed federal adjustments report.

Partnerships should review their partnership agreements in light of these changes to ensure the goals of the partnership and the individual partners are reflected in the case of an audit. 

Remix―Significant changes coming to the Maine Capital Investment Credit 

Passage of LD 1671 on July 2, 2019 will usher in a significant change to the Maine Capital Investment Credit, a popular credit which allows businesses to claim a tax credit for qualifying depreciable assets placed in service in Maine on which federal bonus depreciation is claimed on the taxpayer's federal income tax return. 

Effective for tax years beginning on or after January 1, 2020, the credit is reduced to a rate of 1.2%. This is a significant reduction in the current credit percentages, which are 9% and 7% for corporate and all other taxpayers, respectively. The change intends to provide fairness to companies conducting business in-state over out-of-state counterparts. Taxpayers continue to have the option to waive the credit and claim depreciation recapture in a future year for the portion of accelerated federal bonus depreciation disallowed by Maine in the year the asset is placed in service. 

As a result of this meaningful reduction in the credit, taxpayers who have historically claimed the credit will want to discuss with their tax advisors whether it makes sense to continue claiming the credit for 2020 and beyond.
 

Blog
Maine tax law changes: Music to the ears, or not so much?

Read this if you are a Nursing Home Administrator, Admissions Coordinator, MDS Nurse, Nursing Home Owner, Business Office Manager, Case Manager, Nursing Home CEO, CFO, or COO.

Patient Driven Payment Model (PDPM) implementation is less than three months away. Is your facility ready for admissions under PDPM? The way you think about admissions and the admission process will change under PDPM. Some highlights:

  • The resident’s clinical characteristics will now be the determinant of payment rather than therapy provided.
  • Facilities that admit medically complex residents—those who need higher levels of potentially expensive care, including high-cost medications, ventilator care, and care for residents with HIV/AIDS—will receive reimbursement that more closely reflects those higher costs.
  • PDPM will eliminate the 14-day, 30-day, 60-day and 90-day assessments and will only require a five-day and discharge assessment. 
  • The five-day assessment will drive payment for the entire resident stay unless there is change in the resident’s clinical characteristics. 

With the elimination of the five scheduled assessments under PDPM, facilities will save time spent on assessments; however, PDPM will require a higher degree of accuracy on the Day Five assessment. For proper reimbursement, your staff will have to gather all relevant clinical information on the resident in a shorter period of time. A strong admissions team and processes will help you achieve financial success under PDPM. 

Screening residents for admission will also become more critical for appropriate reimbursement. Under RUGS-IV, most facilities relied only on their admissions coordinator to handle admissions. Under PDPM, facilities are going to have to involve more team members in the pre-admission process to ensure proper and thorough screening of residents. 

Since PDPM focuses on all the resident’s clinical characteristics, you will need pre-admission input from many team members, including but not limited to physicians, nurses, therapy providers, and case management. You will need to assess many other elements up front―if you miss something in the screening, you won’t receive adequate reimbursement. 

With payment tied not only to the residents' primary reasons for being in the facility, but also the comorbidities that affect their health, you need to know more about potential residents prior to admission. The admissions team will need to get a comprehensive background on each resident―including all comorbidities, recent surgical history, and other clinical characteristics and services that determine a resident’s case-mix.

For example, in some cases, two diagnoses, such as aftercare for major joint surgery and an infectious complication, may compete for the primary diagnosis. These two diagnoses would place the resident in different clinical categories and would result in different rates of reimbursement. Working as a team, your staff will have to determine which of these diagnoses most accurately reflects the characteristics of the resident, the services needed by that resident, and the resources that he or she requires.

To emphasize again, under the new PDPM assessment schedule, facilities cannot make changes to resident clinical characteristics on the five-day assessment unless a resident has a significant change in status and the facility performs an interim payment assessment. You really only have one shot at getting it right!

Here are some actions you can take now to strengthen your admissions process:

Standardize practices―Examine inconsistent and/or manual practices within the revenue cycle that may cause delays in gathering documentation and, ultimately, delay billing. Policies and procedures should include items such as team members and responsibilities, pre-admission screening procedures, protocols for communicating with physicians and the admitting hospital, and procedures for capturing and storing supporting documentation. This can help capture all information needed for proper reimbursement.

Review changes to the Minimum Data Set (MDS)―The entire admissions team needs to understand the changes to the MDS so that they capture all the required resident information. There are nearly 40 new MDS items that directly influence a resident’s clinical classification and payment rates. The most significant of these?

  • I0020B―To report the ICD-10-CM primary diagnosis code representing the main reason for Skilled Nursing Facility (SNF) admission
  • J2100-J5000―New patient surgical history items that affect the PDPM physical and occupational therapy and speech-language pathology components
  • I8000―To report comorbidities that affect non-therapy ancillaries
  • O425A1-O0425C5―To capture discharge information on therapy delivery over the course of the resident's entire Part A stay, including use of group and concurrent therapy.

Educate staff―Train your staff on the new processes and tools, as these processes directly impact daily job functions. In addition, staff should have an understanding of the functions of the entire revenue cycle so they can see how their functions affect the overall reimbursement of the facility.

Review and monitor―To better prepare for PDPM, you should review your resident charts to understand what information you are currently documenting and know what additional information you will need to gather upon admission. Even though you are not yet billing under PDPM, you can start gathering and documenting that additional information. Review your facility's utilization review and triple check processes. You should have a cross-functional utilization review team that includes a physician or mid-level practitioner to ensure comprehensive reviews. Once you begin documenting, under PDPM you will need to audit MDS to be sure they are accurate and supported by medical documentation.

You will only have until Day Eight of a resident stay to capture and document all the resident's clinical characteristics that drive payment for the entire stay. It is more important than ever to have a clearly defined, well-executed plan for getting the right information to the right people as soon as possible.

Read more
You can read Part One of this series here. Part Three is coming soon.

Get ready with our PDPM Checklist!

Download our helpful PDPM checklist and see what you need to do. 

Blog
PDPM is coming: Is your admissions team ready?

Read this if you are an Institutional Research (IR) Director, a Registrar, or are in the C-Suite.

In my last blog, I defined the what and the why of data governance, and outlined the value of data governance in higher education environments. I also asserted data isn’t the problem―the real culprit is our handling of the data (or rather, our deferral of data responsibility to others).

While I remain convinced that data isn’t the problem, recent experiences in the field have confirmed the fact that data governance is problematic. So much, in fact, that I believe data governance defies a “solid,” point-in-time solution. Discouraged? Don’t be. Just recalibrate your expectations, and pursue an adaptive strategy.

This starts with developing data governance guiding principles, with three initial points to consider: 

  1. Key stakeholders should develop your institution’s guiding principles. The team should include representatives from areas such as the office of the Registrar, Human Resources, Institutional Research, and other significant producers and consumers of institutional data. 
  2. The focus of your guiding principles must be on the strategic outcomes your institution is trying to achieve, and the information needed for data-driven decision-making.
  3. Specific guiding principles will vary from institution to institution; effective data governance requires both structure and flexibility.

Here are some baseline principles your institution may want to adopt and modify to suit your particular needs.

  • Data governance entails iterative processes, attention to measures and metrics, and ongoing effort. The institution’s governance framework should be transparent, practical, and agile. This ensures that governance is seen as beneficial to data management and not an impediment.
  • Governance is an enabler. The institution’s work should help accomplish objectives and solve problems aligned with strategic priorities.
  • Work with the big picture in mind. Start from the vantage point that data is an institutional asset. Without an institutional asset mentality it’s difficult to break down the silos that make data valuable to the organization.
  • The institution should identify data trustees and stewards that will lead the data governance efforts at your institution
    • Data trustees should have responsibility over data, and have the highest level of responsibility for custodianship of data.
    • Data stewards should act on behalf of data trustees, and be accountable for managing and maintaining data.
  • Data quality needs to be baked into the governance process. The institution should build data quality into every step of capture and entry. This will increase user confidence that there is data integrity. The institution should develop working agreements for sharing and accessing data across organizational lines. The institution should strive for processes and documentation that is consistent, manageable, and effective. This helps projects run smoothly, with consistent results every time.
  • The institution should pay attention to building security into the data usage cycle. An institution’s security measures and practices need to be inherent in the day-to-day management of data, and balanced with the working agreements mentioned above. This keeps data secure and protected for the entire organization.
  •  Agreed upon rules and guidelines should be developed to support a data governance structure and decision-making. The institution should define and use pragmatic approaches and practical plans that reward sustainability and collaboration, building a successful roadmap for the future. 

Next Steps

Are you curious about additional guiding principles? Contact me. In the meantime, keep your eyes peeled for a future blog that digs deeper into the roles of data trustees and stewards.
 

Blog
Governance: It's good for your data

Proposed House bill brings state income tax standards to the digital age

On June 3, 2019, the US House of Representatives introduced H.R. 3063, also known as the Business Activity Tax Simplification Act of 2019, which seeks to modernize tax laws for the sale of personal property, and clarify physical presence standards for state income tax nexus as it applies to services and intangible goods. But before we can catch up on today, we need to go back in time—great Scott!

Fly your DeLorean back 60 years (you’ve got one, right?) and you’ll arrive at the signing of Public Law 86-272: the Interstate Income Act of 1959. Established in response to the Supreme Court’s ruling on Northwestern States Portland Cement Co. v. Minnesota, P.L. 86-272 allows a business to enter a state, or send representatives, for the purposes of soliciting orders for the sale of tangible personal property without being subject to a net income tax.

But now, in 2019, personal property is increasingly intangible—eBooks, computer software, electronic data and research, digital music, movies, and games, and the list goes on. To catch up, H.R. 3063 seeks to expand on 86-272’s protection and adds “all other forms of property, services, and other transactions” to that exemption. It also redefines business activities of independent contractors to include transactions for all forms of property, as well as events and gathering of information.

Under the proposed bill, taxpayers meet the standards for physical presence in a taxing jurisdiction, if they:

  1.  Are an individual physically located in or have employees located in a given state; 
  2. Use the services of an agent to establish or maintain a market in a given state, provided such agent does not perform the same services in the same state for any other person or taxpayer during the taxable year; or
  3. Lease or own tangible personal property or real property in a given state.

