[Federal Register Volume 63, Number 243 (Friday, December 18, 1998)]
[Notices]
[Pages 70138-70152]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-33565]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of Inspector General
Publication of the OIG Compliance Program Guidance for Third-
Party Medical Billing Companies
AGENCY: Office of Inspector General (OIG), HHS.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: This Federal Register notice sets forth the recently issued
Compliance Program Guidance for Third-Party Medical Billing Companies
developed by the Office of Inspector General (OIG) in cooperation with,
and with input from, the Health Care Financing Administration, the
Department of Justice and representatives of various trade associations
and health care practice groups. The OIG has previously developed and
published compliance program guidance focused on the clinical
laboratory and hospital industries and on home health agencies. We
believe that the development and issuance of this compliance program
guidance for third-party medical billing companies will serve as a
positive step towards promoting a higher level of ethical and lawful
conduct throughout the entire health care industry.
FOR FURTHER INFORMATION CONTACT: Susan Lemanski, Office of Counsel to
the Inspector General, (202) 619-2078
SUPPLEMENTARY INFORMATION:
Background
The creation of compliance program guidance remains a major effort
by the OIG in its effort to engage the health care community in
combating fraud and abuse. In formulating compliance guidance, the OIG
has worked closely with the Health Care Financing Administration
(HCFA), the Department of Justice (DOJ) and various sectors of the
health care industry to provide clear guidance to those segments of the
industry that are interested in reducing fraud and abuse within their
organizations. The 3 previously-issued compliance program guidances
were focused on the hospital industry, home health agencies clinical
laboratories, and were published in the Federal Register on February
23, 1998 (63 FR 8987), August 7, 1998 (63 FR 42410) and August 24, 1998
(63 FR 45076) , respectively. The development of these types of
compliance program guidance is based on our belief that a health care
provider can use internal controls to more efficiently monitor
adherence to applicable statutes, regulations and program requirements.
Elements for an Effective Compliance Program
Through experience, the OIG has identified 7 fundamental elements
to an effective compliance program. They are:
Implementing written policies, procedures and standards of
conduct;
Designating a compliance officer and compliance committee;
Conducting effective training and education;
Developing effective lines of communication;
Enforcing standards through well-publicized disciplinary
guidelines;
Conducting internal monitoring and auditing; and
Responding promptly to detected offenses and developing
corrective action.
Third-Party Medical Billing Companies
Increasingly, third-party medical billing companies are providing
crucial services that could greatly impact the solvency and stability
of the Medicare Trust Fund. Health care providers are relying on these
billing companies to a greater degree in assisting them in processing
claims in accordance with applicable statutes and regulations.
Additionally, health care professionals are consulting with billing
companies to provide timely and accurate advice with regard to
reimbursement matters, as well as overall business decision-making. As
a result, the OIG considers compliance program guidance to third-party
medical billing companies particularly important in efforts to combat
health care fraud and abuse. Further, because individual billing
companies may support a variety of providers with different
specialties, we recommend that billing companies coordinate with their
provider-clients in establishing compliance responsibilities. Using
these 7 basic elements outlined above, the OIG has identified specific
areas of third-party medical billing company operations that may prove
to be vulnerable to fraud and abuse.
Like previously-issued OIG compliance guidances, adoption of the
Compliance Program Guidance for Third-Party Medical Billing Companies
set forth below will be strictly voluntary. A reprint of this
compliance program guidance follows:
Office of Inspector General's Compliance Program Guidance for
Third-Party Medical Billing Companies
I. Introduction
The Office of Inspector General (OIG) of the Department of Health
and Human Services (HHS) continues in its efforts to promote
voluntarily developed and implemented compliance programs for the
health care industry. The following compliance program guidance is
intended to assist third-party medical billing companies (hereinafter
referred to as ``billing companies'') 1 and their agents and
subcontractors in developing effective internal controls that promote
adherence to applicable Federal and State law, and the program
requirements of Federal, State and private health plans.
---------------------------------------------------------------------------
\1\ For the purposes of this compliance program guidance,
``third-party medical billing companies'' include clearinghouses and
value-added networks.
---------------------------------------------------------------------------
Billing companies are becoming a vital segment of the national
health care industry.2 Increasingly, health care
[[Page 70139]]
providers 3 are relying on billing companies to assist them
in processing claims in accordance with applicable statutes and
regulations. Additionally, health care providers are consulting with
billing companies to provide timely and accurate advice regarding
reimbursement matters, as well as overall business decision-making. As
a result, the OIG considers the compliance guidance for third-party
medical billing companies particularly important in the partnership to
defeat health care fraud.
---------------------------------------------------------------------------
\2\ Recent survey results from the Healthcare Billing and
Management Association (HBMA) show that its membership processes
more than 17.6 million claims per month totaling $18 billion a year.
\3\ For the purposes of this compliance program guidance,
``provider'' shall include any individual, company, corporation or
organization that submits claims for reimbursement to a Federal
health care program. The term ``Federal health care programs'' is
applied in this document as defined in 42 U.S.C. 1320a-7b(f), which
includes any plan or program that provides health benefits, whether
directly, through insurance, or otherwise, which is funded directly,
in whole or in part by the United States Federal Government (i.e.,
via programs such as Medicare, Federal Employees' Compensation Act,
Black Lung, or Longshore and Harbor Worker's Compensation Act) or
any State health plan (e.g., Medicaid, or program receiving funds
from block grants for social services or child health services).
Also, for purposes of this document, the term ``Federal health care
program requirements'' refers to the statutes, regulations, rules,
requirements, directives and instructions governing Medicare,
Medicaid and all other Federal health care programs.
---------------------------------------------------------------------------
At this juncture, it is important to note the tremendous variation
among billing companies in terms of the type of services 4
and the manner in which these services are provided to their respective
clients. For example, some billing companies code the bills for their
provider clients, while others only process bills that have already
been coded by the provider. Some billing companies offer a spectrum of
management services, including accounts receivable management and bad
debt collections, while others offer only one or none of these
services. Clearly, variations in services give rise to different
policies to ensure effective compliance. This guidance does not purport
to provide instruction on all aspects of regulatory compliance. Rather,
we have concentrated our attention on general Federal health care
reimbursement principles. For those billing companies that focus their
services in a particular sector of the health care industry, the
billing company should also consult any compliance program guidance
previously issued by the OIG for that particular sector.5
---------------------------------------------------------------------------
\4\ Billing companies provide services for virtually every
aspect of the health care industry. Among the areas of greatest
concentration for billing companies are: physicians, ambulatory
surgery centers (ASCs), durable medical equipment, prosthetics,
orthotics and supplies (DMEPOS) industry, home health agencies
(HHAs) and hospitals.
\5\ See 63 FR 45076 (8/24/98) for Compliance Program Guidance
for Clinical Laboratories; 63 FR 42410 (8/7/98) for Compliance
Program Guidance for Home Health Agencies; 63 FR 8987 (2/23/98) for
Compliance Program Guidance for Hospitals. These documents are also
located on the Internet at http://www.dhhs.gov/progorg/oig.
---------------------------------------------------------------------------
This guidance is pertinent for all billing companies, large or
small, regardless of the type of services provided. The applicability
of the recommendations and guidelines provided in this document depend
on the circumstances of each particular billing company. However,
regardless of the billing company's size and structure, the OIG
believes every billing company can and should strive to accomplish the
objectives and principles underlying all of the compliance policies and
procedures recommended within this guidance.
Within this document, the OIG first provides its general views on
the value and fundamental principles of billing company compliance
programs, and then provides specific elements that each billing company
should consider when developing and implementing an effective
compliance program. Although this document presents basic procedural
and structural guidance for designing a compliance program, it is not
in itself a compliance program. Rather, it is a set of guidelines for
consideration by a billing company interested in implementing a
compliance program.
Fundamentally, compliance efforts are designed to establish a
culture within a billing company that promotes prevention, detection
and resolution of instances of conduct that do not conform to Federal
and State law, and Federal, State and private payor health care program
requirements, as well as the billing company's ethical and business
policies. In practice, the compliance program should effectively
articulate and demonstrate the organization's commitment to legal and
ethical conduct. Eventually, a compliance program should become part of
the fabric of routine billing company operations.
Specifically, compliance programs guide a billing company's
governing body (e.g., boards of directors or trustees), chief executive
officer (CEO), managers, billing and coding personnel and other
employees in the efficient management and operation of the company.
They are especially critical as an internal quality assurance control
in reimbursement and payment areas, where claims and billing operations
are often the source of fraud and abuse and, therefore, historically
have been the focus of Government regulation, scrutiny and sanctions.
It is incumbent upon a billing company's corporate officers and
managers to provide ethical leadership to the organization and to
assure adequate systems are in place to facilitate and promote ethical
and legal conduct. Employees, managers and the Government will focus on
the words and actions of a billing company's leadership as a measure of
the organization's commitment to compliance. Indeed, many billing
companies have adopted mission statements articulating their commitment
to high ethical standards. Compliance programs also provide a central
coordinating mechanism for furnishing and disseminating information and
guidance on applicable Federal and State statutes, regulations and
other payor requirements.
The OIG believes that open and frequent communication 6
between the billing company and the health care provider is fundamental
to the success of any compliance endeavor. Billing companies are in a
unique position with regard to establishing compliance programs. An
individual billing company may support a variety of providers with
different specialities and, consequently, different risk areas. It is
with this in mind that the OIG strongly recommends the billing company
coordinate with its provider clients to establish compliance
responsibilities.7 Once the responsibilities have been
clearly delineated, they should be formalized in the written contract
between the provider and the billing company. The OIG recommends the
contract enumerate those functions that are shared responsibilities and
those that are the sole responsibility of either the billing company or
the provider. Implementing an effective compliance program requires a
substantial commitment of time, energy and resources by senior
management and the billing company's governing body. Superficial
programs that simply purport to comply with the elements discussed and
described in this guidance or programs hastily constructed and
implemented without appropriate ongoing monitoring will
[[Page 70140]]
likely be ineffective and could expose the billing company to greater
liability than no program at all. Additionally, an ineffective
compliance program may expose the billing company's provider clients to
liability where those providers rely on the billing company's expertise
and its assurances of an effective compliance program. Although it may
require significant additional resources or reallocation of existing
resources to implement an effective compliance program, the long term
benefits of implementing the program significantly outweigh the costs.
Undertaking a voluntary compliance program is a beneficial investment
that advances both the billing company's organization and the stability
and solvency of the Medicare program.
---------------------------------------------------------------------------
\6\ E.g., the billing company should communicate the results of
audits, determinations of inappropriate claim submissions and
notifications of overpayments.
\7\ At a minimum, the billing company should send a copy of its
compliance program to all of its provider clients. The billing
company should also coordinate with its provider clients in the
development of a training program, an audit plan and policies for
investigating misconduct.
---------------------------------------------------------------------------
A. Benefits of a Compliance Program
The OIG believes an effective compliance program provides a
mechanism that brings the public and private sectors together to reach
mutual goals of reducing fraud and abuse, improving operational
quality, improving the quality of health care and reducing the costs of
health care. Attaining these goals provides positive results to
business, Government and individual citizens alike. In addition to
fulfilling its legal duty to ensure that it is not submitting false or
inaccurate claims to Government and private payors, a billing company
may gain numerous additional benefits by implementing an effective
compliance program. These benefits may include:
The formulation of effective internal controls to assure
compliance with Federal regulations, private payor policies and
internal guidelines;
Improved medical record documentation; 8
---------------------------------------------------------------------------
\8\ Billing and coding personnel can provide critical advice to
physicians and other health care providers that may greatly improve
the quality of medical record documentation.
