Four common compliance mistakes physicians make and how to prevent them

Compliance is a word no one wants to talk about. It’s boring. You know you need a compliance program, but you think that you’re pretty good with billing and coding. And heck, you’re a smaller group, and you think no one is looking over your shoulder at your practice. The government has better things to do than come after small medical groups, right?

Congress: ©Lazy Llama - stock.adobe.com

Wrong. Unless you are an all-cash pay practice, all your Current Procedural Terminology (CPT) codes and claims are tracked, and it doesn’t matter whether you are large or small. If you fall outside the bell curve, you’re at risk. As a health care attorney, I have physicians calling me all the time about issues they never expected to arise. Here are the four most common problems that I see in the world of compliance.

Be careful about sloppy documentation

Incomplete documentation can be an avenue to argue that a service was not medically necessary, at least according to auditors. If you think a patient needs to be admitted to the hospital, you must explain why. You need to understand what Medicare needs to be documented in the record to justify a certain CPT code.

Sometimes, physicians want to save time and end up cutting and pasting in the electronic health record, which can be a problem. When each entry in the medical record is worded the same way, it’s called cloning. Auditors start to question whether a service was provided or whether it was cut and pasted from another visit.

Cloning of documentation is considered a misrepresentation of the medical necessity requirement for coverage. This is where auditing is your best friend. Catch these things before they become big issues.

Don’t enter into legally suspicious agreements

Physicians don’t always realize that what they are signing may go against the federal physician self-referral law, often called the Stark Law or the Anti-Kickback Statute. For example, if you enter into a medical director agreement or a consulting arrangement that has few responsibilities but is created for another reason (e.g., the group needs a medical director to check a box or it wants your referrals), the contract is essentially a front for an illegal arrangement. If the true purpose of the agreement is to incentivize patient referrals, it’s going to trigger government scrutiny regardless of the words used in the agreement.

Don’t think having policies in place means you’re in compliance

Many practices buy off-the-shelf policies when they start, but they never look at the policies again. The devil’s in the details. Packages of policies mean nothing without the training or implementation that go along with them. And then you receive an audit, and it’s discovered how lax your practice is with privacy and security, and you are hit with major fines. Or your practice is hacked and someone holds your records hostage for bitcoins, and you have no backup.

Everyone thinks these things happen only to other people until it happens to them. So have a strong compliance plan and follow it. Hire someone to come in, perform a security audit and educate your staff about the compliance program.

Don’t rely on others to take care of compliance with no oversight

I hear all the time from my clients that “the billing company takes care of that” or “our information technology vendor is on top of it.” Are you sure about that? Are you double-checking with security and privacy audits or billing and coding audits? Are you checking in with them regularly about compliance issues? As a health care provider, you cannot escape your obligation to comply with federal law. You cannot rely on ignorance as a defense, and you cannot delegate your compliance obligations to a third party.

Ultimately, it’s your license and your National Provider Identifier number. You need to comply, and you cannot wash your hands of it by delegating responsibilities.

Remember that third-party vendors can go bankrupt, cancel contracts and leave town. And they may not share your commitment to compliance.

Compliance is like insurance: It’s your best opportunity to protect yourself before there’s a problem. Get your compliance house in order before it’s too late.

Amanda Hill, J.D., is a health care attorney based in Austin, Texas, and founder of Guard My Practice, an online video platform for physicians offering 15-minute weekly continuing medical education videos that guide them through complicated subjects with ease, including contract negotiations, fraud and abuse issues, employment conflicts and the basics of setting up a practice.