September 10, 2021 | By Jesse Overbay, JD
By now, most health systems, practices, and providers should know that the Office of Inspector General (“OIG”) has been stressing the importance of creating and abiding by a compliance plan since the passage of the patient Protection and Affordable Care Act in 2010. In its own words, the OIG believes “that a health care provider can use internal controls to more efficiently monitor adherence to applicable statutes, regulations, and program requirements.” The OIG has even been kind enough to provide the seven components upon which a physician practice can create a voluntary compliance program (which will not be listed here – see https://oig.hhs.gov/authorities/docs/physician.pdf for more information).
Perhaps you or your organization have been a bit slow to adhere to the OIG’s guidance on implementing a voluntary compliance program. After all, it is “voluntary” so why spend the time, money, and resources on this area instead of an area that has a better ROI (such as patient care)? The OIG states “a practice’s focus on patient care can be enhanced by the adoption of a voluntary compliance program.” The example given is that an increase in accuracy in the providers’ documentation may result from implementing a compliance plan and that, in turn, could actually assist in enhancing patient care. Additionally, the OIG believes that a well-designed compliance program can (1) speed and optimize proper payment of claims; (2) minimize billing mistakes; (3) reduce the chances that an audit will be conducted by HCFA or the OIG; and, (4) avoid conflicts with the self-referral and anti-kickback statutes.
Voluntary compliance programs, assuming the plan is being followed, show that the practice is making good faith efforts to submit claims appropriately and taking steps towards preventing problems from occurring in the future. These programs also impose an ethical duty on employees to report conduct that may be fraudulent so that it can be addressed properly. Not having a compliance program, or not following one that has been created (which is almost worse than not having one), open the practice up to having the government impose its own compliance plan, known as a “Corporate Integrity Agreement,” in the event fraudulent conduct is found.
The difference between a compliance program and a Corporate Integrity Agreement (known as a “CIA”) is striking. Whereas a compliance program is voluntary, a CIA is a government-imposed compliance program mandated as part of a civil settlement agreement related to a fraud and abuse investigation. Usually, a CIA is offered to a practice or provider instead of the provider being excluded from all federal health care programs. Under a CIA, a practice or provider is under government oversight and an outside expert is going to be involved in the practice’s compliance activities. A CIA is designed to be intrusive and to make certain that the practice is in compliance.
In order to avoid the imposition of a CIA, practices need to seriously consider dedicating the time and resources to implementing their own voluntary compliance program. While there are many “compliance program kits” available, some of which are better than others, it’s always best to craft a streamlined manual with customized policies that are followed by everyone in your organization. This will mean appointing or hiring a compliance director, scheduling training for all employees, and, most importantly, being willing to change how you may be doing things currently. In some cases, depending on the size of your practice or the complexities involved, it may be necessary to bring in outside help to conduct a gap-analysis, set up your compliance plan, train the staff, and perform other necessary functions.
Once your plan is in place, it needs to be monitored and assessed regularly to ensure its effectiveness. The Compliance Officer must assist the Board or owners of the practice in the oversight responsibilities and provide periodic updates. Employees must be proactive in reporting possible erroneous or fraudulent conduct and the appropriate steps must be taken to act on those tips. Having an effective compliance program is an active, ongoing process; the plan itself cannot be a static document and an organization can never say it has finished complying. At the end of the day, compliance is everyone’s responsibility. It’s time to get serious about your practice’s compliance and take steps to be proactive, not reactive.