Medicare Compliance & Reimbursement

Reductions in fines tops the list of benefits.

If your practice participates in Medicare or Medicaid, then heed what the HHS Office of Inspector General (OIG) has planned, as it could save you in a touch-and-go situation. OIG has set forth new criteria for its determination of permissive exclusion from federal and state healthcare programs.

In order for providers “to reap the mitigation benefits of having a compliance program, for instance, receive substantive reductions in fines for violations of criminal law, the program must incorporate all of the elements from the U.S. Federal Sentencing Guidelines,” says Sarah Warden, Esq. of the Florida Health Law Center’s Davie, FL office. “Those elements provide what is minimally necessary for an organization to use due diligence and to promote a culture that encourages ethical conduct and legal compliance.”

Background: On April 18, the OIG released an amended policy statement that set forth new criteria for its determination of permissive exclusion from federal and state healthcare programs.

The new non-binding criteria suggest that implementing an effective compliance program might not be enough to escape exclusion for fraudulent activity, and that the “circumstances of conduct” as well as the provider’s conduct during the investigation will weigh heavily on the OIG’s final decision whether to exclude or proceed with a Corporate Integrity Agreement (CIA).

“Simply having an effective compliance program is a neutral factor that will not affect the OIG’s risk determination of whether other remedies besides exclusion adequately protect federal healthcare programs and their beneficiaries,” explains Warden, “But, an organization’s lack of an effective compliance program indicates a higher risk on the risk spectrum announced in the updated policy statement, and the OIG will pursue exclusion for organizations at the highest risk.”

Make Compliance a Priority

In the most serious cases of fraud, the fault is due to the negligence and misconduct of the provider. Oftentimes, the deficiency can be attributed to uneducated staff, outdated software, and ineffective compliance agreements.

“Exclusion from federal healthcare programs is a virtual death sentence for a provider’s business and a criminal conviction under the federal or state fraud and abuse laws requires mandatory exclusion by the OIG instead of permissive exclusion,” says Warden. Luckily, there are steps your practice can take to avoid exclusions that will lower your risk factor on the OIG “risk spectrum.”

Cooperation is the key: Whether your practice is on the up-and-up or makes some questionable decisions regarding patients’ privacy, safety, and security, there are some things to consider before putting a compliance system into place. Some providers violate the laws because they and their staffers misunderstand the rules or aren’t truly committed to a compliance plan while others refuse to remedy known problems and communicate with legal counsel.

“Cooperation and self-disclosure prior to becoming aware of the government’s investigation are factors identified in the OIG’s updated policy statement as being at the low end of the compliance risk spectrum for the OIG’s permissive exclusion determination,” says Warden. A provider’s willingness to be open may lead to a more favorable CIA or other OIG resolution versus outright exclusion.

Tips and Tools

Once you and your staff decide to embrace what the OIG calls “a culture of compliance,” there are some things you want to include in your office plan. Take a look at these ten dos and don’ts to follow when adopting a new compliance program:

• Do educate your staff on compliance and HIPAA.
• Do seek legal counsel if clarification is needed about the laws before writing up policies.
• Don’t forget to make the written standards clear and concise.
• Do hire a compliance officer to implement and enforce the policies.
• Do be an example for your staff, keeping the compliance lines of communication open.
• Don’t leave out a compliance monitoring system — it is key to protecting patients’ privacy.
• Do an annual audit to ensure you and your staff members are following the rules.
• Don’t overlook the importance of compliance-ready EHRs and training your staff on how to use them.
• Do discipline or dismiss staff who don’t comply.
• Don’t let your guard down now that you have a compliance plan.

Resource: For more information on the OIG’s policy statement on permissive exclusion, visit http://oig.hhs.gov/exclusions/files/1128b7exclusion-criteria.pdf.