The proposed bill excludes a taxpayer from the above criteria who have presence in a state for less than 15 days, or whose presence is established in order to conduct “limited or transient business activity.”

In addition, H.R. 3063 also expands the definition of “net income tax” to include “other business activity taxes”. This would provide protection from tax in states such as Texas, Ohio and others that impose an alternate method of taxing the profits of businesses.

H.R. 3063, a measure that would only apply to state income and business activity tax, is in direct contrast to the recent overturn of Quill Corp. v. North Dakota, a sales and use tax standard. Quill required a physical presence but was overturned by the decision in South Dakota v. Wayfair, Inc. Since the Wayfair decision, dozens of states have passed legislation to impose their sales tax regime on out of state taxpayers without a physical presence in the state.

If enacted, the changes made via H.R. 3063 would apply to taxable periods beginning on or after January 1, 2020. For more information: https://www.congress.gov/bill/116th-congress/house-bill/3063/text?q=%7B%22search%22%3A%5B%22hr3063%22%5D%7D&r=1&s=2
 

Blog
Back to the future: Business activity taxes!

Focus on the people: How higher ed institutions can successfully make an ERP system change

The enterprise resource planning (ERP) system is the heart of an institution’s business, maintaining all aspects of day-to-day operations, from student registration to staff payroll. Many institutions have used the same ERP systems for decades and face challenges to meet the changing demands of staff and students. As new ERP vendors enter the marketplace with new features and functionality, institutions are considering a change. Some things to consider:

  1. Don’t just focus on the technology and make change management an afterthought. Transitioning to a new ERP system takes considerable effort, and has the potential to go horribly wrong if sponsorship, good planning, and communication channels are not in place. The new technology is the easy part of a transition—the primary challenge is often rooted in people’s natural resistance to change.  
  2. Overcoming resistance to change requires a thoughtful and intentional approach that focuses on change at the individual level. Understanding this helps leadership focus their attention and energy to best raise awareness and desire for the change.
  3. One effective tool that provides a good framework for successful change is the Prosci ADKAR® model. This framework has five distinct phases that align with ERP change:

These phases provide an approach for developing activities for change management, preparing leadership to lead and sponsor change and supporting employees through the implementation of the change.

The three essential steps to leveraging this framework:

  1. Perform a baseline assessment to establish an understanding of how ready the organization is for an ERP change
  2. Provide sponsorship, training, and communication to drive employee adoption
  3. Prepare and support activities to implement, celebrate, and sustain participation throughout the ERP transition

Following this approach with a change management framework such as the Prosci ADKAR® model can help an organization prepare, guide, and adopt ERP change more easily and successfully. 

If you’re considering a change, but need to prepare your institution for a healthy ERP transition using change management, chart yourself on this ADKAR framework—what is your organization’s change readiness? Do you have appropriate buy-in? What problems will you face?

You now know that this framework can help your changes stick, and have an idea of where you might face resistance. We’re certified Prosci ADKAR® practitioners and have experience guiding Higher Ed leaders like you through these steps. Get in touch—we’re happy to help and have the experience and training to back it up. Please contact the team with any questions you may have.

1Prosci ADKAR®from http://www.prosci.com

Blog
Perspectives of an Ex-CIO

LIBOR is leaving—is your financial institution ready to make the most of it?

In July 2017, the UK’s Financial Conduct Authority announced the phasing out of the London Interbank Offered Rate, commonly known as LIBOR, by the end of 20211. With less than two years to go, US federal regulators are urging financial institutions to start assessing their LIBOR exposure and planning their transition. Here we offer some general impacts of the phasing out, some specific actions your institution can take to prepare, and, finally, background on how we got here (see Background at right).

How will the phase-out impact financial institutions?

The Federal Reserve estimates roughly $200 trillion in LIBOR-indexed notional value transactions in the cash and derivatives market2. LIBOR is used to help price a variety of financial services products,  including $3.4 trillion in business loans and $1.3 trillion in consumer loans, as well as derivatives, swaps, and other credit instruments. Even excluding loans and financial instruments set to mature before 2021—estimated by the FDIC at 82% of the above $200 trillion—LIBOR exposure is still significant3.

A financial institution’s ability to lend money is largely dependent on the relative stability of its capital position, or lack thereof. For institutions with a significant amount of LIBOR-indexed assets and liabilities, that means less certainty in expected future cash flows and a less stable capital position, which could prompt institutions to deny loans they might otherwise have approved. A change in expected cash flows could also have several indirect consequences. Criticized assets, assessed for impairment based on their expected future cash flows, could require a specific reserve due to lower present value of expected future cash flows.

The importance of fallback language in loan agreements

Fallback language in loan agreements plays a pivotal role in financial institutions’ ability to manage their LIBOR-related financial results. Most loan agreements include language that provides guidance for determining an alternate reference rate to “fall back” on in the event the loan’s original reference rate is discontinued. However, if this language is non-existent, contains fallbacks that are no longer adequate, or lacks certain key provisions, it can create unexpected issues when it comes time for financial institutions to reprice their LIBOR loans. Here are some examples:

  • Non-existent or inadequate fallbacks
    According to the Alternative Reference Rates Committee, a group of private-market participants convened by the Federal Reserve to help ensure a successful LIBOR transition, "Most contracts referencing LIBOR do not appear to have envisioned a permanent or indefinite cessation of LIBOR and have fallbacks that would not be economically appropriate"4.

    For instance, industry regulators have warned that without updated fallback language, the discontinuation of LIBOR could prompt some variable-rate loans to become fixed-rate2, causing unanticipated changes in interest rate risk for financial institutions. In a declining rate environment, this may prove beneficial as loans at variable rates become fixed. But in a rising rate environment, the resulting shrink in net interest margins would have a direct and adverse impact on the bottom line.

  • No spread adjustment
    Once LIBOR is discontinued, LIBOR-indexed loans will need to be repriced at a new reference rate, which could be well above or below LIBOR. If loan agreements don’t provide for an adjustment of the spread between LIBOR and the new rate, that could prompt unexpected changes in the financial position of both borrowers and lenders3. Take, for instance, a loan made at the Secured Overnight Financing Rate (SOFR), generally considered the likely replacement for USD LIBOR. Since SOFR tends to be lower than three-month LIBOR, a loan agreement using it that does not allow for a spread adjustment would generate lower loan payments for the borrower, which means less interest income for the lender.

    Not allowing for a spread adjustment on reference rates lower than LIBOR could also cause a change in expected prepayments—say, for instance, if borrowers with fixed-rate loans decide to refinance at adjustable rates—which would impact post-CECL allowance calculations like the weighted-average remaining maturity (WARM) method, which uses estimated prepayments as an input.

What can your financial institution do to prepare?

The Federal Reserve and the SEC have urged financial institutions to immediately evaluate their LIBOR exposure and expedite their transition. Though the FDIC has expressed no intent to examine financial institutions for the status of LIBOR planning or critique loans based on use of LIBOR3, Federal Reserve supervisory teams have been including LIBOR transitions in their regular monitoring of large financial institutions5. The SEC has also encouraged companies to provide investors with robust disclosures regarding their LIBOR transition, which may include a notional value of LIBOR exposure2.

Financial institutions should start by analyzing their LIBOR exposure beyond 2021. If you don’t expect significant exposure, further analysis may be unnecessary. However, if you do expect significant future LIBOR exposure, your institution should conduct stress testing using LIBOR as an isolated variable by running hypothetical transition scenarios and assessing the potential financial impact.

Closely examine and assess fallback language in loan agreements. For existing loan agreements, you may need to make amendments, which could require consent from counterparties2. For new loan agreements maturing beyond 2021, lenders should consider selecting an alternate reference rate. New contract language for financial instruments and residential mortgages is currently being drafted by the International Securities Dealers Association and the Federal Housing Finance Authority, respectively3—both of which may prove helpful in updating loan agreements.

Lenders should also consider their underwriting policies. Loan underwriters will need to adjust the spread on new loans to accurately reflect the price of risk, because volatility and market tendencies of alternate loan reference rates may not mirror LIBOR’s. What’s more, SOFR lacks abundant historical data for use in analyzing volatility and market tendencies, making accurate loan pricing more difficult.

Conclusion: Start assessing your LIBOR risk soon

The cessation of LIBOR brings challenges and opportunities that will require in-depth analysis and making difficult decisions. Financial institutions and consumers should heed the advice of regulators and start assessing their LIBOR risk now. Those that do will not only be better prepared―but also better positioned―to capitalize on the opportunities it presents.

Need help assessing your LIBOR risk and preparing to transition? Contact BerryDunn’s financial services specialists.

1 https://www.washingtonpost.com/business/2017/07/27/acdd411c-72bc-11e7-8c17-533c52b2f014_story.html?utm_term=.856137e72385
2 Thomson Reuters Checkpoint Newsstand April 10, 2019
3 https://www.fdic.gov/regulations/examinations/supervisory/insights/siwin18/si-winter-2018.pdf
4 https://bankingjournal.aba.com/2019/04/libor-transition-panel-recommends-fallback-language-for-key-instruments/
5 https://www.reuters.com/article/us-usa-fed-libor/fed-urges-u-s-financial-industry-to-accelerate-libor-transition-idUSKCN1RM25T

Blog
When one loan rate closes, another opens

“The world is one big data problem,” says MIT scientist and visionary Andrew McAfee.

That’s a daunting (though hardly surprising) quote for many in data-rich sectors, including higher education. Yet blaming data is like blaming air for a malfunctioning wind turbine. Data is a valuable asset that can make your institution move.

To many of us, however, data remains a four-letter word. The real culprit behind the perceived data problem is our handling and perception of data and the role it can play in our success—that is, the relegating of data to a select, responsible few, who are usually separated into hardened silos. For example, a common assumption in higher education is that the IT team can handle it. Not so. Data needs to be viewed as an institutional asset, consumed by many and used by the institution for the strategic purposes of student success, scholarship, and more.

The first step in addressing your “big” data problem? Data governance.

What is data governance?

There are various definitions, but the one we use with our clients is “the ongoing and evolutionary process driven by leaders to establish principles, policies, business rules, and metrics for data sharing.”

Please note that the phrase “IT” does not appear anywhere in this definition.

