Developing an Effective Compliance Plan
We’ve been preaching the benefits of a comprehensive compliance plan for years. Far too many mandates, rules, and regulations must be followed daily to ignore the fact that a simple slip-up could place your practice in great jeopardy. Everyone knows about OSHA and HIPAA, but these are only two elements of good compliance.
A little-known provision of the Affordable Care Act (ACA)―Section 6401, to be exact―now requires medical practices and other healthcare entities to develop specific compliance programs if they are enrolled in Medicare, Medicaid, or the Children’s Health Insurance Program. In fact, new practices will not be allowed to enroll in these programs unless they have a compliance program in place. While the final guidelines for compliance plans under the ACA have not yet been published, your practice should consider using the OIG’s Compliance Program Guidance for Individual and Small Group Physician Practices, published in 2000. (http://oig.hhs.gov/authorities/docs/physician.pdf)
This compliance plan is actually an extension of the False Claims Act (“FCA”), which places a greater burden on physicians and their practices for preventing waste, fraud, and abuse.
Goals of the Plan
Your compliance plan should be comprehensive and should achieve the following goals:
- Establish and communicate approved uniform standards of conduct for physician and support staff
- Establish internal controls that promote practice adherence to federal and state laws and program guidelines for federal, state, and private health plans
- Streamline operations so that the practice can respond quickly and effectively to issues
- Increase the accuracy and appropriateness of patient documentation
- Promote internal communication regarding all practice issues
- Establish and monitor educational/training requirements for all employees and ensure training is specific to job responsibilities
- Through appropriate legal and accounting review, ensure all joint ventures, lease arrangements, and outside contracting comply with the OIG advisory opinions and Stark requirements for such arrangements
Consider establishing a team in your practice with the responsibility for developing and implementing the compliance plan. The team should consist of the office manager or administrator, billing manager, nursing supervisor and a physician champion. The responsibilities of the team should include:
- Appointing and evaluating the performance of the Compliance Officer
- Monitoring the effectiveness of the Compliance Plan
- Approving all changes to the Compliance Plan
- Defining the measurement tools and reporting processes for ensuring compliance efforts
- Ensuring that new and established Practice Policy is consistent with Compliance Plan
- Establish an annual budget for Compliance activities, including all auditing and educational requirements
- Train new staff or staff reassigned to new positions as to their compliance responsibilities
As you begin to develop and implement your compliance plan, you should simultaneously conduct an audit of practice operations related to billing and collections. This will include the following elements:
- Adherence to financial policies as outlined in the Compliance Manual, related to accounts receivable management
- Adherence to proper coding practices, including the appropriate use of modifiers
- Billing only for services rendered
- Provision of adequate and legible documentation for all services rendered
- Ensuring proper assignment/reassignment of Medicare payments
- Providing proper supervision of all patient services
- Adherence to supervision and billing requirements for all “incident to” services
- Adherence to billing, certification, and scope-of-practice laws for nurse practitioner direct bill services
- Provision of medically necessary services to patients, or notification otherwise
- Avoiding improper referral arrangements
- Ensuring that compensation for provider staff and/or outside consultants will not provide any financial incentives for improper coding or billing practices
- Avoid improper patient inducements for the benefit of increasing patient volume/services
- Avoid the use of professional courtesy as an improper inducement of referrals
- Collect copays and deductibles in accordance with any third-party, federal, and state guidelines
- Following billing and coding rules issued by CMS, third-party payers, and appropriate professional associations (e.g., AMA, ACOG, etc.).
You should conduct random audits at least once a year. If problems are identified, expand the internal investigation to all relevant personnel. Conduct an analysis of the issue(s) in accordance with applicable laws, regulations, requirements, guidelines, etc. Make sure that you don’t destroy any evidence related to the violation.
A key element of the investigation is documentation, which should include the following:
- Description of investigation
- Copies of interview notes and key documents
- Log of witnesses interviewed and documents reviewed
- Corrective action taken
If the violations are serious enough to result in “self-disclosure”, i.e., reporting the incident to the Medicare or Medicaid carrier, you may want to consider involving an attorney.
Communication Is Key
While the ACA’s requirement of a mandatory compliance plan certainly increases the seemingly unrelenting burden of regulation on medical practices, we view it as another attempt to legislate common sense. The requirements represent the way your practice should be behaving now. As with OSHA, HIPAA, and the myriad of other minor rules and regs, the key to compliance is training and re-training physicians and staff; having routine, open meetings to discuss potential problems; and having an active process in which staff may express concerns or even complaints with no threat of retribution.
L. Michael Fleischman