How To Get Started What You Need To Know About The New Guidelines To Stay on The Straight and Narrow
On Sept. 25, 2000, the Office of Inspector General (OIG) officially issued its “Compliance Program Guidance for Individual and Small Group Practices.” As stated in last month’s column, the decision to implement a compliance program in your practice is voluntary; however, the government really wants you to do it. As a result, what might have been considered a civil violation if you had a compliance program may be construed as a criminal act if you do not have a such a program in place.
The Basics
The seven basic components of a voluntary compliance program include:
- Conduct internal monitoring and auditing through the performance of periodic audits.
- Implement compliance and practice standards through the development of written standards and procedures.
- Designate a compliance officer or contact(s) to monitor compliance efforts and enforce practice standards.
- Conduct appropriate training and education on practice standards and procedures.
- Respond appropriately to detected violations through the investigation of allegations and the disclosure of incidents to appropriate government entities.
- Develop open lines of communication, such as: discussions at staff meetings regarding how to avoid erroneous or fraudulent conduct; and community bulletin boards, to keep practice employees updated regarding compliance activities.
- Enforce disciplinary standards through well-communicated guidelines.
In this article, we’ll address steps 1 and 2: auditing and monitoring, and establishing standards and procedures. The January 2001 installment will discuss steps 3 through 7.
You should begin by adopting only those components that are most likely to provide an identifiable benefit. Initial development can be focused on practice risk areas that have been problematic for your practice, such as coding and billing, for example. Examine your claims denial history or claims that have resulted in repeated overpayments, and identify and correct the most frequent sources of those denials or overpayments. A review of claim denials will help your practice scrutinize significant risk areas and improve cash flow by submitting correct claims that will be paid the first time they are submitted.
Step 1: Auditing and Monitoring
Maintain an ongoing evaluation process to determine whether your practice’s standards and procedures are current and accurate, and whether your compliance program is working, i.e., whether individuals are carrying out their responsibilities properly and claims are submitted appropriately. An audit is an excellent way for you to ascertain what, if any, problem areas exist in your practice.
There are two types of reviews: a standards and procedures review; and a claims submission audit.
- Standards and procedures: Appoint an individual(s) to be in charge of periodically reviewing the practice’s standards and procedures to determine if they are current and complete. They should be updated to reflect changes in government regulations or compendiums generally relied upon by doctors and insurers [(e.g., changes in Current Procedural Terminology (CPT codes) and International Classification of Diseases, 9th Revision, Clinical Modification (ICD-9-CM codes).]
- Claims submission audit: Bills and patient records should be reviewed for compliance with applicable coding, billing and documentation requirements by the person in charge of billing (if the practice has such a person) and a doctor. You must decide whether to review claims retrospectively or concurrently with the claims submission. A baseline, or “snapshot” can be used by your practice to determine its progress in reducing or eliminating potential areas of vulnerability. This procedure, known as “benchmarking” allows a practice to chart its compliance efforts by showing a reduction or increase in the number of claims paid and denied.
Self-audits can be used to determine whether:
- bills are accurately coded and accurately reflect the services provided (as documented in the patient’s records);
- documentation is being completed correctly;
- services or items provided are reasonable and necessary; and
- any incentives for unnecessary services exist.
A baseline audit examines the claim development and submission process, from patient intake through claim submission and payment, and identifies elements within this process that may contribute to non-compliance or that may need to be the focus for improving execution. This audit will establish a consistent method for selecting and examining records, and this method will then serve as a basis for future audits.
The OIG recommends that claims/services that were submitted and paid during the initial three months after implementation of the education and training program be examined, so as to give the practice a benchmark against which to measure future compliance effectiveness.
Following the baseline audit, periodic audits should be conducted at least once a year to ensure that the compliance program is being followed. Optimally, a randomly selected number of patient records could be reviewed to ensure that the coding was performed accurately. A basic guide is five or more patient records per federal payor (i.e., Medicare, Medicaid), or five to 10 patient records per doctor. OIG encourages a practice’s auditing/monitoring process to consist of a review of claims from all federal payors from which the practice receives reimbursement. If problems are identified, determine whether a focused review should be conducted on a more frequent basis.
