Medicare Compliance & Reimbursement

Your Medicare, Medicaid and CHIP program participation could be at stake.

CMS may be taking its time creating guidelines, but that doesn’t mean you get a pass on the compliance plan requirement. Having a well-vetted compliance plan in place is an ACA requirement.

The rule: Section 6401 of the Affordable Care Act (ACA) requires that all providers and suppliers, regardless of their size, institute formal compliance programs as a condition for participation for enrollment in the Medicare, Medicaid and CHIP program.

The impact: New practices will no longer be able to enroll in Medicare or Medicaid without a compliance program in place, and already existing practices also will be expected to institute them before reenrollment, says Ed Gaines, JD, CCP, Chief Compliance Officer, Medical Management Professionals, Inc. in Greensboro, NC.

Background: So why did Congress place yet another regulatory burden on providers? The short answer is that these ‘program integrity’ provisions are ‘scored’ by the Congressional Budget Office (CBO) as ‘savings’ and help ‘pay for’ for and offset the costs of the ACA. Also mandatory compliance programs are already required for most hospitals and many other entities that bill and receive reimbursement from Medicare or Medicaid, Gaines explains.

Stay Tuned for CMS Final Rule

CMS is gathering data on how quality programs would factor into the ACA directive, and indicates it’s not yet ready to publish the final rule. The agency was expected to release a final rule following the screening rules on enrollment it published in February 2011.

Challenge: The “non-action” by CMS leaves providers in a conundrum, as the ACA statute appears to make compliance programs a condition of enrollment in Medicare but goes on to say that the requirements are subject to the rules of the Secretary of HHS, says Gaines. “So until HHS and CMS tell us what the mandate means, then providers would argue that the mandate is not operational.”

Also, in the CMS screening rules in Feb. 2011, CMS hinted that they were considering adding how quality measures would be assessed in a compliance program, and this is certainly not an issue that the OIG has opined about extensively in the past, says Gaines. A check of the OIG website shows that they are clearly waiting on CMS as well, he adds.

Use Y2K Compliance Model For Now

Until such guidelines are released, your best bet is to follow the compliance program guidelines that have been in place since the fall of 2000.

Critical: Remember that when the OIG compliance program guidelines (CPGs) were issued in 2000, the HIPAA privacy, security and transaction/code set standards had not yet been released, advises Gaines. So there is no substantive reference to HIPAA and certainly not HITECH in these OIG CPGs, but they are a fairly good roadmap of the coding and billing issues that physician groups should consider in developing a formal compliance program, he says.

The 2000 guidelines offered seven components on which to base programs, including:

• Conducting internal monitoring and auditing
• Implementing compliance and practice standards
• Designating a compliance officer or contact
• Conducting appropriate training and education
• Responding appropriately to detected offenses and developing corrective action
• Developing open lines of communication
• Enforcing disciplinary standards through well-publicized guidelines

Caveat: Any compliance plan should be specific to your specialty or facility and reviewed by experienced counsel. Be sure to update your compliance plan if you have significant changes in your practice structure or billing and coding operations, warns Gaines.