Medical Group Management Association
Join Now

Start the new year by reviewing your compliance policies

Insight Article - December 19, 2016

Compliance Regulations

Shannon Geis
Have you updated your compliance plans recently? The beginning of the new year is a great time to go over your policies and make sure they are up to date. Marcia Brauchler, MPH, CPC-I, COC, CPHQ, FACMPE, president, Physicians’ Ally, Inc., Highlands Ranch, Colo., outlines some of the top considerations for practices.

“Physicians don’t always want to put a lot of time and money into something that’s not a big risk,” says Brauchler, but there are certain things that are particularly worthy of a practice’s attention. “HIPAA, the False Claims Act and medical records are some of the issues that have the highest risk,” she says.

“A practice should have an overarching compliance plan that covers all of these issues,” says Brauchler.
If you already have a plan that needs review and updating, Brauchler outlines seven policy areas every practice should review to ensure an up-to-date compliance plan:


What? HIPAA – passed in 1996 – led to both the Privacy Rule (the federal standards for privacy of individually identifiable health information) and Security Rule (standards for protection of electronic protected health information). “Most people think of Protected Health Information when they think of HIPAA,” says Brauchler. But, she says, the law lays out a lot other rules that practices need to be aware of.

Why? Enforcement of HIPAA has increased under the Americans for Recovery and Reinvestment Act, which also increased the maximum fine per incident to $1.5 million.

More information: You can get a general overview of HIPAA on the Department of Health and Human Services website.

Medical records and documentation

What? “We looked and looked, but there isn’t a federal law outlining specific guidelines regarding medical records and documentation,” says Brauchler. “While there is no law, it is the best defense for proving compliance.”

Why? Medical record documentation is the best way to prove your compliance with laws.

Correct Coding

What? Medicare National Correct Coding Initiative (NCCI) edits apply to Medicaid agencies now under the Patient Protection and Affordable Care Act.

Why? “When it’s Medicare and Medicaid there are some serious risks to being ignorant of these rules,” says Brauchler. The Recovery Audit Contractor (RAC) Program allows the government to contract with third parties to audit billing and coding practices. These auditors are only paid when they find errors, she says.

More Information: If you do not have a coding compliance program, check out this guide (PDF) from the American Medical Association.

False Claims Act

What? Prohibits the submission of false or fraudulent claims to the federal government. Although this law was enacted during the Civil War, “Today it’s being used to deal with false claims in Medicare,” explains Brauchler.

Why? “This is a concern because it’s the federal government’s number one tool for fighting fraud and abuse,” says Brauchler. The Office of Inspector General (OIG) has returned more than $30 billion to the federal government. Expected recoveries from 2012 alone equal $6.9 billion. A typical penalty is between $5,000 and $10,000.

More information: You can learn more about the FCA on the OIG website.

Overpayment refunds

What? “This issue just got ramped up,” says Brauchler. The ACA requires providers to report and return an overpayment to the appropriate Medicaid state agency or Medicare contractor within 60 days of identification.

Why? Not refunding overpayments can be a False Claims Act liability. “If you haven’t reevaluated your credit and refunding procedures in your billing office since March 2016, you should,” says Brauchler.

More information: To learn more about this new regulation, check out the CMS news release.

Human resources

What? This area includes non-discrimination, sexual harassment, the Family Medical Leave Act, the Fair Labor Standards Act and the Americans with Disabilities Act.

Why? There are many criminal and civil penalties possible depending on the law, plus a loss of reputation, says Brauchler.

More information: To learn more about these policies, visit the Equal Employment Opportunity Commission and the Department of Labor websites.

OSHA Medical Practice

What? The Occupational Safety and Health Act of 1970 instituted regulations to create safe and healthful workplaces, and there are several regulations specific to medical practices. Also, OSHA requires annual training.

Why? There are penalties of up to $124,709 per instance for willful violations.

More information: To learn more about the regulations, visit the OSHA website.

Not sure where to get started? Brauchler has a few tips to help you get the ball rolling:
•    Don’t reinvent the compliance plan wheel
•    Do a HIPAA self-assessment
•    Review personnel files for necessary trainings
•    Distribute handout articles as the topic of discussion at physician/staff meetings
•    Implement a billing knowledge assessment for billers and coders to gauge aptitude
•    Review and update OSHA policies and procedures
•    Do OSHA training annually
•    Consider an audit of medical record documentation
•    Review all compliance designations and position descriptions

About the Author

Shannon Geis
Shannon Geis
Staff Writer/Editor MGMA

Shopping Cart

Your cart is empty

Click here if your organization is tax exempt

A State Sales tax exempt certificate must be on file and taxable items cannot be ordered online. For immediate assistance during normal business hours of 7:00am to 5:00pm MT M-Th and 7:00 am to Noon MT on Friday, please call toll-free: 877-275-6462, ext. 1888



Use two letter code for US states
Use three letter code for country
Use two letter code for US states
Use three letter code for country
Use two letter code for US states
Use three letter code for country

Grand Total:
Saved credit card is required for opt-in to autorenew.

Questions? Contact the MGMA Service Center for assistance during checkout or review our return policy for more information.




Thank you for your purchase! If you purchased an event, you will be receiving a follow-up email from our Learning Management System regarding the product/event purchased and no further action is required.