Ever since the government intensified its efforts to crack down on medical fraud, and asked the health care community to assist, compliance and compliance planning are the buzzwords. The message finally appears to be getting through to physicians, and practices are instituting compliance plans at a fast pace. This is good news — recognition is half the battle! Unfortunately, in many cases, compliance efforts are misguided and actually put the practice in an awkward position.
You need a compliance plan if you are not in compliance, but the only way to know whether you are is to perform a self-audit. If, upon audit, you're clean, then great. Unfortunately, in the process, you're more likely to find problems. Then what?
The self-audit is an integral part of the overall compliance plan. To aid health care providers in implementing effective compliance plans, the Office of the Inspector General describes seven elements it believes are fundamental to provider compliance. The first of the seven is the audit.
Lack of understanding
Practices often do not understand the value of audits. What's more, the consultants and advisers assisting practices do not always know how best to conduct them. Unfortunately, the OIG guidelines are not necessarily the best resource on this issue.
Although the guidelines suggest when and how to conduct an audit, they are silent as to the inherent risks a practice faces in undertaking auditing activities. They speak to identification of problem areas, but they don't address the "then what?" part — perhaps intentionally. Clearly, identifying problem areas will help prevent future violations because the practice will know on what areas to focus its training and education.
However, as much focus as there is on compliance, so too the government has emphasized self-disclosure. The OIG requires physicians to disclose any detected violations.
The most recently released guidelines — those for solo and group practices — state that each practice needs to determine whether to review claims retrospectively or concurrently; that is, whether a practice should look at claims that have already been submitted for payment or claims that are ready to be submitted for payment.
Notwithstanding that the guidelines leave it to the discretion of the practice as to what types of claims it should audit, the guidelines do recommend that physician practices conduct their baseline audits on a retrospective basis.
However, the ramifications of doing a baseline audit on a retrospective basis could be substantial.
Once a physician has knowledge of erroneously paid claims, the law requires him to refund those payments. If an audit is conducted on a retrospective basis, on claims already submitted and for which payment has been received, the practice is obligated under the law to refund any payments that it knows were improperly made.
On the other hand, if the audit is conducted on a prospective basis (i.e., using presubmitted claims), then the claim that is ready for submission is corrected and submitted for reimbursement. No harm done.
Here's an example. Let's say a two-doctor general practice conducts an audit on claims already submitted, and discovers that of the 20 claims reviewed, the medical-record documentation for five of those claims does not support the level of service billed.
The practice now has knowledge of five upcoded claims, and it is obligated to return the excess payment received for those five claims. If, however, the practice conducts an audit on claims that have not yet been submitted and identifies the same five upcoded claims, the practice can correct the codes, submit the claims for payment, and now focus its education and training efforts on those areas that it identifies as problems.
Where there's smoke?
While reimbursing overpayment for five claims won't break the bank, it may send up a red flag to the payer that other errors exist. If a random sampling picks up on the fact that a practice was overbilling with respect to a certain procedure or visit, then the odds are that many errors or overpayments exist. Upon extrapolation — which is what Medicare, for example, can do in making an assessment — the liability can get quite big.
Thus, practices are well advised to conduct their first, or baseline, audit on presubmitted claims. Although this is contrary to the recommendations set forth by the OIG, it is the best way to minimize the consequences of an audit. The OIG guidelines do make very clear that one of the most important elements of a successful program is the practice's undertaking of an appropriate response when it does identify problems.
The manner in which the audit is conducted will dictate the type of response that will be required. So, perhaps, what the OIG is saying is that if a prospective audit detects that a claim was about to be submitted incorrectly, this puts the practice on notice that it might want to check similar claims that were already submitted. But the law itself doesn't provide an affirmative duty to do this. This is a very important distinction.
Also, consistent with OIG guidelines, the practice should conduct its first audit after it conducts its initial education and training. That way, the audit will highlight those areas where additional training and education are needed.
In addition, the practice should conduct periodic audits on at least a yearly basis to ensure that the compliance program is being followed. Another thing you need to know is that any audit should be based upon a random sampling of claims. This is important. One of the worst things you can do is perform a sampling of specific or difficult codes. This not only emphasizes any errors that are unearthed, it provides no certainty as to whether the practice is generally compliant.
Finally, due to the potential ramifications, anyone undertaking auditing activities as part of a compliance program should seek legal counsel from experienced health care specialists. Health care counsel working with physician practices and other providers to develop compliance programs may be in the best position to assist them in fulfilling their compliance obligations, while also minimizing the risk of the potential adverse actions.
One benefit that can be obtained by seeking legal counsel prior to conducting a compliance audit: The practice can take advantage of the attorney/client privilege. That is, if the practice's lawyer engages a consultant to perform an audit on behalf of the practice, then the report and all communications between the consultant, the lawyer, and the practice — with respect to the report — are privileged.
If the practice were to engage the consultant directly, the consultant could be subpoenaed by the government, without the knowledge of the practice. The attorney/client privilege is not necessarily going to keep the report out of the hands of the government, but at least the practice will have knowledge of the government's inquiry at a much earlier point in the investigation.
Given the health care enforcement environment and the OIG's continuing focus on voluntary compliance, it behooves every health care provider to carefully consider implementing a compliance plan. But, as important as it is to implement a compliance plan, it is more important to implement correctly — and to understand the risks and ramifications of each step of the process.