DHHS OIG Issues Draft Guidance For Individual And Small Group Physician Practice

The Department of Health and Human Services Office of Inspector General's ("OIG") Draft Compliance Program Guidance for Individual and Small Group Physician Practices ("Guidance"), which was released June 7, 2000, is intended to assist individual and small group physician practices in developing and implementing internal controls and procedures that promote adherence to statutes and regulations applicable to the federal healthcare programs. According to the OIG, the Guidance is responsive to "physicians who have expressed interest in protecting their practices from the potential for fraudulent or erroneous conduct" and should be regarded as a set of guidelines physicians should consider when developing and implementing a compliance program. The Guidance notes that physician practices can gain numerous benefits by implementing an effective compliance program. Of particular interest to physicians is the opportunity to avoid potential liability arising from noncompliance and to reduce the exposure to penalties if liability is found. At the very least, according to the OIG, the existence of an effective program may show that the practice is engaged in a good faith effort to submit claims appropriately.

Fraudulent claims are distinguished from claims that are merely erroneous, and the Guidance suggests that physicians will not be subject to civil or criminal penalties for innocent errors, or even negligence, pointing out that the civil False Claims Act and the Civil Monetary Penalties Law cover only offenses that are committed with actual knowledge, reckless disregard, or deliberate ignorance of the falsity of the claim. The Guidance quotes Attorney General Janet Reno, who, in 1998, commented to a group of American Hospital Association ("AHA") administrators that "[i]t is not the [Justice Department's] policy to punish honest billing mistakes . . . [or] mere negligence. . . . These are not cases where we are seeking to punish someone for honest billing mistakes." The Guidance suggests that a compliance program should begin with a commitment by the physician practice to address the seven elements of an effective compliance program. The elements suggested in this Guidance are similar to those suggested for lab programs, with just one notable difference. Whereas the lab program guidance suggests the use of a process, such as a hotline to receive complaints, the physician Guidance instead suggests that practices develop accessible lines of communication, such as staff discussions and office bulletin boards, for this purpose.

In issuing the Guidance, the OIG did not indicate that strict compliance with the elements would necessarily be required. The OIG readily recognizes that smaller practices have needs that are different from the needs of large practices and suggests that the elements will be addressed in ways that are best suited to the individual practice.

I. Designating Written Policies And Procedures

The OIG's initial recommendation with respect to establishing written policies and procedures is the establishment of a code of conduct, wherein the practice's expectations with respect to billing and coding, patient care, documentation, and payor relationships are made clear to employees. The Guidance stresses the importance of employees actually committing to a code of conduct, not just being told of its existence. Regardless of the size of a practice, the OIG believes that written policies and procedures are absolutely essential; the OIG notes that, if a lack of resources to develop policies is genuinely an issue, then the practice should focus first on those risk areas most likely to arise in its particular circumstances. The Guidance identifies and discusses four specific risk areas that could affect physician providers: coding and billing, reasonable and necessary services, documentation, and improper inducements, kickbacks, and self-referrals. The Guidance is quick to caution that this list is not exhaustive and should be viewed as a "starting point for an internal review of potential vulnerabilities within the physician practice." The OIG discusses each of these four risk areas in turn.

A. Coding and Billing: The OIG urges that the identification of risk areas associated with coding and billing should be a major part of a physician practice's compliance program, and it enumerated several risk areas within the coding and billing umbrella, including double billing, failure to properly use modifiers, and upcoding the level of service provided.

B. Reasonable and Necessary Services: In the discussion of reasonable and necessary services, the Guidance points out that the OIG recognizes that, although physicians should be able to order any tests, including screening tests, that they believe are appropriate for the treatment of their patients, the practice should be aware that Medicare will pay only for services that meet the Medicare definition of reasonable and necessary.

C. Documentation: The Guidance describes appropriate documentation of diagnosis and treatment as one of the most important physician practice compliance issues. CPT and ICD-9-CM codes reported on reimbursement claims should be supported by documentation in the medical records, and all required information should be included. The Guidance clearly cautions that the Health Care Financing Administration ("HCFA") and local carriers should be able to determine who provided the services. These issues can be the root of investigations of inappropriate or erroneous conduct and have been identified by HCFA and OIG as a leading cause of inappropriate payments .

