Pain Management for Compliance Concerns
Resolve your compliance woes with these viable solutions.
by Barry L. Johnson, DDS, and Renee Dustman
With compliance programs now mandatory for providers who treat Medicare and Medicaid patients, compliance officers are feeling the pressure. The job of a compliance officer is an important one, but it shouldn’t be overwhelming. Let’s look at the challenges many compliance officers face and, with the help of a couple of compliance experts, lighten the load a bit.
Know What You’re Up Against
A compliance officer’s primary responsibility is to develop a corrective action plan for compliance risks identified in periodic audits, and to oversee the practice’s adherence to that plan.
A compliance officer may also be responsible for:
- Overseeing and monitoring the implementation of the practice’s compliance program;
- Establishing methods, such as periodic audits, to assess risk and reduce the practice’s vulnerability to fraud and abuse of government programs, as well as improve the practice’s efficiency and quality of services;
- Periodically revising the compliance program in light of changes in the needs of the practice or changes in the law and in the standards and procedures of government and private payer health plans;
- Developing, coordinating, and participating in a training program that focuses on the components of the compliance program;
- Ensuring the Office of Inspector General’s (OIG) List of Excluded Individuals and Entities, and the General Services Administration’s Excluded Parties List System have been checked with respect to all employees, medical staff, and independent contractors; and
- Investigating reports or allegations concerning possible unethical or improper business practices, and monitoring subsequent corrective action and/or compliance.
Write Your Job Description
That’s a lot of responsibility for one person to take on! If you’re a compliance officer, and you are feeling overwhelmed in your day-to-day responsibilities, it’s time to do something about it. A good place to start is by making a list of everything you do. Categorize your duties by how often you do them (e.g., daily, weekly, monthly, annually, etc.).
Review your list and determine which of these tasks are the most challenging. In speaking with several compliance officers, their most challenging duties include:
- Keeping up with regulatory changes
- Training staff on compliance
- Communicating compliance issues with staff
- Creating and maintaining an audit trail
Once you’ve identified your pain points, you’re ready to conduct a little pain management. For example, if communication is your worst nightmare, Marcella Bucknam, CPC, CPC-H, CPC-P, CPC-I, CCC, COBGC, CCS-P, CCS, compliance manager at University of Washington Physicians, recommends using multiple ways of communicating critical information.
“Send emails to everyone to update them on changes or problems that affect the whole group. You can also create flyers or newsletters that include reminders about errors that happen frequently. Add a little time to talk about compliance at staff meetings or lunchtime meetings. Providing reminders in many different formats will allow staff to review the information when they have the time to really think about compliance,” Bucknam explains.
Whereas, if you find staying current with regulatory changes is keeping you awake at night, remote healthcare consultant and ICD-10 trainer Lamon Willis, CPCO, CPC-I, CPC-H, CPC, suggests signing up for multiple Medicare fiscal intermediary, Medicare administrative contractor, and carrier listservs. “This will allow you to receive emails concerning government regulatory changes by state, region, and also any national guidance that occurs. There will be overlap of issues, which will confirm that you have done your due diligence for review of regulatory changes,” Willis says.
Remember: You’re not alone! You have access to a vast network of compliance professionals who can help you. To get connected, simply login to the member area on AAPC’s website and head straight for the compliance forums.
Another possibility is that you’ve simply taken on too much responsibility. While only one person can be designated compliance officer, there’s no law that says a practice can only have one person monitoring compliance. It’s perfectly acceptable for a physician practice to designate more than one employee with compliance responsibilities to be performed in addition to their usual duties. In lieu of having a designated compliance officer, the physician practice could instead describe in its standards and procedures the compliance functions for which designated employees, known as ‘‘compliance contacts,’’ are responsible. For example, one employee could be responsible for preparing written standards and procedures, while another could be responsible for conducting or arranging for periodic audits and ensuring that billing questions are answered. To maintain an effective compliance plan, however, these contacts should communicate regularly. Designating one person as the main contact will simplify matters, too.
