The Affordable Care Act will broaden the government’s efforts to detect Medicare overpayments and fraud, and will require you to implement a formal compliance plan. Here’s how to get ready.
When the U.S. Supreme Court upheld the Affordable Care Act (ACA) last June, the decision was cast as an affirmation of the individual health insurance mandate. For physicians, however, the new mandate is among the least important aspects of the law.
For physicians who accept Medicare or Medicaid, the ACA includes many provisions that will serve up more administrative burdens and regulatory risk.
Perhaps the most concerning are new rules aimed at reducing the cost of Medicare by cracking down on overpayments, including (but by no means limited to) fraud. Here's a guide to what's coming, and advice on what you need to do now to prepare.
Among its many provisions, initiatives, and amendments, the reform law dramatically broadened the scope of the False Claims Act, the federal law that allows the government to recover overpayments to its contractors, including healthcare providers, and to pursue allegations of fraud. Specifically, physician practices and other providers who take more than 60 days to report and return overpayments from Medicare and other federal health programs can face civil charges, even if the overpayment was caused by error.
"Now, if you get overpaid, even through an innocent mistake, and you become aware of it but don't promptly repay, you can be subject to prosecution under the False Claims Act for your failure to repay promptly," says Robert J. Saner, a partner in the Washington, D.C. law firm of Powers, Pyle, Sutter and Verville. "That has providers and those of us who counsel them pretty nervous."
Saner, who also is Washington counsel for the Medical Group Management Association, adds that the law's 60-day rule is troublesome, given the complexity of medical billing and the time it takes to track down what caused an overpayment.
"I'm not aware that the government has yet brought False Claims Act penalties under this ACA provision simply for allegedly missing the 60-day deadline to return an overpayment," Saner says. "But that will come, and when it does, everyone is going to get religion around this subject."
Until the government drafts regulations to address the expanded False Claims Act's application to physician practices and other providers, Saner suggests physicians work credit balances promptly, monitor for correct coding, keep an eye out for overpayments, and report issues to their Medicare Administrative Contractors (MACs). Saner does not expect MACs to take a hard line at this time, but he warns that future regulations could say otherwise.
An important step to reduce the risks to you and your practice is a comprehensive compliance program. Eventually, every health provider receiving payments from Medicare, Medicaid, and other federal healthcare programs will be required to have a compliance plan in place, says attorney Michael Ruggio, who leads the healthcare team at the LeClair Ryan law firm.
"The ACA has substantially eased the way to develop, refine, and prosecute False Claims Act cases, so your compliance behavior needs to be enhanced substantially," Ruggio says.
Not only is the government's ability to develop a False Claims Act case enhanced, but so is the ability of whistleblowers to bring cases, Ruggio says.
"It's important for physicians to understand that this is an expanding area of law and one that is going to expose your practice to more risk," Ruggio says.
Compliance for all
While compliance programs have always been a good idea, they had not previously been mandated for most healthcare providers. The reform law changes that by requiring a wide range of providers - from solo physician practices to the largest integrated health systems - to establish compliance and ethics programs to continue participating in the Medicare and Medicaid programs.
The law also authorizes HHS to devise required core elements for compliance programs. Draft rules for skilled nursing facilities have already been rolled out; the agency will develop rules for other sectors of the healthcare industry, too.
While draft regulations for physician practices are still on the drawing board, count on them to reflect the Office of the Inspector General's (OIG) "Seven Fundamental Elements of an Effective Compliance Program." Those principles should form the basis of your compliance program.
1. Implement standards and procedures. Even when starting from a template plan, it's important to modify and expand it to the practice's unique risks, says Kevin Townsend, director of coding, compliance, and billing services with Doctors Management, a Knoxville, Tenn.-based consultant. But don't let that plan sit on the shelf, Townsend adds. "If the OIG comes in and finds an inch of dust on the document - that it is not a living, breathing plan, it doesn't speak well of the practice."
2. Designate a compliance officer. "You can't just appoint the receptionist," Ruggio says. "They must be empowered to educate other employees, update physicians, call meetings, and, if need be, initiate corrective actions if there's a violation." Nurses, administrators, billing and office managers, and others with elevated responsibilities in the practice are good compliance officer candidates but must receive documented healthcare compliance training.
3. Train and educate. Ruggio recommends compliance education for every new employee and annual refresher courses for all staff. Keep a file of the dates and content of each educational session, webinar, and other training that employees attend. "Include in the file a document the employee signs to certify they attended the course or read the material, and understood its content."
4. Monitor and audit. Periodic chart audits - Ruggio suggests every six months, even if it requires hiring outside assistance - can help ensure that documentation supports the levels of service billed. "There is clearly a concern on the government's part with doing unnecessary medical services," Ruggio says. Documenting audit results, as well any as corrective actions and education efforts taken as a result of the audits, are also compliance plan musts, he says.
5. Respond. "Once you've identified a problem, you have to document it and take direct, corrective action, which you also document," Ruggio says. "You are saying to anyone who investigates later that you took legitimate actions to deal with the issue and correct it."
6. Open lines of communication. A user-friendly process to report fraudulent conduct should maintain the anonymity of both those reporting and those involved in the conduct. Additional communication mechanisms can include maintaining a compliance bulletin board, setting up an anonymous drop box, and posting the HHS-OIG hotline telephone number in a prominent location.
7. Enforcement through discipline. The practice should publicize to employees its disciplinary standards, document findings of noncompliant conduct, and be prepared to issue sanctions to violators. Disciplinary actions can include reprimands, probation, demotion, suspension, and even termination and referral for criminal prosecution. The task gets especially tough when a physician is suspected. "Even if the person is an owner-partner, you need to take direct action," Ruggio says. "If you don't step up, you could be seen as a conspirator in a potential false claims act - the last thing you want to do."
A small but growing number of practices are developing new compliance plans or revising old ones in advance of more specific regulations from the government. Townsend says his firm has already seen an upswing in requests from medical practices seeking help to revisit compliance plans or develop new ones.
"There's just so much more talk about it now and it's also fed by payers getting more aggressive with audits of practices' documentation, coding, and billing," he says.
A successful compliance plan sends a message to the staff, physicians, payers, and regulators that the practice is trying to prevent errors.
Put it together
The seven elements described above were first published in the Federal Register in 1998, and experts have long advised practices to develop and follow compliance programs based on them. Although the reform law raises the stakes by beefing up enforcement of existing compliance rules, it would be wrong to say that practices should think about billing compliance only because of the ACA. A good compliance plan not only reduces the risk of costly False Claims Act allegations, it also reduces vulnerability to coding errors generally, as well as Stark violations and other risks.
"Compliance is the biggest risk area for physician practices, followed closely by the risk of thinking it is an unnecessary cost area," says Jim Hook, director of consulting services and principal with The Fox Group, based in Upland, Calif. "We don't have final rules for what physician compliance plans will look like yet, but they will come and so will enforcement, so it's better to start sooner than later."
Saner observes that few small and midsize practices have compliance officers, compliance committees, outside coders doing periodic claims audits, 24-hour-a-day reporting hotlines, and other elements of the full-blown compliance plans seen at large practices, hospitals, and academic medical centers.
"It has nothing to do with anyone's desire to not be compliant," Saner says. "It's just a matter of resources. Small practices are under a tremendous administrative burden from Medicare and private managed-care plans. They've got their hands full just getting through the day."
Perhaps, as Saner and other experts we contacted suggest, it's best to view compliance plans as preventive medicine to minimize mistakes that could end up costing much more than maintaining the plan. And, if the plan helps to increase accuracy in documentation and root out billing and coding problems, it could enhance the delivery of patient care and improve your practice's bottom line.
A "living, breathing" plan
The OIG’s guidance to individual and small physician practices emphasizes that compliance plans must be active programs: "Compliance programs are not just written standards and procedures that sit on a shelf in the main office of a practice, but are an everyday part of the practice operations. It is by integrating the compliance program into the practice culture that the practice can best achieve maximum benefit from its compliance program."
Seven elements of effective compliance plans
The required components of mandatory compliance and ethics plans described in the Affordable Care Act are similar to the seven elements of compliance plans already spelled out by the OIG:
• Conduct internal monitoring and auditing
• Implement compliance and practice standards
• Designate a compliance officer or contact
• Conduct appropriate training and education
• Respond appropriately to detected offenses and develop corrective action
• Develop open lines of communication
• Enforce disciplinary standards through well-publicized guidelines
Source: "Compliance Program Guidance for Individual and Small Group Practices" HHS Office of Inspector General, October 2000. (http://bit.ly/Physician-Compliance)
A key objective of the ACA is to rein in federal healthcare spending, so practices that accept Medicare should expect increased efforts to identify overpayment and fraud.
• Providers must now implement compliance programs in order to participate in Medicare and Medicaid.
• The law lowers the burden of proof for the government to bring False Claims charges against providers.
• Good compliance programs should follow the OIG's "Seven Fundamental Elements of an Effective Compliance Program."
Robert Redling is a freelance writer based in Tacoma, Wash. He has been practice management editor for Physicians Practice, Web content editor and senior writer for the Medical Group Management Association, and a speechwriter for the American Academy of Family Physicians. He can be reached via firstname.lastname@example.org.
This article originally appeared in the January 2013 issue of Physicians Practice.