Practice Page: Protecting Your Practice through Compliance

Compliance programs are an effort by the government to maintain integrity in the healthcare system. These programs target activities causing improper payment to determine their root cause: Was it a mistake or error, was it inefficiency or waste of resources, is the provider bending the rules or abusing the system, or was it intentional deception or fraud? There are also laws dictating the compliance culture within practices and institutions; for example, red-flag rules, antikickback statute, and stark law, to name a few.

The Office of Inspector General (OIG) is dedicated to combating fraud, waste, and abuse, and to improving the efficiency of federal programs funded by the government, including Medicare and Medicaid. The OIG has several audits in place regulating medical necessity, documentation, and medical identity theft to reduce fraudulent billing. Your practice may benefit from implementing a compliance program to prepare it for healthcare reform initiatives.

Compliance programs vary depending on the size of the practice, whether it’s private or hospital owned, and other variables. Implementing a plan now that promotes transparency, quality, and accountability will facilitate the groundwork for healthcare reform initiatives. An effective compliance program starts with:

• Formal written guidelines, policies, protocols, and codes of conduct. Supporting documentation is required to confirm policies are enforced fairly and training provided yearly;
• A dedicated compliance officer or committee, depending on the size of your practice;
• Proper training and education, especially on the stiff penalties associated with improper documentation and billing/coding practices; and
• Internal controls and a prominently posted list of the people responsible for each aspect of the program.

Without continuous education and monitoring, the program will not sustain itself. Remember to:

• Set and measure goals and effectiveness;
• Effectively communicate expectations and disciplinary courses of actions;
• Perform internal audits and continuous monitoring; and
• Enforce policies and procedures accordingly and follow through with corrective actions.

The OIG and the Centers for Medicare and Medicaid Services (CMS) work together to conduct audits throughout the U.S. Physicians and/or their practices are grouped into geographical regions or jurisdictions and independent contractors are hired to oversee audits in that area, collect data, and report to both CMS and OIG. When compliance issues arise, documentation is vital. The rule of thumb is, “If it is not documented, it didn’t happen”; therefore, every visit must be documented and support medical necessity to validate your billing and coding practices.

The OIG is diligently investigating claims of medical identity theft identified by fraudulent medical bills submitted to insurance companies identified once the explanation of benefits is received by the subscriber; and audits triggered by fraudulent claims submitted for reimbursement the system flags due to pre-existing condition or medical necessity, among other methods. Your compliance program should have guidelines and protocols in place to address audits and also prevent medical identity theft.

Medical identity theft is a growing concern and occurs when someone steals personal information along with insurance identification numbers to obtain medical services and prescriptions, and to submit fraudulent claims to insurance carriers. As part of your compliance program, systems should be in place to prevent exposure of patient information and liability, such as:

• Locking computers when finished working to prevent access to personal information, which is extremely important for offices with computers in exam rooms;
• Filing charts instead of leaving them around the office; and
• Conducting background checks on your employees.

The entire practice team is pivotal in the prevention process. Here are some tips to reduce liability and sustain compliance measures.

• Act promptly when served with audit papers, and respond immediately with a standardized letter (for samples, visit www.rheumatology.org/practice).
• Understand the current medical audit landscape and how it affects you as a physician and your practice as a whole.
• Understand the importance of documentation as it relates to patient safety, provider protection, and quality care.
• Remember that accurate coding and billing are critical and must support medical necessity for every visit to avoid stiff penalties.
• Develop a general understanding of the audit appeals process and your rights within the process for each type of audit or auditor.
• Know key risk areas on which the government will focus and learn practical approaches for reducing your risk and exposure.
• The OIG is committed to reducing fraud and abuse in Medicare, Medicaid, and Health and Human Services. Some of the services offered by the government agency are compliance guidance and physician education and training on avoiding investigations derived from identity theft and audits. The OIG resources expand to assist during the investigation process and provide guidance on the crucial guidelines required to position physician practices to adapt and sustain healthcare reform initiatives. These resources can be found at http://oig.hhs.gov.

The ACR Is Here for You

The ACR has online forms available at www.rheumatology.org/practice to assist you with proper documentation.

For a more in-depth explanation of the healthcare laws, and for resources on preventing audits and medical identity theft leading to fraudulent billing, visit http://oig.hhs.gov.

If you have questions related to practice management, contact the ACR’s practice management senior specialist, Cindy Gutierrez, MBA, at (404) 633-3777 or [email protected].