On June 12, 2000, the Office of Inspector General (OIG) in the Department of Health and Human Services published in the Federal Register, for purposes of seeking comments of interested parties, draft Compliance Program Guidance for individual and small group physician practices. The Compliance Program Guidance is also available on the Internet (http://www.dhhs.gov/progorg/oig). Through the Federal Register notice, the OIG offers its general views on the value and principles of individual and small group physician practices’ compliance programs, along with the specific elements that these practices should consider when developing and implementing an effective compliance program. The OIG notice provides a longer than usual public comment period of 45 days, until July 27, 2000, in order to allow the physician community extra time to review the draft guidance in order to comment. The OIG plans to publish the final Program Guidance later this year.
A More Collegial Tone by the OIG
This most recent OIG draft Program Guidance reflects more sensitivity to the needs and more limited resources of individual and small group physician practices. The OIG’s press release about the Program Guidance solicits physicians’ "invaluable insights" about how physicians and their colleagues can put voluntary compliance plans into place in their practices. Probably responding to criticism of the zealousness of past OIG press and enforcement policy statements, the OIG acknowledges that "the great majority of physicians are honest and committed to providing high quality medical care to Medicare beneficiaries." Moreover, the OIG observes that "physicians are not subject to civil or criminal penalties for innocent errors, or even negligence. The government’s primary enforcement tool, the civil False Claims Act, covers only offenses that are committed with actual knowledge of the falsity of the claim, reckless disregard or deliberate ignorance of the truth or falsity of a claim. The False Claims Act simply does not cover mistakes, errors or negligence according to the OIG’s press release. (Emphasis in the original OIG press release.) The Program Guidance stresses that it represents the OIG’s suggestions on how physician practices can best voluntarily establish internal controls to prevent fraudulent or other improper activities, and that it is not mandatory or binding. Of course, the OIG will consider the existence of an effective program that pre-dates a governmental investigation when addressing the appropriateness of administrative sanctions. In addition, criminal sanctions may be mitigated by an effective compliance program that was in place at the time of the criminal offense under the United States Sentencing Commission Guidelines Manual.
The Seven Elements of the Program Guidance Are the Same As Other, Previous OIG Guidance
Like other guidance already issued by the OIG, the draft Program Guidance contains seven elements that the OIG believes are fundamental to an effective compliance program:
- implementation of written policies and standards of conduct;
- designation of a compliance officer or contact (preferably, in the case of physician compliance programs, an individual with experience in billing and coding);
- conducting comprehensive training and education programs;
- providing accessible lines of communication;
- conducting internal monitoring and periodic auditing;
- enforcing standards through well-publicized disciplinary guidelines; and
responding promptly to detected offenses and undertaking corrective actions.
In listing these seven elements, the OIG recognizes that full implementation of all elements may not be feasible for all physician practices. The OIG suggests that smaller practices should consider addressing each of the elements in a manner that best suits the practice; in contrast, larger practices would be expected to address the elements more systematically, for example, by utilizing the OIG’s guidance for small group practices and the Third-Party Medical Billing Compliance Program Guidance to tailor a program to the practice.
The OIG strikes a new note encouraging collaborative efforts as a means of achieving the desired objective of compliance, without burdening or requiring physicians to undertake duplicative action. Thus, a physician might participate in the compliance program of a hospital or other setting in which the physician practices. The OIG views a physician’s participation in another provider’s compliance program as a way to, at least partly, satisfy elements of the physician’s own compliance program. For larger providers conducting compliance programs, Physician Practice Management Companies (PPMCs), MSOs, IPAs and billing companies, this may represent an opportunity to make compliance program resources and expertise available to physician practices (as some are already doing) on a cost-effective basis, avoiding duplication of resources.
OIG Identifies Specific Risk Areas
To assist physician practices in performing an initial assessment of specific risk areas for purposes of developing policies to prevent fraudulent or erroneous conduct, the OIG identified risk areas to serve as a starting point for an internal review of potential vulnerabilities with the practice. The OIG’s risk areas include:
- coding and billing;
- reasonable and necessary services;
- documentation; and,
- improper inducements, kickbacks and self-referrals.