Why is data governance necessary? For many reasons, including:

  1. Data governance enables analytics. Without data governance, it’s difficult to gain value from analytics initiatives which will produce inconsistent results. A critical first step in any data analytics initiative is to make sure that definitions are widely accepted and standards have been established. This step allows decision makers to have confidence in the data being analyzed to describe, predict, and improve operations.
     
  2. Data governance strengthens privacy, security, and compliance. Compliance requirements for both public and private institutions constantly evolve. The more data-reliant your world becomes, the more protected your data needs to be. If an organization does not implement security practices as part of its data governance framework, it becomes easier to fall out of compliance. 
     
  3. Data governance supports agility. How many times have reports for basic information (part-time faculty or student FTEs per semester, for example) been requested, reviewed, and returned for further clarification or correction? And that’s just within your department! Now add multiple requests from the perspective of different departments, and you’re surely going through multiple iterations to create that report. That takes time and effort. By strengthening your data governance framework, you can streamline reporting processes by increasing the level of trust you have in the information you are seeking. Understanding the value of data governance is the easy part/ The real trick is implementing a sustainable data governance framework that recognizes that data is an institutional asset and not just a four-letter word.

Stay tuned for part two of this blog series: The how of data governance in higher education. In the meantime, reach out to me if you would like to discuss additional data governance benefits for your institution.

Blog
Data is a four-letter word. Governance is not.

Not-for-profit board members need to wear many hats for the organization they serve. Every board member begins their term with a different set of skills, often chosen specifically for those unique abilities. As board members, we often assist the organization in raising money and as such, it is important for all members of the board to be fluent in the language of fundraising. Here are some basic definitions you need to know, and the differences between them.

Gifts with donor restriction

While many organizations can use all donations for their operating costs, many donors prefer to specify how―or when―they can use the donation. Gift restrictions come in several forms:

1.    Purpose-restricted gifts are, as their name implies, for a specific use. These can be in response to a request from your organization for that specific purpose or the donor can indicate its purpose when they make the gift. Consider how you solicit gifts from donors to be sure you don’t inadvertently apply restrictions. Not all gifts need to (or even should) be accepted by an organization, so take care in considering if specific restrictions are in line with your mission. 

2.    Time-restricted gifts can come with or without a restricted purpose. You can treat gifts for future periods as revenue today, though the funds would be considered restricted for use until the time restrictions have lapsed. These are often in the form of pledges of gifts for the future, but can also be actual donations provided today for use in coming years.

3.    Some donors prefer the earnings of their gift be available for use, while their actual donation be held in perpetuity. These are often in the form of endowments and specific restrictions may or may not be placed by the donor on the endowment’s earnings. Laws can differ from state-to-state for the treatment of those earnings, but your investment policy should govern the spending from these earnings.

The bottom line? Restricted-purpose gifts must be used for that restricted purpose.

Gifts without restriction are always welcome by organizations. The board has the ability to direct the spending of these gifts, and may designate funds for a future purpose, but unlike gifts with donor restrictions, the board does have the discretion to change their own designations.

Whether raising money or reviewing financial information, understanding fundraising language is key for board members to make the most out of donations. See A CPA’s guide to starting a capital campaign and Accounting 101 for development directors blogs for more information. Have questions or want to learn more? Please contact Emily Parker or Sarah Belliveau.

Blog
The language of fundraising: A primer for NFP board members

On October 1, 2019, the Medicare Skilled Nursing Facility (SNF) payment system will transition from RUGS-IV to the Patient Driven Payment Model. This payment model is a major change from the way SNFs are currently reimbursed. Under PDPM, International Classification of Disease, Tenth Edition (ICD-10) diagnosis codes and other patient clinical characteristics, such as the patient’s activities of daily living (ADL) and recent surgeries, will be used as the basis for patient classification and reimbursement.

Resident days up to September 30 will be paid under RUGS–IV and resident days from October 1 forward will be paid under PDPM. This includes patients admitted prior to September 30. There will be no transition period. The change to PDPM represents the most significant change to Medicare A SNF PPS reimbursement since its implementation in 1998. To ensure a smooth transition, prevent denials, and avoid resulting cash flow disruptions, your revenue cycle team needs to be prepared for PDPM. This article outlines steps your facility can take to prepare for PDPM.

Know your current revenue cycle performance

In order to know how you are performing under PDPM, you need to know your current revenue cycle performance. Are there current processes delaying the completion of the Minimum Data Set (MDS)? What is your current case mix? How long does it take the facility to close the month and generate bills? If you have inefficiencies in your workflow and processes, now is the time to fix them. Are there open lines of communication between financial and clinical operations? Financial and clinical must work together to make PDPM work for the facility’s long-term sustainability.

Facilities should be benchmarking their key revenue cycle indicators including, but not limited to, accounts receivable aging comparisons, days in accounts receivables, and collections as a percentage of revenues. Benchmarking can help a facility detect issues early on and resolve them before they become a bigger problem.

Providers will need to communicate with IT providers to be sure they configure electronic health record systems and financial systems for compliance with PDPM. MDS software must be robust enough to help MDS coordinators manage the new process or else facility reimbursement will be affected.

Understand how ICD-10 coding impacts reimbursement under PDPM

Do you know how diagnoses are currently captured on your facility’s MDS? Most facilities are not tracking or monitoring ICD-10 diagnosis codes, as the majority of diagnoses don’t impact quality measures or reimbursement. The implementation of PDPM will require the use of ICD-10 diagnosis codes, which are more detailed and call for accurate documentation. For SNF providers, this means the old ways of documenting resident assessments on the MDS won’t work under the new model.

One of the most important changes under PDPM is that ICD-10 diagnoses will be the key drivers for reimbursement. ICD-10 diagnosis codes will be used to place a resident into one of 10 PDPM clinical categories, that will determine the payment components for physical therapy (PT), occupational therapy (OT), speech (SLP), and skilled nursing services, as well as non-therapy ancillaries (NTA).

How can your facility prepare for ICD-10 diagnosis coding?

  • Determine the diagnoses codes your facility uses most frequently.
  • Compare the codes you most frequently use to the CMS PDPM Clinical Category Mapping
  • If codes map to “Return to Provider” you need to review the patient record to find a more specific primary diagnosis
  • Make sure you capture the resident’s comorbidities on I8000 to ensure appropriate payment for Non-Therapy Ancillaries (NTA).
  • Aftercare codes will be the primary diagnosis if that is the primary reason for the admission.

Preparing for ICD-10 coding requires a coordinated care team. Communicate with anyone who contributes to the diagnosis documentation, including the physician, medical director, PT/OT/SLP, and other specialty care professionals such as wound specialists or dietitians to understand why the resident is there. Identifying the reason the resident is there and assigning the correct diagnosis code will help a facility to be successful with PDPM.

Review the changes being made to the Minimum Data Set (MDS)

In early January, CMS issued a draft version of the MDS 3.0. The draft indicates that there are more than 80 items will be added, deleted, or changed for PDPM implementation. There are 40 new items that will impact reimbursement rates. These changes fall into three categories:

  1. Streamlined assessment policies 
  2. New PDPM assessment item sets
  3.  Additions to MDS items

The MDS assessments will be more streamlined under PDPM. There are only two required assessments: the five-day assessment and the discharge assessment. The five-day assessment must be completed between days one and eight and will be effective for the entire length of stay unless an optional assessment is performed. The 14-day, 30-day, 60-day and 90-day assessments have been discontinued. The discharge assessment will not impact reimbursement―however, this is where therapy will be reported. Facilities also have the option to perform an interim payment assessment if the patient’s clinical characteristics change. This assessment must be completed within 14 days of the change in characteristics and can affect reimbursement.

The MDS has two new item sets: 1) Interim Payment Assessment (IPA), used for optional assessment if a patient’s characteristics change; and 2) Optional State Assessment (OSA), which will be used by states where RUGS-IV is the basis for Medicaid payments. The IPA should only be used if a patient’s clinical characteristics are not expected to change in the short term.

Significant changes to MDS items are in the following sections:

  1. Section I: SNF Primary Diagnosis – Item I0020B will allow providers to report, using an ICD-10 diagnosis code, the patient's primary SNF diagnosis. This item will ask, “What is the primary reason the patient is being admitted into the SNF?”
  2. Section J: Patient Surgical History – To capture information that may be relevant to classifying a resident in a PDPM clinical category, J1000 – J5000 identifies major surgeries from the most recent hospital stay.
  3. Section O: Discharge Therapy Items – Items 0425A1-O0425C5 will be added to Section O to document therapy delivery information. Therapy delivery will only be reported on the discharge MDS and must include information by each discipline, mode of therapy, and minutes received by the patient. Group and concurrent therapy cannot exceed 25% of total therapy.
  4. Section GG: Interim Performance – This section is the basis for the resident’s functional analysis. Section GG is more standardized and has more comprehensive measures of functional status. Providers need to be sure to complete Section GG in its entirety as missing responses will receive zero points for the functional score calculation. Section GG is taking on an increased importance under PDPM, as CMS’s goal for this section is to standardize assessment items across payment settings.

Over the years, the MDS has primarily been utilized as an assessment tool to drive the plan of care with little impact to reimbursement. With implementation of PDPM, and the shift from therapy-driven reimbursement to clinical characteristics as the basis for reimbursement, the MDS will be vital to obtaining proper reimbursement. You may need to revise the systems you currently have in place to make sure that the information critical to reimbursement is recorded accurately on the five-day assessment. Missing an item on the five-day MDS will impact reimbursement for the entire resident stay.

Skilled Nursing Facilities will need internal processes, workflows, and staff training in place well before October 1, 2019, in order to be successful under PDPM. Preparation for PDPM is key and it will take teamwork from the entire facility. Focusing on each of the areas outlined above—even if it is just to confirm that you’ve addressed the issue—will put you in good shape to meet the looming deadline. Without a doubt, there will be things that arise at the last minute or processes that don’t work as planned. Don’t panic. We can help you address issues and problems or work with you to create a new workflow process. Just give us a call.

Get ready with our PDPM Checklist!

Download our helpful PDPM checklist and see what you need to do. 

Blog
Is your revenue cycle team ready for Medicare's Patient Driven Payment Model?

