Upload
holland-amp-hart-llp
View
183
Download
1
Embed Size (px)
DESCRIPTION
-Common compliance issues -OIG Compliance Program Guidance for Individual and Small Physician Groups (10/5/00) -Practical suggestions for drafting or updating your compliance plan
Citation preview
Compliance PlansKim C. Stanger
(3/13)
Overview
Why compliance? Common compliance issues OIG Compliance Program Guidance for
Individual and Small Physician Groups (10/5/00)
Practical suggestions for drafting or updating your compliance plan
Written Materials
OIG Compliance Program for Individual and Small Group Physician Practices (10/5/00)
“A Roadmap for New Physicians: Avoiding Medicare and Medicaid Fraud and Abuse”
Sample, very basic Compliance Plan
Disclaimer
We are in a bit of flux– Affordable Care Act (“ACA”) may modify requirements
for a compliance plan.– We have not received implementing regulations.
Principles and sample plans need to be updated and modified to fit your circumstances.
This does not constitute the giving of legal advice. This does not establish an attorney-client
relationship.
Why compliance?
Why compliance?
The government wants its money back!
Increased Enforcement
Increased provider education– CMS training and resources for Medicare providers,
oig.hhs.gov/compliance/provider-compliance-training/index.asp. – MedicAide letter (4/12) re civil monetary penalties
Medicare and Medicaid RAC audits Beefed up fraud and abuse laws and enforcement authority
– False Claims Act– Anti-Kickback Statute– Ethics in Self-Referrals Act (“Stark”)– Civil Monetary Penalties Law– Idaho Medicaid fraud statutes
More sophisticated systems to identify overpayments Qui tam lawsuits Duty to self-report and repay
Repay Overpayments:Medicare “Overpayment” = payments a person receives or retains
to which person is not entitled after reconciliation. Must report and repay overpayments to contractor or
agency by:– 60 days after identify existence of overpayment, or– Date corresponding cost report is due.
Knowing failure =– False Claims Act violation
$5,500 to $11,000 per claim 3x damages Qui tam lawsuit Exclusion from Medicare/Medicaid
– Civil Monetary Penalties violation $10,000 penalty
(ACA 6402; 77 FR 9181)
Repay Overpayments:Medicaid
Must repay overpayments or claims previously found to have been obtained contrary to statute, rule regulation or provider agreement. – Within 60 days: interest free– Within 1 year: interest
Failure to repay =– Termination of provider agreement and exclusion from Medicaid
and other state health programs– Civil penalty of up to $1000 per violation– Referral to Medicaid fraud unit
Repeated rule violations– Recoupment– Civil monetary penalties of at least 25% of repayment
(IC 56-209h(6)(h); see MedicAide letter (4/12))
Health Care Crimes
Criminal Penalties for Acts re Health Care Programs, 42 USC 1320a-7bo False Statementso Anti-Kickbacko False Statements re Facility Certificationo Illegal Patient Admittance and Retention Practiceso Violation of Assignment Terms
Health Care Fraud, 18 USC 1347 Health Care Theft or Embezzlement, 18 USC 669 Health Care False Statements, 18 USC 1035 Health Care Money Laundering, 18 USC 1956, 1957 Obstruction of Health Care Investigation, 18 USC 1518 False Claims, 18 USC 287 False Statements, 18 USC 1001 Conspiracy to Defraud Government, 18 USC 286 Mail and Wire Fraud, 18 USC 1341, 1343 RICO, 18 USC 1961-1963 Medicaid Fraud, IC 56-227
Health Care Civil or Administrative Laws
Program Exclusion, 42 USC 1320a-7, 42 CFR pt. 1001.– Mandatory exclusions, 42 USC 1320a-7(a).– Permissive exclusions, 42 USC 1320a-7(b).
Civil Monetary Penalties, 42 USC 1320a-7a, 42 CFR pt. 1003 Program Fraud Civil Remedies Act, 31 USC 3801. Medicaid Fraud and Abuse, IC 56-209h, IDAPA 16.03.09.200. Civil Monetary Penalties, IC 56-227 Civil Remedies, IC 56-227 Associated regulations
Civil and administrative actions have lower standard of proof. Administrative actions do not require full procedure associated
with trial. See 42 CFR pt. 1005.
Compliance Plans
Why have a compliance plan?
ACA will require physicians to have compliance plan as condition to enrollment in Medicare, Medicaid, SCHIP. (ACA 6401)– HHS to develop “core elements” of required compliance
plans.– HHS has not issued implementing regulations for
physicians yet.– Regulations issued for other providers suggests that
HHS will track elements from earlier Compliance Program Guidance.
Why have a compliance plan?
