Chapter 10: Medicare Compliance

Medical Practice Compliance and Programs

[Accountability, Processes and Implementation]

By Patricia A. Trites

Medicare compliance and how to act on claims denial is good – but knowing how to avoid them in the first place is even better Dean L. Mondell; MD

An increasingly common term in healthcare is “compliance program.” With Medicare and insurance carriers on the watch for fraud and abuse, and the increasing threats of Recovery Audit Contractors [RACs], a potential solution is an office system to help identify issues and correct them before government agencies get involved. These programs do not have to be complex, just functional. So, let’s start with the basics: What is a compliance program?


A medical compliance program, whether formal or informal, is a process or system to ensure that all regulatory requirements are being followed. In business, the annual financial audits are a customary part of an ongoing compliance program. Medical practices certainly have annual financial audits, but their compliance programs also expand into many additional arenas:

  • proper Medicare coding and billing practices;
  • compliance with various laws and regulations, notably the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Clinical Laboratory Improvement Act (CLIA),  and Limited English Proficiency (LEP) programs;
  • requirements imposed by the Environmental Protection Agency (EPA), Department of Transportation (DOT), and Occupational Safety and Health Administration (OSHA); and
  • safety guidelines, patient privacy laws, accreditation and contracting of managed care services.

Healthcare compliance programs have been in existence for quite some time. Typically, they are the result of a governmental agency requirement in response to civil or criminal actions. In the event of some fiscal irresponsibility or irregularity, the federal government can impose a Corporate Integrity Agreement (CIA) that subjects the provider and/or organization to outside review. The entity that performs this review/audit has to report its findings to the governmental agency in order for the provider to continue doing business with the federal healthcare programs. These requirements are placed on large corporations and small solo-practice providers alike.

From a medical practice standpoint, the need for a compliance program can be made more relevant by evaluating the Medicare and Medicaid activities over the past couple of years. The Department of Health and Human Services (DHHS) Office of Inspector General (OIG) clearly states that there will be increased scrutiny in billing practices and compliance with billing procedures in physicians’ offices during the coming years. This is partially in response to the Balanced Budget Act [BBA] as well as the current healthcare reform political imbroglio.

Moreover, there are laws and regulations to follow, some are mandatory and others are just “strong suggestions”. But, as long as a provider is not under a government mandated corporate integrity agreement, most physician practices are not “required” to have a corporate compliance program.  One exception is when a medical practice (healthcare organization) receives more than $5 million in Medicaid reimbursement annually. The Deficit Reduction Act [DRA] of 2005 requires medical organizations that meet this criterion to have policies and procedures in place to detect fraud and abuse and to train their employees on the fraud and abuse laws. 

In fact, the OIG’s introduction to “Providers Self-Disclosure Protocol” states: 

“The OIG believes that, as participants in the Federal health care programs, health care providers have an ethical and legal duty to ensure the integrity of their dealings with these programs. This duty includes an obligation to take measures, such as instituting a compliance program, to detect and prevent fraudulent, abusive and wasteful activities. It also encompasses the need to implement specific procedures and mechanisms to examine and resolve instances of noncompliance with program requirements.”

Nevertheless, on October 1, 2009, the Office of the Inspector General (OIG) released its work plan for the 2010 fiscal year. The 2010 plan includes reviews of and proposed changes to Medicare (Parts A, B, C, and D), Medicaid, and an additional section on the programs and efforts related to American Recovery and Reinvestment Act [ARRA]. This certification also contemplates “prospective” compliance, covering the period January 1, 2010 through December 31, 2010.

More here: BOOK ORDERS [Pre-Release]:

Dictionary of Health Insurance and Managed Care:


10 thoughts on “Chapter 10: Medicare Compliance


    In a community that is growing rapidly with the migration of older adults trying to avoid the more harsh climates of the country, a large multi-specialty medical group practice has formed to provide comprehensive health services to the new residents. The group is made up of primary care physicians including family practice and internal medicine, specialty physicians in cardiology, gastroenterology, rheumatology, ophthalmology, oncology, pulmonology, nephrology, and orthopedics. They have multiple offices throughout the community and one central office building that houses the many ancillary services ordered by this diverse group including radiology (with CT, MRI and interventional suite), laboratory with a high complexity certificate, and a physical therapy suite.


    In the rapid growth of this practice, compliance was not considered as a priority, although it did provide educational opportunities to its professional staff members to participate in seminars and conferences relating to their job positions. A number of employees attended compliance-related courses and have informed management of the “need” to develop a comprehensive compliance program to protect the organization from regulatory investigation, fines and penalties.

    A shareholder-physician is named as compliance officer by the board of directors and is given the assignment of developing the compliance program. The compliance officer delegates the assignment to the business manager of the organization. The business manager gathers a team of co-workers to begin the development process.


    The baseline audit reveals a number of discrepancies between the applicable rules and regulations and the actual work practices of the organization. The list below is brought to the attention of the physician compliance officer, who in turn brings the list to the next board of directors’ meeting.

    1. The medical chart audit reveals many problems that affect the validity of the claims sent to Medicare (and other insurers) including:

    a. illegible documentation by three providers;
    b. missing documentation of office visits (encounters) and laboratory orders and results;
    c. billing codes submitted that are higher than allowed when compared against the documentation in the medical record in 57% of the claims audited;
    d. non-physician practitioners (NPs and PAs) performing evaluation and management services to new patients and these are billed as “incident to” a physician supervisor;
    e. hospital residents performing and documenting evaluation and management services and the services are billed using the provider numbers of group practice physicians without the requisite physician at teaching hospital (PATH) documentation by the attending physicians;
    f. the analysis of CPT and ICD-9 code utilization indicates large variation for more than one-half of the physicians from the national averages.

    2. The assessment of the billing and reimbursement procedures indicates that professional courtesy is routinely extended to other physicians and their families from the community, and one physician routinely orders laboratory and radiological studies for his parents and these tests are billed to Medicare.

    3. The review of the OSHA program reveals that there are no OSHA program manuals or copies of MSDSs at any of the office facilities, no training has been provided to employees, and no offer or documentation of Hepatitis B vaccinations to employees. In addition, no DOT hazmat training has been performed.

    4. The review of the laboratory compliance found that most of the regulations have been followed in the central laboratory facility, but there are no separate CLIA numbers requested/obtained for each of the practice locations where waived testing is performed within the office. In addition, the CLIA certificates that are in some of the practice location offices have not been updated to reflect the group-practice name. The central laboratory facility has not updated the certificate to CMS to reflect a new laboratory director and the lab director has not personally signed each of the procedures in the standard operating procedures manual.

    5. HIPAA has been addressed in the form of implementing the Transaction and Code Set Rule with the help of the practice’s practice management system vendor. The Privacy Rule is addressed with initial training of existing employees, but no new employees have HIPAA training and there have been no annual updates of the Privacy Plan training. The practice has purchased of an “off-the-shelf” Privacy Plan Manual, but the policies and procedures have not been customized or implemented throughout the organization. The Security Rule has not been addressed at all.

    6. The review of the employment and ERISA laws and regulations reveals that the practice has non-exempt employees as salaried exempt employees improperly, there is no sexual harassment policy, the policy on equal employment and non-discrimination is not up-to-date and there is no written acknowledgement from any employee of their receipt of the policy manual. No summary plan descriptions or summary annual reports have been provided to eligible employees. In addition, there is no record of any Form 5500s being filed for the pension plan for the last two years.


    Members of the board of directors express surprise at the number of issues identified as problematic. However, the information presented does not include the potential consequences of ignoring the problems. In the absence of such information, the following decisions are made:

    1. Continue formulating policies and procedures for the compliance program.
    2. Purchase OSHA program manuals and have a staff member obtain MSDSs.
    3. Address the CLIA issues by filing the necessary paperwork for change in ownership and file applications for the offices that do not have CLIA waived certificates.
    4. Table all other issues for further discussion and future meetings.

    Some of the comments regarding the billing and reimbursement issues and the employment/ERISA issues are listed below:

    1. “We haven’t had the government look at our documentation, so it is probably okay to continue without making changes.”
    2. “No one can tell us who we can provide free services to, and anyway, how would anyone know who we don’t send billing statements to?”
    3. “We are not paying the staff any more money and especially not overtime.”
    4. “HIPAA is a joke — there is no agency investigating whether or not we have written policies or do training.”
    5. “We just have to do all the paperwork, then we can’t get in trouble if anyone does bother to look.”
    6. “Hepatitis B vaccinations are performed as routine now, so everyone probably has had them, so why should we have to pay for them if they haven’t?”


