Compliance Policies and Procedures – Are yours really in effect, or is it just on paper?

Compliance policy and procedure binders on a shelf.

Many healthcare organizations have created Compliance Plans or Programs, but putting the initial documentation of your plan in place is the easy part.  The hard part is implementing your compliance policies and procedures, including things like:

  • Screening new employees for exclusion or sanctions by CMS;
  • Annual training of all employees on the organization’s Compliance program policies and procedures, and Code of Ethical Conduct;
  • Performing periodic medical records/billing audits, to ascertain just how close your medical records documentation comes to supporting the CPT codes on the claims you submit.

Your compliance policies and procedures should include a provision for training providers on “Risk Based Coding”

We find that many providers under-document their records, especially Evaluation and Management services – and sometimes justify it by saying “My documentation is no worse than the documentation I read from other providers.”  Of course, CMS and its Medicare Administrative Contractors do not use a “community standard” for judging documentation; they use the CMS Guidelines!

An interesting and useful approach to documenting evaluation and management services is Risk-Based Coding.  In an E&M type service, most physicians can quickly establish certain things about the patient he or she is evaluating, including:

  • The level of risk for the patient, from minimal to high;
  • The amount of data to be reviewed, including diagnostic tests and procedures; and
  • The number of treatment options, from minimal to extensive (4 or more).

EHR systems do not alleviate the need for compliance policies and procedures related to documentation audits

These are the elements of Medical Decision-Making, which is usually the determining factor for the level of service.  Starting with these elements makes it easy to document the level of CPT Code justified by the condition of the patient and the medical decision-making required.

And if you have implemented an EHR system, your compliance issues are not over.  Compliance with an EHR system is not a given; CMS and its MACs are on the lookout for “cookie cutter” documentation that may not reflect the actual services provided.

There are many other elements of your compliance policies and procedures that you must monitor and document.  Performing a risk-based coding and documentation audit could be among the most important!

When you need proven expertise and performance

Jim Hook, MPH

Mr. James D. Hook has over 30 years of healthcare executive management and consulting experience in medical groups, hospitals, IPA’s, MSO’s, and other healthcare organizations.