Federal Compliance Mandates for Medical Practices

Image Credit: iQoncept/shutterstock.com

Approximately 10 years ago, the Office of Inspector General (OIG) issued its first guidance on compliance as it relates to federal mandates for physician practices. Although taking the necessary steps can be a daunting task in an era of complex rules and heightened regulations, there are key areas of government-mandated compliance requirements that practices should know about.

Section 6401 of the Patient Protection and Affordable Care Act (PPACA) mandates that all healthcare providers enrolled in the Medicare and Medicaid program establish a compliance program as a condition of enrollment. With this requirement, it is vital for providers to develop a new program or update/revise any existing compliance program as soon as possible. The necessity for physicians to have a compliance program in their practice is not an option, and this is even more urgent for Medicare Advantage organizations and Medicare Prescription Drug Plan sponsors, because compliance programs are already mandatory for these programs. The guidelines can be found at the Department of Health and Human Services Centers for Medicare & Medicaid Services, Pub. 100-16. Section 30 on the Overview of Mandatory Compliance Program gives a foundation as to what is necessary in a compliance program and states: “The compliance program must, at a minimum, include the following core requirements:

1. Written Policies, Procedures and Standards of Conduct;
2. Compliance Officer, Compliance Committee and High Level Oversight;
3. Effective Training and Education;
4. Effective Lines of Communication;
5. Well Publicized Disciplinary Standards;
6. Effective System for Routine Monitoring and Identification of Compliance Risks; and
7. Procedures and System for Prompt Response to Compliance Issues.”

Areas of Risk

Currently, the most common areas of compliance concern live in three key areas of risk:

• Privacy, security and meaningful use;
• Clinical coding; and
• Quality data reporting.

Privacy and security top the risk list (meaningful use will be addressed with quality data reporting). Although patient privacy and health information security are not at the top of everyone’s priority list, practices can no longer be undisturbed about HIPAA compliance. There should be thorough protocols on privacy and security in an effort to protect against any violations. Practices can expect closer scrutiny for HIPAA privacy and security compliance. Penalties have increased significantly under the new regulations. Practices can face fines of up to $50,000 per occurrence—quickly offsetting or negating the EHR incentives they received.¹

It is no surprise the OIG puts clinical coding second on the list of compliance risks. The increasing regulations have put physicians at greater liability and intensify the pressure to address issues due to improper coding; this has made denial of fees, fines and payback, and increased scrutiny from payers become overwhelming. A proactive approach that validates all insurance information through proper capture of information will save time and money in the long run. Practices will need to work on making sure that every encounter is documented to stand entirely on its own. The documentation must back the decision to conduct any test or exam and validate the nature of a procedure or service.

Third on the list of practice risk is quality reporting, because national agencies have a growing concern about quality coding for private practices. Two quality data reporting programs with the potential for a major impact on practices include PQRI and meaningful use. The government has made no secret about the importance of reporting quality data despite the challenges of staff resources or technology to capture the required information.

Manage the Risk

Managing compliance can be a challenge for physician practices, but reducing risk and capturing areas of benefit begin with a focus on the areas of greatest concern. Although HIPAA, coding and data reporting pressures continue to climb while revenues drop and operational costs increase, practices must keep current with new regulatory developments to ensure quality patient care, profitability, improved outcomes and protection against penalties.

Practices can demonstrate due diligence and targeted goals for developing a formal compliance program, even with minimal resources. A list of the core elements expected in a practice compliance program includes:

• Conducting internal monitoring and auditing through periodic audits;
• Implementing compliance and practice standards through the development of written standards and procedures;
• Designating a compliance officer or staff liaison to monitor compliance efforts and enforce practice standards;
• Conducting quarterly or bi-yearly training and education on practice standards and procedures;
• Responding appropriately to any known violations;
• Developing open lines of communication, such as
  • discussions at staff meetings regarding how to avoid erroneous or fraudulent conduct and
  • community bulletin boards, to keep practice employees up to date regarding compliance activities; and
• Enforcing disciplinary standards through well-publicized guidelines.

Practice improvement efforts to create or renew a compliance program must focus on strengthening compliance while improving staff performance and supporting quality patient care.

For additional information or questions on healthcare compliance programs or training to reduce risks or how to respond to denied reimbursement and audits, contact the ACR practice management department at [email protected].

Reference

1. O’Keefe J. Insist on certification. Healthcare IT News. 2009 May.