.

I. INTRODUCTION

On June 7, 2000, the Office of Inspector General ("OIG") of the Department of Health and Human Services ("HHS") released its Draft Compliance Program Guidance for Individual and Small Group Physician Practices ("Draft Physician Guidance"). Comprehensive in scope, the document summarizes the OIG's current view as to what physicians should know and can do to prevent fraud and abuse in government health programs. Seeking to correct "significant misunderstandings among physicians" who feel "maligned" by federal law enforcement agencies, the OIG gives its assurance that the OIG does "not disparage physicians," and that physicians are not subject to civil or criminal penalties for innocent errors or negligence. The OIG emphasizes, however, that all health care providers have a duty reasonably to ensure that claims submitted to the federal health care programs are accurate.

The Draft Physician Guidance is part of the OIG's continuing effort to encourage the health care industry to police itself. It is the ninth compliance program guidance document issued by the OIG to date. The guidelines are not mandatory. The Draft Physician Guidance was published in the Federal Register on June 12, 2000, and the OIG invites physicians to submit comments during the 45-day comment period that ends on July 27, 2000.

Intended to assist individual and small group physician practices in developing and implementing internal controls that will promote adherence to rules governing the federal health care programs and to private insurance requirements, the Draft Physician Guidance identifies the basic elements of a physician practice compliance program. As with other guidance already issued by the OIG, the elements of such a compliance program are based on the seven elements set forth in the Federal Sentencing Guidelines.(fn1)

 The OIG observes that an effective compliance program does not have to be costly or resource-intensive and stresses that there is no "one size fits all" compliance program for physicians. The draft guidance also provides direction to larger practices suggesting that large practices use both the Draft Physician Guidance as well as previously issued guidance, including the Third Party Medical Billing Compliance Program Guidance and the Clinical Laboratory Compliance Program Guidance.

The Draft Physician Guidance is a virtual compendium of the risk areas where physician practices may be vulnerable. The main risk areas for all physicians include coding and billing, billing only for services that are "reasonable and necessary," medical record documentation, improper inducements and self-referrals, and retention of records.

An appendix to the draft guidance identifies still other risk areas that physicians should evaluate when constructing a compliance program suitable for their practice. These additional risk areas include physician relationships with hospitals, various physician billing practices, physician certifications for medical equipment, supplies and home health services, as well as other risk areas.

A second appendix contains a summary of frequently cited criminal statutes related to fraud and abuse in the context of health care. The summary identifies the penalties for unlawful conduct and gives examples of the kinds of conduct prohibited by the various statutes.

A third appendix summarizes civil and administrative statutes related to health care fraud and abuse. In this section the OIG describes its "primary enforcement tool," the civil False Claims Act. This appendix also discusses the civil monetary penalties law, the federal anti-referral law ("Stark Laws"), and the laws governing exclusion of individuals and entities from participation in the federal health care programs.

A fourth appendix provides OIG/HHS "contact information." This section provides numbers for the OIG telephone hotline and describes the OIG's recommended method for a physician to self-report to the OIG fraud and abuse issues that may exist in his/her own practice. This section also explains the kinds of questions the OIG will respond to when a health care professional requests an advisory opinion from OIG and where to find the procedures for requesting an advisory opinion.

A fifth appendix provides carrier contact information. A sixth appendix lists internet resources relating to federal health care programs.

 

II. BENEFITS OF A COMPLIANCE PROGRAM

According to the OIG, an effective compliance program can help physicians identify both erroneous and fraudulent claims, ensure that submitted claims are true and accurate, and improve the quality of care. The specific benefits include:

· The development of effective internal procedures to ensure compliance with regulations, payment policies and coding rules;

· Improved medical record documentation;

· Improved education for practice employees;

· Reduction in the denial of claims;

· More streamlined practice operations through better communication and more comprehensive policies;

· The avoidance of potential liability arising from noncompliance; and

· Reduced exposure to penalties.

 

III. COMPLIANCE PROGRAM ELEMENTS

A. The Seven Basic Compliance Elements

As in previously issued guidance, the Draft Physician Guidance identifies seven basic elements of an effective compliance program. Although the OIG acknowledges that full implementation of all elements may not be feasible for all physician practices, the OIG encourages physicians to address each of the elements in a manner that best suits the physician's practice. To avoid undue burden and duplication of effort, the OIG supports collaborative compliance efforts where appropriate. For example, a physician's participation in a hospital compliance program could be a way of satisfying recommended elements of the physician's own compliance program.

The seven basic compliance elements are:

· Establishing compliance standards through the development of a code of conduct and written policies and   procedures;

· Assigning compliance monitoring efforts to a designated compliance officer or contact;

· Conducting comprehensive training and education on practice ethics and policies and procedures;

· Conducting internal monitoring and auditing focusing on high-risk billing and coding issues through performance of periodic audits;

· Developing accessible lines of communication, such as discussions at staff meetings regarding fraudulent or erroneous conduct issues and community bulletin boards, to keep practice employees updated regarding compliance activities;

· Enforcing disciplinary standards by making clear or ensuring employees are aware that compliance is treated seriously and that violations will be dealt with consistently and uniformly; and

· Responding appropriately to detected violations through the investigation of allegations and the disclosure of incidents to appropriate Government entities.

B. Written Policies And Procedures

According to OIG, the first step of an effective compliance program is to develop a code of conduct that is specific to the physician's practice. The code of conduct should make clear to all employees what the expectations of the practice are with respect to critical matters such as billing and coding, patient care, documentation and payer relationships. The code of conduct should be distributed to all employees and reviewed at least annually.

The OIG asserts that written policies and procedures are essential to all physician practices, regardless of size and capability. Observing that a physician practice should focus first on the problem areas most likely to arise in that practice, the OIG suggests that physicians consider policies in these areas:

· Employee hiring and retention;

· Creation and maintenance of encounter forms which elicit the data required for the different levels of coding;

· Coding and billing competency and responsibilities;

· Correct coding initiatives;

· Patient outreach and communication;

· General marketing; and

· Patient quality of care.

C. Specific Risk Areas

The OIG presents a list of potential risk areas that it describes as a "starting point" for evaluating potential vulnerabilities within a physician practice.

1. Coding And Billing

According to the OIG, coding and billing should be a major part of any physician compliance program. The OIG lists the problems that most frequently result in OIG audits and investigations:

 

· Billing for items or services not rendered or not provided as claimed;

· Submitting claims for equipment, medical supplies and services that are not reasonable and necessary (seeking reimbursement for a service that is not warranted by a patient's documented medical condition);

· Double billing;

· Billing for non-covered services as if covered;

· Knowing misuse of provider identification numbers, which results in improper billings (OIG specifically cites concerns that physician practices should be aware of the provisions of the reassignment rules);

· Billing for unbundled services (the practice of a physician billing for multiple components of a service that must be included in a single fee);

· Failure properly to use coding modifiers (inadequate justification that a service or procedure that has been performed has been altered by some specific circumstance, but not changed in its definition or code); and

· Upcoding the level of services provided (billing for a more expensive service than the one actually performed, which is a major focus of the OIG's law enforcement efforts).

Appendix A provides additional guidance regarding the practice of submitting a claim for services in order to receive a denial from the Medicare carrier, thereby enabling the patient to submit the denied claim for payment to a secondary payer. The OIG states that it would not consider such submissions to be fraudulent. However, in these instances the physician should indicate on the claim submission that the claim is being submitted for the purpose of receiving a denial.

2. Reasonable And Necessary Services

The OIG acknowledges that a physician should be able to order any test, including screening tests, that the physician believes is appropriate for the treatment of his/her patient. However, the OIG cautions that there may be a difference between what the physician believes is clinically appropriate and the payer's definition of reasonable and necessary. According to the OIG, the physician practice should only bill for those services the physician believes and can document are reasonable and necessary for the diagnosis and treatment of a patient. (The draft is not as specific as OIG's final civil monetary penalty rule which clarifies that violations occur when a physician submits a claim for an item or service that the physician knows or should know is medically unnecessary, and is part of a pattern of such claims.)

Appendix A lists additional risk areas in this area. For example, the OIG advises physicians to be familiar with local medical review policies which indicate whether an item or service will be covered by Medicare. The OIG also reminds physicians that they are required to provide advanced beneficiary notices ("ABN") before providing a patient with services that the physicians knows or believes Medicare will not consider reasonable and necessary. The draft guidance explains the requirements for a properly executed ABN.

Appendix A also cautions physicians regarding their liability for inappropriate certifications for the provision of medical equipment and supplies and home health services. The OIG warns against signing blank certificates of medical necessity ("CMN"), and signing CMNs without seeing the patient to verify that the item or service is reasonable and necessary.

3. Documentation

The draft guidance articulates the OIG's view of the minimum standards for medical record documentation. Explaining that the medical record is used to validate the appropriateness of the service and the accuracy of the billing, the OIG asserts that medical records should comply with the following principles:

· The medical record should be complete and legible;

· The documentation of each patient encounter should include the reason for the encounter, any relevant history, physical examination findings, prior diagnostic test results, assessment, clinical impression or diagnosis, plan of care, and date and legible identify of the observer (emphasis added);

· If not documented, a reviewer should be able "easily" to infer the rationale for ordering diagnostic and other ancillary services. Past and present diagnoses should be accessible to the treating and/or consulting physician; and

· Appropriate health risk factors should be identified. The patient's progress, his/her response to and any changes in, treatment, and any revision in diagnosis should be documented.

The OIG also encourages physicians to monitor whether the HCFA 1500 form is properly completed.

4. Kickbacks, Inducements And Self-Referrals

The OIG advises physicians to develop procedures that address arrangements with other health care providers and suppliers. On a practical level, the OIG makes two recommendations: 1) business arrangements involving a physician referral of business to an outside entity should be made on a fair market value basis; and 2) business arrangements that involve a physician making referrals should be reviewed by counsel familiar with the anti-kickback statute and the physician self-referral laws.

The OIG urges physicians to exercise particular care with respect to:

· Financial arrangement with outside entities to whom the practice may refer federal health care program business;

· Joint ventures with entities supplying goods or services to the physician practice or its patients;

· Consulting contracts or medical directorships;

· Office and equipment leases with entities to which the physician refers; and

· Soliciting, accepting or offering any gift or gratuity of more than nominal value to or from those who may benefit from a physician practice's referral of federal health care program business.

The OIG notes that its definition of "fair market value" in the context of anti-kickback scrutiny excludes any value attributable to referrals of federal program beneficiaries or the ability to influence the flow of such business.

5. Retention of Records

The OIG states that all physician practices, regardless of size, should have procedures to create and retain appropriate documentation. OIG suggests that physicians consider:

· The length of time that a physician's medical record documentation is to be retained, taking into account federal and state requirements;

· The need to secure medical records against loss, destruction, unauthorized access, unauthorized reproduction, corruption or damage; and

· The disposition of medical records in the event the practice is sold or closed.

6. Additional Risk Areas

Appendix A lists other risk areas the OIG believes physicians should consider. The section is particularly interesting because it gives the OIG's position with respect to a variety of common practices, the legality of which has been the subject of some debate:

• Payment of a third party billing service on a percentage basis. The OIG states that percentage billing arrangements are not illegal per se. OIG maintains, however, that such arrangements increase the risk of intentional upcoding or other abuses. For this reason, physicians should take care to assure that Medicare payments are not sent directly to the billing service.
• Professional courtesy. The OIG states that the legality of particular professional courtesy arrangements will turn on the specific facts presented and the specific intent of the parties. For example, the regular and consistent practice of extending professional courtesy by waiving the entire fee for services rendered to a group of persons such as employees, physicians and/or their family members may not implicate fraud and abuse rules so long as membership in the group does not take into account any group member's ability to refer or generate federal health care program business for the physician. By contrast, the waiver of a copayment may be unlawful if the patient from whom the copayment is waived is a federal health care program beneficiary who is not financially needy.

Additional risk areas of which physicians should take particular note include:

• The physician role in the patient anti-dumping statute. The OIG notes that physician on-call responsibilities are reviewed in assessing a hospital's compliance with the Emergency Medical Treatment and Active Labor Act ("EMTALA" or the patient "anti-dumping" law). Physician misconduct can result in civil fines of up to $50,000 per violation and exclusion of the physician from the federal health care programs. The OIG encourages physicians to be familiar with the on-call rules of their hospitals and to be aware that, in most cases, on-call physicians must come to the hospital to examine the patient when a request is made for their services.

• Gainsharing arrangements. The OIG reiterates its position that the civil monetary penalty law prohibits any arrangement that involves payments by or on behalf of a hospital to physicians with clinical care responsibilities, directly or indirectly, to induce a reduction or limitation of services to Medicare or Medicaid patients. The OIG suggests that hospitals compensate physicians for cost reduction services through a personal services contract where the physician is reimbursed on a fixed fee basis at fair market value for the physician services rendered.

• Teaching physicians. The OIG summarizes the rules that apply to teaching physician billings. The teaching physician must be present during the key portion of any service or procedure for which payment is sought. Each physician must document his/her presence during the key portion of the service or procedures.

• Rental of Space in Physician Offices by Persons or Entities to which physicians refer. The OIG, which recently issued a fraud alert on this subject, states that "suspect arrangements" include the rental of physician office space by a supplier in a position to benefit from referrals of the physician's patients. According to OIG, the concern is that the rent payment may be disguised kickbacks to the physician landlord to induce referrals. The OIG recommends that rental agreements comply with the criteria for the space rental safe harbor under the anti-kickback statute.

• Unlawful Advertising. The OIG observes that is unlawful to use the names, abbreviations, symbols or emblems of HHS, Medicare, Medicaid or other government entity to convey the impression that an advertised item or individual is endorsed by the government entity. The OIG provides an example of prohibited conduct.

D. Designation Of A Compliance Officer/Contact

The OIG recommends that physicians designate an individual who is responsible for overseeing the practice's compliance program. More than one person in the practice can have responsibilities for compliance. Alternatively, the practice can outsource the compliance function to a third party such as a consultant, billing company or professional association. If the compliance officer function is outsourced, there should be sufficient interaction between the practice and the third party.

The primary duties assigned to a compliance officer should include:

· Overseeing and monitoring the implementation of the compliance program;

· Establishing methods such as periodic audits, to improve the efficiency of the practice, the quality of the service and reducing the vulnerability of the practice to fraud and abuse;

· Periodically revising the compliance program to adapt to changing practice needs as well as to changes in the law and policies of the government and private payers;

· Developing, coordinating and participating in a training program that focuses on the elements of the compliance program and seeking to ensure that training materials are appropriate;

· Ensuring that the practice does not use or hire individuals or entities on the HHS-OIG List of Excluded Individuals and Entities or the General Services Administration's List of Parties Debarred from Federal Programs;

· Ensuring that practice staff and independent contractors know and comply with pertinent laws, regulations and standards; and

· Investigating any report or allegation concerning possible unethical or improper business practices and monitoring subsequent corrective action.

E. Conducting Effective Training And Education

The OIG emphasizes the importance of education in any compliance program and the need to tailor such training to the needs of the particular practice. The compliance officer is responsible for compliance training. Compliance training should have two goals. First, all employees should receiving training on how to perform their jobs in compliance with the standards of the practice and applicable rules. Secondly, every employee should understand that compliance is a condition of continued employment.

Individuals directly involved with billing and coding should receive education specific to their duties. All employees should be made familiar with the key risk areas described in the Draft Physician Guidance. Training should be conducted on a continuing basis.

F. Developing Effective Lines Of Communication

The OIG states that an open line of communication is essential to proper implementation of an effective compliance program. In the small physician practice setting, the communication element can be met by implementing an "open door" policy between the physician and compliance personnel and practice employees. The OIG asserts that all practice employees, when seeking answers to questions or reporting misconduct, should know to whom to turn for assistance and should be able to do so without fear of retaliation.

G. Auditing And Monitoring

The OIG states that self-auditing is essential to a successful compliance program. Claims can be audited on a retrospective basis or concurrently with the claims submission. Self-audits should be used to determine whether:

· Bills are accurately coded and accurately reflect the services provided;

· Services or items are reasonable and necessary;

· Any incentives for unnecessary services exist; and

· Medical records contain sufficient documentation to support the charge.

The OIG suggests that physicians conduct a baseline audit of their practice that examines the claim development and submission process from patient intake through claims submission and payment. This audit can be used to identify elements within the process that may contribute to non-compliance. Following the baseline audit, the OIG suggests that the practice conduct periodic audits at least annually. According to the OIG, there is no set formula as to how many medical records should be reviewed, but that a basic guide is two to five medical records per payer or five to ten records per physician.

Periodic audits should include:

· A valid sample of the practice's top ten denials, or the practice's top ten services provided;

· Confirmation that the physician practice has been using sufficiently specific codes;

· A check for data entry errors;

· Confirmation that all orders are written and signed by a physician;

· A check for the reasonableness and necessity of services performed; confirmation that all tests ordered by the physicians were actually performed and documented and that only those tests were billed; and

· A review of assignment codes and modifiers to the claims.

According to the OIG, one of the most important elements of a successful billing compliance program is appropriate action when the physician practice identifies a problem. The specific action that a practice takes will depend on the circumstances of the situation.

H. Enforcing Standards Through Well-Publicized Disciplinary Guidelines

The physician practice should ensure that violation of the practice's compliance policies result in consistent and appropriate sanctions against the offending individual. The enforcement procedure should be flexible enough to account for mitigating or aggravating circumstances.

I. Responding To Detected Offenses And Developing Corrective Action Initiatives

Physician practices should take appropriate corrective action when problems are detected. Any overpayments should be promptly repaid to the affected payer. All reasonable steps should be taken to prevent recurrence of the problem.

 

IV. SUMMARY OF CRIMINAL, CIVIL, AND ADMINISTRATIVE STATUTES

Appendices B and C to the Draft Physician Guidance provide a useful summary of the pertinent criminal, civil and administrative statutes of which physicians should be aware in the context of health care fraud and abuse. For each statutory provision the OIG summarizes the law and describes the penalty for the unlawful conduct. In addition, the OIG provides examples of the unlawful conduct.

 

V. OIG-HHS CONTACT INFORMATION

The OIG encourages providers to report matters involving fraud, waste and mismanagement in any federal health care program to the OIG. The OIG provides the OIG Hotline telephone number and the type of information that would be helpful to the OIG when misconduct is reported. In addition, the OIG describes its Provider Self-Disclosure Protocol. This OIG program is for providers who wish voluntarily to disclose irregularities in their dealings with federal health care programs. The OIG notes that voluntary disclosure under the protocol does not guarantee a physician protection from criminal, civil or administrative actions.

This section also reminds physicians that there is a procedure for requesting an advisory opinion from the OIG on the following issues:

· What constitutes prohibited remuneration or payment under the anti-kickback statute;

· Whether an arrangement fits into a safe harbor to the anti-kickback statutes;

· What constitutes an inducement to reduce or limit services to Medicare/Medicaid beneficiaries; and

· Whether any activity or proposed activity constitutes grounds for the imposition of fraud and abuse sanctions.

 

VI. CARRIER CONTACT INFORMATION

In Exhibit G, the Draft Physician Guidance identifies the Health Care Financing Administration website that provides a complete list of contact information for Medicare Part A Fiscal Intermediaries, Medicare Part B Carriers, Regional Home Health Intermediaries and Durable Medical Equipment Regional Carriers. The website for identifying each state Medicaid carrier is also listed.

 

VII. INTERNET RESOURCES