Similar components have been contained in previous guidances issued by the OIG. However, unlike other guidances issued by OIG, this guidance for physicians does not suggest that physician practices implement all seven components of a full scale compliance program. Instead, the guidance emphasizes a step by step approach to follow in developing and implementing a voluntary compliance program. This change is in recognition of the financial and staffing resource constraints faced
[[Page 59435]]
by physician practices. The guidance should not be viewed as mandatory or as an allinclusive discussion of the advisable components of a compliance program. Rather, the document is intended to present guidance to assist physician practices that voluntarily choose to develop a compliance program.
Office of Inspector General's Compliance Program Guidance for Individual and Small Group Physician Practices

I. Introduction

This compliance program guidance is intended to assist individual and small group physician practices (``physician practices'') \1\ in developing a voluntary compliance program that promotes adherence to statutes and regulations applicable to the Federal health care programs (``Federal health care program requirements''). The goal of voluntary compliance programs is to provide a tool to strengthen the efforts of health care providers to prevent and reduce improper conduct. These programs can also benefit physician practices\2\ by helping to streamline business operations.
\1\ For the purpose of this guidance, the term ``physician'' is defined as: (1) a doctor of medicine or osteopathy; (2) a doctor of dental surgery or of dental medicine; (3) a podiatrist; (4) an optometrist; or (5) a chiropractor, all of whom must be
appropriately licensed by the State. 42 U.S.C. 1395x(r).
\2\ Much of this guidance can also apply to other independent practitioners, such as psychologists, physical therapists, speech language pathologists, and occupational therapists.

Many physicians have expressed an interest in better protecting their practices from the potential for erroneous or fraudulent conduct through the implementation of voluntary compliance programs. The Office of Inspector General (OIG) believes that the great majority of physicians are honest and share our goal of protecting the integrity of Medicare and other Federal health care programs. To that end, all health care providers have a duty to ensure that the claims submitted to Federal health care programs are true and accurate. The development of voluntary compliance programs and the active application of compliance principles in physician practices will go a long way toward achieving this goal.

Through this document, the OIG provides its views on the fundamental components of physician practice compliance programs, as well as the principles that a physician practice might consider when developing and implementing a voluntary compliance program. While this document presents basic procedural and structural guidance for designing a voluntary compliance program, it is not in and of itself a compliance program. Indeed, as recognized by the OIG and the health care industry, there is no ``one size fits all'' compliance program, especially for physician practices. Rather, it is a set of guidelines that physician practices can consider if they choose to develop and implement a compliance program.

As with the OIG's previous guidance, \3\ these guidelines are not mandatory. Nor do they represent an allinclusive document containing all components of a compliance program. Other OIG outreach efforts, as well as other Federal agency efforts to promote compliance,\4\ can also be used in developing a compliance program. However, as explained later, if a physician practice adopts a voluntary and active compliance program, it may well lead to benefits for the physician practice. \3\ Currently, the OIG has issued compliance program guidance for the following eight industry sectors: hospitals, clinical laboratories, home health agencies, durable medical equipment suppliers, thirdparty medical billing companies, hospices, Medicare+Choice organizations offering coordinated care plans, and nursing facilities. The guidance listed here and referenced in this document is available on the OIG web site at http://www.hhs.gov/oig in the Electronic Reading Room or by calling the OIG Public Affairs office at (202) 6191343.
\4\ The OIG has issued Advisory Opinions responding to specific inquiries concerning the application of the OIG's authorities, in particular, the antikickback statute, and Special Fraud Alerts setting forth activities that raise legal and enforcement issues. These documents, as well as reports from the OIG's Office of Audit Services and Office of Evaluation and Inspections can be obtained via the Internet address or phone number provided in Footnote 3. Physician practices can also review the Health Care Financing Administration (HCFA) web site on the Internet at http:// www.hcfa.gov, for uptodate regulations, manuals, and program memoranda related to the Medicare and Medicaid programs.

A. Scope of the Voluntary Compliance Program Guidance

This guidance focuses on voluntary compliance measures related to claims submitted to the Federal health care programs. Issues related to private payor claims may also be covered by a compliance plan if the physician practice so desires.

The guidance is also limited in scope by focusing on the development of voluntary compliance programs for individual and small group physician practices. The difference between a small practice and a large practice cannot be determined by stating a particular number of physicians. Instead, our intent in narrowing the guidance to the small practices subset was to provide guidance to those physician practices whose financial or staffing resources would not allow them to implement a full scale, institutionally structured compliance program as set forth in the Third Party Medical Billing Guidance or other previously released OIG guidance. A compliance program can be an important tool for physician practices of all sizes and does not have to be costly, resourceintensive or timeintensive.

