A prescription for compliance programs

By Linda Baumann, Esq. & Karl Thallner, Esq.

The government’s highly-publicized and ever increasing health care enforcement efforts are leading many physician practices to conclude that compliance with state and federal laws should be a top priority. The development and implementation of a compliance plan can be an important means to promote compliance. Moreover, the Office of the Inspector General (OIG) of the Department of Health and Human Services has made it clear that all types of providers in the health care industry can benefit significantly from implementing a compliance plan, and should consider doing so as soon as possible.

OIG has formally issued two documents that provide guidance on how to set up a compliance plan: the Model Compliance Plan for Clinical Laboratories, issued last year; and the Compliance Program Guidance for Hospitals, published this past February. Many of the principles and procedures suggested in these OIG guidance materials are applicable, not only to laboratories or hospitals, but also to your practice. In addition, the American Medical Association has developed a draft publication on “Federal Fraud Enforcement Physician Compliance,” which sets forth guidance for the development of a physician compliance program.

Why Implement a Corporate Compliance Plan?

Federal and state fraud and abuse enforcement efforts are becoming ever more aggressive, with the number and scope of investigations steadily increasing nationwide. Physicians have not been immune—for example, the notorious “physicians at teaching hospital” or “PATH” initiative has, as its central issue, the rules governing billing by physicians supervising residents. Further, the January 1998 publication of the proposed regulations implementing Stark II, the law prohibiting physician self-referrals, could well be a turning point, and there is speculation that enforcement efforts targeted against physicians may now increase. Stark II enforcement initiatives could be particularly troubling because Stark II is a “strict liability” statute. You can face exposure under the statute regardless of whether or not you had any intent to violate the law.

Under the array of federal and state fraud and abuse laws, providers are faced with the risk of criminal, civil and administrative sanctions that can include substantial financial penalties as well as exclusion from the Medicare program, in addition to imprisonment in some cases. As a result, many providers originally chose to develop compliance plans as part of a defensive strategy since OIG has made it clear that having an effective compliance program in place before an investigation starts can significantly impact your exposure. There are also positive benefits that may result from a compliance plan, including the deterrence of criminal or unethical conduct, the early identification of any improper conduct that does occur before much damage can be done and the increased likelihood that employees will report concerns internally (rather than filing a whistleblower lawsuit against your practice).

What Steps Should Your Practice Take?

Developing a corporate compliance plan initially can seem to be a daunting task. It’s hard to know just how to begin. There are literally hundreds of pages of government rules and regulations to comply with, as well as the requirements of private payor organizations. The guidance available to the industry suggests that your compliance program must contain seven basic elements, but these elements are rather vaguely defined. You will incur costs in developing a compliance program, and the expense will continue during the program’s implementation. Nevertheless, OIG and many providers are confident that the benefits of a compliance plan outweigh the expense. Here are some suggestions to help you get started.

Act now. Although the OIG is planning to issue additional compliance guidance for other types of providers, including home health agencies, third-party billing companies and HMOs, physician practices are well advised to start implementing a compliance plan as soon as possible. Do not wait for government-issued guidance specifically geared to physician practices. Such guidance is unlikely to be published anytime soon, and it is not necessary in order for you to get started. You should consult the OIG guidance documents that are published, even if they are directed at different types of providers, because many of the principles discussed will be equally applicable to physician practices. The AMA’s guidance also provides a helpful basis for developing a physician practice compliance program.

Prioritize your goals and strategies. There are several ways to make compliance a more manageable process by setting priorities. Focusing your initial compliance efforts on health care regulatory issues, probably will make the most sense. While compliance can involve a very broad range of issues including tax, antitrust, OSHA and sexual harassment, the greatest risk of exposure for most physician practices will be in the area of health care fraud and abuse.

Within this field, you should first consider those issues which OIG has identified as “high risk.” The Compliance Program Guidance lists eighteen specific areas of concern. Many of these suggest areas appropriate for focus within your practice, including billing for services not actually rendered, providing medically unnecessary services, duplicate billing, incentives that violate the anti-kickback statute, joint ventures, the Stark physician self-referral law, and knowing failure to provide covered services or necessary care to members of an HMO.

