Part 7 -

Compliance Programs for Physician Practices Black-Schaffer & Johnson

Compliance Programs for Physician Practices Office of Inspector General, HHS, Publication of the OIG's Final Compliance Program Guidance for Individual and Small Group Physician Practices (65 FR 59434; October 5, 2000). [http://www.os.dhhs.gov/oig/oigreg/physician.htm] Compliance Programs [U]nlike other guidances issued by OIG, this guidance for physicians does not suggest that physician practices implement all seven components of a full scale compliance program. Instead, the guidance emphasizes a step by step approach to follow in developing and implementing a voluntary compliance program. This change is in recognition of the financial and staffing resource constraints faced by physician practices. The guidance should not be viewed as mandatory or as an all-inclusive discussion of the advisable components of a compliance program. The goal of voluntary compliance programs is to provide a tool to strengthen the efforts of health care providers to prevent and reduce improper conduct. These programs can also benefit physician practices by helping to streamline business operations by: Speeding and optimizing proper payment of claims; Minimizing billing mistakes; Reducing the chances that an audit will be conducted by CMS or the OIG; Avoiding conflicts with the self-referral and anti-kickback statutes. Voluntary compliance programs also provide benefits by not only helping to prevent erroneous or fraudulent claims, but also by showing that the physician practice is making additional good faith efforts to submit claims appropriately. A compliance program also sends an important message to a physician practice's employees that while the practice recognizes that mistakes will occur, employees have an affirmative, ethical duty to come forward and report erroneous or fraudulent conduct, so that it may be corrected. There [are] critical differences between what the Government views as innocent "erroneous" claims on the one hand and "fraudulent" (intentionally or recklessly false) health care claims on the other. [U]nder the law, physicians are not subject to criminal, civil or administrative penalties for innocent errors, or even negligence. The Government's primary enforcement tool, the civil False Claims Act, covers only offenses that are committed with actual knowledge of the falsity of the claim, reckless disregard, or deliberate ignorance of the falsity of the claim. [I]mplementing a voluntary compliance program can be a multi-tiered process. Initial development ... can be focused on practice risk areas that have been problematic for the practice such as coding and billing. [T]he practice should examine its ... most frequent sources of ... denials or overpayments. A review ... will help the practice scrutinize a significant risk area and improve its cash flow by submitting correct claims that will be paid the first time they are submitted. As this example illustrates, a compliance program for a physician practice often makes sound business sense. Step One: Auditing and Monitoring An ongoing evaluation process is important to a successful compliance program. There are two types of reviews that can be performed as part of this evaluation: 1. Standards and Procedures: individual(s) in the physician practice [should be] be charged with periodically reviewing the practice's standards and procedures to determine if they are current and complete. 2. Claims Submission Audit: bills and medical records [should] be reviewed for compliance with applicable coding, billing and documentation requirements. The practice's self-audits can be used to determine whether: Bills are accurately coded and accurately reflect the services provided (as documented in the medical records); Documentation is being completed correctly; Services or items provided are reasonable and necessary; and Any incentives for unnecessary services exist. One of the most important components of a successful compliance audit protocol is an appropriate response when the physician practice identifies a problem. In some cases, the response can be as straight forward as generating a repayment with appropriate explanation to Medicare or the appropriate payor from which the overpayment was received. [But t]here is no boilerplate solution to how to handle problems that are identified. Step Two: Practice Standards and Procedures After the internal audit identifies the practice's risk areas, the next step is to develop a method for dealing with those risk areas through the practice's standards and procedures. Written standards and procedures are a central component of any compliance program. Physician practices ... can develop them by: (1) Developing a written standards and procedures manual; and (2) updating clinical forms periodically to make sure they facilitate and encourage clear and complete documentation of patient care. To assist physician practices in performing this initial assessment, the OIG has developed a list of four potential risk areas affecting physician practices. These risk areas include: (a) coding and billing; (b) reasonable and necessary services; (c) documentation; and (d) improper inducements, kickbacks and self-referrals. a. Coding and Billing. A major part of any physician practice's compliance program is the identification of risk areas associated with coding and billing. The following risk areas associated with billing have been among the most frequent subjects of investigations and audits by the OIG: Billing for items or services not rendered or not provided as claimed; Submitting claims for equipment, medical supplies and services that are not reasonable and necessary; [I]nvolves seeking reimbursement