A Compliance Program for Fraud, Waste, and Abuse in 7 Elements

If you own or run a clinical practice and bill Medicare or Medicaid, having a mature fraud, waste, and abuse compliance program is a critical part of business. In 2018, the U.S. Justice Department recovered $2.8 billion in civil cases involving fraud and false claims submitted to the Federal government. Of that figure, $2.5 billion (89%) represented recoveries in the healthcare sector. These figures not only show that the Federal government takes Medicare fraud very seriously–participating providers should as well.

With that in mind, the Office of the Inspector General (OIG) has developed a number of resources to help providers avoid fraud, waste, and abuse issues. One such resource is its compliance program roadmap, “Seven Fundamental Elements of an Effective Compliance Program.” Naturally, these seven elements are an excellent framework for a new or updated compliance program for small to large providers alike.

General Considerations

For providers beginning a new practice or those who do not have a mature compliance program, the single most important task is to shift implementation from “tomorrow” to “today.” Of course, developing a meaningful program takes time and money–two resources already in heavy demand. Yet, the best time to start the program is now. Unfortunately, if a serious problem arises without one, regulators’ response is often “too late.” Positively, providers often find that the framework of a good compliance program not only helps to mitigate penalty risk, it can streamline operations and save time and money.

Compliance programs are scalable. The OIG does not expect that a small physician practice will develop as comprehensive a program as a large hospital. Again, having a program that addresses each of the seven elements in a meaningful way is key. Finally, develop and maintain your program in conjunction with trusted legal counsel. Let’s take a look at each of the OIG’s seven elements in detail.

1 – Implement written policies, procedures and standards of conduct.

Put them in writing and make them available. Policies and procedures are not effective if they are only verbal or merely written up to gather dust. An effective P&P will begin with the topic (e.g., Clinical and Billing Procedures) and the overall organizational policy on the topic. Of course, a key policy recital for all compliance P&P’s is “the elimination of fraud, waste, and abuse.” P&P’s should address the following areas, at a minimum:

  • Clinical and billing procedures: how services will be justifiably provided according to applicable care guidelines; how services will be appropriately documented clinically; and how claims will be submitted in an accurate and timely, fashion.
  • Auditing and identification of non-compliance issues: how the practice will audit, identify, and remedy non-compliance issues, such as over-payments, in a timely fashion and make necessary adjustments to prevent future issues. These should address reporting of issues in a way that prevents fear of retribution.
  • HR Policies for Compliance: how personnel are instructed, coached, and, if necessary, disciplined for non-compliance.
  • Improper Referrals and Arrangements: these should address Stark/Anti-Kickback statutes and the Florida Patient Brokering Act pertaining to unlawful incentives.

P&P’s are best developed in a team approach that incorporates leadership/CO, relevant supervisors and staff, and legal counsel. They should be periodically reviewed and updated as the need arises. Finally, all compliance P&P’s should be accessible and available to all relevant staff.

2 – Designate a compliance officer and compliance committee.

A compliance officer (CO)’s duty is to be the key resource and point of contact for compliance issues. The CO should administratively and financially empowered with independence, authority, and connection to people and information in the organization. The CO should stay up-to-date on regulations and developments. CO need not be a stand-alone position. In many practices, the CO position is often filled by a person who has another primary job. In a solo physician practice, for example, it almost surely is the proprietor. But, regardless of the size of the practice, what is most important is whether the person who fills the role can connect the dots between the technical skills of finance and regulations to the interpersonal skills of people management. Does your CO understand the business model of the practice, its financial picture, and the claims submission process? Will your staff feel comfortable bringing sensitive compliance issues to the CO? Does the CO have the independence and the authority to act on compliance issues? For a good CO, these questions demand “yes” answers regardless of the size of the practice.

Committees should include relevant leadership, the CO, and supervisory, and other relevant staff. The committee should be conducted in a way that sharing information on potential issues is encouraged. The committee can also ideally be tasked with the periodic review and development of compliance P&P’s. A full committee may not be feasible for a small practice, but a CO, at a minimum should be a part of the program.

3 – Conduct effective training and education.

A compliance program is useless without effective and regular training. All new staff should receive initial fraud, waste and abuse training, which would include an overview of P&P’s and how staff can report issues. Once on-boarding is conducted, all staff should receive re-training at least annually. The training should be documented/certified by the CO or the staff-member’s supervisor and documentation should be kept by the CO as a part of compliance records and within the personnel files of each staff member.

4 – Develop effective lines of communication.

Foster a “culture of compliance.” All staff should feel comfortable bringing compliance concerns or issues to the CO without fear of unfair retribution. The CO and leadership should be ready to offer guidance on compliance issues. An open door policy, suggestion box, or compliance hotline are all acceptable means of receiving compliance issues. Staff should feel confident that the organization takes fraud, waste, and abuse seriously.

5 – Conduct internal monitoring and auditing.

The CO or a designee should be tasked with conducting periodic audits of billing to spot non-compliance issues so that they can be immediately remedied and, if necessary, self-reported. For example, regarding billing, OIG guidance states that examples of improper claims include the following:

  • Billing codes that reflect a more severe illness than actually existed or a more expensive treatment than was provided
  • Billing medically unnecessary services
  • Billing services not provided
  • Billing services performed by an improperly supervised or unqualified employee
  • Billing services performed by an employee excluded from participation in the Federal health care programs
  • Billing services of such low quality they are virtually worthless
  • Billing separately for services already included in a global fee, like billing an evaluation and management service the day after surgery

These types of billing non-compliance should absolutely inform regular auditing efforts. Leadership and the compliance committee, if applicable, should be updated on the results of auditing and necessary fixes.

6 – Enforce standards through well-publicized disciplinary guidelines.

As a part of P&P of the organization, scaled coaching, discipline, and employment action for non-compliance issues is a key part of the compliance program. Leadership, the CO, compliance committee, and HR should work to ensure that employees are well-versed in the consequences of non-compliance in training, within the P&P, and through regular communication with supervisors and leadership. Consistent enforcement is key.

7 – Respond promptly when problems are identified and take corrective action.

If a compliance issue is spotted, time is of the essence. For example, in instances of overpayment, CMS requires “report and return” of any self-identified overpayment within 60 days of identification. That time also has a 6-year look-back period from the time of receipt of the overpayment. If a major issue is identified, leadership should consider contacting legal counsel immediately.

Additional Resources

Have questions?

Do you have questions about this or another legal issue? Click below to contact Bush Health Law for a free initial consultation.

NOTE: This post is provided for general information purposes and is not, by itself, intended to create an attorney-client relationship or provide legal, accounting, or other professional advice.

Bush Health Law PLLC is law firm that offers legal counsel to clinicians, researchers, and organizations to support the mission of quality, innovative healthcare. With offices in Gainesville, Florida, the firm serves healthcare clients throughout Florida. Copyright © 2019 Bush Health Law PLLC. All rights reserved.

1 thought on “A Compliance Program for Fraud, Waste, and Abuse in 7 Elements

  1. […] properties? Also, beyond the terms of the agreement, does the employer or organization have a robust program for the prevention of fraud, waste, and abuse? Keeping an eye on these issues can prevent not only civil lawsuits, but regulatory and criminal […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: