by Nancy Babbitt, FACMPE
Ever feel like you are drowning in the “regulatory alphabet soup” of our healthcare industry? It seems many times solutions developed to fix our healthcare systems’ problems result in more rules and regulations. But is anything ever taken away? Rarely! Some programs are mandatory, like HIPAA, OSHA, and CLIA. Others you may choose to participate in because they have a positive return on investment if you successfully comply. These programs include: Quality Initiative Programs, Patient-Centered Medical Home (PCMH), Population Health Management, and Shared Savings Programs.
Regardless of whether a regulatory program is mandatory or optional, the fact is that today’s practices are facing an unprecedented amount of oversight. The list of compliance and regulatory areas are staggering—False Claims Act, Physician Self-Referral (Stark) Act, Anti-Kickback Law, Exclusion Statute, Civil Monetary Penalties Law, Centers for Medicare and Medicaid Services (CMS) – Revenue Audit Contractors (RAC’s), HIPAA – to name just a few. Therefore, it’s crucial that pediatric practices understand the consequences of non-compliance and how to safeguard themselves against any regulatory issues. In essence, practices must take the necessary steps to survive healthcare’s regulatory alphabet soup. This article will help.
Let’s start with the implications of not complying. Non-compliance can put the practice at risk in many ways. For example, if your patient information is posted to the Internet and this HIPAA (Health Insurance Portability and Accountability Act) breach makes the nightly news, (or just the Facebook rounds) this could be devastating to your practice’s financial well-being and reputation. Expenses could include required notifications and identity theft measures, possible fines and penalties, and lost patients and referrals due to the bad publicity. If you do an Internet search of “medical records and the dark web”, you may be surprised at the volume of articles detailing practices of all sizes that have been victims of IT intrusions and ransomware. It is not just the large hospitals or healthcare systems.
Claim Filing and Overpayments – RAC Audit
In most states, there are multiple Medicaid Billing Manuals, each with hundreds of pages adding up to thousands of rules. This does not include the monthly or quarterly updates – many of which contain billing updates or edits! With the overwhelming number of rules, it is easy to see how a practice could make an innocent mistake filing an incorrect claim.
Be that as it may, incorrect claim filing and overpayments is another area ripe for non-compliance scrutiny. In fact, government and private insurance providers consider detecting “fraud and abuse” that results in claim overpayments a top priority. Enter the auditors.
Have you ever been the focus of a RAC audit? If not, consider yourself lucky. It’s not only unpleasant, but also disruptive to the entire practice. Typically RAC audits start with a letter from CMS stating that their Revenue Audit Contractors (RAC) have identified some irregular billing patterns in the practice’s Medicaid claims. As a result, the practice is required to provide a sample of Medicaid claims – usually around 200 – for further review. If the auditors find errors, they can extrapolate what they find in the sample over the past several years on all claims the practice filed. The number and dollar amount of overpayments made in error can be excessive when added up. If the practice cannot afford to make a lump sum repayment, CMS may allow partial recoupment out of future claim payments, in addition to implementing a corrective plan.
HIPAA, OSHA, and CLIA
Three more regulatory areas that take a large amount of time to comply with are HIPAA, OSHA (Occupational Safety and Health Administration), and CLIA (Clinical Laboratory Improvement Amendments). Non-compliance can result in fines or penalties, impact patient care, and lead to excessive legal and administrative costs. Mounting a legal defense and having staff complete the work necessary to comply with regulators and audits, can take a financial and emotional toll on the practice.
TIP: Many malpractice carriers have insurance available to help with these fees, it is worth looking into!
How do you prepare your practice to be compliant with the overwhelming number of regulations? Let’s face it, with the number of regulations, which are ever-changing, no one can be perfect. Odds are if your practice gets audited, unintended errors may be discovered. However, if you’ve tried to be compliant, and have the appropriate documentation to prove it, the governing agency may give you time to fix issues. If not, they may take your attempts at being compliant into consideration when determining penalties.
Develop a Compliance Plan
Did you know the Affordable Care Act (ACA) made it mandatory for all healthcare providers who participate in Medicare, Medicaid, or CHIP (Children’s Health Insurance Program) to have a corporate compliance plan (enforcement date is still to be determined)? Prior to the ACA mandate, the Office of Inspector General (OIG), which oversees and imposes the penalties for many of these regulations, had been advising physician practices to voluntarily adopt a compliance plan. The good news for practices is that the OIG has created compliance plan training and guidance.
Believe it or not, it is possible to develop ONE compliance plan “template” that would apply to most compliance programs and regulatory areas. Why reinvent the wheel when you can use the government’s corporate compliance plan guidance as a template for many other programs and/or projects? Even if your practice does not participate in a government program, most of the commercial payers now require a corporate compliance plan as part of their enrollment requirements.
A corporate compliance plan is your practice’s regulatory playbook. It outlines how you intend to follow regulatory requirements and helps to establish a “culture of compliance” in your practice. Although developing a plan may seem like a daunting task, it is one worth tackling. When the processes and procedures outlined in the plan are brought to life, you will most likely find that problems are detected much earlier, resulting in increased operational efficiencies and reduced costs. In addition, a good corporate compliance plan can help your practice avoid many areas of risk in the future.
The OIG does not provide a sample compliance plan as they encourage practices to develop a plan specific to their needs. However, they do provide guidance and training on how to create one. This is summarized below. In addition, many large healthcare systems have sample corporate compliance plans online that may give your practice additional ideas and insights.
The OIG says your plan should include seven key areas:
1. Written Policies, Procedures and Standards of Conduct
2. Compliance Program Oversight
3. Effective Training and Education
4. Open Lines of Communication
5. Auditing and Monitoring Process
6. Consistent Discipline
7. Corrective Action
Let’s take a closer look at each area. As you go through the seven areas, think about how this could apply to commercial payers or what other regulatory requirements could be added to or referenced in the corporate compliance plan.
Develop a set of written policies, procedures, and standards of conduct that will help your practice comply with the law. At a minimum, these should include clearly written staff compliance expectations; a code of conduct; the chain of command for reporting issues; and how and when training will be conducted. To get staff engaged in the process, use this as a team-building exercise. If your team members have “skin in the game” and understand “why” these policies and procedures are important to the practice in general and them in particular, the compliance success rate will increase.
TIP: Make your policies, procedures, and standards of conduct easy to read and follow.
Compliance professionals are the individuals in the practice who supervise the compliance program to ensure the policies and procedures are implemented and followed. It is critical to pick a compliance officer that is accessible, approachable, and reasonable. In addition, designate a “second in command” in case someone needs to report on the compliance officer. If you prefer, you may choose to “outsource” this position to an external business partner who has expertise in this area.
TIP: Make compliance program oversight powerful, but not scary.
It is up to the practice leaders to make compliance training a priority. Make the training professional and easy to follow so that the staff take it seriously and comply with the plan. New hires need to be trained within their first 90 days and all staff members annually. Some practices use online training modules, in-person training, or a combination of the two. Regardless of the training method, the best way to keep your staff engaged during the training and ensure that they retain the information after is to make it fun.
We all know our staff can make or break a project. To ensure that your training is a success, get staff buy-in by letting them decide on training methods or participate in the training and education development. This will help with compliance and acing audits.
TIP: Use the government training videos and slides as a resource: https://oig.hhs.gov/compliance/provider-compliance-training/
Staff members must feel comfortable and be encouraged to report issues or problems without the fear of retaliation. During training, emphasize that mistakes will be made and stress the importance of reporting them so the practice can handle them, learn from them, and improve processes and procedures to prevent them from happening in the future. Reporting is not about blaming an individual, but rather improving compliance. In fact, if you are audited and can show that you have resolved the few issues that you’ve encountered that’s actually positive. It shows your plan is a living document that is being used, not just a notebook collecting dust on a shelf. It also demonstrates that staff members are thinking about compliance and its relationship to quality, effective, and safe patient care. Promoting a culture of compliance means striving for perfection, but realizing mistakes will happen and improvements will need to be made along the way.
TIP: Set the tone. Demonstrate how important compliance is to your practice by adding compliance issues and updates to all board and staff meeting agendas.
In order to evaluate the effectiveness of the plan, ensure compliance, identify risks, and make improvements. Auditing and monitoring are necessary. The corporate compliance plan should outline how you will respond to issues uncovered as a result of your monitoring efforts or during an audit. As part of your monitoring and auditing processes, ask these questions: Are staff and providers reporting concerns? Are corrective action plans enough? Results should be communicated to the team routinely, so they know the compliance plan is effective and helping to improve areas of risk.
TIP: Keep communications about auditing and monitoring processes frequent and positive so staff members feel empowered to report areas of risk. Be proud of the changes and the improvements that have occurred due to the plan.
Consistent discipline of “repeat offenders” is needed to create an atmosphere of accountability. Not only do the written policies and procedures need to outline the disciplinary process for continued non-compliance, but also need to include consequences for not reporting issues. Enforcing the rules will illustrate that the compliance plan is an important part of the practice’s business operations.
TIP: Act swiftly and follow the written disciplinary process if there is a violation.
Put in writing your commitment to comply with corrective actions. For example, if you find payment errors – note that you will disclose them and repay any overpayments.
In essence, when developing your compliance plan, you need to be organized, track deadlines, respond timely to requests, and use experts if needed.
The only constant in healthcare is change. We know there will be another regulatory challenge coming soon, whether it is a government mandate or a project we choose to conquer in order to improve patient care and increase revenue. It means learning new requirements and rules, which means more work for you and your staff. However, you can make this process as painless as possible by creating a template that’s easy to follow or adding the new mandate or project to your existing corporate compliance plan. If your practice is already trained, organized, and complying with existing regulations, it makes adding one more a little easier!
Office Practicum is a leading provider of pediatric-specific solutions. Our EHR, PM system, and billing services help pediatric practices improve clinical and financial outcomes. Contact us today to learn more.