B. Benefits of a Voluntary Compliance Program

The OIG acknowledges that patient care is, and should be, the first priority of a physician practice. However, a practice's focus on patient care can be enhanced by the adoption of a voluntary compliance program. For example, the increased accuracy of documentation that may result from a compliance program will actually assist in enhancing patient care. The OIG believes that physician practices can realize numerous other benefits by implementing a compliance program. A well designed compliance program can:

The incorporation of compliance measures into a physician practice should not be at the expense of patient care, but instead should augment the ability of the physician practice to provide quality patient care.

Voluntary compliance programs also provide benefits by not only helping to prevent erroneous or fraudulent claims, but also by showing that the physician practice is making additional good faith efforts to submit claims appropriately. Physicians should view compliance programs as analogous to practicing preventive medicine for their practice. Practices that embrace the active application of compliance principles in their practice culture and put efforts towards compliance on a continued basis can help to prevent problems from occurring in the future.

A compliance program also sends an important message to a physician practice's employees that while the practice recognizes that mistakes will occur, employees have an affirmative, ethical duty to come forward and report erroneous or fraudulent conduct, so that it may be corrected.
[[Page 59436]]

C. Application of Voluntary Compliance Program Guidance

The applicability of these recommendations will depend on the circumstances and resources of the particular physician practice.

Each physician practice can undertake reasonable steps to implement compliance measures, depending on the size and resources of that practice. Physician practices can rely, at least in part, upon standard protocols and current practice procedures to develop an appropriate compliance program for that practice. In fact, many physician practices already have established the framework of a compliance program without referring to it as such.
D. The Difference Between ``Erroneous'' and ``Fraudulent'' Claims To Federal Health Programs

There appear to be significant misunderstandings within the physician community regarding the critical differences between what the Government views as innocent ``erroneous'' claims on the one hand and ``fraudulent'' (intentionally or recklessly false) health care claims on the other. Some physicians feel that Federal law enforcement agencies have maligned medical professionals, in part, by a perceived focus on innocent billing errors. These physicians are under the impression that innocent billing errors can subject them to civil penalties, or even jail. These impressions are mistaken.

To address these concerns, the OIG would like to emphasize the following points. First, the OIG does not disparage physicians, other medical professionals or medical enterprises. In our view, the great majority of physicians are working ethically to render high quality medical care and to submit proper claims.

Second, under the law, physicians are not subject to criminal, civil or administrative penalties for innocent errors, or even negligence. The Government's primary enforcement tool, the civil False Claims Act, covers only offenses that are committed with actual knowledge of the falsity of the claim, reckless disregard, or deliberate ignorance of the falsity of the claim.\5\ The False Claims Act does not encompass mistakes, errors, or negligence. The Civil Monetary Penalties Law, an administrative remedy, similar in scope and effect to the False Claims Act, has exactly the same standard of proof.\6\ The OIG is very mindful of the difference between innocent errors (``erroneous claims'') on one hand, and reckless or intentional conduct (``fraudulent claims'') on the other. For criminal penalties, the standard is even highercriminal intent to defraud must be proved beyond a reasonable doubt.
\5\ 31 U.S.C. 3729.

\6\ 42 U.S.C. 1320a7a.

Third, even ethical physicians (and their staffs) make billing mistakes and errors through inadvertence or negligence. When physicians discover that their billing errors, honest mistakes, or negligence result in erroneous claims, the physician practice should return the funds erroneously claimed, but without penalties. In other words, absent a violation of a civil, criminal or administrative law, erroneous claims result only in the return of funds claimed in error.

Fourth, innocent billing errors are a significant drain on the Federal health care programs. All parties (physicians, providers, carriers, fiscal intermediaries, Government agencies, and
beneficiaries) need to work cooperatively to reduce the overall error rate.

