“Physicians don’t always want to put a lot of time and money into something that’s not a big risk,” says Brauchler, but there are certain things that are particularly worthy of a practice’s attention. “HIPAA, the False Claims Act and medical records are some of the issues that have the highest risk,” she says.
“A practice should have an overarching compliance plan that covers all of these issues,” says Brauchler.
If you already have a plan that needs review and updating, Brauchler outlines seven policy areas every practice should review to ensure an up-to-date compliance plan:
What? HIPAA – passed in 1996 – led to both the Privacy Rule (the federal standards for privacy of individually identifiable health information) and Security Rule (standards for protection of electronic protected health information). “Most people think of Protected Health Information when they think of HIPAA,” says Brauchler. But, she says, the law lays out a lot other rules that practices need to be aware of.
Why? Enforcement of HIPAA has increased under the Americans for Recovery and Reinvestment Act, which also increased the maximum fine per incident to $1.5 million.
More information: You can get a general overview of HIPAA on the Department of Health and Human Services website.
Medical records and documentation
What? “We looked and looked, but there isn’t a federal law outlining specific guidelines regarding medical records and documentation,” says Brauchler. “While there is no law, it is the best defense for proving compliance.”
Why? Medical record documentation is the best way to prove your compliance with laws.
What? Medicare National Correct Coding Initiative (NCCI) edits apply to Medicaid agencies now under the Patient Protection and Affordable Care Act.
Why? “When it’s Medicare and Medicaid there are some serious risks to being ignorant of these rules,” says Brauchler. The Recovery Audit Contractor (RAC) Program allows the government to contract with third parties to audit billing and coding practices. These auditors are only paid when they find errors, she says.
More Information: If you do not have a coding compliance program, check out this guide (PDF) from the American Medical Association.
False Claims Act
What? Prohibits the submission of false or fraudulent claims to the federal government. Although this law was enacted during the Civil War, “Today it’s being used to deal with false claims in Medicare,” explains Brauchler.
Why? “This is a concern because it’s the federal government’s number one tool for fighting fraud and abuse,” says Brauchler. The Office of Inspector General (OIG) has returned more than $30 billion to the federal government. Expected recoveries from 2012 alone equal $6.9 billion. A typical penalty is between $5,000 and $10,000.
More information: You can learn more about the FCA on the OIG website.
What? “This issue just got ramped up,” says Brauchler. The ACA requires providers to report and return an overpayment to the appropriate Medicaid state agency or Medicare contractor within 60 days of identification.
Why? Not refunding overpayments can be a False Claims Act liability. “If you haven’t reevaluated your credit and refunding procedures in your billing office since March 2016, you should,” says Brauchler.
More information: To learn more about this new regulation, check out the CMS news release.
What? This area includes non-discrimination, sexual harassment, the Family Medical Leave Act, the Fair Labor Standards Act and the Americans with Disabilities Act.
Why? There are many criminal and civil penalties possible depending on the law, plus a loss of reputation, says Brauchler.
More information: To learn more about these policies, visit the Equal Employment Opportunity Commission and the Department of Labor websites.
OSHA Medical Practice
What? The Occupational Safety and Health Act of 1970 instituted regulations to create safe and healthful workplaces, and there are several regulations specific to medical practices. Also, OSHA requires annual training.
Why? There are penalties of up to $124,709 per instance for willful violations.
More information: To learn more about the regulations, visit the OSHA website.
Not sure where to get started? Brauchler has a few tips to help you get the ball rolling:
• Don’t reinvent the compliance plan wheel
• Do a HIPAA self-assessment
• Review personnel files for necessary trainings
• Distribute handout articles as the topic of discussion at physician/staff meetings
• Implement a billing knowledge assessment for billers and coders to gauge aptitude
• Review and update OSHA policies and procedures
• Do OSHA training annually
• Consider an audit of medical record documentation
• Review all compliance designations and position descriptions