Question: Our practice bought a compliance plan from a consultant about eight years ago and we have not had a problem since then. Other than updating the names on it when a new otolaryngologist joins our practice, this plan should cover us if we ever get audited, right?
Answer: When you say you “bought” the compliance plan, it is assumed that you purchased a pre-written plan and simply filled in your practice’s information on the front page, which probably is not enough to protect you if an audit ever occurred. Compliance is a multistep process that does not stop after you file away your compliance plan.
A pre-written compliance plan may be a good place to start, but it provides a false sense of security for several reasons, unfortunately. First and foremost, a compliance plan needs to be directed at the various regulatory, payment, operational, and legal issues that are most implicated for your specific practice.
“A pre-written compliance program will not address the specific operational policies and procedures that are specific to your practice and as a result it can actually get the practice into more trouble than if they had no compliance plan at all,” says Barbara J. Cobuzzi, MBA, CPC, CENTC, COC, CPC-P, CPC-I, CPCO, vice president at Stark Coding & Consulting, LLC, in Shrewsbury, N.J.
“When audited by the government, one of the things that the auditors do is to ask the practice staff what they do in situations covered in the compliance plan and then compare it to what is written in the plan,” Cobuzzi says. “If the employees’ answers are inconsistent with what is in the compliance plan, the result is worse than had the practice have no written compliance plan. The practice must make sure that the compliance plan reflects not only what the practice does do in each situation, but also that their employees have read the entire compliance plan, understand it and have been fully trained on all aspects of the plan that affect their job.”
CMS policy states that each practice or organization should look carefully at areas of exposure to make sure that it has adequate systems in place to monitor and correct sources for potential claims and penalties. If you simply buy a compliance plan off the shelf, it is less likely to be integrated into the operations of the practice. Instead, create a customized compliance plan after determining your biggest risk areas, and include details that are tailored to the issues you face.