Why do you need a compliance plan? There is no state or federal law or regulation explicitly requiring a compliance plan for physician practices. But, before you decide you’re not going to implement one, consider how others may be reviewing your practice, e.g., through a Medicare audit, a Medical Board complaint, or a private insurer’s Fraud Prevention and Detection Plan, any of which could also lead to prosecution under the state’s Health Care Claims Fraud Act.
Reducing exposure to liability is one of the key reasons for implementing and maintaining a compliance plan. Having an “active” compliance plan is evidence that a medical practice has made reasonable efforts to avoid and detect misbehavior, and that the requisite intent to commit health care fraud was not present and, thus, could reduce penalties if wrongdoing is found. Added benefits include improved coding and better communications within the practice. Establishing and executing an effective compliance plan will require time and money, but the alternative could be much more expensive in the long run.
An effective compliance plan should be reasonably designed, implemented and enforced with the goal of preventing, detecting, and correcting inappropriate and potentially criminal conduct. While no model plan for physician practices has been issued by the Office of Inspector General of the U.S. Department of Health and Human Services, the OIG is currently soliciting input and recommendations for developing OIG compliance program guidance for individual and small group physician practices. Until further guidance is issued, it is clear that the OIG expects the following elements (derived from U.S. Sentencing Guidelines) to be in any compliance plan:
- A compliance plan must state a code of ethical standards that is distributed and discussed within the practice. The standards should be made clear to employees and contractors, including the intent of the practice to take actions to uphold those standards.
- The practice must appoint a trustworthy compliance officer (whether a physician or a practice manager) with a high level of responsibility and sufficient authority to influence behavior and organizational practices. The officer should report to the board of directors, a board level committee, or to the highest levels of management.
- The practice must establish an effective and documented training and education program for all professional and support personnel, including an overview of state and federal health care laws applicable to the practice, private payor requirements, the operation and importance of the compliance plan, and the role of each employee in the plan.
- Compliance is an ongoing process and requires earnest implementation and enforcement. A baseline audit is needed to identify areas in need of correction and identify risk areas that may need to be the focus of the compliance plan, such as medical record documentation, coding, or diagnostic testing criteria. Periodic audits should occur thereafter.
- There must be a two-way communication process between the compliance officer and professional and support personnel, providing information about the organization’s standards and the results of audit and other compliance information, and responding to compliance questions and complaints. A confidential “hotline” system should be designed that not only facilitates reporting of suspected violations, but also instills confidence that confidentiality will be maintained, there will be no retaliation, and that the hotline complaint will be investigated.
- A compliance plan includes disciplinary guidelines and a system for appropriate investigation of problems, applicable to all individuals within the organization who fail to comply with their obligations under the compliance plan. Discipline can range from oral warnings,