Client Alerts, News Articles & Blog Posts

Everything you need to know about BMD and the industry.

It Is Time To Update Your Compliance Plans

In 1997, the Office of the Inspector General (“OIG”) began to actively promote that health care providers adopt written compliance plans to assist providers to follow government rules and regulations regarding health care. This initiative included the issuance of specific guidance to help develop written compliance plans for particular types of health care providers. These plans cover the requirements of Stark, Anti-Kickback, False Claims and other financial protection statutes.

In 2000, the OIG issued the “Compliance Program Guidance for Individual and Small Group Physician Practices,” which was released in the Federal Register on October 5, 2000. This Guidance recommended medical practices adopt a written compliance plan, which included several important components, including (1) designation of a responsible party for compliance, (2) developing an auditing and monitoring process, (3) developing practice standards and procedures for compliance, (4) developing a program for record retention and security of information, (5) establishing training and education programs for staff and independent contractors, (6) improving communications and compliance reporting initiatives, (7) adopting specific employee discipline models for compliance violations, and (8) programs to collaborate with government and third parties in the event of an audit or review of the practice’s programs.

These plans were important for practices to consolidate the large amount of federal regulations into a concise working manual that would provide a roadmap for the practice.  This roadmap will help keep the practice in compliance with ever changing rules and regulations. This plan will also give guidance to the practice of what to do if the practice discovers that it has potentially made a mistake in billing or compliance, and assist the practice to be proactive in such event to report and cure the violations.

Why was adopting a compliance plan important?

Clearly, everyone wants to follow the law. A well-informed trained practice would substantially eliminate or reduce the possibility of errors and legal entanglements in dealing with government programs. In addition to the appropriate goal to operate in accordance with rules and regulations, there was a second compelling reason for practices to adopt a plan. The OIG had publicly announced that the adoption of a plan by a practice which was later discovered to have violated the rules, would be taken into consideration by the government when considering the level or extent of sanctions or consequences from the violation. Frequently referred to as the “Stay Out of Jail Plan,” the government commented that if a practice at least was trying to comply with the rules as documented by a compliance plan, the government would consider such efforts at compliance to determine a violation to be more akin to a civil type offense resulting in financial penalties only. If the practice failed to have a plan or if they had a plan but they failed to even reasonably attempt to comply with the plan, the government would consider the violation more in lines with a deliberate disregard, or deliberate intention to violate the rules, for which they would be more inclined to consider exclusion or criminal sanctions.

We need to fast forward to 2016. The OIG has concluded that it is shifting its focus from encouraging practices to create the compliance program to an evaluation of whether practices are operating effective compliance programs.

In April 2016, the OIG announced its new criteria for considering whether to exclude a provider under government programs. Exclusion, of course, is one of the more extreme sanctions permitted by federal law, and a party excluded is not permitted to be employed by or work for any organization in health care which bills any government program for health care services. In short, it would serve as a professional death sentence for most licensed professionals.

Under the new guidance, the OIG has announced that it will make a risk assessment when considering the level and extent of sanctions for a violation, which might include consideration of financial sanctions, exclusion, or criminal sanctions. The OIG announced four broad categories that they will consider in making their determination. Those factors are: (1) the nature and circumstance of the conduct in violation, (2) the provider’s conduct during the investigation, such as level of cooperation, availability of records, and the like, (3) were there significant ameliorative efforts, such as whether the practice had voluntarily adopted process changes or other steps to hopefully prevent the events from reoccurring in advance of government compelled direction to do so, and (4) whether the practice has had a history of compliance in the past. They further announced that simply having a plan is no longer good enough to protect a provider from the more severe levels of sanctions.

What does all this mean to your practice?

Most importantly, your practice should review your current compliance plan. Unfortunately, some practices adopted the plan back in 2000 and have not updated, reviewed, or paid any attention to the plan since that time. If this might apply to your practice, it is time to dust off that compliance manual and have a renewed focus on compliance.  For those practices who may not have adopted a written compliance plan before, it would be an excellent idea to consider doing so as soon as possible.

Is this plan the same as our HIPAA compliance plan?

No, they are two different plans. The HIPAA plan will cover the requirements found in the Health Insurance Portability and Accountability Act and the subsequent HITECH amendments, both as to the privacy regulations and security regulations for electronic medical records. The OIG compliance plan focuses on compliance with the Stark, Anti-Kickback, False Claims Act and other government regulations primarily with issues of billing, referrals, and the exemptions from some of those requirements. Each of the two plans are required to have a compliance officer, and the practice could identify a person to serve as a compliance officer under both programs.

Elements of a compliance plan.

In drafting your compliance plan, the 2000 Guidance for Physician Practice Plans is still valid and will give you the key elements to consider including.  Working with experienced health care attorneys will help expedite that process for your practice. The key elements of the plan include:

  • Identify a compliance officer who has the responsibility and authority to act for compliance oversight in the practice.  This may be the office manager, physician or other key person within the practice.
  • If the plan has not been reviewed or updated since adopted in 2000, the plan should be carefully reviewed with revisions and updates made to reflect changes in health care regulations in the past 16 years.
  • You should adopt a formalized training program that should include all staff members, both professionals and lay persons, on at least an every other year basis to cover key compliance and regulatory issues, and such training should be documented.
  • Identify procedures for the practice to have ongoing review of government bulletins, updates, and other materials to make sure that the plan is up to date on an ongoing basis.  For example, government enforcement changes that mandated self-disclosure within 60 days of discovery of billing errors should be a part of your plan.
  • EOB reviews.  The practice should identify someone to review EOBs, particularly claims rejections to determine if the practice has appropriate systems in place to submit appropriate documentation to support various coding, that charts appropriately demonstrate medical necessity, and information that would support outcome measurements as the government and plans shift to outcome incentive compensation models.

Once a provider elects to participate in a government health care program, that election to participate also includes a contractual commitment to comply with the rules and regulations of the program. There is no question that those rules and regulations change on a regular basis, and the practices need to make sure that they remain current and are operating the practice consistent with those requirements. Even with the best intentions, mistakes can occur. The compliance plans will help practices to stay focused on areas of concern so that problems can be avoided, and if a problem does occur, by prompt self-disclosure or other action, the potential sanctions to the practice and physicians will be dramatically reduced.

If you would like a copy of the Guidances from the Office of Inspector General, the New Criteria announced by the OIG in April, or assistance in reviewing and updating your compliance plans, please contact Scott P. Sandrock at (330) 253-4367.

Written by Scott P. Sandrock, Brennan, Manna & Diamond, LLC. Published Stark County Medical Society News, June, July and August 2016