Health Law Blog - Healthcare Legal Issues

Archive for the ‘Compliance Programs’ Category

Dermatology Practice Fraud and Abuse Risks Identified in Florida Case

Tuesday, June 27th, 2017

Dermatologist Fraud and Abuse Risks – Identified from Florida Case Targeting Demotologist

Dermatology Risk Areas Fraud and AbuseAn allegation from a competing dermatologist resulted in a Federal government investigation of a Florida dermatologist.  The dermatologist was accused of charging the Medicare program for unnecessary biopsies and radiation treatments that were not rendered, not properly supervised, or given by unqualified physician assistants.  It was alleged the doctor was not even in the country when some of the procedures at issue were performed.  The unnecessary charges were alleged to have totaled around $49 million over a 6-year period.

The dermatologist did not admit wrongdoing in the settlement.  Rather, he alleged the overbilling resulted from his unique practice that relied on radiation, instead of disfiguring surgery, to help patients.  The doctor claimed he had cured “over 45,000 non-melanoma skin cancers with radiation therapy” over a 30-year period.  The problem with that argument appears to be the fact that the dermatologist was not trained or qualified in providing radiation oncology treatments.

There are a number of interesting things about this case.  The case was brought by a competing physician as a whistleblower.  The physician who brought the case expressed concern about having to treat patients that the accused doctor had misdiagnosed with squamous cell carcinoma.

The case also alleged significant billing for services allegedly provided when the doctor was not even in the office.  The accused doctor alleged he was available by phone while the procedures at issue were being performed.  This raises interesting issues under the rules regarding “incident to” billing.  Those rules permit a physician to bill for physician extender services.  In order to qualify to bill a service as “incident to” a physician’s service, the billing physician must meet supervisions requirements.  The physician must be physically present within the office suite during the performance of the procedure in order to qualify to bill a service as “incident to” the physician’s services.

It appears there were a number of things going on in this case.

  • There appears to have been a pattern of diagnosing a higher level of severity than was supported by the patient’s condition.
  • There was a routine use of radiation therapy, even in cases that were not medically appropriate.  This placed patients at potential risk.
  • There appears to have been questions whether the accused doctor was authorized to perform radiation therapy.
  • There were issues regarding improper use of the “incident to” billing rules when the doctor was not present to actively supervise the service.
  • There was also some evidence the doctor had offered incentives for staff to misdiagnose and over utilize the radiation treatment.
  • There was an alleged kickback arrangement with another physician who operated a clinical laboratory.

Credible Information Indicating Overpayment – Duty to Investigate

Tuesday, June 27th, 2017

Addressing Potential Over-payment Situations – Exercising Reasonable Care

known overpayment credible informationThe new final regulations under the 60-day repayment rule, require providers to affirmatively exercise reasonable diligence to identify potential overpayment situations. The obligations to further investigate is triggered when a provider receives “credible information” that indicates a potential overpayment.  Affirmative steps must be taken in a timely and good faith manner to investigate the situation further. Failing to use reasonable diligence can result in significant penalties under the False Claims Act (FCA). In some cases criminal liability can attach as well; particularly when evidence strongly indicates a problem might exist and a deliberate decision is made not to investigate or repay an amount due.

By now most health care providers are at least generally aware of the 60-day repayment rule. That rule originated as part of the Affordable Care Act in 2010. The rule provides that the failure to repay a known overpayment within 60 days after discovery results in potential penalties under the FCA. This means a simple overpayment is multiplied by a factor of three. Additionally, penalties can be assessed in amounts ranging from a minimum of $11,000 and a maximum of approximately $22,000 per claim. Financial exposure under the FCA can be very substantial; particularly when there is a systematic billing error that impacts a large number of claims over a significant period of time. The lookback period for imputed False Claims is 6 years, which amplifies the potential exposure when the “tip of the iceberg” is discovered in a current year audit.

The initial statutory provision left some ambiguity regarding application of the 60-day repayment rule. One significant ambiguity relates to when the 60-day time period begins to run. The statute states the 60-day period commences upon “identification” of the overpayment but included no clarification of when a provider is deemed to have identified the existence of an overpayment. It was not clear whether identification occurred when there was an allegation that an overpayment exists, when an amount of overpayment was calculated, when the existence of the overpayment was verified, or at some other time. It was also unclear whether actual knowledge of an overpayment was required or whether knowledge could be imputed in certain circumstances.

