1

This presentation is intended to provide a brief overview of compliance and should not to be considered legal advice.

Case Study

Physician Group Case Study: An Effective Approach to Creating a Comprehensive Compliance Program

Physician Group Case Study: An Effective Approach to Creating a Comprehensive

Compliance Program

Dixon DavisMBA, MHSA

Michelle Ann RichardsCPC, CPCO, CPMA, CPPM

Evolution of Compliance Programs

3

• 1991 Federal Sentencing Guidelines

• 1998-2009 Voluntary OIG Compliance Program Guidance

• 2010 PPACA (aka: Affordable Care Act) Requires Compliance Programs

2

Common Areas of Non-Compliance

4

• Misrepresentation of services with incorrect Current Procedural Terminology (CPT) codes

• Billing for services not rendered

• Altering claim forms for higher payments

• Falsification of information in medical record documents

• Billing for services that were not performed or misrepresenting the types of services that were provided

• Billing for supplies (DME) not provided

• Providing unnecessary medical services based on the patient's condition.

Our Government Takes Non-Compliance with Federal Regulations Seriously

5

• Department of Health & Human Services (HHS)• Office for Civil Rights (OCR)• Office of Inspector General (OIG)• Department of Justice (DOJ)

All can come knocking on your door at any time………………

Key Agencies in Healthcare Compliance

They Do Come Knocking…..

6

In the first half of FY 2014, OIG reported expected recoveries of more than $3.1 billion consisting of nearly $295 million in audit receivables and about $2.83 billion in investigative receivables, which include about $813.7 million in non-HHS investigative receivables resulting from our work in areas such as the States’ shares of Medicaid restitution

3

Criminal Actions

7

Exclusion Sanctions – 1,720 individuals

• 465 criminal actions against individuals or entities that engaged in crimes against HHS programs

• 266 civil actions, which include false claims and unjust-enrichment lawsuits filed in Federal district court, civil monetary penalties (CMP) settlements, and administrative recoveries related to provider self-disclosure matters.

Purpose of CIAs

8

OIG uses CIAs to communicate prudent approaches to compliance program design and compliance related initiatives

In lieu of provider “Exclusion”

Case Study - Kentucky

9

Provider in health care industry 30 years

• Same Practice Manager entire duration

• “Controlled Environment” Practice Manager in charge of everything

• Three pages of Policies & Procedures (last updated 1997)

• Well-known throughout community

4

What They Were Doing Right

10

Cared About Their Patients

• Great relationship with patients

• Word of mouth referrals

• Excellent Patient Outcomes

Penalties Faced

11

Three-Year Corporate Integrity Agreement

http://www.justice.gov/usao/kyw/news/2014/20140603-03.html

$3,739,325.41

What They Should’ve Been Doing

12

• Keeping Up-to-Date on Billing, Coding & CCI Edits

• Monitoring & Auditing provider Billing & Operations

• Providing education for Billing & Coding staff

• Training & Education for providers

5

Mitigating The Risk

13

• Performed Risk Assessments

• Created 150 additional Policies & Procedures

• Trained Compliance Officer

• Training & Education Providers & Employees

• Formed Compliance Committee

What Does a Great Attorney, 7Atlis Compliance Software and AAPC Consulting have in common?

14

All came together to successfullyCreate a Culture of ComplianceWithin a medical practice that previously didn’t know what compliance meantIn

30 Days

Maintaining Compliance

15

Is an Ongoing Process

• Auditing & Monitoring

• Risk Assessments

• Updating Policies & Procedures

• Training & Education

6

An Effective Compliance Program Process

16

Communication

Documentation is Key

17

• Protocols

• Policies & Procedures

• Training & Education

If it’s not documented, it wasn’t done!!!!

Lesson Learned

18

Actual Client responses

“Advise anyone to Create a Compliance Program Immediately”

“This makes perfect business sense”

“Why didn’t we do this before the government came in”

“I was worried about what the employees would think…”

“We now provide better quality than I’d anticipated”

7

Compliance Awareness

19

Hindsight

• Keep practice safe from the consequences of ignoring what has been mandated

• Compliance Expectations of any practice (medical organization) doing business with government health care programs

Within First 30 days

20

• Performed an Organizational Risk Assessment

• Built necessary Policies & Procedures based on results

• Provided necessary training & education to providers & employees

• Formed a Compliance Committee

Accountability Measures

21

• Management accountability & certifications

• Top Down Accountability

• Risk Assessment & Mitigation Process

• Well publicized disciplinary guidelines

8

Independent Review Organization (IRO)

22

Must be Independent and Objective

• May provide:

Claims review

Unallowable Costs review

Arrangements review

Systems review

Scope of work defined in Corporate Integrity Agreement

Corporate Integrity Agreement (CIA)

23

Provisions

• Quality of Care

• Reportable Events

• Claw Back

• Culture of Compliance

Most CIAs have the Same Requirements

24

• Hire a Compliance Officer or appoint a Compliance Committee

• Develop written standards & policies

• Implement an employee training & education program

• Retain an independent Review Organization (IRO) to perform reviews

• Report overpayments, reportable events and ongoing investigations or any legal proceedings to the OIG

• Provide an implementation report and annual reports to OIG

9

Proactive vs Reactive Compliance Program

25

Case Study

Already compliant minded

• Have a compliance committee

• Have robust policies and procedures

• Provide annual HIPAA trainings

• Provide in-services and send some people to conferences

• Perform chart audits occasionally

• Check employees against sanction database

What Else is Needed? Why Change?

