Archive for August 2019

HIPAA Compliance Program Requirements

The Office of Civil Rights requires entities to have a properly developed HIPAA Compliance Program which is focused on protecting the privacy of patients and their Protected Healthcare Information.  Some of the requirements of a HIPAA Compliance Program are;

  1. Designate the following Compliance Officers
    1. Privacy
    2. Security
    3. Complaint
    4. Compliance
  2. Conduct a Security Risk Analysis of practice or organization
  3. Have HIPAA Compliance manual which is separate from the OIG
  4. Compliance manual
  5. Have written policies and procedures
  6. Have computer security measures in place
  7. Notice of Privacy Statements
  8. Compliant procedure notice
  9. Training and education for employees and staff

Note: The above list is not inclusive of all the requirements necessary for an effective and compliant compliance program.

Do you have questions regarding your HIPAA Compliance Program?

 Call 708-922-3911

Elements Of An OIG Compliance Program

Any doctor or entity receiving reimbursement from a federally funded health care program such as Medicare, Medicaid, Tri-Care, etc. is required to have compliance program based on Seven (7) Elements as described in the Federal Sentencing Guidelines. The 7 Elements are;

  1. Assign a designated Compliance Officer.
  2. Have open lines of communication to the Compliance Officer.
  3. Have written policies and procedures specific to your practice.
  4. Conduct training and education for all employees and staff members.
  5. Perform audits (baseline) and internal monitoring to determine effectiveness
  6. Enforce standards through well publicized guidelines.
  7. Respond promptly to detected offenses and take corrective measures.

It is recommended to have baseline audits conducted by trained certified individual(s) in order to obtain a non-biased overview of patient chart documentation and compliance program requirements for your practice.

There is another element for an OIG Compliance Program which incorporates Ethics into the program. Your compliance program must include Exclusion List checks for all employees, staff members, vendors and any other individual who could be possibly paid from federal money.  These checks need to be made on newly hired employees as well as on a monthly to quarterly basis depending on the number of employees and employee turnover rate within your practice.

A requirement of the OIG Compliance Program is to have a designated OIG Compliance Manual that is continually being updated with policies and procedures. This manual is to be separate from the required HIPAA Compliance manual.  Both manuals are to be kept in the office at all times.

Medical Compliance Specialists, Ltd., has developed/created a written policy and procedure manual which can be easily customized to your specific office as OIG has stated that a off-the-shelf policy manual is not considered to meet the compliance requirements.

Need assistance with your OIG Compliance Program?  

Contact us at 708-922-3911.

Why Compliance Is Important

Compliance is required in health care and other industries. Based on information gathered, the OIG in 2018, determined that 41% of all chiropractic claims had errors or were deemed fraudulent.  It is for these reasons the OIG has targeted the chiropractic field and has made it part of their work plan each year since.  Many claims had incorrect codes or modifiers. Claims were also submitted for non-covered or medically unnecessary treatments.

The OIG has identified the lack of complete documentation and improper documentation of patient records to be a major concern.  Notes should be completed within 72 hours of the patient’s office visit or treatment.  Proper documentation, coding and billing is imperative.  These provide the doctor preventative and defensive measures.  In being preventative, they are vital in reducing the chances of being audited or investigated associated with data mining of claims. This can result in large pay-back amounts, fines and penalties. Improper or deficient documentation can lead to other possible consequences including loss of your professional license, practice, receive sanctions and exclusions. The OIG reports for every $1.00 spent on audits or investigations, they recoup $12.00.  Department of Health and Human Services (HHS) has ranked chiropractic as being 13th of the top 20 services for improper payments for Medicare Part B services during 2018.  HHS identified insufficient documentation, medically unnecessary services and improper coding as major problem areas for chiropractors.


2018 Medicare Fee-for Service Supplemental Improper Payment Data 

Top 20 Service Types with Highest Improper Payments: Part B 

Chiropractic ranked number 13 out of the top 20 types of health care services with the highest improper Part B payments in 2018.  

