August 2010: Volume 36, Number 8
Lab Compliance Programs
What Does it Take to Stay Out of Trouble?
By Bill Malone
Each year in the U.S., healthcare payers process more than 5 billion claims, many of them coming from clinical laboratories. The Center for Medicare and Medicaid Services (CMS) pays a huge proportion of these claims, a fact that now makes this vast sea of paperwork look like a perfect opportunity for the federal government to squeeze out more dollars to pay for healthcare reform and control the budget deficit. But keeping up with all the elements of the federal government’s claims system can be quite a daunting task. Key to staying out of trouble in this new era of high scrutiny and aggressive investigation is a good compliance program. Labs that do not have such a program now will be under the gun to develop one, as language buried in the healthcare reform law has made such initiatives mandatory. For labs that already have a compliance program, experts are warning that new federal initiatives will require labs to move into high gear in this area, and merely token efforts will leave a lab exposed.
President Obama’s 2011 budget also includes elements that will put pressure on labs’ and other providers’ compliance programs. The budget boosts fraud-fighting capabilities by $250 million over 2010 levels, to $1.7 billion, with the aim of recovering nearly $10 billion through Recovery Audit Contractors (RAC), strike force teams from the Office of the Inspector General (OIG), and ramped-up computer capabilities to catch problems with claims. In addition, the healthcare reform law has its own fraud-fighting provisions, including new authority for OIG to investigate private payers, increased penalties for making false statements, and a demand that overpayments be reported and repaid within 60 days of discovery.
These trends mean labs must be vigilant in their compliance with federal and state laws, making sure their compliance programs are good enough to keep them off the radar of regulators, said Greg Root, Esq., during a recent webinar titled “Maximizing Your Reimbursement Through Better Compliance,” jointly sponsored by AACC and the American Society for Clinical Laboratory Science (ASCLS). Root is chief operating officer and general counsel of CodeMap, LLC.
“A good compliance program has to be a living thing. As the healthcare reform law demonstrates, Congress is constantly tinkering with healthcare, and I don’t think that will change any time soon, so labs must keep up with all of these changes,” he said. “The more funding these agencies have, the more time and effort they will put forth not only towards enforcement actions, but also advisory opinions, fraud alerts, and other information labs should be alert for.”
Effective vs. Paper Programs
Fortunately for labs, OIG spelled out what it expects from labs in a compliance program guidance document issued more than 10 years ago. The hard part isn’t knowing what to do, but making sure the program actually works as it’s supposed to—not just a so-called paper program that no one bothers to review, revise, or implement, explained Brad Bowman, MBA, a director in the PricewaterhouseCoopers health industries practice.
“After OIG issued the model compliance guidance for labs in 1997, many labs ran around putting together binders of policies, but then they just let them sit on the shelf,” Bowman said. “However, if a lab doesn’t truly apply and function within those policies, regulators see that as a deceptive program, as if you’re trying to pull the wool over the eyes of the federal government. If you have a program that exists solely on paper, it’s like you’ve said ‘yes, we want to check that box, but we really don’t want to live that in our day-to-day lives,’ and that’s the exact opposite of the approach that the federal government is looking for. They’re looking for organizations to systematically identify and correct errors within a robust, comprehensive program.”
In its guidance for clinical labs, OIG sets forth seven basic elements it expects from any compliance program that includes documentation requirements and an emphasis on internal monitoring and prompt corrective action to deal with any errors or violations. The meat of the required policies covers marketing plans, Current Procedural Terminology (CPT) and Healthcare Common Procedure Coding System (HCPCS) coding issues, ICD-9 diagnosis coding, and improper claims submission (See Box, below).
While it’s relatively easy to spell out policies and document them, what makes or breaks a compliance program are the monitoring and education elements, emphasized Root.
“OIG has warned in the past that creating a policy and just letting it sit on a shelf is actually demonstrating a bad faith effort, and even worse than doing nothing at all,” he said. “For OIG, the true indication that you have an effective program is evidence that you’re performing the ongoing auditing and training—those are the two key issues.”
The purpose for putting together a compliance program is not only to reduce the chance of error or fraud, but also to mitigate a lab’s risk when some errors inevitably happen, Root explained. If some kind of fraud does take place in a lab and the organization ends up in court, federal guidelines provide more lenient penalties for organizations that continue to maintain an effective compliance program. Moreover, if a lab can demonstrate that it’s running an effective program, the federal government is much less likely to impose a corporate integrity agreement, essentially a forced compliance program run by the government, Root explained. “In that case, the lab could have OIG or CMS on site to monitor the program for it. And believe me, that’s the last thing you want to have to deal with,” he said.
