- Implement written policies, procedures and standards of conduct;
- Designate a compliance officer and a compliance committee;
- Practice due diligence in delegating authority. This, he said, should involve performing thorough background checks on employees and checking the Office of the Inspector General (OIG) exclusion list, which is required monthly;
- Educate employees and develop effective lines of communication. A monthly newsletter reminding employees what is expected of them and of billing changes is a good way to stay engaged with the staff, he said;
- Conduct internal monitoring and auditing. He suggested an audit of 20 charts as a baseline audit and then auditing five to 10 charts per physician each quarter to see how their billing compares with norms. “If you’re not taking those steps to actually develop baseline risk assessments for your coding and your documentation in your practice, then you don’t know if you’re going to be subject to an audit,” he said;
- Enforce standards through well-publicized disciplinary guidelines.
“If the rule is in place, there has to be a consequence if you don’t follow it,” Mr. Overbay said; - Respond promptly to detected offenses and undertake corrective action.
“If vulnerabilities, non-compliance, or potential or actual violations are identified, there must be a plan for corrective action,” he said, including education, repayment or disciplinary action.
Practices should work to build a culture that makes compliance the norm. This involves an awareness of the ethical and legal issues, a perception of fair treatment among employees, a willingness to report legal violations, a knowledge of where to go with ethics and compliance questions, a perception that leadership cares about ethical conduct and a “perception that ethical behavior is rewarded and unethical behavior is punished at all levels,” Mr. Overbay said.
Self-Reporting, Oversight & Audits
Rheumatology practices have to be aware that “rheumatology is a very high-audit, high-risk specialty,” Mr. Overbay said.
When it comes to questions about Stark law violations, there is a long list of exceptions. When a question arises about whether or not your situation fits into an exception category, it is probably time to get professional advice.
“That’s where you would want to get some outside counsel and ask a healthcare attorney—somebody who’s very experienced in the Stark law—about the exceptions and if any of them apply to you,” he said.
Above all, Mr. Overbay said, “you are supposed to be your own monitor of fraud, waste and abuse.”
He said physicians should consider self-disclosure, which can be done online.
With self-disclosure, the possibility of reduced penalties increases, with less per claim than otherwise—an important consideration because Stark violations carry a six-year lookback period. Self-disclosure also offers the chance to avoid exclusion from Medicare as part of the settlement, as well as potential protection from a whistleblower action.
Self-disclosure is also an option when someone thinks they may have violated the anti-kickback statute. The OIG offers guidance on how to investigate conduct, quantify damages and report the conduct
Under the False Claims Act, penalties can include payment suspension, civil monetary penalties, exclusion from Medicare from one year to a permanent exclusion and corporate integrity agreements. Violations can also be self-reported to the OIG.
Mr. Overbay said he is sometimes asked, “What if a provider comes to me and makes me as a biller or coder submit something I know is fraudulent?” As long as the biller can “make some plausible argument that they were under duress,” the government is unlikely to take action against them, he said.
It’s important to understand the difference between fraud, or intentionally deceiving the government for personal benefit, and abuse, which involves actions that result in unnecessary costs to the government.
“The primary difference between fraud and abuse is intent,” Mr. Overbay said.
The world of government healthcare auditing involves an alphabet soup of officers and programs that can almost rival that of medicine itself. The goal—to reduce financial waste and protect public money—is a good one, Mr. Overbay said.
UPICs, or unified program integrity contractors, are particularly active right now, Mr. Overbay said. Their goal is to detect, deter and prevent waste and abuse, and they receive bonuses for the money recovered. “It’s in their best interest to send out as many audits as they can and try to get back as much money as they can,” he said.
A RAC, or recovery audit contractor, reviews claims after payments have already gone out to detect and correct past payments that were improper.
CERT is comprehensive error rate testing—a way to assess if Medicare administrative contractors are paying claims properly. This generally involves relatively simple audits of coding and billing, and is not focused directly on providers, but is not something to ignore, Mr. Overbay said.
TPE, or targeted probe and educate, is a program meant to increase accuracy in billing in very specific areas. The goal, the CMS says, is to help the provider improve quickly.
Although the CMS has well-defined levels of appeal, that’s not the case with private payers. “Private payers can make their own rules, essentially,” Mr. Overbay said. Sometimes, their requests for documentation can have unreasonably tight deadlines.
The main issue private payers are concerned with is medical necessity, Mr. Overbay said. “That is the biggest keyword.”
There is no standard definition, but elements of medical necessity include: generally accepted standards of medical practice; clinically appropriate; not primarily for convenience; and not more costly than an alternative service that is at least as likely to produce the same result.
Eventually, Mr. Overbay said, you can expect to be audited. Have a compliance plan, and use it; provide adequate education, and conduct regular training; have an audit response plan; and perform spot and regular audits yourself.
When an audit request comes, it’s important to read the request thoroughly; to note and adhere to the timelines; to ask for extensions when necessary; to be thorough, clear and concise when responding; and to consider retaining an outside attorney to work with you on the audit.