CMS provided clarification on the issue of identification in the final regulations, but the clarification places significant burdens on providers. Under the final rules, the provider is deemed to have identified an overpayment not when actual knowledge is obtained, but rather when the provider “should have” identified the overpayment through the exercise of “reasonable diligence.” The new standard requires providers to conduct a timely and good faith investigation when it receives credible information an overpayment might exist. Failing to take reasonable steps to investigate will result in imputed knowledge and deemed “identification” of the overpayment. In other words, the 60-day clock starts to run when the investigation should have commenced.

It is useful at this point to mention what constitutes an overpayment that invokes the statutory requirement. An overpayment exists when the provider receives any funds to which they are not entitled. There is no requirement of an amount threshold, substantiality, or materiality. Any overpayment invokes the statute and becomes a potential false claim if not repaid within the 60-day period. There are situations where the amount of overpayment is so small that the provider might determine it not worth the resources to identify, quantify and repay. When making this determination, it should be kept in mind the FCA will apply if a whistleblower case is brought or a government investigation is commenced and finds the overpayment. FCA liability can result in large penalties; particularly where there are multiple claims involved. It should also be kept in mind that criminal statutes impose felony penalties for the willful failure to return known overpayments.

Overpayments that are self-discovered and repaid before they become false claims are relatively easy to manage. Once the FCA potentially attaches, these situations become increasingly complicated to manage. The OIG Self Disclosure process should be considered where potential for significant penalties is present. The Self Disclosure Protocols permit resolution at a minimum of 1.5 times the amount of the overpayment. Full disclosure of the facts and investigation is required as part of the self-disclosure process. Only civil penalties are subject to settlement under the protocol. The wrong facts disclosed as part of the SDP process can lead to criminal charges against the entity or individuals. Criminal charges cannot be settled using the SDP.

Where amounts are smaller, a provider may decide to repay without going through the protocol process. A determination of which option is right in the specific situation should be made with the involvement of legal counsel that has experience with these issues.

Proper operation of a compliance program is the best defense to mitigating exposure under the 60-day rule. Prompt investigation should be conducted whenever there is a credible allegation of an overpayment. Compliance risk identification and proactive auditing can also help mitigate risk by identifying problems early and by demonstrating the compliance process is being effectively operated. This will help avoid allegations that overpayments should have been discovered sooner through the exercise of a reasonable compliance program. Most importantly, ignoring alleged overpayments is never an answer that mitigates risk. All credible allegations must be investigated and appropriate repayment should be made using one of the available methods. The requirements of the final rule should be baked into compliance program policies and procedures and staff should be educated on the need to investigate and return overpayments within required timeframes.

Personal Care Agency Fraud – Business Structure Can Impact Compliance Risk

Tuesday, June 27th, 2017

Personal Care Agency Structure Can Increase Risk and Government Scrutiny

Personal Care Agency FraudThe OIG recently released a review of Medicaid Fraud Control Unit activities which identified personal care agencies as accounting for nearly one-third of fraud prosecutions.  Previous blogs identified a number of compliance risks that often ensnare agencies.  Risk can also be impacted by the structure and nature of the business that is conducted by the agency.  The business might be perfectly legal, but can still create additional risk.

An good example involves personal care agencies that focus on recruiting patients with extended families who already reside with the patient.  A personal care business plan that focuses on training extended family might be technically legal, but can certainly present risk that a reviewer will more closely scrutinize record-keeping, PCW training, and other requirements.  Closer scrutiny may result in overpayment requests and/or investigation.

The normal business plan for a personal care agency involves the hiring and training of personal care worker who are assigned to clients who retain the agency’s services.  Normally, a PCW and a client do not know each other and certainly are not sharing a residence with the client.  Some agencies might focus their business on recruitment of patients who live with extended family.  Simply by providing training to the existing family member, the agency is able to generate reimbursement.  The extended family member is able to earn a wage for the service that it performed.

Immediate family will normally not qualify to generate reimbursement as a personal care work.  More distant family might be able to generate reimbursement.  There may be nothing specific in the laws of the applicable state that prohibits this type of arrangement.  At the same time, there is nothing prohibiting a regulator from more closely scrutinizing regulatory requirements when presented with agencies that may be technically legal but could be viewed as being abusive at their core.

