Compliance programs: More important now than ever

Legally Speaking

Daniel F. Shay
Alice G. Gosfield

Daniel F. Shay, Esq. and Alice G. Gosfield, Esq., are health care attorneys at Alice G. Gosfield and Associates, P.C.

Bookmark and Share

When the health reform legislation (the Affordable Care Act) was passed, it incorporated a number of provisions which solidified the government’s inexorable move toward more effective enforcement of the fraud and abuse laws. Dermatologists, among others, have been the targets of enforcement. In addition to new bases for liability added by Congress, the government has also moved to implement far more sophisticated investigation techniques. From the enrollment process, to claims filing, to Stark and anti-kickback issues, to quality reporting concerns, there are potential fraud and abuse pitfalls lurking for unwary physicians. A robust compliance program is the means to safeguard against them. This article elucidates new forms of liability and outlines how to develop or update a compliance program to protect yourself in the new context.


When the Office of the Inspector General published its model compliance guidance for individual and small physician practices in 2000, available at, monitoring claims submission and documentation to avoid false claims liability was the general thrust of what a compliance program would address. These remain the cornerstone of a good compliance program. In today’s world, every physician practice should have a compliance program in place, but a good program needs to address additional issues that didn’t even exist 12 years ago.

First, why is false claims liability such an issue? Any statement made to secure reimbursement which is inaccurate is a potential false claim. Although there is an intent standard (“whoever knowingly and willfully submits or causes to be submitted”), intent can be found in reckless disregard of the accuracy of the claims or from deliberate ignorance as to the truth or falsity of the claims. False claims liability is not just a Medicare issue. There can be false claims submitted to commercial insurers as well. The penalties are very high: up to $11,000 per improper claim, plus triple the charges. Most cases are not filed under the criminal provisions, because of the high burden of proof (“beyond a reasonable doubt”), and many of these cases are settled without going to trial. But, the government also has the ability to exclude violators from its programs without filing a case against them and to assess civil money penalties which are applied administratively and then can be appealed to a court. False claims rules also breed whistleblowers because they can get up to 30 percent of what the government recovers when they bring the case to the government. But it is also important to understand that there are new kinds of liabilities as well. Updating your enrollment information, completing the required forms to earn incentive payments, even filing claims can trigger liability issues physicians should recognize.[pagebreak]

Far more care is now required to add a new physician or mid-level, close an office location, add an office location, add a new partner, let a physician retire, or change office managers or billing companies as far as Medicare is concerned. All of these require notification to Medicare within defined timeframes. Failure to submit such data in a timely or effective manner can lead to revocation of billing privileges as well as potential false claims liability.

There are new forms of payment in Medicare for e-prescribing, meaningful use of electronic health records, and reporting to the Physician Quality Reporting System (PQRS). Report carefully! Errors in complying with those requirements can lead to you being required to repay the incentive. We have had clients whose e-prescribing software program did not comply with one of six requirements; they had to repay the significant dollars they had received for implementing e-prescribing.

Practices must also watch carefully to be sure they handle overpayments appropriately. Any overpayments received must be repaid within 60 days of identifying the overpayment. The health reform legislation also made it clear that for claims submitted pursuant to non-compliant arrangements under the Stark and anti-kickback statutes, if repayments are not made within 60 days of identifying the overpayment, these convert to false claims, which also opens the door to whistleblower actions. Still further, the intent standard was changed under the anti-kickback statute so that a violator need not have had bad intent and can be held liable even if there was no knowledge that the law even exists or of what it means.

Still further, liability can arise from implied statements in claims. Any Medicare claim can be considered to imply that the care provided was of acceptable quality, that all the personnel were appropriately trained and certified, and that all the services were medically necessary. The government is increasingly looking at these implications as a basis for enforcement.

Physicians reading these words might well throw up their hands in despair and say the cards are so stacked against them, there is no point in addressing this. That would be a foolhardy, although understandable, response. A better response would reflect the understanding that creating a real culture of compliance is just another aspect of doing business in a highly regulated environment. A good, functioning compliance program can thwart misinformed whistleblowers. Making the right thing to do the easy thing to do is the key. A compliance program can facilitate that effort. In addition, having a compliance program is specifically listed as a factor the government views positively in deciding whether to pursue false claims cases.