The objective of this assessment is to ensure that key personnel are aware of the risk areas and that steps are taken to minimize the problems identified in each risk area. The OIG provides examples of discussions of risk areas for physicians that should take place within the practice. In a discussion of Coding and Billing, for example, the failure to properly use coding modifiers and upcoding the level of service provided are among the most frequent subjects of investigations and audits by the OIG. In a footnote (number four), the OIG cites Internet resources, such as the HCFA website, for practices to keep up-to-date on Medicare and Medicaid program information.
Observations on the Draft Program Guidance
Compliance Officer and Outsourcing
While stressing the independence of the compliance officer, the OIG considers experience in billing and coding to be an attribute and qualification of a compliance officer. Demonstrating concern with the practical necessities of small physician practices, the OIG returns to the concept of outsourcing. Where staffing limitations mandate that the practice cannot afford to designate a person to oversee compliance, the practice could outsource all or part of the functions to a third-party, such as a consultant or PPMC. The regulations contain a useful "short list" of primary responsibilities of a compliance officer (i.e., conducting periodic audits; developing and coordinating training programs; and ensuring that the HHS-OIG List of Excluded Individuals and Entities and the GSA’s List of Parties Debarred from Federal Programs, have been checked with respect to all employees, medical staff members and independent contractors.
Auditing and Reliance on Advice From Governmental Agencies
The Guidance stresses that bills and medical records should be reviewed for compliance with applicable coding, billing and documentation requirements, noting the baseline or "snapshot" audit that the OIG recommended in the Third-Party Medical Billing Compliance Program Guidance. Following the baseline audit, the OIG suggests that periodic audits of a randomly selected number of medical records, to ensure that coding was performed accurately, be conducted at least once each year. Repayments to the Medicare program are discussed in the context of this auditing. High rates of rejected and/or suspended claims and the placement of a practice on pre-payment review by the carrier are warning signs that should be followed up on immediately. In what should be standard advice to any practice, the OIG says that when a practice requests advice from an intermediary or carrier, the practice should document and retain a record of the request and any written or oral response. "This step is extremely important if the practice intends to rely on that response to guide it in future decisions . . ."
Potential Problem With the Guidance
The OIG states that a compliance program’s system for effective communication should include a requirement that employees report conduct that a reasonable person would, in good faith, believe to be fraudulent or erroneous, and that a failure to report fraudulent or erroneous conduct is a violation of the compliance program. While this may seem a straightforward proposition, in fact, labor unions have considered such requirements that may result in disciplinary action against a union member as the subject of labor union contract negotiation, not a policy that may be unilaterally imposed by the employer. Undoubtedly, other issues will be identified in the OIG draft guidance.
Six Useful Appendices
The draft Guidance contains useful appendices:
Appendix A is a comprehensive discussion of additional risk areas under four main headings:
Reasonable and Necessary Services
includes: determinations of reasonable and necessary services and the variation in local medical review policies among carriers; Advanced Beneficiary Notices; physician liability for certifications of DME and home health services; and billing for non-covered services as if covered;
Physician Relationships With Hospitals
includes: the Patient Anti-Dumping Statute; teaching physicians; gainsharing arrangements and Civil Money Penalties (CMPs) for hospital payments to physicians to reduce or limit services to beneficiaries;
Physician Billing Practices
includes: third-party billing services; billing practices by non-participating physicians and professional courtesy; and
Other Risk Areas
includes: rental of space in physician offices from referral sources and unlawful advertising.
Appendix B is a concise description, compiled by the OIG, of criminal statutes related to fraud and abuse in the context of health care.
Appendix C contains a similar description of civil and administrative statutes related to fraud and abuse in the context of health care.
Appendix D contains OIG-HHS Contact Information, including the provider self-disclosure protocol.
Appendix E advises that a complete list of contact information for Medicare Part A Fiscal Intermediaries, Medicare Part B Carriers, Regional Home Health Intermediaries and Durable Medical Equipment Regional Carriers (DMERCs) can be found on the HCFA website at www.hcfa.gov/medicare/incardir.htm.
Finally, Appendix F is a listing of Internet resources with information relating to Federal health care programs.