D. Improper Inducements, Kickbacks, and Self-Referrals: A physician practice should have policies to ensure compliance with the anti-kickback and Stark laws, and the related procedures should include measures that prohibit inappropriate inducements to patients.

To administer the compliance program, the Guidance urges practices to designate an individual who is responsible for overseeing the compliance program. The key is that the person be sufficiently independent in his or her position so as to protect against any conflicts of interest that may arise from performing assigned duties and compliance duties.

III. Training And Educating

The OIG has identified effective training and education as an important part of any compliance program. Training objectives should be developed with an eye toward the unique needs of the practice. Three basic steps for setting up educational objectives include who, what, and when : who needs training, what type of training is needed, and when is the education needed.

In developing a training program, the Guidance cautions against simply providing individuals documents for their own reading and comprehension; instead, the Guidance suggests that training can be accomplished through a variety of means, including in-person training sessions, distribution of newsletters, or even a readily accessible office bulletin board. The Guidance offers suggestions for developing compliance training in general, as well as for coding and billing training in particular. It also notes the importance of ongoing training following the initial effort.

IV. Effective Communication

The OIG continues to stress that an open line of communication is a key component of an effective compliance program. The Guidance, however, suggests that implementation of informal communication processes is sufficient for small practices. The Guidance acknowledges that previous OIG guidance, which had recommended formal and costly means, such as e-mail and hotlines, is probably not suitable for most small practices. Instead, the Guidance advises implementation of a clear "open door" policy. Whatever form of communication is adopted, the Guidance lists six elements that the communication should include:

1. Requirement that employees report conduct that they believe to be fraudulent or erroneous;
2. Creation of a user-friendly process for effectively reporting fraudulent or erroneous conduct;
3. Provisions in the policies and procedures that state that a failure to report fraudulent or erroneous conduct is a violation of the compliance program;
4. Development of an efficient procedure to process reports of fraudulent or erroneous conduct;
5. Use of a process that maintains the confidentiality of the persons involved in the alleged fraudulent or erroneous conduct and of the person making the allegation; and
6. "No retribution" provisions in the policies and procedures for good faith reporting.

V. Auditing And Monitoring

The OIG recommends that an ongoing evaluation process be implemented and that it be designed to measure whether the practice's standards and procedures are current and accurate and whether the program itself appears to be effective. The Guidance also sets forth detailed suggestions for conducting a claims submission audit and recommends that a baseline audit be conducted as part of the benchmarking analysis. Taking appropriate action when a problem is uncovered during the internal audit process is identified by the OIG as one of the most important elements of a successful billing compliance program. Although the OIG suggests that action should be taken as soon as possible, the OIG notes that it is "recommended that the action be taken within 60 days from the date the problem is identified."

VI. Enforcing Standards Through Well-Publicized Disciplinary Guidelines

Described as "necessary to put teeth into a compliance program," an effective physician practice compliance program, the OIG says, should include procedures for enforcing and disciplining individuals who violate the practice's compliance standards. A consistent approach is suggested, and the list of appropriate sanctions ranges from oral reprimands to the possibility of termination.

VII. Responding To Detected Offenses And Developing Corrective Action Initiatives

The Guidance notes that fraudulent or erroneous conduct that has been detected, but not corrected, can seriously endanger the reputation and legal status of a medical practice. The OIG suggests that, when confronted with reports or reasonable indications of suspected noncompliance, it is important that the compliance officer investigate the allegations; if a true problem is detected, then decisive steps to correct the problem must be taken. As previously stated, the physician practice should take appropriate corrective action, including prompt identification of any overpayment to the affected payor, because the OIG maintains that a knowing and willful failure to disclose overpayments within a reasonable period of time could be interpreted as an attempt to conceal the overpayment, thereby establishing an independent basis for a criminal violation.

The physician practice should recognize that, if a violation occurred and was not immediately detected, its compliance program might require modification. Physicians who detect violations should analyze the situation to determine whether a flaw in their compliance program had failed to anticipate the detected problem or whether the compliance program's procedures had failed to prevent the violation. In any event, notes the OIG, it is prudent for physician practices to periodically review and modify their compliance programs.