Another way to identify the claims/ services from which to draw the random sample of claims to be audited would be to choose a random sample of claims/ services from either all of the claims/services a doctor has received reimbursement, or for all claims/services from a particular payor. Another method is to identify risk areas or potential billing vulnerabilities. The codes associated with these risk areas may become the universe of claims/services from which to select the sample. The OIG recommends that the practice evaluate claims/services selected to determine if the codes billed and reimbursed were accurately ordered, performed, and reasonable and necessary for the treatment of the patient.
Step 2: Establish Standards, Procedures Written standards and procedures are a central component of any compliance program.
Practices that do not have standards or procedures in place can start by: developing a written standards and procedures manual; and updating clinical forms periodically to make sure they facilitate and encourage clear and complete documentation of patient care. A practice’s standards should also identify the clinical protocol(s), pathway(s), and other treatment guidelines followed by the practice.
Creating a resource manual from publicly available information is a cost-effective approach for developing additional standards and procedures. For example, you can develop a “binder” that contains your practice’s written standards and procedures, relevant HCFA directives and carrier bulletins, and summaries of informative OIG documents (e.g., Special Fraud Alerts, Advisory Opinions, inspection and audit reports).
If you choose to adopt this idea, the binder should be updated as appropriate and located in a readily accessible location. Updates should be communicated to employees to keep them informed regarding the practice’s operations. New employees can be made aware of the standards and procedures when hired and can be trained on their contents as part of their orientation to the practice. The communication of updates and training of new employees should occur as soon as possible.
In order to develop standards and procedures, you may consider what types of fraud and abuse related topics need to be addressed by your practice based on its specific needs.
The four major potential risk areas affecting practices include:
- coding and billing;
- reasonable and necessary services;
- documentation; and
- improper inducements, kickbacks and self-referrals.
This list should be viewed as a starting point for an internal review of potential vulnerabilities within your practice. Key personnel in your practice should be aware of these major risk areas and take steps to minimize them. Clear written standards and procedures that are communicated to all employees will help ensure the effectiveness of your compliance program.
Coding and billing is one risk area for investigations.
The most frequent subjects of investigations and audits by the OIG are:
- billing for items or services not rendered or not provided as claimed;
- submitting claims for equipment, medical supplies and services that are not reasonable and necessary;
- double-billing, resulting in duplicate payment;
- billing for non-covered services as if covered;
- knowingly misusing provider identification numbers, which results in improper billing;
- unbundling (billing for each component of the service instead of billing or using an all-inclusive code);
- failure to properly use coding modifiers;
- clustering; and
- upcoding the level of service provided.
Written standards and procedures should ensure that coding and billing are based on patient record documentation. Particular attention should be paid to issues of appropriate diagnosis codes and individual Medicare Part B claims (including documentation guidelines for evaluation and management services). You should also institute a policy that the coder and/or doctor review all rejected claims pertaining to diagnosis and procedure codes. This step can facilitate a reduction in similar errors.
You should pay close attention to the following areas:
Reasonable and necessary services: Claims are to be submitted only for services that the practice finds to be reasonable and necessary in the particular case. A practice can bill in order to receive a denial for services, but only if the denial is needed for reimbursement from the secondary payor. Upon request, the practice should be able to provide documentation, such as a patient records and doctor’s orders, to support the appropriateness of a service the doctor has provided.
Documentation: One of the most important compliance issues is the appropriate documentation of diagnosis and treatment. Doctor documentation is necessary to determine the appropriate treatment for the patient and is the basis for coding and billing determinations. Thorough and accurate documentation also helps to ensure accurate recording and timely transmission of information.
You need to make sure you are in compliance with patient record documentation. In addition to facilitating high-quality patient care, a properly documented patient record verifies and documents precisely what services were actually provided. The patient record may be used to validate: the site of the service; the appropriateness of the services provided; the accuracy of the billing; and the identity of the service provider.
Examples of internal documentation guidelines a practice might use to ensure accurate patient record documentation include the following:
- the patient record is complete and legible;
- the documentation of each patient encounter includes the reason for the encounter; any relevant history; physical examination findings; prior diagnostic test results; assessment, clinical impression, or diagnosis; plan of care; and date and legible identity of the observer;
- if not documented, the rationale for ordering diagnostic and other ancillary services should be easily inferred by an independent reviewer or third party who has appropriate medical training;
- CPT and ICD-9-CM codes used for claims submission are supported by documentation and the patient record; and
- appropriate health risk factors are identified. The patient’s progress, his or her response to, and any changes in, treatment, and any revision in diagnosis is documented.