Be sure to focus on any areas that have been problematic for your practice in the recent past. Numerous denial letters, particularly involving the same reason(s) for denial, are a warning sign you should not ignore.

Take advantage of the flexibility provided. It is essential to remember that compliance plans are not “one size fits all.” They are supposed to be individualized to fit the needs and resources of the provider. It may be helpful to examine the types of plans other practice groups of your size, in your specialty or in your geographic area are developing. But remember that your plan does not have to have all the same policies and procedures.

All compliance plans should contain the following seven basic elements which are drawn from the Federal Sentencing Guidelines:

• Written policies and procedures.

• Designation of a chief compliance officer and a compliance committee.

• Conducting effective training and education.

• Developing effective lines of communication.

• Enforcing standards through well-publicized disciplinary guidelines.

• Auditing and monitoring.

• Responding to detected offenses and developing corrective action initiatives. However, there are many ways to implement these elements effectively, and the manner and extent to which you achieve them can vary depending on the specific features, and resources, of your practice.

Remember that documentation is essential. Almost every physician practice needs to work on documentation of patient diagnosis and treatment to be sure that it is comprehensive, accurate and timely. All physicians will need to learn and carefully observe the new E&M guidelines due to go into effect this July. Since documentation has always been an unpleasant task for many physicians, it may be wise to provide information and training both on the specific documentation requirements and also on the liability reasons why documentation is so important for individual physicians and for the practice as a whole.

There is a second, equally important type of documentation that is necessary. The measures that you implement as part of your compliance plan should be correctly and thoroughly documented. Without evidence that the practice is operating a compliance program, some of the sought-after benefits may not be realized. As an example of the kinds of things that should be documented, if physicians in the practice are required to attend a training program, make sure there are records of who attended and what topics were covered. You might consider using special incentives or sanctions to encourage physicians to participate, and these too should be documented.

If a potential problem should arise, be sure to document how it is resolved and why. For example, assume an employee reports a situation that involves a potential kickback. The compliance officer investigates and determines that no illegal or improper conduct has occurred. It is essential to document the underlying facts, the investigation conducted and the reasons why no action was taken.

Use existing policies and procedures whenever possible. Once you start to work on your compliance plan you are likely to find that you already have many policies and procedures that touch on issues of compliance. It is important to review them with a critical eye, since they may be unclear or outdated. If they do fit your plan’s objectives, use them. There is no reason to start from scratch, and it usually would be a waste of time and resources, and often less effective, to do so.

Get support from top level management. The goal of a compliance plan is to create a “culture of compliance” within the group. To do this, it is essential that the program be visibly supported by the highest levels of your organization. In a physician practice, the support of the physicians is necessary to ensure adequate resources are made available to implement the compliance program, and appropriate steps are taken in the event of a problem. Moreover, employees are much more likely to take compliance seriously if they perceive it has the attention of the highest level members of the practice. Physicians, in particular, should not feel that compliance is an administrative function that they can ignore. Everyone has to participate.

Take a prospective approach. Trying to examine past practices can be overwhelming. The best starting point is facing forward to ensure that future activities will be in full compliance with all applicable laws, regulations and requirements. OIG strongly suggests that providers should conduct a baseline audit against which you can measure future trends and progress. Since a compliance program is likely to make some significant changes in the way your practice does business, you might conduct the baseline audit several months after you have started your compliance program. This will provide a more accurate picture of any further changes that need to be made.

Physician practices will not escape the rising tide of government enforcement in the health care industry. The development by a physician practice of a compliance program is one means to minimize the likelihood and consequences of compliance failures.

Linda Baumann, Esq., and Karl Thallner, Esq. are attorneys in the Health Care Group of Reed Smith Shaw & McClay LLP. Linda practices principally in the firm’s Princeton, NJ office, and Karl heads the health law practice in its Philadelphia office.