Assessing your medical practice for risks and determining the likelihood and severity of impact will help you determine the most important areas to focus on.
Achieving physician buy-in for a compliance program can be daunting. Compliance comes at a cost, consuming resources (time, attention, and money) that are already stretched thin. But, if physicians and staff fail to pay for compliance, up front, practices run the risk of implementing a compliance program reactively, at an even higher cost.
In other words, compliance is a lot like insurance. You may hate to pay for it, but if you need it and if don’t have it, you could be setting yourself up for a financial disaster.
Be assured: If you are not monitoring your productivity bell curves, documentation, coding, medical necessity, utilization; and if you are not auditing revenue integrity, someone else is.
Current data analytics make it easy to identify an outlier physician profile, and the government has very sophisticated techniques for data mining. Whistleblower cases also have skyrocketed in recent years, with huge settlements awarded to individuals who bring cases to, or on behalf of, the government.
Failure to implement compliance programs proactively creates additional opportunities for regulatory and law enforcement scrutiny, as well as potential False Claims Act liability. And, failure to prevent or identify improper federal healthcare program claims and payments comes with a big price. The amount of federal audit recoveries in the first six months of 2014 was $3.1 billion.
1. Implement the seven core elements
Corporate integrity agreements (CIAs) do not discriminate, and no one is exempt. The cost associated with compliance program implementation under a CIA vs. proactive implementation is staggering. Both require implementation of the seven core elements of the Office of Inspector General compliance guidance roadmap; however, under the CIA there are additional fees associated with legal representation and independent review organizations (IROs), frequent mandated audits, reporting requirements, and many times, consulting fees, as well.
2. Conduct regular audits
Compliance is not just insurance: It is preventative medicine for your practice. Make sure that your practice has annual and ongoing check ups. Assessing your practice for risks, and determining the likelihood and severity of impact, will help determine the most important areas to focus on, and should drive your audit work plan. Highest risk areas should be addressed, first.
Perform benchmark audits to review small samples of data and set the baseline for all future audits. If a benchmark audit results in areas of concern, conduct an expanded audit. When a “diagnosis” of the problem is established, develop a plan of corrective action. Don't forget to follow up. This is a critical step in determining if corrective action plan is effective and working. Continually monitor and audit.
3. Disclose payment errors
Don’t forget: If your practice identifies payments that it was not entitled to, it must pay them back by adhering to the CMS self-disclosure requirements.
4. Know the laws
Section 6401(a) of the Affordable Care Act made a significant change to the status quo by requiring all providers and suppliers to establish a compliance program that contains certain “core elements” as a condition of enrollment in Medicare, Medicaid, and CHIP. New York State and Arkansas have mandatory compliance program certification requirements for Medicaid providers who meet certain criteria.
5. Identify a compliance leader
Compliance is a cost of doing business, and must be a priority for all provider practices. If you haven’t already done so, designate an individual to lead your compliance program, and start performing risk assessment and self-audits.
If your risk assessments are not identifying any issues, you probably aren’t looking in the right places. No practice is perfect. The point of having a compliance program is to help identify areas of weaknesses and potential issues, early, so that you can correct them.
6. Secure staff buy-in and training
A culture of compliance starts at the top. Treating compliance as a partnership, instead of a police action, will help to obtain buy-in from the staff. Train employees on your code of conduct, how to identify fraud and abuse, and how to report it. They also need job specific training to avoid errors and assure revenue integrity. All staff should understand that everyone is responsible for compliance, and that it is a condition of employment.
Enact a policy that whoever reports a potential violation, in good faith, will not be retaliated against. Have open lines of communication, and a way for employees to report incidents anonymously. If you find problems, correct them immediately and going forward. Whether you consider compliance to be insurance or preventive medicine, it’s a necessary investment.