APCM Risk Stratification Workflow for Compliance & Audits
Master APCM risk stratification for compliance. Learn how to document risk levels and meet CMS audit standards using AI-powered patient outreach.
Risk stratification is a cornerstone of the CMS Advanced Primary Care Management (APCM) model. To ensure compliance and survive audits, practices must systematically categorize patients based on clinical complexity and social determinants. This guide outlines a robust workflow for identifying high-risk chronic care patients and maintaining the audit-proof documentation required by CMS.
Many practices fail APCM audits because their risk stratification is subjective, undocumented, or fails to incorporate real-time patient data. Without a standardized process, practices risk clawbacks and penalties for billing high-complexity codes without sufficient clinical justification.
Step-by-Step Workflow
Automated Data Collection & SDOH Screening
Utilize AI-powered call handling to contact patients and collect current health status, medication adherence, and social determinants of health (SDOH).
- Automate outreach after hospital discharges
- Capture non-clinical barriers like transportation
- Relying solely on static, outdated EHR data
Clinical Risk Scoring Application
Apply standardized scoring tools, such as Hierarchical Condition Category (HCC) scores, to categorize patients into low, medium, or high-risk tiers.
- Update risk scores at least quarterly
- Integrate scoring directly with the EHR
- Using inconsistent risk models across the practice
Care Plan Alignment & Documentation
Link the determined risk level to specific interventions within the APCM comprehensive care plan, ensuring the 13 service elements are addressed.
- Document shared decision-making with the patient
- Provide a written or electronic copy to the patient
- Creating generic care plans that ignore risk tiers
Audit-Proof Record Retention
Store timestamped AI call logs, risk assessment results, and patient consent records in a secure, searchable format for a minimum of 7 years.
- Use AI transcripts to provide clinical context
- Ensure all records are HIPAA compliant
- Deleting call recordings or logs prematurely
Continuous Quality Assurance Review
Compliance officers must perform monthly audits of stratified records to ensure documentation matches the 13 required APCM service elements.
- Perform random spot checks on high-risk files
- Verify that care plans are updated after risk changes
- Assuming staff follow protocols without oversight
Staff Training & Knowledge Retention
Implement regular training sessions on CMS APCM requirements to prevent compliance gaps during staff turnover or policy updates.
- Use real audit scenarios for training
- Maintain a central compliance manual
- Neglecting training for new administrative staff
Expected Outcomes
Reduced risk of CMS clawbacks and financial penalties
Improved HCC coding accuracy for chronic populations
Enhanced patient outcomes through targeted interventions
Standardized documentation for all 13 APCM elements
Lower administrative burden via AI-driven data collection
Frequently Asked Questions
CMS expects risk levels to be reviewed at least annually or whenever a significant change in the patient's health status or social situation occurs.
These include 24/7 access to care, risk-stratified care management, comprehensive care planning, and coordination of transitions, among others required by CMS.
Yes, AI-generated transcripts and automated logs provide objective, timestamped evidence of patient engagement and data collection required for risk assessment.
Non-compliance can lead to Medicare clawbacks, civil monetary penalties, and potential exclusion from federal healthcare programs under the False Claims Act.
Ready to transform your apcm compliance & audits practice?
See how Tile Healthcare's AI call center can handle scheduling, triage, and patient communication for your practice.
Schedule a Demo