Of all the changes that came with the sweeping Tax Cuts and Jobs Act (TCJA) in late 2017, none has prompted as big a response from our clients as the changes TCJA makes to the qualified parking deduction. Then, last month, the IRS issued its long-waited guidance on this code section in the form of Notice 2018-99

We've taken a look at both the the original provisions, and the new guidance, and have collected the salient points and things we think you need to consider this tax season. For not-for-profit organizations, visit my article here. And for-profit companies can read here.  

Blog
IRS guidance on qualified parking: Our take

In auditing, the concept of professional skepticism is ubiquitous. Just as a Jedi in Star Wars is constantly trying to hone his understanding of the “force”, an auditor is constantly crafting his or her ability to apply professional skepticism. It is professional skepticism that provides the foundation for decision-making when conducting an attestation engagement.

A brief definition

The professional standards define professional skepticism as “an attitude that includes a questioning mind, being alert to conditions that may indicate possible misstatement due to fraud or error, and a critical assessment of audit evidence.” Given this definition, one quickly realizes that professional skepticism can’t be easily measured. Nor is it something that is cultivated overnight. It is a skill developed over time and a skill that auditors should constantly build and refine.

Recently, the extent to which professional skepticism is being employed has gained a lot of criticism. Specifically, regulatory bodies argue that auditors are not skeptical enough in carrying out their duties. However, as noted in the white paper titled Scepticism: The Practitioners’ Take, published by the Institute of Chartered Accountants in England and Wales, simply asking for more skepticism is not a practical solution to this issue, nor is it necessarily always desirable. There is an inevitable tug of war between professional skepticism and audit efficiency. The more skeptical the auditor, typically, the more time it takes to complete the audit.

Why does it matter? Audit quality.

First and foremost, how your auditor applies professional skepticism to your audit directly impacts the quality of their service. Applying an appropriate level of professional skepticism enhances the likelihood the auditor will understand your industry, lines of business, business processes, and any nuances that make your company different from others, as it naturally causes the auditor to ask questions that may otherwise go unasked.

These questions not only help the auditor appropriately apply professional standards, but also help the auditor gain a deeper understanding of your business. This will enable the auditor to provide insights and value-added services an auditor who doesn’t apply the right degree of skepticism may never identify.

Therefore, as the white paper notes, audit committees, management, and investors should be asking “How hard do our auditors get pushed on fees, and what effect does that have on the quality of the audit?” If your auditor is overly concerned with completing the audit within a fixed time budget, professional skepticism and, ultimately, the quality of the audit, may suffer.

Applying skepticism internally

By its definition, professional skepticism is a concept that specifically applies to auditors, and is not on point when it comes to other audit stakeholders. This is because the definition implies that the individual applying professional skepticism is independent from the information he or she is analyzing. Other audit stakeholders, such as members of management or the board of directors, are naturally advocates for the organizations they manage and direct and therefore can’t be considered independent, whereas an auditor is required to remain independent.

However, rather than audit stakeholders applying professional skepticism as such, these other stakeholders should apply an impartial and diligent mindset to their work and the information they review. This allows the audit stakeholder to remain an advocate for his or her organization, while applying critical skills similar to those applied in the exercise of professional skepticism. This nuanced distinction is necessary to maintain the limited scope to which the definition of professional skepticism applies: the auditor.

Specific to the financial statement reporting function, these stakeholders should be assessing the financial statements and ask questions that can help prevent or detect flaws in the financial reporting process. For example, when considering significant estimates, management should ask: are we considering all relevant information? Are our estimates unbiased? Are there alternative accounting treatments we haven’t considered? Can we justify our selected accounting treatment? Essentially, management should start by asking itself: what questions would we expect our auditor to ask us?

It is also important to be critical of your own work, and never become complacent. This may be the most difficult type of skepticism to apply, as most of us do not like to have our work criticized. However, critically reviewing one’s own work, essentially as an informal first level of review, will allow you to take a step back and consider it from a different vantage point, which may in turn help detect errors otherwise left unnoticed. Essentially, you should both consider evidence that supports the initial conclusion and evidence that may be contradictory to that conclusion.

The discussion in auditing circles about professional skepticism and how to appropriately apply it continues. It is a challenging notion that’s difficult to adequately articulate. Although it receives a lot of attention in the audit profession, it is a concept that, slightly altered, can be of value to other audit stakeholders. Doing so will help you create a stronger relationship with your auditor and, ultimately, improve the quality of the financial reporting process—and resulting outcome.

Blog
Professional skepticism and why it matters to audit stakeholders

As a new year is upon us, many people think about “out with the old and in with the new”. For those of us who think about technology, and in particular, blockchain technology, the new year brings with it the realization that blockchain is here to stay (at least in some form). Therefore, higher education leaders need to familiarize themselves with some of the technology’s possible uses, even if they don’t need to grasp the day-to-day operational requirements. Here’s a high-level perspective of blockchain to help you answer some basic questions.

Are blockchain and bitcoin interchangeable terms?

No they aren’t. Bitcoin is an electronic currency that uses blockchain technology, (first developed circa 2008 to record bitcoin transactions). Since 2008, many companies and organizations utilize blockchain technology for a multitude of purposes.

What is a blockchain?

In its simplest terms, a blockchain is a decentralized, digital list (“chain”) of timestamped records (“blocks”) that are connected, secured by cryptography, and updated by participant consensus.

What is cryptography?

Cryptography refers to converting unencrypted information into encrypted information—and vice versa—to both protect data and authenticate users.

What are the pros of using blockchain?

Because blockchain technology is inherently decentralized, you can reduce the need for “middleman” entities (e.g., financial institutions or student clearinghouses). This, in turn, can lower transactional costs and other expenses, and cybersecurity risks—as hackers often like to target large, info-rich, centralized databases.

Decentralization removes central points of failure. In addition, blockchain transactions are generally more secure than other types of transactions, irreversible, and verifiable by the participants. These transaction qualities help prevent fraud, malware attacks, and other risks and issues prevalent today.

What are the cons of using blockchain technology?

Each blockchain transaction requires signature verification and processing, which can be resource-intensive. Furthermore, blockchain technology currently faces strong opposition from certain financial institutions for a variety of reasons. Finally, although blockchains offer a secure platform, they are not impervious to cyberattacks. Blockchain does not guarantee a hacker-proof environment.

How can blockchain benefit higher education institutions?

Blockchain technology can provide higher education institutions with a more secure way of making and recording financial transactions. You can use blockchains to verify and transfer academic credits and certifications, protect student personal identifiable information (PII) while simultaneously allowing students to access and transport their PII, decentralize academic content, and customize learning experiences. At its core, blockchain provides a fresh alternative to traditional methods of identity verification, an ongoing challenge for higher education administration.

As blockchain becomes less of a buzzword and begins to expand beyond the realm of digital currency, colleges and universities need to consider it for common challenges such as identity management, application processing, and student credentialing. If you’d like to discuss the potential benefits blockchain technology provides, please contact me.

Blog
Higher education and blockchain 101: It's not just for bitcoin anymore

Effective October 1, 2019, Skilled Nursing Facilities (SNF)s will be reimbursed under a new payment system.

The existing case mix classification group, Resource Utilization Group IV (RUG- IV) will be replaced with a new case mix model, the Patient Driven Payment Model (PDPM). CMS has indicated factors leading to the change in the payment system include over utilization of therapy and incentives for longer lengths of stay.

Background and overview
PDPM is one of the initiatives resulting from the Improving Medicare Post-Acute Care Transformation Act of 2014 (the IMPACT Act). The IMPACT Act requires standardized patient assessment data across post-acute care (PAC) settings to enable:

  • Comparisons of quality and information exchange across post-acute settings
  • Improvement of Medicare beneficiary outcomes through shared-decision making, care coordination, and enhanced discharge planning
  • Non-therapy ancillaries (NTA) payment is determined by a base rate and separate CMI. NTA is a variable payment, paid at 300% for the first three days, and then reduced to 100% after day four.
  • Payments based on patient characteristics

PDPM will be a significant shift in how SNFs are paid, and facilities need to start preparing for the change. PDPM:

  • Removes therapy minutes as a determinant of payment and creates a new model where payment is linked to differences in clinical characteristics
  • Creates a separate payment component for non-therapy ancillaries (NTA), using resident characteristics to predict utilization of these services
  • Focuses on clinically relevant factors and ICD-10 diagnosis codes to determine payment

Value Base Purchasing (VBP), SNF Quality Reporting Program and PDPM are all initiatives advancing the IMPACT act and moving payment from fee for service to value. SNFs have been reporting quality measures since May 2017, and are subject to a 2% (VBP) payment adjustment if they don’t submit the quality measures.

In October of 2018, SNFs began receiving a payment adjustment based on hospital readmissions under the SNF Quality Reporting Program. The implementation of PDPM will be one more step towards moving reimbursement for care from volume to value.

PDPM shifts payment to residents with complex clinical needs, and targets the resources towards beneficiaries with diverse care needs. Its goal is to aim care at the more medically complex patients. There are six components in the daily rate:

  • Physical therapy
  • Occupational therapy
  • Speech therapy
  • Nursing
  • Non-therapy ancillary services
  • Non-case mix

The components are all taken from the five-day minimum data set (MDS), and assigned a daily rate based on that components case mix index (CMI). Therapy is broken out into the three disciplines (physical, speech and occupational), with each having its own base rate and case mix index:

  • Therapy payment is a variable payment paid at 100% for the first 20 days, and then reduced by 2% every seven days. 
  • Nursing services payment is a base rate with a separate case mix, with no variable payment.
  • Non-therapy ancillaries (NTA) payment is determined by a base rate and separate CMI. NTA is a variable payment, paid at 300% for the first three days, and then reduced to 100% after day four.

Under PDPM, payment is based on each aspect of the resident’s care. Payment is still a per diem payment—however, it is adjusted to reflect varying costs throughout the resident’s stay.

The admissions process is going to be critical to ensure appropriate payment. Accurate coding of patient conditions must occur at the time of admission, and while the information coming from the hospital will be helpful, facilities cannot rely on hospital information when coding the MDS. Diagnosis and accurate coding are critical to assigning the appropriate case mix group to make certain there is adequate payment for the stay.

