Washington Watch

Compliance Program for Individual and Small Group Physician Practices-A "Pain" or a "Must"?

by James L. Thorne, Esq.

INTRODUCTION
Medicare payments are made from the federal treasury. In a very real sense, the federal treasury can be viewed as "all the peoples' money" and, in a very real sense, the OIG's job is to make sure that federal treasury funds (all the peoples' money) are paid out only for legitimate and lawfully incurred medical services. If not, we all lose.

Thus, in order to see that federal treasury funds are paid only for legitimate and lawfully incurred services, the federal government's Health and Human Services Department-actually its Office of Inspector General (OIG)-has introduced a series of "voluntary" Compliance Programs for each important segment of the health care industry. This series of Compliance Programs began in February 1997 with the introduction of the Model Compliance Plan for Clinical Laboratories. The physician compliance plan is the seventh OIG "voluntary" compliance plan, to date.

On September 8, 1999, the OIG published a federal notice seeking information and recommendations for developing its formal guidance for individual and small group physician practices (64 FR 48846). In response, the American Academy of Emergency Medicine, as well as 82 others, filed written comments on the OIG notice. On June 12, 2000, the OIG's draft guidance for individual and small group physician practices was published in the Federal Register (65 FR 36818) for further comments. The final OIG Compliance Program for Individual and Small Group Physician Practices was published on October 5, 2000 (65 FR 59434).

The Individual and Small Group Physician Practices Compliance Program is not exciting reading. Yet, it is important to you. Your use of this "voluntary" program's basic principles-now-could save you time and trouble later-if your Medicare payments are questioned.

THE COMPONENTS OF AN EFFECTIVE COMPLIANCE PROGRAM
According to the OIG, an "effective" compliance program contains at least seven basic components:

1. Conducting internal monitoring and auditing;
2. Implementing compliance and practice standards;
3. Designating a compliance officer or contact;
4. Conducting appropriate training and education;
5. Responding appropriately to detected offenses and developing corrective action;
6. Developing open lines of communication; and
7. Enforcing disciplinary standards through well-publicized guidelines.

These seven components have been in each of the previous six voluntary compliance programs. Yet, according to the October 5, 2000, entry in the Federal Register, ".this guidance for physicians does not suggest that physician practices implement all seven components of a full scale compliance program. Instead, the guidance emphasizes a step by step approach to follow in developing and implementing a voluntary compliance program."

This change shows, thankfully, some recognition by the OIG of the financial and staffing resource constraints faced by most physician practices. In my opinion, the OIG wants and expects to see a genuine effort by physicians but it does not expect perfection or an elaborate compliance program, which it expects from others with more resources.

SUGGESTED ORDER AND STEPS FOR DEVELOPMENT OF A COMPLIANCE PROGRAM
The program in the October 5, 2000 Federal Register goes to some lengths to spell out the steps an individual or small group physician practice can take in order to develop a compliance plan. Again, the OIG acknowledges that full implementation of all components may not be feasible. However, as a first step, physician practices can begin by adopting only those components which, based on a practice's specific history with billing problems and other compliance issues, are most likely to provide an identifiable benefit. In addition, according to the program, the OIG encourages physician practices to participate in other provider's compliance programs such as the hospitals or other settings in which physicians practice.

Interestingly, the OIG pointedly encourages collaborative compliance efforts. You may want to consider using the OIG's physician compliance proposal, and your desire to implement one, as an entrée to discuss and compare your thoughts with the compliance programs of your involved hospital or emergency department management company or the involved billing company. I wonder what each would say and what the OIG would do if any of them declined to follow the OIG's encouragement of collaborative compliance efforts?

Step One: Auditing and Monitoring
According to the OIG, an ongoing evaluation process is important to a successful compliance plan and beginning with an audit of your practice is an excellent way to determine what, if any, problem areas exist. Once determined, you can then focus on the risk areas associated with those problems. The OIG suggests that there are two types of reviews that can be performed as part of your evaluation: (1) standards and procedures review; and (2) a claims submission audit.

Standards and Procedures
The OIG compliance program does not elaborate on specific standards and procedures. It, instead, recommends that an individual or individuals in the physician practice should be charged with the responsibility of periodically reviewing the practice's standards and procedures to determine if they are complete and current. If not, they should be updated to include changes in the Government regulations, which are relied on by physicians and insurers, for example, changes in Current Procedural Terminology (CPT) and ICD-9-CM codes.

Claims Submission Audit
In addition to the standards and procedures involved, the OIG recommends that bills and medical records be reviewed for compliance with applicable coding, billing and documentation requirements. Further, each physician practice needs to determine whether to review claims retrospectively or concurrently with the claims submission.

The OIG believes there are many ways to conduct a baseline or starting audit. In the program it recommends that claims/services that were submitted and paid during the initial three months-after implementation of an education and training program-be examined, in order to give a physician practice a benchmark against which to measure future compliance effectiveness. Following the initial or baseline audit, periodic audits should be conducted at least once each year to ensure that the compliance program is being followed. Due to the limited resources of an individual or small group physician practice, the OIG recommends that, at a minimum, physicians should conduct a review of claims that have been reimbursed by Federal health programs.

