PHYSICIAN PRACTICE COMPLIANCE PROGRAMS October 9, 2013 8:45 – 10:15 a.m. Marcia Brauchler, MPH CPC, CPC-H, CPC-I, CPHQ Daryl Smith, FACMPE All Rights Reserved.

What brought us here? Marcia Brauchler MPH, CPC-I, CPHQ President, Physicians’ Ally, Inc. The payer contract Physician Practice must maintain compliance HIPAA Training Assistance Hundreds of practices are struggling with this still

Nobody wants to say it . . .

Daryl Smith, FACMPE What brought us here? Surgical Division Administrator, Central Utah Clinic Staff Training Experience!

To Set the Stage… Informal survey provided to small practices in the Denver area:

Does your practice have a Compliance Officer?

Does your Compliance Officer have a position description ?

My practice has written policies and procedures.

Everyone in the practice knows where the written compliance policies and procedures are located.

To the best of my knowledge, “compliance” was last addressed in my practice in this year:

$1,215 37.5% of respondents said “0” or “no budget.” For my practice, “compliance” efforts should be allotted an annual budget of: 37.5% of respondents said “0” or “no budget.” For the practices that gave a dollar amount, the annual average was: $1,215

Disclaimer: This is not legal advice and represents only recommendations and observations in general compliance issues. We recommend you use this information to better examine your practices and to open a dialogue with your legal counsel.

Objectives: 1: Describe the importance of a compliance program 2: Explain the basics of creating and maintaining a compliance program 3: Review specific elements of a physician practice compliance plan

Objective: Describe the importance of a compliance program

What is Compliance? Practical definition: We should all follow the rules & regulations But how? 15

What is Compliance? … to conform, submit or adapt (as to a regulation) Compliance happens in every organization, as employers strive to comply with employment and labor law guidelines for safe workplaces and a responsible organization, including: … to conform, submit or adapt (as to a regulation)

What is Health Care Compliance? Health care industry has to comply with the federal government’s expectations for participating in and receiving payment from its Medicaid and Medicare health insurance programs

About the Office of Inspector General (OIG) Daniel R. Levinson As mandated by Inspector General Act (Public Law 95-452), the mission of the OIG is to protect the integrity of Department of Health and Human Services (HHS) programs and the health and welfare of program beneficiaries OIG also plans, conducts and participates in a variety of interagency cooperative projects and undertakings relating to fraud and abuse with the Department of Justice (DOJ), the Centers for Medicare & Medicaid Services (CMS) and other governmental agencies 18

Why YOU should care about Compliance? Tangible benefits Abide by applicable laws and regulations Reduce exposure to civil damages, criminal sanctions, and administrative remedies, such as program exclusion Demonstrate commitment to good corporate conduct May reduce or mitigate risks to your practice

Why care about Compliance? Tangible benefits of complying Identify & prevent criminal and unethical conduct Procedures for prompt, thorough investigations of alleged misconduct Initiate immediate and appropriate corrective action 20

Why care about Compliance? Tangible benefits of complying Centralized source of information on health care regulations Methodology encouraging employees to report problems Improve quality of patient care 21

Why care about Compliance? Intangible benefits of complying Good investment in your practice Peace of mind that rules are being followed 22

Why care about Compliance? Intangible benefits of complying Decrease the risk of whistleblowers Clear and consistent message to employees An improved practice culture! 23

A Basic Compliance Program Good business for any workplace Should include prevention and detection of criminal conduct and Enforcement of the rules 24

This all started with… HIPAA of 1996* Doubled Office of Inspector (OIG) auditors and investigators Expanded Federal Bureau of Investigation’s (FBI) ability to investigate health care fraud Created Medicare Integrity Program (MIP) Federal government may enter into contracts with private entities to review and audit activities where Medicare provides coverage Established reward program to encourage Medicare beneficiaries to report questionable behavior * HIPAA = Health Insurance Portability and Accountability Act

OIG Model Compliance Plan(s) “Voluntary” Guidance(s) for creating a Compliance Programs for: Individual and small group physician practices p Third party medical billing companies Hospitals Nursing homes Etc. http://oig.hhs.gov/compliance/compliance-guidance/index.asp

I am aware of the OIG Individual and Small Group Voluntary Compliance Plan from 2000.

