Does Your Practice Have a Compliance Plan?

Nearly $70 billion.

That’s how much Medicare and Medicaid fraud costs the nation every year according to the National Health Care Anti-Fraud Association. So it’s no surprise that the Centers for Medicare & Medicaid Services (CMS) is targeting all causes of improper payments. And with the fight intensifying, your practice’s best defense against violations is a compliance plan that helps prevent fraud.

Fighting the Good Fight

Medicare and Medicaid services are particularly susceptible to fraud due to the complexity of these plans. Sometimes these instances are due to honest mistakes (in fact, the most common error we see is insufficient documentation). But intentional deception is also at play and can take several forms, from double or phantom billing to rendering unnecessary services and reporting false prices.

Thankfully, the CMS’s efforts are showing results. The Department of Health and Human Services’ Office of Inspector General (HHS-OIG) recovered over $1.44 billion through fraud investigations. While that sounds good, however, it’s a drop in that $70 billion bucket.

A compliance plan is a set of measures that proactively helps identify and fix violations at your practice. By having a plan in place, you can correct issues before you’re hit with fines or other consequences. Additionally, the Affordable Care Act (ACA) requires all practices enrolled in Medicare, Medicaid or CHIP to implement a compliance plan. So it behooves you to have one in place.

The Components of an Effective Compliance Plan

Because each practice has its own billing procedures and needs, there’s no one-size-fits-all solution. But there are some universal qualities that all effective compliance plans share.

  • Written policies, procedures and conduct standards. Don’t limit these to billing functions. Every aspect of your practice’s work is connected to billing and can therefore be part of the fraud process. So these should address every aspect of your operations, from patient interactions and notetaking to prescription generation and checkout procedures.
  • Clearly defined roles and responsibilities for all parties. Knowing exactly who is involved in each process—and their level of involvement—makes it easier to pinpoint a culprit if fraud is found.
  • A designated compliance officer who monitors efforts and enforces standards. This person should report directly to the practice owner or manager on a regular basis, even if nothing is found. Demonstrating that your measures are consistently monitored builds confidence that your compliance plan is sound.
  • Regular training for all personnel levels. This ties back to our earlier mention of how any function can be a gateway to fraudulent activity. Your compliance plan should ensure everyone understands proper procedures and standards and knows the red flags that can signal fraud.
  • Channels of communication that encourage those witnessing fraud to file complaints without fear of retaliation. Just like it only takes one person to commit fraud, it only takes one to find and report it. Make it as easy as possible for that person to do the right thing when it matters most.
  • Timely responses and corrections for any issues discovered. Addressing fraud doesn’t stop at reporting it; back it up with effective enforcement. Every report must be investigated thoroughly and addressed promptly, even if it’s just a note that no fraud was found.
  • Clear communication of compliance standards. Make sure your compliance plan and policies are readily available for all personnel to reference. Examples include a procedures manual, posters showing compliance standards and steps to report violations, etc.
  • Monitoring and auditing of the program’s systems. Regular and consistent surveillance ensures effectiveness and allows you to identify issues more quickly.

When developing your compliance plan and the policies/standards it contains, keep several things in mind. One is a principle called audit to weakness. This entails focusing on your most risky practice areas, such as particularly complicated processes. The more steps you need to take in a process, the more opportunities for fraud to occur. And as mentioned earlier, Medicare and Medicaid are complex systems offering plenty of chances for mistakes or deception.

Also make sure your practice conducts exclusion checks on all new providers before they start working for you. Providers who have been convicted of Medicare or Medicaid fraud are placed on HHS-OIG’s List of Excluded Individuals/Entities. An exclusion check will see whether your new employee is on this list.

Once a new provider clears your exclusion check and joins your practice, monitor their work consistently. It’s kind of like the probationary periods we see in so many workplaces, and it makes sense. As employees prove themselves trustworthy, your confidence increases that they’ll adhere by your rules. (That said, don’t let this confidence sway you from the consistent monitoring required by your compliance plan.)

Finally, implement a hotline your employees can use to report violations. While your compliance plan should detail a complaint process, some people might still be scared to report their concerns. Third-party hotlines provide increased anonymity for anyone filing a report. They’re also generally available 24 hours/day throughout the year. This makes it easier for people to report fraud when they feel secure doing so (or the moment fraud happens if yours is a round-the-clock facility).

There are numerous outsourced hotline service providers available. They can sometimes be set up within a day or two, and the costs are fairly reasonable. Pricing is generally based on the number of employees at your practice and how many calls the line receives over a specified threshold.

Although it might make just a small dent in the national picture of fraud loss, a sound compliance plan is a critical component of any practice. It helps protects your business, your employees and your patients from the consequences of fraudulent activity. It also instills confidence in patients and the general public that you’re doing your part in the fight against healthcare fraud.

While you’ll need an attorney to draw up your compliance plan, a healthcare CPA should also be part of this effort. By understanding your unique financial processes, they can help develop the procedures and check how well you’re following your plan.


All content provided in this article is for informational purposes only. Matters discussed in this article are subject to change. For up-to-date information on this subject please contact a James Moore professional. James Moore will not be held responsible for any claim, loss, damage or inconvenience caused as a result of any information within these pages or any information accessed through this site.