The CPT and ICD-9-CM codes reported on the health insurance claims form should be supported by documentation in the patient record, and the chart should contain all necessary information. Additionally, HCFA and the local carriers should be able to determine the person who provided the services.
Documentation is also of utmost importance when it comes to the HCFA 1500 Form. The following practices will help ensure that the HCFA 1500 Form has been properly completed:
- Link the diagnosis code with the reason for the visit or service.
- Use modifiers appropriately.
- Provide Medicare with all information about a beneficiary’s other insurance coverage under the Medicare Secondary Payor (MSP) policy, if the practice is aware of a beneficiary’s additional coverage.
Improper inducements, kickbacks and self-referrals: Institute standards and procedures that encourage compliance with the anti-kickback statute and the doctor self-referral law. Arrangements with hospitals, hospices, nursing facilities, home-health agencies, durable medical equipment suppliers, pharmaceutical manufacturers and vendors are areas of potential concern.
The anti-kickback statute prohibits knowingly and willfully giving or receiving anything of value to induce referrals of federal health-care program business. It is generally recommended that all business arrangements wherein practices refer business to, or order services or items from, an outside entity should be on a fair market value basis. Whenever a practice intends to enter into a business arrangement that involves making referrals, the arrangement should be reviewed by legal counsel familiar with the anti-kickback statute and physician self-referral statute.
Consider implementing measures to avoid offering inappropriate inducements to patients. Examples of such inducements include routinely waiving co-insurance or deductible amounts without a good faith determination that the patient is in financial need or failing to make reasonable efforts to collect the cost-sharing amount.
Possible risk factors relating to this area that could be addressed in your practice’s guidelines and procedures include:
- financial arrangements with outside entities to whom the practice may refer federal health-care program business;
- joint ventures with entities supplying goods or services to the doctor, practice or its patients;
- consulting contracts or medical directorships;
- office and equipment leases with entities to which the doctor refers; and
- soliciting, accepting or offering any gift or gratuity of more than nominal value to or from those who may benefit from a practice’s referral of federal health-care program business.
To keep current with this area of the law, you should obtain copies of all relevant OIG Special Fraud Alerts and Advisory Opinions that address the application of the anti-kickback and doctor self-referral laws to ensure that the standards and procedures reflect current positions and opinions.
Retention of records: These records primarily include documents relating to patient care and the practice’s business activities. Your practice’s designated compliance contact should keep an updated binder or record of these documents, including information relating to compliance activities. The primary compliance documents that a practice should retain are those that relate to educational activities, internal investigations and internal audit results. Particular attention should be paid to documenting investigations of potential violations uncovered by the compliance program and the resulting remedial action. Although there is no requirement that the practice retain its compliance records, having all the relevant documentation relating to the practice’s compliance efforts or handling of a particular problem could benefit the practice should it ever be questioned regarding those activities.
Provide for the development and implementation of a records retention system. This system would establish standards and procedures regarding the creation, distribution, retention and destruction of documents. If the practice decides to design a record system, privacy concerns and federal or state regulatory requirements should be taken into consideration.
Document the practice’s efforts to comply with applicable federal health-care program requirements. For example, if a practice requests advice from a government agency (including a Medicare carrier) charged with administering a federal health-care program, document and retain a record of the request and any written or oral response (or nonresponse). This step is extremely important if your practice intends to rely on that response to guide you in future decisions, actions, or claim reimbursement requests or appeals.
The following record retention guidelines are suggested:
- The length of time that a practice’s records are to be retained can be specified in the practice’s standards and procedures (federal and state statutes should be consulted for specific time frames, if applicable).
- Patient records (if in the possession of the practice) need to be secured against loss, destruction, unauthorized access, unauthorized reproduction, corruption or damage.
- Standards and procedures can stipulate the disposition of patient records in the event the practice is sold or closed.
In the next installment, we’ll discuss: designation of a compliance officer, training and education, responding to offenses and taking corrective action, proper communication, and enforcement.