“Mandatory” Compliance Programs Coming “Soon”… 2 PPACA provisions mandate compliance programs for Medicare and Medicaid providers § 6401 applies to ALL Medicare and Medicaid providers § 6402 applies to Medicare skilled nursing facilities & Medicaid nursing facilities ONLY Patient Protection and Affordable Care Act (PPACA) 28

I am aware that the Patient Protection and Affordable Care Act will require all Medicare and Medicaid providers to have mandatory compliance plans in the future.

CMS Comment to Providers: Implementing a Compliance program is “not just a paper exercise” Must be able to demonstrate that they have a “systemic process for proactively and promptly fixing noncompliance issues” Must be effective

Objective: Explain the basics of creating and maintaining a compliance program

Start with a Snapshot OIG suggests at inception of a Compliance Program, a review “snapshot” of operations be done to judge later progress in reducing or eliminating potential areas of vulnerability

Baseline Audit “How To” OIG Work Plan issues Any previous audit findings Existing policies Are they appropriate? Followed? Missing? Analysis of current education & training Attestation & attendance forms? Government regulations Updates? Professional association insights into current issues/trends Professional liability carrier newsletter of potential risk areas Interview staff Write-up & let them review Minutes of Board or Compliance Committee

Does your practice have a Code of Conduct?

What a Code of Conduct Does Creates communication channels Sets up ethical guidelines for how you go about your day-to-day activities Helps to create an enjoyable work environment

HANDOUT: SAMPLE CODE OF CONDUCT

The 7 Elements The OIG believes any Compliance Plan has 7 basic elements… Written Policies and Procedures Designating a compliance officer or contact Conduct appropriate training and education Effective lines of communication Internal Monitoring Enforcement of Standards Prompt Response And an informal 8th… 8. Ensure it is effective – Periodically reassess

Compliance Plan - Element #1 Written Policies & Procedures Up-to-date User friendly Reflect what is actually going on in the practice! Employee Handbook

Compliance Plan - Element #2 Designate a compliance officer or contact Give them reporting authority to go ‘to the top’ when necessary

Compliance Plan - Element #3 Conduct appropriate training and education Make training part of the job Test employee knowledge Ensure compliance officer job education and training too!

Compliance Plan - Element #4 Effective lines of communication Solicit feedback Maintain visibility with staff members

Compliance Plan - Element #5 Internal Monitoring Create an audit plan to audit: Coding Contracts Care

Compliance Plan - Element #6 Enforcement of Standards Enforce disciplinary standards through well-publicized guidelines (i.e. your Sanctions Policy!) Act promptly when issue arise Take corrective action Document it all!

Compliance Plan - Element #7 Respond promptly to identified risks or compliance issues Conduct an investigation Create a Corrective Action Plan Train staff (if necessary) Tell the government (if determined necessary) Modify your program (if necessary)

Make it “effective” (#8) Once the Plan is established, develop a process to evaluate it and measure its effectiveness

Evaluating Effectiveness Ideas Possible Metrics of an effective Compliance Program: Staff knowledge Pre & post tests Quizzes Skits/role play Educational sessions # hrs. logged on compliance # policies & procedures reviewed # charts audited

Evaluating Effectiveness Ideas Possible Metrics of an effective Compliance Program: % of denials in claims # mtgs with compliance on agenda (Staff, RN, BoD, Compliance Cmte, finance, billing) # of CPCs on staff/MDs # of CHCs on staff/MDs # of networking contacts for compliance related questions/issues in contacts database

Objective: Review specific elements of a physician practice compliance plan

“I didn’t know” Is no longer an excuse . . .

OIG – Billing risk areas for small practice (and 3rd party billing) Examples of necessary general coding & billing policies: Unbundling Upcoding the level of service provided Inappropriate balance billing Etc.

OIG – 2013 Work Plan Issues: Noncompliance with assignment rules . . . Incident To services by non-physicians Place of Service coding errors Modifiers during global surgery period, etc. https://oig.hhs.gov/reports-and-publications/archives/workplan/2013/Work-Plan-2013.pdf

COMPLIANCE HEAT MAP RISK ASSESSMENT Stark Anti-Kickback HIPAA ADA FCA 5 Stark Anti-Kickback HIPAA ADA 4 FCA Medical Records RISK 3 DEA OSHA HR Overpayment 2 Anti-Trust 1 1 2 3 4 5 PROBABILITY

A NOTE ABOUT SLIDE FORMAT 1st Bullet = What is the regulation? 2nd Bullet = Why should your practice care? 3rd Bullet = Where do you get help to comply?