for a service that is not warranted by a patient's documented medical condition. ("no payment may be made under part A or part B [of Medicare] for any expenses incurred for items or services which ... are not reasonable and necessary for the diagnosis or treatment of illness or injury or to improve the functioning of the malformed body member") Double billing resulting in duplicate payment; [O]ccurs when a physician bills for the same item or service more than once or another party billed the Federal health care program for an item or service also billed by the physician. Although duplicate billing can occur due to simple error, the knowing submission of duplicate claims (which is sometimes evidenced by systematic or repeated double billing) can create liability under criminal, civil, and/or administrative law. Billing for non-covered services as if covered; Knowing misuse of provider identification numbers, which results in improper billing; Unbundling (billing for each component of the service instead of billing or using an all-inclusive code); Unbundling is the practice of a physician billing for multiple components of a service that must be included in a single fee. Failure to properly use coding modifiers; A modifier, as defined by the CPT–4 manual, provides the means by which a physician practice can indicate a service or procedure that has been performed has been altered by some specific circumstance, but not changed in its definition or code. Assuming the modifier is used correctly and appropriately, this specificity provides the justification for payment for those services. Clustering; This is the practice of coding/charging one or two middle levels of service codes exclusively, under the philosophy that some will be higher, some lower, and the charges will average out over an extended period (in reality, this overcharges some patients while undercharging others). Unbundling (billing for each component of the service instead of billing or using an all-inclusive code); Upcoding is billing for a more expensive service than the one actually performed. Furthermore, written standards and procedures should ensure that coding and billing are based on medical record documentation. Particular attention should be paid to issues of appropriate diagnosis codes and individual Medicare Part B claims. The failure of a physician practice to: (i) document items and services rendered; and (ii) properly submit the corresponding claims for reimbursement is a major area of potential erroneous or fraudulent conduct involving Federal health care programs. The OIG has undertaken numerous audits, investigations, inspections and national enforcement initiatives in these areas. b. Reasonable and Necessary Services. A practice's compliance program may provide guidance that claims are to be submitted only for services that [are] reasonable and necessary. The OIG recognizes that physicians should be able to order any tests, including screening tests, they believe are appropriate for the treatment of their patients. However, a physician practice should be aware that Medicare will only pay for services that meet the Medicare definition of reasonable and necessary. "... for the diagnosis or treatment of illness or injury or to improve the functioning of a malformed body member." c. Documentation. Timely, accurate and complete documentation is important to clinical patient care. This same documentation serves as a second function when a bill is submitted for payment, namely, as verification that the bill is accurate as submitted. Therefore, one of the most important physician practice compliance issues is the appropriate documentation of diagnosis and treatment. 1. Medical Record Documentation. In addition to facilitating high quality patient care, a properly documented medical record verifies and documents precisely what services were actually provided. The CPT and ICD–9–CM codes reported on the health insurance claims form should be supported by documentation in the medical record and the medical chart should contain all necessary information. Additionally, CMS and the local carriers should be able to determine the person who provided the services. d. Improper Inducements, Kickbacks and Self-Referrals. A physician practice would be well advised to have standards and procedures that encourage compliance with the anti-kickback statute and the physician self-referral law. Remuneration for referrals is illegal: it can distort medical decision-making, cause overutilization of services or supplies, increase costs to Federal health care programs, and result in unfair competition by shutting out competitors who are unwilling to pay for referrals. The anti-kickback statute provides criminal penalties for individuals and entities that knowingly offer, pay, solicit, or receive bribes or kickbacks or other remuneration in order to induce business reimbursable by Federal health care programs. The physician self-referral ("Stark") law prohibits a making a referral to an entity with which a physician or member of the physician's immediate family has a financial relationship, if the referral is for designated health services and unless the financial relationship fits into an exception set forth in the statute or implementing regulations. Possible risk factors relating to this risk area that could be addressed in the practice's standards and procedures include: Financial arrangements with outside entities to whom the practice may refer Federal health care program business; All physician contracts and agreements with parties in a position to influence Federal health care program business or to whom the doctor is in such a position to influence should be reviewed to avoid violation of the anti-kickback, self-referral, and other relevant Federal and State laws. Joint ventures with entities supplying goods or services to the physician practice or its patients; Consulting contracts or medical directorships; Office and equipment leases with entities to which the physician refers; and Soliciting, accepting or offering any gift or gratuity of more than nominal value to or from those who may benefit from a physician practice's referral of Federal health care program business. Physician practices should establish clear standards and procedures governing gift-giving because such exchanges may be viewed as inducements to influence business decisions. 