Even if not mandated, compliance plan is still a good idea.– May facilitate compliance and avoid repayments and other
penalties.– May help avoid fraud charges.– May mitigate penalties.– May improve performance.
facilitates prompt claims submissions identifies undercoding as well as upcoding reduces claim denials improves medical record documentation may identify and prevent patient care problems improves staff education improves efficiency
Compliance plan = preventative medicine
What is the status of your compliance program? Is it current?
– Does it include elements govt recommends?– Does it address recent govt enforcement issues?– Does it fit the group’s current circumstances and
practices? Is it effective?
– Do you know where it is?– Do you or your employees know what it says?– Is it working?– Is it followed?
Remember: failure to comply with plan may be worse than no plan at all.
Common compliance issues
Common Compliance Issues for Physician Offices
Billing and coding Reasonable and necessary
services Documentation Improper financial relationships,
inducements and kickbacks Additional items identified in
– “Roadmap for Physicians”– RAC reports– OIG Workplans– OIG fraud alerts and bulletins– Medicaid newsletters
Billing and Coding
Billing for items or services not rendered or not provided as claimed
Submitting claims for services or items that are not reasonable and necessary
Double billing resulting in duplicate payments Billing for non-covered services as if covered Misuse of provider ID numbers Unbundling Upcoding Improper use of coding modifiers Clustering Lack of documentation to support claims
Reasonable and Necessary Services Medicare only pays for items or services that are reasonable
and necessary “for the diagnosis or treatment of illness or injury or to improve the functioning of a malformed body member.” (42 USC 1395y(a)(1)(A)).
Physician may be liable for false certification.– See Special Fraud Alert (1/99)
May bill to obtain denial for services, but only if denial is needed for reimbursement from secondary payor.
Support claim through documentation, e.g., medical records and physician orders.
Know and notify employees of the carrier’s Local Medical Review Policy (LMRP).
Provide appropriate Advance Beneficiary Notices (ABN)
Documentation
Timely, accurate and complete documentation sufficient to support claim.– Site of service– Appropriateness of service– Accuracy of billing– Identity of care provider
Records should comply with the following:– Medical record complete and accurate.– Reason for visit, history, physical exam and findings, prior
tests, assessment, diagnosis, plan of care.– Rationale for diagnostic and ancillary services.– Codes supported by record documentation.– Progress, response, changes in treatment, etc.
Inducements, Kickbacks, and Self-Referrals
Anti-Kickback Statutes– Cannot knowingly offer, solicit, give, or receive
remuneration to induce referrals for items or services covered by Medicare/Medicaid unless fit within safe harbor.
Ethics in Patient Referrals Act (“Stark”)– Physician cannot refer patients for designated health
services to entity with whom physician or their family member has financial relationship unless relationship fits within exception.
– Entity that provides service per improper referral cannot bill for service, or if billed, must repay payment.
Inducements, Kickbacks, and Self-Referrals
Civil Monetary Penalties Laws– Cannot offer or transfer remuneration to
Medicare/Medicaid beneficiary if you know or should know that the remuneration is likely to influence such individual to obtain items or services payable by Medicare/Medicaid from a particular provider.
– Hospital or CAH cannot knowingly make payment to a physician to induce physician to reduce or limit services payable by Medicare.
Inducements, Kickbacks, and Self-Referrals Suspect transactions: generally any arrangements
between referral sources (e.g,. hospitals, other providers, pharmaceuticals, vendors, DMEs, Medicare beneficiaries, etc.).– Contracts, including employment, consulting, medical
directorships, professional services, etc.– Leases, including space or equipment.– Joint ventures– Gifts and perks– Free or discounted services or goods (e.g., free screening)– Waivers of copays or deductibles– Professional courtesy– Gainsharing
Ensure transactions with referral sources are structured to comply with laws.
Excluded providers
Cannot contract with person excluded from participation in federal health care program.– Providers– Employees– Independent contractors– Volunteers– Clinical or administrative
Must check excluded provider databases.– HHS-OIG List of Excluded Individuals,
www.hhs.gov/oig
OIG Compliance Program Guidance for Physicians
65 FR 59434 (10/5/00)
OIG Compliance Program Guidance
Not mandatory. Not a compliance plan itself. Provides a guide or outline for a compliance plan. Feds will give some deference if plan addresses the
elements and standards in the OIG guidance.– 7 elements are based on Federal Sentencing
Guidelines. Unlike other similar programs, OIG is very flexible and
does not expect small practices to formally implement all 7 elements.
