The practice of medicine is subject to diverse state and federal regulations. In some cases, noncompliance may have serious negative consequences. Failure to adhere to state or federal fraud and abuse laws (for instance, by carelessly submitting false claims, or by consistently billing for services that are not medically necessary) can result in stiff fines, provider contract terminations, exclusions from state and federal payment programs like Medicare and Medicaid, and even criminal penalties. Thus, every physician practice should implement some type of compliance plan to increase the likelihood the practice will remain in compliance with all applicable laws and regulations.
Although fraud and abuse aspects of compliance plans are more frequently discussed, a practice’s compliance plan should also take into account other regulatory regimes, such as those adopted under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Clinical Laboratory Improvement Amendments (CLIA), and the Occupational Safety and Health Act of 1970.
A clear commitment to compliance– A compliance plan must ensure that everyone in the organization understands the obligation to comply with established and understood standards, and that the organization will take actions to uphold those standards.
Appointment of a trustworthy compliance officer with a high level of responsibility– The compliance officer will be considered to have the requisite authority if he or she is able to influence behavior and organizational practices.
Effective training and education programs– There must be a routine training and education process that addresses the role of everyone involved in the organization and makes participation in the compliance program understandable.
Auditing and monitoring– There must be a regular review of the organization's activities to determine whether the rules are being met. The monitoring process must include a methodology to facilitate employee reporting of suspected violations.
Communications– Organizations must maintain an effective communications process, including a "hotline" procedure to facilitate reporting of suspected violations.
Internal investigation and enforcement– Organizations must be able to conduct an appropriate investigation and take disciplinary actions.
Response to identified offenses and application of corrective action initiatives– Upon identifying a compliance problem, organizations have a responsibility to take demonstrable corrective actions, including steps to prevent further similar offenses.
An active fraud and abuse compliance plan can significantly reduce the likelihood that a practice will be:
- found to have violated fraud and abuse laws;
- exposed to fraud and abuse allegations; or
- subject to an audit.
A physician practice compliance plan should address how the practice will comply with the requirements of the Privacy, Security, and Transaction and Code Sets Rules that HHS adopted pursuant to HIPAA. The AMA has created a variety of HIPAA compliance resources specifically designed to help physicians comply with all aspects of the Privacy, Security, and Transactions and Code Sets Rules, including sample forms and documents, updates on new guidance from the Federal government, and useful compliance tips.
A physician practice compliance program should also take into account requirements imposed by Occupational Safety and Health Administration (OSHA) regulations. OSHA regulates all private sector working conditions that are not addressed by safety and health regulations of another federal agency.
Physician practices are subject to a number of regulations that OSHA has adopted. The regulations address, but are not limited to:
- hazard communication;
- blood-borne pathogens;
- electrical hazards;
- exit routes; and
- ionizing radiation (if applicable).
Physicians interested in learning more about how to comply with OSHA regulations may wish to access, "OSHA’s Compliance Assistance Quick Start: Health Care Industry," resource.
If a physician practice operates a clinical laboratory, the practice’s compliance plan should address the requirements that HHS has implemented pursuant to the Clinical Laboratories Improvement Act (CLIA). These requirements can vary extensively depending on the type and complexity of the tests that the practice’s laboratory performs.
Physicians will have to consider their individual circumstances to determine which additional issues their compliance plans should address.