by Jesse Overbay, JD
June 30th, 2017
By now, hopefully most (if not all) practices know that the Office of Inspector General (OIG) has been stressing the importance of creating and abiding by a compliance plan for most of this decade. In its own words, the OIG believes "that a healthcare provider can use internal controls to more efficiently monitor adherence to applicable statutes, regulations, and program requirements." The OIG has even been kind enough to provide the seven components upon which a physician practice can create a voluntary compliance program. Click here to read this information.
Perhaps your practice has been a bit slow to adhere to the OIG's guidance on implementing a voluntary compliance program. After all, it is "voluntary" so why spend the time, money, and resources on this area instead of an area that has better return on investment (ROI), such as patient care? The OIG states "a practice's focus on patient care can be enhanced by the adoption of a voluntary compliance program.". The example given is that an increase in accuracy in the providers' documentation may result from implementing a compliance plan and that, in turn, could actually assist in enhancing patient care.
Additionally, the OIG believes that a well-designed compliance program can:
1. Speed and optimize proper payment of claims
2. Minimize billing mistakes;
3. Reduce the chances that an audit will be conducted by HCFA or the OIG;
4. Avoid conflicts with the self-referral and anti- kickback statutes.
Voluntary compliance programs, assuming the plan is being followed, show that the practice is making good faith efforts to submit claims appropriately and taking steps toward preventing problems from occurring in the future. These programs also impose an ethical duty on employees to report conduct that may be fraudulent so that it can be addressed properly. Not having a compliance program, or not following one that has been created (which is almost worse than not having one) opens the practice up to having the government impose its own compliance plan, known as a Corporate Integrity Agreement (CIA) in the event fraudulent conduct is found.
The difference between a compliance program and a Corporate Integrity Agreement is striking. Whereas a compliance program is voluntary, a CIA is a government-imposed compliance program mandated as part of a civil settlement agreement related to a fraud and abuse investigation. Usually, a CIA is offered to a practice or provider instead of the provider being excluded from all federal healthcare programs. Under a CIA, a practice or provider is under government oversight and an outside expert is going to be involved in the practice's compliance activities. A CIA is designed to be intrusive and to make certain that the practice is in compliance.
In order to avoid the imposition of a CIA, practices need to seriously consider dedicating the time and resources to implementing their own voluntary compliance program. While there are many compliance program kits available, some of which are better than others, it is always best to craft a streamlined manual with customized policies that are followed by everyone in your organization. This will mean appointing or hiring a compliance director, scheduling training for all employees, and most importantly, being willing to change how you may be doing things currently. In some cases, depending on the size of your practice or the complexities involved, it may be necessary to bring in outside help to conduct a gap-analysis, set up your compliance plan, train he staff, and perform other necessary functions.
Once your compliance plan is in place, it needs to be monitored and assessed regularly to ensure its effectiveness. The Compliance Officer must assist the Board or Owners of the practice in the oversight responsibilities and provide periodic updates. Employees must be proactive in reporting possible erroneous or fraudulent conduct and the appropriate steps must be taken to act on those tips. Having an effective compliance program is an active, ongoing process; the plan itself cannot be a static document and an organization can never say it has finished complying. At the end of the day, compliance is everyone's responsibility. It's time to get serious about your practice's compliance and take steps to be proactive, not reactive.