To Reduce Medical Practice Risks, Implement a Compliance Program

Medical practices face increasing pressures to comply with several new and evolving rules and regulations. One way practices can ensure they are in compliance and up to date on all of them is by implementing a compliance program. 

"The reality is that you cannot afford not to do it," Daryl Smith, a presenter at the Medical Group Management Association Annual Conference in San Diego, told attendees, noting the potential penalties a practice could face if it is not in compliance with regulations. "It is much more expensive to not have a compliance program in place than to have one."

Smith, chief operations officer at Central Utah Clinic PC, a large multispecialty clinic in Provo, Utah, co-presented a session entitled, "Compliance Plan 101: How to Start and Keep Compliance Alive in Your Practice," on Wednesday, Oct. 9.

A basic compliance program, said Smith, should address prevention and detection of criminal conduct, and enforcement of government rules and regulations. The Office of Inspector General (OIG) provides model compliance program guidance specifically for medical practices, and this is a great place for any practice looking to create a compliance program to start, he said.

Here is some more information regarding the specific elements Smith, and his co-presenter Marcia Brauchler, president of healthcare consulting firm Physicians’ Ally Inc., in Highlands Ranch, Colo., said a compliance program should include:

1. Written policies and procedures. Create written, up-to-date, and user-friendly policies and procedures to ensure your practice is complying with all the necessary regulations. Also, ensure the policies and procedures are relevant to the specific compliance needs your practice faces.
2. Compliance officer. Designate a compliance officer to monitor compliance, serve as a resource for staff, and ensure your practice is up to date.
3. Appropriate training. Create a training program to test staff knowledge, and train them appropriately and regularly.
4. Effective communication. Solicit feedback from staff and encourage their input regarding compliance problems and questions. Also provide them with an opportunity to share their thoughts anonymously.
5. Internal monitoring. Monitor coding, contracts, and documentation to ensure you are in compliance.
6. Enforcement of standards. Have well-published standards and take corrective action when problems arise.
7. Prompt response. Respond promptly to problems, conduct an investigation, implement corrective action, retrain staff, report to counsel, and modify your compliance program, if necessary.

Brauchler recommends adding an eighth step to your compliance program: proving that the program is working and active. For this, she said, practices should document staff knowledge pre-tests and post-tests, educational sessions, the number of hours spent on compliance efforts, the number of policies and procedures reviewed, the number of charts audited, and so on. "Show that you're not just having a plan that sits on a shelf but that's its working in your practice."

Wondering what rules and regulations your compliance program should address? Here is some guidance:
• Review the HIPAA privacy and security rules to ensure you are complying. "HIPAA's changed a lot this year," said Braucher, noting that HIPAA enforcement has increased and the maximum fine is now $1.5 million.
• Review medical records documentation to ensure it validates the services provided.
• Review human resource regulations including those pertaining to nondiscrimination, sexual harassment, the Family and Medical Leave Act, the Fair Labor Standards Act, and the Americans with Disabilities Act.
• Review regulations related to the Civil False Claims Act, the Federal Anti-Kickback Statute, and the Physician Self-Referral Act (also known as the Stark Law).
• Review patient care issues such as patient dismissal and informed consent.
• Review key issues outlined in annual OIG work plans to ensure your practice has adequate policies and procedures. "Make that an annual part of your compliance program," said Smith. "The OIG is basically telling you, 'This is what we're going after,' so protect yourself from that."