Skip to content

Posts by Diane M. Barton, DC, MCS-P, CIC & James Minx MCSP, CIC

What The FBI and Federal Prosecutors Say About Compliance

In July of 2019, Jim was one of 50 compliance officers chosen from over 500 applicants from around the nation to be selected to participated in a two day Compliance Symposium sponsored by the FBI and the Society of Corporate Compliance and Ethics.  The symposium was held at the FBI Headquarters in Washington D.C. and the FBI academy in Quantico, Virginia covering different aspects of corporate compliance. The Compliance officers represented various businesses, institutions and organizations including AAA Motor Club, Best Buy Stores, American Red Cross, banks, and medical fields.

The FBI views compliance as being so essential and important to an organization that they have their own internal compliance unit as well as the investigative compliance unit for outside entities.  This was the 7th year for the symposium as the FBI is building relationships with private sector entities regarding the importance of corporate compliance.

During one symposium session, a former FBI agent from the Compliance Unit and a federal prosecutor were asked which of the 7 Elements of a (OIG) Compliance Program was the most important.  The prosecutor stated all 7 elements were important and none of them should be overlooked.  He went on to say when an entity is being audited or investigated the only thing which can help the entity is if a good faith effort is being made to have an effective compliance program. The compliance program is the only mitigating factor which can be taken into consideration to determine if any discovered violations are to be considered fraud or abuse under the Federal Sentencing Guidelines.

The prosecutor also commented on the importance of having a baseline audit conducted by a non-biased entity who is trained and knowledgeable in compliance matters to determine where an organization’s compliance program stands regarding problem areas or issues.  Internal monitoring is fine but without the appropriate baseline audit an organization is not truly able to build an effective compliance program.

The prosecutor’s comments re-enforce the importance and need for having proper compliance programs for your practice or organization.

Why Compliance Is Important

Compliance is required in health care and other industries. Based on information gathered, the OIG in 2018, determined that 41% of all chiropractic claims had errors or were deemed fraudulent.  It is for these reasons the OIG has targeted the chiropractic field and has made it part of their work plan each year since.  Many claims had incorrect codes or modifiers. Claims were also submitted for non-covered or medically unnecessary treatments.

The OIG has identified the lack of complete documentation and improper documentation of patient records to be a major concern.  Notes should be completed within 72 hours of the patient’s office visit or treatment.  Proper documentation, coding and billing is imperative.  These provide the doctor preventative and defensive measures.  In being preventative, they are vital in reducing the chances of being audited or investigated associated with data mining of claims. This can result in large pay-back amounts, fines and penalties. Improper or deficient documentation can lead to other possible consequences including loss of your professional license, practice, receive sanctions and exclusions. The OIG reports for every $1.00 spent on audits or investigations, they recoup $12.00.  Department of Health and Human Services (HHS) has ranked chiropractic as being 13th of the top 20 services for improper payments for Medicare Part B services during 2018.  HHS identified insufficient documentation, medically unnecessary services and improper coding as major problem areas for chiropractors.


2018 Medicare Fee-for Service Supplemental Improper Payment Data 

Top 20 Service Types with Highest Improper Payments: Part B 

Chiropractic ranked number 13 out of the top 20 types of health care services with the highest improper Part B payments in 2018.  

Insufficient Documentation: 88.3%

Medical Unnecessity: 7.7%

Improper Coding: 4.4%

Reported Projected Improper Payments: $260,878,720

Source:  2018 Medicare Fee-for Service Supplemental Improper Payment Data. Page 28

Appendix D: Projected Improper Payments and Type of Error by Type of Service for Each Claim Type 

Table D1

OIG and insurance companies are spending large amounts of money on data mining of claims looking for fraud and abuse to reduce improper payments.  As defensive measures, proper coding and billing can help to prevent audits and investigations. If audited, investigated, sued for malpractice or involved in other legal matters, proper documentation could provide you a strong defense.  We have worked with doctors who were being audited but due to the lack of proper documentation the doctors did not have a foundation to form a solid defense to fight the charges. During other audit rebuttals we assisted doctors in significantly reducing repayment requests  correlated with appropriate documentation in their S.O.A.P. notes. 

A proper compliance program is not only extremely beneficial in protecting you and your practice if audited or investigated if violations are discovered, the OIG, federal prosecutors, other governmental agencies and courts take into consideration if a good faith effort is being made to be compliant.  Violations would be considered abuse rather than fraud.  Fraud convictions have serious ramifications including fines, penalties, repayments and even prison. Your compliance program must be in place BEFORE being audited or investigated.   

