The risk is a familiar one you know all too well: The Office of Inspector General (OIG) is going after chiropractors.
The OIG has started another round of audits to recapture money paid out inappropriately to chiropractors by the Centers for Medicare and Medicaid Services (CMS) system. And if you think this does not involve you, think again—you may be surprised by this brand-new risk.
In August 2016, the following report was posted on the OIG website: “A Michigan chiropractor received unallowable Medicare payments for chiropractic services.”1 In this report, it is stated that the OIG has a list of targeted chiropractors for the same or similar actions.
The Michigan chiropractor identified in the above report now owes CMS a repayment of nearly $340,000. The summary shows the OIG reviewed 100 Medicare services from a total 10,688 rendered by this chiropractic office.11
They determined 92 of the 100 were not allowable because the medical records did not support medical necessity.
They also stated overpayments occurred because they did not have adequate policies and procedures to ensure medical necessity of services billed to Medicare was adequately documented. They then extrapolated the findings of 100 cases to the total services rendered, resulting in a demand to the office to repay $339,625.
The OIG then considered the chiropractor’s rebuttal but overruled it, letting stand their recommendation to return the money and get proper policies in place. The report further states that of $466 million paid out to chiropractors they reviewed, approximately $180 million was paid due to error or fraudulent billing.
The road to recoupments
Chiropractors didn’t become a target overnight for potentially hundreds of millions of billed dollars to be returned. Those who work in the area of HIPAA compliance services have seen this coming for a long time.
Even more tellingly, Medicare was specifically funded for the years 2014 and 2015 to investigate chiropractors for instances of inappropriate and illegal billing. Advance beneficiary notice (ABN) compliance is more important than ever, and it’s necessary to release patients when documentation no longer supports active care under Medicare’s definition. Even though these are not HIPAA matters, they do constitute an imminent threat to chiropractors.
A few months ago, the OIG released its findings relative to that two-year investigation. It concluded that nearly 55 percent of chiropractic Medicare claims were paid due to billing error or fraud on the part of practices.
The OIG then instructed CMS to take “targeted actions to stop these practices.” The OIG did not wait and has started its own audit program.
Take steps to protect yourself
The OIG is quite clear in several of its recommendations. It requires addressing risk areas through the development of written standards and procedures. The office also advises practices to create a resource manual containing their written standards and procedures as well as information, such as OIG fraud alerts and advisory opinions, in addition to CMS administrative directives and carrier bulletins.
They have also identified four high risk areas that providers and their employees should be familiar with:
- Coding and billing
- Reasonable and necessary services
- Documentation and improper inducements
- Kickbacks and self-referrals
The OIG believes written policies and procedures are essential to all practices, regardless of size and capability.
As a healthcare provider, you live in a world of compliance. You are constantly hearing about the need for cybersecurity (in the healthcare field, that equals HIPAA compliance), OSHA compliance, Medicare compliance, and more.
A lesser-known program is called “OIG compliance.” While there are no posted fines for not having an OIG compliance manual, having one is required by the Affordable Care Act if the office treats Medicare or Medicaid beneficiaries. Therefore, if an office is audited for one of these claims, not having an OIG compliance manual is classified as a violation.
OIG compliance is quite different from HIPAA compliance, which has been in the news a lot lately. And HIPAA compliance is mandatory—you do have to fear the government fining you if you are audited randomly, investigated due to a patient complaint, or run afoul of the HIPAA laws for any other reason. Moreover, HIPAA actions have been on an unprecedented rise in 2016.
The shape of OIG compliance
An effective OIG compliance program is about having a system in place to assure that claims filed to a federally funded program (i.e., Medicare) are error-free. It also helps to keep you from running afoul of other prohibited activities—a good program can go a long way to appeasing the OIG and keeping you safe from or during audits.
So, what does an OIG compliance program look like? Understand the reason for having one: The U.S. Attorney General’s office has declared healthcare fraud to be the Department of Justice’s No. 2 initiative, behind violent crime.
While much of the focus in fighting billing fraud has been on large institutional healthcare providers, the federal government has now turned its attention to individual and small-group physician practices.
The OIG presently recommends seven basic components to a compliance program:
- Implementing written policies, procedures, and standards of conduct.
- Designating a compliance officer and committee.
- Conducting effective training.
- Developing effective communication.
- Conducting internal monitoring and auditing.
- Enforcing well-publicized disciplinary guidelines.
- Responding to detected offenses and undertaking corrective action.
Written policies: When implementing a code of conduct and written policies, key areas to address include coding and billing, billing for items or services not rendered, submitting claims for equipment that are not reasonable and necessary, and double billing. In terms of coding, your compliance manual should specify how you avoid such problems as billing for non-covered services, knowingly misusing a provider identification number, unbundling, clustering, and up-coding.
Documentation processes: Your compliance program should specify how you handle paperwork correctly, especially regarding the need for timeliness, complete and legible entries, and what is generated at each patient encounter. Key documentation to record when seeing patients includes a relevant history, physical findings, clinical impression and diagnosis, and a care plan. Your use of CPT and ICD- 10-CM codes should be fully supported by documentation.
CMS 1500 form or electronic claims: The documentation should clearly link the diagnosis code with the service performed. Your modifiers should be correct, and claims should contain secondary insurance information, if any.
Stark law: Your manual needs to contain policies that describe how you avoid improper inducements, kickbacks, and self-referrals. Also, it should describe a framework whereby you are ethical in your financial arrangements with referral sources, supplier joint ventures, consulting contracts, and your acceptance of gifts or gratuities, for example.
HIPAA matters: Another section of your manual should describe record retention, how your records are secured against loss, destruction, unauthorized access, unauthorized reproduction, corruption, and so forth. This section will probably be the most time- consuming section of the seven requirements of your manual.
Designated compliance officer: The duties of this individual are described in this section, and they should include overseeing and monitoring your compliance program, how internal audits are conducted, and how he or she will train other employees. In the event problems are discovered, this person spearheads corrective action.
As you can surmise from this explanation, your OIG compliance manual isn’t intended to be a binder that sits idle on a shelf. It’s an active plan that depends on communication and training for you and every member of your practice. Compliance is a shared responsibility, so all team members need to be empowered to report errors or even the possibility of fraudulent activity.
The penalties for non-compliance can be significant. Whether you create a plan on your own or work with outside consultants to establish one, get started today.
Ty Talcott, DC, is the president of HIPAA Compliance Services. He is a certified HIPAA privacy and security expert (CHPSE), and presents dozens of webinars and live presentations across the country. He can be contacted at 214-437- 7559, email@example.com, or through hipaacomplianceservices.com.
Ces Soyring, CHOC (certified HIPAA on-site consultant), is the installation expert for HIPAA Compliance Services. She is a well-established expert in coding billing, Medicare documentation, and practice administration.
1 Department of Health and Human Services. “A Michigan chiropractor received unallowable Medicare payments for chiropractic services.” https://oig.hhs.gov/oas/reports/region7/7140114 8.pdf. Published Aug. 2016. Accessed Sept. 2016.