Health Law Blog - Healthcare Legal Issues

Posts Tagged ‘healthcare compliance’

HCCA Compliance Institute Presentation On Compliance Role In Mergers and Acquisitions

Friday, May 3rd, 2013

John Fisher Presents at National Health Care Compliance Institute in Washington, D.C.

John Fisher, JD, CHC

John Fisher, JD, CHC, CCEP

Ruder Ware health care and compliance attorney John Fisher was a featured speaker at the Health Care Compliance Association’s 2013 Compliance Institute.  The Institute was attended by nearly 3,000 compliance officers, attorneys, and vendors from across the country.  Mr. Fisher spoke on the topic “Compliance Issues in Mergers and Acquisitions.”

Mr. Fisher is certified in Health Care Compliance by the Health Care Compliance Association and in Corporate Compliance and Ethics by the Society for Corporate Compliance and Ethics.

Mr. Fisher’s presentation covered some of the following issues:

  • The role of the compliance officer in mergers and acquisitions.
  • Compliance related due diligence requests.
  • The scope of compliance due diligence.
  • Successor liability and assumption of liabilities by purchasers.
  • Compliance impact of deal structure and agreement terms.
  • Compliance effectiveness reviews in mergers and acquisitions.
  • Common due diligence compliance risk areas.


For more information on compliance and health law issues, visit our health care law blog at

OIG Work Plan New Hospital Issues Added For 2013

Thursday, October 4th, 2012


OIG 2013 Work Plan – Hospital Issues Aded To OIG Work Plan

Hospitals—Inpatient Billing for Medicare Beneficiaries (New)

Hospitals—Diagnosis Related Group Window (New)

Hospitals—Non-Hospital-Owned Physician Practices Using Provider-Based Status (New)

Hospitals—Compliance With Medicare’s Transfer Policy (New)

Hospitals—Payments for Discharges to Swing Beds in Other Hospitals (New)

Hospitals—Payments for Canceled Surgical Procedures (New)

Hospitals—Payments for Mechanical Ventilation (New)

Hospitals—Quality Improvement Organizations’ Work With Hospitals (New)

Hospitals—Acquisitions of Ambulatory Surgical Centers: Impact on Medicare Spending (New)

Critical Access Hospitals—Payments for Swing-Bed Services (New)

Long -Term-Care Hospitals—Payments for Interrupted Stays (New)


Issues That Continue To Be On OIG Radar

Hospitals—Same-Day  Readmissions

Hospitals—Acute-Care Inpatient Transfers to Inpatient Hospice Care

Hospitals—Admissions With Conditions Coded Present on Admission

Hospitals—Inpatient and Outpatient Payments to Acute Care Hospitals

Hospitals—Inpatient Outlier Payments: Trends and Hospital Characteristics

Hospitals—Reconciliations of Outlier Payments

Hospitals—Duplicate Graduate Medical Education Payments

Hospitals—Occupational-Mix Data Used To Calculate Inpatient Hospital Wage Indexes

Hospitals—Inpatient and Outpatient Hospital Claims for the Replacement of Medical Devices

Hospitals—Outpatient Dental Claims

Hospitals—Outpatient Observation Services During Outpatient Visits

Critical Access Hospitals— Variations in Size, Services, and Distance From Other Hospitals

Inpatient Rehabilitation Facilities—Transmission of Patient Assessment Instruments

Inpatient Rehabilitation Facilities—Appropriateness of Admissions and Level of Therapy

Compliance Program Scale and Scope – Customizing Compliance to Your Organization

Friday, July 13th, 2012

Customization and Scalability of Compliance Programs

Creating a Compliance Program That is Right for Your Organization

An important part of developing an effective compliance program is to make the program scalable and effective for the operations of the specific provider.  In some ways, creating compliance program for a large health system is the easiest because you have the resources and breadth of operations to recommend everything; also known as the “kitchen sink” model.  The real art in my opinion comes when developing programs for smaller hospitals, physician groups and other organizations that do not have the resources to “do it all.”  Taking an overbroad approach to compliance with smaller organizations can actually create additional risk because you are creating a “roadmap” of items that are not being done and which you will never have the resources to complete.

Our job as compliance attorneys is to recommend systems that are workable within the resources and specific risk areas that are relevant to the provider.  This takes a level of judgment that is not necessary where the size and resources of the organization permit the “kitchen sink” approach to be taken.

The development of compliance programs for smaller organizations take a surgical approach.  Care must be taken to develop systems for identifying the risk areas that are specific to the organization.  Risks should be scored and prioritized and the results of this process should be included into a plan to accomplish audits, reviews or monitoring of the various identified risk areas.  Small organizations cannot hit every risk area during every budgeting cycle.  A longer term approach is called for with the most urgent risks requiring closer and faster review.  This all ties into the budgeting process.  The work plan needs to be adequately budgeted.  The size of the organization will have an effect on the amount that is budgeted for compliance.

The point of a compliance program is not that every problem area will be found.  It is most important that a logical system be developed that prioritizes risk and addresses risk areas in a logical fashion.  The other side of the coin is that a substantial organization should not hide behind lack of resources for not addressing significant risk areas.  A small physician practice is at one end of the spectrum.  A hospital system with several facilities, attached physician network, and an array of ancillary services would have little excuse for not allocating sufficient budget amounts to compliance to enable the organization to meet its compliance needs.

Issues of scalability also come into the general structure of the compliance program.  A small physician practice will not have the resources to hire a chief compliance officer.  Rather, a small practice might designate a partner or administrator as a “compliance responsible individual.”  On the other hand, a substantial hospital system should implement a robust structure including a full-time chief compliance officer, a compliance committee and compliance staff.  The compliance officer should not serve a dual role in positions that create an inherent conflict of interest such as general counsel, chief financial officer or chief operating officer.

Issues of scope and scalability are at the center of most compliance efforts.  These issues require careful and judiciously made decisions.  These decisions are important and must be faced by providers of all size, from the smallest medical practice through the largest health system as mandatory affective compliance programs become a requirement.

Compliance Program Best Practices

Wednesday, July 11th, 2012

Compliance Program Best Practicescompliance programs - best practices in compliance

 Given the increased importance of compliance, it is helpful for providers to get a feel for what constitutes “best practice” when operating a compliance program.  “Best Practices” is a term that is thrown around all of the time in the business world.  It is used in many contexts and takes on a variety of meanings depending on who is using it and for what purpose.  Wikipedia defines “best practices” as follows:

 Best practices are generally-accepted, informally-standardized techniques, methods or processes that have proven themselves over time to accomplish given tasks. Often based upon common sense, these practices are commonly used where no specific formal methodology is in place or the existing methodology does not sufficiently address the issue. The idea is that with proper processes, checks and testing, a desired outcome can be delivered more effectively with fewer problems and unforeseen complications. In addition, a “best” practice can evolve to become better as improvements are discovered.  Best practice is considered by some as a business buzzword, used to describe the process of developing and following a standard way of doing things that multiple organizations can use.

 As I was thinking about the concept of “best practices” in health care compliance, the Wikipedia definition seems to fall al little bit short of what I would have in mind when discussing “best practices” in health care compliance programs.

 The Miriam-Webster Dictionary defines “best” as the superlative form of “good.”  “best” means “excelling all others” and “offering or producing the greatest advantage, utility, or satisfaction.”  I believe that the definition from Wikipedia is an accurate depiction of what the term “best practices” has become in the business world.  The term has been thrown around loosely to the  point that it no longer carries the meaning of the plain words that make up the two word “buzzword.”

 In the health care compliance context, I believe that it is not advisable to direct your efforts toward the standard “buzzword” meaning of “best practices.”  Instead, you should focus toward attempting to achieve the meaning of “best practices” that is tied to the superlative form of the word “good.”  You should not focus on the “we are doing what everyone else is doing” or the “what we are doing will pass by in most cases” version of best practices when looking at your compliance plan.  The consequences of that approach could easily come back to bite you in the superlative.

 In reality, you may never be able to meet the truly “best” standard.  However, the point of the compliance program requirement is that you are trying to make your compliance program and your organization “the best” when it comes to compliance.

False Claims Act – Applying the Lincoln Law To Modern Health Care

Monday, January 23rd, 2012

The False Claims Act – Application of the Lincoln Law to the Health Care Industry

 When Congress originally passed the False Claims Act (31 USC §§ 3729-3733), no one had the health care system in mind.  The False Claims Act was also commonly referred to as the “Lincoln Law”.  The original law was focused on unscrupulous vendors who provided overpriced and often faulty supplies to the military during the Civil War.

The law was unique in several ways; not least of which was the creation of “qui tam” rights.  Qui tam provisions permit individuals to bring suit alleging false claims and to retain a portion of the award.  The amount of potential award available to a qui tam claimant depends on whether the government chooses to take over the case after it is brought.

The False Claims Act was strengthened in 1986 in response to some of the much publicized $1,000 toilet seats and other abuses with respect to companies supplying the United States military.  The 1986 amendments to the False Claims Act provided for treble damages plus civil penalties of between $5,000 and $11,000 per claim.  These legislative changes were intended to add real incentive for “qui tam” litigants to bring fraud claims.

The health care industry was never the real target of the False Claims Act.  In fact, when the original “Lincoln Law” was passed in the 1860’s, there was no federal health care program in existence.  From the inception of the False Claims Act through the 1986 amendments, the primary target had been the suppliers to the defense industry.  The defense industry generally makes claims on a monthly or other periodic basis for large amounts of supplies.  Although the 1986 amendments added substantial penalties for making false claims, the impact on the defense industry does not come close to matching the impact on health care providers.

In health care, a single hospital may make hundreds of claims to the federal government per day.  False claim allegations can cover a number of years, greatly increasing the number and value of claims that may be at issue.  When treble damages plus $5,000 to $11,000 per claim are applied on top of the actual amount of a “fraudulent” claim, the obligation amount can become staggering.

The extension of the False Claims Act liability to areas such as Stark Law and Anti-Kickback Statute liability indicate how extreme the sanctions can be.  By way of example, take one physician who is determined to have been compensated at significantly over fair market value.  Assume that the excessive compensation creates a violation of the Anti-Kickback Statute and the Stark Law.  The Affordable Care Act clarified that claims made in violation of these laws create a cause of action under the False Claims Act.  Potential damages would be three times the total value of claims attributable to services of the overpaid physician, plus between $5,000 and $11,000 per claim.  You can see that the potential damages would cause grave financial impact on the hospital.  This is the type of thing that keeps compliance officers awake at night.

Even though the False Claims Act was not originally designed to target the health care industry, there does not seem to be any momentum toward making legislative.  To the contrary, the government is quite content to leave these disproportionate penalties in place as part of its effort to reduce cost of health care (and to generate additional revenues) by assessing astronomical fines against health care providers and to hold these penalties over their heads to force health care providers to take extreme actions to prevent compliance problems.  The government is taking a “return on investment” approach to health care fraud enforcement.  The False Claims Act allows the government to put its thumb on the scale in the “return on investment” game.  The qui tam provisions provide the government with “quasi agents” who may be disgruntled employees or others who can scout out potential claims, bring them to the governments attention, and take a piece of the financial reward.

Providers have only one real way to reduce the disproportionate impact of the False Claims Act on their operations.  This is to create an effective compliance program that proactively detects problems so they can be addressed and corrected before they create excessive risk.  Compliance programs are an outgrowth of the federal sentencing guidelines that permit reduced corporate penalties for fraud if an “effective” compliance program will actually reduce the risk of a violation occurring or depending because it forces the organization to proactively look for compliance problems and correct them before they become insurmountable.  An effective compliance program will also include regular training to staff which also reduces the risk of compliance problems.

The Affordable Care Act made compliance programs mandatory for most health care providers.  Nursing homes are the first to be effected in 2013.  Other types of providers will subject to mandatory compliance programs as regulations are rolled out over the next few years.  Providers will be required to maintain an effective compliance program as a condition of participation in the Medicare program.  It is strongly recommended that all providers begin development of compliance programs now.  It will take time to tailor compliance programs to fit the specific risk areas associated with your business.  You will be required to certify not only that you have established a compliance program, but that the program is effective.

Physician Compliance Programs – Specific Steps Necessary

Monday, December 19th, 2011

compliance attorney physician compliance issuesSpecific Steps Needed to Establish a Compliance Program for a Physician Practice

 The Compliance Guidance for Physician Practices and the Federal Sentencing Guidelines provide useful information concerning the process that is required to develop appropriate compliance programs.  A health care compliance attorney, preferably with demonstrated knowledge of the compliance process through appropriate certification in health care compliance, can also be a terrific asset to help you design a program.  I may be repeating myself, but it is extremely important that you do not simply adopt a “canned” program and expect it to reduce your risks or be effective in the event that the government comes calling.  It is extremely important that you follow a systematic process for assessing risk and tailor your compliance program to address precise risk areas that are identified through the process.  It is imperative that you document in detail the steps that you take to develop your program.  When developing your program, and later while operating your program, you should at all times assume that someday you will be called upon to defend the program and demonstrate that it indicates a meaningful organizational commitment to the specific compliance risks that you face in your unique practice environment.

 Initial Needs Assessment

 As mentioned above, a compliance program should be developed with consideration for the actual risks that are present in the specific practice.  This requires the practice to perform a formal analysis that is aimed at identifying specific risk areas.  The extent of the needs analysis will depend on the size and complexity of the practice.  Methods of performing the analysis will range from a full blown “gap” analysis with scoring of various risk areas down to a more simple employee questionnaire that asks for input concerning risk from the perspective of individual employees.  In smaller, less complicated practices, such as a simple primary care practice, the needs assessment will be relatively simple.  More complex specialty practices will touch on a much broad array of risk areas.  Each item identified through your needs assessment will need to be prioritized and appropriately addressed in the compliance program.

 Establish Line of Responsibility for Compliance Matters

 The Federal Sentencing Guidelines require the appointment of a single individual with responsibility for compliance in the organization.  The individual should be a “high ranking” individual with direct access to the Board of Directors or other governing authority.  Smaller physician practices will generally designate one of the physicians as compliance officers.   A member of administration may be named compliance officer in larger clinics. 

 Ideally, the compliance officer should not be in-house counsel because of potential conflicts between the differing roles of advocate and compliance officer.  An attorney has ethical obligations to zealously defend the organization.  This will sometimes mean that the best course of action from a legal standpoint may be to “deny and defend.”  This will never be an appropriate course of action from the standpoint of a compliance officer whose primary job is to prevent compliance problems.  The compliance officer will work to bring problems to the surface and disclose them when they are uncovered.  This will often conflict with the role of general counsel.

 Certainly general counsel plays an important role in compliance, but not as compliance officer.  Most general counsel are already busy providing legal services to the organization.  Placing compliance under general counsel makes compliance a secondary function of the general counsel and fails to demonstrate adequate commitment to organizational compliance.  The “dual role” compliance officer will appear to work until a problem arises.  Several cases involving “dual role” compliance officers have been investigated by the Federal government.  Once an investigation commences, the organization generally quickly abandons the dual role compliance structure and appoints a dedicated compliance officer.  In the most visible cases, the general counsel was actually forced to resign and the organization settled the case by entering a Corporate Integrity Agreement that required the division of general counsel and compliance function.

 A practice may wish to consider creating a compliance committee in addition to appointing a compliance officer.  Establishing a committee can be very helpful to the organization gaining physician buy-in and demonstrating that the organization is serious about compliance issues.  As a practical matter, the compliance committee involves more individuals in the compliance process and can make the task of the compliance officer much easier.  In larger organizations, establishing a compliance or ethics committee is strongly recommended.  Smaller organizations should consider fulfilling this task at the Board level through regularly scheduled discussions of compliance issues.

 Adopt Standards of Conduct

 An integral part of the compliance program is the standards of conduct.  The standards of conduct should include simply stated standards, in terms that can be understood by all levels of employees and others that deal with the practice that provide information concerning the commitment of the practice to compliance matters.  The Standards of Conduct are not the place to get into legalistic discussions of the various laws that could apply to operations or present compliance challenges.  The Code of Conduct should be a summary that everyone can understand and should reflect the general tone of the practice’s commitment to honesty, integrity and legal compliance.

 Oftentimes the Standards of Conduct will include a personal introduction or letter from the highest ranking individual in the clinic which briefly explains the purposes of the Standards of Conduct and the practice’s commitment to legal compliance.  This helps to set the tone within the practice that compliance and ethical behavior are a core value and principal of the practice.

 Creating Your Compliance Plan

The compliance plan itself will provide detail in the seven areas of an effective compliance program as set forth in the Federal Sentencing Guidelines.  The Compliance Plan will normally cover each of the seven areas.  Additionally, there may be a more detailed discussion of some of the laws that may apply to the specific practice.

 Setting Up Your Internal Reporting Mechanism

 One of the primary elements in a Compliance Program is the creation of a system that permits employees and others to provide information regarding potential compliance issues without fear of retaliation.  In larger organizations, multiple pathways permitting employees to make anonymous complaints should be maintained.  Oftentimes providers use 24 hour compliance “hotlines.”  Online reporting systems or “drop boxes” are also commonly used.  Whatever system is used, it is crucial that employee understand that they are encouraged to provide information and that there is a clear prohibition against others in the organization retaliating against them for providing information.  It should also be made clear to employees that wherever possible the identity of the person providing the information will be kept confidential.

 The establishment of the compliance reporting process and communication to employees that retaliation will not be tolerated is a central element to an effective compliance program.  Such a system will help the practice obtain valuable information, hopefully early on, before the issue becomes a big problem.  Additionally, the openness of the program will send a strong signal to the outside world, such as government regulators, that the organization takes compliance seriously. 

 If information is obtained through the hotline system it must be taken seriously.  Certainly not every piece of information will be reflective of a serious compliance problem, and an employee could potentially have other motives for making a compliant.  Regardless, it is crucial that the information be acted upon and that the action be documented.  If the compliance officer concludes that there were alternative motivations for the complaint, that fact should be substantiated and documented.  If an objective investigation indicates that there could be a compliance issue, the matter needs to be pursued through an appropriate outcome.  Depending on the circumstances and the result of a thorough investigation, the outcome could range anywhere from additional training through a self disclosure to the government.

 Internal Compliance Policies and Procedures – Enforcement

 One of the elements required by the Federal Sentencing Guidelines and described in all of the OIG industry specific Compliance Guidelines is that the Compliance Program include a mechanism to deal with compliance problems as they are discovered.  In some cases the appropriate action may be a change in policies and further education.  In more extreme cases of compliance violations should lead to employment discipline of various degrees depending on the nature and extent of the violation.  Other cases will require full disclosure to the Federal government and repayment of overpayments and possible penalties.

 It is important that your compliance program fit seamlessly with your employment policies.  Part of developing a compliance program is adopting suitable employment standards that let employees know what to expect from an employment standpoint if they are found to be engaged in compliance infractions.  These policies need to be communicated to employees as part of their training, both so they know the potential employment implications of compliance infractions, and so employees understand how seriously compliance issues will be taken by the organization.

 Governing Board Approval of Compliance Plan and Policies

 When it comes to compliance matters, the “buck stops” with the board of directors or other governing body of the organization.  The governing body should be involved in the creation and adoption of all policies and procedures.  The governing body and top management should take all actions necessary to make compliance a top priority within the organization.  The board should issue an initial resolution regarding compliance at the inception of the process of creating a plan.  The resolution should indicate the commitment of the governing body to compliance.  It should also allocated sufficient funding to the establishment and operation of the compliance program.  All of these actions indicate the organization’s commitment to compliance.

 During the development stage, the governing body should be kept in the loop.  Frequent reports should be provided to the governing body and input into the process should be provided by the governing body.  The governing body should approve the steps that are taken in writing.  If further direction comes from the governing body, it is recommended that the direction be placed in writing.  This will indicate the ongoing input from the governing body and further solidify the organization’s commitment to compliance.

 The governing body should also assist with other professionals in the organization “buying in” to the compliance efforts.  It is very helpful for the governing body to be proactive in compliance issues and set the tone for the “compliance spirit” within the entire organization.

 Internal Documentation and Systematic Approach 

 It is extremely important for the organization to take a systematic approach to both developing and operating a compliance program.  Each step of the formation process, from the initial planning stage through final implementation, should be documented with a great deal of detail.  The information should be presented to the governing body for review periodically through the implementation stage and the governing body should approve and adopt the information and provide additional suggestions and directives to the compliance officer.

 When establishing and operating your compliance program, keep in mind that it is very possible, if not highly likely, that someday you will be called upon to defend the actions that you took to establish and operate the program.  This is a very useful mindset to have while you are performing compliance functions.  We often advise organizations to act as if the organization is actually under a Corporate Integrity Agreement and to document each steps as if they are providing the information directly to the government.

 Educating and Training Your Staff

 Another key element of an effective compliance program is to have an ongoing education and training program for employees.  Training should occur at the inception of the program and upon commencement of employment by any new employees.  Additionally, the organization should adopt an ongoing training program to provide period refreshers of basic issues and the requirements of the program.  Additionally, topic-specific training should occur based on compliance risks or problems that are identified through the operation of the compliance program.

 Ongoing Monitoring, Auditing and Assessment

 It is important that the compliance program be seen as a continual process within the organization.  Adopting a compliance program and then leaving it sit on the shelf will be of little if any effect.  In fact, failing to adopt compliance as a process rather than a static “form” can present the organization with more risk than failing to adopt a compliance program at all because the compliance program that is not actively “worked” sets expectation and requirements that will not be met.

 The organization should adopt an effective ongoing process to monitor and audit the organization for compliance difficulties.  Risks areas that are identified by the monitoring process need to be reinforced with amendments to the compliance program, action by the governing body, potential internal discipline, additional training, and in extreme cases, self reporting to the federal government.

 In The End

 The process of developing an effective compliance program will not be without some pain, internal resistance, and resources.  The payoff will often not be as apparent as the effort that it takes to develop and operate an effective program.  The risks you are avoiding can be very difficult to see or quantify.  However, the failure to confront and mitigate those risks can be devastating to your organization.  Repayment obligations for false claims are generally three times the amount of the claims plus $15,000 per claim.  It is shocking how fast the penalties add up.  Extreme cases of fraud can also lead to criminal investigation and prosecution.  Recently enacted health care reform legislation makes it easier in a number of ways for the government to bring criminal prosecutions in the health care area.

 Now that compliance programs are becoming mandatory for most providers, including physician practices, it is necessary for providers to confront these issues.  Do not make the mistake of taking this task on in a half-hearted manner.  The result will not provide you with any of the benefits of an effective compliance program and can actually hurt you if a problem ever arises.  Even though the date for adopting mandatory compliance plans for physicians is not yet upon us, you should start now to assure that your program is effective and that you have time to develop the appropriate “buy-in” by professionals in your practice.  The proper process as identified above cannot be accomplished by taking “canned” compliance policies and adopting them.  You must go through the steps necessary to develop a meaningful program.

Elements of An Effective Compliance Program

Monday, December 19th, 2011

Basic Elements of An Effective Compliance Program

Developing a compliance program that will be effective to reduce internal and external risk is a “practice specific activity.”  There is no “one size fits all” compliance program and there is no good “off the shelf” form solution.  There are certainly vendors, consultants and lawyers out there who would like you to believe that you can take a form, make a few changes and fill in a few blanks, and create an effective compliance program for your organization.  This approach really misses the point of what is required in order to develop and effective program.  Certainly the written plan is an important and necessary part of the compliance effort.  However, even more important is the process that you go through to develop the compliance plan.

 Establishing a compliance program requires you to perform a risk assessment on your specific organization and document the outcomes of that assessment.  The risk assessment could take many forms.  Compliance professionals talk about a “gap analysis” which is an approach to help determine the vulnerabilities of your organization.  A lawyer or compliance professional that has specific training and background in performing legal risk analysis can help you design an appropriate risk analysis process.  The primary point here is that this process needs to be organization specific rather than based on a pre-canned form.  You need to score your areas of risk and provide emphasis to appropriate areas of risk that are identified through your risk assessment.

 All compliance programs will have language regarding compliance with fraud and abuse, anti-kickback statutes, HIPAA and other health care laws.  It means virtually nothing to simply adopt a pre-canned policy without backing the policy up with the process that the practice went through to identify the specific risks that it faces given the specific nature of its practices, size, and specific personalities involved in the operation.

 As mentioned above, the Office of Inspector General has issued general industry guidance on compliance program development and one such guidance relates to physician practices.  This guidance, plus the general requirements of the Federal Sentencing Guidelines, provide general elements that are necessary to make a compliance program effective.  There are generally seven (7) basic core elements that are required of an effective compliance program including:

  •  Adoption of written guidelines and policies to promote the organization’s commitment to compliance;
  •  Identification and appointment of a high ranking individual within the organization to serve as compliance officer;
  •  Establishment of anonymous reporting systems, preferably through multiple pathways, to encourage individuals to make complaints regarding compliance items without fear of retaliation;
  •  Effective education and training programs for all levels of employees and others with close relationships to the organization;
  •  Ongoing auditing systems to assess the effectiveness of the compliance program and to provide input into areas that require additional emphasis;
  •  Mechanisms to enforce the requirements of the compliance program and to discipline employees for violations of the organization’s commitment to compliance; and
  •  An ongoing system of program modification based upon audit, feedback and experience that can further adapt the compliance policies to the specific issues faced by the organization.

 Establishing Commitment From the Top of the Organization

 An important and often overlooked aspect of developing a compliance program is the need to obtain commitment from the top of the organization.  Many times in a physician practice this will mean the physician owners of the practice.  It is important that the physician have a clear understanding of the need and benefit of establishing a focused compliance program.  There will inevitably be initial expenditures involved with establishing a compliance system.  In some cases it may even necessitate retaining additional staff.  There will almost certainly be fees to outside attorneys and consultants if the organization is not large enough to hire the needed expertise internally.  It is important that sufficient resources be allocated to compliance and that the physicians and administration understand that in the long term, these expenditures will pay off by reducing the risk of institutional compliance problems.  The difficulty is that if the compliance program works to reduce risks, there will never be a serious event that proves the benefit of the expenditures.  However, if an event occurs in the future and there is no compliance program in place, the regrets will be very deep because compliance issues are much more difficult to solve if there is no compliance plan in place.

 As a practical matter, the institutional “buy-in” is often the most difficult hurdle to overcome.  It is somewhat easier now that compliance plans are becoming mandatory.  Yet there is still risks associated with under-funding compliance activities or providing enough resources to do the “bare minimum” when it comes to compliance due to a reluctant attitude on the part of physician leaders who are now being forced to develop compliance programs that they have not fully embraced. 

 Certain groups may be in a position that they have not been dependent upon institutions who have implemented compliance programs.  Some practices completely reject policies and procedures of any kind that could bind the physicians in their practices.  These organizations present the greatest challenges and unfortunately the greatest potential risk of violations of federal and state laws occurring due to the low level of leadership embracing appropriate compliance activities.  Even as these groups are forced to adopt compliance programs, they present the greatest residual risk because of a low level of physician commitment.

 We suggest that physician practices begin the process of implementing formal compliance programs immediately to provide more time to gain physician commitment and appropriately assess the risks associated with the specific practice.  It takes a great deal of time to develop a system for establishing compliance programs, perform a “gap analysis” or other baseline analysis, perform employee interviews and take other steps to identify specific risk areas.  Developing a compliance program is much more than simply adopting a form compliance program.  Even though the precise effective date that compliance programs will become mandatory for physician practices has not yet been set, providers should consider this time a gift to permit them to develop appropriate policies rather than a reprieve.

About The Author

Health care attorneys health lawThis article is part of a multiple part series by Health Care Attorney John Fisher, CHC on compliance programs for physician practices.

John Fisher, JD, CHC  is a seasoned health care attorney and is certified in Health Care Compliance by the Health Care Compliance Association.  Mr. Fisher is available to assist physician groups and other health care providers nationwide in the development and operation of Compliance Programs.

Mr. Fisher has significant experience in the various legal and regulatory matters that are faced by physicians including the Stark Law, Anti-Kickback Statute and Safe Harbors, Medicare and Medicaid reimbursement rules, HIPAA, False Claims Act, antitrust laws, employment laws, contract matters, business ventures and laws governing financial relationships between physicians, and others.

Mr. Fisher practices with the Ruder Ware law firm in Wausau, Wisconsin.  His practice on compliance and Federal Law issues is nationwide.

John H. Fisher

Health Care Counsel
Ruder Ware, L.L.S.C.
500 First Street, Suite 8000
P.O. Box 8050
Wausau, WI 54402-8050

Tel 715.845.4336
Fax 715.845.2718

Ruder Ware is a member of Meritas Law Firms Worldwide

The Health Care Law Blog is made available by Ruder Ware for educational purposes and to provide a general understanding of some of the legal issues relating to the health care industry. This site does not provide specific legal advice and you should not use the information contained on this site to address your specific situation without consulting with legal counsel that is well versed in health care law and regulation. By using the Health Care Law Blog site you understand that there is no attorney client relationship between you and Ruder Ware or any individual attorney. Postings on this site do not represent the views of our clients. This site links to other information resources on the Internet; these sites are not endorsed or supported by Ruder Ware, and Ruder Ware does not vouch for the accuracy or reliability of any information provided therein. For further information regarding the articles on this blog, contact Ruder Ware through our primary website.