The main point here is that business structure and other factors might present additional levels of risk to an agency.  Business structure should be considered as a factor when conducting risk analysis.  Businesses that are operated in technical compliance could present higher degrees of risk than more traditional business structures.

Using Self-Disclosure Protocols – CMS and OIG Self Disclosure Process

Tuesday, April 11th, 2017

Self-Disclosure Has Become a Normal Part of the Compliance Process

As the OIG and CMS make self-disclosure easier for providers, we have noticed an increase in the rate of cases that are being filed.  Assisting providers in making decisions whether to self-disclose, conducting internal investigations, and guiding the self-disclosure process when appropriate has become a large part of our compliance practice.  Here are just a few of the articles and other resources that we have released regarding self-disclosure issues:

Exercising Reasonable Care to Identify and Address Potential Overpayments

Criminal Exposure for Failing to Repay Known Overpayment

When to Use the OIG’s Self Disclosure Protocols

Excluded Party Cases Dominate OIG Published Self Disclosure Settlements

Self-Disclosure Process – Voluntary Self Disclosure Decisions are not Always Easy

When Does An Overpayment Become Fraud? How Simple Inattention Can Expose You to Penalties for Fraudulent Activities

Provider Self-Disclosure Decisions – Voluntary Disclosure Process

Provider Self Disclosure Process

For more information on the self-disclosure process and legal updates impacting the process, watch this space.

Compliance Program Best Practices Review of Effectiveness

Monday, April 3rd, 2017

Now Is The Time To Re-Examine Compliance “Best Practices” In Your Organization

Historically, compliance programs have not been per se mandatory.  However, most larger health care organizations have established formal compliance programs to foster an atmosphere of compliance and to take advantage of possible benefits under the Federal Sentencing Guidelines.  The Patient Protection and Affordable Care Act of 2010 has made compliance programs mandatory for many providers.  The exact scope of what type of provider will be required to establish formal compliance programs has not yet been set in stone by the Office of Inspector General.  However, it can probably be expected that most providers will be required to formalize their compliance efforts.

Institutional health care compliance has been growing for well over a decade now.  Compliance is becoming of major importance to health care providers of all nature and size.  The OIG has promoted compliance programs by releasing compliance guidance covering a number of industries, including billing companies, physician practices, hospitals, home health agencies, long term care facilities, ambulatory surgery centers and others.  Smaller providers who have previously not had the establishment of formal compliance programs on their radar will now be required to adopt formal plans.

It is not enough to simply adopt a compliance plan, place it on a shelf, and let it collect dust.  A compliance program requires active monitoring.  There are seven basic elements that are necessary for a compliance program to meet regulatory requirements and the requirements under the Federal Sentencing Guidelines.  The seven primary elements of an effective compliance program include:

  • The establishment of written compliance policies and procedures;
  • The designation of a high ranking individual within the organization to serve as compliance officer;
  • The establishment of an effective training and education program for all levels of personnel;
  • The establishment of effective lines of communication, such as a compliance hotline, to enable individuals within the organization to report compliance breaches;
  • Performing ongoing internal auditing and monitoring
  • The creation of a system that enforces breaches of the compliance program including appropriate discipline and corrective measures
  • The establishment of effective measures to respond to compliance problems that are detected.

An effective compliance program establishes an atmosphere of compliance that permeates the entire organization.  A compliance program should be tailored to the specific circumstances of the provider.  The program should also feed and grow on itself.  As problems are detected appropriate changes should be made to the program and related policies and procedures.

Mandatory compliance programs also highlight the importance of compliance on larger institutions who may have already adopted formal programs.  These institutions should take the signal that compliance is of growing importance.   Providers who have already adopted compliance plans should take the opportunity to dust them off and re-examine the role of compliance within their organization.  Now is the time to increase the focus on compliance and assure that compliance is an active system rather than a written plan that is sitting on the shelf.

Criminal Exposure for Failing to Repay Known Overpayment

Monday, April 3rd, 2017

Known Overpayments can Implicate Criminal Statutes

failing to repay overpaymentWe hear a lot about potential liability under the False Claims Act for the failure to repay overpayments within 60 days after discovery. Focus on the 60 day rule has taken some of the focus away from the potential for criminal charges for retaining known overpayments. Section 1128B(a)(3) of the Social Security Act (42 U.S.C. § 1320a-7b(a)(3)) makes it a crime to conceal or fail to disclose any occurrence that affects the initial or conued right to any benefit payment. A violations of the statutes requires a showing that the charged individual have knowledge of the event affecting the right to the applicable benefit. A violation of the statute is a felony and is punishable by a maximum of five years in prison and a fine of $250,000 for individuals or $500,000 for corporations.

The Office of Inspector General has applied this statute, even in cases where the overpayment occurs innocently but a party fails to repayment an overpayment after receiving knowledge. This type of situation is clearly subject to the False Claims Act where repayment is not made within 60 days. Criminal responsibility is also a potential; particularly when a decision is made not to repay after learning about the existence of an overpayment. Criminal exposure is present for the entity as well as the individuals who are responsible for failing to make repayment of a known overpayment. There is an element of ambiguity regarding application of the criminal component, but this has not stopped prosecutors from asserting the statute in the past.

The Federal Criminal False Claims Statute (18 U.S.C. § 287) can also apply to impose potential criminal liability.  That statute applies potential criminal liability on any person who “makes or presents” any claim to an agency of the U.S. Government “knowing such claim to be false, fictitious, or fraudulent.”   This statute can lead to potential 5 years imprisonment plus potential criminal penalties.   Conspiracies to violate the Federal Criminal Claims Statute impose double penealties on participants.  Failing to disclose and repay known overpayments could form the basis of a violation of this statutes as well.

Other criminal statutes could potentially apply to the failure to repay known overpayments.  Mention of these above statutes is not intended to be an exhaustive list of potential exposure.

Compliance Program Resources for Judging Compliance Effectiveness

Thursday, February 23rd, 2017

Compliance Program – General Background Resources

Evaluation of Corporate Compliance Programs

DOJ FCPA Resource Guide

DOJ- Principles of Federal Prosecution of Business Organizations

Good Practice Guidance on Internal Controls, Ethics, and Compliance adopted by the Organization for Economic Co-operation and Development

Anti-Corruption Ethics and Compliance Handbook for Business

Self Disclosure Process – Voluntary Self Disclosure Decisions are not Always Easy

Monday, February 13th, 2017

Provider Self Disclosure Decisions – Voluntary Disclosure Process

The HHS Office of Inspector General offers providers and opportunity to self-disclose certain violations in exchange for avoiding some of the more draconian penalties that may otherwise apply under applicable regulations.  Even though the OIG’s self-disclosure offer can be very compelling, the decision on whether to utilize the OIG’s self-disclosure protocols is often very difficult.

Unfortunately, it is not always clear whether a violation of a regulatory requirement has occurred.  Those involved in health care law are familiar with the level of ambiguity that often exists with respect to specific billing rules and other regulatory standards.  On the other hand, the potential liability for making the wrong call about whether an infraction has actually occurred can be quite significant.  Clearly, if a provider is deciding whether they have violated a regulation, they have knowledge that the situation has occurred.  The failure to act once knowledge is obtained or imputed can lead to sanctions being multiplied.  For example, failing to repay a known overpayment within 60 days can triple the amount of penalties and add up to $22,000 per claim to the price tag.

The current regulatory scheme places a very high price tag on being “wrong” about whether a regulatory violation is present.  The potential high damages for an incorrect decision forces a provider to take an overly expansive view of when (or whether) a regulatory infraction has occurred.

Clearly not every situation where there has been a billing error amounts to fraud or wrongdoing requiring use of the self-disclosure protocol.  Many over-payments that are identified through audit can be dealt with at the intermediary level.  Where investigation raises questions about whether incorrect bills are “knowingly” submitted, the self-disclosure process may provide some mitigation of potential loss.  Situations where the provider perhaps “should have known” raise more difficult issues of analysis.

The Office of Inspector General’s self-disclosure process is available when there is a potential violation of Federal law that could result in the imposition of Civil Monetary Penalties. A simple determination that a billing error may have led to an overpayment is generally not covered by the protocol.  It is only when the error presents potential CMPs that the protocol can be used to self-disclose the violation to the Federal government.  For example, self-disclosure might be considered where an overpayment is not repaid within 60 days after discovery by the provider or where there is a violation of the anti-kickback statute discovered.

To complicate matters even further, once a provider obtains actual knowledge that a billing error occurs, it is always possible that the government will take the position that the infraction “should have” been known to the provider at an earlier date.  This impacts when the 60 day clock that triggers the application of the False Claims Act begins to run.  Once you discover an error, you would like to think that you have 60 days to self disclose and avoid the damage inflating False Claims Act.  Whether you should have discovered the infraction earlier through a properly functioning compliance program will always overshadow these cases.  The only thing that a provider can really do to reduce the stress of this type of impossible situation is to have a strong compliance program in place well in advance.

The situation is also complicated because a potential whistle-blower may view a situation much differently than a provider who finds what it believes to be an innocent mistake through the audit process.  A provider may sincerely believe that there was no “wrongdoing” and that a simple mistake has been identified.  Finding such a mistake may actually be evidence that the provider’s compliance efforts are working.  On the other hand, there is a whole legal profession out there now that is advertising for people to come forward as whistleblowers.  With potential recovery under the False Claims Act of 3 times the over-payment plus up to $22,000 per claim, whistleblower lawyers have strong incentive to attempt to turn what the provider believes to be an innocent mistake into a false claim. The damage calculation creates a big payday for whistleblower plaintiffs and their lawyer, who take these cases on a contingency fee basis.

Generally speaking, when errors are discovered, the providers best bet is to be forthright and deal with the matter “head on.”  A complete internal investigation should be conducted to determine the precise nature of the issues and to identify the extent of wrongdoing.  Based on the outcome of the investigation, the provider can determine whether a simple repayment can be used or whether there may be reason to go through the formal self-disclosure process.

Anyone who has worked with reimbursement rules will realize that payment policies, rules and regulations are not always clear.  It is often difficult to determine whether there is even a violation of applicable rules or whether an overpayment actually exists.  Legal ambiguities further complicate the self-disclosure decision.  The precise nature of any legal ambiguities involved in the specific case need to be completely documented.  If a decision is made that there has been no wrongdoing, the legal analysis should be laid out in writing and in detail and a reasonable judgment should be made regarding the interpretation of applicable legal standards.  If self-disclosure is made in situations involving legal ambiguities, those ambiguities should be explained in detail as part of the self-disclosure.

In the end, a provider facing potential self- disclosure must follow a reasonable process to make a reasoned decision in the face of significant risk and uncertainty.  Perhaps most importantly, it is never a good alternative to pretend that the situation will never be discovered or brought to light.  These cases can arise in strange and unexpected ways.  It is best to assume that a discovered compliance violation will eventually be brought to light.  In most cases it is advantageous for the provider to affirmatively bring the matter forward rather than waiting for the government or a whistleblower to bring a claim.  When that happens, it is much more difficult to resolve the issue.

John H. Fisher, CHC, CCEP is a health care attorney at the Ruder Ware law firm.  John is actively involved representing clients on legal and compliance issues.  He has represented clients in creating compliance programs and in a variety of operational issues.  He also assists providers in addressing risk areas and potential compliance issues including preparing self-disclosure and working with the government to resolve disclosed compliance issues and overpayment.  John consults as a subject matter expert and provider legal backup to other attorneys and law firms from around the country on specialized compliance, regulatory and health care issues.  John has followed legal issues impacting health care provider for over 25 years.  As such, he is knowledgeable on the current legal standards as well as the historic perspective that is often relevant to an appropriate analysis.  

Ambulatory Surgery Center Exclusions – ASC Safe Harbor Compliance

Monday, February 13th, 2017

Excluding Non-performing Positions from a Physician Owned Surgery Center

Many surgery centers are eventually faced with decisions about how to treat investing physicians who do not perform as many procedure procedures in the surgery center as others.  Under-performing physicians can create political issues in ASCs because investors who perform more surgeries or higher value procedures at the center feel that the other investors are taking a ride on their efforts. Over time, higher producers may start to view those with lower surgery levels as “dead wood”. This dynamic is a perfect set up for violating the anti-kickback statute which specifically prohibits basing investment offering on the actual or expected volume or value of referrals.

​The anti-kickback statute standards that apply to surgery centers are somewhat counter-intuitive. The safe harbors that protect ASC investment interests actually require an investor to make certain levels of referral in order to receive the benefits of the safe harbor. This is different from other types of services which consider additional referrals to be suspect.

​The conditions included in the ambulatory surgery center safe harbors act as a proxy for determining when an investing referrer actually uses the ASC as a natural extension of his or her office practice. If the investor does not meet the Safe harbor threshold they may still use the ASC is a natural extension of their office. The Safe harbor merely provides absolute protection if the thresholds are met.

Where the specific requirements of the safe harbor is not met, the referring physician may still be using the facility as an extension of his or her medical practice. It might just be that the nature of the practice does not support as many referrals as other types of practices.  This does not necessarily mean that the lower volume provider presents any additional risk of violating the anti-kickback statute than a provider that comes closer to meeting the safe harbor standards.

Depending on the practice type, the lower level of referrals might very well still be indicative that the physician uses the facility as an extension of his or her practice.  This may not be what the higher referring physicians wish to hear.   In reality, they may feel that lower volume providers are taking a ride on their higher profitability that is created by there more lucrative practice.  In these cases, strict adherence to the one-third tests for multi specialty ambulatory surgery centers can support the positions of the high-volume surgeons to the detriment of the lower volume surgeons who still realistically create very little risk under the anti-kickback statute. However it becomes convenient that those who are responsible for more income being produced by the ASC can rely upon the number of procedures and percentage of income tests to exclude physicians who legitimately use the ASC is an extension of practice from participation but who have lower surgical volumes.

These types of cases run significant risk of being challenged under the anti-kickback statute by excluded investors or governmental enforcement agencies.  Great care must be taken in surgery centers that contain this dynamic to assure that frustrations of higher volume producers do not lead to actions that create regulatory risk for the surgery center.

Many operating agreements that govern the rules relating to ambulatory surgery center ownership actually create legal compliance risk.  It is critical that the procedures for excluding providers be established in advance, are uniformly followed, and do not raise any inference that additional referrals are being required in order to maintain an investment interest. Efforts to bring investors closer to compliance with safe harbor standards can easily be “turned inside out” and be re-characterized as requiring additional referrals.

Once investors own interests in an ambulatory surgery center, it is very difficult to force redemption without creating a lot of legal risk.  ASCs that use the failure to meet safe harbor standards as a reason to exclude investors run substantial risk.  The ASC Safe Harbor provisions exist to protect arrangements from further scrutiny where they contain elements that the federal government has indicated are reflective of there being a lower level of risk of abuse.  The safe harbors were never intended to be used as a tool to replace a complete risk analysis presented by investors who do not meet all of the terms of the safe harbor.  In this respect, the ASC Safe Harbors are different from other safe harbor provisions under the anti-kickback statute.  The primary difference involves that fact that the safe harbor actually requires certain levels of referrals to be made to the ASC.

With other safe harbors, structuring an arrangement to come close to a safe harbor can be a valid risk mitigation approach.  This is not the case with the ASC safe harbor because requiring investors in an ASC to come closer to the referral threshholds in the ASC Safe Harbor actually invoke the referral prohibition.  Forcing this doctor out of the ASC for simply not meeting the safe harbor creates a violation.

Dental Practice Compliance Programs – Essential Elements of Compliance Policies

Monday, February 13th, 2017

Should a Dental Practice Have a Compliance Program?

Compliance programs are an accepted requirement in most of the health care industry.  There seems to have been less importance attached to the establishment of systematic compliance programs in the dental practice area.  I believe part of the reason why the dental industry has lagged behind other health care providers in the compliance area is that there is very little Medicare reimbursement involved in the usual dental practice.  Certainly much of the reason for compliance program involve Medicare enforcement actions.  However, dental practice that under-emphasize compliance are assuming a great deal of unnecessary risk.

Certainly some dental providers receive Medicare reimbursement for a portion of their services.  Oral surgeons for example regularly perform services that are covered under the Medicare program.  Many practices accept Medicaid reimbursement or reimbursement from other Federal health programs.  Additionally, practices that receive reimbursement from federally funded health care plans are required under Federal law to establish and effective compliance program that contains the “core elements” set forth in Federal law.  The Federal standard required dental providers who receive this type of reimbursement to actively operate a compliance programs that is effective in preventing and detecting criminal, civil and administrative violations and in promoting the quality of care that is provided by the practice consistent with federal regulations.

There are many reasons beyond reimbursement requirements to operate a compliance program.   Dental practices must maintain systematic process to assure compliance with OSHA regulations, HIPAA and state privacy regulations, and a variety of other federal and state rules and regulations.  Some of these regulatory areas are subject to aggressive governmental oversight including periodic audits and inspections.  Other areas are not subject to aggressive enforcement.  All of these areas, even those where there is no aggressive enforcement, can expose the dental practice to liability if a complaint is made by an employee, former employer, patient, competitor, or other individual.  Some of these potential complainants can even establish whistleblower status and can bring private action for recovery.