---------------------------------------------------------------------------
Improved collaboration, communication and cooperation
among health care providers and those processing and using health
information;
The ability to more quickly and accurately react to
employees' operational compliance concerns and the capability to
effectively target resources to address those concerns;
A more efficient communications system that establishes a
clear process and structure for addressing compliance concerns quickly
and effectively;
A concrete demonstration to employees and the community at
large of the billing company's strong commitment to honest and
responsible corporate conduct;
The ability to obtain an accurate assessment of employee
and contractor behavior relating to fraud and abuse;
Increased likelihood of identification and prevention of
criminal and unethical conduct;
A centralized source for distributing information on
health care statutes, regulations and other program directives related
to fraud and abuse and related issues;
A methodology that encourages employees to report
potential problems;
Procedures that allow the prompt, thorough investigation
of possible misconduct by corporate officers, managers, employees and
independent contractors, who can impact billing decisions;
An improved relationship with the applicable Medicare
contractor;
Early detection and reporting, minimizing the loss to the
Government from false claims, and thereby reducing the billing
company's exposure to civil damages and penalties, criminal sanctions,
and administrative remedies, such as program exclusion; 9
and
---------------------------------------------------------------------------
\9\ The OIG, for example, will consider the existence of an
effective compliance program that pre-dated any governmental
investigation when addressing the appropriateness of administrative
sanctions. However, the burden is on the billing company to
demonstrate the operational effectiveness of a compliance program.
Further, the False Claims Act, 31 U.S.C. 3729-3733, provides that a
person who has violated the Act, but who voluntarily discloses the
violation to the Government within thirty days of detection, in
certain circumstances will be subject to not less than double, as
opposed to treble, damages. See 31 U.S.C. 3729(a). Thus, the ability
to react quickly when violations of the law are discovered may
materially help reduce the billing company's liability.
---------------------------------------------------------------------------
Enhancement of the structure of the billing company's
operations and the consistency between separate business units.
Overall, the OIG believes that an effective compliance program is a
sound business investment on the part of a billing company.
The OIG recognizes the implementation of an effective compliance
program may not entirely eliminate fraud, abuse and waste from an
organization. However, a sincere effort by billing companies to comply
with applicable Federal and State standards, as well as the
requirements of private health care programs, through the establishment
of an effective compliance program, significantly reduces the risk of
unlawful or improper conduct.
B. Application of Compliance Program Guidance
Given the diversity in size and services offered by billing
companies within the industry, there is no single ``best'' compliance
program. The OIG understands the variances and complexities within the
industry and is sensitive to the differences between large and small
billing companies. Similarly, the OIG understands the availability of
resources for any one billing company can differ vastly, given that
billing companies vary greatly in the type of services offered and the
manner that they are provided. Nonetheless, elements of this guidance
can be used by all billing companies, regardless of size, location or
corporate structure, to establish an effective compliance program. The
OIG recognizes some billing companies may not be able to adopt certain
elements to the same comprehensive degree that others with more
extensive resources may achieve. This guidance represents the OIG's
suggestions on how a billing company can best establish internal
controls and monitor company conduct to correct and prevent fraudulent
activities. By no means should the contents of this guidance be viewed
as an exclusive discussion of the advisable elements of a compliance
program. On the contrary, the OIG strongly encourages billing companies
to develop and implement compliance elements that uniquely address the
individual billing company's risk areas.
The OIG appreciates that the success of the compliance program
guidance hinges on thoughtful and practical comments from those
individuals and organizations that will utilize the tools set forth in
this document. In a continuing effort to collaborate closely with the
private sector, the OIG solicited input and support from
representatives of the major trade associations in the development of
this compliance program guidance. Further, we took into consideration
previous OIG publications, such as Special Fraud Alerts,10
the recent findings and recommendations in reports issued by OIG's
Office of Audit Services, comments from the HCFA, as well as the
experience of past and recent fraud investigations related to billing
companies conducted by OIG's Office of Investigations and the DOJ.
---------------------------------------------------------------------------
\10\ Special Fraud Alerts are available on the OIG website at
http://www.dhhs.gov/progorg/oig.
---------------------------------------------------------------------------
As appropriate, this guidance may be modified and expanded as more
information and knowledge is obtained by the OIG, and as changes in the
law, and in the rules, policies and procedures of the Federal, State
and private health plans occur. The OIG understands billing companies
will need adequate time to react to these
[[Page 70141]]
modifications and expansions and to make any necessary changes to their
voluntary compliance programs. New compliance practices may eventually
be incorporated into this guidance if the OIG discovers significant
enhancements to better ensure an effective compliance program. We
recognize the development and implementation of compliance programs in
billing companies often raise sensitive and complex legal and
managerial issues.11 However, the OIG wishes to offer what
it believes is critical guidance for those who are sincerely attempting
to comply with the relevant health care statutes and regulations.
---------------------------------------------------------------------------
\11\ Nothing stated herein should be substituted for, or used in
lieu of, competent legal advice from counsel.
---------------------------------------------------------------------------
II. Compliance Program Elements
The elements proposed by these guidelines are similar to those of
the clinical laboratory model compliance program guidance published by
the OIG in February 1997 (updated in August 1998), the hospital
compliance program guidance published in February 1998, the home health
compliance program guidance published in August 1998 12 and
our corporate integrity agreements.13 The elements represent
a guide that can be tailored to fit the needs and financial realities
of a particular billing company, large or small, regardless of the type
of services offered. The OIG is cognizant that with regard to
compliance programs, one model is not suitable to every organization.
Nonetheless, the OIG believes every billing company, regardless of
size, structure or services offered can benefit from the principles
espoused in this guidance.
---------------------------------------------------------------------------
\12\ See note 5.
\13\ Corporate integrity agreements are executed as part of a
civil settlement agreement between the health care provider or
entity responsible for billing for the provider and the Government
to resolve a case based on allegations of health care fraud or
abuse. These OIG-imposed programs are in effect for a period of
three to five years and require many of the elements included in
this compliance guidance.
---------------------------------------------------------------------------
The OIG believes every effective compliance program must begin with
a formal commitment 14 by the billing company's governing
body to include all of the applicable elements listed below. These
elements are based on the seven steps of the Federal Sentencing
Guidelines.15 We believe every billing company can implement
all of the recommended elements, expanding upon the seven steps of the
Federal Sentencing Guidelines. The OIG recognizes full implementation
of all elements may not be immediately feasible for all billing
companies. However, as a first step, a good faith and meaningful
commitment on the part of the billing company administration,
especially the governing body and the CEO, will substantially
contribute to the program's successful implementation. As the
compliance program is implemented, that commitment should cascade down
through the management to every employee in the organization. At a
minimum, comprehensive compliance programs should include the following
seven elements:
---------------------------------------------------------------------------
\14\ Formal commitment may include a resolution by the board of
directors, where applicable. A formal commitment does include the
allocation of adequate resources to ensure that each of the elements
is addressed.
\15\ See United States Sentencing Commission Guidelines,
Guidelines Manual, 8A1.2, comment. (n.3(k)). The Federal Sentencing
Guidelines are detailed policies and practices for the Federal
criminal justice system that prescribe appropriate sanctions for
offenders convicted of Federal crimes.
---------------------------------------------------------------------------
(1) The development and distribution of written standards of
conduct, as well as written policies and procedures that promote the
billing company's commitment to compliance (e.g., by including
adherence to the compliance program as an element in evaluating
managers and employees) and that address specific areas of potential
fraud, such as the claims submission process, code gaming and financial
relationships with its providers;
(2) The designation of a chief compliance officer and other
appropriate bodies, e.g., a corporate compliance committee, charged
with the responsibility of operating and monitoring the compliance
program and who report directly to the CEO and the governing body;
16
---------------------------------------------------------------------------
\16\ The integral functions of a compliance officer and a
corporate compliance committee in implementing an effective
compliance program are discussed throughout this compliance
guidance. However, the OIG recognizes that the differences in the
sizes and structures of billing companies will result in differences
in the ways in which compliance programs are set up. The important
thing is that the billing company structures its compliance program
in such a way that the program is able to accomplish the key
functions of a corporate compliance officer and a corporate
compliance committee discussed within this document.
---------------------------------------------------------------------------
(3) The development and implementation of regular, effective
education and training programs for all affected employees;
17
---------------------------------------------------------------------------
\17\ Training and education programs for billing companies
should be detailed and comprehensive. They should cover specific
billing and coding procedures, as well as the general areas of
compliance.
---------------------------------------------------------------------------
(4) The creation and maintenance of a process, such as a hotline,
to receive complaints and the adoption of procedures to protect the
anonymity of complainants and to protect callers from retaliation;
(5) The development of a system to respond to allegations of
improper/illegal activities and the enforcement of appropriate
disciplinary action against employees who have violated internal
compliance policies, applicable statutes, regulations or Federal, State
or private payor health care program requirements;
(6) The use of audits and/or other risk evaluation techniques to
monitor compliance and assist in the reduction of identified problem
areas;18 and
---------------------------------------------------------------------------
\18\ For example, spot-checking the work of coding and billing
personnel periodically should be an element of an effective
compliance program. Identification of risk areas, discussed in
further detail in section II.A.2, is the first step in correcting
aberrant billing patterns.
---------------------------------------------------------------------------
(7) The investigation and correction of identified systemic
problems and the development of policies addressing the non-employment
of sanctioned individuals.
A. Written Policies and Procedures
Every compliance program should require the development and
distribution of written compliance policies, standards and practices
that identify specific areas of risk and vulnerability to the billing
company. These policies should be developed under the direction and
supervision of the chief compliance officer and the compliance
committee (if such a committee is practicable for the billing company)
and, at a minimum, should be provided to all individuals who are
affected by the particular policy at issue, including the billing
company's agents and independent contractors 19 who may
affect billing decisions.
---------------------------------------------------------------------------
\19\ According to the Federal Sentencing Guidelines, an
organization must have established compliance standards and
procedures to be followed by its employees and other agents in order
to receive sentencing credit for an ``effective'' compliance
program. The Federal Sentencing Guidelines define ``agent'' as ``any
individual, including a director, an officer, an employee, or an
independent contractor, authorized to act on behalf of the
organization.'' See United States Sentencing Commission Guidelines,
Guidelines Manual, 8A1.2, Application Note 3(d).
---------------------------------------------------------------------------
1. Standards of Conduct
Billing companies should develop standards of conduct for all
affected employees that include a clearly delineated commitment to
compliance by the billing company's senior management 20 and
its divisions. The standards should function in the same fashion as a
constitution, i.e., as a foundational document that details the
[[Page 70142]]
fundamental principles, values and framework for action within an
organization. Standards should articulate the billing company's
commitment to comply with all Federal and State standards, with an
emphasis on preventing fraud and abuse. They should state the
organization's mission, goals and ethical principles relating to
compliance and clearly define the organization's commitment to
compliance and its expectations for all billing company governing body
members, officers, managers, employees, and, where appropriate,
contractors and other agents. The standards should promote integrity,
support objectivity and foster trust. Standards should not only address
compliance with statutes and regulations, but should also set forth
broad principles that guide employees in conducting business
professionally and properly. Furthermore, a billing company's standards
of conduct should reflect a commitment to the highest quality health
data submission, as evidenced by its accuracy, reliability, timeliness
and validity.
---------------------------------------------------------------------------
\20\ The OIG strongly encourages high-level involvement by the
billing company's governing body, chief executive officer, chief
operating officer, general counsel and chief financial officer, in
the development of standards of conduct. Such involvement should
help communicate a strong and explicit organizational commitment to
compliance goals and standards.
---------------------------------------------------------------------------
2. Written Policies for Risk Areas
As part of its commitment to compliance, billing companies should
establish a comprehensive set of policies that delineate billing and
coding procedures for the company. In contrast to the standards of
conduct, which are designed to be a clear and concise collection of
fundamental standards, the written policies should articulate specific
procedures personnel should follow when submitting initial or follow-up
claims to Federal health care programs.
Among the issues to be addressed in the polices are the education
and training requirements for billing and coding personnel; the risk
areas for fraud, waste and abuse; the integrity of the billing
company's information system; the methodology for resolving ambiguities
in the provider's paperwork;21 the procedure for identifying
and reporting credit balances; and the procedure to ensure duplicate
bills are not submitted in an attempt to gain duplicate payment.
---------------------------------------------------------------------------
\21\ Billing company personnel should maintain an open dialogue
with their providers regarding documentation issues. If the
documentation received from a provider is ambiguous or conflicting,
the billing company should contact the provider for clarification or
resolution.
---------------------------------------------------------------------------
Billing companies that provide coding services should provide
additional policies for risk areas that apply specifically to
coding.22 The policies and procedures should describe the
necessary steps to take in reviewing a billing document. Specific
attention should be placed on the proper steps the coder should take if
unable to locate a code for a documented diagnosis or procedure or if
the medical record documentation is not sufficient to determine a
diagnosis or procedure.23 Billing companies that provide
additional services should consider consulting an attorney for guidance
on other regulatory issues.24
---------------------------------------------------------------------------
\22\ See section II.A.2.b.
\23\ If the coding staff finds the physician's documentation to
be unclear or conflicting, then they should ask the physician for
clarification. This will frequently allow the coder to choose a more
appropriate code. If the coder does not know how to code a
particular type of bill for Medicare payment, he or she should first
consult with a supervisor. If the question persists, the supervisor
should contact the provider's carrier/intermediary. The billing
company could also contact an authoritative coding organization. For
example, the American Hospital Association maintains a central
office on ICD-9-CM. All such correspondence should be maintained in
a log. In the rare instance that the documentation appears to be for
a new type of disease or syndrome, the supervisor can send an
inquiry to the National Center for Health Statistics, 6525 Belcrest
Road, Room 1100, Hyattsville, MD 20782.
\24\ For example, billing companies that provide marketing
services should develop policies to ensure compliance with the anti-
kickback statute. 42 U.S.C. 1320a-7b(b). In addition, such policies
should provide that the billing company shall not submit or cause to
be submitted to health care programs claims for patients by virtue
of a compensation agreement that was designed to induce such
referrals in violation of the anti-kickback statute, or similar
Federal or State statute or regulation. Further, the policies and
procedures should reference the OIG's safe harbor regulations,
clarifying those payment practices that would be immune from
prosecution under the anti-kickback statute. See 42 CFR 1001.952.
---------------------------------------------------------------------------
a. Risk Assessment--All Billing Companies
The OIG believes a billing company's written policies and
procedures, its educational program and its audit and investigation
plans should take into consideration the particular statutes, rules and
program instructions that apply to each function or department of the
billing company. Consequently, we recommend coordination between these
functions with an emphasis on areas of special concern that have been
identified by the OIG through its investigative and audit
functions.25 Furthermore, the OIG recommends that billing
companies conduct a comprehensive self-administered risk analysis or
contract for an independent risk analysis by experienced health care
consulting professionals. This risk analysis should identify and rank
the various compliance and business risks the company may experience in
its daily operations.
---------------------------------------------------------------------------
\25\ The OIG periodically issues Special Fraud Alerts setting
forth activities believed to raise legal and enforcement issues.
Billing company compliance programs should require the legal staff,
chief compliance officer or other appropriate personnel to carefully
consider any and all Special Fraud Alerts issued by the OIG that
relate to health care providers to which they offer services.
Moreover, the compliance programs should address the ramifications
of failing to cease and correct any conduct criticized in such a
Special Fraud Alert, if applicable to billing companies, or to take
reasonable action to prevent such conduct from reoccurring in the
future. If appropriate, billing companies should take the steps
described in Section G regarding investigations, reporting and
correction of identified problems.
---------------------------------------------------------------------------
Once completed, the risk analysis should serve as the basis for the
written policies the billing company should develop. The OIG has
provided the following specific list of particular risk areas that
should be addressed by billing companies. It should be noted that this
list is not all-encompassing and the risk analysis completed as a
result of the company's audit may provide a more individualized road
map. Nonetheless, this list is a compilation of several years of OIG
audits, investigations and evaluations and should provide a solid
starting point for a company's initial effort.
Among the risk areas the OIG has identified as particularly
problematic are:26
---------------------------------------------------------------------------
\26\ The OIG's work plan is currently available on the Internet
at http://www.dhhs.gov/progorg/oig. The OIG Work Plan details the
various projects the OIG intends to address in the fiscal year. The
Work Plan contains the projects of the Office of Audit Services,
Office of Evaluation and Inspections, Office of Investigations and
the Office of Counsel to the Inspector General.
---------------------------------------------------------------------------
Billing for items or services not actually
documented;27
---------------------------------------------------------------------------
\27\ Billing for items or services not actually documented
involves submitting a claim that cannot be substantiated in the
documentation.
---------------------------------------------------------------------------
Unbundling;28
---------------------------------------------------------------------------
\28\ Unbundling occurs when a billing entity uses separate
billing codes for services that have an aggregate billing code.
---------------------------------------------------------------------------
Upcoding,29 such as, for example, DRG
creep;30
---------------------------------------------------------------------------
\29\ Upcoding reflects the practice of using a billing code that
provides a higher reimbursement rate than the billing code that
actually reflects the service furnished to the patient. Upcoding has
been a major focus of the OIG's law enforcement efforts. In fact,
the Health Insurance Portability and Accountability Act of 1996
added another civil monetary penalty to the OIG's sanction
authorities for upcoding violations. See 42 U.S.C. 1320a-
7a(a)(1)(A).
\30\ DRG creep is a variety of upcoding that involves the
practice of billing using a Diagnosis Related Group (DRG) code that
provides a higher reimbursement rate than the DRG code that
accurately reflects patient's diagnosis.
---------------------------------------------------------------------------
Inappropriate balance billing;31
---------------------------------------------------------------------------
\31\ Inappropriate balance billing refers to the practice of
billing Medicare beneficiaries for the difference between the total
provider charges and the Medicare Part B allowable payment.
---------------------------------------------------------------------------
Inadequate resolution of overpayments;32
---------------------------------------------------------------------------
\32\ An overpayment is an improper or excessive payment made to
a health care provider as a result of patient billing or claims
processing errors for which a refund is owed by the provider.
Examples of Medicare overpayments include instances where a provider
is: (1) Paid twice for the same service either by Medicare or by
Medicare and another insurer or beneficiary; or (2) paid for
services planned but not performed or for non-covered services.
Billing companies should institute procedures to provide for timely
and accurate reporting to both the provider and the health care
program of overpayments.
---------------------------------------------------------------------------
[[Page 70143]]
Lack of integrity in computer systems;33
---------------------------------------------------------------------------
\33\ Because billing companies are in the business of processing
health care information, it is essential they develop policies and
procedures to ensure the integrity of the information they process
and to ensure that records can be easily located and accessed within
a well-organized filing or alternative retrieval system. All billing
companies should have a back-up system (whether by disk, tape or
system) to ensure the integrity of data. Policies should provide for
a regular system back-up to ensure that no information is lost.
---------------------------------------------------------------------------
Computer software programs that encourage billing
personnel to enter data in fields indicating services were rendered
though not actually performed or documented;
Failure to maintain the confidentiality of information/
records;34
---------------------------------------------------------------------------
\34\ All billing companies should develop, implement, audit and
enforce policies and procedures to ensure the confidentiality and
privacy of financial, medical, personnel and other sensitive
information in their possession. These policies should address both
electronic and hard copy documents.
---------------------------------------------------------------------------
Knowing misuse of provider identification numbers, which
results in improper billing;35
---------------------------------------------------------------------------
\35\ Of particular concern, billing companies should be aware of
the provisions of reassignment of benefits. These provisions govern
who may receive payment due to a provider or supplier of services or
a beneficiary. See 42 CFR Secs. 424.70-424.80. See also Medicare
Carrier Manual Sec. 3060.10.
---------------------------------------------------------------------------
Outpatient services rendered in connection with inpatient
stays; 36
---------------------------------------------------------------------------
\36\ Billing companies that submit claims for non-physician
outpatient services that were already included in the hospital's
inpatient payment under the Prospective Payment System (PPS) are in
effect submitting duplicate claims.
---------------------------------------------------------------------------
Duplicate billing in an attempt to gain duplicate payment;
37
---------------------------------------------------------------------------
\37\ Duplicate billing occurs when the billing company submits
more than one claim for the same service or the bill is submitted to
more than one primary payor at the same time. Although duplicate
billing can occur due to simple error, knowing duplicate billing--
which is sometimes evidenced by systematic or repeated double
billing--can create liability under criminal, civil or
administrative law, particularly if any overpayment is not promptly
refunded.
---------------------------------------------------------------------------
Billing for discharge in lieu of transfer; 38
---------------------------------------------------------------------------
\38\ Under the Medicare regulations, when a PPS hospital
transfers a patient to another PPS hospital, only the hospital to
which the patient was transferred may charge the full DRG; the
transferring hospital should charge Medicare only a per diem amount.
See 42 CFR 412.4.
---------------------------------------------------------------------------
Failure to properly use modifiers; 39
---------------------------------------------------------------------------
\39\ A modifier, as defined by the CPT-4 manual, provides the
means by which the reporting position (or provider) can indicate a
service or procedure that has been performed has been altered by
some specific circumstance, but not changed in its definition or
code. Assuming the modifier is used correctly and appropriately,
this specificity provides the justification for payment for these
services. For correct use of modifiers, the billing company should
reference the appropriate sections of the Medicare carrier manual.
For general information on the correct use of modifiers, the billing
personnel should also reference the Correct Coding Initiative. See
Medicare Carrier Manual Sec. 4630.
---------------------------------------------------------------------------
Billing company incentives that violate the anti-kickback
statute or other similar Federal or State statute or regulation;
40
---------------------------------------------------------------------------
\40\ For billing companies that provide marketing services,
percentage arrangements may implicate the anti-kickback statute. See
42 U.S.C. 1320a-7b(b) and 59 FR 65372 (12/19/94). Cf. OIG Ad. Op.
98-10 (1998). The OIG has a longstanding concern that percentage
billing arrangements may increase the risk of upcoding and similar
abusive billing practices. See, e.g., OIG Ad. Op. 98-1 (1998) and
OIG Ad. Op. 98-4 (1998).
