Hint: Write your policies with simplicity in mind so that everyone understands. Two main goals for any compliance program include maintaining compliance and surviving a potential audit. So it’s in your practice’s best interest to make the investments in time, money, and other resources now to put a compliance program in place — or to revamp what you’ve already established — that achieves those goals. “Maintaining compliance requires an ‘all hands on deck’ attitude, and a written plan that details exactly how staff will promote accuracy and ethical processes,” says Terry Fletcher, BS, CPC, CCC, CEMC, CCS, CCS-P, CMC, CMCSC, CMCS, ACS-CA, SCP-CA, owner of Terry Fletcher Consulting Inc. and consultant, auditor, educator, author, and podcaster at Code Cast, in Laguna Niguel, California. With COVID-19 funding relief programs, blanket waivers, and other public health emergency (PHE) measures in place now, you should expect an onslaught of audits in the near future, she says. Achieving compliance may be especially tough right now as employees are feeling burned out personally and professionally, and may not be performing at their best. Discover Some Background While some aspects of compliance programs were once voluntary, the concept is hardly new. A 2000 Federal Register notice by the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) describes a compliance program as preventive medicine. “Physicians should view compliance programs as analogous to practicing preventive medicine for their practice. Practices that embrace the active application of compliance principles in their practice culture and put efforts towards compliance on a continued basis can help to prevent problems from occurring in the future,” the notice says. With the Affordable Care Act, practices that see patients who are Medicare or Medicaid beneficiaries are required to have written compliance plans, Fletcher notes — not just something that is “in the works” or general best practices. Incorporate These Components You can see what OIG and the Department of Justice (DOJ) are prioritizing, in terms of enforcement and fraud, by looking at recent criminal enforcement actions, which you can find here: https://oig.hhs.gov/fraud/enforcement/criminal. Conflict of interest relationships are a big focus lately, so keep your disclosure questionnaires up to date.
Specifically mention pertinent laws and regulations. A government audit would look at whether you address specific laws or specific behaviors with your staff or ancillary agents, says Beverly Smith, JD, CSSMBB, CPCO, in an AAPC 2020 Virtual HEALTHCON session “Guidelines on How to Demonstrate a Compliance Plans Effectiveness.” To survive a government agency audit, the easiest way is to describe a scenario and then point out: “This is a violation of HIPAA, this is a violation of HITEC, this is a violation of Stark Law,” Smith says. Top tip: Writing about the policies specifically is also a good way to make sure you remember to update them when necessary, Smith said. For example, if Stark Law undergoes any changes after the public comment time, then you’ll know exactly which parts of your policies and procedures you’ll need to update accordingly. Make sure you incorporate staff continuing education — including for physicians and other clinicians — into your compliance program, Fletcher says. You want to make sure there is at least one annual compliance training, as well as training focused on promoting increased billing and coding accuracy, she recommends. Look at the language you’re using, too. Smith says that many plans incorporate too much legalese or industry-specific jargon, but compliance programs and plans are usually presented to staff who are onboarding and may not know the acronyms your organization uses regularly or even the definition of some industry-specific words. Write the policies simply enough so the least knowledgeable person in the room can walk away with an understanding of the rules without having to ask any clarifying questions, she recommends. Be explicit in stating what counts as misconduct, too, Smith says. “Stating plainly what is misconduct is sometimes the biggest thing that we have to do.” Being explicit is helpful because ambiguous words or phrases can leave crucial aspects of compliance open to interpretation, which is risky and doesn’t hold everyone to the same level. “Inventory” your compliance obligations, Smith recommends, so staff know exactly what to do to achieve and maintain compliance. With the ongoing COVID-19 pandemic, now is a good time to make sure your compliance plan addresses policies like telemedicine and working from home, too. Self-Audit Your Compliance When writing a new plan or evaluating your current plan, it’s important to see where your practice stands in terms of compliance and where it hopes to be if all compliance goals are achieved. You should perform a self-assessment of your plan but send it out for other eyes as well, Smith says. The self-assessment can go through a compliance or policy committee — if your organization has either or both. Send it to key stakeholders as well, even if they’re not involved in the day-to-day operations of your practice, to make sure they understand, she recommends.
A second, outside opinion is also useful to catch inconsistencies or phrases that could use clarification, which you might miss after poring over the document so many times, Smith says. Even though it seems like a lot of expensive busy work, compliance programs are necessary — and can save you money, in the long run. “A lot of businesses don’t want to invest in compliance until they actually have a compliance-related exposure and a penalty, and then they realize it would have cost less on the front end to establish a compliance framework,” Smith says.