Compliance is a word no one really wants to talk about. It’s boring, you know you NEED a compliance program, but you feel that you’re pretty good with billing and coding, and heck – you’re a smaller group and you think no one is looking over their shoulder at your practice. The government has better things to do than come after small medical groups, right?
Wrong. Unless you are a complete cash pay practice, all your CPT codes and claims are tracked, and it doesn’t matter if you are large or small. If you fall outside the bell curve, you’re at risk. As a health care attorney, I see doctors all the time calling me about issues they never expected to come up. In my opinion, here are the four most common problems that I’m seeing in the world of compliance.
First, you have to be careful about sloppy documentation in billing.
Incomplete documentation can be an avenue to argue something was not medically necessary, at least to auditors. If you feel a patient needs to be admitted to the hospital, you must explain why. You need to understand what Medicare needs to be documented in the record in order to justify a certain CPT code. Sometimes, doctors want to save time and end up cutting and pasting in the electronic medical record which can be a problem. It’s considered “cloning” when each entry in the medical record is worded the same way. Auditors start to question whether something actually happened, or whether it was just cut and pasted from another day. Cloning of documentation is considered a misrepresentation of the medical necessity requirement for coverage. This is where auditing is your very best friend. Catch these things before they become big issues.
Second, don’t enter into legally suspect agreements.
Often, doctors just don’t realize that what they are signing goes against the federal Physician Self-Referral Law, often called the Stark Law, or the Anti-Kickback Statute. For example, if you enter into a medical director agreement or consulting arrangement with very little as far as actual responsibilities, but it’s really created for another reason (like the group just needs a medical director to check a box, or they want your referrals), the contract is essentially a front for an illegal arrangement. If the true purpose of the agreement is to incentivize patient referrals, it’s going to trigger government scrutiny regardless of the words used in the agreement.
Third, don’t think simply having policies in place means you’re in compliance.
Many practices buy off-the-shelf policies when they start but they never look at the policies again. The devil’s in the details. Packages of policies mean nothing if there is no training or implementation that goes along with it. And people get complacent, especially in our digital age when you think nothing of texting a photo. And then you get an audit, and it’s discovered how lax you are on privacy and security, and you are hit with major fines, or you’re hacked and someone holds your records hostage for bitcoins and you have no backup. Everyone thinks, “Oh, that happens to other people,” until it happens to you. So have a strong compliance plan that you actually follow. Have someone come in and perform a security audit and educate your staff about the compliance program.
Lastly, don’t rely too heavily on others to take care of compliance with no oversight.
I hear all the time from my clients that, “The Medical billing company takes care of that,” or, “Our IT vendor is on top of it.” Do you have any clue? Are you double checking with security and privacy audits? Billing and coding audits? Are you checking in with them regularly about compliance issues? As a healthcare provider, you cannot escape your obligation to comply with federal law. You cannot rely on ignorance as a defense, and you cannot delegate your compliance obligations to a third-party. Ultimately, it’s your license and your National Provider Identifier number. You need to comply, and you cannot wash your hands of it by delegating responsibilities. Remember: Third-party vendors can go bankrupt, cancel contracts, and leave town. And they may not share the commitment to compliance like you do.
Compliance is like insurance – it’s your best opportunity to protect yourself BEFORE there’s a problem. Get your compliance house in order before it’s too late.