March 13, 2020 | By Jesse Overbay, JD
Readers of this newsletter and followers of the incredibly talented individuals on the NAMAS team know that conducting internal monitoring and auditing remains one of the seven fundamental elements of an effective compliance plan. Monitoring and auditing within a medical practice or hospital system encompasses many areas including, but certainly not limited to, the regular spot auditing and review of providers’ charts and documentation. Auditing charts and giving feedback to the providers can significantly lessen the chances of serious errors or fraud taking place within the organization. Audits can also reveal potential errors in coding and documentation that may give rise to a group disclosing the mistake to the government (or other payor) and submitting a voluntary refund. This cooperative approach with the Center for Medicare and Medicaid Services (“CMS”) again minimizes the risk to the medical organization as it shows you are complying with your own policies and procedures and attempting to internally investigate and remediate alleged violations without CMS having to audit and recoup on its own.
However, auditing and internal monitoring sometimes reveals a pattern of billing and coding that perhaps does not quite rise to a level warranting disclosure but would be information that could otherwise be used against your organization if it was found out by the insurance payor. There have been instances of CMS and other insurance companies requesting the results of internal audits and then using the results of those audits against the organization and imposing even greater penalties. For that reason, it’s always best to conduct your internal audits under the protective auspices of the attorney-client privilege and the attorney-work-product doctrine.
The Attorney-Client Privilege
The attorney-client privilege (or the “ACP”) generally applies to confidential communications between the medical organization and its attorneys in connection with seeking or providing legal advice. The crux of ACP is legal advice given by the attorney to the client. Basically, the ACP rules and case law state that communications or documents that convey or describe legal advice or that request or provide information, such as factual background, necessary to render legal advice are protected. Communications that do not convey or contribute to the giving of legal advice are unlikely to be privileged, even if the communication is between an attorney and a client.
ACP typically may protect confidential communications with attorneys regarding the facts, circumstances and nature of any alleged misconduct, confidential interviews with company employees, and, importantly for audit work, confidential communications with experts retained to assist the attorneys.
The Attorney-Work-Product Doctrine
The attorney-work-product doctrine protects from discovery those “documents and tangible things” that are “prepared in anticipation of litigation” by (or for) a party or its representative (including attorneys and consultants). Through the years, courts have ruled that an internal investigation conducted in anticipation of a government enforcement or action satisfies the “in anticipation of litigation” requirement. Therefore, an argument can be made that audits conducted at the direction of a medical organization’s attorney in anticipation of a possible CMS audit would potentially constitute “work product.” There are still several factors and latitude for courts and judges to see the same document and set of circumstances differently and come to different conclusions on attorney-work-product doctrine; always consults your attorney and try to understand the standard used where you are.
Working with Counsel
To potentially be protected under either standard (ACP or work-product doctrine), it is necessary to engage counsel at the onset of the audit process. The attorney can guide and oversee the process, including engaging the auditors as experts on behalf of the medical organization. The organization and attorney should put in writing that legal advice and representation is being sought and provided through the signing of an engagement letter. Communication and documents to and from the organization and attorney should be marked as attorney-client privileged and/or attorney-work product. Finally, only personnel within the organization essential to the audit process should be involved or receive the results of the audit and the recommendations from the attorney.
As always, the information contained in this article is provided for educational purposes only and you should always consult with your own attorney when dealing with questions about the law. A healthcare attorney can help guide you through the process of getting and staying compliant and help protect you from any known or unknown issues discovered through the monitoring and auditing process.
 See https://oig.hhs.gov/compliance/provider-compliance-training/files/Compliance101tips508.pdf
 Fed. R. Civ. Pro. 26