Finally, it is reasonable for physicians (and other providers) to ask: what duty do they owe the Federal health care programs? The answer is that all health care providers have a duty to reasonably ensure that the claims submitted to Medicare and other Federal health care programs are true and accurate. The OIG continues to engage the provider community in an extensive, good faith effort to work cooperatively on voluntary compliance to minimize errors and to prevent potential penalties for improper billings before they occur. We encourage all physicians and other providers to join in this effort.
II. Developing a Voluntary Compliance Program
A. The Seven Basic Components of a Voluntary Compliance Program

The OIG believes that a basic framework for any voluntary compliance program begins with a review of the seven basic components of an effective compliance program. A review of these components provides physician practices with an overview of the scope of a fully developed and implemented compliance program. The following list of components, as set forth in previous OIG compliance program guidances, can form the basis of a voluntary compliance program for a physician practice:

These seven components provide a solid basis upon which a physician practice can create a compliance program. The OIG acknowledges that full implementation of all components may not be feasible for all physician practices. Some physician practices may never fully implement all of the components. However, as a first step, physician practices can begin by adopting only those components which, based on a practice's specific history with billing problems and other compliance issues, are most likely to provide an identifiable benefit.

The extent of implementation will depend on the size and resources of the practice. Smaller physician practices may incorporate each of the components in a manner that best suits the practice. By contrast, larger physician practices often have the means to incorporate the components in a more systematic manner. For example, larger physician practices can use both this guidance and the ThirdParty Medical Billing Compliance Program Guidance, which provides a more detailed compliance program structure, to create a compliance program unique to the practice.

The OIG recognizes that physician practices need to find the best way to achieve compliance for their given circumstances. Specifically, the OIG encourages physician practices to participate in other provider's compliance programs, such as the compliance programs of the hospitals or other settings in which the physicians practice. Physician Practice Management companies also may serve as a source of compliance program guidance. A physician practice's participation in such compliance programs could be a way, at least partly,
[[Page 59437]]

to augment the practice's own compliance efforts.

The opportunities for collaborative compliance efforts could include participating in training and education programs or using another entity's policies and procedures as a template from which the physician practice creates its own version. The OIG encourages this type of collaborative effort, where the content is appropriate to the setting involved (i.e., the training is relevant to physician practices as well as the sponsoring provider), because it provides a means to promote the desired objective without imposing excessive burdens on the practice or requiring physicians to undertake duplicative action. However, to prevent possible antikickback or selfreferral issues, the OIG recommends that physicians consider limiting their participation in a sponsoring provider's compliance program to the areas of training and education or policies and procedures.

The key to avoiding possible conflicts is to ensure that the entity providing compliance services to a physician practice (its referral source) is not perceived as nor is it operating the practice compliance program at no charge. For example, if the sponsoring entity conducted claims review for the physician practice as part of a compliance program or provided compliance oversight without charging the practice fair market value for those services, the antikickback and Stark self referral laws would be implicated. The payment of fair market value by referral sources for compliance services will generally address these concerns.

B. Steps for Implementing a Voluntary Compliance Program

As previously discussed, implementing a voluntary compliance program can be a multitiered process. Initial development of the compliance program can be focused on practice risk areas that have been problematic for the practice such as coding and billing. Within this area, the practice should examine its claims denial history or claims that have resulted in repeated overpayments, and identify and correct the most frequent sources of those denials or overpayments. A review of claim denials will help the practice scrutinize a significant risk area and improve its cash flow by submitting correct claims that will be paid the first time they are submitted. As this example illustrates, a compliance program for a physician practice often makes sound business sense.

The following is a suggested order of the steps a practice could take to begin the development of a compliance program. The steps outlined below articulate all seven components of a compliance program and there are numerous suggestions for implementation within each component. Physician practices should keep in mind, as stated earlier, that it is up to the practice to determine the manner in which and the extent to which the practice chooses to implement these voluntary measures.

Step One: Auditing and Monitoring

An ongoing evaluation process is important to a successful compliance program. This ongoing evaluation includes not only whether the physician practice's standards and procedures are in fact current and accurate, but also whether the compliance program is working, i.e., whether individuals are properly carrying out their responsibilities and claims are submitted appropriately. Therefore, an audit is an excellent way for a physician practice to ascertain what, if any, problem areas exist and focus on the risk areas that are associated with those problems. There are two types of reviews that can be performed as part of this evaluation: (1) A standards and procedures review; and (2) a claims submission audit.

1. Standards and Procedures

It is recommended that an individual(s) in the physician practice be charged with the responsibility of periodically reviewing the practice's standards and procedures to determine if they are current and complete. If the standards and procedures are found to be ineffective or outdated, they should be updated to reflect changes in Government regulations or compendiums generally relied upon by physicians and insurers (i.e., changes in Current Procedural Terminology (CPT) and ICD9CM codes).