OIG Compliance Guidance:Elements
1. Internal monitoring and auditing.2. Written standards, policies and procedures.3. Compliance officer or contacts.4. Education and training.5. Investigation of alleged violations and appropriate
disclosures to government agencies.6. Open lines of communication, e.g., open discussions
at staff meetings or bulletin board notices.7. Enforcement of disciplinary standards.
Implementation depends on size and resources of group.
1. Compliance officer(s) and contact(s)
Designate person(s) to respond to or prevent problems. May be one person, multiple employees with divided
responsibilities, or outsourced. Job duties include:
– Oversee and monitor compliance program.– Establish methods to check and improve compliance.– Modify compliance program per changes in practice,
government laws and regulations, payor rules, etc.– Develop and participate in compliance training.– Check excluded provider lists.– Investigate reports of potential violations.
2. Written standards and procedures
Develop written standards to address/prevent problems. Basic standard of conduct. Focus on risk areas, e.g.,
– Coding and billing– Reasonable and necessary services– Documentation of diagnosis and treatment.– Improper inducements, kickbacks and referrals
Look to others’ policies, but modify as appropriate. Use basic policies coupled with copies of relevant
resources, e.g., CMS directives, OIG bulletins, Fraud Alerts, etc.
2. Written standards and procedures (cont.)
Regularly review and update with managers and compliance committee.– New laws, regulations, or guidance– Identified problems or risk areas– Change in group circumstances
Tailor policies and procedures to intended audience and job functions.
Ensure policies are written clearly and are not overly complex.
Include real life examples.
2. Written standards and procedures (cont.) Address retention of records.
– Policy should apply to: Records necessary to support payments, e.g., clinical records,
claims documentation, etc. Documents to verify compliance process, e.g., training,
complaints, investigation, compliance program changes, self-disclosures, audits, communications/guidance from regulator, etc.
– Retain for appropriate time. Medicare and Medicaid generally require 5 years. False Claims Act statute of limitations is 6-10 years. Recommendation: 7-10 years.
– Destroy records per appropriate record policy.– Preserve records relevant to investigation.
3. Training and education
Train new providers and employees during orientation– Commitment to compliance– Relevant laws and regulations– Compliance plan– Individual’s role in compliance
Periodically review or update according to needs, e.g., changes in laws, practice, problems, etc.– Train billing and coding personnel at least annually.
Ensure compliance personnel receive ongoing training.– Seminars, workshops, listserves, etc.
Train employees according to their duties. Use real life examples. Document training.
3. Training and education (cont.)
Training should cover:– Compliance plan.
Standards, policies, and procedures. Discipline for non-compliance. Reporting and non-retaliation
– Billing and coding. Coding requirements Claim development and submission process. Signing form without physician authorization. Proper documentation of services rendered. Proper billing standards and procedures and submission of
accurate bills for government claims. Legal sanctions for submitting false or reckless billings.
– Other risk areas.
3. Training and education (cont.) Training sources might include:
– Internal inservice programs– Compliance bulletin board or posting– Professional association programs, publications, or newsletters– Carrier bulletins and training programs– Third-party billing company services– Commercial seminars or workshops– Government training materials
http://oig.hhs.gov/compliance/– Government fraud alerts, bulletins, etc.
http://oig.hhs.gov/compliance/– Listserves– On-line training– Internet
4. Auditing and monitoring
Audits and monitoring should be used to:– Establish baseline in initiating compliance plan.
Claim development and submission process Identify risk areas
– Periodically assess organization’s compliance– Monitor work of new employees or providers– Respond to complaints.
4. Auditing and monitoring(cont.)
Audits should assess– Claims submitted
Proper coding accurately represents services provided.
Proper documentation to support charges. Services reasonable and necessary. No incentives for unnecessary services.
– Contracts Relationships with referral sources
– Quality of care Services and outcomes
– Practice standards, procedures, and effectiveness. Accurate, current, and complete.
4. Auditing and monitoring(cont.)
Create audit plan and re-evaluate it regularly.– OIG recommends
Annual review 5+ records per govt payor 5-10 records per physician
– Refer to sampling techniques in OIG Self-Disclosure Protocol or CIAs
Consider cause of any problems. Create corrective action plans to fix problems.
– Remember 60 day limit to report and repay
5. Open lines of communication
Maintain open door policy. Encourage questions and voicing of concerns. Maintain communication with billing company. Require employees to report suspected violations
promptly and discipline employees for failing to report.– Remember 60-day deadline to report and repay.
Establish process for reporting concerns, e.g., – Persons to whom reports should be made.– Maintain anonymity if possible (e.g., drop box, hotline).– Cannot guarantee anonymity.
Establish and enforce clear non-retaliation policy. Maintain communication with governing board.