HIPAA What? HIPAA is the Federal Standards for Privacy of Individually Identifiable Health Information and/or the Security Standards for the Protection of Electronic Protected Health Information (45 Code of Federal Regulations [CFR] Parts 160 162 and 164. Why? Enforcement is increased due to ARRA. Maximum fine increased to $1.5 million per incident. Where? www.hhs.gov/ocr/privacy/HIPAA/understanding/coveredentities/index.html

Medical Records - Documentation What? The way to defend yourself Why? Proving compliance with laws Where? http://www.ncqa.org/tabid/125/Default.aspx

Correct Coding What? Why? Where? Medicare National Correct Coding Initiative (NCCI) edits apply now under ACA [Section 1902(a)(42)(B)(i) to Medicaid agencies Why? Recovery Audit Contractor (RAC) Program Allows government to contract with 3rd parties to audit billing and coding practices October 1, 2014—Transition from ICD-9 codes (13,000) to ICD-10 codes (65,000) Where? http://static.aapc.com/0691bfc6-725a-408e-beb5-a8a398d6c5b9/83e77b77-d67b-4429-8233-288d0a6b4c61/a353c6f1-3d02-41b8-a0e4-8f1449625837.pdf

False Claims Act www.OIG.hhs.gov What? Prohibits the submission of false or fraudulent claims to the federal government 31 U.S.C. §§ 3729 - 3733 Why? Federal government’s #1 tool for fighting fraud and abuse. The OIG has returned over $30 billion to the federal government. Expected recoveries from 2012 alone = $6.9 billion Penalty is $5k-$10k & 3x damages to the federal program Where? www.OIG.hhs.gov

Overpayment Refunds What? Section 6402(a) of PPACA Requires providers to report and return an overpayment to the appropriate Medicaid state agency or Medicare contractor within 60 days of identification Why? False Claims Act liability Where? http://www.gpo.gov/fdsys/pkg/FR-2012-02-16/pdf/2012-3642.pdf (Proposed Rule)

HR: Non-Discrimination What? Civil Rights Act of 1964 (Title VII) U.S. Equal Employment Opportunity Commission (EEOC) promotes equal opportunity in employment Required to investigate all employment discrimination charges Why? EEOC may file claims in federal court Substantial civil damages Loss of reputation Where? www.eeoc.gov

HR: Sexual Harassment What? Why? Where? Sexual harassment is a form of sex discrimination that violates Title VII of the Civil Rights Act of 1964 Why? Penalties (via litigation) Lost wages Compensatory damages Punitive damages Where? Title VII of the Civil Rights Act of 1964 : http://www.eeoc.gov/laws/statutes/titlevii.cfm Guidelines: http://www.gpo.gov/fdsys/pkg/CFR-2011-title29-vol4/xml/CFR-2011-title29-vol4-part1604.xml

HR: Family Medical Leave Act (FMLA) What? Family Medical Leave Act of 1993 Applies to employers with 50 or more employees Provides entitlement of up to 12 weeks of job-protected leave during any 12-month period for birth of a child, care of an immediate family member, employee’s own serious health condition, or an immediate family member is on active military duty. Why? Enforced by the Department of Labor, Wage and Hour Division Court actions to compel compliance Civil actions filed by employees Where? FMLA: http://www.dol.gov/whd/regs/statutes/fmla.htm DOL Poster: http://www.dol.gov/whd/regs/compliance/posters/fmlaen.pdf

HR: Fair Labor Standards Act (FLSA) What? Fair Labor Standards Act of 1938, as amended 29 U.S.C. 201 Basic minimum wage and overtime pay Why? Enforced by Department of Labor, Wage and Hour Division Civil suits for back wages, liquidated damages, and expenses Civil money penalties (up to $100,000 each violation for some child labor violations) Criminal penalties including fines and imprisonment Protection of employees filing complaints Where? http://www.dol.gov/whd/ http://www.dol.gov/whd/regs/compliance/posters/flsa.html

HR: Americans with Disabilities Act (ADA) What? ADA Employment (Title I) [42 U.S.C. § 12111 - 12117] Employers with 15 or more employees must provide qualified individuals with disabilities an equal opportunity to the full range of employment-related opportunities available to others. Prohibits discrimination in recruitment, hiring, promotions, training, pay, social activities and other employment privileges. Why? Enforcement through Department of Justice Where? Current text of ADA Law - http://www.ada.gov/pubs/ada.htm Guide to Disability Rights Laws - http://www.ada.gov/cguide.htm ADA Q&A - http://www.ada.gov/q%26aeng02.htm