Patients over Paperwork
PDPM emphasizes patients over paperwork, as it eliminates the current (MDS) schedule. The new model only requires an assessment at five days and a final discharge assessment.

Facilities can perform an optional interim payment assessment within 14 days of a change in the resident’s characteristics. An interim payment assessment will not reset the NTA and therapy payments to day one. CMS is still working on guidance as to how you will need to report this.

If a patient leaves the facility and is away from the facility for less than three days, then the stay is considered the same admission. If the resident is away for more than three days, the admission is considered a new admission, and the NTAs and therapy payments are returned to day one payment.

The MDS has been an important tool in driving resident care over that last 30 years, and is relied upon for reimbursement and quality data. With the implementation of PDPM, the MDS will become even more important to reimbursement. As payment shifts from therapy focus to clinical characteristics focus, there will need to be more detailed documentation to support the medical condition. Under RUGs, there are approximately 20 items on the MDS which impact reimbursement?under PDPM, there will be approximately 160 items which impact reimbursement.

The implementation of PDPM will increase the importance of the role of the MDS coordinator. Facilities need to invest in a strong MDS coordinator to ensure appropriate assessment and documentation that support medical conditions—which drive payment.

While therapy minutes will no longer drive payment under PDPM, you still have to monitor them. Therapy will be reported on the final discharge MDS, separately by discipline. MDS will report therapy minutes by one-to-one sessions, concurrent, and group therapy. Total therapy delivered concurrently and/or in group sessions cannot be more than 25% of total therapy time.

Given the depth and breadth of the changes to the payment system, facilities need to begin preparing for the change now. What can you do in preparation for PDPM?

Educate yourself so you can plan for the transition to PDPM:

  • Know what is driving your current payments
  • Assess the skills of your staff and know your gaps
  • Attend education sessions
  • Train or retrain MDS nurse and billers on ICD-10 and the MDS
  • If you don’t already have care teams, form care teams
  • Determine who with in the facility should be on care teams

Align resources to be sure you are ready to bill on October 1, 2019:

  • Determine your hiring and training needs
  • Look at therapy contracts, how do they align with new payment model
  • Talk to software vendors to be sure they will be ready for the new MDS and ICD-10

For more information or assistance with PDPM contact Lisa Trundy-Whitten.

Blog
New Patient Driven Payment Model from CMS―What to expect and what to do

Good fundraising and good accounting do not always seamlessly align. While they all feed the same mission, fundraisers work to meet revenue goals while accountants focus on recording transactions in compliance with accounting standards. We often see development department totals reported to boards that are not in line with annual financial statements, causing confusion and concern. To bridge this information gap, here are five accounting concepts every not-for-profit fundraiser should know:

1.

GAAP Accounting: Generally Accepted Accounting Principles (GAAP) refers to a common set of accounting standards and procedures. There are as many ways for a donor to structure a gift as there are donors?GAAP provides a common foundation for when and how you should record these gifts.

2.

Pledges: Under GAAP, if there is a true, unconditional “promise to give,” you should record the total pledge as revenue in the current year (with a little present value discounting thrown in the mix for payments expected in future periods). A conditional pledge relies on a specific event happening in the future (think matching gift) and is not considered revenue until that condition is met. (See more on pledges and matching gifts here.) 

3.

Intentions: We sometimes see donors indicating they “intend” to donate a certain amount in the future. An intention on its own is not considered a true unconditional promise under GAAP, and isn’t recorded as revenue. This has a big impact with planned giving as we often see bequests recorded as revenue by the development department in the year the organization is named in the will of the donor—while the accounting guidance specifically identifies bequests as intentions to give that would generally not be recorded by the finance team until the will has been declared valid by the probate court.

4.

Restrictions: Donors often impose restrictions on some contributions, limiting the use of that gift to a specific time, program, or purpose. Usually, a gift like this arrives with some explicit communication from donors, noting how they want to apply the gift. A gift can also be considered restricted to a specific project if it is made in direct response to a solicitation for that project. The donor restriction does not generally determine when to record the gift but how to record it, as these contributions are tracked separately.

5. Gifts vs. Exchange: New accounting guidance has been released that provides more clarity on when a gift or grant is truly a contribution and when it might be an exchange transaction. Contact us if you have any questions.


Understanding the differences in how the development department and finance department track these gifts will allow for better reporting to the board throughout the year—and fewer surprises when you present financial statements at the end of the year. Stay tuned for parts two and three of our contribution series. Have questions? Please contact Emily Parker of Sarah Belliveau.

 

Blog
Accounting 101 for development directors: Five things to know

As 2018 is about to come to a close, organizations with fiscal year ends after December 15, 2018, are poised to start implementing the new not-for-profit reporting standard. Here are three areas to address before the close of the fiscal year to set your organization up for a smooth and successful transition, and keep in compliance:

  1. Update and approve policies—organizations need to both change certain disclosures and add new ones. The policies in place at the end of the year will be pivotal in creating the framework within which to draft these new disclosures (for example, treatment of board designations, underwater endowments, and liquidity).
  2. Functional expense reporting—if you have not historically reported expenses by natural and functional classification, develop the methodology for cost allocation. If you already have a framework in place, revisit it to determine if this still fits your organization. Finally, determine where you will present this information in the financial statements.
  3. Internal investment costs—be sure you have a methodology to segregate the organization’s internal investment costs such as internal staff time (remember, this is the cost to generate the income, not account for it) and consider the overall disclosure.

While the implementation of the new reporting standard will not be without cost (both internal costs and audit costs), if your organization considers this an opportunity to better tell your story, the end result will be a much more useful financial narrative. Don’t forget to include the BerryDunn implementation whitepaper in your implementation strategy.

We at BerryDunn are helping organizations gain momentum with a personal touch, through our not-for-profit reporting checkup. This checkup includes initial recast of the prior financial statements to the new format, a personalized review of the checklist to identify opportunities for success, and consideration of the footnotes to be updated. Contact me and find out how you can join the list of organizations getting ahead of the new standard.

Blog
Three steps to ace the new not-for-profit reporting standard

IRS Notice 2018-67 Hits the Charts
Last week, in addition to The Eagles Greatest Hits (1971-1975) album becoming the highest selling album of all time, overtaking Michael Jackson’s Thriller, the IRS issued Notice 2018-67its first formal guidance on Internal Revenue Code Section 512(a)(6), one of two major code sections added by the Tax Cuts and Jobs Act of 2017 that directly impacts tax-exempt organizations. Will it too, be a big hit? It remains to be seen.

Section 512(a)(6) specifically deals with the reporting requirements for not-for-profit organizations carrying on multiple unrelated business income (UBI) activities. Here, we will summarize the notice and help you to gain an understanding of the IRS’s thoughts and anticipated approaches to implementing §512(a)(6).

While there have been some (not so quiet) grumblings from the not-for-profit sector about guidance on Code Section 512(a)(7) (aka the parking lot tax), unfortunately we still have not seen anything yet. With Notice 2018-67’s release last week, we’re optimistic that guidance may be on the way and will let you know as soon as we see anything from the IRS.

Before we dive in, it’s important to note last week’s notice is just that—a notice, not a Revenue Procedure or some other substantive legislation. While the notice can, and should be relied upon until we receive further guidance, everything in the notice is open to public comment and/or subject to change. With that, here are some highlights:

No More Netting
512(a)(6) requires the organization to calculate unrelated business taxable income (UBTI), including for purposes of determining any net operating loss (NOL) deduction, separately with respect to each such trade or business. The notice requires this separate reporting (or silo-ing) of activities in order to determine activities with net income from those with net losses.

Under the old rules, if an organization had two UBI activities in a given year, (e.g., one with $1,000 of net income and another with $1,000 net loss, you could simply net the two together on Form 990-T and report $0 UBTI for the year. That is no longer the case. From now on, you can effectively ignore activities with a current year loss, prompting the organization to report $1,000 as taxable UBI, and pay associated federal and state income taxes, while the activity with the $1,000 loss will get “hung-up” as an NOL specific to that activity and carried forward until said activity generates a net income.

Separate Trade or Business
So, how does one distinguish (or silo) a separate trade or business from another? The Treasury Department and IRS intend to propose some regulations in the near future, but for now recommend that organizations use a “reasonable good-faith interpretation”, which for now includes using the North American Industry Classification System (NAICS) in order to determine different UBI activities.

For those not familiar, the NAICS categorizes different lines of business with a six-digit code. For example, the NAICS code for renting* out a residential building or dwelling is 531110, while the code for operating a potato farm is 111211. While distinguishing residential rental activities from potato farming activities might be rather straight forward, the waters become muddier if an organization rents both a residential property and a nonresidential property (NAICS code 531120). Does this mean the organization has two separate UBI rental activities, or can both be grouped together as rental activities? The notice does not provide anything definitive, but rather is requesting public comments?we expect to see something more concrete once the public comment period is over.

*In the above example, we’re assuming the rental properties are debt-financed, prompting a portion of the rental activity to be treated as UBI.

UBI from Partnership Investments (Schedule K-1)
Notice 2018-67 does address how to categorize/group unrelated business income for organizations that receive more than one partnership K-1 with UBI reported. In short, if the Schedule K-1s the organization receives can meet either of the tests below, the organization may treat the partnership investments as a single activity/silo for UBI reporting purposes. The notice offers the following:

De Minimis Test
You can aggregate UBI from multiple K-1s together as long as the exempt organization holds directly no more than 2% of the profits interest and no more that 2% of the capital interest. These percentages can be found on the face of the Schedule K-1 from the Partnership and the notice states those percentages as shown can be used for this determination. Additionally, the notice allows organizations to use an average of beginning of year and end of year percentages for this determination.

Ex: If an organization receives a K-1 with UBI reported, and the beginning of year profit & capital percentages are 3%, and the end of year percentages are 1%, the average for the year is 2% (3% + 1% = 4%/2 = 2%). In this example, the K-1 meets the de minimis test.

There is a bit of a caveat here—when determining an exempt organization's partnership interest, the interest of a disqualified person (i.e. officers, directors, trustees, substantial contributors, and family members of any of those listed here), a supporting organization, or a controlled entity in the same partnership will be taken into account. Organizations need to review all K-1s received and inquire with the appropriate person(s) to determine if they meet the terms of the de minimis test.