6. Respond to suspected violations Indicators of potential problems
– Audit results– Complaints– Significant changes in number or types of claim denials– Challenges from payors– Pattern changes involving use of codes, increased
revenue by a provider, etc.
6. Respond to suspected violations (cont.)
Follow up on all suspected problems. Stop suspected misconduct pending investigation. Conduct a timely, appropriate investigation.
– Remember 60-day deadline to report and repay. Depending on circumstances, response could include:
– A corrective action plan by group.– Return of overpayments.– Report to govt and/or referral to law enforcement.See OIG Self-Disclosure Protocol, www.hhs.gov/oig– “Innocent” mistakes: refund to payor.– Fraudulent acts: report to govt or law enforcement.
Consider consulting with qualified attorney or expert. Document response. Modify compliance plan as appropriate.
6. Respond to suspected violations (cont.)
Don’t make a bad situation worse by ignoring or covering up a violation.
7. Enforce standards through discipline
Take action against employees for violations. Ensure consistent and appropriate sanctions.
– Oral warnings– Written reprimands– Probation– Demotion– Suspension– Termination– Restitution– Referral to law enforcement.
Document in in-house training, employee handbooks, compliance bulletin board, etc.
Document sanctions.
7. Enforce standards through discipline Perform due diligence re new employees with
responsibilities that implicate compliance.– Check backgrounds and qualifications.– Require disclosure of crimes, program exclusions,
etc. Establish policy prohibiting employment of persons
recently convicted of crime involving health care or excluded from program.– Remove or suspend person from activities involving
compliance issues pending resolution of criminal or exclusion investigation.
– Terminate contract or privileges if convicted of health care crime or excluded from program.
“Okay, but how do I come up with a compliance program?!”
Some practical suggestions for updating or developing a compliance plan…
Suggestions for establishing a compliance program.
1. Don’t get intimidated; your program is simply the things you do to promote compliance.
2. Read the OIG Compliance Program.– Only 16 pages long.– Good outline of elements.– Good summary of risk areas that should be
addressed.3. Get physician “buy in” and support.
– Explain benefits.– Remind them of consequences for violations,
including jail, repayments, fines, and qui tam action by whistleblowers.
Suggestions for establishing a compliance program.
4. Establish a written compliance standard and incorporate it into relevant documents, including:– Employee handbook.– Employee training.– Employee evaluations.– Relevant contracts.
Standard should stress:– Commitment to compliance.– Duty to report suspected non-compliance.– Process for reporting non-compliance.– No retaliation against those who report.– Sanctions for non-compliance.
Suggestions for establishing a compliance program.
5. Identify and focus on the key areas for concern based on high risk areas, e.g., – Billing and coding.– Improper inducements (kickbacks, Stark referrals,
contracts or arrangements with other entities, etc.).– Past problems, e.g., claims denials or
overpayments.– Others.
6. Evaluate your performance in the high risk areas. – Review processes.– Review contracts and records.– Review denials.– Discuss with billing agents.
Suggestions for establishing a compliance program.
7. Create or gather documents that explain applicable standards to employees.– Other providers’ written standards– OIG Compliance Program– Commercial products– Professional associations
To the extent you use or create written material to establish your program:– Keep it short– Keep it simple– Make sure it fits your organization– Don’t include anything you won’t do
Suggestions for establishing a compliance program.
8. Train employees on the standards.– Focus on key employees first.– Document training.– Have them sign certification re training.
9. Stay informed of changes in laws.– List serves and publications.– Industry groups.
10. Follow up– Periodic monitoring.– Investigation and response to complaints/problems.– Training.– Documentation.
Additional Resources
https://oig.hhs.gov/compliance/
OIG Website
Compliance 101 series– Videos
HEAT Compliance Training Documents– “Health Care Compliance Program Tips”– “Operating and Effective Compliance Program”– “Recommended Compliance Resources”
OIG Compliance Program Guidance– OIG Supplemental Compliance Program Guidance for Hospitals,
70 FR at 4863-69– OIG Compliance Program Guidance for Physicians, 65 FR 59434
Advisory Opinions, Special Fraud Alerts, Bulletins, Letters CMS Proposed Report and Repayment Rule, 77 FR 9179 Other materials
Additional Holland & Hart Resources
Health Law Basics monthly webinar series– 2/12, 21, and 28
Stark Anti-Kickback Statute Civil Monetary Penalties laws
– 3/14 Physician Contracts– 4/11 HIPAA
Healthcare Update and Health Law Blog– Under “Publications” at www.hollandhart.com.– E-mail me at [email protected].
Webinars are currently recorded and available through our website
Questions?
Kim C. Stanger
Holland & Hart LLP
(208) 383-3913