OSHA Medical Practice What? Occupational Safety and Health Act of 1970 Safe and healthful workplace Primary OSHA standards affecting physician practices: Bloodborne Pathogens Hazardous Chemicals Exit routes Electrical Reporting occupational injuries and illness (state-law) OSHA Poster Ionizing Radiation (only if you have it) Why? Enforced by OSHA Penalties of up to $63,000 per instance for willful violations Where? https://www.osha.gov/law-regs.html www.OSHA.gov/publications/poster.html

Anti-Kickback Statute What? Anti-Kickback Statute [42 U.S.C. § 1320a-7b(b)] Prohibits knowing & willful payment of remuneration to induce or reward patient referrals Don’t confuse with STARK rules Why? Enforced by the Office of the Inspector General (OIG) Civil penalties: <$50,000 per and administrative sanctions (i.e. exclusion) Criminal penalties—fines up to $25K each occurrence/prison sentence up to 5 years Where? http://bphc.hrsa.gov/policiesregulations/policies/pal199510.html http://oig.hhs.gov/fraud/safeharborregulations.asp

STARK What? Physician Self-Referral Law [42 U.S.C. § 1395nn] Prohibits physicians from referring patients to a health facility in which the physician has a financial interest OIG 3 Questions Why? Enforced by OIG. Penalties include: Refunds, FCA liability, program exclusion CMP up to $15K per service; $100K per arrangement Civil assessments up to 3x the claim Where? http://www.cms/gov/physicianselfreferral.com

Self-Disclosure Protocol NEW! What? Section 6409(a) of PPACA Why? A tool for your Compliance Program Where? https://oig.hhs.gov/compliance/Self-Disclosure-Info/files/Provider-Self-Disclosure-Protocol.pdf

Americans with Disabilities Act (ADA) What? ADA Employment (Title I) [42 U.S.C. § 12186(b)] Public accommodations (Title III) Prohibits discrimination, exclusion, segregation and unequal treatment Architectural standards Reasonable modifications to policies, practices, and procedures Example: Service animals Effective communication with people with hearing, vision, or speech disabilities Example: Interpreters for hearing impaired Why? Enforcement through Department of Justice Where? http://www.ada.gov/regs2010/titleIII_2010/titleIII_2010_withbold.htm

DEA What? Title 21 CFR, Part 1300-1399 Drug Enforcement Administration (DEA) Provider must apply for DEA certificate to handle controlled substances Why? DEA Audits. Loss of DEA Certificate prevents prescribing appropriate medications. Where? http://www.deadiversion.usdoj.gov/pubs/manuals/pract/index.html

FDA What? Approved drugs are found in the Food & Drug Administration (FDA) Orange Book Off-Label use Physician must be well informed Use “firm scientific rationale” and “medical evidence” Maintain records of use and effects Order only FDA-approved drugs Why? Can lead to a violation of the FCA, and a RAC audit. Where? http://www.fda.gov/RegulatoryInformation/Guidances/ucm126486.htm#

Electronic Claims What? Administrative Simplification Compliance Act (ASCA) requires electronic filing of Medicare claims As of January 2014, all Medicare claims must be filed electronically Each provider must complete an Electronic Data Interchange (EDI) enrollment form Why? Medicare will only pay on claims submitted electronically on claims after 1/1/2014. Where? http://www.cms.gov/Medicare/Billing/ElectronicBillingEDITrans/SystemAccess.html

Use of Non-Physician Providers What? Medicare billing options: NPPs own provider # NPP can use physician provider # in certain circumstances (“incident to”) Inpatient = Shared visit Why? False Claims Act liability. Higher reimbursement rate. In 2012 and 2013 OIG Work Plans. Where? www.cms.gov/manuals/Downloads/bp102c15.pdf

Medicare Incentive Programs What? Programs such as Meaningful Use, PQRS, eRx, ACOs, and others that offer additional bonus payments and/or penalties for meeting specific criteria. Must be able to document that criteria are actually met. Why? Receive incentives Avoid penalties Avoid implication of False Claims or Fraud/Abuse Where? Meaningful Use - http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/index.html?redirect=/ehrincentiveprograms/ PQRS and others - http://www.mgma.com/federal-quality-reporting/