2. Claims Submission Audit

In addition to the standards and procedures themselves, it is advisable that bills and medical records be reviewed for compliance with applicable coding, billing and documentation requirements. The individuals from the physician practice involved in these selfaudits would ideally include the person in charge of billing (if the practice has such a person) and a medically trained person (e.g., registered nurse or preferably a physician (physicians can rotate in this position)). Each physician practice needs to decide for itself whether to review claims retrospectively or concurrently with the claims submission. In the ThirdParty Medical Billing Compliance Program Guidance, the OIG recommended that a baseline, or ``snapshot,'' be used to enable a practice to judge over time its progress in reducing or eliminating potential areas of vulnerability. This practice, known as ``benchmarking,'' allows a practice to chart its compliance efforts by showing a reduction or increase in the number of claims paid and denied.

The practice's selfaudits can be used to determine whether:

A baseline audit examines the claim development and submission process, from patient intake through claim submission and payment, and identifies elements within this process that may contribute to non compliance or that may need to be the focus for improving execution.\7\ This audit will establish a consistent methodology for selecting and examining records, and this methodology will then serve as a basis for future audits.
\7\ See Appendix D.II. referencing the Provider SelfDisclosure Protocol for information on how to conduct a baseline audit.

There are many ways to conduct a baseline audit. The OIG recommends that claims/services that were submitted and paid during the initial three months after implementation of the education and training program be examined, so as to give the physician practice a benchmark against which to measure future compliance effectiveness.

Following the baseline audit, a general recommendation is that periodic audits be conducted at least once each year to ensure that the compliance program is being followed. Optimally, a randomly selected number of medical records could be reviewed to ensure that the coding was performed accurately. Although there is no set formula to how many medical records should be reviewed, a basic guide is five or more medical records per Federal payor (i.e., Medicare, Medicaid), or five to ten medical records per physician. The OIG realizes that physician practices receive reimbursement from a number of different payors, and we would encourage a physician practice's auditing/monitoring process to consist of a review of claims from all Federal payors from which the practice receives reimbursement. Of course, the larger the sample size, the larger the comfort level
[[Page 59438]]
the physician practice will have about the results. However, the OIG is aware that this may be burdensome for some physician practices, so, at a minimum, we would encourage the physician practice to conduct a review of claims that have been reimbursed by Federal health care programs.

If problems are identified, the physician practice will need to determine whether a focused review should be conducted on a more frequent basis. When audit results reveal areas needing additional information or education of employees and physicians, the physician practice will need to analyze whether these areas should be incorporated into the training and educational system.

There are many ways to identify the claims/services from which to draw the random sample of claims to be audited. One methodology is to choose a random sample of claims/services from either all of the claims/services a physician has received reimbursement for or all claims/services from a particular payor. Another method is to identify risk areas or potential billing vulnerabilities. The codes associated with these risk areas may become the universe of claims/services from which to select the sample. The OIG recommends that the physician practice evaluate claims/services selected to determine if the codes billed and reimbursed were accurately ordered, performed, and reasonable and necessary for the treatment of the patient.

One of the most important components of a successful compliance audit protocol is an appropriate response when the physician practice identifies a problem. This action should be taken as soon as possible after the date the problem is identified. The specific action a physician practice takes should depend on the circumstances of the situation. In some cases, the response can be as straight forward as generating a repayment with appropriate explanation to Medicare or the appropriate payor from which the overpayment was received. In others, the physician practice may want to consult with a coding/billing expert to determine the next best course of action. There is no boilerplate solution to how to handle problems that are identified.

It is a good business practice to create a system to address how physician practices will respond to and report potential problems. In addition, preserving information relating to identification of the problem is as important as preserving information that tracks the physician practice's reaction to, and solution for, the issue. Step 2: Establish Practice Standards and Procedures

After the internal audit identifies the practice's risk areas, the next step is to develop a method for dealing with those risk areas through the practice's standards and procedures. Written standards and procedures are a central component of any compliance program. Those standards and procedures help to reduce the prospect of erroneous claims and fraudulent activity by identifying risk areas for the practice and establishing tighter internal controls to counter those risks, while also helping to identify any aberrant billing practices. Many physician practices already have something similar to this called ``practice standards'' that include practice policy statements regarding patient care, personnel matters and practice standards and procedures on complying with Federal and State law.