A proper compliance program must be designed to meet the specific needs of each individual clinic site based on OIG, HIPAA and other federal governmental guidelines such as Federal Sentencing Guidelines.  Three areas must be specifically addressed in a compliance program:

  • DEVELOPMENT of a compliance program
  • IMPLEMENTATION of the program
  • MONITORING of your program’s effectiveness

Many physicians and chiropractors feel they spent their time in school studying to treat patients rather than being tethered to a desk dealing with so many compliance matters.  Although a proper compliance program may take effort to initially develop, in the long run patient care, coding, billing and documentation can improve your collections and your peace of mind.

You stand to lose a great deal if audited or investigated and violations are discovered.  Respect and possible FREEDOM could be lost if incarcerated.

Schedule your Compliance Program Review before you are audited or investigated

Call us at (708) 922-3911

Elements Of An OIG Compliance Program

Any doctor or entity receiving reimbursement from a federally funded health care program such as Medicare, Medicaid, Tri-Care, etc. is required to have compliance program based on Seven (7) Elements as described in the Federal Sentencing Guidelines. The 7 Elements are;

  1. Assign a designated Compliance Officer.
  2. Have open lines of communication to the Compliance Officer.
  3. Have written policies and procedures specific to your practice.
  4. Conduct training and education for all employees and staff members.
  5. Perform audits (baseline) and internal monitoring to determine effectiveness
  6. Enforce standards through well publicized guidelines.
  7. Respond promptly to detected offenses and take corrective measures.

It is recommended to have baseline audits conducted by trained certified individual(s) in order to obtain a non-biased overview of patient chart documentation and compliance program requirements for your practice.

There is another element for an OIG Compliance Program which incorporates Ethics into the program. Your compliance program must include Exclusion List checks for all employees, staff members, vendors and any other individual who could be possibly paid from federal money.  These checks need to be made on newly hired employees as well as on a monthly to quarterly basis depending on the number of employees and employee turnover rate within your practice.

A requirement of the OIG Compliance Program is to have a designated OIG Compliance Manual that is continually being updated with policies and procedures. This manual is to be separate from the required HIPAA Compliance manual.  Both manuals are to be kept in the office at all times.

Medical Compliance Specialists, Ltd., has developed/created a written policy and procedure manual which can be easily customized to your specific office as OIG has stated that a off-the-shelf policy manual is not considered to meet the compliance requirements.

Need assistance with your OIG Compliance Program?  

Contact us at 708-922-3911.

HIPAA Compliance Program Requirements

The Office of Civil Rights requires entities to have a properly developed HIPAA Compliance Program which is focused on protecting the privacy of patients and their Protected Healthcare Information.  Some of the requirements of a HIPAA Compliance Program are;

  1. Designate the following Compliance Officers
    1. Privacy
    2. Security
    3. Complaint
    4. Compliance
  2. Conduct a Security Risk Analysis of practice or organization
  3. Have HIPAA Compliance manual which is separate from the OIG
  4. Compliance manual
  5. Have written policies and procedures
  6. Have computer security measures in place
  7. Notice of Privacy Statements
  8. Compliant procedure notice
  9. Training and education for employees and staff

Note: The above list is not inclusive of all the requirements necessary for an effective and compliant compliance program.

Do you have questions regarding your HIPAA Compliance Program?

 Call 708-922-3911

A Chicago Chiropractor has been Indicted for Allegedly Billing $10 Million

In Chicago, a chiropractor has been indicted on federal charges, and it looks like he deserves it.

This looks like another case of incompetence mixed with audacity.

Her is a link to the original article: at

Credentialing alone doesn’t guarantee compliance expertise

To be OIG and HIPAA compliant it is more than just purchasing a manual or having a consultant come to the office to conduct a compliance or chart audit.  In this article published in ChiroEconomics, we discuss the importance of selecting a certified and knowledgeable compliance consultant. The consultant should assist you in making your practice compliant by determining areas of concern then provide you ways to properly correct those areas. 

Originally published on December 14, 2017 in the Chiropractic Economics Magazine here:

When one of the authors of this article had the opportunity to attend a seminar on street gangs sponsored by a university in Illinois, the instructor for the class was touted as being an expert on various gangs across the nation.

