Strong Compliance Plans for Small Medical Practices

Even small medical practices and individual physicians need strong legal and regulatory compliance, especially in light of risks of kickbacks, Stark violations, HIPAA violations, and a myriad of other regulatory violations. There are just too many federal and state laws and regulations for any medical practice to think it can comply without a having a plan in place. Some of the laws that can cause civil and even criminal penalties if they’re violated include:

  • HIPAA (Health Insurance Portability and Accountability Act)
  • Stark Law
  • Anti-Kickback Statute
  • The False Claims Act
  • The Civil Monetary Penalties Law (CMPL)

The Patient Protection and Affordable Care Act of 2010 requires physicians to have a compliance plan in place for doctors who treat patients on Medicare or Medicaid.

In addition, medical practices must comply with Federal Trade Commission (FTC) rules which regulate how medical practices can be marketed – online and offline. The Federal Drug Administration (FDA) regulates the medications that can be prescribed and how drugs and medical products can be developed.  Experienced healthcare lawyers are skilled at FTC and FDA legal issues as well as other legal issues that healthcare lawyers address with their healthcare industry clients.

The Office of Inspector General (OIG) recommends that Individual and small group practices incorporate the following into their voluntary compliance plan:

  • Conducting internal monitoring and auditing;
  • Implementing compliance and practice standards;
  • Designating a compliance officer or contact;
  • Conducting appropriate training and education;
  • Responding appropriately to detected offenses and developing corrective action;
  • Developing open lines of communication; and
  • Enforcing disciplinary standards

The OIG recommends that these seven criteria be implemented step-by-step. The OIG guidelines are voluntary, not mandatory. The guidelines are not all-inclusive. An experienced healthcare compliance lawyer can explain what steps your practice should implement. The focus on the OIG voluntary compliance recommendations is on Federal health care programs. Many of the strategies apply to private payors too – though there are differences that should be reviewed.


Doctors need to understand the laws and regulations that apply to the way they bill for services, work with insurance companies, submit claims to the government, enter into business relationships […]

Benefits of a Compliance Program

The OIG believes that a physician’s and a medical practice’s top priority is patient care. A quality compliance program makes the practice serve the patient better. Other benefits include:

  • Optimizing how claims are processed and paid
  • Minimizing billing errors
  • Reducing the odds that the OIG of the Centers for Medicare and Medicaid will conduct an audit.
  • Meeting requirements of the self-referral, Stark, fee-splitting, and anti-kickback statutes

Effective compliance programs show that the doctor is making a good faith effort to comply with relevant laws. These programs also send a message to employees that they do have an “ethical duty to come forward and report erroneous or fraudulent conduct, so that it may be corrected.”

The difference between honest errors and fraud

The OIG believes most healthcare professionals are honestly trying to serve their patients and trying to submit legitimate claims. Honest mistakes should not result in civil, criminal, or administrative action – according to the OIG. The main act that OIG uses, the False Claims Act, requires knowledge of the claim’s falsity, deliberate ignorance, or a reckless disregard for the truth of the bills being submitted. The CMPL also requires some form of intent or reckless behavior regarding the false nature of the bills. The criminal standard is proof beyond a reasonable doubt.

The OIG’s compliance plan for individual and small practices also asserts that doctors who return funds that were billed erroneously should also be protected provided there was no knowledge or reckless disregard of the truth. Still, the OIG much prefers that erroneous bills not be submitted because they place a drain on valuable resources. An experienced individual and small practice healthcare lawyer will also explain that the best course of action is to make every effort to submit accurate bills on the first submission.

A good place for physician practices to begin their review is to examine previous claims that have been denied and claims that have been routinely bounced for overpayments.

Step 1. Auditing and Monitoring

The physician practice should review its current billing practices to determine if they are accurate and current. The review should start by asking if the current billing process is working. The initial audit/review should focus on the Claims submission audit process. This review analyzes specific “coding, billing, and documentation requirements.” At least two people, a billing person and a doctor or nurse, should participate in this review.

Some type of benchmark should be established so the practice can compare future reviews against the initial benchmark.  The benchmark review should analyze:

  • Are bills being coded to accurately reflect the medical service being provided (and that the service matches what’s in the documentation)
  • That the documentation is being done on time and correctly
  • That the services are “reasonable and necessary”
  • That there are no undue incentives for billing for unneeded services

The benchmark should review the billing process from the initial intake of patient information through the submission of the bill and the request for payment. The benchmark should examine what parts of the process may be red-flagged for possible non-compliance. The OIGs’ recommendations for the baseline audit are to examine the claims and services that were submitted within a three-month period after the staff was trained and educated on proper procedures. This way, the medical practice can analyze what’s working and what’s not.

After the initial benchmark, audits should be conducted on a yearly basis. A random set of records should then be examined. The OIG recommends:

  • Five or more medical records per Federal payor (i.e., Medicare, Medicaid), or
  • Five to ten medical records per physician

If errors are detected during the review of the random samples, the practice should take immediate steps to remedy them for two reasons. First, to make sure the errors stay as errors and not intentional neglect. Appropriate explanations should be given to the federal payors. Second, to create new policies so that the errors don’t continue or repeat in the future.

Step 2. Standards and procedures

Someone in the medical practice should review if the billing practices are outdated or current and if they are complete or if more issues need to be addressed. In short, the review with the lawyer should analyze what standards apply and what procedures are already in place.