2. Retention of Records In light of the documentation requirements faced by physician practices, it would be to the practice's benefit if its standards and procedures contained a section on the retention of compliance, business and medical records. These records primarily include documents relating to patient care and the practice's business activities. While conducting its compliance activities, as well as its daily operations, a physician practice would be well advised, to the extent it is possible, to document its efforts to comply with applicable Federal health care program requirements. For example, if a physician practice requests advice from a Government agency (including a Medicare carrier) charged with administering a Federal health care program, it is to the benefit of the practice to document and retain a record of the request and any written or oral response (or nonresponse). This step is extremely important if the practice intends to rely on that response to guide it in future decisions, actions, or claim reimbursement requests or appeals. Step Three: Compliance Officer or Contact Person After the audits have been completed and the risk areas identified, ideally one member of the physician practice staff needs to accept the responsibility of developing a corrective action plan, if necessary, and oversee the practice's adherence to that plan. However, the resource constraints of physician practices make it so that it is often impossible to designate one person to be in charge of compliance functions. [T]he following is a list of suggested duties that the practice may want to assign to that person(s): Overseeing and monitoring the implementation of the compliance program; Establishing methods, such as periodic audits, to improve the practice's efficiency and quality of services, and to reduce the practice's vulnerability to fraud and abuse; Periodically revising the compliance program in light of changes in the needs of the practice or changes in the law and in the standards and procedures of Government and private payor health plans; Developing, coordinating and participating in a training program that focuses on the components of the compliance program, and seeks to ensure that training materials are appropriate; Ensuring that the HHS–OIG's List of Excluded Individuals and Entities, and the General Services Administration's (GSA's) List of Parties Debarred from Federal Programs have been checked with respect to all employees, medical staff and independent contractors; Investigating any report or allegation concerning possible unethical or improper business practices, and monitoring subsequent corrective action and/or compliance. Each physician practice needs to assess its own practice situation and determine what best suits that practice in terms of compliance oversight. Step Four: Training and Education Education is an important part of any compliance program and is the logical next step after problems have been identified and the practice has designated a person to oversee educational training. Ideally, education programs will be tailored to the physician practice's needs, specialty and size and will include both compliance and specific training. There are three basic steps for setting up educational objectives: Determining who needs training (both in coding and billing and in compliance); Determining the type of training that best suits the practice's needs (e.g., seminars, in-service training, self-study or other programs); and Determining when and how often education is needed and how much each person should receive. 1. Compliance Training Under the direction of the compliance officer/contact, initial and recurrent training in compliance is advisable both with respect to the compliance program itself and applicable statutes and regulations. [I]tems to include in compliance training are: The operation and importance of the compliance program; the consequences of violating the standards and procedures set forth in the program; and the role of each employee in the operation of the compliance program. 2. Coding and Billing Training Coding requirements; Claim development and submission processes; Signing a form for a physician without the physician's authorization; Proper documentation of services rendered; Proper billing standards and procedures and submission of accurate bills for services or items rendered to Federal health care program beneficiaries; and The legal sanctions for submitting deliberately false or reckless billings. 3. Format of the Training Program Training may be conducted either in-house or by an outside source. [A]nother way for physician practices to receive training is for the physicians and/or the employees of the practice to attend training programs offered by outside entities, such as a hospital, a local medical society or a carrier. This sort of collaborative effort is an excellent way for the practice to meet the desired training objective without having to expend the resources to develop and implement in-house training. 