Why Compliance Matters

• CMS scrutiny is increasing as care management programs expand in scale and reimbursement.

• Documentation errors (missing time logs, vague notes, absent care plans) are the most common cause of audit failure.

• Patient consent is required for nearly all care management programs and must be documented clearly.

• Role delineation is essential: physician/QHP time vs. clinical staff time must be accurately tracked.

Common Audit Risk Areas

1. Time Tracking

   • Codes such as CCM (99490, 99439) and RPM (99457, 99458) require documented minutes each month.

   • Risk: Overlapping time entries or estimates rather than actual logged minutes.

2. Care Plan Documentation

   • A patient-centered, shareable care plan is required for CCM, PCM, APCM, and BHI.

   • Risk: Care plan absent, outdated, or too generic to meet compliance standards.

3. Patient Consent

   • Consent (verbal or written) must be recorded prior to billing.

   • Risk: Missing documentation of consent or failure to update annually.

4. Service Duplication

   • PCM and CCM, or RPM and CCM, can sometimes overlap.

   • Risk: Billing for the same activity under two different codes.

5. Audit-Readiness

   • Practices must be able to provide audit-ready reports showing time, tasks, and staff attribution.

   • Risk: Disorganized records, siloed data across different systems.

Best Practices for Compliance

• Use structured templates for care plans and documentation.

• Log time daily instead of estimating at month’s end.

• Separate roles and responsibilities between staff and providers.

• Perform internal audits monthly to validate compliance before claims submission.

• Stay updated on CMS Final Rules and payer-specific requirements.

How OnCare360 Supports Audit and Compliance

OnCare360 is built with audit-readiness in mind. The platform provides:

• Automated Time Tracking – Logs provider and staff minutes by service type, ensuring accurate, non-overlapping reporting.

• Audit-Ready Documentation – Generates compliance reports that detail dates, staff attribution, and activities for each service billed.

• Consent Management – Captures and stores patient consent records with audit history.

• Role Segmentation – Distinguishes physician/QHP time from clinical staff time, aligned with CPT definitions.

• Alerts and Compliance Checks – Flags missing consent, insufficient time, or incomplete documentation before claims submission.

• Integration with EHRs – Ensures continuity of care documentation without duplicating effort.

• Internal Audit Tools – Allows practices to run mock audits and correct issues proactively.

Key Takeaway

Audit and compliance are no longer optional—they are central to the success of care management programs. Practices that build workflows around CMS requirements can expand services with confidence.