Practice Management Alert

Teaser: You’ll want to take these 7 actions if you receive an audit letter.

Now is the time to make sure you’re on the OIG’s good side. On Jan. 11, the Health and Human Services OIG released the final ruling on Medicare and Medicaid exclusions, which expands its authority to penalize offending providers. Providers who commit fraud and abuse can be banned from Medicare and Medicaid, meaning that they would no longer receive reimbursement from the federal health programs.

Taking effect on Feb. 13, the final rule states that the OIG will have 10 years to investigate and carry out exclusions, and that the OIG has the authority to exclude an entity based on convictions related to:

• obstructing audits;
• failure to provide federal payment info; and
• the creation of false statements or misrepresentation of facts in federal healthcare program applications.

Under the final rule, providers who share ownership — directly or indirectly — with people who have been convicted of criminal offenses will be excluded from Medicare/Medicaid.

About the 10-year limitations period: Former CMS attorney and current healthcare attorney at Hogan Lovells in Washington D.C. Sheree Kanner says, “It’s a step in the right direction. It gives providers and suppliers a helpful point of finality when they discover potential misconduct, rather than leaving the possibility of exclusion on the table even after resolving potential liability under the False Claims Act or other fraud and abuse laws.”

The final rule is a push to get providers to realize that the risks are high for committing fraud and abuse. “The OIG has extremely broad exclusion authority over a wide variety of activities — improper and medically unnecessary billing, providing and receiving kickbacks, and more,” says Elizabeth B. Carder-Thompson, healthcare regulatory attorney at Reed Smith in Washington, D.C. Actions as simple as upcoding and downcoding, or waiving copays or deductibles, can be considered kickbacks or inducements.

Also keep in mind that before hiring any staff, you should consult the OIG Exclusion list. If your candidate is listed, you will be held responsible. Find the list here: https://oig.hhs.gov/faqs/exclusions-faq.asp.

End in sight: The 10-year limitations period may have a silver lining for providers. “It’s a step in the right direction,” says Sheree Kanner, former CMS attorney and current healthcare attorney at Hogan Lovells in Washington D.C. “It gives providers and suppliers a helpful point of finality when they discover potential misconduct, rather than leaving the possibility of exclusion on the table even after resolving potential liability under the False Claims Act or other fraud and abuse laws.”

Arm Yourself With The Right Plan

What do providers need to do to stay on the OIG’s good side and comply with the final rule? “As always, the best preparation is to have strong policies and procedures and an active compliance program,” especially when it comes to audits, advises Carder-Thompson.

What to do first: Managers and physicians should start by forming “a team of staff members dedicated to handling the practice’s compliance activities,” Vera Watkins, Perioperative Nurse at Retina Specialty Institute and Certified Health Auditor, told attendees at the American Academy of Ophthalmology 2016 annual meeting in Chicago.

Ideally made up of a physician, IT staff member, coding specialist, and compliance officer, the compliance team should create formal Standards of Conduct, provide training and education on proper coding procedures and handling of PHI, form auditing and monitoring guidelines, create corrective action plans, and institute disciplinary guidelines for staff who commit fraud and abuse, Watkins recommended. Compliance teams should also conduct internal audits and disclose any issues they find. Although there is no guarantee that you’ll get amnesty for self-disclosing, the benefits of doing so far outweigh the risks.

You’ve Received an Audit Letter: Now What?

If a Medicare administrative contractor or a zone program integrity contractor sends you a scary letter that your practice has been scheduled for an audit — often the next morning to give you little time to prepare — it’s easy to panic. “The first response to audits is fear,” says Watkins.

Taking these immediate steps will serve you well if you get a letter:

1. Verify the address. The first thing to do is to confirm that the full address on the letter is correct, advises George F. Indest III, .President and Managing Partner of Orlando-based The Health Law Firm.

In his Medical Economics article, “19 Tips to Prepare You for a Medicare Audit and Site Visit,” Indest warns that if you haven’t updated your physical address — or if your current address is incomplete — in the Provider, Enrollment, Chain and Ownership System (PECOS), auditors may not be able to find you, putting your Medicare billing privileges in danger of being terminated.

2. Contact the auditors and confirm exactly when and where the audit will take place. Give auditors any codes they need to access parking garages, buildings, and so on, recommends Indest.

3. Contact your attorney. Practice leadership should ask their attorney to be present during the audit and site visit, says Indest.

4. Get your office in order. After making those calls, visually inspect your office, Indest advises. Are all desks, cabinets, and closets clean? Make sure all certifications and degrees displayed in the office are up to date.

5. Designate one member of your staff to liaise between the auditors, your practice, and your attorney. This person should be present during the audit and stay with auditors as they tour your office.

6. Ask for ID. When auditors show up at your door, make sure they present their IDs and letter of intent. Make a copy of their IDs and escort them to a private room. “Don’t let them wander around your office because they’ll talk to anyone,” said Watkins.

7. Make copies for your files. Whenever auditors ask you for a copy of a document, make two copies and keep one for yourself.

When Auditors Leave

If auditors find an issue with your practice, you’ll need to develop a Corrective Action Plan.

The compliance team should conduct a root cause analysis of the issue, develop an action plan, and engage all staff members in implementing it. “Nothing drives behavior like data,” said Watkins. When trying to get staff to change the way they perform a process, show them data that proves why the change is necessary.

Just doing their job: Even though audits are anxiety-producing, Watkins offers practices some comfort: “You’re never going to have a 100 percent clean audit. Auditors are hired to find something wrong.”