A review of the OIG’s website on enforcement actions demonstrates that labs are frequently targets for anti-kickback violations and other problems. Yet, many labs still haven’t caught the necessary sense of urgency when it comes to their compliance program, Root noted. “Probably about 95 percent of labs will say they have an effective program, but whether it’s actually effective by OIG standards is a completely different question,” he said. “As a consultant, I’ve been in plenty of labs that claim to be operating such a program. Then when I get there and actually start doing a little digging around, it’s pretty obvious that they’re not following through and keeping the program alive.” Some of the worse cases he’s seen have been large medical centers that have an umbrella compliance program for the whole medical center, but the lab has not developed its own independent compliance program. “With so many unique issues in the lab and so many bills that go out, that really is a high-risk area that should be attended to,” he said.
Once a lab decides to get serious about its compliance program, managers have to focus on consistency and making it an essential consideration in daily operations. Often when a lab’s compliance program fails to live up to initial expectations, it’s because it never became part of the mission and culture of the organization, Bowman emphasized. “It’s that full effort on a day-in-day-out basis, baking it into the daily operations of the organization that makes the difference,” he said. “There are so many things that labs are busy with already, that if your compliance program is just another item on the to-do list, it won’t work. Every activity that you do should be done within the framework of, how am I going to show that our lab is doing the right thing when it comes to patient’s records, with regard to the policies and procedures we have in place, and how we bill and how we code?”
Lab Compliance Program Basics
The Office of the Inspector General (OIG), under the Department of Health and Human Services (HHS), published a comprehensive compliance program guidance for clinical labs that was revised in 1998. The 1998 guidance, which is still used today, outlines seven fundamental elements.
Labs should also review two other sets of compliance guidance documents from OIG, experts say: the 1998 guidance for hospitals, which affects hospital labs indirectly, as well as the 2005 supplemental program guidance for hospitals. The guidance documents are available on the OIG website.
Implement written policies, procedures, and standards of conduct
The program should have an exact effective date, as well as documentation of how the policies were approved and by whom. Other policies of the organization may need to be adjusted to account for a compliance program. Supporting documentation is also essential to demonstrate that the lab is abiding by the policy. All such documentation should be readily available and well-organized in case the effectiveness of the program is ever questioned.
Designate a compliance officer and compliance committee
OIG recommends that the chief compliance officer be supported by a committee. The committee should be composed of key members of management, including coding and billing, information systems, sales and marketing, and customer service. All the committee’s actions should be documented, including meeting minutes and how any problems are addressed.
Conduct effective training and education
Each employee must understand what his or her obligations and responsibilities are under the program, and personnel evaluations should include adherence to the program. OIG recommends all employees receive training in the program when they are hired, and then on a periodic basis thereafter. Training should cover fraud and abuse laws, coding requirements, claims, and marketing practices.
Develop effective lines of communication
Communication covers use of hotlines to report suspected fraud, as well as memos and newsletters to update employees. OIG recommends written confidentiality and non-retaliation policies to encourage open communication about any potential misconduct or to help an employee get clarification if confusion should arise about the lab’s policies and procedures. Transparency of the program is key. Some organizations publish the program online and make it available to the public.
Enforce standards through well-publicized disciplinary guidelines
The program should include a code of conduct that ensures that employees understand the rules and regulations that apply to their jobs, that they need to act in a legal and ethical manner regarding all rules and regulations, and that they have an obligation to report anything suspicious to the compliance officer. OIG recommends written policies for disciplinary actions if employees fail to comply, from oral warnings up to termination. Employers also must perform background checks on all employees, for which OIG has created two searchable databases (See Box, Resources, below).
Conduct internal monitoring and auditing
An annual compliance audit should be standard, along with a report at the end of the process that states what was done, how, and the outcome. Monitoring should include a coding audit, post-payment review, and a look at test utilization, as well as close scrutiny on a continuing basis by the chief compliance officer. Progress on areas that need improvement must be documented.
Respond promptly to detected offenses and develop corrective action
The lab must follow through when a problem is discovered. If it’s a matter of overpayment, the lab should let the payer know that the refund is being made according to their compliance program, offer a description of the circumstances surrounding overpayment, and information about the claim itself and how the overpayment was discovered. For more serious violations of the law, a report to OIG may be necessary, for which OIG runs a voluntary self-disclosure program.
