Low-cost Strategies for Medical Practice Compliance

From HIPAA to Occupational Safety and Hazard Administration (OSHA) guidelines, medical practices often face challenges when it comes to compliance, but there are low-cost tips to avoid violations.

That’s according to Marcia L. Brauchler, president of health care consulting firm Physicians’ Ally. Brauchler was a speaker at this year’s Medical Group Management Association (MGMA) Annual Conference in San Francisco.

She shared the results of an informal survey done by her company which indicated that 80 percent of medical practices in the Denver area have a compliance officer. Almost 40 percent said they had no annual budget for compliance. Of the practices that had a budget, it ranged between $200 and $4,000 dollars; or an average of $1,215 per practice.

Brauchler said these statistics show that there is a need for low-cost solutions among medical practices.

The first resource she recommended is the Office of Inspector General (OIG) Individual and Small Group Voluntary Compliance Plan which has been available since 2000. Brauchler pointed out that about half of the survey participants were aware of this resource which is a good starting point.

“OIG, which is the police force for a lot of different federal laws, expects your compliance plan to have at least what has been outlined in this voluntary compliance plan guidance,” she said.

There are OIG Model Compliance Plans for different healthcare entities and Brauchler suggested that medical practices review the “Individual and Small Group Physicians Practices” and “Third Party Medical Billing Companies” plans.

According to the OIG, any compliance program should have seven basic elements, explained Brauchler.

• It should have written policies and procedures.
• There should be a designated compliance officer or contact(s).
• The practice should have a training and education program for staff; for example OSHA requires training upon hire and annually after that and HIPAA requires training upon hire and whenever there is a change in HIPAA law.
• There should be effective lines of communication so the person who is responsible for the compliance plan should not get squashed by the CEO or someone who does not want to listen.
• The plan should require internal monitoring or doing your own auditing which includes the three Cs; auditing your care, contracts, and coding.
• Also, standards need to be enforced; for example if a staff member is in violation of regulations there should be a plan for escalating things from a verbal warning to potential termination.
• Prompt responses are important since some laws require action within 60 days, so sitting on a violation could get you into trouble.

An informal eighth step, Brauchler noted, is implementation and making sure you catch things before you get caught by an outside entity

“The government wants you to know that ‘I didn’t know this federal law existed’ is no longer an excuse,” said Brauchler.

In fact, OIG recognizes “deliberate ignorance,” and in some cases a penalty is increased if someone at a medical practice is intentionally disregarding guidelines.

“It’s better to try and fail than to not even try to figure out what are rules are,” said Brauchler.