Arm Yourself with Essential Knowledge
Naturally, the more you come to understand about compliance, the better equipped you will be to handle the job. AAPC’s Certified Professional Compliance Officer (CPCO™) credential prepares individuals for the responsibility of this demanding position, and reassures employers that they’ve hired the best person for the job.
In earning your CPCO™ credential, you will come to understand the key requirements to developing, implementing, and monitoring a healthcare compliance program, and be able to demonstrate knowledge of:
- OIG Compliance Program for individual and small group physician practices, clinical laboratories, and third-party billing companies
- Compliance program effectiveness
- Key healthcare fraud and abuse laws including the False Claims Act, Stark Laws, and Anti-kickback Statute, including the associated penalties
- How the Affordable Care Act will affect medical practices
- Other laws and regulations including HIPAA, EMTALA, and CLIA
- Handling investigations, including self-disclosure protocols
- Requirements under Corporate Integrity Agreements and Certificate of Compliance Agreements
- Current investigative activities (RACs, ZPICs, MFCUs, etc.)
- Risk areas such as accepting gifts/gratuities, conflicts of interest, use of Advance Beneficiary Notices, teaching physicians guidelines, and incident-to services
Learn more about earning your CPCO™ credential on AAPC’s website, www.AAPC.com.
Consider Compliance Management Software
Utilizing a compliance management system is another viable solution for practices. An affordable solution to complete compliance is AAPC’s 7Atlis.
7Atlis offers everything a practice needs for the creation and management of all seven elements of a comprehensive compliance program, including:
- Automated risk assessment tools
- Audit management
- Compliance category checklists
- Training courses
- Incident management
- Documentation control
- Reporting and dashboard capabilities
- External audit services and support
Register for a free demo today at www.7atlis.com to see what it’s like to have total confidence that your practice is compliant, trained, and fully protected, even when audited.
The 7 Components of Compliance
The Office of Inspector General (OIG) outlines in a September 11, 2000 notice, OIG Compliance Program for Individual and Small Group Physician Practices, the seven components that provide a solid basis upon which a physician practice can create a compliance program:
- Conduct internal monitoring and auditing through the performance of periodic audits.
- Implement compliance and practice standards through the development of written standards and procedures.
- Designate a compliance officer or contact to monitor compliance efforts and enforce practice standards.
- Conduct appropriate training and education on practice standards and procedures.
- Respond appropriately to detected offenses through the investigation of allegations and the disclosure of incidents to appropriate government entities.
- Develop open lines of communication with employees, such as discussions at staff meetings regarding how to avoid erroneous or fraudulent conduct and community bulletin boards to keep practice employees updated regarding compliance activities.
- Enforce disciplinary standards through well-publicized guidelines.
“Writing and maintaining policies and procedures is one of the seven elements of an effective compliance program that I find often gets missed or delayed,” said Marcella Bucknam, CPC, CPC-H, CPC-P, CPC-I, CCC, COBGC, CCS-P, CCS. “It is critical that all policies are current and that they reflect the actual practices of the group. For example, if you have a policy that says all notes must be signed within 14 days, that policy should be followed, and any audits or reviews should include monitoring for timely signatures. Medicare requires ‘timely’ signatures but has not defined what they consider to be timely. However, if your group has defined timely as 14 days, you can use that guideline to reprimand those who are holding up the works by not signing their records.”
Barry L. Johnson, DDS, is president of AAPC’s Compliance Division. His 44 years in healthcare include a wide range of experience in a variety of roles. Prior to coming to AAPC, he was a founding partner and CEO of HealthCare Insight (HCI), acquired in 2007 by Verisk Analytics. He continued as president of the HCI division of Verisk Health, the leader in fraud and abuse prevention solutions for payers, until his retirement in December 2011. His first fictional work, Unbridled Greed, a thriller about healthcare fraud, was published in 2012.
Renee Dustman is an executive editor of Healthcare Business Monthly.