Print this page

Physician Practice Risk Areas – Are you minimizing your risks?

There are many routine components to the daily operations in a physician practice. Understanding the compliance pitfallsand incorporating preventative measures into these daily routines can pay off should your practice encounter an audit or investigation.

These pitfalls may include non-compliance in claims submission, Stark laws, recruiting and hiring practices, and having vague or out-of-date financial policies. This article addresses some of the significant compliance risk areas for physician practices and suggests steps you can take to help mitigate risk in these areas.

The False Claims Act

The False ClaimsAct (FCA) was initially enacted to prevent fraud to the Union Military and is sometimes referred to as the "Lincoln Act".(1)  Amendments to the FCA made in 1986 made it easier for private citizens to file false claims as "qui tam" relators and increased the rewards for doing so, thus increasing the number of cases involving Medicare and Medicaid FraudThe FCA was further amended by the Fraud Enforcement and Recovery Act, enacted on May 20, 2009, which further expanded the scope of the FCA and will likely increase the number of FCA lawsuits.

The definition for a false claim is a claim for payment for services or supplies that were not provided specifically as presented or for which the provider is otherwise not entitled to payment. Examples of potential false claims include:

• A claim for service or supply that was not provided
• A claim indicating the service was provided for some diagnosis code other than the correct
• diagnosis code in order to obtain reimbursement, if the correct diagnosis would not be covered
• A claim indicating a higher level of service than was actually provided
• A claim that the provider knows is not reasonable and necessary

Penalties and Scope of the False Claims Act

The minimum penalty is $5,000 and the maximum penalty is $10,000 foreach false claim, plus three times the amount of damages incurred by the government. Conducting a self audit and finding errors would result in paying back the amount over-billed; therefore, avoiding the treble damage penalty, but would result in penalties not less than two times the amount of damages incurred by the government. Providersmay also be guilty of a false claims act violation if it pertains to a Federal health care programpayer and to which it is not entitled.

One important factor is that the provider does not have to act with specific intent to defraud to be found liable under the FCA. To "knowingly" present a false claim means the provider has either actual knowledge of a claim containing false information, or acts in deliberate ignorance of the falsity of the claim, such asnot updating CPTcodesand following the Medicare billing guidelines, or acting in reckless disregard such as failing to determine proper claims submission requirements.

Medicare and Medicaid are funded by Federal dollarswhich make the FCA applicable and the following types of occurrences can be considered false claims:

• Upcoding
• Unbundling
• Double billing
• Billing for services or supplies that were not provided
• Billing for medically unnecessary services or supplies
• Distribution of unapproved devices and drugs or off label use
• Inadequate quality of care
• Use of untrained personnel to provide services
• Failure to supervise unlicensed personnel
• Forgery of physician's signatures
• Kickbacks and referrals resulting from unlawful financial relationships
• False Cost Reports 

Prevention

Assuring that the billing codes are current and having the most recent CPT/ ICD manuals available for staff to reference can help prevent submission of false claims. Staff should be trained in billing and coding and provide annual educational opportunities covering claims submission and coverage requirements. Practices should perform annual coding audits on all providers, either internally or externally, auditing the most frequently submitted codes for each provider and providing education as indicated.

The Stark Law

The Stark Law prohibits physicians from making referrals for the furnishing of designated health services (DHS), such as clinical laboratory or imaging services, if a physician (or an immediate family member) has a financial relationship (an ownership or investment interest or a compensation arrangement) with the entity furnishing DHS, for which payment may be made under Medicare or Medicaid, unless an exception applies. Additionally, the entity furnishing DHSmay not present or cause to be presented a claim or bill for DHS furnished pursuant to a prohibited referral.(2)  Examples of Stark violations include the lease of medical office space from a hospital without a fair market value lease, a medical director agreement which is not in writing or physician compensation based on the volume or value of referrals.

In-Office Ancillary Services Exception

The in-office ancillary services (IOAS) exception isone of themost important exceptions to the physician self-referral prohibition. Generally, it permits a physician or a certain type of physician group (known as a group practice, as defined below) to order and provide DHS, other than most durable medical equipment, in the office of the physician or group practice, provided that the DHS is truly ancillary to the medical services furnished by the group practice.(3)  This exception is utilized by group practices to provide laboratory and imaging services, for example.

The IOAS exception permits the referral of certain ancillary services if they are furnished personally by the referring physician, a physician who is amember of the same group as the referring physician, or an individual meeting certain supervision requirements, in the same building as the referring physician or in a centralized building. The requirements of the IOAS exception are very complex and should bereviewed by legal counsel knowledgeable of the Stark Law and regulations promulgated under it.

