Office Compliance Program
The Patient Protection and Affordability Care Act (PPACA) of 2010 amended by the Health Care and Education Reconciliation Act of 2010 list a number of legislative provisions concerning healthcare fraud and abuse. Section 1866 (j) of the Social Security Act was amended and requires that all providers and suppliers must implement a written compliance plan when enrolling in Medicare, Medicaid, and/or CHIP. Eventually, all providers will most likely have to adopt a written compliance program. The statute requires the Secretary of Health and Human Services in consultation with the Office of Inspector General to establish the elements of the compliance program for each provider type or supplier. The Office of Inspector Generals’ (OIG) lists the core elements of compliance programs. The OIG has published these compliance guidelines which can be found on their website at http://oig.hhs.gov/. Here are the OIG’s elements of a compliance program:
- A compliance plan must be in writing. It must consist of the Code of Conduct and specific policies and procedures that are tailored to the needs of each individual practice. The Code of Conduct along with the policies and procedures must be distributed, signed and implemented by all the practice personnel. The Code of Conduct describes the purpose of the practice, how services will be provided and the standards expected to be followed by all personnel in the practice. The Code of Conduct needs to be displayed where it can be read by patients and staff. It should also be given to all contractors or any other agents the practice deals with. The written policies and procedures assist the practice in delivering healthcare services according to federal and state laws, statutes and regulations.
- A compliance program must have a Chief Compliance Officer. The compliance officer is responsible for designing the compliance program and for reviewing all the programs policies and procedures on an annual basis or sooner if needed. The Compliance Officer must oversee, assess and update the compliance program to assure the program’s success. A compliance officer may be an employee that is employed at the practice or someone who is hired out as long as he or she is knowledgeable in compliance. If the position of the compliance officer is outsourced, it is important that the compliance officer has sufficient interaction with the office and understands how the practice operates.
- A compliance program must have education and training for the practice personnel. All employees must be appropriately trained so they can perform their jobs according to the practice’s compliance program and according to federal and state healthcare laws. New personnel must be trained upon being hired and established employees need (at a minimum) annual education and training. The staffs training must be updated whenever there are updates or changes to the program or healthcare laws. The Compliance Officer does not have to conduct all the training but must determine what training and education are appropriate for the practice, who needs to be trained, and when and how often training and education are needed. Training can take place in classes, staff meetings, reading articles, etc.
- A compliance plan must have an internal auditing and monitoring system. A baseline site evaluation and audit of the practice must be performed to develop an effective compliance program. The audit error rate determines when a re-audit is required. At a minimum, a practice needs to be audited annually to evaluate how well the compliance program is working. There are two types of audits, standards and procedures audit and a claims submission audit. It is important to periodically review an offices standards and procedure to determine if they are up to date and effective. In addition, it is important to review documentation, claims, and EOBs to determine if services were accurately coded, documentation was completed, and the services provided were reasonable and necessary. The OIG states that five to ten medical charts per provider should be reviewed or five or more medical records per federal payer. The Compliance Officer must educate employees and correct any areas of concern uncovered during an audit.
- A compliance program must have open lines of communication for reporting fraudulent or non-compliant activities without fear of retaliation. A Chief Compliance Officer must be available to employees to discuss non-compliant activities or answer compliance questions. Compliance hotlines or emails can encourage anonymous reporting. Staff meetings, healthcare memos, and company newsletters can be used to inform employees of fraudulent or abusive activities. It is important the staff feels safe when reporting misconduct. As a result, this can reduce the risk of qui tam (whistleblower) suits. A compliance plan requires employees to report questionable behavior to the Compliance Officer instead of state and federal authorities, however, if an employee fears retaliation, they may not report to the Compliance Officer.
- The Compliance Officer must be able to detect, investigate, and respond to any violations of the compliance program or healthcare laws. If a violation is uncovered, it must be corrected as soon as possible. If the Compliance Officer discovers that there was an inappropriate payment or an overpayment it must be disclosed and refunded within 90 days of discovery. A failure to respond within 90 days can result in fraud charges. Some warning signs that violations may be occurring include an increase in claim rejections, or carriers challenging the medical necessity of patient care. A Compliance Officer must also determine when a provider should seek legal counsel in cases of criminal activities.
- The Chief Compliance Officer is responsible for establishing disciplinary actions for employees who violate the compliance program or any state or federal healthcare law. The Compliance Officer must make sure the disciplinary actions are well publicized, that the staff is aware of these disciplinary policies and implement them when needed. Disciplinary actions may include additional education and training, written or verbal warnings, a change in the employee’s job position, termination or even prosecution.
- The compliance officer should check the OIG’s List of Excluded Individuals and Entities. This includes checking all employees, potential employees, employers, independent contractors and corporations that they conduct business with or may conduct business with to see if they are on the OIG’s excluded list. If on the list these individuals or entities are excluded from participating in Federal healthcare programs. Excluded individuals cannot be paid by any funds obtained by Federal healthcare programs, and they may not treat any patients who are covered by a Federal healthcare program. To locate excluded individuals and entities go to www.oig.hhs.gov and look on the exclusions program and search the online searchable database.
A compliance program has numerous benefits for a practice. It protects the practice and physician against fraudulent and abusive activities. It lowers the risk of an employee filing a qui tam (whistleblower) suit. It allows the physician and employees to focus on their patients optimizing the payments of claims. It reduces the chances of a post-payment audit. The OIG states that a compliance program is a mitigating factor against fines and/or jail time. You can do your own compliance plan or hire a professional compliance expert to develop a compliance plan for your office. Audits are on the rise. Now is the time to become compliant.