stethoscope placed on a report containing data

Creating a Culture of Compliance in 2022-2023

Times have and continue to change and with that comes the need for healthcare organizations to evolve and at a minimum keep pace with the government and commercial payors. The truth is, keeping pace is not enough, we need to be 2-steps ahead to ensure we are maintaining compliance. This week I am in Baltimore where I was privileged and honored to present for the American Health Law Association (AHLA) Fraud and Compliance Forum! During the opening session, which was moderated by AHLA, CEO David Cade, Inspector General Christi Grimm, and Assistant Attorney General Kenneth Polite kicked things off with a panel discussion on enforcement. Nothing they spoke about was a real surprise to those of us who follow what DOJ and OIG are doing on a regular basis and given the hyper state of audits and investigations taking place, but there were some things said that are noteworthy takeaways. 

Inspector General Grimm talked about the critical importance of “knowing your data because the government does” and the fact that audits are continuing and it is full steam ahead to ferret out Fraud, Waste, and Abuse! They intend to focus on Covid Related Services, Telehealth, DME, Infusions, Skilled Nursing Services, and documentation audits… 

The most profound comments came from Assistant Attorney General Polite. He was clear that DOJ is focused on compliance (He is a former Chief Compliance Officer) so much that they are now putting a certification statement to be signed by the CEO and Chief Compliance Officer (CCO) of the organization into all settlement agreements. “The DOJ wants to be sure all CCOs have a seat at the table and that their voice is being heard”. His most profound statement was this, “Healthcare organizations should spend money upfront and often on building a culture of compliance. You can either spend a little upfront or a lot on the backend”. 

I am a big fan of Mr. Polite, every speech he has given is clear and concise and his message is consistent! He very well could be the next Attorney General.

This year (2022) and moving into 2023, healthcare organizations (Hospitals, Health Systems, and Physician Groups/Practices) must focus on creating a “Culture of Compliance” to ensure effectiveness and efficiency. However, focusing on “Compliance” only approaches, leaves healthcare organizations exposed to areas of liability often far more than what they could ever imagine or even what they are willing to tolerate. In 2023, you will need to walk through your compliance program and determine how to shift from a compliance-only approach to a “Risk-Based” approach. This will require your compliance team to focus on areas often ignored, those that leave your compliance program exposed to the threats of government agencies, and their investigators. Regardless of the size of your organization, this shift in thinking and in carrying out functions of compliance is a must to ensure you are covering your assets. 

To set yourself on the right course of how to approach compliance you must first define it. Keep in mind we are talking about compliance within healthcare, which is different from any other industry, so when we talk about healthcare compliance it is important to understand that it is the process of following rules, regulations, laws, acts, and statutes, that relate to healthcare practices. Healthcare organizations are held to very strict standards from the federal and state levels and violating these can result in litigation, payment suspensions, revocations, significant fines, loss of licenses, and exclusion.

Just how important is Risk Based Auditing? Well, I tend to take my lead from CMS when it comes to audit risk. In 2011, CMS implemented a new fraud, waste, and abuse detection model called the Fraud Prevention System (FPS). Here is how CMS described the FPS in their 2014 report to Congress; “The Fraud Prevention System (FPS) is the state-of-the-art predictive analytics technology required under the Small Business Jobs Act of 2010 (SBJA). Since June 30, 2011, the FPS has run predictive algorithms and other sophisticated analytics nationwide against all Medicare fee-for-service (FFS) claims prior to payment. For the first time in the history of the program, CMS is systematically applying advanced analytics against Medicare FFS claims on a streaming nationwide basis as part of its comprehensive program integrity strategy.” 

Basically, CMS has sent a message to healthcare providers that says, “we have upped the ante, now it’s your turn.” We are being given more than just a hint to move towards a more sophisticated method for determining which of our claims may be most at risk for improper coding and billing. We are being given a mandate. In fact, in that same report, CMS boasted that they prevented nearly $1 billion in payments from going out and that doesn’t even address how much they recouped through their pay and efforts.  

What providers need to understand is that 100% of all Medicare fee-for-service claims are now being processed through these predictive algorithms prior to payment. What risk-based auditing does is allow us to see what we look like to those algorithms, so to speak. In essence, if we want to see what the auditors see before they come knocking on our doors. 

The days of conducting random probe audits and assigning fixed annual chart review requirements have gone with the past. These methods aren’t just inefficient and inaccurate, they are useless. In fact, a case can be made for doing nothing over random probe audits as they most will often miss some 90% of risk opportunities. 

While methods and algorithms will improve with time, the fact is, risk-based auditing, in whatever final form, is here to stay.

The other critical aspect of your compliance program is the coding and documentation of professional services rendered to patients by your providers and how you are defining Medical Necessity and other compliance components such as the Reasonable and Necessary Standard. Focus on Medical Necessity, make sure you understand how to define it and more importantly, how it’s defined by CMS and Private Payors…

At the end of the day how you structure your OIG Compliance Program will have a significant impact not only on your operations but on how the government looks at you and what their position will be during an investigation whether they will structure a plea agreement or proceed with prosecuting the case. Take the time to review the Criminal Justice Division document “Evaluation of Corporate Compliance Programs” as this is really a prosecutor’s playbook and roadmap. Make sure you understand how to structure an effective Risk Based Internal Audit (RBIA) Process via the establishment of a Risk Assessment (RA) because your compliance programs are no longer solely based on the “Seven Elements” to an Effective Compliance Program. 


By Sean M. Weiss, Partner & Chief Compliance Officer, DoctorsManagement, LLC

Sean has dedicated his career to helping healthcare facilities reduce the risk of non-compliance and achieve measurable financial results. An accomplished compliance and management professional, with extensive knowledge of the inner workings of government agencies at both the federal and state level, including the Office of Inspector General, Department of Justice, and The United States Attorney’s Office. Sean has been recognized time and again by clients for successfully protecting their organization from unwarranted penalties and ensuring they receive due process. He is a consulting and testifying expert in federal civil and criminal trials. In his medical audit appeal defense work, Sean and his team of auditing and compliance experts have a proven record of success. Sean develops comprehensive, customized compliance plans, and serves as a third-party compliance consultant to ensure that client compliance is absolute.

About DoctorsManagement

DoctorsManagement, founded in 1956 is a full-service healthcare consultancy supporting medical organizations of all sizes and specialties in all 56 States and Territories of The United States. We specialize in mitigating financial loss and compliance risk(s), improving patient engagement and satisfaction, and reducing the overall stress of running a healthcare organization. Through a collaborative approach with our team of healthcare professionals possessing niche expertise in management/operations, regulatory compliance, data analytics, coding/billing, and auditing services, and strategic litigation defense services, clients are supported through all aspects of healthcare operations. | 800.635.4040

Call Us (800) 635-4040