Control Test
If an organization is not able to pass the de minimis test, you may instead use the control test. An organization meets the requirements of the control test if the exempt organization (i) directly holds no more than 20 percent of the capital interest; and (ii) does not have control or influence over the partnership.

When determining control or influence over the partnership, you need to apply all relevant facts and circumstances. The notice states:

“An exempt organization has control or influence if the exempt organization may require the partnership to perform, or may prevent the partnership from performing, any act that significantly affects the operations of the partnership. An exempt organization also has control or influence over a partnership if any of the exempt organization's officers, directors, trustees, or employees have rights to participate in the management of the partnership or conduct the partnership's business at any time, or if the exempt organization has the power to appoint or remove any of the partnership's officers, directors, trustees, or employees.”

As noted above, we recommend your organization review any K-1s you currently receive. It’s important to take a look at Line I1 and make sure your organization is listed here as “Exempt Organization”. All too often we see not-for-profit organizations listed as “Corporations”, which while usually technically correct, this designation is really for a for-profit corporation and could result in the organization not receiving the necessary information in order to determine what portion, if any, of income/loss is attributable to UBI.

Net Operating Losses
The notice also provides some guidance regarding the use of NOLs. The good news is that any pre-2018 NOLs are grandfathered under the old rules and can be used to offset total UBTI on Form 990-T.

Conversely, any NOLs generated post-2018 are going to be considered silo-specific, with the intent being that the NOL will only be applicable to the activity which gave rise to the loss. There is also a limitation on post-2018 NOLs, allowing you to use only 80% of the NOL for a given activity. Said another way, an activity that has net UBTI in a given year, even with post-2017 NOLs, will still potentially have an associated tax liability for the year.

Obviously, Notice 2018-67 provides a good baseline for general information, but the details will be forthcoming, and we will know then if they have a hit. Hopefully the IRS will not Take It To The Limit in terms of issuing formal guidance in regards to 512(a)(6) & (7). Until they receive further IRS guidance,  folks in the not-for-profit sector will not be able to Take It Easy or have any semblance of a Peaceful Easy Feeling. Stay tuned.

Blog
Tax-exempt organizations: The wait is over, sort of

Cloud services are becoming more and more omnipresent, and rapidly changing how companies and organizations conduct their day-to-day business.

Many higher education institutions currently utilize cloud services for learning management systems (LMS) and student email systems. Yet there are some common misunderstandings and assumptions about cloud services, especially among higher education administrative leaders who may lack IT knowledge. The following information will provide these leaders with a better understanding of cloud services and how to develop a cloud services strategy.

What are cloud services?

Cloud services are internet-based technology services provided and/or hosted by offsite vendors. Cloud services can include a variety of applications, resources, and services, and are designed to be easily scalable, cost effective, and fully managed by the cloud services vendor.

What are the different types?

Cloud services are generally categorized by what they provide. Today, there are four primary types of cloud services:

Cloud Service Types 

Cloud services can be further categorized by how they are provided:

  1. Private cloud services are dedicated to only one client. Security and control is the biggest value for using a private cloud service.
  2. Public cloud services are shared across multiple clients. Cost effectiveness is the best value of public cloud services because resources are shared among a large number of clients.
  3. Hybrid cloud services are combinations of on-premise software and cloud services. The value of hybrid cloud services is the ability to adopt new cloud services (private or public) slowly while maintaining on-premise services that continue to provide value.

How do cloud services benefit higher education institutions?

Higher education administrative leaders should understand that cloud services provide multiple benefits.
Some examples:

Cloud-Services-for-Higher-Education


What possible problems do cloud services present to higher education institutions?

At the dawn of the cloud era, many of the problems were technical or operational in nature. As cloud services have become more sophisticated, the problems have become more security and business related. Today, higher education institutions have to tackle challenges such as cybersecurity/disaster recovery, data ownership, data governance, data compliance, and integration complexities.

While these problems and questions may be daunting, they can be overcome with strong leadership and best-practice policies, processes, and controls.

How can higher education administrative leaders develop a cloud services strategy?

You should work closely with IT leadership to complete this five-step planning checklist to develop a cloud services strategy: 

1. 

Identify new services to be added or consolidated; build a business case and identify the return on investment (ROI) for moving to the cloud, in order to answer:

• 

What cloud services does your institution already have?

• 

What cloud services does your institution already have?

• 

What services should you consider replacing with cloud services, and why?

• 

How are data decisions being made?

2. 

Identify design, technical, network, and security requirements (e.g., private or public; are there cloud services already in place that can be expanded upon, such as a private cloud service), in order to answer:

• 

Is your IT staff ready to migrate, manage, and support cloud services?

• 

Do your business processes align with using cloud services?

• 

Do cloud service-provided policies align with your institution’s security policies?

• 

Do you have the in-house expertise to integrate cloud services with existing on-premise services?

3. 

Decide where data will be stored; data governance (e.g., on-premise, off-premise data center, cloud), in order to answer:

• 

Who owns the data in the institution’s cloud, and where?

• 

Who is accountable for data decisions?

4. 

Integrate with current infrastructure; ensure cloud strategy easily allows scalability for expansion and additional services, in order to answer:

• 

What integration points will you have between on-premise and cloud applications or services, and can the institution easily implement, manage, and support them?

5. 

Identify business requirements — budget, timing, practices, policies, and controls required for cloud services and compliance, in order to answer:

• 

Will your business model need to change in order to support a different cost model for cloud services (i.e., less capital for equipment purchases every three to five years versus a steady monthly/yearly operating cost model for cloud services)?

• 

Does your institution understand the current state and federal compliance and privacy regulations as they relate to data?

• 

Do you have a contingency plan if its primary cloud services provider goes out of business?

• 

Do your contracts align with institutional, state, and federal guidelines?

Need assistance?

BerryDunn’s higher education team focuses on advising colleges and universities in improving services, reducing costs, and adding value. Our team is well qualified to assist in understanding the cloud “skyscape.” If your institution seeks to maximize the value of cloud services or develop a cloud services strategy, please contact me.

Blog
Cloud services 101: An almanac for higher education leaders

The late science fiction writer (and college professor) Isaac Asimov once said: “I do not fear computers. I fear the lack of them.” Had Asimov worked in higher ed IT management, he might have added: “but above all else, I fear the lack of computer staff.”

Indeed, it can be a challenge for higher education institutions to recruit and retain IT professionals. Private companies often pay more in a good economy, and in certain areas of the nation, open IT positions at colleges and universities outnumber available, qualified IT workers. According to one study from 2016, almost half of higher education IT workers are at risk of leaving the institutions they serve, largely for better opportunities and more supportive workplaces. Understandably, IT leadership fears an uncertain future of vacant roles—yet there are simple tactics that can help you improve the chances of filling open positions.

Emphasize the whole package

You need to leverage your institution’s strengths when recruiting IT talent. A focus on innovation, project leadership, and responsibility for supporting the mission of the institution are important attributes to promote when recruiting. Your institution should sell quality of life, which can be much more attractive than corporate culture. Many candidates are attracted to the energy and activity of college campuses, in addition to the numerous social and recreational outlets colleges provide.

Benefit packages are another strong asset for recruiting top talent. Schools need to ensure potential candidates know the amount of paid leave, retirement, and educational assistance for employees and employee family members. These added perks will pique the interest of many candidates who might otherwise have only looked at salary during the process.

Use the right job title

Some current school vacancies have very specific job titles, such as “Portal Administrator” or “Learning Multimedia Developer.” However, this specificity can limit visibility on popular job posting sites, reducing the number of qualified applicants. Job titles, such as “Web Developer” and “Java Developer,” can yield better search results. Furthermore, some current vacancies include a number or level after the job title (e.g., “System Administrator 2”), which also limits visibility on these sites. By removing these indicators, you can significantly increase the applicant pool.

Focus on service, not just technology

Each year, institutions deploy an increasing number of Software as a Service (SaaS) and hosted applications. As higher education institutions invest more in these applications, they need fewer personnel for day-to-day technology maintenance support. In turn, this allows IT organizations to focus limited resources on services that identify and analyze technology solutions, provide guidance to optimize technology investments, and manage vendor relationships. IT staff with soft skills will become even more valuable to your institution as they engage in more people- and process-centric efforts.

Fill in the future

It may seem like science fiction, but by revising your recruiting and retention tactics, your higher education institution can improve its chances of filling IT positions in a competitive job market. In a future blog, I’ll provide ideas for cultivating staff from your institution via student workers and upcoming graduates. If you’d like to discuss additional staffing tactics, send me an email.

Blog
No science fiction: Tactics for recruiting and retaining higher education IT positions

Cost increases and labor issues have contributed to the rise of outsourcing as an option for senior living and health care providers.  While outsourcing of all types is a growing trend — from the C-suite to food service, it is a decision that should be considered carefully, as lack of planning could result in significant long-lasting financial, public relations and personnel losses. Let’s examine the outsourcing of billing services and collections.

If you are concerned with efficiencies and focusing on your core business needs — nursing care and rehabilitation — then your facility owners and management may have or are currently considering outsourcing one or both end stages of the revenue cycle.

There are some compelling reasons to outsource.

When choosing to outsource, your facility can reduce or even eliminate the challenge of keeping up with increasing complexities of medical billing, staff development and retraining, software costs, and workforce challenges. Smaller facilities can mitigate billing office resource shortages caused by staff vacations, medical leaves and turnover via outsourcing portions of their revenue cycle processes.

Because of a variety of software options, extensive coding and evolving reimbursement policies, professional billing and collection companies may be more efficient, delivering a stronger cash flow by reducing the rate of denied or rejected claims and assuring accurate coding. As facilities normally pay either a “per claim” fee or a percentage of their patient service revenue for this service, the facility’s cost fluctuates with changes in census or payer mix. Facilities may serve their customers better by decreasing insurance denials and reducing balance transfers to patients.

Outsourcing may help organizations to focus on their core business: senior living services.

Your facility should assess your organization’s readiness, fit and contract limitations prior to outsourcing. Here are some things to consider.

1. Be accountable. It is your facility’s ultimate responsibility to comply with all applicable rules and regulations, including HIPAA. And while signing a business associate agreement is a step in right direction, it may not guarantee peace of mind.

  • Ask a potential vendor about data transmission, storage, sharing, access and destruction policies, as well as processes designed to monitor compliance. Question any recent breaches or unauthorized access incidents — how were they handled? As HIPAA non-compliance and unauthorized access to protected health information (PHI) may result in financial penalties and bad publicity, you should evaluate the need to consult with an expert.
  • Ensure the vendor knows your state’s facility licensing regulations. For example, some states prohibit charging patients or residents any collection fees. Some states or payers require refunds for any overpayments to within certain defined periods. A good vendor will meet your state’s regulations. Ask to review their standard collection forms and collection procedures and protect your organization from unexpected non-compliance tags. 

2. Communicate. Discuss what information they require, when, in what format, and how they will make corrections. In-house billing staff can normally access a resident’s medical file, whether electronic or paper, or inquire with the facility operations team regarding a particular claim. This is not the case with an external vendor. 

  • To outsource effectively, you need to designate an in-house position to respond to missing information requests promptly. Facilities operating on web-based medical records software should evaluate the risks of granting a billing vendor even limited access to residents’ electronic medical files.
  • Review contract terms for any up charges assessed by the vendor if your facility can’t respond to information requests in a timely fashion. 

3. Understand and agree upon the scope of the contract. Contract scope misunderstanding can have long-lasting financial implications for the facility, and result in increased bad debt. Your management team should compile a list of assumptions and agreement terms not stated clearly in the contract, and address them in a meeting before accepting the terms. At a minimum, get answers to these questions:

  • Is the vendor submitting bills for all types of payers, levels of care and billing forms, including private, private long-term care insurance, adult day and outpatient, or only certain electronic claims?
  • Is the vendor responsible for notifying your organization of any delays with claim processing, payer requests for supporting medical records and any other identified administrative requests and rejections? If so, how fast and in what format?
  • Is the vendor responsible for assisting with regulatory compliance reporting, such as required data for a cost report preparation, audit, etc.?
  • What minimum quality assurance steps does the vendor apply when generating and processing claims, and how do they remedy identified issues?
  • Is the vendor only submitting bills or are they also working on collections?
  • Is the facility or a vendor responding to resident requests for additional information or questions about the billing statements?

4. Maintain alignment with the organization’s philosophy and vision. As with any other area of operations you consider outsourcing, outsourcing billing and collections requires careful examination of its impact on customer service and community relations. If a vendor produces co-pay and private pay invoices or statements, will you have control over the format and presentation of these mailings? If a vendor is engaged to perform collections follow up, your management team needs to understand collections procedures and methods used and ensure they are a good fit with your mission.

5. Set goals and benchmarks. Your management should analyze days in accounts receivable, accounts receivable aging trends, and cash as a percent of net revenue monthly, and then meet with the vendor promptly to understand the causes of any undesired trends and work on remedial plan. 

6. Understand your organization’s reasons for outsourcing. If your facility struggles with completing resident pre-admission screening, obtaining prior authorizations, or staying on top of Medicaid applications and recertifications — stop. Outsourcing is very unlikely to remedy these situations and could even make them worse. We recommend seeking the assistance of an experienced revenue cycle or process improvement consultant before outsourcing any portion of the billing and collections process.

The BerryDunn Senior Living team welcomes your feedback, and is always one phone call or email away, should your organization need to take a deeper look at revenue cycle and process improvement opportunities.

Blog
Can outsourcing increase revenues and reduce cycle time? Yes, if it's the right fit

Over the course of its day-to-day operations, every organization acquires, stores, and transmits Protected Health Information (PHI), including names, email addresses, phone numbers, account numbers, and social security numbers.

Yet the security of each organization’s PHI varies dramatically, as does its need for compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Organizations that meet the definition of a covered entity or business associate under HIPAA must comply with requirements to protect the privacy and security of health information.

Noncompliance can have devastating consequences for an organization, including:

  • Civil violations, with fines ranging from $100 to $50,000 per violation
  • Criminal penalties, with fines ranging from around $50,000 to $250,000, plus imprisonment

All it takes is just one security or privacy breach. As breaches of all kinds continue to rise, this may be the perfect time to evaluate the health of your organization’s HIPAA compliance. To keep in compliance and minimize your risk of a breach, your organization should have:

  • An up-to-date and comprehensive HIPAA security and privacy plan
  • Comprehensive HIPAA training for employees
  • Staff who are aware of all PHI categories
  • Sufficiently encrypted devices and strong password policies

HIPAA Health Check: A Thorough Diagnosis

If your organization doesn’t have these safeguards in place, it’s time to start preparing for the worst — and undergo a HIPAA health check.

Organizations need to understand what they have in place, and where they need to bolster their practice. Here are a variety of fact-finding methods and tools we recommend, including (but not limited to):

  • Administrative, technical, and physical risk analyses
  • Policy, procedure, and business documentation reviews
  • Staff surveys and interviews
  • IT audits and testing of data security

Once you have diagnosed your organization’s “as-is” status, you need to move your organization toward the “to-be” status — that is, toward HIPAA compliance — by:

  • Prioritizing your HIPAA security and privacy risks
  • Developing tactics to mitigate those risks
  • Providing tools and tactics for security and privacy breach prevention and minimization
  • Creating or updating policies, procedures, and business documents, including a HIPAA security and privacy plan

As each organization is different, there are many factors to consider as you go through these processes, and customize your approach to the HIPAA-compliance needs of your organization.

The Road to Wellness

An ounce of prevention is worth a pound of cure. Don’t let a security or privacy breach jump-start the compliance process. Reach out to us for a HIPAA health check. Contact us if you have any questions on how to get your organization on the road to wellness.

Blog
How healthy is your organization's HIPAA compliance?

As a leader in a higher education institution, you'll be familiar with this paradox: Every solution can lead to more problems, and every answer can lead to more questions. It’s like navigating an endless maze. When it comes to mobile apps, the same holds true. So, the question: Should your institution have a mobile app? The Answer? Absolutely.

Devices, not computers, are how millenials communicate, gather, inform, and engage. Millennials, on average, spend 90 hours per month on mobile apps, not including web searches and website visits.

Students are no exception. A 2016 Nielsen study showed that 98% of millennials aged 18 – 24, and 97% of millennials aged 25 – 34, owned a smartphone, while a 2017 comScore report stated that one out of five millennials no longer use desktop devices, including laptops. Mobile apps have quickly filled the desktop void, and as students grow more reliant on mobile technology, colleges and universities are in the mix, creating apps to bolster student engagement.

So should you create an app? Here are some questions you should answer before creating a mobile app. Welcome to the labyrinth! But don’t be frustrated—answer these questions to help you avoid dead ends and overspending.

1. Is a mobile app part of your IT Strategy? Including a mobile app in your IT strategy minimizes confusion at all levels about the objectives of mobile app implementation. It also helps dictate whether an institution needs multiple mobile apps for various functions, or a primary app that connects users with other functionality. If an institution has multiple campuses, should you align all campuses with a single app, or if will each campus develop their own?

2. What will the app do? Mobile apps can perform a multitude of functions, but for the initial implementation, select a few key functions in one main area, such as academics or student life. Institutions can then add functionality in the future as mobile adoption grows, and demand for more functions increases.

3. Who will use the app? Mobile apps certainly improve engagement throughout the student life cycle—from prospect to student to alumni—but they also present opportunities for increased faculty, staff, and community engagement. And while institutions should identify the immediate audience of the app, they should also identify future users, based upon functionality.

4. Who will manage the app? Institutions should determine who is going to manage the mobile app, and how. The discussion should focus on access, content, and functionality. Is the institution going to manage everything in house, from development to release to support, or will a mobile app vendor provide this support under contract? Depending on your institution, these discussions will vary.

5. What data will the app use? Like any new software system, an app is only as good as its supporting data. It’s important to assess the systems to integrate with the mobile app, and determine if the systems’ data is up-to-date and ready for integration. Consider the use of application program interfaces, or APIs. APIs allow apps and platforms to interact with one another. They can enable social media, news, weather, and entertainment apps to connect with your institution’s app, enhancing the user experience with more content for users.

6. How much data security does your app need? Depending on the functionality of the app you create, you will need varying degrees of security, including user authentication safeguards and other protections to keep information safe.

7. How much can you spend for the app? Your institution should decide how much you will spend on initial app development, with an eye toward including maintenance and development costs for future functionality. Complexity increases costs, so you will need to  budget accordingly. Include budget planning for updates and functionality improvements after launch.

You will also need to establish a timeline for the project and roll out. And note that apps deployed toward the end of the academic year experience less adoption than apps deployed at the beginning of the academic year.

Once your institution answers these questions, you will be off to a good start. And as I stated earlier, every answer to a question can lead to more questions. If your institution needs help navigating the mobile app labyrinth, please reach out to me

Blog
The mobile app labyrinth: Seven questions higher education institutions should ask

In a previous blog post, “Six Steps to Gain Speed on Collections”, we discussed the importance of regular reviews of long-term care facility financial performance indicators and benchmarks, and suggestions to speed up collections. We also noted that knowledge of your facility’s current payer mix is critical to understanding days in accounts receivable (A/R).

The purpose of a regular A/R review is to facilitate prompt and complete collections by identifying trends and potential system issues and then implementing an action plan. Additionally, an A/R review is used to report on certain regulatory compliance requirements, and could help management identify staff training and development needs. Here are some tips on how to make your review both effective and efficient.

  • Practice professional skepticism. Generate your own A/R reports. While your staff may be competent and trustworthy, it is a good habit to get information directly from your billing system.
     
  • Understand your revenue cycle calendar. A common approach is to generate A/R reports at the end of each month. While you can generate reports at any time, always ask your staff whether all recent cash receipts and adjustments have been posted.
     
  • Know your software. Billing software usually has a few pre-set A/R reports available, and you can customize some of them to simplify your review and analysis. Consult with your IT department or software vendor to gain a better understanding of available report types, parameters, options and limitations. Three frequently-used reports are:

    A/R Transaction Report: This report shows selected transaction details (date, payer, account, transaction type) and can help you understand changes in those parameters. Start with a “summary by type” then drill down to further detail if needed. Run and review this report monthly to identify any unexpected write-offs or adjustments in the prior period.

