Our journey, from the conception of a compliance strategy for our company, to developing a full-fledged culture and integrating it completely with operations might be of some value to others. Let me share a little of what the journey was like. It was circa 2004 that I asked a known professional who had audited charts for First Coast (the Florida intermediary for Medicare) and had worked for various hospitals and auditing firms to join us. She had helped us in Optimum Health Care, Inc., an HMO we had started. I asked her to be our Compliance Officer.
Initially, she seemed skeptical. And I confessed that I felt that initially there would be much resistance from our providers since compliance would be painful, at least in the beginning. We agreed that despite the monumental task ahead in a company of nearly 100 employees, it was a worthwhile activity. We were standing in the parking lot of a restaurant, I still remember, and we agreed that we believed in the project.
The next few months were hard as she started building a compliance program. Compliance with what? OSHA, HIPAA, Fraud, Waste and Abuse laws and regulations, coding, billing, and what do you mean that my progress notes have to have specific things in them and I have to sign using my credentials? “Who says I have to do these things?” demanded the providers. The answer always came back to CMS and the “source” documents, the Pub 100, the AHA, the AMA, and other regulatory bodies. The providers and the company had enrolled in the Medicare program and did not know everything that this entailed.
So where to start? Although compliance was not a requirement at the time, the OIG had published some clear and easy to digest guidelines that they felt would become part and parcel of a mandatory compliance program very shortly, so that is where we started. We already had decided that we needed a compliance officer who would work independently of the other departments and whose sole responsibility would be to create the program and run it, but we had not formulated policies and procedures to run the company. That part was step 2 of the OIG plan, create the P&P against which you will be held accountable. In creating the policies and procedures we quickly learned that having them and not following them was a far worse crime than not having them at all. It was time for all hands on deck.
As you can see from the above, it started, well, with everything. How was it all supposed to work and what regulations and laws were we being held accountable for being compliant with? We had lively discussions on everything from who could legally start IVs in the office to the difference between passing a fire department inspection as opposed to one by OSHA. Did I say discussions? They were frequently hot and passionate. But we eventually worked it all through. Communication and understanding that which was being asked of us was key. It was and continues to be a learning process. The more we knew, the more we needed to learn. We created a regulatory auditing body that used 93 item audit tools that we had created and we began quarterly regulatory audits of every office in the company. This body looked at everything from labor law posters to medical records and everything in between. It became a sort of a competition between offices to see who would “own” the most compliant office trophy for the quarter. This still exists today.
When it came to Fraud, Waste, and Abuse, there was very good educational material available free from CMS but no one had taken advantage of it. Providers knew nothing about the elements of a progress note, coding, billing, or even how the reimbursement systems worked. We were just getting started, along with everyone else in the MRA system in managed care. So that led to trying to come up with a way to find and then to follow the absolute definitive source of the coding guidelines and not to listen to all of the outside consultants that were there to “help” us. We listened to what they had to say, but then we went back to the “source” documents to verify. Since our compliance officer was, herself a certified coder, we were ahead of the game. And we found that there was a lot of incorrect information “out there” disguised as our support from the field. Some of those companies are no longer in business. Some people paid big penalties. Thank goodness we “measured twice and cut once” with everything we did.
The compliance officer’s approach was to remove any question that might be asked by a CMS or other like auditing body. Her feeling was that if we always use their tools to perform the function and then train our people from our internal findings, we would always be standing on both of our legs all the time. Finding the right coders and auditors became key. The coders were trained in First Coast’s auditing algorithm to assess the level of claims and the auditors started reviewing charts to evaluate our compliance rates. Initially, there was much resistance. Some providers were so threatened that they asked the coders to leave their offices. Or worse, they were rude and insulting to them. And even worse, they left their offices when the auditor came at the scheduled times. They had to be convinced that this pain was for their good and that these coders were their firewalls. We held mini-workshops and presentations using all of the training materials readily available from CMS. And we started tracking our compliance. Within a few months we had a team of about 40 coders working full time in our compliance department running 100% retro-review on all documentation and coding. From there, in 2009, we decided that concurrent review was the more logical approach. To send out billing that was correct before it went out was a dream that just made so much sense.
In 2010, the Affordable Care Act made it incumbent for all health care entities to start creating compliance programs. It became a requirement to have the exact program that the OIG had put guidance out for in 2000 (the one we had been following since the inception of our program) as a condition for participation in the Medicare program. We were already ahead of the game when the rest of the pack had to first figure it all out to stay in the Medicare business.
