Healthcare Compliance For Medical Practice Managers

Compliance regulations in the health care industry were created by federal and state governments to protect consumers and government health programs from fraud, abuse and waste of services. Failure to act in accordance with these regulations can result in civil and criminal responsibility of the medical practice as well as the individual acting in non-compliance.

The Health and Human Services Office of the Inspector General (OIG) is the largest inspector general’s office in the Federal Government with over 1700 employees dedicated to preventing healthcare fraud, waste, and abuse against the Social Security Administration’s (SSA) programs. Medicare and Medicaid are two examples of such programs. The OIG conducts comprehensive audits and investigations continuously as a preventive measure against crimes of fraud and abuse.

Information on OIG Work Plans, as well as audit reports, can be accessed by the public at http://oig/ The evidence posted to this website names the abusers and the crimes committed, as well as punishment and fines. It is serious business and not to be taken lightly. Physician Practice Managers should follow the OIG website for compliance assistance on a regular basis. Governmental regulations are posted to help a medical practice. Should an investigation take place, the physician as well as all staff, managers and outside vendors will be questioned for their part in the crime.

There are specific risk areas for medical practice managers that should be monitored regularly to prevent errors or fraudulent behavior:
• Coding and billing
• Reasonable and necessary services
• Documentation
• Improper incentives, kickbacks and self-referrals

The OIG offers several formats for executing compliance plans. The plan can be accessed at and offers compliance programs for individual physicians as well as large groups.

Healthcare Compliance For Medical Practice Managers

It is imperative to learn the requirements of an OIG Compliance Program. Key points of the program include:
• Leading internal monitoring and auditing of billing and coding procedures as well as the practice’s compliance with federal and state coding and billing regulations
• Implementing compliance and practice standards
• Designating a compliance officer or contact(s) to monitor compliance
• Responding quickly and appropriately to identified violations
• Developing open lines of communication
• Enforcing disciplinary standards through well publicized guidelines

The OIG guidelines are still voluntary for individual providers and small groups. In 2010, however, the Affordable Care Act made compliancy plans mandatory with a pending implementation date.

A well designed compliance program will optimize proper payment of claims as well as faster turnaround of money. Patient privacy will also be protected.

No one wants to be audited by the Centers of Medicare and Medicaid or the OIG, so utilizing a compliance program reduces the chances of experiencing a not-so-pleasant investigation.

By being aware of rule breakers such as self-referrals and anti-kickback statutes, the Physician Practice Manager (PPM) is allowing the medical practice to operate as an ethical business. If anti-kickback rules are not adhered to, penalties will be enforced and may include a fine of up to $25,000, imprisonment of up to five years, and exclusion from participating in federal health care programs for up to one year. Civil Monetary Penalties are $50,000 per violation. Plain and simple – this is serious business and these types of crimes are considered felonies.
Awareness of office performance is critical and guidance is readily available via the Web through the OIG. A practice manager or physician can customize a compliance plan best suited for their practice’s needs with a little research.

The first step in developing a plan would be to audit every function of the office and form a baseline to work from. Benchmarking is essential in tracking your improvements and tweaking your weak areas. Maintain all paperwork in the event of an audit. No longer does the industry use the phrase “if you get audited”; they say “when you get audited”. Be prepared.

Follow the guidelines of HIPAA and Privacy Rules which protect an individual’s protected health information (PHI). PHI is permitted in specific circumstances and in some instances can only be given out if approved by the patient or by a patient representative in writing. During an investigative action by Health and Human Services, PHI is made available without patient permission.

Occupational Safety and Health Administration (OSHA) also falls under compliance regulations. Important concerns in a medical practice are blood borne pathogens, radiation, chemicals, and biohazardous waste. Employers must provide a place that is free from recognized hazards which could result in physical harm or death. There are guidelines online to assist an employer with complying with health standards as well.

There are many medical billing and coding issues that can trigger an audit and the fault can point to the practitioner or the biller/coder. Do not think bad behavior goes unnoticed. Red flags are linked to problems concerning a negligent medical practice and it is just a matter of time before an investigation takes place.

Audit Triggers:
• Using one level of E/M services consistently
• Using higher levels of E/M service that are not justified
• Ordering excessive tests
• Unbundling of procedures
• Waiving co-payments, co-insurance, and deductibles without financial hardship
• Changing codes to get paid or to appease an irate patient
• Coding based on reimbursement and not medical necessity
• A provider’s specialty profile (utilization pattern – bell curve) that does not meet industry standards

Documentation Principles:
• Documentation should be complete and legible
• Each patient encounter should include (1) reason for visit (2) relevant history, physical examination findings (3) prior diagnostic test results (4) assessment (5) clinical impression or diagnosis (6) medical plan of care
• Date and legible identity of the observer

With technology taking over paper, safeguards must be in place to protect electronic protected health information. A few precautions would be to control access to information based on a person’s role in the office. No computer screen should remain open with personal information available for anyone to view. An automatic logoff should be put in place if the computer has been unattended for a short period of time. Logins and passwords should be used to authenticate admittance into the medical records as well. Lastly, transmission security should be at a high level and monitored regularly. By establishing appropriate safeguards, health care providers will avoid civil and criminal penalties that are associated with compromising a patient’s privacy rights.

The OIG releases a work plan every year outlining potential problem areas with claim submissions and focuses on specific areas to examine. You can review the work plan by visiting

Health Care Compliance is a very serious matter. By initiating steps to maintain compliancy, you can be assured that a medical practice managers efforts will be rewarded.

More Related Healthcare Compliance for Medical Practice Managers

Leave a Comment