By: Jennifer Kirschenbaum
      Erica Youngerman

Due to the recent initiatives by Medicare, Medicaid and Third Party Payors, more and more practices are receiving audit requests for the review of medical records for potential overpayments and practice organization information to verify compliance with Federal and State practice structuring requirements. What differentiates audit requests as opposed to other potential liability that physician practices face, is that there are concrete and reasonable steps available to physicians to limit their liability exposure from audit initiatives. A sure-fire way to avoid or limit liability is to adopt a compliance plan with standards and procedures that are reasonable for your practice to comply with and that are in compliance with all applicable Federal and State laws and regulations. While this may sound like an insurmountable task, a simple compliance plan is often easily integrated into a practice’s daily routine.  Our firm has made this process easy, by standardizing compliance into a transparent legal process, as is evident on our website - CLICK HERE. 

To better understand the type of compliance program that may help your practice, the Office of the Inspector General has promulgated suggested compliance guidelines for physicians1. The benefits of a good compliance program are that your practice may: speed and optimize proper payment of claims; minimize billing mistakes; reduce the chances that an audit will be conducted by an outside party; and avoid conflicts with the self-referral and anti-kickback statutes. Another advantage to an effective compliance plan is that it provides evidence that any mistakes made by a physician or his or her practice were inadvertent.

The OIG recommends the following 7 components for an effective compliance program:

1. Conducting internal monitoring and auditing;
2. Implementing compliance and practice standards;
3. Designating a compliance officer or contact;
4. Conducting appropriate training and education;
5. Responding appropriately to detected offenses and developing corrective action;
6. Developing open lines of communication; and
7. Enforcing disciplinary standards through well-publicized guidelines.

While adopting all of the above components may not be feasible given the financial and staffing resource constraints faced by many practices, integrating some of the components may reduce your exposure to liability. As each of the above listed components offer different benefits to practices, each will be discussed in turn below.

1. Conducting Internal Monitoring and Auditing

Self-auditing is one of the best ways to ensure practice compliance with State and Federal billing and coding laws, as well as kickback and self-referral laws and regulations. Conducting self-audits can be used to determine whether bills are accurately coded and accurately reflect the services provided (as documented in the medical records); documentation is being completed correctly; services or items provided are reasonable and necessary; and any incentives for unnecessary services exist.

The best way to conduct a self-audit is to consult with a coding/billing expert and work with your legal team (to ensure confidentiality) to determine whether the physician practice complies with all applicable coding and billing procedures. Oftentimes the process that a coding/billing expert will employ is to conduct a retrospective review of records the physician practice has already submitted for payment. The coding/billing expert will then likely use extrapolation methods to make a determination of what percentage of medical records the physician practice may have to change billing practices for. Should a self-audit identify a problem with the physician practice coding and billing, the appropriate response will vary depending on the problem and you should be sure to consult with an attorney immediately.

2. Establish Practice Standards and Procedures

Written standards and procedures are a central component of any compliance program and help to reduce the prospect of erroneous claims and fraudulent activity by identifying risk areas for the practice and establishing tighter internal controls to counter those risks, while also helping to identify any aberrant billing practices. Practice policy statements regarding patient care, personnel matters and practice standards and procedures on complying with Federal and State law. Four potential risk areas for physician practices include (1) coding and billing; (2) reasonable and necessary services; (3) documentation; and (4) improper inducements, kickbacks and self-referrals. This list is not all-encompassing and should be viewed only as a starting point for an internal review of potential exposure.

3. Designation of a Compliance Officer/Contact

Compliance is an integral part of any physician practice and is best implemented if coordinated through a dependable, responsible and available source. By designating an individual to be in charge of or the coordinator of compliance the physician practice is centralizing compliance efforts. Once the physician practice designates a compliance officer/contact the practice may want to assign to that person:

• Overseeing and monitoring the implementation of the compliance program;
• Establishing methods, such as periodic audits, to improve the practice’s efficiency and quality of services, and to reduce the practice’s vulnerability to fraud and abuse;
• Periodically revising the compliance program in light of changes in the needs of the practice or changes in the law and in the standards and procedures of Government and private payor health plans;
• Developing, coordinating and participating in a training program that focuses on the components of the compliance program, and seeks to ensure that training materials are appropriate;
• Investigating any report or allegation concerning possible unethical or improper business practices, and monitoring subsequent corrective action and/or compliance.

4. Conducting Appropriate Training and Education

Continuing education through training is the key element to a successful compliance program. Two goals a practice should strive for when conducting compliance training: (1) All employees will receive training on how to perform their jobs in compliance with the standards of the practice; and (2) each employee will understand that compliance is a condition of continued employment. Depending on the employees job responsibilities at the practice will determine what training is applicable and what policies and procedures of the practice apply to that employee.

5. Responding To Detected Offenses and Developing Corrective Action Plans

Developing a compliance plan without giving thought to the consequences or ramifications of non-compliance is a futile operation. In responding to detected offenses it is critical that a practice develop a standardized plan in reaction to any offenses. Such practice may include the drafting of and filing of a non-compliance report to be kept on record in the offenders file, conducting training and reviewing the compliance plan to ensure the policies and procedures contained therein are clear and concise. In addition, certain issues of non-compliance will require the immediate attention of an attorney, such as the discovery of billing errors.

6. Developing Open Lines of Communication

While this element of a compliance program seems self-explanatory, it is oftentimes the hardest element to implement in the practice setting. To facilitate open lines of communication many practices find it helpful to make it known that the designated compliance officer/contact has an “open door policy” for all employees regarding compliance. In addition, the practice may want to the following into its policies and procedures:

‣The requirement that employees report conduct that a reasonable person would, in good faith, believe to be erroneous or fraudulent;
‣The creation of a user-friendly process (such as an anonymous drop box) for effectively reporting erroneous or fraudulent conduct;
‣Provisions in the standards and procedures that state that a failure to report erroneous or fraudulent conduct is a violation of the compliance program;
‣The development of a simple and readily accessible procedure to process reports of erroneous or fraudulent conduct;
‣Provisions in the standards and procedures that there will be no retribution for reporting conduct that a reasonable person acting in good faith would have believed to be erroneous or fraudulent.

7. Enforcing Disciplinary Standards through Well-Publicized Guidelines

Have a compliance program that the employees of the practice are not aware of is useless. Once the practice has developed a working compliance plan for its size and setup it is imperative that the employees of the practice regularly review the compliance plan and that the compliance plan is readily accessible. Requiring employees to regularly sign off on having read the policies is an efficient way to ensure that the compliance plan is promulgated. The compliance officer/contact should schedule regular dissemination of the compliance plan and updates thereto.

Should you have any questions about compliance or developing a compliance plan, please contact Jennifer or Erica at (516) 747-6700 or via email at or Additional information about compliance can also be found at