HEALTHCON Hot Topic: Compliance Plan 101
Six takeaways illustrate the importance for providers to have a working compliance plan.
By Marcia L. Brauchler, MPH, CMPE, CPC, COC, CPC-I, CPHQ
Compliance is the hot topic in healthcare right now — and with good reason. Government payers, especially, are aggressively targeting compliance vulnerabilities, including improper coding and billing (intentional or otherwise), HIPAA lapses, self-referral and Stark violations, etc. In preparing to speak at AAPC’s HEALTHCON 2015 (March 29-April 1 in Las Vegas, Nevada), my firm confirmed, in spite of all the buzz, that many provider practices and organizations are both uniformed about compliance and unprepared to enact a comprehensive compliance plan.
This article provides important takeaways from my HEALTHCON presentation. In the coming months, I’ll delve into specific compliance concerns and provide you with hands-on, how-to steps you can use to improve compliance in your organization.
Compliance Is an Obligation
The core of my consulting business is negotiating insurance contracts on behalf of physicians. When physicians sign contracts with a commercial payer, they are obligating themselves to all kinds of requirements, from collecting co-pays to following the payer’s coverage requirements, and on and on. Compliance, broadly defined, is a legal condition of your contract. Participation in federally funded health plans, including Medicare and Medicaid, requires similar compliance.
HIPAA, Stark law, Occupational Health and Safety Administration (OSHA) requirements, etc., are federal laws with which healthcare entities have no choice but to comply.
The cost of ignoring or underestimating compliance obligations can be ruinous to a practice (as later discussed), but many continue to turn a deaf ear. My firm recently surveyed approximately 100 physician practices in the Denver area, asking, “In what year was compliance last addressed in your practice?” More than a third of respondents said they hadn’t addressed compliance for six or more years.
Compliance Is Cost Effective
Compliance isn’t free. It requires you to dedicate resources often in short supply: time, money, manpower, and the attention of management, providers, and staff. These costs are the number one reason providers fail to prioritize compliance.
In my firm’s survey, we asked how much money should be allotted in a practice’s annual budget for compliance. Again, more than a third (38 percent) of respondents replied, “zero” or “no budget.” One respondent said, “It’s not budgeted, and we can’t afford it.”
The truth is, compliance is now considered a cost of doing business. Whether you think of it as a form of insurance or as “preventive medicine” for your practice, compliance is a worthwhile investment to protect the financial viability of your practice.
By enacting an active compliance program (see Takeaways 4 and 5), you’ll reduce exposure to civil damages, criminal sanctions, and administrative remedies, such as program exclusion. If your compliance program is robust, you should be able to identify and prevent employee actions that endanger your bottom line (e.g., embezzlement).
Did you know? Under the False Claims Act (FCA), a healthcare facility or entity may be held liable for the conduct of its employees, or the conduct of other entities with whom the healthcare organization contracts or associates, even if the organization has no knowledge that its employee or associate was engaged in the preparation or submission of false claims.
Compliance programs demonstrate commitment to good corporate conduct. Just having a compliance plan may reduce or mitigate fines or penalties. It also provides a centralized source of information on healthcare regulations, and a methodology encouraging employees to report areas of concern to the practice. Theoretically, a good compliance program should improve quality of patient care.
There are also intangible benefits of a compliance program. Practice leaders and staff can sleep better at night knowing the rules are being followed. Communicating clear and consistent messages to employees that the practice takes compliance seriously creates a positive work environment. If you’ve ever worked where it’s clear no one cares about the rules, and the leadership doesn’t care about cutting corners, you understand how uncomfortable such an environment can be. This sort of malaise encourages whistleblowers.
Even if You Aren’t Paying
Attention to Compliance, Someone Else Is
If the benefits of compliance aren’t enough to convince you, consider the costs of doing without. Under the FCA, penalties for improper billing can total three times the amount of the claim, plus fines of $11,000 per claim. As modified by the HITECH Act, HIPAA may result in fines of up to $1.5 million per year. And these are just two of the many applicable rules!
Payers are keen to contain costs, curb fraud, waste, and abuse, and protect consumers. Government entities and private insurers monitor providers for potential noncompliance, and favorable return on investment has encouraged them to increase their efforts. According to the Office of Inspector General (OIG), the federal government recovered over $8 for every dollar it spent on healthcare-related fraud and abuse investigations from 2011-2014. The OIG expects to return $4.9 billion to the government from investigations in 2014, bypassing previous record recoveries in 2012 ($4.2 billion) and 2013 ($4.3 billion).
OIG’s Compliance Guidance Is a Great Place to Start
Compliance doesn’t just happen. It’s a big undertaking, and you need written policies and procedures to guide your efforts.
Since 2000, the OIG has made available voluntary compliance program guidance(s) for individual and small group physician practices, third-party medical billing companies, hospitals, and nursing homes. These downloadable guidance documents are available at: http://oig.hhs.gov/compliance/compliance-guidance/index.asp. In my firm’s informal survey, we asked practices if they were aware of OIG’s voluntary guidance, Compliance Program for Individual and Small Group Physician Practices (https://oig.hhs.gov/authorities/docs/physician.pdf). Almost half of respondents didn’t know the voluntary compliance program existed, even though that particular guidance has been around for nearly 15 years.
The Patient Protection and Affordable Care Act (ACA) §6401 directs the Secretary of the HHS to implement requirements that providers and suppliers establish compliance programs as a condition of Medicare enrollment. The core elements have not yet been defined, but they will most likely be based on the seven components outlined in OIG’s Compliance Program for Individual and Small Group Physician Practices:
- Conducting internal monitoring and auditing;
- Implementing compliance and practice standards;
- Designating a compliance officer or contact;
- Conducting appropriate training and education;
- Responding appropriately to detected offenses and developing corrective action;
- Developing open lines of communication; and
- Enforcing disciplinary standards through well-publicized guidelines.
A Compliance Program Must Be Active to Be Effective
In my firm’s survey, slightly more than half of respondents answered yes to the question, “Do you have written policies and procedures?” Of those, however, fewer than half could affirm that everyone in the practice knew where the written policies and procedures were located.
We also asked, “Does your practice have a compliance officer?” We were thrilled that 79 percent of the practices said yes. But because of our experiences working with physicians, we knew to ask a follow-up question: “Does your compliance officer have a position description?” As we suspected, only one third of the practices said they have a written position description for their compliance officer.
Implementing a compliance program is “not just a paper exercise,” the Centers for Medicare & Medicaid Services reminds providers. A practice must be able to demonstrate that they have a “systemic process for proactively and promptly fixing noncompliance issues.” In other words, your compliance program must be effective. This requires an ongoing commitment, not a one-time effort. A compliance plan in name only is no better than no plan at all.
The best example I can think of that drives this point home involves Caremark™. This organization had a complete compliance plan on paper, but they didn’t follow their own rules. A shareholder sued the board of directors for breach of fiduciary duty of care. The lawsuit followed a multi-million dollar civil settlement and criminal plea relating to the payment of kickbacks to physicians, and improper billing to federal healthcare programs. A whistleblower turned them in for not following their own billing guidelines, and the organization was found liable.
It’s OK to Seek Help
The OIG acknowledges that there is no “one size fits all” compliance program, especially for physician practices. Whatever the compliance needs of your practice or organization, you may need help tackling such a major and important undertaking. In addition to the model OIG plans, there are a number of compliance programs from which you can draw inspiration, or copy. There are also additional resources available to help you with individual components of a program, such as monitoring, education, or recruiting compliance professionals. Don’t be afraid to seek advice and guidance from outside your organization. Often, it may be the more cost-effective solution.
Marcia L. Brauchler, MPH, CMPE, CPC, COC, CPC-I, CPHQ, is the president and founder of Physicians’ Ally, Inc., a full service healthcare company, where her and diverse staff provide advice and counsel to physicians and practice administrators, and education and assistance on how best to negotiate managed care contracts, increase reimbursements to the practice, and stay in compliance with healthcare laws. Brauchler’s firm sells updated HIPAA policies and procedures at www.physicians-ally.com. She is a member of the South Denver, Colorado, local chapter.