---------------------------------------------------------------------------
Joint ventures; 41
---------------------------------------------------------------------------
\41\ The OIG is troubled by the proliferation of business
arrangements that may violate the anti-kickback statute. Such
arrangements are generally established between those in a position
to refer business, such as physicians, and those providing items or
services for which a Federal health care program pays. Sometimes
established as ``joint ventures,'' these arrangements may take a
variety of forms. The OIG currently has a number of investigations
and audits underway that focus on such areas of concern. Similarly,
the billing company should not confer gifts/entertainment upon the
client-provider as this could also implicate the anti-kickback
statute.
---------------------------------------------------------------------------
Routine waiver of copayments and billing third-party
insurance only; 42 and
---------------------------------------------------------------------------
\42\ Billing companies should encourage providers to make a good
faith effort to collect copayments, deductibles and non-covered
services from federally and privately-insured patients. Billing
``insurance only'' may violate the False Claims Act, the anti-
kickback statute, the Civil Monetary Penalties Law, 42 U.S.C. 1320a-
7a(a)5, as amended by Pub. L. 104-91 section 231(h), and State laws.
For additional information on this problem, the OIG has published a
Special Fraud Alert on the routine waiver of copayments or
deductibles under Medicare Part B. See 59 FR 65,373 (12/19/94).
---------------------------------------------------------------------------
Discounts and professional courtesy.43
---------------------------------------------------------------------------
\43\ Discounts and professional courtesy may not be appropriate
unless the total fee is discounted or reduced. In such situations,
the payor (e.g., Medicare, Medicaid or any other private payor)
should receive its proportional share of the discount or reduction.
---------------------------------------------------------------------------
A billing company's prior history of noncompliance with applicable
statutes, regulations and Federal health care program requirements may
indicate additional types of risk areas where the billing company may
be vulnerable and may require necessary policy measures to prevent
avoidable recurrence.44 Additional risk areas should be
assessed by billing companies as well as incorporated into the written
policies and procedures and training elements developed as part of
their compliance programs.
---------------------------------------------------------------------------
\44\ ``Recurrence of misconduct similar to that which an
organization has previously committed casts doubt on whether it took
all reasonable steps to prevent such misconduct'' and is a
significant factor in the assessment of whether a compliance program
is effective. See United States Sentencing Commission Guidelines,
Guidelines Manual, 8A1.2, Application Note 3(7)(ii).
---------------------------------------------------------------------------
Billing companies that do not code bills should implement policies
that require notification to the provider who is coding to implement
and follow compliance safeguards with respect to documentation of
services rendered. Moreover, the OIG recommends that billing companies
who do not code for their provider clients incorporate in their
contractual agreements the provider's acknowledgment and agreement to
address the following coding compliance safeguards.45
---------------------------------------------------------------------------
\45\ The following risk areas are in no way a comprehensive list
of risk areas for health care providers. They are merely a suggested
list of documentation risks. They do not address the additional risk
areas that apply to health care providers (e.g., medical necessity
issues).
---------------------------------------------------------------------------
b. Risk Assessment--Billing Companies That Provide Coding Services
The written policies and procedures concerning proper coding should
reflect the current reimbursement principles set forth in applicable
statutes, regulations 46 and Federal, State or private payor
health care program requirements and should be developed in tandem with
organizational standards. Furthermore, written policies and procedures
should ensure that coding and billing are based on medical record
documentation. Particular attention should be paid to issues of
appropriate diagnosis codes, DRG coding, individual Medicare Part B
claims (including documentation guidelines for evaluation and
management services) and the use of patient discharge
codes.47 The billing company should also institute a policy
that all rejected claims pertaining to diagnosis and procedure codes be
reviewed by the coder or the coding department. This should facilitate
a
[[Page 70144]]
reduction in similar errors. Among the risk areas that billing
companies who provide coding services should address are:
---------------------------------------------------------------------------
\46\ The official coding guidelines are promulgated by the HCFA,
the National Center for Health Statistics, the American Medical
Association and the American Health Information Management
Association. See International Classification of Diseases, 9th
Revision, Clinical Modification (ICD-9 CM) (and its successors);
1998 HCFA Common Procedure Coding System (HCPCS) (and its
successors); and Physicians' Current Procedural Terminology
(CPT)TM. In addition, there are specialized coding
systems for specific segments of the health care industry. Among
these are ADA (for dental procedures), DSM IV (psychiatric health
benefits) and DMERCs (for durable medical equipment, prosthetics,
orthotics and supplies).
\47\ The failure of a provider to: (i) Document items and
services rendered; and (ii) properly submit them for reimbursement
is a major area of potential fraud and abuse in Federal health care
programs. The OIG has undertaken numerous audits, investigations,
inspections and national enforcement initiatives aimed at reducing
potential and actual fraud, abuse and waste in these areas.
---------------------------------------------------------------------------
Internal coding practices; 48
---------------------------------------------------------------------------
\48\ Internal coding practices, including software edits, should
be reviewed periodically to determine consistency with all
applicable Federal, State and private payor health care program
requirements.
---------------------------------------------------------------------------
``Assumption'' coding; 49
---------------------------------------------------------------------------
\49\ This refers to the coding of a diagnosis or procedure
without supporting clinical documentation. Coding personnel must be
aware of the need for documented verification of services from the
attending physician.
---------------------------------------------------------------------------
Alteration of the documentation;
Coding without proper documentation 50 of all
physician and other professional services;
---------------------------------------------------------------------------
\50\ While proper documentation is the responsibility of the
health care provider, the coder should be aware of proper
documentation requirements and should encourage providers to
document their services appropriately. Depending on the
circumstances, proper documentation can include:
(1) The reason for the patient encounter;
(2) An appropriate history and evaluation;
(3) Documentation of all services;
(4) Documentation of reasons for the services;
(5) An ongoing assessment of the patient's condition;
(6) Information on the patient's progress and treatment outcome;
(7) A documented treatment plan;
(8) A plan of care, including treatments, medications (including
dosage and frequency), referrals and consultations, patient and
family education, and follow-up care;
(9) Changes in treatment plan;
(10) Documentation of medical rationale for the services
rendered;
(11) Documentation that supports the standards of medical
necessity, e.g., certificates of medical necessity for DMEPOS and
home health services;
(12) Abnormal test results addressed in the physician's
documentation;
(13) Identification of relevant health risk factors;
(14) Documentation that meets the E & M codes billed;
(15) Medical records that are dated and authenticated; and/or
(16) Prescriptions.
Billing companies should also reference the Documentation
Guidelines for Evaluation and Management (E/M) Services, published
by the HCFA. These guidelines are available on the Internet at
http://www.hcfa.gov/medicare/mcarpti.htm.
---------------------------------------------------------------------------
Billing for services provided by unqualified or unlicensed
clinical personnel;
Availability of all necessary documentation at the time of
coding; and
Employment of sanctioned individuals.51
---------------------------------------------------------------------------
\51\ Billing companies should ensure that they do not employ or
contract with individuals that have been sanctioned by the OIG or
barred from Federal procurement programs. The Cumulative Sanction
Report is available on the Internet at http://www.dhhs.gov/progorg/
oig. In addition, the General Services Administration maintains a
monthly listing of debarred contractors on the Internet at http://
www.arnet.gov/epls.
---------------------------------------------------------------------------
Billing companies that provide coding services should maintain an
up-to-date, user-friendly index for coding policies and procedures to
ensure that specific information can be readily located. Similarly, for
billing companies that provide coding services, the billing company
should assure that essential coding materials are readily accessible to
all coding staff.52
---------------------------------------------------------------------------
\52\ Examples of reference resources necessary for proper coding
include: a medical dictionary; an anatomy/physiology textbook; up-
to-date ICD, HCPCS and CPTTM code books; Physician's Desk
Reference; Merck Manual; the applicable contractor's provider
manual; and subscriptions to the American Hospital Association's
Coding Clinic for ICD-9-CM (and its successors) and the American
Medical Association's CPT Assistant.
---------------------------------------------------------------------------
Finally, billing companies should emphasize in their standards the
importance of safeguarding the confidentiality of medical, financial
and other personal information in their possession.
3. Claim Submission Process
A number of the risk areas identified above, pertaining to the
claim development and submission process, have been the subject of
administrative proceedings, as well as investigations and prosecutions
under the civil False Claims Act and criminal statutes. Settlement of
these cases often has required the defendants to execute corporate
integrity agreements, in addition to paying significant civil damages
and/or criminal fines and penalties. These corporate integrity
agreements have provided the OIG with a mechanism to advise billing
companies concerning acceptable practices to ensure compliance with
applicable Federal and State statutes, regulations and program
requirements. The following recommendations include a number of
provisions from various corporate integrity agreements. Although these
recommendations include examples of effective policies, each billing
company should develop its own specific policies tailored to fit its
individual needs.
With respect to claims, a billing company's written policies and
procedures should reflect and reinforce current Federal and State
statutes. The policies must create a mechanism for the billing or
reimbursement staff to communicate effectively and accurately with the
health care provider. Policies and procedures should:
Ensure that proper and timely documentation of all
physician and other professional services is obtained prior to billing
to ensure that only accurate and properly documented services are
billed;
Emphasize that claims should be submitted only when
appropriate documentation supports the claims and only when such
documentation is maintained, appropriately organized in legible form
and available for audit and review. The documentation, which may
include patient records, should record the time spent in conducting the
activity leading to the record entry and the identity of the individual
providing the service;
Indicate that the diagnosis and procedures reported on the
reimbursement claim should be based on the medical record and other
documentation, and that the documentation necessary for accurate code
assignment should be available to coding staff at the time of coding.
The HCFA Common Procedure Coding System (HCPCS), International
Classification of Disease (ICD), Current Procedural Terminology
(CPTTM), any other applicable code or revenue code (or
successor code(s) ) used by the coding staff should accurately describe
the service that was ordered by the physician;
Provide that the compensation for billing department
coders and billing consultants should not provide any financial
incentive to improperly upcode claims; 53
---------------------------------------------------------------------------
\53\ See OIG Ad. Op. 98-1 (1998) and OIG Ad. Op. 98-4 (1998).
See also 42 CFR 424.73.
---------------------------------------------------------------------------
Establish and maintain a process for pre- and post-
submission review of claims 54 to ensure claims submitted
for reimbursement accurately represent services provided, are supported
by sufficient documentation and are in conformity with any applicable
coverage criteria for reimbursement; and
---------------------------------------------------------------------------
\54\ The OIG recommends that, at a minimum, a valid statistical
sample of claims be reviewed annually both before and after billing
is submitted. This review should be done by a qualified expert in
the applicable coding process.
---------------------------------------------------------------------------
Obtain clarification from the provider when documentation
is confusing or lacking adequate justification.
Because coding for providers often involves the interpretation of
medical diagnosis and other clinical data and documentation, a billing
company may wish to contract with/assign a qualified physician to
provide guidance to the coding staff regarding clinical issues.
Procedures should be in place to access medical experts when necessary.
Such procedures should allow for medical personnel to be available for
guidance without interrupting or interfering with the quality of
patient care.