Group Practice Definition

Assessing whether organizations meet the definition of a group practice is vitally important for a number of exceptions, the most notable of which the IOAS exception described above. Importantly, the group practice definition also provides flexibility in how physician groups compensate their physicians.

Special rules on productivity bonuses and profit shares

Physicians in group practices can divide profits from DHS and may be paid a productivity bonus  on personally performed services and services "incident to" such personally performed services. Special rules exist that deem qualifying distributions to not relate to the volume or value of referrals of DHS. For example, in distributing profits derived from DHS payable by medicare or Medicaid, a group practice's  profits may be divided on a per capita basis or DHS revenues may be allocated to group practice physicians based on the distribution of revenues attributed to the services other than DHS payable by Federal or private prayer. A de minimis rule also exists for practices that have insignificant amounts DHS Revenues.(4)  Again involvement of experts in the Stark Law is critical in designing physician group compensation plans.

Physician Recruitment

Hospitals often provide incentives to physicians to relocate to their geographic areas. The Stark Law provides for an exception to protect legitimate physician recruitment arrangements; however, the exception provides for a narrow window of compliance when hospitals make recruitment incentive payments through existing practices, ensuring that existing practices do not receive financial benefit from the recruitment incentives. Among other requirements, and with certain exceptions, in the case of an income guarantee, the costs allocated by an existing physician practice to the recruited physician generally cannot exceed the additional incremental costs attributed to the recruited physician (5)

"Stand in the Shoes"

In the fiscal year 2009 Inpatient Prospective Payment System Final Rule, the "Stand in the Shoes" (SITS) provisions were finalized, with an effective date of October 1, 2008. The SITSrule includes provisions under which referring physicians are treated as standing in the shoes of their physician organization for purposes of applying the direct and indirect compensation exceptions under the Stark Law.(6) A "physician organization" is defined as a physician (including a professional corporation of which the physician is sole owner), physician practice or a group practice (defined above). Thus, in determining what type of arrangement exists between a referring physician and DHSentity, the physician stands in the shoes of the physician organization and is considered to have the same compensation arrangement as the physician organization.(7)

Other Financial Arrangements with DHS Entities

A myriad of financial arrangements are common between physicians, physician groups and entities that furnish DHS. Many Stark Law exceptionsare available to protect legitimate arrangements, but caremust be taken to follow these exceptions to the letter, as a failure to meet the specific requirements of an exception generally equates to a Stark Law violation. The Stark Law is a strict liability statute and even substantial compliance will not excuse a violation. Such protected financial arrangements include ownership interests in rural providers, rental of office space or equipment, bona fide employment arrangements, personal service arrangements, isolated transactions (e.g., sale of a physician practice),obstetrical malpractice insurance subsidiandcommunity wide health information systems, just to name a few.

Prevention

Extreme care should be taken to involve legal counsel familiar with the Stark Law and applicable exceptionswhen structuring arrangements between physicians or a physician practice and a DHS entity. To help identify and address areas of potential risk, conduct regular assessments of all relationships between physicians and entities to which the physicians refer patients, ensuring that, in the event the Stark Law is implicated, the arrangements meet the applicable exceptions.

Anti-Markup Rule

The Anti-Markup Rule limits the amount that a physician practice may bill for services of a physician who performs the professional component or supervises the technical component of a service and does not share the practice with the billing physician. Two alternate tests are available for determining whether the performing physician shares a practice with the billing physician, and failure to meet the tests means that the payment to the billing physician is limited to the performing physician's net charge, the billing physician's actual charge, or the fee schedule amount that would have been allowed if billed directly.(8)

OIG Exclusions

Another area of risk is in employing or contracting with an individual or entity that may have been excluded from a Federal Health program. If a person is employed or connected in any way such as through a contract or lease agreement and they have been excluded from Medicare through the Office of Inspector General, then the practice may also be in danger of being excluded, thus jeopardizing Medicare reimbursement. Many providers have recently been subjected to penalties under the Civil Money Penalties Act for employing or contracting with excluded providers.(9)

To prevent employing or entering into an association with excluded persons, make an inquiry into the OIG Exclusions database www.oig.hhs.gov/fraud/exclusions for potential employees, providers and business partners. Additionaly, establish a policy checking all employees and associations periodically, as employees sometimes have outside businesses.

Deficit Reduction Act (DRA of 2005)

The Deficit Reduction Act (DRA) of 2005 was signed into law on February 8, 2006. The DRA impacts numerous areas including fraud and abuse in Medicaid. Section 6035 of the DRA requires any entity receiving Medicaid payment of $5,000,000 or more a year to establish written policies with information  about the federal False ClaimsAct (mentioned above), state laws regarding civil or criminal penalties for false claims and whistleblower protections with respect to fraud prevention and detection.