    1) To what extent are the members of the board of directors personally at risk for not implementing an effective compliance program?
    2) How great is the potential risk for allegations of fraud and/or abuse by governmental or third-party payors?
    3) What level of risk is the board of directors incurring for Department of Labor and Internal Revenue Service fines and penalties for failing to do the following:

    – provide the appropriate documentation to eligible employees of the welfare and pension plans?
    – file a pension plan informational tax return?
    – pay overtime compensation to some of the employees?

    By having knowledge of the issue and ignoring it, has the board of directors considered the ramifications of having the statute run for an additional year for “knowing and willful violation”?

    4) What is the potential for the business manager to file a complaint with any of the regulatory agencies when he or she has been told to continue writing policies and procedures, but that the majority are not going to be implemented?
    5) What is the potential that one of the physicians of the group, in an effort to protect himself or herself from the risk of non-compliant partners, will leave the practice and then report the billing deficiencies to the local Medicare office?

    Any thoughts on this sample case model after reading this chapter in the BMP 3.0?

  2. Obama to Use High-Tech Bounty Hunters to Fight Healthcare Fraud

    President Barack Obama just said that he’ll bring in high-tech bounty hunters to help root out health care fraud, grabbing a populist idea with bipartisan backing in his final push to overhaul the system.

    The bounty hunters in this case would be private auditors armed with sophisticated computer programs to scan Medicare and Medicaid billing data for patterns of bogus claims. The auditors would get to keep part of any funds they recover for the government. The White House said a pilot program run by Medicare in California, New York and Texas recouped $900 million for taxpayers from 2005-2008.

    Obama is placing a heavy emphasis on battling waste and fraud in his final healthcare push. The newly repackaged bill, contained more than dozen anti-fraud ideas. A common theme linking them is the increased use of technology to spot suspicious billing patterns and keep track of service providers with a track record of problems.

    Source: Ricardo Alonso-Zaldivar, Associated Press [3/10/10]

  3. New Disclosure Requirements for Imaging Services under the Stark In-Office Ancillary Services Exception

    Here are some of the key provisions in the Patient Protection and Affordable Care Act, as modified by the Health Care and Education Reconciliation Act of 2010 (collectively, the “Health Care Reform Act”). This post summarizes the new disclosure requirements for medical providers utilizing the “In-Office Ancillary Services” exception (the “IOAS Exception”) to the federal Stark law to provide certain imaging services to their patients.

    • The federal Stark law generally prohibits a physician from making referrals to their own practice for the furnishing of certain designated health services (“DHS”) reimbursable by Medicare, unless an applicable exception to the law is satisfied. Generally, the IOAS Exception, if met, permits physicians to make referrals of certain DHS (including, among others, certain imaging services) within the referring physician’s own practice.

    • The Health Care Reform Act requires providers utilizing the IOAS Exception for the provision of certain imaging services to provide patients with written notification, at the time of the referral, that the patient may obtain the services from someone other than the referring physician or the referring physician’s group practice. Specifically, the written notice must provide the patient with a written list of other suppliers who furnish services in the applicable service area. Currently the list of covered services includes magnetic resonance imaging (“MRI”), computed tomography (“CT”) and positron emission tomography (“PET”). This list is subject to expansion by the Centers for Medicare and Medicaid Services (“CMS”).

    • While the Health Care Reform Act was signed into law on March 23, 2010, this notification requirement purports to be retroactive to January 1, 2010 and therefore applies to services furnished on or after January 1, 2010. While there is some question as to whether disclosure is required right now or after CMS issues regulations, many recommend compliance at this time as to MRIs, CTs and PET. Others expect that CMS will be issuing regulations incorporating this new requirement and addressing whether any additional requirements apply or whether additional DHS will be subject to this disclosure requirement.


