“Compliance” Is Not a Dirty Word

Become familiar with it, make a plan, and it will keep your claims and business clean.


In October 2000, the U.S. Department of Health & Human Services (HHS) Office of Inspector General (OIG) published in the Federal Register general guidelines for healthcare facilities to set up a compliance program. Busy practice managers and providers have long pushed this advice to the wayside, but now the Affordable Care Act has made office compliance plans mandatory as a condition of Medicare enrollment.

Certified Professional Compliance Officer - CPCO

Although there’s little enforcement of this mandatory requirement at this time, private payers will soon require such a plan as a condition of participation in their networks. This means a compliance plan has become a necessary part of doing business in healthcare. Although a compliance program doesn’t guarantee an office will never violate any regulations, federal agencies will consider a plan as a mitigating factor in an investigation.

Take Advantage of a Compliance Plan

A compliance plan is somewhat complex and requires familiarity with many guidelines and regulations; however, it actually can increase the operational efficiency of a practice. For example, it provides protection from complications associated with doing business with health insurance companies. If a violation were found, it could prevent massive refunds to payers, or even criminal sanctions. And if an employee understands the procedures and policies for overpayment, he or she is more likely to resolve an issue internally, rather than becoming a “whistleblower” (which can have catastrophic effects on a practice).

Most importantly, practices should be honest and thorough in how they do business. A compliance plan simply asks providers to stay ethical and legal in all they do, which is not an unreasonable expectation.

Compliance Basics

A compliance plan addresses issues with:

  • Centers for Medicare & Medicaid Services (CMS) guidelines
  • OIG Work Plan
  • Health Insurance Portability and Accountability Act (HIPAA) privacy and security
  • Occupational Safety and Health Administration (OSHA)
  • Clinical Laboratory Improvement Amendments (CLIA)
  • National Committee for Quality Assurance (NCQA) guidelines
  • Stark laws (I, II, and III)
  • Anti-kickback laws
  • State laws

Per the OIG, a compliance plan should include seven core elements:

  • Implementing written policies
  • Designating a compliance officer
  • Conducting comprehensive training and education
  • Developing accessible lines of communication
  • Conducting internal monitoring and auditing
  • Enforcing standards through well-publicized disciplinary guidelines
  • Responding promptly to detected offenses and taking corrective actions

Prepare, or Risk Being Prey

Medicare administrative contractors (MAC) are increasing their efforts to identify fraud and abuse. For example, probe reviews, which include review of a small number of records, have become very common in chiropractic offices around the country. If errors are identified, this can lead to an expanded post-payment review. Contractors have also issued comparative billing reports, which tell providers how they compare to their peers in terms of benchmarks. Falling outside the norm on these reviews should serve as a wake-up call to improve compliance-related activities.

Recovery audit contractors (RACs) also have increased efforts to review claims before payment is made. According to a CMS report to the Office of Management and Budget, RACs look for “dramatic change in the frequency of use, high cost, high risk prone areas, or unexplained increases in volume when compared to historical or peer trends.” RACs use statistical analysis by comparing provider services to the Medicare bell curve, which is unique to each specialty. Providers need not match this bell curve perfectly; they simply must demonstrate the medical necessity of services that fall outside of the norm.

It’s important to note that RACs are paid on commission. If they don’t find a reason to ask for money back, they don’t get paid. There is a high incentive for them to find fraud or other improprieties. In fact, this type of work is very lucrative; for every dollar spent on audits, $17 is recovered. This is far better than investment in the stock market, or even real estate (before the bubble popped). Consequently, rumor has it that investigator and regulator employment is increasing.

Build a Good Defense with Knowledge

The first way to protect yourself is by reviewing Medicare policies and procedures. The Medicare coverage database  provides access to national coverage determinations (NCDs), local coverage determinations (LCDs), and related articles—enough to occupy the most tenacious of compliance officers. Many agencies offer online training from those who have waded through these materials. Such training may double up as continuing education units for certification maintenance.

Articles provided by individual MACs can provide insight into particularly complex or confusing guidelines. The Medicare Benefit Policy Manual is also a valuable resource. For example, the Medicare LCD for Noridian on physical therapy services clearly outlines the documentation criteria for CPT® 97110 Therapeutic procedure, 1 or more areas, each 15 minutes; therapeutic exercises to develop strength and endurance, range of motion and flexibility (the fifth most submitted code to Medicare). It includes guidelines regarding how many visits are appropriate for certain conditions, which indications must be present for medical necessity, which elements should be documented, etc. This information could be very useful in elements No. 3 and No. 5 of a compliance plan, as outlined by the OIG.

Make and Implement Your Compliance Plan

The next step is to implement an office compliance plan—as soon as possible. The starting point would be the OIG website. Links to guidelines for multiple segments of the healthcare industry can be found via a search for “compliance guidance.” The document dated Oct. 5, 2000 is for small group physician practices. Unfortunately, it’s 19 pages, three columns wide, eight-point font, and written in “government-ease.” CMS released a compliance program guidance document in March 2005, which is a little briefer and easier to read. Tricare offers a free template for “medical treatment facilities.”

Establishing a compliance plan from scratch also includes reviewing the physical layout of your office or facility, HIPAA manual and procedures, the OSHA manual and exposure plan, office policies and procedures, and job descriptions. The easiest way to do this is to hire a consultant with a compliance certification, and possibly an attorney. He or she will likely use the same materials and guidelines referenced above. Numerous free compliance plan templates are available online—but remember, you get what you pay for.

One of the most important pieces of a compliance plan is internal monitoring and auditing. CMS expects practices to perform voluntary self-audits at a minimum of once each year. Use certified auditors or compliance specialists for this purpose. In addition, a complete audit of 10 charts is advised (at least five Medicare), including claims and explanation of benefits. Then, deficiencies should be identified. In this way, the office compliance program can be customized for an individual medical practice.

Unfortunately, if an internal audit leads to a voluntary refund, it does not protect an office from further fines or penalties. The best protection is to establish an office compliance plan, so the likelihood of violations is decreased and there is no need to provide a refund.

Customize, Follow, and Update Your Plan

There is no cookie cutter plan. It must be customized for each office and, depending upon the size of the practice, may require a full-time individual or a contractor with expertise to maintain the program. The result will be a clinic that does business more efficiently and without fear of non-compliance.

It isn’t enough to simply create a binder full of text that has never been read. Your compliance plan is a living document that must be followed and updated on a regular basis. Otherwise, it’s considered invalid.

Compliance is not a dirty word; it’s the opposite. It makes an office cleaner, and it’s now mandatory by the Affordable Care Act. Just like you need a driver’s license to be out on the roads, medical practices need a compliance plan to do business.

Note: A great source for building a compliance plan and for Medicare compliance updates in the chiropractic field is www.ChiroMedicare.net.


Evan M. Gwilliam, DC, CPC, CPC-I, CCPC, CPMA, NCICS, CCCPC, MCS-P, is a physician and medical compliance specialist, and is the director of education and consulting for the ChiroCode Institute. Gwilliam is a member of the Provo, Utah local chapter. He can be reached at DrG@ChiroCode.com.


Latest posts by admin aapc (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *