Image Credit: STUART JENNER/SHUTTERSTOCK.COM
Whether you’re considering selling your practice, growing your practice or maintaining the status quo, it’s important to periodically do a checkup on your internal operations and compliance with the law. It’s always preferable to discover problems within your practice and correct them (if possible) before those issues are discovered by third parties, such as the government or a potential buyer.
A failure to review your internal operations prior to selling your practice could limit the interest of potential buyers, delay the closing of a sale and reduce the economic benefit to you. Increased attention from recovery audit contractors (RACs) and other government agencies that are tasked with finding instances of Medicare and other government expenditure overpayments may also ensue.
Consider using the following questions in your review checklist:
- Do you have any business relationships with referral sources or recipients of your referral?
- Do you have any “discount” or other benefits that are provided to referral sources? If yes, these should be vetted by legal counsel to ensure that such arrangements are permissible under fraud and abuse laws.
- Do you have written internal policies and procedures that ensure compliance with all regulatory requirements associated with your referral relationships?
Marketing & Sales Activities
Review all of your marketing and sales materials to determine if there are any circumstances in which your marketing activities may involve potential fraud and abuse law violations (e.g., referrals from physicians with a financial interest in the practice). Do you have written policies and procedures that address appropriate and inappropriate marketing and sales activities? If not, implementing written policies and procedures and conducting training for all personnel that may be involved in such activities should be a priority.
If your employment agreement includes a restrictive covenant, such as a noncompetition clause, it’s possible that state law may have changed regarding the enforceability of such a provision since the contract was signed.
Financial Documentation Review
Do you regularly review the coding and charge information for your office visits and procedures? This information can change often, and there should be mechanisms in place to capture those changes. Also, do your medical records document the medical necessity of the procedures performed? This could prove important in government audits and post-payment reviews.
Accurate financial reporting is important, and your accounting practice should be consistent. Accounting reports must be prepared in accordance with recognized accounting standards.
Licensure & Human Resource Matters
Ensure that both the practice and each professional (e.g., physician, nurse, nurse practitioner) have maintained all required licenses, accreditations, certifications and other requirements. Review your employee handbook and current employment and independent contractor agreements to ensure they are up to date and that there have not been any changes in law that would affect the validity of any contract provision. For example, if your employment agreement includes a restrictive covenant, such as a noncompetition clause, it’s possible that state law may have changed regarding the enforceability of such a provision since the contract was signed.
Data Privacy & Security
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations are intended to protect the privacy and security of patients’ protected health information. Ensure your practice has implemented (and enforces) internal policies and procedures to comply with the HIPAA Privacy, Security and Breach Notification Rules. The HIPAA Privacy Rule provides limitations and conditions on the use and disclosure of patients’ protected health information. The HIPAA Security Rule requires implementation of administrative, physical and technical safeguards and certain other organizational requirements to protect the confidentiality and security of electronic protected health information. The HIPAA Breach Notification Rule outlines the requirements pertaining to responding to breaches of patient protected health information.
As part of your internal review, you should ensure that your workforce has been properly trained in HIPAA compliance and that such training is documented in writing. A great deal of focus is placed on HIPAA compliance, and it’s important to remain cognizant of state privacy and confidentiality laws, as well as data security laws, that may affect your practice. You need to comply with all relevant state laws, not only for those states in which you have a physical location, but also states where patients may reside, because those state laws may apply as well.
Conclusion
Conducting regular internal compliance checkups could make the difference between a successful government audit, a lucrative business transaction and/or avoiding civil and criminal penalties for violations of law.
Steven M. Harris, Esq., is a nationally recognized healthcare attorney and a member of the law firm McDonald Hopkins LLC. Contact him via e-mail at [email protected].
