Wachler & Associates, PC | Serving healthcare providers nationwide for over 20 years

 

Home
Firm Overview
Practice Areas
Stark
Medicare Audits and Appeals & RAC Audits
HIPAA
Specialty Pages
Attorney Profiles
Publications
Newsletters
Seminars
Research Links
Office Directions
Contact Us

 

 

The Health Lawyers: We Focus on the BUSINESS of Healthcare

Publications

OIG SOFTENS ITS OVERALL APPROACH IN RELEASING THE FINAL COMPLIANCE GUIDANCE FOR INDIVIDUAL AND SMALL GROUP PHYSICIAN PRACTICES

Andrew B. Wachler, Esq.
Abby Pendleton, Esq.
Robert S. Iwrey, Esq.
Wachler & Associates, P.C.
Royal Oak, MI

Introduction
After reviewing over 60 comments, participating in numerous meetings with over 30 physician trade associations, and participating in over 400 telephone conversations with various representatives of the physician community, on September 25, 2000, the OIG released the final version of its Compliance Guidance for Individual and Small Group Physician Practices (hereinafter referred to as "final Guidance") on its web site. Unique to its issuance of the final Guidance for physicians, the OIG actively sought the physician community's input in revising the draft Guidance. On June 7, 2000, the OIG issued the draft Guidance on its web site which was fully analyzed and summarized in the Volume 12, Number 5 June 2000 edition of The Health Lawyer. The purpose of this article is to analyze and highlight the changes implemented by the OIG in the final Guidance issuance.

According to the authors' discussions with OIG attorney Kimberly Brandt, the primary author of the draft and final Guidances, "it is important for the physician community to understand that the Guidance is not mandatory in nature but can be used as an excellent compliance resource tool for physicians implementing compliance within their practices. For example, the appendices were drafted to provide practical information to physicians and should serve as an excellent educational resource for physicians."

Apparently in response to comments by physicians concerned with the burden of implementing compliance measures in conformity with the draft Guidance and confusion with regard to the voluntary nature of the document, the OIG has softened its overall approach by emphasizing the voluntary nature and flexibility of the Guidance and by removing or reorganizing certain text. It is important to note, however, that despite the OIG's kinder approach within the document, physicians must understand the risks that they face and that the applicable laws have not changed.1 Although the OIG-specific physician risk areas remain substantially similar to those set forth in its draft Guidance, the OIG has reworked its seven basic components to serve as a step by step recommendation process for physician practices.

In addition, while the scope of the final Guidance is specifically limited to Federal health care programs, the OIG does state that "issues related to private payor claims may also be covered by a compliance plan if the physician practice so desires."2 Although the OIG has limited the formal scope of its final Guidance to Federal program requirements, in light of the criminalization of Federal health care offenses reaching both public and private health care benefit programs under the Health Insurance Portability and Accountability Act of 1996, health care attorneys are well advised to counsel their physician clients on the importance of using good faith efforts to comply with all applicable third party payor requirements.3

Like the draft Guidance, the final Guidance encourages physician practices to participate in compliance programs of other providers and/or entities, such as hospitals or physician practice management companies, in order to promote the desired compliance objective without imposing excessive burdens on the practice. Unlike the draft Guidance text, however, the OIG's final Guidance cautions physicians of the potential anti- kickback and self-referral issues that may arise as a result of such collaborative efforts and recommends that "physicians consider limiting their participation in a sponsoring provider's compliance program to areas of training and education or policies and procedures."

The OIG further opines that "[t]he key to avoiding possible conflicts is to ensure that the entity providing compliance services to a physician practice (its referral source) is not perceived as nor is it operating the compliance program at no charge. For example, if the sponsoring entity conducted claims review for the physician practice as part of a compliance program or compliance oversight without charging the practice fair market value for those services, the anti-kick- back and Stark self-referral laws would be implicated. The payment of fair market value by referral sources for compliance services will generally address these concerns." Health care legal counsel advising physician practices with regard to compliance should play an important role in evaluating whether or not certain collaborative compliance efforts will effectively enhance compliance within the practice. For instance, a hospital's compliance program may not adequately address billing and related requirements specific to the practice's field of specialty.

