This is how my clients often approach me with questions about compliance programs. Or, they have been the recipient of an audit letter from either Medicare or a private insurer. Let’s face it, the requirements for compliance programs are here to stay. Not only are compliance programs now required by the federal government for any provider who receives Medicare or Medicaid reimbursement (see section 6401 of the Affordable Care Act), they are also required by many private insurance companies. Within the last year, I have seen increasing numbers of network provider contracts from private insurance companies include a requirement that the provider have a compliance program. So, having a functional compliance program is no longer an option but a requirement.
To that end, over the next year, we will be exploring the basic elements of an effective compliance program, as well as topics related to a solid compliance program. Let’s start with what a compliance program is and is not. A compliance program is not a document that is placed in a binder on a high shelf in your office, to be dusted off only annually or when faced with scrutiny by insurance companies or, God forbid, state or federal regulators. Instead, a compliance program should become part of the fabric of doing business in your practice. When implemented correctly, a compliance program can help identify potential trouble spots in your practice and give you a framework for addressing those trouble spots. Of course, a functioning and effective compliance program can also help minimize fines and, if things go south, could keep a civil matter from turning into a criminal matter.
A compliance program is also not a mumu – one size does NOT fit all. Just as there are differences between patients, there are differences between practices, the risks they face and the best methods of addressing those risks. An effective compliance program recognizes that while the structure of most compliance programs is similar, it takes into account the practice’s size and sophistication, the medical specialty, and the patient population. For this reason, compliance programs in a box or purchased off the Internet really are not desirable and often cost a practice more money in customization and sometimes tears down the road. A perfect example is the recent settlement by Anchorage Community Mental Health Services in relation to a HIPAA breach, where the government noted the ineffectiveness of the “sample” compliance policies and documents the provider put forward as its compliance program.
The basic elements of an effective compliance program are not complicated. They are:
- Designating an individual to serve as compliance officer and creating a compliance committee, particularly for larger organizations.
- Implementing a standard of conduct and policies and procedures relevant to the practice’s operations.
- Conducting effective training and education.
- Instituting effective methods of communication
- Conducting internal monitoring and auditing
- Enforcing the policies and standards through well-publicized disciplinary guidelines
- Responding promptly to violations and taking appropriate corrective action.
Each month we will explore each of these topics, discussing how to implement a compliance plan, and how to do so in a cost-effective fashion. Along the way, we will also discuss various forms of guidance available to practices when you implement a compliance plan that is tailored for the specific needs and risks of your individual practice. Let’s start with one right away – the federal government itself. The Office of Inspector General of the U.S. Department of Health and Human Services (“OIG”) has published a number of “Compliance Program Guidances”, intended to help different provider types understand and implement compliance practices specific to and appropriate for their particular branch. One of the guidances is specifically written for individual and small group physician practices and published in October 2000. It’s available here: http://oig.hhs.gov/authorities/docs/physician.pdf. In fact, this document is so basic to a physician practice’s compliance program that I strongly recommend that every compliance program have this document printed off, included among the compliance program documents, and readily available for staff member review. Although this document was published in 2000 (and therefore refers to CMS as HCFA and doesn’t make reference to the Affordable Care Act), it can be considered a bit like the U.S. Constitution – a document that creates the foundation for what comes after and points to a better future.