4. Credit Balances
Credit balances occur when payments, allowances or charge reversals
posted to an account exceed
[[Page 70145]]
the charges to the account. Providers and their billers should
establish policies and procedures, as well as responsibility, for
timely and appropriate identification and resolution of these
overpayments.55 For example, a billing company may
redesignate segments of its information system to allow for the
segregation of patient accounts reflecting credit balances. The billing
company could remove these accounts from the active accounts and place
them in a holding account pending the processing of a reimbursement
claim to the appropriate payor. A billing company's information system
should have the ability to print out the individual patient accounts
that reflect a credit balance in order to permit simplified tracking of
credit balances. The billing company should maintain a complete audit
trail of all credit balances.
---------------------------------------------------------------------------
\55\ The billing company should also refer to State escheat laws
for the specific requirements relating to notifications, time
periods and payment of any unclaimed funds.
---------------------------------------------------------------------------
In addition, a billing company should designate at least one person
(e.g., in the patient accounts department or reasonable equivalent
thereof) as having the responsibility for the tracking, recording and
reporting of credit balances. Further, a comptroller or an accountant
in the billing company's accounting department (or reasonable
equivalent thereof) may review reports of credit balances and
adjustments on a monthly basis as an additional safeguard.
5. Integrity of Data Systems
Increasingly, the health care industry is using electronic data
interchange (EDI) to conduct business more quickly and efficiently. As
a result, the industry is relying on the capabilities of computers.
Billing companies should establish procedures for maintaining the
integrity of its data collection systems. This should include
procedures for regularly backing-up data (either by diskette,
restricted system or tape) to ensure the accuracy of all data collected
in connection with submission of claims and reporting of credit
balances. At all times, the billing company should have a complete and
accurate audit trail. Additionally, billing companies should develop a
system to prevent the contamination of data by outside parties. This
system should include regularly scheduled virus checks. Finally,
billing companies should ensure that electronic data are protected
against unauthorized access or disclosure.
6. Retention of Records
Billing company compliance programs should provide for the
implementation of a records system. This system should establish
policies and procedures regarding the creation, distribution,
retention, storage, retrieval and destruction of documents. The three
types of documents developed under this system should include: (1) All
records and documentation required by either Federal or State law and
the program requirements of Federal, State and private health plans
(for billing companies, this should include all documents related to
the billing and coding process); (2) records listing the persons
responsible for implementing each part of the compliance plan; and (3)
all records necessary to protect the integrity of the billing company's
compliance process and confirm the effectiveness of the program. The
documentation necessary to satisfy the third requirement includes:
evidence of adequate employee training; reports from the billing
company's hotline; results of any investigation conducted as a
consequence of a hotline call; modifications to the compliance program;
self-disclosure; all written notifications to providers; 56
and the results of the billing company's auditing and monitoring
efforts.
---------------------------------------------------------------------------
\56\ This should include notifications regarding: inappropriate
claims; overpayments; and termination of the contract.
---------------------------------------------------------------------------
7. Compliance as an Element of a Performance Plan
Compliance programs should require that the promotion of, and
adherence to, the elements of the compliance program be a factor in
evaluating the performance of all employees. Employees should be
periodically trained in new compliance policies and procedures. In
addition, all managers and supervisors involved in the coding and
claims submission processes should:
Discuss with all supervised employees and relevant
contractors the compliance policies and legal requirements applicable
to their function;
Inform all supervised personnel that strict compliance
with these policies and requirements is a condition of employment; and
Disclose to all supervised personnel that the billing
company will take disciplinary action up to and including termination
for violation of these policies or requirements.
In addition to making performance of these duties an element in
evaluations, the compliance officer or company management should
include a policy that managers and supervisors will be sanctioned for
failure to instruct adequately their subordinates or for failure to
detect noncompliance with applicable policies and legal requirements,
where reasonable diligence on the part of the manager or supervisor
should have led to the discovery of any problems or violations.
B. Designation of a Compliance Officer and a Compliance Committee
1. Compliance Officer
Every billing company should designate a compliance officer to
serve as the focal point for compliance activities. This responsibility
may be the individual's sole duty or added to other management
responsibilities, depending upon the size and resources of the billing
company and the complexity of the task. For those billing companies
that have limited resources, the compliance function could be
outsourced to an expert in compliance.57
---------------------------------------------------------------------------
\57\ If the billing company chooses to outsource the compliance
function, the OIG recommends the billing company engage an
individual with significant experience in the billing and coding
industries. Multiple small billing and coding facilities may
contract with an individual to job-share the individual's time and
expertise in the area of compliance.
---------------------------------------------------------------------------
Designating a compliance officer with the appropriate authority is
critical to the success of the program, necessitating the appointment
of a high-level official in the billing company with direct access to
the company's governing body, the CEO, all other senior management and
legal counsel.58 The officer should have sufficient funding
and staff to perform his or her responsibilities fully. Coordination
and communication are the key functions of the compliance officer with
regard to planning, implementing and monitoring the compliance program.
With this in mind, the OIG recommends the billing company's compliance
officer closely coordinate compliance functions with the provider's
compliance officer.
---------------------------------------------------------------------------
\58\ The OIG believes that it is not advisable for the
compliance function to be subordinate to the billing company's
general counsel, or comptroller or similar billing company financial
officer. Free standing compliance functions help to ensure
independent and objective legal reviews and financial analyses of
the institution's compliance efforts and activities. By separating
the compliance function from the key management positions of general
counsel or chief financial officer (where the size and structure of
the billing company make this a feasible option), a system of checks
and balances is established to more effectively achieve the goals of
the compliance program.
---------------------------------------------------------------------------
The compliance officer's primary responsibilities should include:
[[Page 70146]]
Overseeing and monitoring the implementation of the
compliance program; 59
---------------------------------------------------------------------------
\59\ For multi-site billing companies, the OIG encourages
coordination with each billing facility owned by the billing company
through the use of a corporate compliance officer.
---------------------------------------------------------------------------
Reporting on a regular basis to the billing company's
governing body, CEO and compliance committee (if applicable) on the
progress of implementation and assisting these components in
establishing methods to improve the billing company's efficiency and
quality of services and to reduce the billing company's vulnerability
to fraud, abuse and waste;
Periodically revising the program in light of changes in
the organization's needs and in the law and policies and procedures of
Government and private payor health plans;
Reviewing employees' certifications that they have
received, read and understood the standards of conduct;
Developing, coordinating and participating in a
multifaceted educational and training program that focuses on the
elements of the compliance program and seeks to ensure that all
appropriate employees and management are knowledgeable of, and comply
with, pertinent Federal and State standards;
Coordinating personnel issues with the billing company's
human resources/personnel office (or its equivalent) to ensure that
providers and employees do not appear in the Cumulative Sanction
Report; 60
---------------------------------------------------------------------------
\60\ See note 51.
---------------------------------------------------------------------------
Assisting the billing company's financial management in
coordinating internal compliance review and monitoring activities,
including annual or periodic reviews of departments;
Independently investigating and acting on matters related
to compliance, including the flexibility to design and coordinate
internal investigations (e.g., responding to reports of problems or
suspected violations) and any resulting corrective action with all
billing departments, providers and sub-providers, agents and, if
appropriate, independent contractors;
Developing policies and programs that encourage managers
and employees to report suspected fraud and other improprieties without
fear of retaliation; and
Continuing the momentum of the compliance program and the
accomplishment of its objectives long after the initial years of
implementation.61
---------------------------------------------------------------------------
\61\ Periodic on-site visits of the billing company's
operations, bulletins with compliance updates and reminders,
distribution of audiotapes or videotapes on different risk areas,
lectures at management and employee meetings, circulation of recent
health care articles covering fraud and abuse and innovative changes
to compliance training are various examples of approaches and
techniques the compliance officer can employ for the purpose of
ensuring continued interest in the compliance program and the
billing company's commitment to its principles and policies.
---------------------------------------------------------------------------
The compliance officer must have the authority to review all
documents and other information that are relevant to compliance
activities, including, but not limited to, patient records (where
appropriate), billing records and records concerning the marketing
efforts of the facility and the billing company's arrangements with
other parties, including employees, professionals on staff, relevant
independent contractors, suppliers, agents, supplemental staffing
entities and physicians. This policy enables the compliance officer to
review contracts and obligations (seeking the advice of legal counsel,
where appropriate) that may contain referral and payment provisions
that could violate statutory or regulatory requirements.
In addition, the compliance officer should be copied on the results
of all internal audit reports and work closely with key managers to
identify aberrant trends in the coding and billing areas. The
compliance officer should ascertain patterns that require a change in
policy and forward these issues to the compliance committee to remedy
the problem. A compliance officer should have full authority to stop
the processing of claims that he or she believes are problematic until
such time as the issue in question has been resolved.
2. Compliance Committee
The OIG recommends, where feasible,62 that a compliance
committee be established to advise the compliance officer and assist in
the implementation of the compliance program.63 When
assembling a team of people to serve as the billing company's
compliance committee, the company should include individuals with a
variety of skills.64 Appropriate members of the compliance
committee include the director of billing and the director of coding.
The OIG strongly recommends that the compliance officer manage the
compliance committee. Once a billing company chooses the people that
will accept the responsibilities vested in members of the compliance
committee, the billing company must train these individuals on the
policies and procedures of the compliance program.
---------------------------------------------------------------------------
\62\ The OIG recognizes that smaller billing companies may not
be able to establish a compliance committee. In those situations,
the compliance officer should fulfill the responsibilities of the
compliance committee.
\63\ The compliance committee benefits from having the
perspectives of individuals with varying responsibilities in the
organization, such as operations, finance, audit, human resources,
utilization review, medicine, coding and legal, as well as employees
and managers of key operating units. These individuals should have
the requisite seniority and comprehensive experience within their
respective departments to implement any necessary changes in the
company's policies and procedures.
\64\ A billing company should expect its compliance committee
members and compliance officer to demonstrate high integrity, good
judgment, assertiveness and an approachable demeanor, while
eliciting the respect and trust of employees of the billing company.
The compliance committee members should also have significant
professional experience in working with billing, coding, clinical
records and auditing principles.
---------------------------------------------------------------------------
The committee's responsibilities should include:
Analyzing the organization's regulatory environment, the
legal requirements with which it must comply 65 and specific
risk areas;
---------------------------------------------------------------------------
\65\ This includes, but is not limited to, the civil False
Claims Act, 31 U.S.C. 3729-3733, the criminal false claims statutes,
18 U.S.C. 287, 1001, the fraud and abuse provisions of the Balanced
Budget Act of 1997, Pub. L. 105-33 and the Health Insurance
Portability and Accountability Act of 1996, Pub. L. 104-191.
---------------------------------------------------------------------------
Assessing existing policies and procedures that address
these areas for possible incorporation into the compliance program;
Working with appropriate departments to develop standards
of conduct and policies and procedures that promote allegiance to the
company's compliance program; 66
---------------------------------------------------------------------------
\66\ For billing companies, this includes developing and
fostering excellent coordination and communication with its provider
clients.
---------------------------------------------------------------------------
Recommending and monitoring, in conjunction with the
relevant departments, the development of internal systems and controls
to carry out the organization's standards, policies and procedures as
part of its daily operations;
Determining the appropriate strategy/approach to promote
compliance with the program and detection of any potential violations,
such as through hotlines and other fraud reporting mechanisms;
Developing a system to solicit, evaluate and respond to
complaints and problems; and
Monitoring internal and external audits and investigations
for the purpose of identifying troublesome issues and deficient areas
experienced by the billing company and implementing corrective and
preventive action.
The committee may also address other functions as the compliance
concept becomes part of the overall operating structure and daily
routine.
[[Page 70147]]
C. Conducting Effective Training and Education
1. Initial Training in Compliance
The proper education and training of corporate officers, managers,
employees and the continual retraining of current personnel at all
levels are significant elements of an effective compliance program. In
order to ensure the appropriate information is being disseminated to
the correct individuals, the training should be separated into two
sessions, depending on the employees' involvement in the submission of
claims for reimbursement. All employees should attend the general
session on compliance, while employees whose job primarily focuses on
submission of claims for reimbursement should be the participants in
the detailed sessions.
In the development of a training program, the billing company
should consult with its provider clients to ensure that a consistent
message is being delivered and avoid any potential conflicts in the
implementation of policies and procedures.
a. General Sessions
As part of their compliance programs, billing companies should
require all affected personnel to attend training on an annual basis,
including appropriate training in Federal and State statutes,
regulations and guidelines, the policies of private payors and training
in corporate ethics. The general training sessions should emphasize the
organization's commitment to compliance with these legal requirements
and policies.
These training programs should include sessions highlighting the
organization's compliance program, summarizing fraud and abuse statutes
and regulations, Federal, State and private payor health care program
requirements, coding requirements, the claim submission process and
marketing practices that reflect current legal and program standards.
The organization must take steps to communicate effectively its
standards and procedures to all affected employees, physicians,
independent contractors and other significant agents, e.g., by
requiring participation in training programs and disseminating
publications that explain specific requirements in a practical
manner.67 Managers of specific departments or groups can
assist in identifying areas that require training and in carrying out
such training.68 Training instructors may come from outside
or inside the organization. New employees should be targeted for
training early in their employment.69
---------------------------------------------------------------------------
\67\ Some publications, such as Special Fraud Alerts, audit and
inspection reports, and advisory opinions, as well as the annual OIG
work plan, are readily available from the OIG and could be the basis
for standards, educational courses and programs for appropriate
billing employees.
\68\ Significant variations in functions and responsibilities of
different departments or groups may create the need for training
materials that are tailored to the compliance concerns associated
with particular operations and duties.
\69\ Certain positions, such as those involving the coding of
medical services, create a greater organizational legal exposure,
and therefore require specialized training. Billing companies should
fill such positions with individuals who have the appropriate
educational background, training and credentials.
---------------------------------------------------------------------------
As part of the initial training, the standards of conduct should be
distributed to all employees.70 At the end of this training
session, every employee, as well as contracted consultants, should be
required to sign and date a statement that reflects the employee's
knowledge of and commitment to the standards of conduct.
---------------------------------------------------------------------------
\70\ Where the billing company has a culturally diverse employee
base, the standards of conduct should be translated into other
languages and written at appropriate reading levels.
---------------------------------------------------------------------------
This attestation should be retained in the employee's personnel
file. For contracted consultants, the attestation should become part of
the contract and remain in the file that contains such documentation.
Further, to assist in ensuring employees continuously meet the expected
high standards set forth in the code of conduct, any employee handbook
delineating or expanding upon these standards of conduct should be
regularly updated as applicable statutes, regulations and Federal
health care program requirements are modified.71 Billing
companies should provide an additional attestation in the modified
standards that stipulates the employee's knowledge of and commitment to
the modifications.
---------------------------------------------------------------------------
\71\ The OIG recognizes that not all standards, policies and
procedures need to be communicated to all employees. However, the
OIG believes that the bulk of the standards that relate to complying
with fraud and abuse laws and other ethical areas should be
addressed and made part of all employees' training. The billing
company should determine what additional training to provide
categories of employees based upon their job responsibilities.
---------------------------------------------------------------------------
b. Coding and Billing Training
In addition to specific training in the risk areas identified in
section II.A.2, above, primary training to appropriate corporate
officers, managers and other billing company staff should include such
topics as:
Specific Government and private payor reimbursement
principles; 72
---------------------------------------------------------------------------
\72\ Government, in this context, includes the appropriate
Medicare carrier or intermediary.
---------------------------------------------------------------------------
General prohibitions on paying or receiving remuneration
to induce referrals;
Proper selection and sequencing of diagnoses;
Improper alterations to documentation;
Submitting a claim for physician services when rendered by
a non-physician (i.e., the ``incident to'' rule and the physician
physical presence requirement);
Proper documentation of services rendered, including the
correct application of official coding rules and guidelines;
Signing a form for a physician without the physician's
authorization; and
Duty to report misconduct.
Clarifying and emphasizing these areas of concern through training
and educational programs are particularly relevant to a billing
company's marketing and financial personnel, in that the pressure to
meet business goals may render these employees particularly vulnerable
to engaging in prohibited practices.
2. Format of the Training Program
The OIG suggests all relevant levels of personnel be made part of
various educational and training programs of the billing
company.73 Employees should be required to have a minimum
number of educational hours per year, as appropriate, as part of their
employment responsibilities.74 For example, as discussed
above, certain employees involved in billing functions should be
required to attend periodic training in applicable reimbursement
coverage and documentation of records.75 A variety of
teaching methods, such as interactive training and training in several
different
[[Page 70148]]
languages, particularly where a billing company has a culturally
diverse staff, should be implemented so that all affected employees are
knowledgeable about the institution's standards of conduct and
procedures for alerting senior management to problems and
concerns.76 Targeted training should be provided to
corporate officers, managers and other employees whose actions affect
the accuracy of the claims submitted to the Government, such as
employees involved in the coding, billing and marketing processes. All
training materials should be designed to take into account the skills,
knowledge and experience of the individual trainees. Given the
complexity and interdependent relationships of many departments, it is
important for the compliance officer to supervise and coordinate the
training program.
---------------------------------------------------------------------------
\73\ In addition, where feasible, the OIG recommends that a
billing company afford outside contractors and its provider clients
the opportunity to participate in the billing company's compliance
training and educational programs or develop their own programs that
complement the billing company's standards of conduct, compliance
requirements and other rules and practices.
\74\ Currently, the OIG is monitoring a significant number of
corporate integrity agreements that require many of these training
elements. The OIG usually requires a minimum of one to three hours
annually for basic training in compliance areas. Additional training
is required for specialty fields such as billing, coding and
marketing.
\75\ Appropriate coding and billing depends upon the quality and
completeness of documentation. Therefore, the OIG believes that the
billing company must foster an environment where interactive
communication is encouraged. Health care providers should be
reminded that thorough, precise and timely documentation of services
provided serves the interests of the patient, the interest of the
provider, as well as the interests of the billing company.
\76\ Post-training tests can be used to assess the success of
training provided and employee comprehension of the billing
company's policies and procedures.
---------------------------------------------------------------------------
The OIG recommends attendance and participation at training
programs be made a condition of continued employment and that failure
to comply with training requirements should result in disciplinary
action, including possible termination, when such failure is serious.
Adherence to the provisions of the compliance program, such as training
requirements, should be a factor in the annual evaluation of each
employee. The billing company should retain adequate records of its
training of employees, including attendance logs and material
distributed at training sessions.
3. Continuing Education on Compliance Issues
It is essential that compliance issues remain at the forefront of
the billing company's priorities. The OIG recommends billing company
compliance programs address the need for periodic professional
education courses for billing company personnel. In particular, the
billing company should ensure that coding personnel receive annual
professional training on the updated codes for the current year.
In order to maintain a sense of seriousness about compliance in the
billing company's operations, the billing company must continue to
disseminate the compliance message. One effective mechanism for
maintaining a consistent presence of the compliance message is to
publish a monthly newsletter to address compliance concerns. This would
allow the billing company to address specific examples of problems the
company encountered during its ongoing audits and risk analysis, while
reinforcing the company's firm commitment to the general principles of
compliance and ethical conduct. The newsletter could also include the
risk areas published by the OIG in its Special Fraud Alerts. Finally,
the billing company could use the newsletter as a mechanism to address
areas of ambiguity in the coding and billing process. The billing
company should maintain its newsletters in a central location to
document the guidance offered and provide new employees with access to
guidance previously provided.
D. Developing Effective Lines of Communication
1. Access to the Compliance Officer
An open line of communication between the compliance officer and
the billing company personnel is equally important to the successful
implementation of a compliance program and the reduction of any
potential for fraud, abuse and waste. Written confidentiality and non-
retaliation policies should be developed and distributed to all
employees to encourage communication and the reporting of incidents of
potential fraud.77 The compliance committee should also
develop several independent reporting paths for an employee to report
fraud, waste or abuse so that such reports cannot be diverted by
supervisors or other personnel.
---------------------------------------------------------------------------
\77\ The OIG believes that whistle blowers should be protected
against retaliation, a concept embodied in the provisions of the
False Claims Act. See 31 U.S.C. 3730(h). In many cases, employees
sue their employers under the False Claims Act's qui tam provisions
out of frustration because of the company's failure to take action
when a questionable, fraudulent or abusive situation was brought to
the attention of senior corporate officials.
---------------------------------------------------------------------------
The OIG encourages the establishment of procedures for personnel to
seek clarification from the compliance officer or members of the
compliance committee in the event of any confusion or question
regarding a company policy, practice or procedure. Questions and
responses should be documented and dated and, if appropriate, shared
with other staff so that standards, policies, practices and procedures
can be updated and improved to reflect any necessary changes or
clarifications. The compliance officer may want to solicit employee
input in developing these communication and reporting systems.
2. Hotlines and Other Forms of Communication
The OIG encourages the use of hotlines 78 (including
anonymous hotlines), e-mails, written memoranda, newsletters and other
forms of information exchange to maintain these open lines of
communication.79 If the billing company establishes a
hotline, the telephone number should be made readily available to all
employees and independent contractors, by circulating the number on
wallet cards or conspicuously posting the telephone number in common
work areas.80 Employees should be permitted to report
matters on an anonymous basis. Matters reported through the hotline or
other communication sources that suggest substantial violations of
compliance policies, Federal, State or private payor health care
program requirements, regulations or statutes should be documented and
investigated promptly to determine their veracity. A log should be
maintained by the compliance officer that records such calls, including
the nature of any investigation and its results.81 Such
information should be included in reports to the governing body, the
CEO and compliance committee.82 Further, while the billing
company should always strive to maintain the confidentiality of an
employee's identity, it should also explicitly communicate that there
may be a point where the individual's identity may
[[Page 70149]]
become known or may have to be revealed.
---------------------------------------------------------------------------
\78\ The OIG recognizes that it may not be financially feasible
for a small billing company to maintain a telephone hotline
dedicated to receiving calls solely on compliance issues. These
companies may explore alternative methods, e.g., contracting with an
independent source to provide hotline services or establishing a
written method of confidential disclosure.
\79\ In addition to methods of communication used by current
employees, an effective employee exit interview program could be
designed to solicit information from departing employees regarding
potential misconduct and suspected violations of the billing
company's policy and procedures.
\80\ Billing companies should also post in a prominent,
available area the HHS-OIG Hotline telephone number, 1-800-447-8477
(HHS-TIPS), in addition to any company hotline number that may be
posted.
\81\ To efficiently and accurately fulfill such an obligation,
the billing company should create an intake form for all compliance
issues identified through reporting mechanisms. The form could
include information concerning the date the potential problem was
reported, the internal investigative methods utilized, the results
of any investigation, any corrective action implemented, any
disciplinary measures imposed and any overpayments and monies
returned.
\82\ Information obtained over the hotline may provide valuable
insight into management practices and operations, whether reported
problems are actual or perceived.
---------------------------------------------------------------------------
The OIG recognizes that assertions of fraud and abuse by employees
who may have participated in illegal conduct or committed other
malfeasance raise numerous complex legal and management issues that
should be examined on a case-by-case basis. The compliance officer
should work closely with legal counsel, who can provide guidance
regarding such issues.
E. Enforcing Standards Through Well-p ublicized Disciplinary Guidelines
1. Discipline Policy and Actions
An effective compliance program should include guidance regarding
disciplinary action for corporate officers, managers and employees who
have failed to comply with the billing company's standards of conduct,
policies and procedures, Federal, State or private payor health care
program requirements, or Federal and State laws, or those who have
otherwise engaged in wrongdoing, which has the potential to impair the
billing company's status as a reliable, honest and trustworthy
organization.
The OIG believes the compliance program should include a written
policy statement setting forth the degrees of disciplinary actions that
may be imposed upon corporate officers, managers and employees for
failing to comply with the billing company's standards and policies and
applicable statutes and regulations. Intentional or reckless
noncompliance should subject transgressors to significant sanctions.
Such sanctions could range from oral warnings to suspension,
termination or financial penalties, as appropriate. Each situation must
be considered on a case-by-case basis to determine the appropriate
sanction. The written standards of conduct should elaborate on the
procedures for handling disciplinary problems and identify who will be
responsible for taking appropriate action. Some disciplinary actions
can be handled by department managers, while others may have to be
resolved by a senior manager. Disciplinary action may be appropriate
where a responsible employee's failure to detect a violation is
attributable to his or her negligence or reckless conduct. Personnel
should be advised by the billing company that disciplinary action will
be taken on a fair and equitable basis. Managers and supervisors should
be made aware that they have a responsibility to discipline employees
in an appropriate and consistent manner.
It is vital to publish and disseminate the range of possible
disciplinary actions for improper conduct and to educate officers and
other staff regarding these standards. The consequences of
noncompliance should be consistently applied and enforced for the
disciplinary policy to have the required deterrent effect. All levels
of employees should be subject to the same disciplinary action for the
commission of similar offenses. The commitment to compliance applies to
all personnel levels within a billing company. The OIG believes that
corporate officers, managers and supervisors should be held accountable
for failing to comply with, or for the foreseeable failure of their
subordinates to adhere to, the applicable standards, laws, rules,
program instructions and procedures.
2. New Employee Policy
For all new employees who have discretionary authority to make
decisions that may involve compliance with the law or compliance
oversight, billing companies should conduct a reasonable and prudent
background investigation, including a reference check, as part of every
such employment application. The application should specifically
require the applicant to disclose any criminal conviction, as defined
by 42 U.S.C. 1320a-7(i), or exclusion action. Pursuant to the
compliance program, billing company policies should prohibit the
employment of individuals who have been recently convicted of a
criminal offense related to health care or who are listed as debarred,
excluded or otherwise ineligible for participation in Federal health
care programs.83 In addition, pending the resolution of any
criminal charges or proposed debarment or exclusion, the OIG recommends
that such individuals should be removed from direct responsibility for,
or involvement, in any Federal health care program.84
Similarly, with regard to current employees or independent contractors,
if resolution of the matter results in conviction, debarment or
exclusion, then the billing company should remove the individual from
direct responsibility for or involvement with all Federal health care
programs.
---------------------------------------------------------------------------
\83\ See note 51. Likewise, billing company compliance programs
should establish standards prohibiting the execution of contracts
with companies that have been recently convicted of a criminal
offense related to health care or that are listed by a Federal
agency as debarred, excluded or otherwise ineligible for
participation in Federal health care programs.
\84\ Prospective employees who have been officially reinstated
into the Medicare and Medicaid programs by the OIG may be considered
for employment upon proof of such reinstatement.
---------------------------------------------------------------------------
F. Auditing and Monitoring
An ongoing evaluation process is critical to a successful
compliance program. The OIG believes an effective program should
incorporate thorough monitoring of its implementation and regular
reporting to senior company officers.85 Compliance reports
created by this ongoing monitoring, including reports of suspected
noncompliance, should be maintained by the compliance officer and
reviewed with the billing company's senior management and the
compliance committee. The extent and frequency of the audit function
may vary depending on factors such as the size of the company, the
resources available to the company, the company's prior history of
noncompliance and the risk factors that are prevalent in a particular
billing company.
---------------------------------------------------------------------------
\85\ Even when a facility is owned by a larger corporate entity,
the regular auditing and monitoring of the compliance activities of
an individual facility must be a key feature in any annual review.
Appropriate reports on audit findings should be periodically
provided and explained to a parent-organization's senior staff and
officers.
---------------------------------------------------------------------------
Although many monitoring techniques are available, one effective
tool to promote and ensure compliance is the performance of regular,
periodic compliance audits by internal or external auditors who have
expertise in Federal and State health care statutes, regulations, and
Federal, State and private payor health care program requirements. The
audits should focus on the billing company's programs or divisions,
including external relationships with third-party contractors,
specifically those with substantive exposure to Government enforcement
actions. At a minimum, these audits should be designed to address the
billing company's compliance with laws governing kickback arrangements,
coding practices, claim submission, reimbursement and marketing. In
addition, the audits and reviews should examine the billing company's
compliance with specific rules and policies that have been the focus of
particular attention on the part of the Medicare fiscal intermediaries
or carriers, and law enforcement, as evidenced by OIG Special Fraud
Alerts, OIG audits and evaluations and law enforcement's
initiatives.86 In addition, the billing company should focus
on any areas of specific concern identified within that billing company
and those
[[Page 70150]]
that may have been identified by any outside agency, whether Federal or
State.
---------------------------------------------------------------------------
\86\ See section II.A.2.
---------------------------------------------------------------------------
Monitoring techniques may include sampling protocols that permit
the compliance officer to identify and review variations from an
established baseline.87 Significant variations from the
baseline should trigger a reasonable inquiry to determine the cause of
the deviation. If the inquiry determines that the deviation occurred
for legitimate, explainable reasons, the compliance officer or manager
may want to limit any corrective action or take no action. If it is
determined that the deviation was caused by improper procedures,
misunderstanding of rules, including fraud and systemic problems, the
billing company should take prompt steps to correct the
problem.88 Any overpayments discovered as a result of such
deviations should be reported promptly to the appropriate provider,
with appropriate documentation and a thorough explanation of the reason
for the overpayment.89
---------------------------------------------------------------------------
\87\ The OIG recommends that when a compliance program is
established in a billing company, the compliance officer, with the
assistance of department managers, take a ``snapshot'' of the
company's operations from a compliance perspective. This assessment
can be undertaken by outside consultants, law or accounting firms,
or internal staff, with authoritative knowledge of health care
compliance requirements. This ``snapshot,'' often used as part of
bench marking analysis, becomes a baseline for the compliance
officer and other managers to judge the billing company's progress
in reducing or eliminating potential areas of vulnerability. For
example, it has been suggested that a baseline level include the
frequency and percentile levels of CPTTM and HCPCS codes.
Similarly, billing companies should track statistical data on claim
rejection by code. This will facilitate identification of problem
areas and elimination of potential areas of abusive or fraudulent
conduct.
\88\ Prompt steps to correct the problem include contacting the
appropriate provider in situations where the provider's actions
contributed to the problem.
\89\ In addition, when appropriate, as referenced in section
G.2, below, reports of fraud or systemic problems should also be
made to the appropriate governmental authority.
---------------------------------------------------------------------------
An effective compliance program should also incorporate periodic
(at a minimum, annual) reviews of whether the program's compliance
elements have been satisfied, e.g., whether there has been appropriate
dissemination of the program's standards, training, ongoing educational
programs and disciplinary actions, among others.90 This
process will verify actual conformance by all departments with the
compliance program. Such reviews could support a determination that
appropriate records have been created and maintained to document the
implementation of an effective program. However, when monitoring
discloses deviations were not detected in a timely manner due to
program deficiencies, appropriate modifications must be implemented.
Such evaluations, when developed with the support of management, can
help ensure compliance with the billing company's policies and
procedures.
---------------------------------------------------------------------------
\90\ One way to assess the knowledge, awareness and perceptions
of the billing company staff is through the use of a validated
survey instrument (e.g., employee questionnaires, interviews or
focus groups).
---------------------------------------------------------------------------
As part of the review process, the compliance officer or reviewers
should consider techniques such as:
On-site visits;
Testing billing and coding staff on their knowledge of
reimbursement and coverage criteria (e.g., presenting hypothetical
scenarios of situations experienced in daily practice and assess
responses);
Unannounced mock surveys, audits and investigations;
Examination of the billing company's complaint logs;
Checking personnel records to determine whether any
individuals who have been reprimanded for compliance issues in the past
are among those currently engaged in improper conduct;
Interviews with personnel involved in management,
operations, coding, claim development and submission and other related
activities;
Questionnaires developed to solicit impressions of a broad
cross-section of the billing company's employees and staff;
Reviews of written materials and documentation prepared by
the different divisions of a billing company; and
Trend analyses, or longitudinal studies, that seek
deviations, positive or negative, in specific areas over a given
period.
The reviewers should:
Possess the qualifications and experience necessary to
adequately identify potential issues with the subject matter to be
reviewed;
Be objective and independent of line management;
91
---------------------------------------------------------------------------
\91\ The OIG recognizes that billing companies that are small in
size and have limited resources may not be able to use internal
reviewers who are not part of line management or hire outside
reviewers.
---------------------------------------------------------------------------
Have access to existing audit and health care resources,
relevant personnel and all relevant areas of operation;
Present written evaluative reports on compliance
activities to the CEO, governing body members of the compliance
committee and its provider clients on a regular basis, but not less
than annually; 92 and
---------------------------------------------------------------------------
\92\ These evaluative reports should include a valid statistical
sample of claims submitted to Federal health care programs.
---------------------------------------------------------------------------
Specifically identify areas where corrective actions are
needed.
With these reports, management can take whatever steps are
necessary to correct past problems and prevent them from recurring. In
certain cases, subsequent reviews or studies would be advisable to
ensure that the recommended corrective actions have been implemented
successfully.
The billing company should document its efforts to comply with
applicable statutes, regulations and Federal health care program
requirements. For example, where a billing company, in its efforts to
comply with a particular statute, regulation or program requirement,
requests advice from a Government agency (including a Medicare fiscal
intermediary or carrier) charged with administering a Federal health
care program, the billing company should document and retain a record
of the request and any written or oral response. This step is extremely
important if the billing company intends to rely on that response to
guide it in future decisions, actions or claim reimbursement requests
or appeals. A log of oral inquiries between the billing company and
third parties will help the organization document its attempts at
compliance. In addition, the billing company should maintain records
relevant to the issue of whether its reliance was ``reasonable,'' and
whether it exercised due diligence in developing procedures to
implement the advice.
G. Responding to Detected Offenses and Developing Corrective Action
Initiatives
1. Violations and Investigations
Violations of the billing company's compliance program, failures to
comply with applicable Federal or State law, rules and program
instructions and other types of misconduct threaten a billing company's
status as a reliable, honest and trustworthy company. Detected but
uncorrected misconduct can seriously endanger the mission, reputation
and legal status of the billing company. Consequently, upon reports or
reasonable indications of suspected noncompliance, it is important that
the chief compliance officer or other management officials promptly
investigate the conduct in question to determine whether a material
violation of applicable law, rule or program instruction or the
requirements of the compliance program has occurred, and if so, take
steps to correct the problem.93
[[Page 70151]]
As appropriate, such steps may include an immediate referral to
criminal and/or civil law enforcement authorities, a corrective action
plan,94 a report to the Government,95 and the
notification to the provider of any discrepancies or overpayments, if
applicable.
---------------------------------------------------------------------------
\93\ Instances of non-compliance must be determined on a case-
by-case basis. The existence, or amount, of a monetary loss to a
health care program is not solely determinative of whether or not
the conduct should be investigated and reported to governmental
authorities. In fact, there may be instances where there is no
readily identifiable monetary loss at all, but corrective action and
reporting are still necessary to protect the integrity of the
applicable program and its beneficiaries.
\94\ Advice from the billing company's in-house counsel or an
outside law firm may be sought to determine the extent of the
billing company's liability and to plan the appropriate course of
action.
\95\ The OIG currently maintains a provider self-disclosure
protocol that encourages providers to report suspected fraud. The
concept of self-disclosure is premised on a recognition that the
Government alone cannot protect the integrity of the Medicare and
other Federal health care programs. Health care providers must be
willing to police themselves, correct underlying problems and work
with the Government to resolve these matters. The self-disclosure
protocol can be located on the OIG's website at http://www.dhhs.gov/
progorg/oig.
---------------------------------------------------------------------------
Even if the overpayment detection and return process is working and
is being monitored by the billing company's audit or coding divisions,
the OIG still believes that the compliance officer needs to be made
aware of these significant overpayments, violations or deviations that
may reveal trends or patterns indicative of a systemic problem.
Depending upon the nature of the alleged violations, an internal
investigation will probably include interviews and a review of relevant
documents. Some billing companies should consider engaging outside
counsel, auditors or health care experts to assist in an investigation.
Records of the investigation should contain documentation of the
alleged violation, a description of the investigative process
(including the objectivity of the investigators and methodologies
utilized), copies of interview notes and key documents, a log of the
witnesses interviewed and the documents reviewed, the results of the
investigation, e.g., any disciplinary action taken and any corrective
action implemented. Although any action taken as the result of an
investigation will necessarily vary depending upon the billing company
and the situation, billing companies should strive for some consistency
by utilizing sound practices and disciplinary protocols.96
Further, after a reasonable period, the compliance officer should
review the circumstances that formed the basis for the investigation to
determine whether similar problems have been uncovered or modifications
of the compliance program are necessary to prevent and detect other
inappropriate conduct or violations.
---------------------------------------------------------------------------
\96\ The parameters of a claim review subject to an internal
investigation will depend on the circumstances surrounding the
issue(s) identified. By limiting the scope of the internal audit to
current billing, a billing company may fail to identify major
problems and deficiencies in operations, as well as be subject to
certain liability.
---------------------------------------------------------------------------
If an investigation of an alleged violation is undertaken and the
compliance officer believes the integrity of the investigation may be
at stake because of the presence of employees under investigation,
those subjects should be removed from their current work activity until
the investigation is completed (unless an internal or Government-led
undercover operation known to the billing company is in effect). In
addition, the compliance officer should take appropriate steps to
secure or prevent the destruction of documents or other evidence
relevant to the investigation. If the billing company determines
disciplinary action is warranted, it should be prompt and imposed in
accordance with the billing company's written standards of disciplinary
action.
2. Reporting
a. Obligations Based on Billing Company Misconduct
If the compliance officer, compliance committee or a management
official discovers credible evidence of misconduct by the billing
company from any source and, after reasonable inquiry, has reason to
believe that the misconduct may violate criminal, civil or
administrative law,97 then the billing company should report
the existence of misconduct promptly to the appropriate Government
authority 98 within a reasonable period, but not more than
sixty (60) days after determining that there is credible evidence of a
violation. Prompt reporting will demonstrate the billing company's good
faith and willingness to work with governmental authorities to correct
and remedy the problem. In addition, reporting such conduct will be
considered a mitigating factor by the OIG in determining administrative
sanctions (e.g., penalties, assessments and exclusion), if the
reporting company becomes the target of an OIG
investigation.99
---------------------------------------------------------------------------
\97\ When making the determination of credible misconduct, the
billing company should consider 18 U.S.C. 669 [holding an
individual(s) criminally liable for knowingly and willfully
embezzling, stealing or otherwise converting to the use of any
person other than the rightful owner or intentionally misapplying
any of the monies, funds . . . premiums, credits, property or assets
of a health care benefit program] and 18 U.S.C. 2 (establishing
criminal liability for an individual(s) who commits an offense
against the United States or aids, abets, counsels, commands,
induces or procures its commission as punishable as the principle).
\98\ Appropriate Federal and/or State authorities include the
Office of Inspector General of the Department of Health and Human
Services, the Criminal and Civil Divisions of the Department of
Justice, the U.S. Attorneys in the relevant districts, and the other
investigative arms for agencies administering the affected Federal
or State health care programs, such as the State Medicaid Fraud
Control Unit, the Defense Criminal Investigative Service, the
Department of Veterans Affairs, the Office of Inspector General,
U.S. Department of Labor (which has primary criminal jurisdiction
over FECA, Black Lung and Longshore programs) and the Office of
Inspector General, U.S. Office of Personnel Management (which has
primary jurisdiction over the Federal Employees Health Benefit
Program).
\99\ The OIG has published criteria setting forth those factors
that the OIG takes into consideration in determining whether it is
appropriate to exclude a health care provider from program
participation pursuant to 42 U.S.C. 1320a-7(b)(7) for violations of
various fraud and abuse laws. See 62 FR 67,392 (12/24/97).
---------------------------------------------------------------------------
b. Obligations Based on Provider Misconduct
Billing companies are in a unique position to discover various
types of fraud, waste, abuse and mistakes on the part of the provider
for which they furnish services. This unique access to information may
place the billing company in a precarious position. On the one hand,
the billing company's allegiance is to the provider client. On the
other, the billing company maintains a commitment to compliance with
the applicable Federal and State laws, and the program requirements of
Federal, State and private health plans. The OIG recognizes the
importance of maintaining a positive and interactive communication
between billing companies and the providers they service. It is with
this understanding that the OIG has addressed the issue of obligations
on the part of third-party medical billing companies with regard to
provider misconduct.
If the billing company finds evidence of misconduct 100
(e.g., inaccurate claim submission) on the part of the provider that
they service, the billing company should refrain from the submission of
questionable claims and notify the provider in writing within thirty
(30) days of such a determination. This notification should include all
claim specific information and the rationale for such a determination.
---------------------------------------------------------------------------
\100\ Misconduct does not include inadvertent errors or
mistakes. Such errors should be reported through the normal channels
with the applicable carrier, intermediary or other HCFA-designated
payor.
---------------------------------------------------------------------------
If the billing company discovers credible evidence of the
provider's continued misconduct or flagrant fraudulent or abusive
conduct,101 the
[[Page 70152]]
billing company should: (1) Refrain from submitting any false or
inappropriate claims; (2) terminate the contract; and/or (3) report the
misconduct to the appropriate Federal and State authorities within a
reasonable time, but not more than sixty (60) days after determining
that there is credible evidence of a violation.
---------------------------------------------------------------------------
\101\ Such conduct may include patterns of misconduct,
particularly with regard to conduct that had previously been
identified by the billing company or carrier as suspect.
---------------------------------------------------------------------------
c. Reporting Procedure
When reporting misconduct to the Government, a billing company
should provide all evidence relevant to the alleged violation of
applicable Federal or State law(s) and the potential cost impact. The
compliance officer, with guidance from the governmental authorities,
could be requested to continue to investigate the reported violation.
Once the investigation is completed, the compliance officer should be
required to notify the appropriate governmental authority of the
outcome of the investigation, including a description of the impact of
the alleged violation on the operation of the applicable health care
programs or their beneficiaries. If the investigation ultimately
reveals criminal, civil or administrative violations have occurred, the
appropriate Federal and State officials 102 should be
notified immediately.
---------------------------------------------------------------------------
\102\ See note 98.
---------------------------------------------------------------------------
3. Corrective Actions
Billing companies play a critical role in the restitution of
overpayments to appropriate payors.103 As previously stated,
billing companies should take appropriate corrective action, including
prompt identification of any overpayment to the provider and the
affected payor and the imposition of proper disciplinary action, if
applicable. Failure to notify authorities of an overpayment within a
reasonable period of time could be interpreted as an intentional
attempt to conceal the overpayment from the Government, thereby
establishing an independent basis for a criminal violation with respect
to the billing company, as well as any individuals who may have been
involved.104 For this reason, billing company compliance
programs should ensure that overpayments are identified quickly and
encourage their providers to promptly return overpayments obtained from
Medicare or other Federal health care programs.105
---------------------------------------------------------------------------
\103\ As a result of the limitations on reassignment, billing
companies rarely engage in receiving payment on behalf of their
provider clients or negotiating checks on behalf of their provider
clients. Because of these provisions, the OIG recognizes that
billing companies are rarely in the position to make restitution on
behalf of their clients and it is generally viewed as the provider's
responsibility to make restitution to the appropriate payor. See 42
CFR 424.73.
\104\ See 42 U.S.C. 1320a-7b(a)(3).
\105\ If a billing company needs further guidance to inform its
provider clients of normal repayment channels, the company should
consult with the applicable Medicare intermediary/carrier. The
applicable Medicare intermediary/carrier may require certain
information (e.g., alleged violation or issue causing overpayment,
description of overpayment, description of the internal
investigative process with methodologies used to determine any
overpayments, disciplinary actions taken and corrective actions
taken) to be submitted with return of any overpayments, and that
such repayment information be submitted to a specific department or
individual in the carrier or intermediary's organization. Interest
will be assessed, when appropriate. See 42 CFR 405.376.
---------------------------------------------------------------------------
III. Conclusion
Through this document, the OIG has attempted to provide a
foundation to the process necessary to develop an effective and cost-
efficient third-party medical billing compliance program. As previously
stated, however, each program must be tailored to fit the needs and
resources of an individual billing company, depending upon its
particular corporate structure, mission and employee composition. The
statutes, regulations and guidelines of the Federal and State health
insurance programs, as well as the policies and procedures of the
private health plans, should be integrated into every billing company's
compliance program.
The OIG recognizes that the health care industry in this country,
which reaches millions of beneficiaries and expends about a trillion
dollars annually, is constantly evolving. In particular, the billing
process has changed dramatically in recent years. As a result, the time
is right for billing companies to implement strong, voluntary
compliance programs. As stated throughout this guidance, compliance is
a dynamic process that helps to ensure billing companies are better
able to fulfill their commitment to ethical behavior and to meet the
changes and challenges being imposed upon them by Congress and private
insurers. Ultimately, it is OIG's hope that voluntarily created
compliance programs will enable billing companies to meet their goals
and substantially reduce fraud, waste and abuse, as well as the cost of
health care to Federal, State and private health insurers.
Dated: December 14, 1998.
June Gibbs Brown,
Inspector General.
[FR Doc. 98-33565 Filed 12-17-98; 8:45 am]
BILLING CODE 4150-04-P
