Designing a Compliance Program for a Small Physician Practice

Physician in small practice at desk completing compliance work.

Ever wonder how many other small physician practices implement compliance programs? So do we! A cursory review of the subject shows there probably aren’t any reliable statistics on the subject. But is there a need for even small physician practices to implement compliance programs these days? The answer is a qualified “yes”.

In this Article …

 

Why Implement a Compliance Program?

Why do we say the answer is a qualified yes? On the one hand, any physicians or other health care providers submitting claims to federal health care programs are at risk for penalties if they make serious mistakes. Submitting claims requires complying with the myriad of federal and state regulations applicable to such claims, and penalties for non-compliance can be severe. On the other hand, physician practices would be implementing a voluntary compliance program. And like many small businesses, it can be a struggle to do the required legal and regulatory requirements – let alone the requirements that are voluntary!

So why should small physician group practices implement a compliance program? Besides putting in standards and procedures that keep your practice from running afoul of regulations applicable to claims submission, implementing compliance programs sends a message to practice employees that you are serious about doing things the right way. You probably already emphasize “high touch, high tech” methods in patient care. Implementing compliance programs supports the notion of a “culture of compliance” in your medical office. Your employees take their cues from you on what is acceptable in the practice, so make sure you are aiming high.

One very specific benefit of implementing a successful compliance program is the possibility of seeing a reduction in the penalties that can be imposed if you ever face sanctions under the civil monetary penalties law. Health care providers facing such consequences can see their fine reduced by 90% if they are found to have an effective compliance program.

If your practice is being managed by a physician practice management company, be sure to include in their responsibilities the requirement to help you implement a compliance program for your practice.

And there is always the possibility that regulations will replace guidance at some point in the future. The Affordable Care Act of 2010 mandated that all health care providers submitting claims to federal health care programs implement a compliance program. This requirement was dependent on the Secretary of Health and Human Services (HHS) issuing regulations implementing this section of the Act. To date, only regulations applicable to skilled nursing facilities have been issued.

 

Scope of a Compliance program in Small Physician Practices

The HHS Office of Inspector General (OIG) recently consolidated the Compliance Guidance it has issued for various types of health care providers into one document. This document continues to emphasize the seven elements of effective compliance programs. But it can look pretty daunting to a small physician practice.

Even the OIG recognized in its first compliance program guidance for physician practices in 2000 that physician practices may not be able to establish compliance and practice standards that cover the full breadth of the seven elements in its Guidance. So how should a physician practice prioritize implementation of the compliance program elements to achieve a successful compliance program?

What follows are our recommendations on priorities when staff and resources are limited.

 

Compliance Program Policies

A voluntary compliance program begins with at least a minimum of policy statements.

Policy statements describing the practice’s commitment to complying with all applicable laws and regulations affecting the physician practice can be in a short, stand-alone statement of compliance and practice standards, or by adding similar language to an Employee Handbook. A second policy statement should capture who employees should go to if/when they have a compliance concern.

A third policy statement would include a commitment to avoiding hiring any individuals who are on the Office of Inspector General Exclusion List. And a fourth policy statement should address both punitive and non-punitive consequences of detected offenses. This is also an important policy to have to address HIPAA Privacy violations by employees. Finally, you should have a policy statement on responding to detected offenses and investigating violations.

See the end of this blog for a bonus piece on policy statements!

 

Compliance Program Risk Assessment

One of the most significant compliance risk areas is compliance with Federal Health Care Program regulations on documenting and billing for patient services. So it makes sense to take steps to understand these risks in your physician practice and develop approaches to manage those risks.

To do this, a baseline audit of medical records documentation and subsequent claims submission can be an eye-opening experience. Any such audit should be completed by qualified personnel, including a certified professional coder. Proper coding of evaluation and management services, and appropriate diagnosis codes, is the key to minimizing billing mistakes.

And don’t hesitate to take corrective action if you find that the medical records do not support some claims or did not follow the federal health care program coding requirements for reasonable and necessary services. Billing mistakes can be corrected by submitting corrected claims. But billing mistakes that continue year after year may be construed as false claims if not corrected.

After an initial baseline audit, find a way to continue conducting internal monitoring regularly, even if it is only annually.

 

Compliance Program Training

The third priority activity to incorporate into your voluntary compliance program is appropriate training and education. Employees should be exposed to the policy statements described in Compliance Program Policies above. Some additional training may be necessary for any staff members who are involved with arrangements with referral sources (such as hospitals or Lab companies) where Stark regulations or the Anti-Kickback Statute may come into play.

 

Responding to Detected Offenses

The fourth area to develop a policy for is what to do when there is a need for an investigation. You may be faced with investigating potential improper business practices or even intentional fraud. Think through how you would investigate – or have a third party investigate – allegations that may implicate the physician practice as a whole, as well as individuals in the practice. It would be wise to call in outside help, e.g., an attorney, for any investigation that leads to formally notifying the Government of possible fraud or similar misconduct.

 

Other Compliance Program Elements

Of course, listing four areas for priority consideration does not mean that the other three elements should be completely ignored. Compliance Program Leadership, Effective Lines of Communication, and Enforcing disciplinary standards and procedures should at least be addressed in summary fashion, for instance in an Employee Handbook. But making sure that physician practice staff know some of the basics, including your support for people always doing the right thing, will go a long way towards avoiding whistleblowers coming forward with claims of misconduct or fraud.

Finally, if all this seems overwhelming, there are always alternatives to implementing a full-scale compliance program yourself. Outsourcing a compliance program is a popular approach these days, so keep in mind that is an option, too!

 

Your Bonus on Compliance Program Policies

Here is a sample of a list of essential principles of legal and ethical behavior a physician practice’s compliance program could adopt to communicate your stance on compliance in small-group physician practices. It could also be adopted instead of a lengthy Code of Conduct for a physician practice.

Our Practice is committed to nine essential principles of legal and ethical behavior.

  • Comply with all Federal and State healthcare laws, rules, and regulations, with the Practice Compliance Program, and with Practice policies and procedures.
  • Report suspected violations of these Principals or the Compliance Program with the assurance that any sort of retaliation is strictly prohibited and will not be tolerated.
  • Cooperate with any investigations into erroneous or fraudulent conduct and any periodic audits.
  • Provide quality, efficient, and effective care and services to our patients and all other customers of our Practice.
  • Avoid actual and potential conflicts of interest, including actions that may give the appearance of a conflict of interest.
  • Safeguard and preserve Practice resources – property, time, materials, equipment, electronic communication systems, and other assets.
  • Protect the privacy of patients and Staff and safeguard the confidential information of the Practice.
  • Provide, document, and bill for services in strict accordance with the law and the highest standards of business ethics.
  • Create a caring, healthy, and safe work environment by acting with honesty and good faith in all matters and refraining from discriminatory, harassing, retaliatory, inappropriate, intimidating, and/or disruptive behavior.
  • Become familiar with these Principles, the Compliance Program, and supporting policies and procedures and demonstrate understanding at new hire/affiliation orientation, by participation in a review and testing during annual training, and whenever new or updated compliance information is shared.

Of course, as with any compliance efforts, no matter how detailed or comprehensive, you have to live up to its terms. That is a challenge of leadership in all organizations, regardless of size!

 

When you need proven expertise and performance

Jim Hook, MPH

Mr. James D. Hook has over 30 years of healthcare executive management and consulting experience in medical groups, hospitals, IPA’s, MSO’s, and other healthcare organizations.