Patient Check-In What? Why? Where? Collecting Co-pays and Deductibles; Advance Beneficiary Notice (ABN) Financial Hardships; Professional Courtesies Why? False Claims Act & Anti-Kickback Statute. Penalties include jail time. Where? Not collecting co-pays, deductibles on a regular basis could constitute fraud. http://www.assetlawyer.com/legal-blog/2009/10/28/asset-protection-for-doctors-not-collecting-copayments-could-mean-lawsuits/ Professional Courtesy: http://www.ama-assn.org/ama/pub/physician-resources/legal-topics/regulatory-compliance-topics/health-care-fraud-abuse/professional-courtesy-in-context-health-care.page# Advanced Beneficiary Notice: http://www.cms.gov/Medicare/Medicare-General-Information/BNI/Downloads/RevABNManualInstructions.pdf

Antitrust Laws What? Why? Where? Sherman Act (1890) outlaws or restricts business practices that are monopolistic or restrain interstate commerce Clayton Act (1914) prohibits pricing discrimination among customers and prohibits business combinations the effect of which “substantially lessens competition” Why? Enforced Federal Trade Commission (FTC) and Department of Justice (DOJ) Injunction, civil penalties, or consumer redress Where? http://www.ftc.gov/bc/antitrust/

Sunshine Act What? Why? Where? NEW! Physician Payment Sunshine Act Final Rule - ACA Section 1128G Anything over $10 or $100/yr per manufacturer or Group Purchasing Organization (GPO) must be reported by them. Why? Possible reputation and whistleblower risk to physicians and practices No legal ramifications for providers yet Where? https://www.ama-assn.org/ama/pub/advocacy/topics/sunshine-act-and-physician-financial-transparency-reports.page

Dismissing a Patient What? Why? Where? State law and risk management area. Legal and ethical compliance issues. Why? You must be careful when terminating patient relationships so that you do not discriminate or terminate in such a way as to violate your legal and ethical obligations to the patient. Where? http://www.ama-assn.org/ama/pub/physician-resources/legal-topics/patient-physician-relationship-topics/ending-patient-physician-relationship.page Check with state medical board to ensure compliance with state-specific rules Malpractice carrier.

Informed Consents What? Basic principle of law and ethics Center for Medicare & Medicaid Services (CMS) Conditions of Participation Why? Discussion and disclosure (Malpractice risk) Where? http://www.ama-assn.org//ama/pub/physician-resources/legal-topics/patient-physician-relationship-topics/informed-consent.page State law Malpractice carrier

Medicare Provider Exclusion Law What? Sections 1128 & 1156 of the Social Security Act Office of Inspector General (OIG) maintains a list that identifies individuals found guilty of fraudulent billing, misrepresentation of credentials, etc. Why? Office of the Inspector General - can’t bill Medicare or Medicaid Private insurers are running the lists of providers as well Practice policy should be to not employ or contract with individuals on the list Where? www.oig.hhs.gov http://exclusions.oig.hhs.gov/ for List of Excluded Individuals/Entities (LEIE)

In-Office Labs What? Why? Where? Clinical Laboratory Improvements Amendments (CLIA) 42 CFR Part 493 Certification required to receive federal funds for services Why? False Claims Act implication. (enforced by the OIG) Criminal penalties and Civil Monetary Penalties. Program exclusion. Where? http://wwwn.cdc.gov/clia/Regulatory/default.aspx http://www.cms.gov/Regulations-and-Guidance/Legislation/CLIA/index.html?redirect=/CLIA/01_Overview.asp

On-Call/Emergency Treatment What? Emergency Medical Treatment and Labor Act (EMTALA) 42 USC Sec. 1395dd Impacts hospitals w/ ED (mostly) and on-call physicians On-call lists must be current and signed Physician must arrive within a reasonable amount of time (30-60 min) Why? Average of 400 investigations/year CMP up to $50k per penalty Termination from CMS (exclusion) Where? http://www.cms.gov/Regulations-and-Guidance/Guidance/Manuals/Downloads/som107ap_v_emerg.pdf

Collections for Bad Debt What? Fair and Accurate Credit Transactions Act (FACTA) Fair Debt Collection Act (FDCR) Collections of bad debt pose unique problems for health care providers and entities Why? Enforced by the Federal Trade Commission (FTC) Where? http://www.consumer.ftc.gov/articles/pdf-0097-fair-debt-collection-practices-act.pdf

Objectives: 1: Describe the importance of a Compliance program 2: Explain the basics of creating and maintaining a compliance program 3: Review specific elements of a physician practice compliance plan

Questions? Daryl Smith Marcia Brauchler Central Utah Clinic daryls@centralutahclinic.com 801-429-8123 Marcia Brauchler Physicians’ Ally, Inc. mbrauchler@physicians-ally.com 303-586-9390