Prevention

This provision, effective since January 1, 2007, won't apply to most practices; however, some larger practices should monitor their Medicaid Accounts Receivable to determine if this education and policies are required. If so, the most effective process to address the education and policieswould be through the development of a corporate compliance plan.

Health Insurance and Portability and Accountability Act (HIPAA)

Most Practices are comfortable with maintaining the confidentiality and processes protecting thepersonal health information (PHI). Two other areas of risk with the HIPAA requirements are Electronic Data Interchanges (EDI) requirements and Business Associate Agreements.

The primary importance of EDI is to ensure it meets the minimum transmission standards. One area of concern would be transcription being sent by a regular e-mail process, as e-mail is not totally secure and can be intercepted. Encryption is a technical safeguard you can use to meet the privacy standard.(10)

A practice should have a Business Associate Agreement (BAA) with any vendor who will have access to PHI such asaccountants, outside legal counsel, transcriptionists, billing agencies, and other vendors who may have access.

Prevention

Request your Information Support (IS) person or company to review the EDI standards and issue a statement that your system meets the requirements.

Review your list of vendors utilizing your accounts payable list which will usually capture all vendors and then determine who has access at any given time. Then require the vendor to sign a BAA defining the function of the PHI, assurance that it will not disclose PHI in amanner that contradicts the Privacy Rule, limitations on uses of PHI, and what will happen to the PHI upon termination of the agreement.

Financial Policies

Another potential compliance risk area could be within the financial policies and processes. Threepolicies commonly at risk are the Advance Beneficiary Notice (ABN), Credit Balance Policy, and the Financial Hardship Policy.

The ABN should be utilized on any Medicare Beneficiary receiving a service that is not covered by Medicare before the service is rendered. Should a service be provided and subsequently denied by Medicare, it can be billed to the patient only if an ABN form has been signed.

Medicare requires overpayments be returned within a reasonable time. Overpayments are typically identified by running a credit balance report. 

The Financial Hardship policy should define the parameters for which payment may be reduced for services provided and should not be at the discretion of the provider.

Prevention

The current ABN form and instructions may be found on the CMS website at http://www.cms.hhs.gov/BNI/02_ABN.asp

The Credit Balance policy should define how often the credit balance report is run and overpayments  returned, who is responsible, and how extenuating circumstances are addressed, such as if there is a balance due on another account for the same practice.

The Financial Hardship policy should clearly define the parameters for those who qualify and what the screening process is to meet the criteria. It should not include a "courtesy only" provision, however, copays may be waived if they are extended to a group or class of people pre-determined in the policy.

Conclusion

Compliance infiltratesmost every aspect of physician practice operations. It may begin at the front end with the registration process (e.g., compliance with HIPAA), the patient visit (e.g., documentation and coding), and end with discharge (e.g., collecting co-pays and submitting claims). Taking steps now to control risks by implementing sound policies and practices may help significantly reduce risk and penalties from non-compliance. Regularly monitoring policies and practices and adapting to changes in lawsand regulationswill help ensure continued compliancewith the complex regulatory environment in this constantly-evolving health care industry.

About the author: Gregory D. Anderson, CPA/ABV, CVA

Greg Anderson is a HORNE partner in health care services and serves as the director of HORNE's health care valuation services group. He concentrates his practice in the design, implementation and valuation of hospital/physician employment and other compensation arrangements; financial analysis and consulting on compensation plans for physician group practices; and valuation of medical practices, hospitals, diagnostic facilities, ambulatory surgery centers and other health care facilities. He present progrms to health care attorneys and other health care organizations on issues related to the fair market value of physician compensation arrangements, medical practice valuation issues, and the Stark law. In addition to authoring articles in regional and national publications, he co-authored the book,Valuation of a Medical Practice (John Wiley & Sons, Inc., 1999), and was a contributing author in thebook, BVR's Guide to Healthcare Valuation (Business Valuation Resources, LLC, 2009). 

(1) 31 U.S.C. 3729-3733 

(2) 42 C.F.R. §1395nn(a).

(3) 72 Fed. Reg. 51032 (Sept. 5, 2007).

(4) 42 C.F.R. §411.352(i).

(5) Ibid., at §411.357(e).

(6) 73 Fed. Reg. 48690(Aug. 19, 2008).

(7) Id., at 48691.

(8) Id., at 69799.

(9) 42 CFR 1003.102 (a)(2)

(10) HIPAA Privacy Rule § 164.530(c)