Insufficient Documentation: 88.3%

Medical Unnecessity: 7.7%

Improper Coding: 4.4%

Reported Projected Improper Payments: $260,878,720

Source:  2018 Medicare Fee-for Service Supplemental Improper Payment Data. Page 28

Appendix D: Projected Improper Payments and Type of Error by Type of Service for Each Claim Type 

Table D1

OIG and insurance companies are spending large amounts of money on data mining of claims looking for fraud and abuse to reduce improper payments.  As defensive measures, proper coding and billing can help to prevent audits and investigations. If audited, investigated, sued for malpractice or involved in other legal matters, proper documentation could provide you a strong defense.  We have worked with doctors who were being audited but due to the lack of proper documentation the doctors did not have a foundation to form a solid defense to fight the charges. During other audit rebuttals we assisted doctors in significantly reducing repayment requests  correlated with appropriate documentation in their S.O.A.P. notes. 

A proper compliance program is not only extremely beneficial in protecting you and your practice if audited or investigated if violations are discovered, the OIG, federal prosecutors, other governmental agencies and courts take into consideration if a good faith effort is being made to be compliant.  Violations would be considered abuse rather than fraud.  Fraud convictions have serious ramifications including fines, penalties, repayments and even prison. Your compliance program must be in place BEFORE being audited or investigated.   

A proper compliance program must be designed to meet the specific needs of each individual clinic site based on OIG, HIPAA and other federal governmental guidelines such as Federal Sentencing Guidelines.  Three areas must be specifically addressed in a compliance program:

  • DEVELOPMENT of a compliance program
  • IMPLEMENTATION of the program
  • MONITORING of your program’s effectiveness

Many physicians and chiropractors feel they spent their time in school studying to treat patients rather than being tethered to a desk dealing with so many compliance matters.  Although a proper compliance program may take effort to initially develop, in the long run patient care, coding, billing and documentation can improve your collections and your peace of mind.

You stand to lose a great deal if audited or investigated and violations are discovered.  Respect and possible FREEDOM could be lost if incarcerated.

Schedule your Compliance Program Review before you are audited or investigated

Call us at (708) 922-3911

What The FBI And Federal Prosecutors Say About Compliance

In July of 2019, Jim was one of 50 compliance officers out of over 500 officers from around the country to be select to attend a two day Compliance Symposium sponsored by the FBI and the Society of Corporate Compliance and Ethics.  The symposium was held at the FBI headquarters in Washington D.C. and FBI academy in Quantico, Virginia covering different aspects of corporate compliance. The Compliance officers were from various businesses and institutions such as AAA Motor Club, Best Buy Stores, American Red Cross, banks, and medical fields.

The FBI views compliance as being so essential and important to an organization  that they have their own internal compliance unit as well as the investigative compliance unit for outside entities.  This was the 7th year for the symposium as the FBI is attempting to build relationships with private sector entities regarding the importance of corporate compliance.

During one session at the symposium, a former FBI agent from the Compliance Unit and a federal prosecutor were presenting when they were asked which of the 7 Elements of a (OIG) Compliance Program was the most important.  The prosecutor stated all 7 elements were important and none of them should be overlooked.  He went on to say when an entity is being audited or investigated the only thing which can help the entity is if a good faith effort is being made to have an effective compliance program.  The compliance program is the only mitigating factor which can be taken into consideration to determine if any discovered violations are to be considered fraud or abuse under the Federal Sentencing Guidelines.

The prosecutor also commented on the importance of having a baseline audit conducted by a non-biased entity who is trained and knowledgeable in compliance matters in order to determining where an organization’s compliance program stands regarding problem areas or issues.  Internal monitoring is fine but without the appropriate baseline audit an organization is not truly able to build an effective compliance program. 

The prosecutor’s comments re-enforce the importance and need for having proper compliance programs for your practice or business.