The OIG believes that written standards and procedures can be helpful to all physician practices, regardless of size and capability. If a lack of resources to develop such standards and procedures is genuinely an issue, the OIG recommends that a physician practice focus first on those risk areas most likely to arise in its particular practice.\8\ Additionally, if the physician practice works with a physician practice management company (PPMC), independent practice association (IPA), physicianhospital organization, management services organization (MSO) or thirdparty billing company, the practice can incorporate the compliance standards and procedures of those entities, if appropriate, into its own standards and procedures. Many physician practices have found that the adoption of a third party's compliance standards and procedures, as appropriate, has many benefits and the result is a consistent set of standards and procedures for a community of physicians as well as having just one entity that can then monitor and refine the process as needed. This sharing of compliance responsibilities assists physician practices in rural areas that do not have the staff to perform these functions, but do belong to a group that does have the resources. Physician practices using another entity's compliance materials will need to tailor those materials to the physician practice where they will be applied.
\8\ Physician practices with laboratories or arrangements with thirdparty billing companies can also check the risk areas included in the OIG compliance program guidance for those industries.

Physician practices that do not have standards or procedures in place can develop them by: (1) Developing a written standards and procedures manual; and (2) updating clinical forms periodically to make sure they facilitate and encourage clear and complete documentation of patient care. A practice's standards could also identify the clinical protocol(s), pathway(s), and other treatment guidelines followed by the practice.

Creating a resource manual from publicly available information may be a costeffective approach for developing additional standards and procedures. For example, the practice can develop a ``binder'' that contains the practice's written standards and procedures, relevant HCFA directives and carrier bulletins, and summaries of informative OIG documents (e.g., Special Fraud Alerts, Advisory Opinions, inspection and audit reports).\9\ If the practice chooses to adopt this idea, the binder should be updated as appropriate and located in a readily accessible location.
\9\ The OIG and HCFA are working to compile a list of basic documents issued by both entities that could be included in such a binder. We expect to complete this list later this fall, and will post it on the OIG and HCFA web sites, as well as publicize this list to physician organizations and representatives (information on how to contact the OIG is contained in Footnote 3; HCFA information can be obtained at www.hcfa.gov/medlearn or by calling 1800 MEDICARE).

If updates to the standards and procedures are necessary, those updates should be communicated to employees to keep them informed regarding the practice's operations. New employees can be made aware of the standards and procedures when hired and can be trained on their contents as part of their orientation to the practice. The OIG recommends that the communication of updates and training of new employees occur as soon as possible after either the issuance of a new update or the hiring of a new employee.

1. Specific Risk Areas

The OIG recognizes that many physician practices may not have in place standards and procedures to prevent erroneous or fraudulent conduct in their practices. In order to develop standards and procedures, the physician practice may consider what types of fraud and abuse related topics need to be addressed based on its specific needs. One of the most important things in making that determination is a listing of risk areas where the practice may be vulnerable.

To assist physician practices in performing this initial assessment, the OIG has developed a list of four potential risk areas affecting physician practices. These risk areas include: (a) Coding and billing; (b) reasonable and necessary services; (c) documentation; [[Page 59439]]
and (d) improper inducements, kickbacks and selfreferrals. This list of risk areas is not exhaustive, or allencompassing. Rather, it should be viewed as a starting point for an internal review of potential vulnerabilities within the physician practice.\10\ The objective of such an assessment is to ensure that key personnel in the physician practice are aware of these major risk areas and that steps are taken to minimize, to the extent possible, the types of problems identified. While there are many ways to accomplish this objective, clear written standards and procedures that are communicated to all employees are important to ensure the effectiveness of a compliance program. Specifically, the following are discussions of risk areas for physician practices: \11\
\10\ Physician practices seeking additional guidance on potential risk areas can review the OIG's Work Plan to identify vulnerabilities and risk areas on which the OIG will focus in the future. In addition, physician practices can also review the OIG's semiannual reports, which identify program vulnerabilities and risk areas that the OIG has targeted during the preceding six months. All of these documents are available on the OIG's webpage at http:// www.hhs.gov/oig.
\11\ Appendix A of this document lists additional risk areas that a physician practice may want to review and incorporate into their practice standards and procedures.

a. Coding and Billing. A major part of any physician practice's compliance program is the identification of risk areas associated with coding and billing. The following risk areas associated with billing have been among the most frequent subjects of investigations and audits by the OIG:

The physician practice written standards and procedures concerning proper coding reflect the current reimbursement principles set forth in applicable statutes, regulations \21\ and Federal, State or private payor health care program requirements and should be developed in tandem with coding and billing standards used in the physician practice. Furthermore, written standards and procedures should ensure that coding and billing are based on medical record documentation. Particular attention should be paid to issues of appropriate diagnosis codes and individual Medicare Part B claims (including documentation guidelines for evaluation and management services).\22\ A physician practice can also institute a policy that the coder and/or physician review all rejected claims pertaining to diagnosis and procedure codes. This step can facilitate a reduction in similar errors.
\21\ The official coding guidelines are promulgated by HCFA, the National Center for Health Statistics, the American Hospital Association, the American Medical Association and the American Health Information Management Association. See International Classification of Diseases, 9th Revision, Clinical Modification (ICD9 CM)(and its successors); 1998 Health Care Financing
Administration Common Procedure Coding System (HCPCS) (and its successors); and Physicians' CPT. In addition, there are specialized coding systems for specific segments of the health care industry. Among these are ADA (for dental procedures), DSM IV (psychiatric health benefits) and DMERCs (for durable medical equipment, prosthetics, orthotics and supplies).
\22\ The failure of a physician practice to: (i) document items and services rendered; and (ii) properly submit the corresponding claims for reimbursement is a major area of potential erroneous or fraudulent conduct involving Federal health care programs. The OIG has undertaken numerous audits, investigations, inspections and national enforcement initiatives in these areas.

b. Reasonable and Necessary Services. A practice's compliance program may provide guidance that claims are to be submitted only for services that the physician practice finds to be reasonable and necessary in the particular case. The OIG recognizes that physicians should be able to order any tests, including screening tests, they believe are appropriate for the treatment of their patients. However, a physician practice should be aware that Medicare will only pay for services that meet the Medicare definition of reasonable and necessary.\23\
\23\ ``* * * for the diagnosis or treatment of illness or injury or to improve the functioning of a malformed body member.'' 42 U.S.C. 1395y(a)(1)(A).

Medicare (and many insurance plans) may deny payment for a service that is not reasonable and necessary according to the Medicare reimbursement rules. Thus, when a physician provides services to a Medicare beneficiary, he or she should only bill those services that meet the Medicare standard of being reasonable and necessary for the diagnosis and treatment of a patient. A physician practice can bill in order to receive a denial for services, but only if the denial is needed for reimbursement from the secondary payor. Upon request, the physician practice should be able to provide documentation, such as a patient's medical records and
[[Page 59440]]
physician's orders, to support the appropriateness of a service that the physician has provided.

c. Documentation. Timely, accurate and complete documentation is important to clinical patient care. This same documentation serves as a second function when a bill is submitted for payment, namely, as verification that the bill is accurate as submitted. Therefore, one of the most important physician practice compliance issues is the appropriate documentation of diagnosis and treatment. Physician documentation is necessary to determine the appropriate medical treatment for the patient and is the basis for coding and billing determinations. Thorough and accurate documentation also helps to ensure accurate recording and timely transmission of information.

i. Medical Record Documentation. In addition to facilitating high quality patient care, a properly documented medical record verifies and documents precisely what services were actually provided. The medical record may be used to validate: (a) The site of the service; (b) the appropriateness of the services provided; (c) the accuracy of the billing; and (d) the identity of the care giver (service provider). Examples of internal documentation guidelines a practice might use to ensure accurate medical record documentation include the following: \24\
\24\ For additional information on proper documentation, physician practices should also reference the Documentation Guidelines for Evaluation and Management Services, published by HCFA. Currently, physicians may document based on the 1995 or 1997 E&M Guidelines, whichever is most advantageous to the physician. A new set of draft guidelines were announced in June 2000, and are undergoing pilot testing and revision, but are not in current use.

The CPT and ICD9CM codes reported on the health insurance claims form should be supported by documentation in the medical record and the medical chart should contain all necessary information. Additionally, HCFA and the local carriers should be able to determine the person who provided the services. These issues can be the root of investigations of inappropriate or erroneous conduct, and have been identified by HCFA and the OIG as a leading cause of improper payments.

One method for improving quality in documentation is for a physician practice to compare the practice's claim denial rate to the rates of other practices in the same specialty to the extent that the practice can obtain that information from the carrier. Physician coding and diagnosis distribution can be compared for each physician within the same specialty to identify variances.

ii. HCFA 1500 Form. Another documentation area for physician practices to monitor closely is the proper completion of the HCFA 1500 form. The following practices will help ensure that the form has been properly completed:

d. Improper Inducements, Kickbacks and SelfReferrals. A physician practice would be well advised to have standards and procedures that encourage compliance with the antikickback statute \25\ and the physician selfreferral law.\26\ Remuneration for referrals is illegal because it can distort medical decisionmaking, cause overutilization of services or supplies, increase costs to Federal health care programs, and result in unfair competition by shutting out competitors who are unwilling to pay for referrals. Remuneration for referrals can also affect the quality of patient care by encouraging physicians to order services or supplies based on profit rather than the patients' best medical interests.\27\
\25\ The antikickback statute provides criminal penalties for individuals and entities that knowingly offer, pay, solicit, or receive bribes or kickbacks or other remuneration in order to induce business reimbursable by Federal health care programs. See 42 U.S.C. 1320a7b(b). Civil penalties, exclusion from participation in the Federal health care programs, and civil False Claims Act liability may also result from a violation of the prohibition. See 42 U.S.C. 1320a7a(a)(5), 42 U.S.C. 1320a7(b)(7), and 31 U.S.C. 37293733. \26\ The physician selfreferral law, 42 U.S.C. 1395nn (also known as the ``Stark law''), prohibits a physician from making a referral to an entity with which the physician or any member of the physician's immediate family has a financial relationship if the referral is for the furnishing of designated health services, unless the financial relationship fits into an exception set forth in the statute or implementing regulations.
\27\ See Appendix B for additional information on the anti kickback statute.

In particular, arrangements with hospitals, hospices, nursing facilities, home health agencies, durable medical equipment suppliers, pharmaceutical manufacturers and vendors are areas of potential concern. In general the antikickback statute prohibits knowingly and willfully giving or receiving anything of value to induce referrals of Federal health care program business. It is generally recommended that all business arrangements wherein physician practices refer business to, or order services or items from, an outside entity should be on a fair market value basis.\28\ Whenever a physician practice intends to enter into a business arrangement that involves making referrals, the arrangement should be reviewed by legal counsel familiar with the anti kickback statute and physician selfreferral statute.
\28\ The OIG's definition of ``fair market value'' excludes any value attributable to referrals of Federal program business or the ability to influence the flow of such business. See 42 U.S.C. 1395nn(h)(3). Adhering to the rule of keeping business arrangements at fair market value is not a guarantee of legality, but is a highly useful general rule.

In addition to developing standards and procedures to address arrangements with other health care providers and suppliers, physician practices should also consider implementing measures to avoid offering inappropriate inducements to patients.\29\ Examples of such inducements include routinely waiving coinsurance or deductible amounts without a good faith determination that the patient is in financial need or failing to make reasonable efforts to collect the costsharing amount.\30\
\29\ See 42 U.S.C. 1320a7a(a)(5).
\30\ In the OIG Special Fraud Alert ``Routine Waiver of Part B Copayments/Deductibles'' (May 1991), the OIG describes several reasons why routine waivers of these costsharing amounts pose concerns. The Alert sets forth the circumstances under which it may be appropriate to waive these amounts. See also 42 U.S.C. 1320a 7a(a)(5).

Possible risk factors relating to this risk area that could be addressed in the practice's standards and procedures include:

In order to keep current with this area of the law, a physician practice may obtain copies, available on the OIG web site or in hard copy from the OIG, of all relevant OIG Special Fraud Alerts and Advisory Opinions that address the application of the antikickback and physician selfreferral laws to ensure that the standards and procedures reflect current positions and opinions.
\33\ Physician practices should establish clear standards and procedures governing giftgiving because such exchanges may be viewed as inducements to influence business decisions.

2. Retention of Records

In light of the documentation requirements faced by physician practices, it would be to the practice's benefit if its standards and procedures contained a section on the retention of compliance, business and medical records. These records primarily include documents relating to patient care and the practice's business activities. A physician practice's designated compliance contact could keep an updated binder or record of these documents, including information relating to compliance activities. The primary compliance documents that a practice would want to retain are those that relate to educational activities, internal investigations and internal audit results. We suggest that particular attention should be paid to documenting investigations of potential violations uncovered by the compliance program and the resulting remedial action. Although there is no requirement that the practice retain its compliance records, having all the relevant documentation relating to the practice's compliance efforts or handling of a particular problem can benefit the practice should it ever be questioned regarding those activities.

