Excessive dependence on policies and procedures is not the best route to an effective compliance program. Employees may tune out the larger messages and never get a sense of the spirit of compliance, says Minneapolis attorney David Glaser.

“What happens when the Crown Victoria pulls up to an organization and agents with short haircuts get out to ask whether it is in compliance? That’s the test of a compliance program,” he says. Organizations should live by simpler principles: only ask for reimbursement you earned; refund money for services you didn’t perform; and “when there is a very clear rule prohibiting [something], a refund may be necessary,” he says. But “rules and policies are different. You don’t have to write all the rules.”

Other assumptions about compliance programs may need some rethinking. “You have to separate fact from fiction in the compliance process,” says Glaser, with Fredrikson & Byron. “To be effective in compliance, you have to doubt what you hear. Everyone should be a cynical consumer of advice.” It’s not easy, though, because people have incentives to make assumptions. For example, private insurers may deny coverage for services and then refuse to back up their position with the rules, saying they are proprietary, Glaser says. That happened in five states, when insurers insisted that the urinalysis was included in payments for physician office visits. He had to take the cases to state insurance commissioners. “We fought and won,” he says. “We threatened to go to court and they caved.”

Also, lawyers may be inclined to say “no” to a provider’s proposal because it’s the path of least resistance. But require attorneys to support their positions with Medicare statutes, regulations or manuals. “Just because they sound smart doesn’t mean they are right,” Glaser contends. Do the same for Medicare contractors or auditors who have an incentive to insist something is an overpayment even when there is no dictate, he says. Even trade groups may have an agenda on specific issues.

And don’t take comfort in the fact that lots of people are billing and documenting the same way or cutting the same physician deals, Glaser says. In fact, it should be cause for worry. He contends that “dumb rules” are being enforced.

Glaser also disputes CMS’s program-integrity mantra — “if a service wasn’t documented, it wasn’t performed.” It’s an abstract idea not grounded in Medicare laws or regulations, so hospitals should consider appealing claims denied for insufficient documentation if they believe the services were provided, he says. In fact, Glaser says he is making headway with administrative law judges (ALJs) by submitting evidence that services were provided even though they were not documented according to Medicare’s evaluation and management (E/M) documentation guidelines, which is the gold standard (RMC 6/22/09, p. 1). Glaser isn’t advising anyone to ignore Medicare documentation guidelines; just don’t assume you have to throw in the towel if documentation is lacking. If the services were provided as billed (under-documented), there are other forms of proof, such as appointment schedules and patient interviews.

Here’s Glaser’s advice for making some of the seven elements of a compliance program work better:

• Policies and procedures: “I am not a big fan of having a lot of policies,” he says. For one thing, “I have seen too many investigations where the government said ‘you violated your own policy.’” It’s not easy to craft a policy that prevents misconduct or takes into account all variables. For example, a policy may require physicians to code their own services. But physicians code only evaluation and management services and not diagnoses. Does that mean they violated the organization’s policy? Also, the more policies you write, “the lower the odds that people will read them,” he says. Glaser recommends having a few short policies that state, for example, the importance of selecting codes that accurately describe the services you provided. Organizations can say simple things like this, he says: “To use an inaccurate code may be a crime. As a result, everyone involved in coding procedures should be aware of the proper code for procedures. Similarly, Medicare often assumes that any service that is not documented in the medical record never happened. As a result, if the chart does not contain sufficient documentation, the government will presume the procedure was miscoded. Legally, it is not true that a failure to comply with the documentation guidelines automatically renders a claim false. However, because the guidelines create a safe harbor, ABC Hospital will strive to ensure that all documentation meets the guidelines.”

• Oversight by high-level personnel: Conventional wisdom is that CFOs should not serve as compliance officers because CFOs err on the side of generating and keeping payments. But “I don’t fret about it if the CFO is the best person to do the job,” Glaser says. The penalties associated with false claims can ruin an organization, so he thinks CFOs can keep a clear head.

• Don’t give responsibility to people with a propensity to engage in illegal activities: That means, of course, screening employees for Medicare exclusions and other sanctions. Notwithstanding the advice from some quarters, Glaser says it’s probably enough to screen people at hiring and then annually. He wouldn’t generally recommend monthly screening or even twice a year. Also, compliance should be a factor in employees’ evaluations to make sure they know the importance of behaving in a compliant fashion and to elicit feedback. “Many enforcement actions come up with people who push the envelope,” he says. For example, people in a clinic may know a certain physician is exaggerating his services, but they’re too scared to talk. That will reflect badly on everyone when the physician’s behavior comes to light, but the issue may come out in performance reviews or exit interviews.

• Training: While orientation and annual training are a mainstay of compliance programs, Glaser encourages compliance officers to count other kinds of learning in the training requirement (e.g., webinars and reading materials) — though it can be a challenge for organizations to track them. It’s also important for training to address the difference between fraud and mistakes and to emphasize that it isn’t worth taking risks for the sake of reimbursement. But reassure employees they aren’t going to wind up in jail, Fraser says. “People who go to prison are the ones who profit illegally, not coders who made errors or even who changed the physician’s 99214 to a 99215 at the insistence of a supervisor,” he says. “A lot of compliance is calming people down” and disabusing them of the notion they need coding insurance.

• Monitoring: There’s debate over the relative merits of internal versus external reviews. Managers may think external reviews are more credible, but internal reviews keep costs down. A combination is probably the best idea, Glaser says. He tells the story of a clinic that had a robust compliance program, but overlooked the hospital side of its physician visits. The internal auditor didn’t pull hospital charts and failed to notice when a physician billed for a visit even though the patient wasn’t in his hospital bed at the time. The physician left a note on the pillow saying “sorry I missed you” and billed a level two E/M service; it was caught by an external auditor.

• Reporting potential compliance issues: Glaser recommends having formal and informal mechanisms for reporting problems, and making it clear to employees that reports can run the gamut (i.e., from billing errors to dumping medical waste) and that the company has their back. The number of hotline calls does not necessarily correlate to an effective compliance program. In fact, recent research shows most employees favor reporting to supervisors and other managers (RMC 3/5/12, p. 1). Organizations may be comfortable with their open-door policy, which is fine as long as employees know they won’t face retaliation, Glaser says, but the government may be skeptical that your culture is ethical and compliant in the absence of hotline calls.

• Enforcement through discipline: Employees will make mistakes but it doesn’t mean they should be fired. Instead, appropriate discipline can include coaching and financial incentives to improve coding. However, it’s the “repetition of error” without consequence that “doesn’t sit well with the government,” Glaser says. More serious discipline should be reserved for people who make the same mistakes repeatedly or who fail to detect them, he says.

© 2012 by Atlantic Information Services, Inc. All Rights Reserved.

Get instant compliance news! Follow AISCompliance on Twitter or “Like” AISHealth on Facebook.