Some practices that implement compliance programs and perform audits over billing and collection practices are pleasantly surprised when they discover that they have actually been under-billing.  Audit of potential risk areas can indeed identify missed revenue opportunities.  This does not happen in every instance, but there are circumstances where the audit process actually identifies new revenue streams.

For most providers, operating a compliance program will have the benefit of deterring potential future liability.  If detected early, it is much easier to deal with a potential infraction when it is self-discovered before the potential damages become insurmountable.  It is one thing to deal with potential over-payment or failure to follow a regulation.  It is much more difficult to resolve these issues when they are brought into the open from an outside party.  By that time, potential sanctions may have multiplied to an unmanageable level.  For example, if the False Claims Act applies, a simple over-payment can be multiplied by 3, plus $11,000 to $21,000 per claim can be added to the otherwise manageable over-payment amount.

In summary, there is every reason for a dental practice to actively operate a robust compliance program.  Those that believe that a compliance program is not needed because Medicare reimbursement is not present should think again.  Eventually, it is highly likely that the failure to maintain an active compliance program will catch up with you.  I have represented many health care providers who have been subject to the negative impact of not operating a compliance program.  I can tell you that they all share the same regret that they did not deal with compliance proactively while they had the opportunity.

For those of you who are still reading, I want to briefly describe the 7 basic elements of a compliance program.  Each of these elements can be expounded on further, but I will touch on them briefly here.

  1. Appointment of a high ranking member of management to act as compliance officer. In a smaller practice, a compliance responsible individual can be used.  Compliance program structure can be scalable to the size and resources of the provider and the nature and complexity of the business.
  2. Compliance policies should be put in place that describe the process to be used to conduct ongoing compliance activities. Compliance policies will define compliance operations and will also outline requirements in risk areas that are specific to the nature of the practice.
  3. Employees, contractors and others must be trained on basic compliance program elements and risk areas that are applicable to their job functions.
  4. Creating a compliance reporting system and protecting those who make complaints from retaliation or retribution.
  5. Enforcing disciplinary standards that hold employees responsible for following compliance requirements.
  6. Operating a system to continually identify areas of potential compliance risk within the practice.
  7. Maintaining a system of appropriately responding to identified compliance problems through creation of appropriate corrective action, self-disclosure or other appropriate action.

Putting these elements in place through adoption and operation of appropriate policies and standards establishes the central elements of the compliance process.  It is critical that the activity does not stop at the establishment of policies.  A compliance program must be continually operated as a living a breathing process to identify and address risk in a practice manner.  The compliance officer or responsible individual is responsible for assuring the continued operation of the program.

Risk areas in a dental practice include reimbursement rules, licensing and certification standards, OSHA regulations, HIPAA and state patient privacy laws, infection control standards, radiation regulations and standards, documentation requirements, controlled substance regulations and a host of other state and Federal regulatory requirements.  Your compliance program in effect creates the process to identify risk and proactively examine potential areas of risk to determine compliance.  An actively operating compliance program is a necessary elements of every dental practice.

About Our Dental Practice Attorney Representation

John H. Fisher

Health Care Counsel
Ruder Ware, L.L.S.C.
500 First Street, Suite 8000
P.O. Box 8050
Wausau, WI 54402-8050

Tel 715.845.4336
Fax 715.845.2718

Ruder Ware is a member of Meritas Law Firms Worldwide

Search
Disclaimer
The Health Care Law Blog is made available by Ruder Ware for educational purposes and to provide a general understanding of some of the legal issues relating to the health care industry. This site does not provide specific legal advice and you should not use the information contained on this site to address your specific situation without consulting with legal counsel that is well versed in health care law and regulation. By using the Health Care Law Blog site you understand that there is no attorney client relationship between you and Ruder Ware or any individual attorney. Postings on this site do not represent the views of our clients. This site links to other information resources on the Internet; these sites are not endorsed or supported by Ruder Ware, and Ruder Ware does not vouch for the accuracy or reliability of any information provided therein. For further information regarding the articles on this blog, contact Ruder Ware through our primary website.