The mention of the word “compliance” among a group of healthcare providers tends to cause eyes to drift upward…and maybe to begin counting the holes in the ceiling tiles. A discussion about compliance is like beginning a discussion about tax code. 

It turns out that the two are similar in the sense that they both take on new meaning for those that have been involved with audits by Medicare, the OIG, or the IRS.  And the outcome of those audits can have disastrous financial results.  Remember that any claim that contains erroneous information and results in overpayment by the federal government constitutes a false claim, whether submitted with fraudulent intent or not. 

Also remember that recovery of overpayments and the possible levy of related penalties by the government do not require proof of intent to commit fraud.  It needs only to be proven that a provider either knew of the existence of billing errors or should have known. 

To keep it simple, compliance is a form of risk management.  Healthcare providers routinely purchase insurance to manage risks associated with malpractice, property damage, and worker’s comp claims, to name a few.  An effective compliance plan is intended to manage risk and liabilities that may arise from inappropriate billing practices and/or breaches in the privacy and security of patient information. 

The goals of a compliance plan are also simple: 

• to ensure that systems are in place to correctly bill patients and third-party providers for the services rendered (no more and no less),
• that those systems are working as intended,
• that adequate security measures are in place to protect the privacy of patient information.  

In essence, it is performing quality control over the billing, record-keeping, and information management functions in a healthcare organization.

But all the foregoing is largely common knowledge. Is there anything new?  It would be fair to say that the federal government is continuing to ratchet up its efforts to uncover what it deems to be fraudulent practices and to recover overpayments. The number and types of audits being conducted is at an all-time high and growing (think OIG audit, CMS audit, CERT audit, RAC audit).  In fact, as this article is being written I received notice that RAC auditors have introduced “semi-automated” claims review processes enabling them to scan “unknown numbers of claims” from their remote locations at electronic speeds.

Is compliance addressed in healthcare reform legislation? Absolutely. For the past 12 years or so the Department of Health and Human Services (HHS) and the Office of the Inspector General (OIG) have promoted the voluntary adoption of compliance plans among healthcare providers. 

With the passage of the Patient Protection and Affordable Care Act, compliance programs are mandated. The Act divides healthcare providers into two groups:  nursing facilities, and “all others”, but compliance is mandated for all. The legislation contains specific implementation timelines for nursing facilities. For “all others” the following language, extracted directly from the Act, leaves implementation to the discretion of the Secretary of HHS, but makes the mandate very clear:   

 “IN GENERAL.—On or after the date of implementation determined by the Secretary under subparagraph (C), a provider of medical or other items or services or supplier within a particular industry sector or category shall, as a condition of enrollment in the program under this title, title XIX, or title XXI, establish a compliance program that contains the core elements established under subparagraph (B) with respect to that provider or supplier and industry or category.”

As providers scramble to achieve “meaningful use” of electronic health records systems, new challenges arise to ensure that those systems accurately assimilate and transfer clinical information used for billing purposes (and in the author’s experience, information recorded in the electronic health record does not always translate accurately to result in appropriate CPT and ICD-9 codes on the claim). 

The existence of records in electronic format may be a mixed blessing.  It can greatly reduce administrative costs, improve efficiency, and simplify the quality control process for internal compliance managers, but it can also greatly simplify audits for governmental and other third party payers, enabling them to more easily audit more records and more providers.

Then there are compliance issues related to the transitioning healthcare business model. Hospitals are steadily acquiring physician practices. On April 1 of this year, CMS and IRS simultaneously released proposed rules and regulations regarding Accountable Care Organizations (ACOs).  In a world of consolidation, mergers, and acquisitions, compliance has become a part of the due diligence process. Who would want to undertake a merger or acquisition only to later discover the existence of potentially large compliance liabilities?

I would be remiss in failing to note the potential impact of publicity for providers involved in OIG investigations, indictments, security breaches, or other compliance-related infractions.  To the extent these become publicized, the impact can be significant and even devastating, even if the provider is ultimately proven completely innocent of any allegations of wrongdoing. Nothing good can come from finding your name listed in the “Top 5” on the HHS “Wall of Shame” (one Tennessee company has managed to accomplish this).

Splashy news headlines reading “Local Doctor Being Investigated for Medicare Fraud” or local news videos showing crime scene tape across the door to your office do nothing to inspire confidence among others.

Where is this going in the future?  Those of us with many years in healthcare learned long ago to be careful about predicting what is going to happen next. That said, it is the author’s opinion that increasing use of electronic health records will have potentially significant impact on compliance. As the goals of “meaningful use” are achieved and the application of technology becomes more advanced, it may become possible for third party payers to reimburse providers directly from clinical documentation, rather than processing claims. In essence, claims adjudication could be accomplished directly from the chart.

This, of course, would further intensify the need for accurate and complete clinical documentation but would eliminate the process of provider-based coding of clinical procedures and diagnosis information, and therefore the need for audits designed to verify proper coding and reporting. As providers become more reliant on electronic records and patients both expect and depend upon accessibility of their health records by healthcare providers (and security from everyone else), there will almost certainly be simultaneous emphasis on systems security and integration with broader health information networks. While this may sound far-fetched, we are finding out that in a digital world, anything is possible.

Ken Massey, DPh, CPA, MBA, is a Senior Healthcare Consultant at Cannon CPAs and has been working with Memphis medical practices for over 20 years.  For more information, contact Ken at kmassey@cannoncpa.com.

Tags:

Bookmark:

Digg

Facebook

Technorati

Newsvine

Google

Related: