Physician Group Case Study: An Effective Approach to Creating a Comprehensive Compliance Program

Transcription

1 Case Study Physician Group Case Study: An Effective Approach to Creating a Comprehensive Compliance Program This presentation is intended to provide a brief overview of compliance and should not to be considered legal advice. Physician Group Case Study: An Effective Approach to Creating a Comprehensive Compliance Program Dixon Davis MBA, MHSA Michelle Ann Richards CPC, CPCO, CPMA, CPPM Evolution of Compliance Programs 1991 Federal Sentencing Guidelines Voluntary OIG Compliance Program Guidance 2010 PPACA (aka: Affordable Care Act) Requires Compliance Programs 3 1

2 Common Areas of Non-Compliance Misrepresentation of services with incorrect Current Procedural Terminology (CPT) codes Billing for services not rendered Altering claim forms for higher payments Falsification of information in medical record documents Billing for services that were not performed or misrepresenting the types of services that were provided Billing for supplies (DME) not provided Providing unnecessary medical services based on the patient's condition. 4 Our Government Takes Non-Compliance with Federal Regulations Seriously Key Agencies in Healthcare Compliance Department of Health & Human Services (HHS) Office for Civil Rights (OCR) Office of Inspector General (OIG) Department of Justice (DOJ) All can come knocking on your door at any time 5 They Do Come Knocking.. In the first half of FY 2014, OIG reported expected recoveries of more than $3.1 billion consisting of nearly $295 million in audit receivables and about $2.83 billion in investigative receivables, which include about $813.7 million in non-hhs investigative receivables resulting from our work in areas such as the States shares of Medicaid restitution 6 2

3 Criminal Actions Exclusion Sanctions 1,720 individuals 465 criminal actions against individuals or entities that engaged in crimes against HHS programs 266 civil actions, which include false claims and unjustenrichment lawsuits filed in Federal district court, civil monetary penalties (CMP) settlements, and administrative recoveries related to provider selfdisclosure matters. 7 Purpose of CIAs OIG uses CIAs to communicate prudent approaches to compliance program design and compliance related initiatives In lieu of provider Exclusion 8 Case Study - Kentucky Provider in health care industry 30 years Same Practice Manager entire duration Controlled Environment Practice Manager in charge of everything Three pages of Policies & Procedures (last updated 1997) Well-known throughout community 9 3

4 What They Were Doing Right Cared About Their Patients Great relationship with patients Word of mouth referrals Excellent Patient Outcomes 10 Penalties Faced Three-Year Corporate Integrity Agreement $3,739, What They Should ve Been Doing Keeping Up-to-Date on Billing, Coding & CCI Edits Monitoring & Auditing provider Billing & Operations Providing education for Billing & Coding staff Training & Education for providers 12 4

5 Mitigating The Risk Performed Risk Assessments Created 150 additional Policies & Procedures Trained Compliance Officer Training & Education Providers & Employees Formed Compliance Committee 13 What Does a Great Attorney, 7Atlis Compliance Software and AAPC Consulting have in common? All came together to successfully Create a Culture of Compliance Within a medical practice that previously didn t know what compliance meant In 30 Days 14 Maintaining Compliance Is an Ongoing Process Auditing & Monitoring Risk Assessments Updating Policies & Procedures Training & Education 15 5

6 An Effective Compliance Program Process Communication 16 Documentation is Key Protocols Policies & Procedures Training & Education If it s not documented, it wasn t done!!!! 17 Lesson Learned Actual Client responses Advise anyone to Create a Compliance Program Immediately This makes perfect business sense Why didn t we do this before the government came in I was worried about what the employees would think We now provide better quality than I d anticipated 18 6

7 Compliance Awareness Hindsight Keep practice safe from the consequences of ignoring what has been mandated Compliance Expectations of any practice (medical organization) doing business with government health care programs 19 Within First 30 days Performed an Organizational Risk Assessment Built necessary Policies & Procedures based on results Provided necessary training & education to providers & employees Formed a Compliance Committee 20 Accountability Measures Management accountability & certifications Top Down Accountability Risk Assessment & Mitigation Process Well publicized disciplinary guidelines 21 7

8 Independent Review Organization (IRO) Must be Independent and Objective May provide: Claims review Unallowable Costs review Arrangements review Systems review Scope of work defined in Corporate Integrity Agreement 22 Corporate Integrity Agreement (CIA) Provisions Quality of Care Reportable Events Claw Back Culture of Compliance 23 Most CIAs have the Same Requirements Hire a Compliance Officer or appoint a Compliance Committee Develop written standards & policies Implement an employee training & education program Retain an independent Review Organization (IRO) to perform reviews Report overpayments, reportable events and ongoing investigations or any legal proceedings to the OIG Provide an implementation report and annual reports to OIG 24 8

9 Proactive vs Reactive Compliance Program 25 Case Study Already compliant minded Have a compliance committee Have robust policies and procedures Provide annual HIPAA trainings Provide in-services and send some people to conferences Perform chart audits occasionally Check employees against sanction database What Else is Needed? Why Change? Challenges Updating policies on a timely basis was very challenging Dispersing updates to employees difficult Tracking training was difficult and it was mediocre Audits good intentions Not regular hard to keep up with good schedule Filed away and not looked at again. Follow through not as good as desired one more thing 9

10 Needed to Give it Real Life The Keys of Compliance Success Communicate Make it Meaningful Make it Personal 29 Being Proactive 10

11 Technology Challenges Technology is being encouraged STRONGLY More efficiency Greater accuracy Faster access of information Increased effectiveness Look What We ve Done with EMR s! Challenges of Technology Conversions are hard Paper to electronic format Training on new software Importing / inputting information Hardware, software issues Additional cost Cost Benefit Analysis Benefits Time savings Greater organization Better Communication Increased follow up and action items Confidence Costs Money Time to learn a new system Time to load information into the new system 33 11

12 7Atlis Complete Compliance Solution 34 Policies and Procedures Making Policies Electronic Simple process for inputting files - Initial time commitment Policies and Procedures Access by all employees Reminders set for regular review and updates Simple dissemination for employee attestation Recorded and tracked with fast retrieval 12

13 Training and Education Needed a good library of training courses Coding, Billing, Anti-kickback, HIPAA, OSHA, Harassment, Documentation Ability to easily assign and track status Ability to assign and track trainings One time versus annual trainings Ability to assess proficiency Ability to quickly mitigate risks Training and Education Instant Access once employees entered into system Assigned all employees to HIPAA and OSHA training within the first week. Incident Reporting Needed the ability for employees to enter reports easily Efficient template for consistency Tracking: Report Investigation Mitigation Close Analysis of causal relationships Assignments and reminders for proper follow up 13

14 Incident Reporting Started by entering all open incidents (some completed during training) Incident Reporting Easy to manage investigations and Corrective Actions Audits and Monitoring Ability to track internal and external audits Assignments, reminders, tools needed Checklists and forms standardized and attached Annual work plan Ability to take action direct from the audit Training, new policy, additional audits, incident reporting 14

15 Audits and Monitoring Decided not to scan old audits start fresh Create and assign an audit task Attach checklists, forms, directions Risk Assessments Did not have anything like this History was more reactive than proactive Ability to identify potential risks Easy to track with risk ratings highest risk first Simple assignment of mitigations to reduce risk Ability to dig deeper and track more accurately Risk Assessments New tool for proactively identifying potential risks Began to use slowly but with the goal to add as they go 15

16 Doing Things Right Six Sigma PDCA (Plan, Do, Check, Act) TQM (Total Quality Management) 46 Life Simplified 47 Reality Greater confidence Improved efficiency after conversion Improved communication Organized follow through Greater awareness less fear of the unknown Reduced Risk Personal Meaningful Communication 16

17 Create a Culture of Compliance For more information please feel free to contact us Michelle Richards, CPC, CPCO, CPMA, CPPM Michelle.Richards@aapc.com Dixon Davis, MBA, MHSA Dixon.davis@aapc.com Fraud, Waste, and Abuse The majority of FWA claims come through qui tam relators (whistleblowers) 01/03/2014 Premier Vein Centers in Florida paid $400,000 to resolve allegations that it billed Medicare for services performed by unqualified personnel including allegations that unlicensed personnel performed varicose vein injections when the physician was not present at the center. 01/29/2014 Saint Joseph Health System paid $16.5 million to settle allegations of unnecessary heart surgeries. The settlement also resolved claims related to allegedly sham management agreements with physicians. A doctor pleaded guilty last year to Medicaid fraud and is serving a 30-month prison sentence. 02/18/2014 Engage Medical paid $3.3 million to settle false billing allegations. Engage Medical coders allegedly billed for each service twice, using a CPT modifier meant to indicate when a service was performed twice by the same physician and Engage coders also allegedly billed for a CPT code meant to cover the interpretation and reporting of images, even though the CPT billing manual said not to use the code for nuclear stress tests. HIPAA As updated by the Health Information Technology for Economic and Clinical Health (HITECH) Act, HIPAA violations may result in fines of up to $1.5 million, per year. Concentra Health Services paid $1.7 million to resolve alleged HIPAA violations that included failing to encrypt laptops, desktop computers, medical equipment, tablet computers, and other devices. The case began with the theft of an unencrypted laptop. Parkview Health System paid $800,000 to settle HIPAA privacy allegations, including that it left 71 boxes of medical records unattended in the driveway of a retired physician. 17

18 The Costly 3 Three hot issues that continue to be costly when not managed HIPAA security issues will continue to be a hot topic as health care organizations use IT more in operations Whistleblowers continue to be the largest lead source for false claims act cases. Some of the largest fines are for Stark and Anti-kickback violations 52 Conclusion Lesson to be Learned CIA s are viewed by OIG as form of Compliance Guidance Highlights Federal government expectations of all medical organizations A little Proactive Effort can ease the government s wrath Better to implement Compliance Program on own Daily Compliance oversight 53 18