Medicare Compliance & Reimbursement

In the health care field, it seems like not even a week can go by without hearing about a physician who has been accused of Medicare fraud. But fraudulent activity doesn't always involve a physician getting kickbacks from other providers -- compliance issues can often be so subtle that you don't even know they exist until an investigator points them out to you. Here are five quick steps that can help you avoid legal issues.

1. Draw up and institute a sound compliance plan. A well-thought-out compliance plan indicates that your practice has made a good-faith effort to comply with national Medicare and local carrier requirements. If you have a plan in place and can demonstrate that you abide by it, it could help you minimize any penalties if your practice is ever audited.

2. Avoid "canned" compliance plans. You should avoid downloading or purchasing a cookie-cutter compliance plan that only requires you to fill in your practice's name on the front page. If your plan isn't customized to address the unique details of your office, the document will not be a useful source of guidance for billers and physicians.

"There is no such thing as a 'one size fits all' compliance plan," says Jeffrey S. Moore, Esq., with Phelps Dunbar, LLP in Tupelo, Miss. "Each physician practice is unique. While it is okay to purchase a pre-written or canned plan as a starting point, each practice should tailor their compliance plan to their specific needs."

Small physician practices should perform a "GAP Analysis" to identify their highrisk legal compliance areas which should be the focus of their compliance plans, Moore advises. "In most physician practices, this will be in the documentation, coding and billing areas, HIPAA privacy and security issues and issues under the Stark and Anti-Kickback Statute. However, depending on the size of the physician practice and the types of ancillary services it provides, the practice could have issues including, but not limited to, labor and employment law issues (including benefit plan issues), licensure issues, Medicare reassignment issues, and issues related to advance beneficiary notices."

The OIG dictates that compliance plans must include certain core elements, and you should update your compliance plan periodically to ensure that it includes current information. "For example, the recent changes implemented by the health care reform law with respect to the Stark, Anti-Kickback, Civil Monetary Penalty and False Claims Act laws likely justify revisions to a provider or supplier's corporate compliance plan," Moore says. "If a physician practice purchases a 'canned' compliance plan, it is unknown whether the vendor will supply the practice with timely compliance plan updates based on changes in the law."

In addition, if a physician practice is audited by government regulators, the regulators often ask for a copy of the compliance plan. "To get credit for a compliance plan, regulators want evidence of an effective plan tailored to that practice's needs, and proof that everyone affiliated with the practice is aware that a compliance plan is in place and of the general requirements of the plan," Moore adds.

3. Encourage a culture of compliance. It's not enough to have a compliance plan sitting on your shelf. Make sure all employees know you are committed to doing the right thing and expect them and yourself to live up to the compliance plan.

Involve the entire staff in helping to create the plan, so that no aspect of your practice is left out, from privacy policies to claims tracking to documentation.

4. Be receptive to employee complaints. An effective compliance plan should spell out the process or vehicle by which employees, partners or agents of the practice can make complaints, Moore advises. "The process should allow for individuals to make their complaints anonymously, if they so desire, to encourage compliance complaints without fear of retaliation or retribution by the practice or its physician owners. The compliance plan should include language making clear that the practice will not retaliate against employees or agents who raise compliance issues at the practice."

Although large facilities often employ a complaint hotline, that may not be practical in a smaller office. "In a small physician practice, the best practice may be to have a compliance drop box where employees can deposit complaints at any time," Moore says. "The complainant should be free to file the complaint anonymously or they can identify themselves if they so desire. The compliance plan should require the practice to have a designated compliance officer whose duty would be to check the compliance drop box on a periodic (at least weekly) basis to see if any complaints have been deposited in the box. If a complaint is lodged, the compliance officer should investigate the complaint to determine if it has merit." The compliance officer should then report the complaint to the practice's governing body and advise the governing body regarding how the complaint was resolved, he adds.

5. Police yourself. Once you have proper compliance procedures and practices in place, you need to do your own checks and audits to make sure you're complying with them. It's much less costly and embarrassing to fix problems yourself than to have regulators do it for you. Update your compliance plan annually or as new regulations require you to do so, and conduct self-audits on a regular basis.