In prior posts, we discussed some of the common due diligence and compliance issues for ketamine clinics (see here and here). In this post, we discuss a healthcare compliance plan and the importance of having one in place for ketamine clinics. The Department of Health and Human Services (“HHS”) (which houses, among other agencies, the Centers for Medicare & Medicaid Services or “CMS”) has a department named the Office of Inspector General (the “OIG”). As noted on the OIG’s website:
HHS OIG is the largest inspector general’s office in the Federal Government, with approximately 1,600 dedicated to combating fraud, waste and abuse and to improving the efficiency of HHS programs. A majority of OIG’s resources goes toward the oversight of Medicare and Medicaid — programs that represent a significant part of the Federal budget and that affect this country’s most vulnerable citizens. Our government oversight extends to programs under other HHS institutions, including the Centers for Disease Control and Prevention, National Institutes of Health, and the Food and Drug Administration.
OIG is one of the primary regulatory agencies for fighting fraud and abuse in the healthcare industry. If a healthcare provider takes federal reimbursement (e.g., Medicare, Medicaid, VA, etc.) then various federal healthcare fraud and abuse laws come into play (e.g., the Anti-Kickback Statute, the Stark Law, the False Claims Act, etc.). While not all ketamine clinics are Medicare participating providers, we have seen a growing number of such clinics take Medicare reimbursement. Thus, OIG oversight is becoming more commonplace for ketamine clinics.
Moreover, in addition to the foregoing federal laws, most states have various forms of their own fraud and abuse laws, in addition to the corporate practice of medicine doctrine. Any well-crafted compliance plan should include all applicable state and federal healthcare laws.
Why Have a Compliance Plan?
A compliance plan makes good business sense, especially in the highly regulated field of healthcare. It is like the old adage in medicine – “an ounce of prevention is worth a pound of cure.” Penalties, fines, and other remedies imposed by OIG can be extremely costly, and in some instances, can lead to jail time for violations of certain federal laws.
Moreover, a sound compliance plan can likewise lead to cost savings for healthcare providers. As the OIG noted, “These programs can also benefit physician practices by helping to streamline operations.” OIG Compliance Program for Individual and Small Group Physician Practices, 65 Fed. Reg. 59345 (October 5, 2000). The OIG went on to note that a compliance plan can also: (1) speed and optimize proper payment of claims, (2) minimize billings mistakes, (3) reduce the chance that an audit will be conducted by CMS or the OIG, and (4) avoid conflicts with the self-referral and anti-kickback statutes. Id.
Under the Federal Sentencing Guidelines (the “Guidelines”) any entity (healthcare or otherwise) convicted of a crime that has an effective compliance program can apply for certain relief. When determining the amount of a fine, the Guidelines direct a court to establish a “culpability score” by calculating aggravating and mitigating factors. While a compliance program does not exculpate an individual from being criminally charged or being criminally convicted, it does demonstrate that the organization and/or the individual took reasonable efforts to prevent, detect and correct any improper conduct. Moreover, a compliance plan may lower the starting “culpability score” by up to 60%. Conversely, not having a compliance program is considered an aggravating factor that increases the culpability score.
There are real consequences for not having a compliance plan in place.
What are the Elements of an Effective Compliance Plan?
The OIG has released several different compliance plans for the healthcare industry. For purposes of this article, we rely upon the OIG Compliance Program for Individual and Small Physician Practices because it most closely approximates a ketamine clinic (the “OIG Compliance Guidance).
As noted in one of our prior articles, the seven elements of an effective compliance plan include:
Conducting internal monitoring and auditing through the performance of periodic audits;
Implementing compliance and practice standards through the development of written standards and procedures;
Designating a compliance officer or contact(s) to monitor compliance efforts and enforce practice standards;
Conducting appropriate training and education on practice standards and procedures;
Responding appropriately to detected violations through the investigation of allegations and the disclosure of incidents to appropriate Government entities;
Developing open lines of communication, such as (1) discussions at staff meetings regarding how to avoid erroneous or fraudulent conduct and (2) community bulletin boards, to keep practice employees updated regarding compliance activities; and
Enforcing disciplinary standards through well-publicized guidelines.
65 Fed. Reg. at 59436.
The OIG Compliance Guidance goes into detail for each of the seven elements. While a full discussion of each element is beyond the scope of this article, a few of the highlights are set forth below.
Under the first step, auditing and monitoring, the OIG breaks this down into two sub-parts: (1) standards and procedures and (2) claims submission audit. Under standards and procedures, a ketamine clinic should regularly review its compliance plan and its fraud and abuse policies and procedures. Healthcare compliance and the legal landscape are constantly evolving and changing. New laws are passed, new regulations are promulgated, and new court decisions are handed down. Therefore, it is vitally important that a compliance plan is current and covers areas that apply to a particular practice.
Undertaking a claims audit is a way to check if your practice is complying with various state and federal laws. As the OIG noted, “In addition to the standards and procedures themselves, it is advisable that bills and medical records be reviewed for compliance with applicable coding, billing and documentation requirements.” Id. at 59437. Moreover, a self-audit can be used to determine whether:
Bills are accurately coded and accurately reflect the services provided (as documented in the medical records);
Documentation is being completed correctly;
Services or items provided are reasonable and necessary; and
Any incentives for unnecessary services exist.
Each of the foregoing areas tracks some of the federal legal requirements. For example, to bill Medicare, a physician certifies that the services were both reasonable and necessary. If that turns out to be incorrect, the physician and/or the practice could have liability for submitting false claims to the federal government.
The second element of a compliance plan is to develop and implement policies and procedures that emanate from the compliance plan. Often, for a small practice, there are form compliance policies and procedures that can be purchased and then tailored to an individual practice’s needs. Moreover, as the OIG notes:
Additionally, if the physician practice works with a physician practice management company (PPMC), independent practice association (IPA), physician-hospital organization, management services organization (MSO), or third-party billing company, the practice can incorporate the compliance standards and procedures of those entities, if appropriate, into its own standards and procedures. Many physician practices have found that the adoption of a third party’s compliance standards and procedures, as appropriate, has many benefits and the result is a consistent set of standards and procedures for a community of physicians as well as having just one entity that can then monitor and refine the process as needed.
Id. at 59348. Whether developing your own policies or adopting those of another entity, it is vitally important to train and re-train all employees on both the compliance plan as well as the policies and procedures. Simply putting together a plan, but doing nothing else, is just a waste of time and resources. For a compliance plan to work, compliance needs to be a regular activity of any healthcare organization.
Is There a “One Size Fits All” Approach to Compliance Plans?
Every healthcare practice is different and has its own compliance issues to focus on. A provider should focus on those issues that are most prevalent in his practice. The important thing to remember is that a compliance plan should be tailored to the specific needs and areas of risk for a provider. Moreover, the OIG recognizes that a small provider does not have the same resources and issues as a large multi-state hospital system. As the OIG noted:
The extent of implementation will depend on the size and resources of the practice. Smaller physician practices may incorporate each of the components in a manner that best suits the practice. By contrast, larger physician practices often have the means to incorporate the components in a more systematic manner. For example, larger physician practices can use both this guidance and the Third-Party Medical Billing Compliance Program Guidance, which provides a more detailed compliance program structure, to create a compliance program unique to the practice. Id. at 59436.
Ultimately, healthcare providers need to take the time to familiarize themselves with the legal risks that confront their practice. Healthcare is a tremendously complex area of the law with a myriad of legal requirements. Ignorance of the law is never a defense to a legal action. Given the high stakes involved with violating a healthcare law, a compliance plan should be an essential tool for any ketamine clinic, just like every other healthcare provider.