Managing healthcare compliance effectively requires a compliance plan that stays current with changing government regulations, payer requirements, office operations, and technology. It means you need to adhere to regulations and laws governing HIPAA Security and Privacy Rules, the False Claims Act, Emergency Medical Treatment and Active Labor Act (EMTALA), Clinical Laboratory Improvement Amendments (CLIA) regulations, Anti-kickback Statute, Stark Law, Occupational Safety and Health Administration (OSHA) standards, etc.
Managing compliance means handling investigations, including self-disclosure protocols requirements under Corporate Integrity Agreements (CIAs) and Certificate of Compliance Agreements (CCAs). It means being up-to-date on the investigative activities of recovery audit contractors, zone program integrity contractors, Medicaid fraud control units. It requires knowledge for managing risk and auditing areas of risk concern when reporting physician services that require Advance Beneficiary Notices, teaching physicians’ guidelines, incident-to services, evaluation and management (E/M), date of service, modifiers, etc.
Take Seven Steps Towards Compliance
There are seven elements to healthcare compliance defined by the Office of Inspector General (OIG):
- Conducting internal monitoring and auditing
- Implementing compliance and practice standards
- Designating a compliance officer or contact
- Conducting appropriate training and education
- Responding appropriately to detected offenses and developing corrective action
- Developing open lines of communication
- Enforcing disciplinary standards through well-publicized guidelines
Ensure these seven items are included in a compliance plan for your physician practice or healthcare organization.
Auditing and Monitoring: Building Blocks of a Compliance Plan
Internal monitoring and auditing is essential to identify and correct errors, if they occur. To have a successful compliance program, you must show the plan is improving compliance within your practice. This is done with auditing and monitoring. An audit is a formal review of compliance with a particular set of standards. For example: An audit might be performed once a year to look at the overall effectiveness of the compliance program, while monitoring is conducted on a regular basis (weekly, monthly, etc.) to confirm compliance is ongoing and to see if procedures are working as intended. The staff can perform both, or the office might want to have an external source perform the audit to be more objective.
An initial step in auditing and monitoring is to determine what standards and procedures apply to your practice. Every year the OIG and Office of Medicaid Inspector General (OMIG) release work plans, which identify areas of risk they are focusing on. It is important to know if any of their focus areas are applicable to your practice and warrant auditing and monitoring.
Another resource to help identify items to include in an audit plan is the OIG Semiannual Report, where the Inspector General reports semiannually to the head of the department and congress on the activities of the office during the 6-month period ending March 31 and Sept. 30. These reports are intended to keep the secretary and congress fully informed of significant findings and recommendations by the OIG.
There are two types of audits that you should perform:
1. standards and procedures review; and
2. claims submission audit.
To find areas of risk to audit:
- Look back over the history of the practice. Learn from issues that occurred in the past and monitor to make sure the issues are resolved.
- Identify what other providers in the same area of healthcare may be identifying as risks and understand their weaknesses.
- Identify state and federal billing, coding, and documentation requirements that apply to your practice.
- Refer to specialty societies and associations to learn of risk areas other similar practices are dealing with.
- Check private payers’ policies in the provider’s contracts. Most payers also have coverage and payment policies available on their website.
A baseline audit must be performed to help determine what areas of the billing and reimbursement department(s) are or are not in compliance. Specific areas to address in subsequent audits are determined by current governmental payer initiatives, findings from the baseline audit, and current billing data that may be outside “normal” parameters. The baseline audits also assist compliance professionals with noting trends in the practice that might fall outside a bell curve, which alert compliance professionals to the possibility of services billed that might not be medically necessary.
Medicaid billing and coding rules vary by state, as do Medicare Advantage plans. Your practice or healthcare organization will need to develop and document policies and procedures for proper documentation, coding, and billing that is compliant with the federal plans in your state. Auditing and monitoring the different types of federal payers is part of an effective compliance program, as well.
After regulations and standards are identified, the next step is to implement your audit work plan to incorporate into your compliance plan.
Developing a Compliance Plan
A compliance plan is the process an organization implements to achieve compliance goals of the organization and should encompass all areas of regulation applicable to the medical organization.
The extent of work it takes to implement a compliance plan depends on the size and resources of the practice. Smaller physician practices may incorporate each of the components in a manner that best suits the practice. By contrast, larger physician practices often have the means to incorporate the components in a more systematic manner. For example, larger physician practices can use both this guidance and the Third-Party Medical Billing Compliance Program Guidance, which provides a more detailed compliance program structure, to create a compliance plan unique to the practice.
Benefits of implementing a well-designed compliance program help to speed and optimize proper payment of claims, as well as:
- Minimize billing mistakes and optimize proper payment of claims;
- Help protect patient privacy;
- Reduce the chances of an audit; and
- Avoid conflicts of interest and help comply with the self-referral and anti-kickback statutes.
Initially, compliance plans should focus on areas identified as risk factors during the auditing and monitoring step. If a provider has an existing relationship with an outside entity, such as a billing office, the provider may use their policies and procedures as a starting point.
The OIG Work Plan is an excellent resource for providers and healthcare organizations to build their compliance plan, and it should be the cornerstone for risk assessments in your medical organization. It provides detailed information regarding audit results from the previous year and where they’ll focus investigation efforts as a result of the audits. OIG’s Work Plan, summarizes new and ongoing reviews and activities that the agency plans to pursue regarding the U.S. Department of Health & Human Services (HHS) programs and operations during the current year and continuing years until accomplished. The Work Plan describes the primary objectives, and each objective’s expected reporting year after its review/investigation is complete.
A compliance plan sends an important message to employees that — although the healthcare organization recognizes mistakes will occur — employees have an affirmative duty to report erroneous conduct, without repercussions, so mistakes may be corrected promptly. A well-publicized compliance policy assists employees to understand that although billing errors sometimes occur, it’s everyone’s responsibility to be educated about the compliance rules of the office and to contact the supervisor if coding and billing errors happen, so corrective action can serve to mitigate risk. Not following a practice’s compliance plan creates compliance risk.
For a compliance plan to be effective, it needs to be reviewed and updated regularly.