It is important to remember that the OIG considers one of the most important components of a successful physician compliance audit protocol to be an appropriate response when the physician practice identifies a problem. The response can be as straightforward as a timely repayment with an appropriate explanation to Medicare or the appropriate payor from which the overpayment was received. In others, the physician practice may want to consult with a coding/billing expert to determine the best course of action. Although there is no "best" response, timely action is required.

Step Two: Establish Practice Standards and Procedures
After a physician identifies his/her practice's risk areas, the next step is to develop a method for dealing with those risk areas through the practice's standards and procedures-a central component of any compliance program.

The OIG recommends that a physician focus first on risk areas most likely to arise in its particular practice. Further, and in order ".to assist physician practices in performing this initial assessment," the OIG has developed a list of four potential risk areas affecting physician practices. These risk areas include: coding and billing; reasonable and necessary services; documentation; and improper inducements, kickbacks and self-referrals.

Among others, the OIG lists nine coding and billing risk areas which have been the most frequent subjects of investigations and audits by the OIG: billing for items or services not rendered or not provided as claimed; submitting claims for equipment, medical supplies and services that are not reasonable and necessary; double billing resulting in duplicate payment; billing for non-covered services as if covered; knowing misuse of provider identification numbers, which results in improper billing; unbundling (billing for each component of the service instead of billing or using an all-inclusive code); failure to properly use coding modifiers; clustering; and upcoding the level of service provided.

Yet, having stated the OIG's areas of concern, it provides little guidance on what specific steps to take for coding and billing other than (a) written standards and procedures should ensure that coding and billing are based on medical record documentation and (b) the coder and/or the physician should review all rejected claims pertaining to diagnosis and procedure codes.

With regard to reasonable and necessary services, the OIG is again more definitional than practically helpful, in my opinion. Here the OIG refers to the Medicare definition of reasonable and necessary-".for the diagnosis or treatment of illness or injury or to improve the functioning of a malformed body member." 42 U.S.C. 1395y(a)(1)(A). In this section of the program, the OIG states the obvious in that Medicare will only pay for services that meet the Medicare definition of reasonable and necessary. It does go on, however, to state what may not be so obvious-"A physician practice can bill in order to receive a denial for services, but only if the denial is needed for reimbursement from the secondary payor."

The OIG recommends that physicians focus on two specific types of documentation: medical record documentation and the HCFA 1500 Form. For one, medical record documentation can serve two functions-clinical patient care and, secondly, for verification that the bill is accurate as submitted. To make sure Form 1500 is properly completed, HCFA emphasizes three points: link the diagnosis code with the reason for the visit or service; use modifiers appropriately; and provide Medicare with all information about a beneficiary's other insurance coverage, if the practice is aware of a beneficiary's additional coverage.

Last, the OIG concludes that a physician practice would be well advised to have standards and procedures that encourage compliance with the anti-kickback statute and the physician self-referral law. Again, it does not list specific standards and procedures but its main areas of concern: financial arrangements with outside entities to whom the practice may refer federal program business; joint ventures with suppliers of goods and services to the practice; consulting contracts or medical directorships, office and equipment leases; gifts or gratuities of more than nominal value.

Step Three: Designation of a Compliance Officer/Contact(s)
In this section of the program, the OIG is careful to restate that ".the resource constraints of physician practices make it so that it is often impossible to designate one person to be in charge of compliance functions." Therefore, the OIG concludes that in lieu of having a designated compliance officer, the physician practice could instead describe in its standards and procedures the compliance functions for which designated employees, known as "compliance contacts" would be responsible. For example, one person could be responsible for preparing written standards and procedures; another could be responsible for conducting or arranging for periodic audits and ensuring that billing questions are answered. Another possibility is that one individual could serve as compliance officer for more than one entity. In addition, the physician practice could outsource all or part of the functions of a compliance officer to a third party consultant. Whether or not the compliance person is located on the "inside" or "outside" he/she should oversee the implementation and monitoring of a compliance program; establish periodic audits; periodically revise the compliance program in light of changes in the practice or changes in the law or changes in the standards of Government and private payor health plans; develop and implement a training program that focuses on the components of the compliance program; ensure that the HHS-OIG's List of Excluded Individuals and Entities have been checked with respect to all employees, medical staff and independent contractors; and investigate any report or allegation concerning possible unethical or improper business practices.

Step Four: Conducting Appropriate Training and Education
According to the OIG, education is the logical next step after problems have been identified and the practice has designated a person to oversee educational training. In the program, the OIG opines there are three basic steps for setting up educational objectives: determine who needs training (both in coding and billing and in compliance); determine the type of training that best suits the practice's needs (seminars, in-service training, self-study); and determine when and how often education is needed and how much each person should receive. In addition, a physician practice should strive for two goals when conducting compliance training:

1. All employees will receive training on how to perform their jobs in compliance with the standards of the practice and any applicable regulations; and
2. Each employee will understand that compliance is a condition of continued employment.

Training should emphasize that following the standards and procedures will not get a practice employee in trouble, but violating the standards and procedures may subject the employee to disciplinary measures.