    A/R Aging Report: This report breaks A/R data into aging buckets (current, 30, 60, 90, etc.). It is used to fine-tune collection efforts and evaluate a bad debt allowance (as older balances are less likely to be collected). Using a higher number of buckets will provide more detailed information, and replacing “age” of accounts with a “month” label will make it easier to see trends in month-to-month changes. Your facility’s payer mix will determine a reasonable “Days in A/R” benchmark. Generally, you should see the most dramatic drop in open accounts within 30 days for Medicare, Medicaid and private payers; and within 60-90 days for other payers. Focus your staff’s attention on balances nearing 300 days, as many insurers have a claim filing limit of one year from the service date. Develop an action plan to follow up within two to three weeks.

    Unbilled Claims Report: This report shows un-submitted claims. Discuss unbilled claims with your staff, understand why they are unbilled to reduce the number of un-submitted claims, and develop an action plan for submission to responsible parties.
     
  • Understand available report formats. Billing software usually offers the option to run reports in different file formats (web, PDF, Excel, etc.). Know your options and select the one you are most comfortable with. We recommend Excel for easy data analysis and trending.
     
  • Segment, segment, segment — and look for trends! Data segmentation and filtering is the best approach to effective and efficient A/R review. At a minimum, you should be separating Medicare A, Medicare B, Medicare Advantage, Medicaid, private pay, pending/presumed Medicaid and any other payers with a particularly high volume of claims. The differences in timing of billing, complexity, compliance requirements, benchmarking and submission of claim methods warrant a separate, more-detailed review of claims. Here are some examples of what to look for.

    Medicare: An open claim will hold payments for all following claims within that stay. Instruct your billing team to ensure claim submission, and review any rejected or suspended claims. Carefully analyze any Medicare credits. Small credit and debit balances may indicate errors in the rate-setting module of your software. Review for rate changes, contractual adjustments and sequestration set up. Review any credit balances over $25 for potential overpayment. These credits have to be corrected in that quarter or listed on your quarterly credit balance report to Medicare. Balances of $160 or more may indicate incorrectly calculated co-pay days, while balances over $200 may indicate billing for an incorrect number of days. Medicare has a one-year limit on submitting claims so act promptly to resolve any balances over 300 days.

    Medicaid: Open balances may indicate eligibility gaps, changes in coverage levels, rate set-up errors or incorrect classification as primary or secondary payer. This payer also has a one-year limit on submitting claims. Again, act promptly to resolve any balances over 300 days.

    Pending/Presumed Medicaid: Medicaid application processing times vary by state. Normally eligibility is determined within a few months at the most. Open claims older than 120 days should be investigated promptly.
     
  • Filter data for the highest and lowest balances. Focus on your five to ten highest balances and work with staff to resolve. Discuss reasons for any credit balances with staff, as regulations often require a prompt refund or claim adjustment. Credit balances could also indicate incorrectly posted payments (to the wrong patient account or service date). Instruct staff to routinely review and resolve credits to prevent collection activities on paid-off accounts. 

Ask questions, follow up and recognize good work. If you notice an improvement in your facility’s A/R report, make sure you recognize team and individual efforts. If improvements are slow to come, discuss obstacles with staff, refine your A/R reporting, and review the plan as needed.

Blog
Segmenting accounts receivable reports: How to use your reports to understand where you are

As we begin the second year of Uniform Guidance, here’s what we’ve learned from year one, and some strategies you can use to approach various challenges, all told from a runner's point of view.

A Runner’s Perspective

As I began writing this article, the parallels between strategies that I use when competing in road races — and the strategies that we have used in navigating the Uniform Guidance — started to emerge. I’ve been running competitively for six years, and one of the biggest lessons I’ve learned is that implementing real-time adjustments to various challenges that pop up during a race makes all the difference between crossing — or falling short of — the finish line. This lesson also applies to implementing Uniform Guidance. On your mark, get set, go!

Challenge #1: Unclear Documentation

Federal awarding agencies have been unclear in the documentation within original awards, or funding increments, making it hard to know which standards to follow: the previous cost circulars, or the Uniform Guidance?

Racing Strategy: Navigate Decision Points

Take the time to ask for directions. In a long race, if you’re apprehensive about what’s ahead, stop and ask a volunteer at the water station, or anywhere else along the route.

If there is a question about the route you need to take in order to remain compliant with the Uniform Guidance, it’s your responsibility to reach out to the respective agency single audit coordinators or program officials. Unlike in a race, where you have to ask questions on the fly, it’s best to document your Uniform Guidance questions and answers via email, and make sure to retain your documentation.  Taking the time to make sure you’re headed in the right direction will save you energy, and lost time, in the long run.    

Challenge #2: Subrecipient Monitoring

The responsibilities of pass-through entities (PTEs) have significantly increased under the Uniform Guidance with respect to subaward requirements. Under OMB Circular A-133, the guidance was not very explicit on what monitoring procedures needed to be completed with regard to subrecipients. However, it was clear that monitoring to some extent was a requirement.

Racing Strategy: Keep a Healthy Pace

Take the role of “pacer” in your relationships with subrecipients. In a long-distance race, pacers ensure a fast time and avoid excessive tactical racing. By taking on this role, you can more efficiently fulfill your responsibilities under the Uniform Guidance.

Under the Uniform Guidance, a PTE must:

  • Perform risk assessments on its subrecipients to determine where to devote the most time with its monitoring procedures.
  • Provide ongoing monitoring, which includes site visits, provide technical assistance and training as necessary, and arrange for agreed-upon procedures to the extent needed.
  • Verify subrecipients have been audited under Subpart F of the Uniform Guidance, if they meet the threshold.
  • Report and follow up on any noncompliance at the subrecipient level.
  • The time you spend determining the energy you need to expend, and the support you need to lend to your subrecipients will help your team perform at a healthy pace, and reach the finish line together.

Challenge #3: Procurement Standards

The procurement standards within the Uniform Guidance are similar to those under OMB Circular A-102, which applied to state and local governments. They are likely to have a bigger impact on those entities that were subject to OMB Circular A-110, which applied to higher education institutions, hospitals, and other not-for-profit organizations.

Racing Strategy: Choose the Right Equipment

Do your research before procuring goods and services. In the past, serious runners had limited options when it came to buying new shoes and food to boost energy. With the rise of e-commerce, we can now purchase everything faster and cheaper online than we can at our local running store. But is this really an improvement?

Under A-110, we were guided to make prudent decisions, but the requirements were less stringent. Now, under Uniform Guidance, we must follow prescribed guidelines.

Summarized below are some of the differences between A-110 and the Uniform Guidance:

A-110 UNIFORM GUIDANCE
Competition
Procurement transaction shall be conducted in a manner to provide, to the maximum extent practical, open and free competition.
Competition
Procurement transaction must be conducted in a manner providing full and open competition consistent with the standards of this section.
 
Procurement
Organizations must establish written procurement procedures, which avoid purchasing unnecessary items, determine whether lease or purchase is most economical and practical, and in solicitation provide requirements for awards.
Procurement
Organizations must use one of the methods provided in this section:
  1. Procurement by Micro Purchase (<$3,000)
  2. Procurement by Small Purchase Procedures (<$150,000)
  3. Procurement by Sealed Bids
  4. Procurement by Competitive Proposal
  5. Procurement by Noncompetitive Proposal

While the process is more stringent under the Uniform Guidance, you still have the opportunity to choose the vendor or product best suited to the job. Just make sure you have the documentation to back up your decision.

A Final Thought
Obviously, this article is not an all-inclusive list of the changes reflected in the Uniform Guidance. Yet we hope that it does provide direction as you look for new grant awards and revisit internal policies and procedures.

And here’s one last tip: Do you know the most striking parallel that I see between running a race and implementing the Uniform Guidance? The value of knowing yourself.

It’s important to know what your challenges are, and to have the self-awareness to see when and where you will need help. And if you ever need someone to help you navigate, set the pace, or provide an objective perspective on purchasing equipment, let us know. We’re with you all the way to the finish line.

Grant Running.jpg

Blog
A runner's guide to uniform guidance, year two

With the most recent overhaul to the Form 990, Return of Organization Exempt From Income Tax, the IRS has made clear its intention to increase the transparency of a not-for-profit organization’s mission and activities and to promote active governance. To point, the IRS asks whether a copy has been provided to an organization’s board prior to filing and requires organizations to describe the process, if any, its board undertakes to review the 990.

This lack of ambiguity aside, it is just good governance to have an understanding of the information included in your organization’s Form 990. After all, it is available to anyone who wants a copy. But the volume of information included in a typical return can be daunting.

Where do you even start? Let’s take a look at the key components of a Form 990 that warrant at least a read-through:

  • Income and expense activity (Page 1 and Schedule D) – Does this agree to, or reconcile to, the financial reporting of the organization?
  • Narratives on Page 2 – Does it accurately describe your mission and “tell your story”?
  • Questions in Part VI about governance, management, and disclosures – If any governance or policy questions are answered in the negative, have you given consideration to implementing changes?
  • Part VII – Board information and key employee/contractor compensation – Is the list complete? Does the information agree with compensation set by the board? Does it seem appropriate in light of responsibilities and the organization’s activities

Depending on how questions were answered earlier in the Form 990, several schedules may be required. Key schedules include:

  • Schedule C – Political and lobbying expenditures
  • Schedule F – Foreign transactions and investments reported (alternative investments may have pass-through foreign activity)
  • Schedule J – Detailed compensation reporting for employees whose package exceeds $150,000
  • Schedule L – Transactions with officers, board members, and key employees (conflict-of-interest disclosures)

In addition to the Form 990, an organization may be required to file a Form 990-T, Exempt Organization Business Income Tax Return, if it earns unrelated business income. In general, it’s good practice to review the Form 990 with the organization’s management or tax preparer to be able to ask questions as they arise.

Filing and reviewing the Form 990 can be more than a compliance exercise. It’s an opportunity for a good conversations about your mission, policies, and compensation—a “health check-up” that can benefit more areas than just compliance. Understanding your not-for-profit’s operations and being an engaged and informed board member are essential to effectively fulfilling your fiduciary responsibilities.

Blog
Good governance: Understanding your organization's Form 990