Compliance"Implementing an effective compliance program requires time and resources. . . but it is not brain surgery."
Program can limit legal, business, professional risks
By Robert J. Saner and Ana-Maria McKessy
This is the second article in a two-part series devoted to practice compliance. Part one of the series in the June issue addressed how practices should assess their need for a formal practice compliance program. This second article provides practical guidance on the development and operation of such a program.
Implementing an effective compliance program requires time and resources, and generally raises a thorny issue or two, but it is not brain surgery. Practices that choose the formal program route confront both legal and practical issues. For the government to consider a compliance program effective, it must address in some way each of the several program elements required by the federal Sentencing Guidelines.
The government looks for a commitment to compliance and ethical behavior that permeates the organization from top to bottom. State that commitment in general terms at the highest level, through a resolution of the Board of Directors or shareholders of the practice. Communicate it clearly and frequently to all members of your group, office staff, and independent contractors and agents. Make those affected by it part of the process, with input into design and implementation. Without buy-in at all levels in the organization, compliance plans look real on paper, but do not mean much on the ground.
Appoint a compliance officer to spearhead the initiative. This individual should be responsible for implementation, and act as the focal point for input, complaints and reports of alleged wrongdoing. Smaller practices may designate one of the physicians as compliance officer, or assign the responsibility to an existing administrative employee. Larger practices will generally hire a dedicated compliance officer for this purpose. Large practices frequently use a compliance committee as well, with representatives from different areas of the practice, as a policy arm and sounding board. Those charged with responsibility for compliance must have access to the group's leadership, outside the chain of command when necessary, and require the backing of top management if they are to have credibility.
Develop timelines for implementation and hold people accountable for results. Changing practices and group culture takes time, so be realistic about your goals and the completion dates that you set. Over-promising at the outset is a common mistake in compliance work.
Standards of conduct
In addition to a statement of general principles, a practice needs more detailed written standards to guide the organization's employees. These should be included in personnel manuals, and policy and procedure guides. They should not be simple restatements, copies or references to complicated regulatory requirements. Try to summarize in plain English the group's expectations of its employees, then refer them to sources of more detailed guidance. Commit to honesty, integrity and professionalism, and make sure these expectations are regularly communicated to employees, and made a part of each employee's personnel evaluation. These standards need to be tailored to the practice, and sometimes to different areas of the practice. Do not ask the receptionist to stay current on Evaluation and Management documentation guidelines. Again, do not over-promise; mistakes do and will happen.
Apply these standards before, not after hiring new doctors or staff. There is a growing army of health care professionals who have already been sanctioned by government enforcers, a significant number of whom have been convicted of criminal activities. The government expects careful screening and has developed tools like the Office of Inspector General's (IG) "cumulative sanctions report" to assist groups in identifying problem candidates. One practice hired a physician who had previously been de-licensed for drug offenses, and put him in charge of billing on the theory that he had paid his debt to society and deserved a second chance. A more careful background check would have revealed that he had also been convicted of fraudulent Medicaid billings, and guess what? He did it again, this time putting at risk an entire practice.
This element of the plan takes the more general commitments to the next level of detail. Tailor training programs and educational updates to the different demands of the practice. Focus first on priority areas where, through a needs assessment or otherwise, risk areas have been identified. Document the training program, and demand participation. Some of this training should emphasize the serious consequences of non-compliance with federal program requirements. Some should be geared to the governance level; it does not do much good to educate the coding and billing staff if board members routinely upcode, or authorize contract and investment relationships that violate the Stark law. Do not expect administration or outside counsel to protect you by reviewing contracts after you sign them.
Remember that federal requirements are constantly changing, and that training materials as well as policies and procedures have to be updated continuously. Training also has to respond to experience in other areas of the compliance effort. When audits in April show serious coding or documentation problems, do not wait until next January for another training session. Some practices focus training very heavily on new hires. That can be a big mistake where older physicians, having learned their coding and documentation habits in an era without federal scrutiny, resist necessary "re-education."
Compliance programs are all about self-policing, and it can take many forms. Incorporate periodic monitoring and auditing mechanisms, such as employee interviews, random chart reviews, and prospective billing audits. These identify system weaknesses and the need for changes to current practices or for additional employee training. Unfortunately, they also often uncover problems that are delicate to handle, and billing and documentation audits, in particular, have to be conducted with great care. Whether using in-house staff to audit, or engaging outside chart review firms, be careful how the audit programs are structured and consider getting legal advice before the audit work is done. Compliance audit results are the "hot potatoes" of compliance work, and raise difficult questions of refund, disclosure, and discipline when improper billings are uncovered. Discovering that you have billed abusively, then not promptly refunding the money can be a separate criminal offense, more serious than the initial billing problem itself.
Some mechanism for reporting suspected problems should also be implemented. This may be as simple as providing a post office box or toll free number for anonymous reporting, or having an open-door policy to respond to employee questions. Do not limit reporting to the usual chain of command, since the problem may be in the chain of command. The compliance officer should review all reports, and assess which warrant closer examination. Serious allegations require a thorough internal investigation, often with the assistance of outside counsel. Create a climate where employees feel comfortable reporting. Never retaliate against a report made in good faith, even if it turns out to be wrong. One practice did, and the next time the employee took the complaint to the IG instead.
Believe it or not, most compliance programs do uncover problems, ranging from innocent mistake to outright fraud, with most falling into a murky zone in between. Finding problems will not render your program ineffective in the eyes of the government; after all, that is one of the purposes of compliance programs. Failing to correct problems found, and take appropriate action to try to prevent their re-occurrence, on the other hand, will cost you the benefit of all this hard work. Think hard in advance about your appetite for discipline, even termination of partners and valued employees. If you don't have the stomach, you had better not dine at this particular restaurant.
Disciplinary tools should be graduated, and tailored to the seriousness of the offense, but consistently applied. Firing billing clerks for innocent mistakes, while looking the other way when the group's founder over-bills will discredit your program quickly. It is also a pretty good way to stimulate a whistleblower suit against the practice.
Learn from your mistakes, because you will make a few. Have mechanisms for periodic self-evaluation, like questionnaires or interviews. Compare mistakes uncovered with written standards and training materials to see if there is a link. If problems are centered in one part of the practice, or one area of the law, redirect resources to those areas until problems diminish. Have a formal evaluation of the effectiveness of the program at least annually, and review the results with the compliance committee or board of directors. In very large practices, consider having your compliance program evaluated externally. This is a new endeavor for most practices, and external evaluation will make sure you learn from other groups' mistakes as well as your own.
The value of having a compliance program may well be lost if not routinely documented. As with government's view of services, if compliance work was not documented, it likely was not done. If your plan says the compliance committee meets quarterly, have minutes in the file, or some explanation as to why a meeting was skipped. If you held training sessions, keep attendance sheets or acknowledgements by those trained. If you disciplined an employee for failing to adhere to compliance standards, state that reason in the personnel file.
Robert J. Saner, II, is a partner in the Washington, D.C. health care law firm of Powers, Pyles, Sutter & Verville, P.C. He specializes in health care law, legislation, and regulation. Ana-Maria McKessy is an associate with Powers, Pyles, Sutter & Verville, P.C. She specializes in fraud and abuse counseling.