  4. New Time Limits on Returning Physician Overpayments

    This comment is on a key provisions of the Patient Protection and Affordable Care Act, as modified by the Health Care and Education Reconciliation Act of 2010 (collectively, the “Health Care Reform Act”). It summarizes new requirements for health care providers to report and return overpayments received from the Medicare and Medicaid Programs.

    The new statute specifically requires health care providers to report and return identified overpayments by the later of: (i) 60 days after the date on which the overpayment was identified; or (ii) the date any corresponding cost report is due, if applicable. The report must include a written explanation of the reason for the overpayment and be appropriately addressed to “the Secretary, the State, an intermediary, a carrier, or a contractor.”

    “Overpayment” is defined in the new statute to mean “any funds that a person receives or retains under Title XVIII or XIX [Medicare or Medicaid] to which the person, after applicable reconciliation, is not entitled.”

    Importantly, the statute links overpayments retained beyond the 60-day period to the Federal False Claims Act. Such inappropriately retained monies will be considered an “obligation” under the False Claims Act, which ascribes liability to providers who knowingly and improperly avoid or decrease an obligation to pay funds owed to the government. Each violation of the False Claims Act can potentially mean financial penalties involving $5,500 to $11,000, plus treble damages. In addition, providers who violate the False Claim Act face possible exclusion from participation in federal health care programs.

    Although the overpayment reporting requirement became effective upon enactment of the Health Care Reform Act (March 23, 2010), the Centers for Medicare and Medicaid Services have not yet provided any guidance or implementing regulations at this time. Providers should nonetheless review their internal compliance systems now to ensure that over-payments identified through self-audits – or other means – are promptly reported and appropriately refunded in a timely manner in compliance with this new provision.

    Source: Garfunkel Wild, PC

  5. The Deficit Reduction Act (DRA), S. 1932, was signed by President Bush on February 8, 2006, and became Public Law No. 109-171. Implementation of the act includes these provisions:

    Subtitle A – Provisions Relating to Medicare Part A

    *hospital quality improvement (section 5001);
    *improvements to Medicare-dependent hospital (MDH) programs (section 5003);
    *reduction in payments to skilled nursing facilities (SNFs; section 5004);
    *phase-in of inpatient rehabilitation facility classification criteria (section 5005);
    *development of a strategic plan regarding investment in specialty hospitals (section 5006);
    *demonstration projects to permit gain-sharing arrangements (section 5007); and
    *post-acute care payment reform demonstration programs (section 5008).

    Subtitle B Provisions Relating to Medicare Part B

    *title transfer of certain durable medical equipment (DME) to patients after 13-month rental (section 5101);
    *adjustments in payment for imaging services (section 5102);
    *limitations on payments for procedures in ambulatory surgical centers (ASCs; section 5103);
    *minimum updates for physician services (section 5104);
    *three-year extension of hold-harmless provisions for small rural hospitals and sole community hospitals (section 5105);
    *updates on composite rate components of basic care-mix adjusted prospective payment systems (PPS) for dialysis services (section 5106);
    *accelerated implementation of income-related reductions in Part B premium subsidy (section 5111);
    *Medicare coverage of ultrasound screening for abdominal aortic aneurysms; National Educational And Information Campaign (section 5112);
    *improvements to patient access and utilization of colorectal cancer screening under Medicare (section 5113);
    *delivery of services at federally qualified health centers (FQHC) (section 5114); and
    *waiver of Part B Late Enrollment Penalty for certain international volunteers (section 5115).

    Subtitle C – Provisions Relating To Parts A and B

    *home health payments (section 5201);
    *revision of period for providing payment for claims that are not submitted electronically (section 5202);
    *timeframe for Part A and B payments (section 5203); and
    *Medicare Integrity Program (MIP) funding (section 5204).

    Subtitle D – Provisions Relating To Part C

    *phase-out of risk adjustment budget neutrality in determining payments to Medicare Advantage organizations (section 5301);
    *Rural PACE Provider Grant Programs (section 5302).

    Prof. Gregory O. Ginn; PhD, MBA, CPA, MEd

  6. I really love your site.. Pleasant colors & theme.
    Did you build this web site yourself? Please reply back as
    I’m planning to create my own blog and would like to find out where you got this from or just what the theme is called. Kudos!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s