by Evan M. Gwilliam DC MBA BS CPC CCPC QCC CPC-I MCS-P CPMA CMHP
October 16th, 2014
In October of 2000 in the Federal Register the Office of the Inspector General (who investigates fraud against the federal government on behalf of the Department of Health and Human Services) offered general guidelines for health care facilities to set up a “Compliance Program”. This advice has long been pushed to the wayside by busy practice managers and providers. It looked like a bureaucratic headache imposed by a government that wants to control our every action and give us pointless work that keeps us from actually helping patients. However, the Affordable Care Act made Office Compliance Programs mandatory as a condition of enrollment in Medicare, date yet to be determined.
While this program won’t guarantee that an office will never violate any regulations, federal agencies will consider the existence of such a plan as a mitigating factor if an investigation were to ensue. While there is little enforcement of this mandatory requirement at this time, logic suggests that private payers will soon require such a plan as a condition of participation in their networks. Therefore, a compliance plan has become a necessary part of doing business in healthcare.
A full office compliance plan can address issues with:
- CMS guidelines
- OIG Work Plan
- HIPAA (Privacy and Security)
- NCQA guidelines
- Stark Laws (I, II, & III)
- Anti-kickback laws
- State Laws
According to the OIG, a compliance plan should include the following seven core elements
- Implementing written policies
- Designating a compliance officer
- Conducting comprehensive training and education
- Developing accessible lines of communication
- Conducting internal monitoring and auditing
- Enforcing standards through well-publicized disciplinary guidelines
- Responding promptly to detected offenses and taking corrective actions
Though a Compliance Plan is somewhat complex and requires familiarity with many guidelines and regulations, it can actually increase the operational efficiency of a practice. It provides protection from some of the complications associated with doing business with health insurance companies. Indeed, if a violation were found, it could prevent massive refunds to payers and even criminal sanctions. If an employee understands the procedures in place for dealing with overpayment, they are more likely to resolve the issue internally, rather than becoming a “whistleblower”, which can have catastrophic effects on a practice. Besides, practices should be honest and thorough in how they do business. A Compliance Plan simply asks providers to stay ethical and legal in all that they do, which is not an unreasonable expectation.
Nearly every Medicare Administrative Contractor has begun to increase their efforts to identify fraud and abuse. For example, probe reviews, which include review of a small number of records, have become very common in Chiropractic offices around the country. If errors are identified, this can lead to an Expanded Postpayment Review. Contractors have also issued Comparative Billing Reports which tell providers how they compare to their peers in terms of benchmarks. Falling outside the norm on these reviews should serve as a wakeup call to improve compliance related activities.
Protection can be achieved by first reviewing Medicare policies and procedures. The next step is to implement an Office Compliance Plan as soon as possible. Recovery Audit Contractors (RACs) have already increased efforts in the past year to review claims before payment is made. According to CMS’s submission to the Office of Management and Budget, RACs look for “dramatic change in the frequency of use, high cost, high risk prone areas, or unexplained increases in volume when compared to historical or peer trends.” RACs use statistical analysis by comparing provider services to the Medicare Bell Curve, which is unique to each specialty. Providers need not match this bell curve perfectly; they simply must be able to demonstrate the medical necessity of services that fall outside the norm. It is important to note that RACs are paid on commission. If they don’t find a reason to ask for money back, they don’t get paid. There is a high incentive for them to find fraud or other problems. In fact, this type of work is very lucrative. For every dollar spent on audits, $8 is recovered. This is far better than investment in the stock market or even real estate (before the bubble popped). Consequently, rumor has it that employment for investigators and regulators is on the increase.
One of the most important pieces of a compliance plan is internal monitoring and auditing. CMS expects practices to perform voluntary self-audits at a minimum of once each year. It is wise to use certified auditors or compliance specialists for this purpose. Unfortunately, if an internal audit leads to a voluntary refund, it does not protect an office from further fines or penalties. The best protection is to establish an Office Compliance Plan so that the likelihood of violations is decreased and there is no need to provide a refund.
Establishing a compliance plan from scratch includes a review of the facility physical layout, HIPAA manual and procedures, OSHA manual and Exposure Plan, office policies and procedures, and job descriptions. In addition, a complete audit of ten charts is advised (at least five Medicare), including claims and EOBs (explanation of benefits). Then deficiencies should be identified. In this way the Office Compliance Program can be customized for an individual medical practice.
Compliance is not a dirty word. Indeed, it is the very opposite. It makes an office cleaner. Plus it is now mandatory (sort of) by the Affordable Care Act. Just like you need a driver’s license to be out on the roads, medical practices need a Compliance Plan in order to do business. It is not enough to simply create a binder full of text that has never been read. It is a living document that must be followed and updated on a regular basis. Otherwise it is considered invalid. There is no cookie cutter plan. It must be customized for each office, and ideally requires a full time individual or a contractor with expertise to maintain the program. The result will be a clinic that does business more efficiently and without fear of non-compliance.