While attending the morning session, however, he was disappointed and, rather than returning for the afternoon portion, he returned to the training academy to get some work done.

On returning to the police academy, he was questioned by his supervisors why he had left the gang seminar. He explained that the instructor didn’t have a clue about street gangs so he decided to make better use of his time. He already had a working knowledge of the Chicago area street gangs and mentioned that he had never seen palm trees in downtown Chicago.

The supervisors asked what palm trees had anything to do with street gangs. He advised them that during the class, this so-called “gang expert” displayed a picture of gang members with palm trees in the background, and said the photo was taken in downtown Chicago.

His opinion was affirmed several days later when his supervisors were notified by the university that all the attendee registration fees were being refunded as the “gang expert” was a fraud, not an expert.

Experience matters

So, you may be wondering what a phony street gang expert has to do with compliance. Our advice is to beware of false prophets and those claiming to be compliance experts. Just like the person posing as an expert on gangs, there are many people claiming to be compliance experts who have little or no knowledge and expertise in the field.

You can certainly find people who are honestly knowledgeable in compliance matters. But you can also come across those with questionable credentials who are leading people astray along with bilking them out of their money.

For example: At a recent chiropractic conference, a certain vendor was touting himself as being a compliance expert, selling Medicare Office of Inspector General (OIG) and HIPAA compliance manuals. Yet the person who had written the manuals had credentials we had never heard of or seen before.

After leaving the conference, we tried to determine what these claimed certifications were, but were unable to locate anything about them in the compliance realm. It turned out the credentialing was in other subject areas, not compliance.

As we delved deeper into this vendor’s training materials, it appeared there was little substance to the manuals he was selling. It would have been difficult if not impossible for someone to develop an effective compliance program based on the material.

Due diligence

Even if a person does have proper compliance credentials after their name, remain vigilant. Credentialing does not always make someone knowledgeable or a compliance expert. Look into the real-life experi- ence they have in auditing patient files as well as developing effective compliance programs for clients. Request references—don’t just take their word.

Selecting a compliance consultant to assist you in making your practice Medicare OIG and HIPAA compliant is no trivial matter. It involves more than just purchasing a manual or having a consultant come to the office to conduct a compliance or chart audit. There are things to consider such as expenses, time, effort, emotion, and self-reflection that go into building an effective compliance program.

Be certain the consultant is actually knowledgeable in compliance regulations and requirements. They should provide you with correct and up-to-date information for building compliance programs and guide you toward correcting any deficiencies. In the event serious problems are found, the consultant may enlist an attorney knowledgeable in the area of compliance issues.

Some doctors who have hired compliance “experts” later felt like they did not get their money’s worth.

Others have purchased so-called “do-it-yourself” compliance programs only to find they were designed so that the owner has to buy more add-on pieces. Frustration abounds with these types of products.

Erroneous information

In another case, the owner of a practice management business with several chiropractors stated that her clients did not need assistance with compliance because she was well- versed in the regulations. She insisted there were no Medicare guidelines regarding patient care or frequency of care, and the federal sentencing guide- lines in addition to the seven elements of a compliance program were irrelevant to chiropractors.

The wife of another chiropractor said her husband had bought a practice along with the records from a doctor several years prior. She thought her husband was 100 percent compliant, even though she admitted they did not have OIG and HIPAA compliance programs and manuals for the practice. This type of misinformation could cost the doctors and their practices dearly if they were audited or investigated.

The elements of a compliance program

One of the seven elements of a Medicare OIG compliance program is to institute auditing and internal monitoring. The OIG has stated the auditing portion must be conducted by an independent certified entity with expertise in compliance regulations.

You’re looking for a neutral and knowledgeable viewpoint to create a baseline for your compliance program. A “do-it-yourself” audit kit won’t fulfill the requirement of an independent entity despite some who say it is OK to self-audit. Contrary to common belief, an effective compliance program is more than having manuals on a shelf. In addition, the OIG requires that 10 charts be reviewed to establish a valid baseline audit.

When you make the decision to develop a compliance program, seek the assistance of consulting specialists who will discuss the following items with you:

  • Their lineage of certification and compliance philosophy.
  • The specific compliance training certifications they have.
  • The continuing education and additional training they have taken.
  • Their experience in conducting audits and developing compliance programs.

Just as you follow a chiropractic philosophy, the same goes for compliance specialists. Proper compliance programs and patient chart documentation give you the ability to rebut and defend yourself during an audit.

