In the first part of the series on developing a voluntary Office of Inspector General compliance plan for solo and small medical practices, we discussed how to conduct internal monitoring, auditing and how to implement quality compliance practice standards. OIG recommendations for small practices includes five more essential areas that you should review with an experienced healthcare compliance attorney.
Implementation of what OIG recommends is no guarantee against the filing of regulatory complaints. Crafting a quality compliance program can help reduce the risk of complaints. The act of creating a plan can also help to show the individual and medical practice did have a good faith plan for trying to comply with federal and state laws. A good faith plan can help show the practice didn’t intend to commit any wrongdoings.
Designating a compliance officer or compliance contact
Once the initial audit has been done and initial standards policy have been designed, the practice should appoint a person who accepts the responsibility for further development of the plan, implementing the plain, and seeing to it that the medical practice follows the plan.
More formal compliance plans designates a compliance officer who handles the daily operations of the compliance program. Since many smaller medical practices can’t afford to hire a full-time staff member, the OIG recommends that medical practice choose several employees who will oversee the compliance plan. The standards and practices part of the plan should designate who these “compliance contacts” are and what their duties are. Some of the ways duties can be split among several employees are:
- Have one person prepare and monitor the written procedures
- Another person could be responsible for the billing related compliance issues.
It may also be acceptable to outsource the compliance responsibilities to a managed service organization (MSO), a third-party billing business, or some other entity with the experience and resources to handle the compliance regulatory tasks. If compliance duties are outsourced, a physician or liaison in the medical practice should be chosen as a personal interface. Outsourcing often works better when the third-party is in the same geographic region.
Offsite compliance managers should work with the internal physician or liaison officer who understands how the practice operates. There should be standards in place, where offsite compliance companies manage several medical practices, as to how conflicts of interest will be handled.
The overall duties, according to the OIG recommendations, that a compliance officer(s) should have includes:
- The oversight of the implementation of the compliance plan
- Creating procedures to “improve the practice’s efficiency and quality of services, and to reduce the practice’s vulnerability to fraud and abuse”
- Updating the compliance plan as laws change or are updated or the payor plans change their payment criteria
- Crafting an education plan including in writing or online materials for the staff of the solo or small medical practice
- “Ensuring that the HHS–OIG’s List of Excluded Individuals and Entities, and the General Services Administration’s (GSA’s) List of Parties Debarred from Federal Programs have been checked with respect to all employees, medical staff and independent contractors”
- Conducting an investigation when unethical or improper business or billing practices are brought to their attention. The actions taken to verify compliance and prevent similar problems from occurring are also part of a compliance officer’s duties
Not every plan will be the same for every type and size of practice. Compliance programs should match the type of practice and how it operates.
Health care governing boards can look to “Practical Guidance for Health Care Governing Boards on Compliance Oversight” for advice in designing a compliance program.
Education and Training Requirements and Strategies
Creating a quality compliance program doesn’t do any good if the doctors, nurses, medical staff, and administrative staff doesn’t know how to implement it – they should know what they can do and what they shouldn’t do. The main parts of any education/training program according to the OIG are:
- Deciding who needs to be trained
- Deciding what the medical practice workers need to be trained in – such as how to code and how to submit bills
- Reviewing what training methods work best. Training can include hands-on training where an instructor works through examples with the staff members. Training materials can be in print, slideshow presentations, or other formats. Decisions should be made about whether the staff members can study the requirements on their own or whether the training should be interactive.
- Deciding how often the staff and other doctors should be trained
- Determining if the training should be in-house, at the medical practice’s site, or at an offsite location. Offsite training is a consideration if the solo or small medical practice is using a third-party compliance manager
The main parts of a regulatory training program include:
- Compliance training. Medical professionals and other medical workers need to be trained on the applicable laws and statues such HIPAA, Stark Law, Anti-Kickback statutes, and any other self-referral laws. These laws need to be discussed with a skilled healthcare compliance lawyer for small practices. The staff should understand what individual steps they need to take to comply, the consequences to the medical practice if they don’t follow the compliance protocols, and what steps to take if they observe a problem. The employees should understand that compliance is a condition of their employment. They should know that if they follow the protocols or consult with the compliance officer/contact; their job shouldn’t be in jeopardy. They should understand that failure to follow the compliance standards can result in dismissal or disciplinary action. New employees should be trained on compliance requirements as soon as they start working.
- Coding and billing training. Who should be trained depends on the nature of the medical practice and the responsibilities of each worker. Generally, physicians and anyone who does anything with federal healthcare program billing should be trained. Medicare and Medicaid are the two most used federal healthcare programs which pay bills based on the proper codes. Some of the coding and billing issues that require training include:
- The general coding requirements – when there must be a code for a service or treatment
- How claims mature and how they are submitted including an understanding of federal health care standards
- The prohibition against “signing a form for a physician without the physician’s authorization”
- What documentation is needed and how it should be recorded for any service or treatment
- Explaining, after consulting with an experience small medical practice healthcare attorney, the legal consequences and penalties for submitting bills that are false
- Physician training for ICD–9, HCPCS and CPT manuals (in addition to the carrier bulletins construing those sources) and make them available to all employees involved in the billing process.”
The OIG recommendations for individual and small medical practice training do not require separating the training for compliance from the training for billing and coding. In fact, it may be better to integrate the training so the staff can see a bigger picture.
The training doesn’t end with the initial course. The OIG recommends that the training be, at least, on an annual basis.
Expect to see more and more compliance enforcement actions against physician practices – and also more physician awareness of how they can pro-actively manage liability and follow legal […]
How to respond to detected offenses and how to take corrective actions
Medical practices and their staff need to understand how to detect possible violations of laws, regulations, and compliance procedures – and what steps to take if a possible or active violation occurs. Failure to respond can result in civil and criminal investigations and penalties depending on which law was violated and the nature of the offense. Compliance violations directly affect the credibility of the medical practice.
Some of the possible corrective steps the individual or small medical practice should consider for handling compliance violations include:
- Returning any payments wrongfully received
- Developing a plan for corrective action
- Reporting the overpayment or wrongful payment to the government
- Possibly even referring the violation to legal authorities, after consulting with the medical practice’s healthcare lawyer
Some of the red flags the compliance officer and employees should examine include major changes in the types or number of claims that are rejected or instances where the submitted amount is reduced.
Medical practices should consult with experience healthcare compliance lawyers who can explain some of the other red flags that the practice should be looking for and the steps needed to respond to those flags. The attorney can also explain what happens if no corrective actions are taken.
The OIG has what it calls a “Provider Self-Disclosure Protocol.” This protocol “encourages providers to voluntarily report suspected fraud.” The Provider Self-Disclosure Protocol can be located on the OIG’s web site at: http://www.hhs.gov/oig. The OIG just doesn’t have the resources to monitor every healthcare claim. It relies, to some extent, on the desire of health practices to police their own practices. Prompt disclosure of violations may mitigate any charges of criminal violations of the relevant federal healthcare laws.
In short, one of the worst things a medical practice can do is fail to respond to any allegations of violations of either the laws or the compliance protocols.
Creating communication channels to encourage a discussion of violations and compliance standards
In small practices, opening lines between someone who discovers a violation and the compliance officer generally require less formal communication channels than larger practices. Some small practice communication techniques include:
- An open-door policy
- A compliance bulletin board
- Explaining what a “good faith” belief of a violation is
- An anonymous drop box
- An understanding, set forth in the compliance policy manual, that failure to report fraud or misconduct is a breach of the compliance program
- A procedure for processing complaints including
- lists of reported or identified concerns,
- initiation and the results of internal assessments ,
- training needs,
- regulatory changes,
- other operational and compliance matters
- Coordinating complaints with the billing compliance officer
- A way to protect the anonymity of the person communicating the erroneous or fraudulent bill or conduct – though the OIG recognizes this may be very difficult in a small medical practice
- Explaining that anyone files a good faith disclosure or complaint will not be subject to retributive action
- Understanding who should be told of a possible compliance violation
Solo and small medical practices needs to:
- Designate a compliance officer or contact
- Train the physicians and staff of their obligations in the compliance plans and procedures
- Respond promptly when anyone discloses errors or misconduct to the compliance officer or when there is a complaint from a federal agency
- Create free-flowing communication channels that encourage the reporting of breaches to the compliance plan
To craft a regulatory compliance plan that helps your medical practice get paid for reasonable and necessary services, contact Cohen Healthcare Law Group, PC. who understands the OIG compliance guidelines. We also understand the federal laws that apply to solo and individual medical practices. We helped numerous clients meet the challenges of reducing the risk of billing and regulatory complaints by Medicare, Medicaid, and other federal agencies – by crafting compliance plans for their practices.