OIG Reworks Seven Basic Compliance Elements
The majority of the revisions implemented by the OIG in the final Guidance involve its reworking of the seven compliance program elements set forth in the draft Guidance into a "suggested order of the steps a practice could take to begin the development of a compliance program." According to the final Guidance, the seven suggested steps include (1) conducting internal monitoring and auditing through performance of periodic audits; (2) implementing compliance and practice standards through the development of written standards and procedures; (3) designating a compliance officer or contact(s) to monitor compliance efforts and enforce practice standards; (4) conducting appropriate training and education on practice standards and procedures; (5) responding appropriately to detected violations through the investigation of allegations and the disclosure of incidents to the appropriate Government entities; (6) developing open lines of communication, such as (1) discussions at staff meetings regarding how to avoid erroneous or fraudulent conduct and (2) community bulletin boards, to keep practice employees updated regarding compliance activities; and (7) enforcing disciplinary standards through well- publicized guidelines.4

Auditing and Monitoring - "Step One"
Originally addressed as the fourth of seven elements, auditing and monitoring now tops the list as "Step One" in the final Guidance. Although the OIG places auditing and monitoring as the first step in developing a compliance program and appears to suggest in subsequent sections that an initial risk identifying audit be conducted prior to the practice engaging in the other compliance elements, like the draft Guidance, the OIG notes that the base- line or benchmarking audit be conducted on claims that were submitted during the three months after implementation of the education and training program. 5

Unlike the draft Guidance, the OIG also suggests that the review take place on claims paid during this initial three month time period. In other words, even though the OIG first states within the final Guidance that "[e]ach practice needs to determine for itself whether to review claims retrospectively or concurrently", it later recommends that physician practices conduct their baseline audits on a retrospective basis (i.e., paid claims as opposed to pre- submission claims). Like the draft Guidance, the OIG remains silent in the final Guidance as to the inherent risks a practice faces in undertaking auditing activities. For example, the OIG does not advise physicians that unprivileged audits can serve to document the practice's problems and is the government's for the asking. The OIG also fails to address the particularly sensitive nature of retrospective reviews (including evaluating potential return of funds and self-disclosure issues). Due to the sensitive nature of auditing activities, physician practices undertaking auditing activities as part of their compliance programs are well advised to seek legal counsel from experienced health care specialists when engaging in such activity. Health care counsel working with physicians to develop compliance programs may be in the best position to assist them in fulfilling compliance obligations while also minimizing the risk of potential adverse actions. For example, physician practices may consider the advantages of utilizing both the attorney/client privilege and pre-submission auditing techniques to reduce risks inherent in auditing and monitoring.

Similar to its draft, within the auditing and monitoring section of the final Guidance, the OIG emphasizes that one of the most important elements of a successful program is the practice's undertaking of an appropriate response when it identifies problems.6 The OIG notes that the specific action should depend on the circumstances of the situation and, in some cases, may be a straightforward repayment with the appropriate explanation to the applicable payor from which the overpayment was received. However, absent from the final Guidance is the OIG's previous direction that "[a]lternatively, the repayment could be effectuated through offsets to other billings, such as undercodings." Moreover, the OIG removed its previous suggestion that in some circumstances the practice may want to seek legal advice to determine the next best course of action. Clearly, physician practices would be well advised to seek counsel from experienced health care attorneys when addressing the sensitive issues of repayment and self-disclosure.

Following the baseline audit, the OIG makes a general recommendation that the practice conduct periodic audits at least one time each year to ensure that the program is being followed. Consistent with its focus on Federal programs in the final Guidance, the OIG changed its previous recommendation for the number of records to audit from two to five records per payor or five to ten per physician to five or more medical records per Federal payor or five to ten per physician.

Practice Standards and Procedures - "Step Two"
In its final Guidance, the OIG recommends that the next step after identification of the practice's risk areas is the development of practice standards and procedures to address the risk areas. Of particular interest to health care legal professionals assisting physician practices in implementing compliance programs, are the specific risk areas identified by the OIG as areas of risk for physician practices. In considering the standards and procedures to develop, like the final Guidance, the OIG sets forth a list of four potential risk areas affecting physician practices including: (1) coding and billing; (2) reasonable and necessary services; (3) documentation; and (4) improper inducements, kickbacks and self-referrals. As in its draft version, the OIG also lists additional risk areas for practices to consider within Appendix A of the document. The OIG-specific risk areas remain substantially similar to those set forth in the draft Guidance.