4. Continuing Education on Compliance Issues There is no set formula for determining how often training sessions should occur. Currently, the OIG is monitoring a significant number of corporate integrity agreements that require many of these training elements. The OIG usually requires a minimum of one hour annually for basic training in compliance areas. Ideally, new billing and coding employees will be trained as soon as possible after assuming their duties and will work under an experienced employee until their training has been completed. Step Five: Response to Offenses and Development of Corrective Action Initiatives When a practice determines it has detected a possible violation, the next step is to develop a corrective action plan and determine how to respond to the problem. [U]pon receipt of reports or reasonable indications of suspected noncompliance, it is important … to determine whether a significant violation of applicable law or ... the compliance program has indeed occurred, and, if so, take decisive steps to correct the problem. As appropriate, such steps may involve a corrective action plan, the return of any overpayments, a report to the Government, and/or a referral to law enforcement authorities. Instances of noncompliance must be determined on a case-by-case basis. The existence or amount of a monetary loss to a health care program is not solely determinative of whether the conduct should be investigated and reported to governmental authorities. The physician practice may seek advice from its legal counsel to determine the extent of the practice's liability and to plan the appropriate course of action. One suggestion is that the practice, in developing its compliance program, develop its own set of monitors and warning indicators. Significant changes in the number and/or types of claim rejections and/or reductions; correspondence from the carriers and insurers challenging the medical necessity or validity of claims; illogical patterns or unusual changes in the pattern of CPT–4, HCPCS or ICD–9 code utilization; and high volumes of unusual charge or payment adjustment transactions. It is also recommended that the compliance program provide for a full internal assessment of all reports of detected violations. If the physician practice ignores reports of possible fraudulent activity, it is undermining the very purpose it hoped to achieve by implementing a compliance program. For potential criminal violations, a physician practice would be well advised in its compliance program procedures to include steps for prompt referral or disclosure to an appropriate Government authority or law enforcement agency. In regard to overpayment issues, it is advised that the physician practice take appropriate corrective action, including prompt identification and repayment of any overpayment to the affected payor. The physician practice may consider the fact that if a violation occurred and was not detected, its compliance program may require modification. Physician practices that detect violations could analyze the situation to determine whether a flaw in their compliance program failed to anticipate the detected problem, or whether the compliance program's procedures failed to prevent the violation. In any event, it is prudent, even absent the detection of any violations, for physician practices to periodically review and modify their compliance programs. Step Six: Open Lines of Communication In order to prevent problems from occurring and to have a frank discussion of why the problem happened in the first place, physician practices need to have open lines of communication. Especially in a smaller practice, an open line of communication is an integral part of implementing a compliance program. A compliance program's system for meaningful and open communication can include the following: The requirement that employees report conduct that a reasonable person would, in good faith, believe to be erroneous or fraudulent; The creation of a user-friendly process (such as an anonymous drop box for larger practices) for effectively reporting erroneous or fraudulent conduct; Provisions in the standards and procedures that state that a failure to report erroneous or fraudulent conduct is a violation of the compliance program; The development of a simple and readily accessible procedure to process reports of erroneous or fraudulent conduct; If a billing company is used, communication to and from the billing company's compliance officer/contact and other responsible staff to coordinate billing and compliance activities of the practice and the billing company, respectively. Communication can include, as appropriate, lists of reported or identified concerns, initiation and the results of internal assessments, training needs, regulatory changes, and other operational and compliance matters; The utilization of a process that maintains the anonymity of the persons involved in the reported possible erroneous or fraudulent conduct and the person reporting the concern; and While the physician practice may strive to maintain the anonymity of an employee's identity, it also needs to make clear that there may be a point at which the individual's identity may become known or may have to be revealed in certain instances. Provisions in the standards and procedures that there will be no retribution for reporting conduct that a reasonable person acting in good faith would have believed to be erroneous or fraudulent. Step Seven: Enforcement of Disciplinary Standards through Well-Publicized Guidelines Finally, the last step that a physician practice may wish to take is to incorporate measures into its practice to ensure that practice employees understand the consequences if they behave in a non-compliant manner.