There should be policies for how to respond to known errors. The practice should create a plan for how to respond to the identified risk areas. The plan should be placed in writing so everyone in the office can read it. Medical practices should regularly update clinical forms.

Individual and small medical practices who work with any of the following entities should incorporate the standards of procedures of those entities into the practice’s own standards and procedures

  • PPMC (Physician Practice Management Company)
  • IPA (Independent Practice Association)
  • MSO (Management Service Organization)
  • A third-party billing company


Health care governing boards can look to “Practical Guidance for Health Care Governing Boards on Compliance Oversight” for advice in designing a compliance program.

Review of risk areas

There should be an assessment of known risk areas.  Common risk areas the OIG recommends medical practices focus on include:

Possible coding and billing risks

Coding and billing should be reviewed for the following:

  • Billing for items or services not rendered or not provided as claimed;
  • Submitting claims for equipment, medical supplies and services that are not reasonable and necessary;
  • Double billing resulting in duplicate payment;
  • Billing for non-covered services as if covered;
  • Knowing misuse of provider identification numbers, which results in improper billing;
  • Unbundling (billing for each component of the service instead of billing or using an all-inclusive code);
  • Failure to properly use coding modifiers;
  • Clustering;
  • Upcoding the level of service provided.

The medical practice should understand how to match these risks with current federal and state laws and regulations for billing and private insurer requirements. All billing should match the documentation so if questions arise, the documentation is ready to support the truth of the bill.

Particular attention should be paid to issues of appropriate diagnosis codes and individual Medicare Part B claims (including documentation guidelines for evaluation and management services).

Reasonable and necessary services risks

While doctors do need to order imaging tests, screening tests and diagnostic tests that they reasonably believe will help treat their patients – doctors do need to know that Medicare and Medicaid have their own precise standards for what is “reasonable and necessary.” Bills to Medicare and Medicaid must meet those federal definitions.

The billing should be balanced with the doctor’s understanding that sometimes denials by Medicare and Medicaid are needed in order to be paid by secondary/private insurers. The main key is that the documentation should support the need for the test.

The same risk analysis applies to reasonable and necessary treatments.

Documentation risks

Records should be documented in a timely manner, should be complete, and must be accurate. Proper documentation should support the billing code and the reasonableness and need for the service. Medical records should identify who provided the care and where the care was provided. Records should be legible – it helps to have the right software to input the medical information.

Records should include the relevant patient history and examination results, prior tests, the diagnosis, and the plan of treatment. Any health risk factors should be noted. The documentation should also include the patient’s progress, response to treatments, and any changes to the diagnosis or treatment. HCFA form 1500 is a common form that should be reviewed for accuracy and verification.

Improper inducements, kickbacks and self-referrals risks

The federal and state governments are especially concerned about illegal referrals and kickbacks because they directly affect the type and quality of care the patient receives. In addition to increasing federal costs, improper renumeration means doctors are making decisions based on what’s good for them and not their patient. Often, it means overusing certain services because of an improper arrangement.

The OIG specifically states that it is essential that the individual and small physician practices consult with an experienced healthcare compliance lawyer. Violations of Stark Law, the Anti-Kickback Statute, and state self-referrals laws can result in criminal and civil penalties. The OIG recommends extra caution when medical practices obtain referrals from or give referrals to:

  • Hospitals
  • Hospices
  • Nursing facilities
  • Durable medical equipment suppliers
  • Home health agencies
  • Manufacturers of pharmaceuticals
  • Pharmaceutical vendors

In general, any referrals should be based on the fair market value of the services.

Improper inducements can include more than just cash. They can include waiving deductibles or coinsurance – without reviewing the financial need of the patient.

Some of the specific relationship the OIG warns that practice should review include:

  • Financial arrangements with outside entities to whom the practice rule,
  • Joint ventures with entities supplying goods or services to the physician practice or its patients,
  • Consulting contracts or medical directorships,
  • Office and equipment leases with entities to which the physician refers,
  • Soliciting, accepting or offering any gift or gratuity of more than nominal value to or from those who may benefit from a physician practice’s referral of Federal health care program business.

Part of any standards plan should be a review of how medical records, compliance plans and documentation, and business records will be retained. This retention should include all efforts to comply such as keeping records of any calls on inquiries to federal payors.

The OIG recommends:

  • Setting the time that records will be kept – generally, a set number of years,
  • Securing records against loss, corruption, and other damage,
  • Determining how records will be handled if the physicians sell or close the practice.

The Office of Inspector General has detailed voluntary compliance suggestions for individual doctors and small medical practices. These plans can help the practice reduce the risks that that the practice could be charged with criminal or civil violations. The OIG plans focus on policies and procedures that help make the submission of medical bills to Medicare, Medicaid, and other federal agencies easier and more accurate. The plans are for the whole office, not just the individual doctors.

To craft a regulatory compliance plan that helps your medical practice get paid for reasonable and necessary services, contact Cohen Healthcare Law Group, P.C. today. We help design compliance plans for many individual and small medical practices. Our compliance plans focus on meeting the self-referral, fee splitting, anti-kickback laws, HIPAA, and other legal and regulatory challenges that a physician or medical practice requires.

Contact Us

Book your Legal Strategy Session now
Cohen Healthcare Law Logo

Contact our healthcare law and FDA attorneys for legal advice relevant to your healthcare venture.

Start typing and press Enter to search