November 18, 2022 | By Rhonda Buckholtz, Owner, Coding and Reimbursement Experts
Determining risk is important for having an effective compliance program. Policies need to be developed to your specific needs. Depending on your specialty, your geographic area, your risk areas, etc. For example, yours might be diagnostic testing, modifiers, emergency evacuations, ASC rules, etc. I work a lot in ophthalmology, and a high-risk area for me is diagnostic testing, we want to make sure we have both the photos required as well as a good interpretation and report, so this is a good place for us to have a policy.
But what about you? Maybe you do diagnostic testing that only includes the quantitative results, if you implemented the same policy as me, you would be way off base. Or another example could include a policy on evacuations for emergencies. If you are in the Midwest, you would not adopt a policy or procedure for hurricanes.
The thing about policies is they can’t just be written and forgotten about. A good policy is one that is relevant, speaks in a language that everyone can understand, and is revisited often for improvement opportunities.
It is completely possible that you can outgrow a policy, change business plans, discontinue services or add new ones. All this leads to evolving your compliance plans and tweaking as you go along. The point isn’t to be perfect because, quite simply, perfect doesn’t exist. The point is to be better today than you were yesterday.
In addition, rules and regulations or even interpretation of rules change, so you want to make sure you stay on top of it. The other thing that you want to keep in mind is don’t overregulate your practice. You don’t want to make a rule for every single action. There is no way to stay on top of that, and if there is little risk, you will not want to waste resources developing and maintaining policies will little relevance.
One thing we do from a billing and coding standpoint is I have our billing team keep a patient complaint log, and we monitor this for trends and ongoing issues, this helps us to determine potential new risk areas and where we might need new or revised policies and education.
One thing is for certain, you need to be mixing around with all departments. You can’t be effective or know all of your risk areas without their help.
A lesson I learned working with larger programs was that you need to get out and move around and do thorough walk-arounds as often as possible but at least once a year. I actually work remotely, but it works well. Zoom and Google Meet are great things, and I go onsite at least one week a month. This makes great team building but also gets me, most likely, more dedicated time with teams than I may normally get if I was there every day. You need to make sure to employ active listening skills for complaints and employee interviews. I ask all the time what their biggest complaint is or what frustrates them on a daily basis. I actively monitor our complaint logs and make sure we have resolutions. After all, our job is to protect our practices the best we can with our compliance knowledge.
You want to make sure you have an effective program that will protect you more than trying to strive for perfection.
Here is a sample of items I look for when doing my compliance walk-throughs. Yours will vary depending on your specialty and current risks. Mine change yearly based on yearly findings and communications. I then write up a formal action plan and report based on the items I find.
Document or process name
|Key points to look for||Deficiencies Noted||Comments||
|Patient financial responsibility form||missed appts, refiling of claims, no-show fees (policies and procedures, tracking)|
|Informed consents for procedures||identified risks and benefits, dates, and signatures specific to each procedure obtained by qualified personnel.|
|Notice of HIPAA privacy practice||key contacts, updates, adherence|
|ABN’s||LCDs, NCD’s, who collects it, amounts, signatures|
|Charity Care||consistency of policy, no routine waiver of copay or deductible|
|Procedure templates||medical necessity, coding parameters, CDI opportunities|
|Signatures||timely, user authentication|
|Routine policies and procedures||Check-in, check out, scribes, optical, RCM|
|OSHA||Logs kept up to date, all training current, universal precautions, posters, employee files|
|Log in compliance||No shared passwords, users logging in as themselves|
|OIG Exclusions||Employees checked for exclusion on a quarterly basis|
|Provider licensing current/compliant||provider credentialed with all plans, current on CME and Malpractice, and volume of complaints made to health plans by patients.|
|Training||Yearly training on HIPAA, OSHA, and Compliance done(by January 31)|
|Use of Scribes||logins, documenting only when provider is in room, security|
|OSHA||Temp logs, sample logs, fridge use|
|Training (providers)||FWA, HIPAA, Documentation, Safety|
|Escalations||Employee query, how to|