Essentials of a compliance program

The OIG has published 15 model compliance guidance documents for different aspects of the health care sector. All of them include seven common elements of a compliance program which you can read at But in the last analysis, the guidances are only that, suggestions. They are not mandatory. Moreover, the only compliance program that will work is one tailored to your specific circumstances. The goal of compliance programs is to help a practice do the right thing, and if you do something wrong, to correct the error. The real point of a compliance program is to answer three questions:

  • (1) what makes us think we are doing this right or wrong?
  • (2) if we are doing it wrong, what will it take to fix it?
  • (3) how will we know it stayed fixed?

To know whether you are doing things right or wrong requires knowledge of the applicable rules and then a test as to whether your practice is applying them effectively. In a well-functioning practice both physicians and office staff read communications from their payers and attend educational programs on billing and compliance matters. Getting a baseline audit from experienced coding and documentation personnel can point out where attention should be paid for improvement. It is useful to get this audit conducted under attorney-client privilege where the data is reported to the lawyer to evaluate, so that if results are not good, an appropriate course of action can be crafted by the attorney.[pagebreak]

If problems are found, they can sometimes be corrected with educational efforts, with dedication of additional resources (e.g., scribes to write notes or enter data in an electronic record), or by changing policies and procedures. Sometimes the right response is repaying monies improperly received. Since the failure to return an identified overpayment within 60 days converts the claim to a false claim, repayment should not be attempted without legal advice.

Finally, knowing that it has stayed fixed depends on follow-up monitoring, the frequency of which should be outlined in the compliance plan — a written document that describes the elements of your compliance program. It should be written in the active voice (“The Billing Manager will review 10 percent of the claims submitted in the previous quarter”) rather than in the passive voice (“Quarterly audits will be done”).

Having pathways and processes through which staff can raise compliance questions without fear of retribution is an element in the OIG’s compliance guidances. Assigning compliance responsibilities to someone high up in the management of the program, preferably a physician, is also critical. Regular reporting to the shareholders and board should also be part of the program. Taking corrective action, including firing errant staff, should be addressed and the penalties for infractions made known.

Buffing up a compliance program

While what you do is more important than any written plan, if you have a compliance plan, now is the time to revisit it. Be sure you are actually doing what the plan says. To have a plan you do not follow can put you into reckless disregard’ territory. You should have a process to review paid claims to determine if there are overpayments. You should be monitoring periodically with probe audits (annually if you have a well working program, more often if you are just getting started). Make sure the plan clearly assigns responsibility for the tasks to be accomplished. You should limit who in the practice communicates with outside agencies such as payers, auditors, and investigators.

The government does not expect perfection. In fact, the existence of

  • (1) forms for voluntarily repaying money,
  • (2) the voluntary disclosure program for anti-kickback and false claims violations, and
  • (3) the separate Stark law voluntary disclosure program

reflect the expectation that problems will occur. A compliance program will mitigate those risks.

To avoid spawning whistleblowers, any inquiries from office staff about billing, documentation, kickbacks, and the like should be taken seriously. The practice should support educational activities for staff involved in matters which implicate compliance to make sure they are up to date. The compliance program should address all the potential liabilities relevant to the practice. For example, if you allow drug detail personnel to interact with your staff, you should have policies which address anti-kickback issues which include whether you allow the staff to accept anything of value from pens and mugs to pizza. More and more practices are becoming far stricter about these issues.

Your compliance plan can be tightly focused on what you think are real potential false claim problem areas, or it can be far broader and encompass anti-kickback and antitrust issues (“We do not discuss our fee schedule or our payer contracts with anyone outside the practice”), as well as HIPAA privacy and security issues. While the liabilities to physician practices abound, they are manageable when confronted in an organized way. There are commercial resources that can be found on the Web with model compliance guides, even focused on dermatology. (The Academy offers a compliance manual focused on issues faced by dermatology practices; see sidebar above.) But the most effective compliance program will be one in which the physicians are invested with their time and effort, because they helped craft it. Then the key is to walk the walk of a compliance-driven culture.

AAD manual offers compliance help

The Academy’s new Maintaining Compliance in Dermatology: Safeguarding Against Legal and Financial Risk manual delivers timely solutions dermatology practices can apply when developing compliance programs to safeguard against legal and financial risks. Dealing with topics from preventing erroneous claim submissions to avoiding unlawful business conduct when dealing with federal and private-sector payers, this resource will also help you understand and apply the legal and regulatory requirements needed to improve your claims payment processes, minimize billing errors, and reduce the risks of audits. Sample forms are available on a CD-ROM included with the manual. It will also be available as an ebook. For more information, visit



AAD manual offers compliance help
AAD manual offers compliance help