• Home
  • >
  • Blog
  • >
  • Auditing to Protect the Vulnerable in Our Society

September 16, 2020

Auditing to Protect the Vulnerable in Our Society


Editing provided by Nayiri-Tara


The very young and our elderly population are subject to neglect, fraud and abuse.  This article addresses how internal auditing and monitoring programs can help detect potential issues, increase compliance to State mandatory reporting requirements and improve the quality of care.

Urgent Care, Emergency Departments, primary care providers are typically the first to identify specific signs and symptoms of abuse and/or neglect.  The presence of warning signs does not necessarily mean that the child or senior is being abused or neglected, but appropriate documentation and diagnosis coding can help us improve as health care providers.

The financial costs for these victims and society are substantial. In a recent CDC study, The Economic Burden of Child Maltreatment in the United States and Implications for Prevention, it is reported that the total lifetime estimated financial costs associated with just one year of confirmed cases of child maltreatment (physical abuse, sexual abuse, psychological abuse and neglect) is approximately $124 billion.

Why Diagnosis Coding is Important

Utilize the current ICD-10-CM Official Coding and Reporting Guidelines for direction and coding compliance.  One of the first items to consider prior to assigning a code is to review documentation to determine whether the abuse is confirmed (T74) or suspected (T76).

Category T74 reads: Adult and child abuse, neglect and other maltreatment, confirmed.

  • Use additional code, if applicable, to identify any associated current injury
  • Use additional external cause code to identify perpetrator, if known (Y07.-)
  • Excludes1: abuse and maltreatment in pregnancy (O9A.3-, O9A.4-, O9A.5-) adult and child maltreatment, suspected (T76.-)
  • The appropriate 7th character is to be added to each code from category T74A - initial encounter
  • D - subsequent encounter
  • S - sequela

Category T76 reads: Adult and child abuse, neglect and other maltreatment, suspected.

  • Use additional code, if applicable, to identify any associated current injury
  • Excludes1: adult and child maltreatment, confirmed (T74.-) suspected abuse and maltreatment in pregnancy (O9A.3-, O9A.4-, O9A.5-) suspected adult physical abuse, ruled out (Z04.71) suspected adult sexual abuse, ruled out (Z04.41) suspected child physical abuse, ruled out (Z04.72) suspected child sexual abuse, ruled out (Z04.42)
  • The appropriate 7th character is to be added to each code from category T76A - initial encounter
  • D - subsequent encounter
  • S - sequela

For confirmed cases, the external cause code section (X92 – Y09) should be reported along with documented injuries. A perpetrator code (Y07) is reported when the person who performed the abuse/neglect is known.

Y07 Perpetrator of assault, maltreatment and neglect

Notes: Codes from this category are for use only in cases of confirmed abuse (T74.-)
Selection of the correct perpetrator code is based on the relationship between the perpetrator and the victim
Includes:          perpetrator of abandonment
                        perpetrator of emotional neglect
                        perpetrator of mental cruelty
                        perpetrator of physical abuse
                        perpetrator of physical neglect
                        perpetrator of sexual abuse
                        perpetrator of torture

For suspected but not confirmed cases, the perpetrator Y07 is not reported. The code identifies the relationship between the perpetrator and the victim.  If the suspected case is ruled out, then the coder should report Z04.72 (encounter for examination and observation following alleged child physical abuse, ruled out). The code from category T76 would no longer be appropriate to report on the claim.

If the suspected case is an alleged rape or sexual abuse that is ruled out, Z04.42 (encounter for examination and observation following alleged child rape) should be used. Again, the code from category T76 would not be reported. 

What Does Your Organizational Policies & Procedures Mandate?

Each organization should have policies and procedures reflecting State mandatory reporting to Child Protective Services or other appropriate agency.  Is your organization compliant?  If not, claims data could reveal non-conformances identified through government audits.

Claims Data Used by OIG to Identify Potential Child Abuse & Neglect

On July 10, 2020 the Office of Inspector General (OIG) published the results of an investigative audit of Medicaid Claims


The objectives of the audit were to determine the following:

  1. whether Medicaid claims data can be used to identify incidents of potential child abuse or neglect and, if they can, the number of incidents of potential abuse or neglect of children receiving Medicaid benefits that we identified using hospital emergency rooms (ERs) claims data;
  2. whether the incidents were reported to child protective services (CPS) agencies and other appropriate agencies; and
  3. who may have committed those incidents and where they occurred.

For a stratified random sample of 100 Medicaid beneficiaries, OIG’s auditors reviewed the medical records and other documentation to determine whether they contained evidence of potential child abuse or neglect. It was then determined whether the incidents of potential child abuse or neglect were reported to CPS and other appropriate agencies.

The OIG audit covered 31,780 Medicaid claims that contained ICD-10-CM diagnosis codes specifically indicating the treatment of injuries potentially caused by abuse or neglect of Medicaid beneficiaries younger than age 18. These claims related to 29,534 children receiving Medicaid benefits who received ER services from January 1, 2017, through December 31, 2017.

The OIG further estimated that, of the beneficiaries in the population associated with incidents of potential child abuse or neglect, 3,928 were involved with incidents that were not reported to CPS.

The OIG also determined that most incidents of potential child abuse or neglect identified in our sample occurred in familiar settings by perpetrators known to the victims. The Centers for Medicare & Medicaid Services (CMS) did not identify similar incidents of potential child abuse or neglect during our audit period or encourage the States to identify the incidents.

CMS responded to the OIG findings by indicating that the majority of the sample cases identified in the audit occurred in a home or public place, which does not fall under CMS’s jurisdiction for Federal oversight. CMS also stated that claims review may not be timely enough to address acute problems because claims and encounter data can be lagged and transformed as they move through the submission process. CMS added that its regulations require all facilities and their practitioners to comply with the mandatory reporting laws for abuse and neglect applicable to their State.

The OIG disagrees with CMS and continues to recommend that CMS inform States that the use of the Medicaid claims data can help identify incidents of potential child abuse or neglect and ensure compliance with their mandatory reporting laws.

There is Also No Uniformity with Child Abuse Reporting Laws and Child Abuse Definitions

Aside from the need to increase compliance with state reporting laws, there is need for change in the law itself as well. Many professionals do not know what “child abuse” entails when it comes to reporting, due to confusion with the law.

The Federal Child Abuse Prevention and Treatment Act (CAPTA) requires each State to have provisions or procedures for requiring certain individuals to report known or suspected instances of child abuse and neglect. Approximately 47 States require Social workers, teachers, principals, other school personnel, physicians, nurses, other health-care workers, counselors, therapists, other mental health professionals, child care providers, medical examiners or coroners, and law enforcement officers to report child abuse. Under CA, if under Penal Code 11166, there is “reasonable suspicion” of child abuse, the professional must report it to the proper authorities. This means it is a situation that causes a reasonable person in a like position, drawing, when appropriate, on the person’s training and experience, to suspect child abuse or neglect. However, under PA, the rule requires reporting “if the person has reasonable cause to suspect that a child is a victim of child abuse.”

Currently, “Child abuse” means the physical or mental injury, sexual abuse or exploitation, or negligent treatment of a child. However, there is no universal definition of what child abuse entails which causes states to have different definitions. For instance, “medical evaluation of a child suspected of abuse” is not guaranteed in places like Pennsylvania, where there is no obligation for a child suspected of abuse to receive a medical examination unless the county’s laws or caseworker requires it. For example, in Pennsylvania, for the longest time, a priest was also not required to report potential child abuse. However, as current laws show, there is a duty by priests to report such potential cases.

Some suggest that laws should change to mandate an evaluation by a medical professional trained in child abuse detection when a child is suspected of being a victim of child abuse, Congress should emphasize the need for more uniform data gathering of child abuse by looking at health care data, and the Centers for Medicare & Medicaid Services (CMS) should update standards by performing data analysis of Medicaid claims to identify incidents of potential child abuse or neglect.

Abuse of the Elderly

The abuse of the elderly either living independently or as residents of nursing homes and long-term care facilities is a topic that is not only gaining more public awareness, but is also being addressed as a priority by government officials. Most people who work with elders or disabled adults are mandated reporters under state law to report such abuse. Failure to report abuse of an elder or dependent adult is a misdemeanor, punishable by not more than six months in the county jail or by a fine of not more than $1,000, or both imprisonment and fine in California, for instance. However, there is no uniformity with the laws here as well, as states each handle their own laws as to the abuse of the elderly. Nursing home residents are particularly vulnerable because they are often unable to easily defend themselves. This is why it is more important than ever that these facilities take steps to mitigate the risk of abuse and neglect.

Abuse comes in various forms:

  • Physical – can range from assault and battery to forced restraint, either by mechanical or chemical means (such as the administration of psycho-pharmaceutical drugs not authorized by a doctor)
  • Emotional – includes verbal and nonverbal threats, humiliation, fear, manipulation, or other psychological cruelties
  • Financial – when an elderly patient’s money or property is exploited, used or taken from them without their consent
  • Social Media – includes social media posts that demean or invade the privacy of facility residents

Neglect in long-term care facilities is also an important issue to address. The COVID-19 pandemic is an example of families removing loved ones from long term care to find them dehydrated, weak and underweight.

Neglect is the failure of caregivers to fulfill their responsibilities to provide the care that an elderly person needs. This may be:

  • Active – when the caregiver intentionally withholds care or necessities
  • Passive – when the caregiver is unable to fulfill their caregiving responsibilities, often as a result of ignorance or lack of resources
  • Self-neglect – when the elderly patient refuses care

Continued Investigations Conducted by the OIG

The Department of Health and Human Services Office of Inspector General issued two new reports that address the identification, reporting and investigation of incidents of potential abuse and neglect of our nation's most vulnerable populations, including seniors and individuals with developmental disabilities.

On June 12, 2019 the OIG published the results of their investigation “Incidents of Potential Abuse & Neglect at Skilled Nursing Facilities Were Not Always Reported and Investigated”.   The objectives were to determine

1) the prevalence of incidents of potential abuse or neglect of Medicare beneficiaries residing in skilled nursing facilities (SNFs) who had a hospital emergency room (ER) Medicare claim in calendar year 2016 containing a high-risk diagnosis code,

2) whether these incidents of potential abuse or neglect were properly reported by the SNFs,

3) whether the Centers for Medicare & Medicaid Services (CMS) and State Survey Agencies (Survey Agencies) reported findings of substantiated abuse to local law enforcement, and

4) the extent to which CMS requires incidents of potential abuse or neglect to be recorded and tracked.

Through this investigative audit the OIG determined that an estimated one in five high-risk hospital ER Medicare claims for treatment provided in calendar year 2016 were the result of potential abuse or neglect, including injury of unknown source, of beneficiaries residing in a SNF.

It was determined that SNFs failed to report many of these incidents to the Survey Agencies in accordance with applicable Federal requirements. It was also found that several Survey Agencies failed to report some findings of substantiated abuse to local law enforcement. Lastly, the OIG determined that CMS does not require all incidents of potential abuse or neglect and related referrals made to law enforcement and other agencies to be recorded and tracked in the Automated Survey Processing Environment Complaints/Incidents Tracking System.

Preventing, detecting, and combating elder abuse requires CMS, Survey Agencies, and SNFs to meet their responsibilities. 

Conclusion - Conducting Internal Auditing and Monitoring of the Situation

Establish audit parameters to implement and maintain a program to detect potential abuse or neglect situations and verify that these situations are appropriately reported and mandated by State law.

When non-conformances are revealed, consult with Legal Counsel regarding the results.

Establish a training and education program for all providers who may be responsible for treating and detecting child abuse or neglect situations.

Establish the same program to protect your Elderly population.

Need more information regarding Auditing for Compliance or conducting Forensic Internal Audits? 

Use the URLs below for online course information provided by our non-profit organization.



Verified by MonsterInsights