The OIG understands that most physician practices do not employ a professional coder and that the physician is often primarily responsible for all coding and billing. However (and probably more important to AAEM members) when a third-party billing company is involved, the physician is encouraged to work with the billing company to ensure that documentation is of a level that is adequate for the billing company to submit accurate claims on behalf of the physician. This appears to be an invitation to participate in billing accuracy. AAEM members know from experience that this is easier said than done. However, the physician compliance plan, and the OIG's clear encouragement to get involved in your billings, still seems to be an excellent entrée to discuss billing practices with management companies or billing companies. Again, it would be difficult for the OIG to not get involved if a management company or a billing company would not discuss its billing for your physician services. To not do so would be an obstruction to physicians who are attempting to establish a compliance program under OIG directives.

Step Five: Responding To Detected Offenses and Developing Corrective Action Initiatives
Violations of a physician practice's compliance program, significant failures to comply with applicable Federal or State law, and other types of misconduct threaten a practice's status as a reliable, honest, and trustworthy provider of health care, in OIG's opinion. Therefore, when a practice determines it has detected a possible violation, the next step is to develop a corrective action plan and determine how to respond to the problem.

The OIG's "voluntary" compliance guidelines strongly suggest that the physician "take decisive steps to correct the problem" and "such steps may involve a corrective action plan, the return of any overpayments, a report to the Government, and/or a referral to law enforcement authorities." One suggestion given is for the physician to develop his/her own set of monitors and warning indicators which might include: significant changes in the number and/or types of claim rejections and/or reductions; correspondence from the carriers and insurers challenging the medical necessity or validity of claims; illogical patterns or unusual changes in the pattern of CPT-4, HCPCS or ICD-9 code utilizations; and high volumes of unusual charge or payment adjustment transactions.

Physician practices that detect violations could analyze the situation to determine whether a flaw in their compliance program failed to anticipate the detected problem, or whether the compliance program's procedures failed to prevent the violation. In any event, it will be prudent, according to the OIG, even absent the detection of any violations, for physicians to periodically review and modify their compliance programs.

Step Six: Developing Open Lines of Communication
In this section of the guidelines, the OIG emphasizes that the nature of a small physician practice dictates that open lines of communication and information exchanges are a "must" but need to be conducted through a less formalized process than that which has been envisioned by prior OIG guidance.

For Individual and Small Group Physician Practices, the OIG concludes that a meaningful and open communication system can include: requiring employees to report conduct that a reasonable person would believe to be erroneous or fraudulent; the creation of a user-friendly process such as an anonymous drop box; a statement that failure to report erroneous or fraudulent conduct is a violation of the compliance program; if a billing company is used, communication to and from the billing company's compliance officer/contact staff to coordinate billing and compliance activities; utilization of a process that maintains the anonymity of the persons involved in the reported conduct; and provisions that state there will be no retribution for reporting conduct that a reasonable person acting in good faith would have believed to be erroneous or fraudulent. Yet, it also needs to make clear that there may be a point at which the individual's identity may become known or may have to be revealed in certain instances.

Step Seven: Enforcing Disciplinary Standards Through Well-Publicized Guidelines
Finally, the last step that a physician practice may wish to take, in OIG's opinion, is to incorporate measures into its practice to ensure that practice employees understand the consequences if they behave in a non-compliant manner. In OIG's view, an effective physician practice compliance program includes procedures for enforcing and disciplining individuals who violate the practice's compliance or other practice standards. Along these lines, the OIG recommends that a physician practice's enforcement and disciplinary mechanisms ensure that violations of the practice's compliance policies will result in consistent and appropriate sanctions, including the possibility of termination but at the same time flexible enough to account for mitigating or aggravating circumstances. Disciplinary actions, if any, could include: oral warnings; written reprimands; probation; demotion; temporary suspension; terminations; restitution of damages; and referral for criminal prosecution. The OIG strongly recommends that any communication resulting in the finding of non-compliant conduct be documented in the compliance files by including the date of incident, name of the reporting party, name of the person responsible for taking action, and the follow-up action taken. Another suggestion is for physician practices to conduct checks to make sure all current and potential practice employees are not listed on the OIG or GSA lists of individuals excluded from participation in Federal health care or Government procurement programs.

CONCLUSION
The OIG's physician compliance program guidelines are sobering and may be viewed as a "pain" by most. However, in this writer's opinion, the program guidelines should be reviewed and utilized in a practical and realistic manner. As stated by the OIG, "physician practices may view the implementation of a voluntary compliance program as comparable to a form of preventive medicine for the practice."

Of equal importance, AAEM members should retain a copy of the OIG's guidelines in order to have the guidelines' numerous appendices close at hand. The appendices to the Federal Register, include: additional risk areas; applicable criminal status; civil and administrative statutes; OIG - HHS contact information; carrier contact information; and important internet resources. They are all important and they would be a good reference for you.

James L. Thorne is Washington legislative and regulatory counsel for AAEM. He is vice-president of the Washington, DC, governmental relations firm R. Duffy Wall & Associates, Inc. He can be reached at (202) 737-0100 or thornej@RDWA.com.