OIG’s New Compliance Guidelines Can Help Keep Physicians in the Clear

by Dorothy Meriwether, CMPE

Fraud and abuse is quickly replacing medical malpractice as the greatest physician risk, according to Mark E. Price, Harley and Price, PLLC, a Houston law firm. More than 500 grand jury subpoenas recently issued in Houston and Dallas erase any doubt that the government is committed to attacking Medicare fraud and abuse, and Price warns physicians to expect the Justice Department to expand its investigation in Texas. “Solo practitioners and small group practices have felt that they were immune from this crackdown because the government would target larger groups,” Price says. “However, solo practices and small groups are, in fact, the most vulnerable.” He attributes this to greater resources among larger groups to develop internal checks and balances.

Physicians trying to avoid mistakes that might trigger the government’s suspicion may want to consider implementing a compliance program. The Office of the Inspector General for the Department of Health and Human Services released its finished set of guidelines for compliance programs late last year. These voluntary guidelines are targeted at individual physicians and small group practices. They list seven major components the OIG thinks a good plan should have and suggests methods for their implementation.

 In her press release of June 7, 2000, announcing the first draft of the guidelines, Inspector General June Gibbs Brown said, “Strong enforcement and strong voluntary prevention are equally important in safeguarding the government health programs from fraud and abuse. And the cornerstone of our prevention efforts is the development of voluntary guidance that, in partnership with the private sector, will help the health care community develop effective compliance programs.”

"Adopting a voluntary compliance program is a lot like practicing preventative medicine; it helps identify and treat small problems before they become big problems."

--Inspector General June Gibbs Brown

The government’s primary enforcement tool is the civil False Claims act, which covers offenses committed with actual knowledge that a claim is false and for reckless disregard or deliberate ignorance that a claim is false. The False Claims act does not cover honest mistakes, errors or negligence.  The OIG states that its office is mindful of the difference between innocent errors and fraudulent behavior. However, the burden to prove intent falls upon the physician in the event of an audit or allegation of wrongdoing. An effective compliance program can help establish intent. A good plan can also help minimize billing errors, avoid conflicts with the self-referral and anti-kickback statutes, reduce the chances of an OIG audit and increase claim payment efficiency, according to the OIG.

Wisely admitting that one size does not fit all, the OIG recognizes that individual and small group practices do not have the financial and staffing resources to implement a compliance program on the same scale as a large group practice. The OIG further acknowledges that the number of physicians in a group isn’t the only indicator of a group’s size and amount of resources, and that full implementation may require more money and people than an individual or small group can afford. Physicians might choose to implement a program through a multi-tiered process. The OIG’s seven steps are listed on the following page. To get a copy of the guidelines from the Internet, go to 

Step One: Auditing and Monitoring

The guidelines describe two types of reviews as part of the ongoing evaluation to determine that the compliance program is working—a review of standards and procedures and a claims submission audit. The review of the practice’s standards and procedures should ensure that they are current and reflect changes in government regulations and resource material such as Current Procedural Terminology Manual, International Classification of Diseases Manual and the Correct Coding Initiative. Internal auditing and monitoring also should include a baseline audit of claims submitted to determine whether bills are accurately coded and reflect the services provided as documented in the medical record and that the documentation is completed correctly.

Step One:
Auditing and Monitoring

Step Two: Establish Practice Standards and Procedures

Step Two: Establish Practice Standards and Procedures

Regardless of the practice size, written standards and procedures are a central component of an effective compliance program. They reduce the prospect of erroneous claims and fraudulent behavior by establishing tighter internal controls. In developing standards and procedures, the physician practice should identify risk areas specific to it.  The practice also may want to include certain risk areas identified by the OIG during investigations and audits. These risk areas include coding and billing, reasonable and necessary services, documentation, improper inducements, kickbacks, and self-referrals.

Step Three: Designation of a Compliance Officer or Contact(s)

After the audits have been completed and risk areas identified, the practice should assign responsibility for developing a corrective action plan and for overseeing the practice’s adherence to the plan. The OIG acknowledges that individual and small group practices do not have the financial resources to employ a full time compliance officer. The final compliance guidelines indicate that the practice may assign compliance responsibility to more than one contact. The practice also may outsource the functions of compliance officer. However, if the practice chooses to outsource this function to an outside entity, like a hospital, a third party billing company, or a consulting, the service must be at a fair market value. For example, a hospital or third party billing company may not provide the service at no charge or as a value added to an existing service arrangement.

Step Three: Designation of a Compliance Officer or Contact(s)

Step Four: Conducting Appropriate Training and Education

Step Four: Conducting Appropriate Training and Education

According to the OIG, the next logical step after designating a compliance officer is conducting training and education. The objectives of the program are determining who needs the training, determining the type of training that best suits the practice’s needs, and determining when and how often education is needed as well as how much each person should receive. The training should include the operation and importance of the compliance program and the consequences of violating the program. Practices may offer training in-house or may have its personnel attend outside training programs offered by billing companies, hospitals, local medical societies, insurance carriers, etc. Although the OIG does not set a formula for determining training frequency, it does recommend annual training for all individuals involved in billing and coding and a minimum of one hour per year in compliance areas.

Step Five: Responding to Detected Offenses and Developing Corrective action Initiatives

When a practice detects a possible violation, its next step is to develop corrective action and determine how to respond to the problem. Detection may be due to reports of inappropriate behavior or review of indicators that may include claim denials, health plan correspondence, changes or unusual changes in coding patterns, higher than usual volumes of payment adjustments. The compliance officer or contact is responsible for promptly investigating suspected violations to determine if a violation has occurred.  Corrective action for detected violations may include return of overpayments, employee re-training or disciplinary action, reports to government entities and even referral to law enforcement authorities.

Step Five: Responding to Detected Offenses and Developing Corrective action Initiatives

Step Six: Developing Open Lines of Communication

Step Six: Developing Open Lines of Communication

Open communication and frank discussion are key elements in preventing problems from occurring. Larger practices may encourage reporting of violations through such forms as toll-free telephone numbers and e-mail. Individual and small group practices can offer less formal communication through an open door policy between physicians and staff. The OIG lists criteria for meaningful and open communications, like using an anonymous drop box for reporting erroneous or fraudulent conduct and developing an easily accessible process for reporting questionable actions.

Step Seven: Enforcing Disciplinary Standards Through Well-Publicized Guidelines

The final step in an effective compliance program is ensuring that all personnel understand the practice’s commitment to compliance and consequences if personnel violate the program. The practice standards and procedures should include the procedures for enforcing standards as well as the disciplinary action for those who do not comply or who fail to report violations. Disciplinary action should be consistent and appropriate but flexible enough to address mitigating circumstances.

Step Seven: Enforcing Disciplinary Standards Through Well-Publicized Guidelines

 An effective compliance program requires active assessment and monitoring to achieve a practice culture that promotes ethical conduct and sound business practices. Inspector General June Gibbs Brown in the OIG news release of June 7, 2000 likened a compliance program to preventive medicine as she said, “Adopting a voluntary compliance program is a lot like practicing preventive medicine; it helps identify and treat small problems before they become big problems.”