Even though compliance programs have not traditionally been mandatory, over the past ten years, formal compliance has become industry “best practices” for virtually all segments of the health care industry. Compliance guidance for physician practices was issued by the Office of Inspector General in 2000. Since that time, many physician practices, especially more complex specialty practices, have developed some sort of compliance plan. Although compliance plans have not previously been mandatory, they have become “industry standard” as a way to minimize risks associated with health care regulations such as the Health Insurance Portability and Accountability Act of 1996, the Medicare and Medicaid Fraud and Abuse Laws, Anti-kickback Statute, Civil Monetary Laws, False Claims Act, the Clinical Laboratory Improvement Act and all other state and federal statutes, regulations and directives that apply to the operation of a complex physician’s practice.
The OIG issued compliance guidance for Individual and Small Group Practices in October of 2000 (“Physician Practice Guidelines”). The Physician Practice Guidelines include some degree of “scalability.” OIG has indicated in the past that what may constitute effective compliance measures for a large, complex organization may be unnecessary for a small physician practice or supplier. The Physician Practice Guidelines indicate that the “guidance for physicians does not suggest that physician practices implement all seven components of a full scale compliance program.” The extent of required compliance activities will depend on the size of the provider and the scope and complexity of the practice. There is no “one size fits all” solution. In order to be effective, a compliance program will need to be based on the specific risks and factors associated with the practice.
We recommend that physician groups begin the process of establishing compliance programs as soon as possible and that they not wait for final regulations. Compliance programs are a good way for physician practices to reduce risk associated with fraud and abuse and other legal matters that present risk to their operations. It makes sense for physicians to begin development now to provide ample time for creation of appropriately scaled policies and input from various personnel in the group.
It is clear that simply adopting written policies will not be adequate to meet the requirements of the mandatory compliance obligations. Rather, physician practices will need to establish an ongoing system of monitoring their operations for compliance issues and modifying practices based on the specific factors present in the practice environment. The development of compliance policies require consideration of the seven (7) core elements of effective compliance programs as contained in the Federal Sentencing Guidelines and in the various industry guidance that have been released by the Office of Inspector General, including the Physician Practice Guidelines.
The Physician Practice Guidelines provide some guidance to direct the structure of compliance programs for physician practices. However, every practice is different and must go through the process of identifying risk areas that are applicable given the precise makeup and personalities involved in the practice environment. Simply adopting “canned” compliance policies will be largely ineffective. The practice needs to document the entire process of creating policies, perform “gap analysis” or other suitable analysis of the precise risks that are faced by the practice, document commitment and involvement from the highest levels of the practice, and train staff and others on the obligations and nature of the compliance program.