Physician practices that implement a compliance program might also want to provide for the development and implementation of a records retention system. This system would establish standards and procedures regarding the creation, distribution, retention, and destruction of documents. If the practice decides to design a record system, privacy concerns and Federal or State regulatory requirements should be taken into consideration.\34\
\34\ There are various Federal regulations governing the privacy of patient records and the retention of certain types of patient records. Many states also have record retention statutes. Practices should check with their state medical society and/or affiliated professional association for assistance in ascertaining these requirements for their particular specialty and location.

While conducting its compliance activities, as well as its daily operations, a physician practice would be well advised, to the extent it is possible, to document its efforts to comply with applicable Federal health care program requirements. For example, if a physician practice requests advice from a Government agency (including a Medicare carrier) charged with administering a Federal health care program, it is to the benefit of the practice to document and retain a record of the request and any written or oral response (or nonresponse). This step is extremely important if the practice intends to rely on that response to guide it in future decisions, actions, or claim reimbursement requests or appeals.

In short, it is in the best interest of all physician practices, regardless of size, to have procedures to create and retain appropriate documentation. The following record retention guidelines are suggested:

After the audits have been completed and the risk areas identified, ideally one member of the physician practice staff needs to accept the responsibility of developing a corrective action plan, if necessary, and oversee the practice's adherence to that plan. This person can either be in charge of all compliance activities for the practice or play a limited role merely to resolve the current issue. In a formalized institutional compliance program there is a compliance officer who is responsible for overseeing the implementation and day today operations of the compliance program. However, the resource constraints of physician practices make it so that it is often impossible to designate one person to be in charge of compliance functions.

It is acceptable for a physician practice to designate more than one employee with compliance monitoring responsibility. In lieu of having a designated compliance officer, the physician practice could instead describe in its standards and procedures the compliance functions for which designated employees, known as ``compliance contacts,'' would be responsible. For example, one employee could be responsible for preparing written standards and procedures, while another could be responsible for conducting or arranging for periodic audits and ensuring that billing questions are answered. Therefore, the compliancerelated responsibilities of the designated person or persons may be only a portion of his or her duties.

Another possibility is that one individual could serve as compliance officer for more than one entity. In situations where staffing limitations mandate that the practice cannot afford to designate a person(s) to oversee compliance activities, the practice could outsource all or part of the functions of a compliance officer to a third party, such as a consultant, PPMC, MSO, IPA or thirdparty billing company. However, if this role is outsourced, it is beneficial for the compliance officer to have sufficient interaction with the physician practice to be able to effectively understand the inner workings of the practice. For example, consultants that are not in close geographic proximity to a practice may not be effective compliance officers for the practice.

[[Page 59442]]

One suggestion for how to maintain continual interaction is for the practice to designate someone to serve as a liaison with the outsourced compliance officer. This would help ensure a strong tie between the compliance officer and the practice's daily operations. Outsourced compliance officers, who spend most of their time offsite, have certain limitations that a physician practice should consider before making such a critical decision. These limitations can include lack of understanding as to the inner workings of the practice, accessibility and possible conflicts of interest when one compliance officer is serving several practices.

If the physician practice decides to designate a particular person(s) to oversee all compliance activities, not just those in conjunction with the auditrelated issue, the following is a list of suggested duties that the practice may want to assign to that person(s):

Each physician practice needs to assess its own practice situation and determine what best suits that practice in terms of compliance oversight.

Step Four: Conducting Appropriate Training and Education

Education is an important part of any compliance program and is the logical next step after problems have been identified and the practice has designated a person to oversee educational training. Ideally, education programs will be tailored to the physician practice's needs, specialty and size and will include both compliance and specific training.

There are three basic steps for setting up educational objectives:

Training may be accomplished through a variety of means, including inperson training sessions (i.e., either on site or at outside seminars), distribution of newsletters,\36\ or even a readily accessible office bulletin board. Regardless of the training modality used, a physician practice should ensure that the necessary education is communicated effectively and that the practice's employees come away from the training with a better understanding of the issues covered. \36\ HCFA also offers free online training for general fraud and abuse issues at http://www.hcfa.gov/medlearn. See Appendix F for additional information.

1. Compliance Training

Under the direction of the designated compliance officer/contact, both initial and recurrent training in compliance is advisable, both with respect to the compliance program itself and applicable statutes and regulations. Suggestions for items to include in compliance training are: The operation and importance of the compliance program; the consequences of violating the standards and procedures set forth in the program; and the role of each employee in the operation of the compliance program.

There are two goals a practice should strive for when conducting compliance traini

FOR FURTHER INFORMATION CONTACT

Kimberly Brandt, Office of Counsel to the Inspector General, (202) 6192078.