Challenges

• Updating policies on a timely basis was very challenging

• Dispersing updates to employees difficult

• Tracking training was difficult and it was mediocre

• Audits – good intentions • Not regular – hard to keep up with good schedule

• Filed away and not looked at again.

• Follow through not as good as desired – one more thing…

10

Needed to Give it Real Life

The Keys of Compliance Success

29

Communicate

Make it Meaningful

Make it Personal

Being Proactive

11

Technology

Challenges

• Technology is being encouraged – STRONGLY• More efficiency

• Greater accuracy

• Faster access of information

• Increased effectiveness

Look What We’ve Done with EMR’s!

Challenges of Technology

• Conversions are hard

• Paper to electronic format

• Training on new software

• Importing / inputting information

• Hardware, software issues

• Additional cost

Cost Benefit Analysis

33

• Benefits• Time savings

• Greater organization

• Better Communication

• Increased follow up and action items

• Confidence

• Costs• Money

• Time to learn a new system

• Time to load information into the new system

12

7Atlis – Complete Compliance Solution

34

Policies and Procedures

• Making Policies Electronic• Simple process for inputting files - Initial time commitment

Policies and Procedures

• Access by all employees

• Reminders set for regular review and updates

• Simple dissemination for employee attestation• Recorded and tracked with fast retrieval

13

Training and Education

• Needed a good library of training courses• Coding, Billing, Anti-kickback, HIPAA, OSHA, Harassment,

Documentation

• Ability to easily assign and track status

• Ability to assign and track trainings• One time versus annual trainings

• Ability to assess proficiency

• Ability to quickly mitigate risks

Training and Education

Instant Access once employees entered into system

Assigned all employees to HIPAA and OSHA training

within the first week.

Incident Reporting

• Needed the ability for employees to enter reports easily• Efficient template for consistency

• Tracking: Report – Investigation – Mitigation – Close

• Analysis of causal relationships

• Assignments and reminders for proper follow up

14

Incident Reporting

• Started by entering all open incidents (some completed during training)

Incident Reporting• Easy to manage investigations and Corrective Actions

Audits and Monitoring• Ability to track internal and external audits

• Assignments, reminders, tools needed

• Checklists and forms standardized and attached

• Annual work plan

• Ability to take action direct from the audit• Training, new policy, additional audits, incident reporting

15

Audits and Monitoring

• Decided not to scan old audits – start fresh

• Create and assign an audit task• Attach checklists, forms, directions

Risk Assessments

• Ability to identify potential risks

• Easy to track with risk ratings – highest risk first

• Simple assignment of mitigations to reduce risk

• Ability to dig deeper and track more accurately

• Did not have anything like this

• History was more reactive than proactive

Risk Assessments

• New tool for proactively identifying potential risks

• Began to use slowly but with the goal to “add as they go”

16

• Six Sigma

• PDCA (Plan, Do, Check, Act)

• TQM (Total Quality Management)

Doing Things Right

46

Life Simplified

47

Reality

Greater confidence

• Improved efficiency – after conversion

• Improved communication

• Organized follow through

• Greater awareness – less fear of the unknown

• Reduced Risk

Personal Meaningful Communication

17

Create a Culture of Compliance

For more information please feel free to contact us

Michelle Richards, CPC, CPCO, CPMA, CPPMMichelle.Richards@aapc.com

Dixon Davis, MBA, MHSADixon.davis@aapc.com

Fraud, Waste, and Abuse

The majority of FWA claims come through qui tam relators (whistleblowers)

01/03/2014 Premier Vein Centers in Florida paid $400,000 to resolve allegations that it billed Medicare for services performed by unqualified personnel including allegations that unlicensed personnel performed varicose vein injections when the physician was not present at the center.

01/29/2014 Saint Joseph Health System paid $16.5 million to settle allegations of unnecessary heart surgeries. The settlement also resolved claims related to allegedly sham management agreements with physicians. A doctor pleaded guilty last year to Medicaid fraud and is serving a 30-month prison sentence.

02/18/2014 Engage Medical paid $3.3 million to settle false billing allegations. Engage

Medical coders allegedly billed for each service twice, using a CPT modifier meant to indicate when a service was performed twice by the same physician and Engage coders also allegedly billed for a CPT code meant to cover the interpretation and reporting of images, even though the CPT billing manual said not to use the code for nuclear stress tests.

HIPAAAs updated by the Health Information Technology for Economic and Clinical Health (HITECH) Act, HIPAA violations may result in fines of up to $1.5 million, per year.

• Concentra Health Services paid $1.7 million to resolve alleged HIPAA violations that included failing to encrypt laptops, desktop computers, medical equipment, tablet computers, and other devices. The case began with the theft of an unencrypted laptop.

• Parkview Health System paid $800,000 to settle HIPAA privacy allegations, including that it left 71 boxes of medical records unattended in the driveway of a retired physician.

18

The Costly 3

52

Three hot issues that continue to be costly when not managed

• HIPAA security issues will continue to be a hot topic as health care organizations use IT more in operations

• Whistleblowers continue to be the largest lead source for false claims act cases.

• Some of the largest fines are for Stark and Anti-kickback violations

Conclusion

53

Lesson to be Learned

• CIA’s are viewed by OIG as form of Compliance Guidance

• Highlights Federal government expectations of all medical organizations

• A little “Proactive Effort” can ease the government’s wrath

• Better to implement Compliance Program on own

• Daily Compliance oversight