Get Serious About Coding Compliance in 2017

In case you missed the big hoo-ha last year, Health and Human Services Inspector General Daniel Levinson announced the release of new guidelines for handling improper coding and billing issues and overpayments. Here is a video of his announcement from the stage of the Health Care Compliance Association’s Annual Conference.

Levinson told the audience that providers who are targeted for an audit would receive "no bonus points for having a compliance plan." In the compliance world that statement is considered fair warning.

OIG issued voluntary compliance guidance in the 1990s. Similar language about compliance was included in the Affordable Care Act. So many practices rarely look at their compliance plan, or have none at all. Levinson's announcement is a huge signal that it is time for practices to get serious about compliance. Given the government's reignited interest and activity, you should assume that increased enforcement is not far away.

Here are five immediate actions for practices to take:

1. Activate your compliance plan.

Levinson's message is that practices need an active coding and billing compliance program. When was the last time you looked at yours? If it has been sitting on a shelf collecting dust, it is NOT active. It is not scotch that becomes better with time. It is meant to be used. An "active" compliance program is one that is used to correct, train, and implement good coding practices.

For instance, let’s say you have identified incorrect code usage by Dr. A. Write up a specific action plan that explains how you will address it. Include follow up steps about how you will verify that the incorrect code usage has stopped. Each time staff attends coding training, file the course information, date, and attendee’s name. I would suggest that attendees summarize what they learned, along with three things they plan to do or implement as a result.

2. Send staff to an onsite coding course.

It is dangerous for staff to be in the dark about rule changes and regulatory updates. Rules change annually. Although Medicare webinars and emails are helpful, structured, annual training is a must in order to have a complete understanding of high priority compliance issues and code changes. Contact your specialty society to find out about upcoming coding workshop options, or check out the educational offerings from other resources.

3. Assess your E&M services audit risk.

Review the E&M coding patterns of all physicians in the group to make sure they are aligned with state and national standards in your specialty. Once this is done, review 5 to 10 charts per provider to verify that documentation matches the billed codes. Do this internal assessment quarterly and discuss results in physician meetings. Document what was learned and conduct conversations with physicians who need to improve their coding or documentation. This may seem overwhelming, but it is not. There are tools out there to help you.

4. Perform background checks on final job candidates. 

Does your organization perform background checks and/or check references prior to offering a position? Compliance issues can arise due to malicious actions of insiders. The last thing you need is to hire someone that has been convicted for embezzlement to handle your practice's billing.

5. Review your Business Associate Agreements (BAAs). 

Compliance does not end at your doorstep. Many practices use collection agencies or external auditors/accountants/billers. Even when you outsource tasks, you are ultimately responsible for your practices' claims. You cannot legally outsource this responsibility.

Have an up-to-date BAA in place with every vendor who handles protected health information (PHI). Validate the quality of the work being done by these outside firms, and confirm that all of them have insurance to cover mistakes/errors.

Bonus Option: Insurance. As part of your risk management strategy, consider the purchase of insurance coverage that assists with third party audits and other billing and coding issues. Talk to your broker about options.

Michael J. Sacopulos, JD, the founder and president of Medical Risk Institute, a firm that provides proactive counsel to the healthcare community. For more than 20 years, Michael has devoted his practice to advising physicians and healthcare organizations. Known for his sharp wit and un-lawyerlike pragmatism, Michael (a.k.a. The Compliance Guy) speaks nationally on compliance, privacy, and other issues facing physicians and is skilled at turning mundane topics into entertaining educational sessions. His full service firm offers remote Compliance Officer services, as well as complete compliance and HIPAA programs.