Within the final coding and billing section, the OIG has added "clustering" as an area of concern for physician be sent to see the on-call physician at a hospital-owned contiguous or on- campus facility to conduct or complete the medical screening examination as long as: (1) all persons with the same medical condition are moved to this location; (2) there is a bona fide medical reason to move the patient; and (3) qualified medical personnel accompany the patient.8 Within its additional risk areas, the OIG also added physician incentive arrangements as a potential area of concern for physician practices. The OIG notes that it has identified potentially illegal practices involving the offering of incentives by entities in an effort to recruit and retain physicians. According to the OIG, it is concerned that the intent behind these incentives may not be for recruitment purposes but rather as kickbacks to the physicians for the purpose of obtaining and increasing patient referrals from the physicians. The OIG lists the following examples of questionable arrangements: (1) the provision of free/significantly discounted billing, nursing, or other staff services; (2) payment of the cost of the physician's conference and travel costs/expenses; (3) payment for physician services that require few, if any, substantive duties by the physician receiving payment; and (4) income guarantees.

Lastly, within Appendix A of the final Guidance, the OIG also revised its discussion of third-party billing services to clarify and more accurately reflect acceptable practices concerning percentage arrangements between physician practices and third-party billing services. Specifically, in the draft Guidance, contrary to the Medicare Carriers Manual, the OIG opined that a billing service could not have a physician's Medicare payments sent directly to its office or its bank account and that these payments should instead be sent to the physician's office or bank account. In the final Guidance, continuing to recognize that a physician may contract with a billing service on a percentage basis, the OIG revised its previous statements to clarify that practices. According to the OIG, clustering is the practice of exclusively coding or charging one or two middle level codes under the philosophy that some will be higher and some lower averaging out over an extended period of time. The OIG also revised its footnote for the coding and billing risk area of "knowing misuse of provider identification numbers, which results in improper billings," from a general reference to the reassignment rules to a more specific example of a common problematic practice. Specifically, the OIG notes that "an example of this is when the practice bills for a service performed by Dr. B, who has not yet been issued a Medicare provider number, using Dr. A's Medicare provider number. Physician practices need to bill using the correct Medicare provider number, even if that means delaying billing until the physician receives his/her provider number."

In addressing medical record documentation, the OIG slightly revised its previous internal documentation guideline recommendations to recognize that, if not documented, the rationale for ordering diagnostic and other ancillary services should be easily inferred by an independent reviewer or third party "who has appropriate medical training." The draft Guidance did not contain the qualification that the reviewer or third party have appropriate medical training. Moreover, within the improper inducement section of final Guidance, the OIG also added "pharmaceutical manufacturers" to the list of physician arrangements which pose areas of potential concern.7

The OIG also made a few revisions/additions to its additional identified risk areas set forth in Appendix A of the final Guidance. For example, in addressing the EMTALA issues impacting on-call physicians, the OIG revised its text addressing the exception to the general requirement that, when medically indicated, on-call physicians must generally come to the hospital to examine the patient. Per the final Guidance text, "[t]he exception to this requirement is that a patient may a billing service cannot receive Medicare payments "directly into a bank account over which the billing service maintains sole control. The Medicare payments should instead be deposited into a bank account over which the provider has signature control."

Designation of a Compliance Officer/Contact -"Step Three'.
The OIG suggests that after the audits have been completed and risks identified, one member of the practice should accept responsibility for developing a corrective action plan. The OIG notes that this person could be responsible for all compliance activities or play a more limited role in resolving the current issue prompting the corrective action. In addressing compliance responsibility in the final Guidance, the OIG appears to provide further flexibility recognizing that "the resource constraints of physician practices make it so that it is often impossible to designate one person to be in charge of compliance functions." The OIG continues its suggestions that some practices may consider designating compliance contacts in lieu of a designated compliance officer and that practices may also consider outsourcing or shared compliance officers. In the final Guidance, however, the OIG supplements its previous recommendations by suggesting that in order to address some of the limitations of the outsourcing alternatives, that the practice could designate an individual to serve as a liaison with the outsourced compliance officer. In considering collaborative compliance oversight alternatives, physician practices must also keep in mind the OIG's statements concerning potential kickback issues.

The OIG eliminated its suggestion contained in the draft Guidance that practices may consider designating the office manager or the primary biller as the compliance officer. This suggestion should have raised concerns among physicians regarding the potential conflicts inherent in such designations. The OIG's removal of such recommendation is consistent with its other statements that physicians "remain responsible to the Medicare program for bills sent in the physician's name or containing the physician's signature, even if the physician had no actual knowledge of a billing impropriety."

Conducting Appropriate Training and Education -"Step Four"
As its fourth step, the OIG notes that education is a critical component of any compliance program and the "next logical step after problems have been identified and the practice has designated a person to oversee educational training." Of particular interest to practices seeking to educate in a cost-effective and practical manner, may be the OIG's removal of the following text in discussing the various means by which employees can be effectively trained:

Simply providing individuals with documents for their own reading and comprehension is seldom sufficient.

In addressing new employee training time frames, the OIG has also removed its previous recommendation that new employees receive training within 60 days of their start date and instead has opted for more flexible language. Specifically, in the final Guidance, the OIG advises that new employees be trained on compliance and coding and billing issues "as soon as possible" after their start date.

The OIG also revised its example topics for coding and billing training to only include: (1) coding requirements; (2) claim development and submission process; (3) signing a form for a physician without authorization; ( 4) proper documentation; (5) proper billing standards and submission of accurate bills; and (6) the legal sanctions for submitting deliberately false or reckless billings.9

The importance of proper employee training continues to be highlighted in the final Guidance in connection with the OIG's discussion of what constitutes reckless disregard for purposes of imposition of sanctions under the False Claims Act. Like the draft Guidance, the final Guidance retains as an example of reckless disregard "a physician who assigns the billing function to an untrained office person without inquiring whether the employee has the requisite knowledge and training to accurately file such claims."

Responding to Detected Offenses and Developing Corrective Action Initiatives- "Step Five"
Step five of the OIG's guide for implementing a voluntary physician compliance program includes developing corrective action plans and determining how to respond to problems. While much of this section remains substantially similar to the draft Guidance's text, one notable softening revision for physician practices involves the OIG's removal of its criminal concealment statement. Specifically, in addressing corrective action with regard to overpayment issues in both the draft and final Guidances, the OIG states, in part, that the overpayments should be promptly repaid. In the final Guidance, however, the OIG removed the following text addressing overpayments from the draft Guidance; "[a] knowing and willful failure to disclose overpayments within a reasonable period of time could be interpreted as an attempt to conceal the overpayment from the Government, thereby establishing an independent basis for a criminal violation with respect to the physician practice, as well as any individual who may have been involved." It is important to note, however, that although the OIG has removed this language from the text to encourage compliance, the law and its potentially applicability still remains. Also omitted from the final Guidance is the OIG's recommendation in the draft Guidance that corrective action, including, but not limited to, self-reporting, be accomplished within 90 days of the discovery of the violation.

Given the difficult issues inherent in addressing the appropriate manner in which to address potential overpayment issues, physician practices should seek legal counsel from experienced health care counsel when addressing these issues. Experienced legal counsel can assist the physician practice in fulfilling compliance obligations while also minimizing the risk of potential adverse actions to the practice resulting from investigation and disclosure issues.

Developing Open Lines of Communication -"Step Six"
The OIG's sixth step remains substantially similar to the draft Guidance with the exception of one important addition addressing communications with the billing company for those practices using billing agent services. Specifically, included within the OIG's suggestions for a system for open communication is the following statement:

If a billing company is used, communication to and from the billing company's compliance officer/contact and other responsible staff to coordinate billing and compliance activities of the practice and the billing company, respectively. Communication can include, as appropriate, lists of appropriate or identified concerns, initiation and the results of internal assessments, training needs, regulatory changes, and other operational and compliance matters.
While it is advisable for a physician practice to effectively coordinate certain compliance efforts with its billing agent, a practice must also exercise caution in providing sensitive information to the billing agent as such information will not be privileged and the billing agent may have different interests.

Enforcing Disciplinary Standards Through Well-Publicized Guidelines -"Step Seven"
According to the final Guidance, the last step a practice may wish to undertake is ensuring that employees understand the consequences for non-compliance. The OIG's recommendations with regard to this element remain consistent with its recommendations in the draft Guidance.

Conclusion
Although the OIG has made some notable revisions and additions in its final Guidance and has softened its overall approach in addressing physician practices, much of the recommendations remain consistent with the June 2000 draft Guidance. Physicians should also understand that although the tone of the Guidance has changed for the purpose of encouraging compliance within physician practices, the applicable laws and risks remain. Of particular note, the OIG-specific physician risk areas are remarkably similar to the risk areas identified in the previously issued draft Guidance. Physicians should be encouraged to fully review the final Guidance and begin to address their risk areas. The previous article set forth in the June 2000 volume of The Health Lawyer can serve as a practical summary of the OIG Guidance and can be read in conjunction with this article analyzing the changes.

Given the health care enforcement environment and the OIG's continuing focus on compliance, physician practices should carefully consider undertaking certain voluntary compliance activities. Although the OIG has made clear that the final Guidance is not mandatory, physician practices, with assistance from health care legal counsel, can use the final Guidance as a valuable tool in developing and implementing practical and cost-effective compliance measures in their practices.

Andrew B. Wachler is a principal of Wachler & Associates, P.C. He graduated Cum Laude from the University of Michigan in 1974 and Cum Laude from Wayne State University Law School in 1978. Mr. Wachler is a member of the State Bar of Michigan, Health Care Law Section (Health Providers Subcommittee), American Bar Association, Health Care Law Section, Health Care Law Section Council of the State Bar of Michigan, American Health Lawyers Association, and the Michigan Society of Healthcare Attorneys.

Abby Pendleton is a partner with Wachler & Associates, P.C. She graduated Magna Cum Laude from Wayne State University Law School in 1996 and is a member of the Order of the Coif. While at Wayne State University Law School, she was a member of the Wayne State University Law Review and served on its editorial board. Ms. Pendleton was awarded the American Jurisprudence Book Awards in Contracts and Criminal Law as well as the Deloitte and Touche LLP Award for her achievement in tax law. Ms. Pendleton is a member of the State Bar of Michigan, Health Care Law Section, the American Health Lawyer's Association, and the Health Care Compliance Association.

Robert S. Iwrey is an associate with Wachler & Associates, P.C. He graduated with High Distinction from the University of Michigan in 1988. Mr. Iwrey graduated from Wayne State University Law School in 1993 where he was awarded the American Jurisprudence Award in Advanced Legal Writing and was an award-winning member of Moot Court. Mr. Iwrey is a member of the State Bar of Michigan {Member, Health Care Law Section), the American Health Lawyer's Association, American Bar Association, American Trial Lawyers Association, Michigan Trial Lawyers Association, Federal Bar Association, and Oakland County Bar Association.

Endnotes
1 For example. although the OIG has removed from the text in the responding to offenses section its discussion of concealment as an independent basis for a criminal violation. this law remains.
2 Note that the introductory portion of the draft Guidance specifically stated that the guidance was intended to assist physician practices in developing internal controls and procedures that promote adherence to federal health care program requirements and "private insurance program requirements."
3 The Health Insurance Portability and Accountability Act ("HIPAA") added new provisions to the federal penal code to criminalize federal health care offenses. The HIPAA offenses involve health cart fraud. theft or embezzlement. false statements. obstruction and money laundering. Health care fraud covers fraud against any public or private health care benefit program or obtaining money by false pretenses in connection with the delivery or payment of health care benefits. 18 USC Section 1347. Health care fraud is punishable by fine and/or ten years imprisonment (or 20 years if the violation results in serious bodily injury, or life imprisonment if the violation results in death). False statements relating to matters concerning public or private health care benefit programs are punishable by fine and/or five years imprisonment. Notably, HIP AA gives federal prosecutors a wide range of authority to enforce these laws. State statutory laws may also provide for civil and criminal penalties associated with health care fraud against private insurers.
4 These seven elements are essentially the same that appeared in the draft Guidance but in a different order. In the draft Guidance, the OIG noted that every effective compliance program should begin with a commitment by the physician practice to address the following key elements: (I) the development and implementation of written standards of conduct and policies and procedures; (2) the assignment of compliance responsibility to a designated compliance officer or compliance contact; (3) the implementation of effective training and education; (4) internal monitoring and auditing focusing on high-risk billing and coding issues through performance of periodic audits; (5) the development of accessible lines of communication, such as discussions at staff meetings and community bulletin boards to keep staff updated regarding compliance activities; (6) the enforcement of compliance through we1l-publicized disciplinary guidelines; and (7) responding appropriately to detected violations.
5 While the OIG's subsequent steps appear to envision that the baseline or benchmark audit (process for identifying risks) be conducted prior to these steps, the text of the monitoring and auditing section suggests otherwise. for example, although the OIG specifically suggests that the baseline be conducted on claims submitted within three months after training and education (Step Four), the training and education section provides that education "is the logical next step after problems have been identified."
6 In the draft Guidance, the OIG recommends that action be taken within 60 days from the date the problem is identified. However, in the final Guidance, the OIG omits any time recommendation other than its generic ''as soon as possible."
7 The draft Guidance stated that "[I]n particular, arrangements with hospitals, hospices, nursing facilities, home health agencies, durable medical equipment suppliers, and vendors are areas of potential concern."
8 With regard to this issue, the draft Guidance stated in its entirety that" Physicians should also be aware that, in most cases, on-call physicians must come to the hospital to examine the patient when a request is for their services. If however, their offices are located in a hospital-owned facility on contiguous land or on the hospital campus, the patient may be seen in the physician's office."
9 The draft Guidance included, without limitation, such other topics as: appropriate marketing practices, how to report misconduct, and the ramifications of altering medical records.