You will be able to sleep easier. And beware of false prophets and compliance “experts.”

What to do when the law knocks on your door about HIPAA compliance.

Facing the Men in Black

What would you do if you saw “men in black” identifying themselves as FBI agents standing in the middle of your waiting room? Panic? Freak out? Faint? Many doctors think they are “flying under the radar,” but the truth may surprise you! Check out this article published in Chiropractic Economics.

It’s a sunny day, the birds are singing, kids are playing, and your practice is doing great. Patients fill your waiting room, you’ve paid the bills, and you even have money in the bank. Life is good.

Or so you think. Then they come through the door of your practice, in dark suits, ties, and sunglasses. The words “federal agent”—OIG or FBI— are plastered across their raid jackets. And in that split second, the wonderful life you were living is now in turmoil.

What is the first thing you do when you see these “men in black” standing in the middle of your waiting room? After your initial—and understandable—panic, you might come to and realize you are lying on the floor with your patients and the government agents looking down at you.

As you eventually pick yourself up, one of the agents hands you some papers and begins to speak to you, but you can’t understand a single word because your mind is spinning in a whirlwind of fear.

So, what do you do now? Call your parents? No! You pull yourself together quickly because you are in a serious situation and need to focus. When government representatives come into your office, it is usually not a positive thing. They are not the Publishers Clearing House prize patrol bringing good tidings.

You need to determine the nature of the papers you’ve been handed. Are you dealing with a subpoena, a search warrant, or worse, an arrest warrant?

Know the terminology

It’s easy to confuse a subpoena with a search warrant. According to Black’s Law Dictionary, the definitions are as follows:

  • Subpoena: “The process by which the attendance of a witness is required is called a ‘subpoena.’ It is a writ or order directed to a person, and requiring his attendance at a particular time and place to testify as a witness. It may also require him to bring with him any books, documents, or other tilings under his control which he is bound by law to produce in evidence.”
  • Search warrant: “Is an order in writing, issued by a justice or other magistrate, in the name of the state, directed to a sheriff, constable, or other officer, commanding him to search a specified house, shop, or other premises, for personal property alleged to have been stolen, or for unlawful goods, and to bring the same, when found, before the magistrate, and usually also the body of the person occupying the premises, to be dealt with according to law.”

In layman’s terms, if you are given a subpoena, you are ordered to provide records, evidence, or your person to a court or hearing on a specific date. If seeking records, a subpoena specifies what records are being requested.

If you are given a search warrant, agents will take any and all records, files, and devices that may contain evidence related to the crime being investigated. This could include your patient and billing records, memory devices, external hard drives, and computers.

If you’re served with either a subpoena or a search warrant, comply with the request. If you interfere with a search warrant being served, you may be arrested or taken into temporary custody. In either situation, contact your attorney immediately and explain the situation, and reach out to your compliance officers as well.

Who you gonna call?

The time to look for an attorney is not while the agents are removing records and computers from your office. Have an idea of who to call in such a situation ahead of time. What if you call your attorney and the answering service tells you he or she is on a remote island in the Pacific and won’t be back for a month? What is your backup plan.

You should also notify your practice’s compliance officer. If you are the only compliance officer for your practice, how useful will you be when stressed out to the max? Have a compliance committee rather than just one person designated as the officer.

Lastly, according to federal sentencing guidelines, the only two things that a judge may take into consideration if you are found guilty of violating a healthcare law include:

  1. Did you notify the payer and return any money or payments that you received improperly?
  2. Did you have a valid, up-to-date and living ethics and Medicare compliance program in place before the law came to check on you? For a valid HIPAA compliance program, a risk analysis must be completed or the Office of Civil Rights considers your program nonexistent.

Plan now, before the suits show up, because afterward will be too late.

False Claims Act Fine Print


You can be ‘Honest Abe’ and still fall short of the ‘Lincoln Law’

Do you realize what you are attesting to when you submit a claim?  Box 31 of the 1500 claim form reads: “Signature of physician or supplier including degrees or credentials (I certify that the statements on the reverse apply to the bill and are made a part thereof.)” Have you read the reverse side of this form? Read our article published in ChiroEconomics.

THE FALSE CLAIMS ACT (FCA), ALSO CALLED THE “LINCOLN LAW,” is an American federal law that imposes liability on persons and companies who defraud governmental programs. This law dates to March 2, 1863, and was enacted by President Abraham Lincoln as the federal government’s primary litigation tool in combating fraud.

The law includes a qui tam (whistleblower) provision which allows people who are not affiliated with the government, called “relators” under the law, to file actions on behalf of the government. Persons filing under the act stand to receive a portion of any recovered damages.


As of 2012, more than 70% of all federal government FCA actions were initiated by whistleblowers under the qui tam provisions. Claims under this law have typically involved health care, mili- tary or other government spending programs, and dominating the list are recoveries from the largest pharmaceutical company settlements. The government recovered $38.9 billion under the FCA between 1987-2013 and of this amount, $27.2 billion or 70% was from qui tam cases brought by relators.

Each year these numbers continue to grow as more fraud, waste and abuse are brought to the forefront.

The FCA and health care

In essence, a false claim is any knowing claim or statement that is made for the purpose of defrauding another, or conspiring with another to do so. The False Claims Act (31 U.S. C. secs 3729- 3733), or “Lincoln Law,” is a federal statute that imposes liability on those who attempt to defraud governmental programs. So, what does that mean to you as a health care provider?

The statement in Box 31 of the 1500 claim form reads: “Signature of physician or supplier including degrees or credentials (I certify that the statements on the reverse apply to the bill and are made a part thereof.)” Have you read the reverse side of this form? Not many have.

“In submitting this claim for payment of federal funds, I certify that:

  1. the information on the form is true, accurate and complete;
  2. I have familiarized myself with all applicable laws, regulations and program instructions, which are available from the Medicare contractor;
  3. I have provided or will provide sufficient information required to allow the government to make an informed eligibility and payment decision;
  4. this claim whether submitted by me or on my behalf by my designated billing company, complies with all applicable Medicare and/or Medicaid laws, regulations, and program instructions for payment including but not limited to the Federal anti-kickback statute and Physicians Self-Referral law (commonly known as Stark law);
  5. the services on this form were medically necessary and personally furnished by me or were furnished incident to my professional service by my employee under
    my direct supervision, except as otherwise expressly permitted by Medicare or Tricare;
  6. for each service rendered incident to my professional service, the identity (legal name and NPI, license # or SSN) of the primary individual rendering each service is reported in the designated section.

For services to be considered “incident to” a physician’s professional services:

  1. they must be rendered under the physician’s direct supervision by his/her employee;
  2. they must be an integral, although incidental part of a physician service;
  3. they must be of kinds commonly furnished in physician’s offices, and;
  4. the services of non-physicians must be included on the physician’s bills.”

This is summed up with: “The False Claims Act makes it illegal to submit false or fraudulent claims for payment to Medicare or Medicaid. Claims may be false if the service is
not actually rendered to the patient, is provided but already covered under another claim, is miscoded, or is not supported by the medical record…For False Claims Act Violations, you can be fined up to three times the program’s loss, plus $11,000 per claim.”

Major insurance companies also use the same attestation. Claiming that you were not familiar “with all applicable
laws, regulations and program instructions” is not a viable excuse. Between classes offered through state organizations, chiropractic colleges, webinars and private contractors, as well as being covered in all of our trade publications, there is no excuse.

Medical necessity

Medicare contractors are required to follow CMS policy instruc- tions. In addition to the instructions found in our manuals, CMS and their contractors issue the following types of instructions:

“According to Medicare guidelines, National Coverage Determination (NCD): Medicare coverage is limited to items and services that are reasonable and necessary for the diagnosis or treatment of an illness or injury (and within the scope of a Medicare benefit category). The NCDs are developed by CMS to describe the circumstances for which Medicare will cover specific services, procedures, or technologies on a national basis. Medicare Contractors are required to follow NCDs. If
an NCD does not specifically exclude/limit an indication or circumstance, or if the item or service is not mentioned at all in an NCD or in a Medicare manual, it is up to the Medicare contractor to make the coverage decision.”

Medical necessity is viewed as a best-practice factor and encompasses established standards. It is not based on the opinion of the treating physician. It is based on acceptable protocols and how well the documentation covers patients presenting complaints, history, assessment and treatment plans.

Having a “cash practice” does not absolve the practitioner from the False Claims Act. As patients submit to their insurance companies as well as health savings accounts, fees and services are questioned.

Bottom line — truth is the best policy. Be in accord with fact, reality and standards.

DIANE M. BARTON, DC, MCS-P, CIC, is with Medical Compliance Specialists, Ltd., in Homewood, Ill., and can be reached at 708-922-3911.

References can be found online at