Looking back, when we initially presented this initiative to our leadership in the corporate meetings, I was told to my face that I was an idiot for wasting our resources, that it was not mandated and this was all unnecessary. We were soon spending almost one hundred and fifty thousand dollars a month on compliance. And whenever our prominent providers saw this, they scoffed at me. And then “Wellcare” happened.
This is how it went down. Wellcare, during one of their internal audits, found that our IPA had the highest MRA scores in the region. They thought this was fraudulent behavior and stopped paying us. We appealed and they brought in their Special Investigations Unit. Their Vice President of Networks Development openly went about telling other IPAs that we would need to pay back 10 million dollars to Wellcare. After much back and forth, their SIU started reviewing our claims and we showed them our systems. After a few months, Wellcare realized that our claims were appropriate and it was their other IPAs that had under-billed. We didn’t look so “foolish” anymore.
Over the years we uncovered some pretty serious “stuff” that we are, to this day extremely glad that we were the ones that found them and fixed them. Over and over again we proved to ourselves and our detractors that the compliance culture was the exact way to go.
I remember getting a report that one of our Physical Therapists was openly boasting before the front staff of that office that he seldom saw certain patients and didn’t always perform all of the care in the plan of care during visits but he billed for all modalities. We had to involve a retired FBI official who, along with our compliance officer, under attorney-client privilege with our counsel interviewed all staff and reviewed all records. The therapist had to be let go and the whole department revamped. Money had to be paid back to the system. A rumor was spread that we were being investigated by the FBI. And my response was, “the FBI yes, but our own FBI. I would rather audit myself any day than create circumstances where Federal Agencies come and do so. And that we welcome audits and do not shy away from them.”
We also saw how the CEO of a Health Plan sweated bullets when CMS audited him for his 2011 HCC codes. Fortunately for us, we were ready and all our charts had the documentation needed to help the plan. We scored 100% with our audit with another local plan very shortly thereafter.
During this journey, as you saw in the above, we of course found things that had to be corrected. If you look, you will find it. And we knew we had to be the ones looking. In one case we realized that we had billed erroneously for radiology services for providers who did not yet have their Medicare numbers. After a deeper root-cause analysis, we found that the problem was in our credentialing system. We had to refund about 50,000 dollars to CMS and had learned our lesson regarding proper credentialing.
We came across situations that were sometimes bewildering. One of our providers was selling foreign currency in his office to our patients. He had read it in the Scripture that this currency was going to shoot up in value. We had to part ways.
We found another provider charging Medicare patients cash even though he already had a Medicare number. He was making them pay $150 per visit if they asked for marijuana but nothing was ever documented in the patient charts. We had to again part ways and find out what we needed to do to refund the patients who had paid in cash.
Another physical therapist threatened with a qui tam lawsuit complaining about errors in our treatment plans that she directed. We did a full audit with an outside consultant who reviewed all our policies and corrected the errors that had crept in due to misunderstanding of the law. We again had to refund the money collected erroneously.
Another provider created a racist atmosphere in his office which was offensive to other providers. We had to again educate, re-train, reinforce, and clean up whatever was non-compliant in our practice.
And then we found a provider getting paid from a company for using their product. The product was an artificial skin graft used for chronic ulcers. It was extremely expensive and he cost the company nearly $ 300, 000 by doing services which, in hindsight, may not have been needed. He was getting paid a kickback from the firm in the guise of “doing research”. The OIG discovered this one and asked us for information. This led to him being charged in a suit. We were surprised when we were told about the case, since we knew nothing about it and most of the information was shrouded in litigation. Needless to say, he lost his license for the next five years, his job, and his ability to support his wife and young children. This is the provider I used to advise constantly, “Do not think short term. Your license is the most precious asset you have. Do not jeopardize it.” He used to come up with one new brilliant scheme after another to make money and I would shoot them down each time. This time he forgot to ask me, I suppose.
Thus, the journey has been full of victories and failures. But we were able to turn the failures into victories with the help of a strong compliance program. We know that there is so much more to learn. That we will not be perfect. But we will always be willing to comply with the law. We will fix whatever has been done incorrectly and we have created a culture that requires complete adherence to our policies and procedures.
It remains a work in progress as medicine is always changing as do the rules. But at the heart of it all is the clear and constant understanding at the core and in the leadership of the company, which trickles down to all, that when you do things the right way in a transparent manner for the right reasons only good things can follow. When you ask for anyone and everyone to communicate to leadership when they think something is not right and you follow your plan, the one that demands compliance and the adherence to what is ethical and right, you get the chance to live your dream…….to enhance lives by providing the healing touch and to help make each other better people. Oh, and to sleep well at night because you have nothing to fear.