OIG’s Draft Compliance Program for Physicians

By Deborah Robinson, Esq.

On June 12, 2000 the OIG published the Draft OIG Compliance Program for Individual and Small Group Practices in the Federal Register. Comments to the Office of Inspector General, Department of Health and Human Services are due July 27, 2000. Final compliance plan guidance is expected later this year.

Ever since the OIG published compliance guidance for hospitals, all providers including physicians have been on notice that eventually they would be held to a similar standard. The OIG has expanded its compliance guidance to include other providers and suppliers as well. Physicians and their advocacy groups had argued that physicians did not have the resources to establish the formal plans contemplated by earlier published plans and had the opportunity to provide that advice when the OIG published a solicitation notice in September of 1999 when it announced its intention to publish guidance for physician groups.

For some time, physician practices have largely relied on the general principles set forth in all of the published compliance guidelines to date, and in particular on the Third-Party Medical Billing Company Program Guidance published by the OIG. Although the government has not defined a small group practice, it is reasonable to assume that the principles set forth in the guidance document are the same for all physician practices with the only real measurable difference being the degree of formality of documentation and infrastructure required to institute a Plan.

Although the draft compliance program guidance specifically states that the guidelines are not mandatory, it is hard not to conclude that they will become the standard of care for all physician practices and that those practices without some formal Plan will be extremely vulnerable when responding to any third party audit for billing purposes. The same conclusion can be made in response to establishing guidelines for compliance with the myriad anti-kickback laws and regulations.

Although the publication is entitled Draft OIG Compliance Program…, the guidelines specifically state that it is important for each physician practice to customize its compliance plan to meet the character of that specific group. Even though the commentary recognizes that physician practices will rely on their professional associations as well as the experience of other practices, the commentary goes on to state: “It is important that physician practices not simply copy another practice’s plan.” A full analysis of the draft plan reveals that, although the Guidance is replete with specific examples of how a practice can implement a compliance plan, there is always commentary which stresses the need to customize the plan to meet the practice’s particular circumstances.

Summary of Tenets of Compliance Plan

Not surprisingly, the OIG has again incorporated the seven basic principles from the Federal Sentencing Guidelines to identify essential components of a Compliance Plan. The elements are:

• Implementing written policies.

• Designating a compliance officer or contact.

• Conducting comprehensive training and education.

• Developing accessible lines of communication.

• Coordinating internal monitoring and auditing.

• Enforcing standards through well-publicized disciplinary guidelines.

• Responding promptly to detected offenses and undertaking corrective action.

Accommodation for Small Group Practices

When the OIG announced that it was establishing these compliance guidelines, the professional association and industry groups encouraged the OIG to recognize the limited resources of individual and small group practices. The special accommodations for individual and small group practices found in the draft program are essentially threefold:

The OIG recognizes that there may not be the resources for dedicating a compliance officer for the practice. Therefore, practices can use several people in the office for different aspects of compliance or even share a compliance officer under contract with other groups. The commentary also recognizes the fact that physician practices which have MSO arrangements can piggyback and rely on established MSO policies. Hospital-based physicians can also look to incorporating standards established within the hospital setting.

The OIG makes reference to the fact that there may be a lesser standard of formality in the adoption of a Plan by smaller groups and that the practice need not actually introduce a “hot-line.” Note, however, there must be written policies and procedures, information must be accessible to all members of the practice, and there must be a way to ensure that employees can voice their concerns.

Importantly, recognizing that smaller practices may need to prioritize issues, the OIG identifies, as a point of departure, those specific areas of compliance which it designates “risk areas.” This is an attempt to at least focus initial compliance activities for groups which may be overwhelmed with the gamut of laws and regulations that could be incorporated in a Compliance Plan. Note, however, there is also a published Addendum which enumerates other specific areas for compliance. The initial risk areas for consideration however are:

• Coding and billing.

• Reasonable and necessary services.

• Documentation.

• Improper inducements, kickbacks and self-referrals.

The draft program goes into exhaustive detail in each of these risk areas. The first three above items, which are essentially billing issues, should not come as a surprise to any physicians who are inundated with the amount of information they receive, both from third party payors as well as from professional associations and advisors. However, there are several areas which create some new insights for physicians and physician managers in establishing these plans.

Audit Procedures

All compliance plans require the incorporation of a form of internal audit. The draft program guidance does gives some specific information and insight into how to establish an internal audit. First, the OIG does not require either a retrospective or prospective review and leaves it up to the practice to make this decision. The draft plan does, however, strongly suggest that the practice do a baseline audit. Following the baseline audit, provider audits “could” be conducted at least once each year to insure that the compliance plan is being followed. At a later section of the Program there is a statement that continued problems with billing should be evidence that the compliance plan is not working.

On the one hand, the draft Plan states that there is no set formula as to how many medical records should be reviewed. It then goes on state, however, that a “basic guide” is two to three medical records per payor or five to ten medical records per physician. If problems are identified, focused review should be conducted on a much more frequent basis. Audit results should also be incorporated into the practice’s educational program.

Corrective Action

Along with the advice on how to establish a Compliance Plan and audit procedures, it is clear that the draft Program is also very specific as to the need to take corrective action, including “prompt identification of any overpayment to the payor.” Failure to report after information is obtained could be interpreted as an attempt to conceal the overpayment and establish an independent basis for criminal violation. If a problem is discovered, self-reporting should be done within 90 days of discovery of the violation.

Kickbacks, Inducements and Self-Referral

Another risk area identified which has not been as highlighted in current literature is in the area of kickbacks. Although practices have been aware of regulatory restraints on contracts and joint ventures for some time, the draft Program is quite specific about incorporating these laws and regulations in compliance policies and procedures and to actually all laws and regulations, Fraud Alerts and Advisory Opinions available to members of the practice.

It seems incomprehensible, however, that the mere compilation of laws, regulations and Advisory Opinions will be sufficient to the extent that there is a problem in a provider relationship. The OIG notes in particular that arrangements with hospitals, hospices, nursing facilities, home health agencies, durable medical equipment suppliers and vendors are areas of potential concern. The commentary goes on to state that examples of inducements include routine waiving of coinsurance or deductible amounts without a good faith determination that the patient is in financial need or failing to make reasonable efforts to collect the cost-sharing amount. Further, the commentary strongly advises that physician practices have all business arrangements which involve potential referrals or relationships with providers reviewed by legal counsel.

The conclusion to be drawn from these draft Program guidelines is that the establishment of a formal Compliance Plan is a necessity for any physician practice which intends to meet the standard of care. Those individuals responsible for instituting compliance plans will want to review the draft and final guidance in great detail as it is clear that this publication has heightened the need for physicians to assess their compliance efforts.

In the conclusion to the document, the OIG concludes as follows: “Just as immunizations are given to patients to prevent them from becoming ill, physician practices should view the implementation of an effective Compliance Program as comparable to a form of preventative medicine to protect against fraudulent or erroneous conduct.”

Failure to have obtained such an “immunization” will not bode well for physician practices which are involved in billing review and audits. The challenge will be to find a way to use existing resources to establish a customized plan.

Deborah Robinson, Esq., is a director of Houston Harbaugh, P.C. in Pittsburgh.