Part B Insider (Multispecialty) Coding Alert

Compliance:

Lack of a Practice Compliance Program Puts You at Risk

New OIG policy statement outlines the importance of compliance planning.

Due to the competitive and complex nature of the healthcare industry today, compliance programs should be the cornerstone of each and every practice’s foundation and are mandatory for certain providers that participate in Medicare or Medicaid. Unfortunately, many providers still refuse to put this at the top of their administrative and legal to-do lists.

In order for providers “to reap the mitigation benefits of having a compliance program, for instance, receive substantive reductions in fines for violations of criminal law, the program must incorporate all of the elements from the U.S. Federal Sentencing Guidelines,” says Sarah Warden, Esq. of the Florida Health Law Center’s Davie, Florida office, “Those elements provide what is minimally necessary for an organization to use due diligence and to promote a culture that encourages ethical conduct and legal compliance.”

Background: On April 18, 2016, the Office of Inspector General (OIG) released an amended policy statement that set forth new criteria for its determination of permissive exclusion from federal and state healthcare programs. The new non-binding criteria suggest that implementing an effective compliance program might not be enough to escape exclusion for fraudulent activity, and that the “circumstances of conduct” as well as the provider’s conduct during the investigation will weigh heavily on the OIG’s final decision whether to exclude or precede with a Corporate Integrity Agreement (CIA).

“Simply having an effective compliance program is a neutral factor that will not affect the OIG’s risk determination of whether other remedies besides exclusion adequately protect federal healthcare programs and their beneficiaries,” explains Warden, “But, an organization’s lack of an effective compliance program indicates a higher risk on the risk spectrum announced in the updated policy statement, and the OIG will pursue exclusion for organizations at the highest risk.”

Make Compliance a Priority

In the most serious cases of fraud, the fault is due to the negligence and misconduct of the provider. Oftentimes, the deficiency can be attributed to uneducated staff, outdated software, and ineffective compliance agreements.

“Exclusion from federal healthcare programs is a virtual death sentence for a provider’s business and a criminal conviction under the federal or state fraud and abuse laws requires mandatory exclusion by the OIG instead of permissive exclusion,” says Warden. Luckily, there are steps your practice can take to avoid exclusions that will lower your risk factor on the OIG “risk spectrum.”

Cooperation is the key. Whether your practice is on the up-and-up or makes some questionable decisions regarding patients’ privacy, safety, and security, there are some things to consider before putting a compliance system into place. Some providers violate the laws because they and their staffers misunderstand the rules or aren’t truly committed to a compliance plan while others refuse to remedy known problems and communicate with legal counsel.

“Cooperation and self-disclosure prior to becoming aware of the government’s investigation are factors identified in the OIG’s updated policy statement as being at the low end of the compliance risk spectrum for the OIG’s permissive exclusion determination,” says Warden. A provider’s willingness to be open may lead to a more favorable CIA or other OIG resolution versus outright exclusion.

Tips and Tools

Once you and your staff decide to embrace what the OIG calls “a culture of compliance,” there are some things you want to include in your office plan. Take a look at these ten dos and don’ts to follow when adopting a new compliance program:

  • Do educate your staff on compliance and HIPAA.
  • Do seek legal counsel if clarification is needed about the laws before writing up policies.                         
  • Don’t forget to make the written standards clear and concise.                  
  • Do hire a compliance officer to implement and enforce the policies.                         
  • Do be an example for your staff, keeping the compliance lines of communication open.                        
  • Don’t leave out a compliance monitoring system—it is key to protecting patients’ privacy.                         
  • Do an annual audit to ensure you and your staff members are following the rules.                          
  • Don’t overlook the importance of compliance-ready EHRs and training your staff on how to use them.                         
  • Do discipline or dismiss staff who don’t comply.                        
  • Don’t let your guard down now that you have a compliance plan.

Resource: For more information on the OIG’s policy statement on permissive exclusion, visit http://oig.hhs.gov/exclusions/files/1128b7exclusion-criteria.pdf.