OIG Compliance Guidance for Labs and Hospitals
Correct Coding Initiative and Medically Unlikely Edits Updates
HCPCS Quarterly Update
OIG List of Excluded Individuals and Entities
General Service Administration’s List of Excluded Parties
Get Billing and Coding in Order
Beyond kick-backs and other kinds of egregious and obvious fraud, labs tend to have the most trouble with coding and billing. One problem is simply not following up on denials, said Root. “If it’s getting a high level of denials, the lab needs to know why, and then appeal those denials if it believes the claims are correct,” he said. “It’s still frightening how many claims people just write off or don’t attend to if they get denied. And often times it’s things as simple as not putting the right demographic information down about the patient.” If a lab can get the appropriate missing information, it can resubmit the claim and usually that’s the end of the matter. In fact, CMS does not look unfavorably upon labs that resubmit claims or request an appeal when it’s not clear why a claim was denied. A good compliance program will monitor denials and craft policies that can both save a lab money and maintain a good relationship with the local administrative contractor handling Medicare claims.
Root also strongly cautioned labs about limiting physician choice or pushing physicians to order certain tests over others. “Whether you are using paper requisitions or electronic systems, you need to ensure that physicians can order whatever they feel is medically necessary,” he said. “You can’t steer providers into ordering certain test combinations or test panels.” Labs should make sure that all the component tests are listed for each panel so that physicians know exactly what they’re ordering. In addition, labs must allow physicians to order any component tests individually.
Part of the OIG guidance recommends that labs indicate exactly which CPT code is used for each procedure or panel, even if it seems well-known, such as a basic metabolic panel, and especially if it’s customized. OIG also strongly recommends that labs send out a statement reminding physicians that Medicare only pays for medically necessary tests and that ordering an unnecessary test could be considered a violation of the civil False Claims Act.
Clarity in coding and good communication with physicians can also prevent problems with one of the newest government auditing tools, RACs. RACs engage in data mining to find overpayments, and also can request records from a provider for detailed analysis in an effort to find problems. So far, industry observers note that RACs have been focused on ordering systems.
An example of the kind of ambiguous coding that labs can get in trouble with is the ubiquitous complete blood count (CBC), Root explained. Most labs would perform a CBC with automated differential, under the assumption that this is what most physicians want. However, a RAC review would look for proof that the physician clearly ordered both a CBC and differential. In this case, the remedy is to make sure the coding on the test order that the physician uses clearly shows a CBC with differential.
Labs also need to get serious about not filing claims or performing tests when there are any doubts about what was ordered or any other variable, Root said. “You absolutely cannot make up diagnosis information from earlier patient encounters; it has to come from the physician. It must be contemporary information from the ordering situation at hand,” he said. “Labs also need policies for any time a test cannot be performed, such as when there is an inadequate specimen or ambiguous test order. The lab has to stop that order in the system right away and make sure to go back and either get an adequate specimen or clarify the order before moving forward.”
Developments in information technology such as electronic medical records (EMR) and the new ICD-10 coding system will also require labs to revisit their compliance programs, and will make compliance run smoother in some ways, but add risk in others, said Bowman. For example, EMRs allow electronic physician order entry, which can help clarify the ordering process and give the lab more information about each order. “The other edge of that sword is that if labs are going to have access to that information, so will those government entities who are looking to check on the compliance of those labs,” Bowman noted.
The U.S. will begin official use of ICD-10 on October 1, 2013, another factor that will have an impact on compliance programs. “ICD-10 adds an additional level of refinement that is more exacting. And as such, it should help laboratories make sure that they’re coding most appropriately for their services and show that necessity for that test exists,” Bowman said. “At the same time, it will mean that labs are going to have to closely align the services that they’re providing with that information. What may have been a gray area on whether certain lab tests were necessary—with the additional definitions and the more detailed descriptions that are going to be available through ICD-10 in the medical record—now you’re going to have to be more precise.” It means that the labs will need to be more diligent, but they’ll also have a more exact idea of what’s appropriate and what’s not, he added.
Everyone is Involved
As labs prepare for a new era of heightened scrutiny by regulators and higher expectations from providers, experts underscore the need for everyone in the lab to be a part of the compliance program and fully understand their obligations. “Coding, billing, sales and marketing are your high-risk areas, but a good compliance program is going to have the involvement of every department,” said Root. “Everyone has to know that if they see something that they think is suspicious they have an obligation to report that to the compliance officer.”
Root also recommends that, while labs may be able to put together good compliance programs on their own, it’s very important to get periodic outside review. “At least every other year, you need outside eyes to take a look at your program so you don’t get stuck in your own world and not notice what else is going on,” he said.
Available from AACC
“Maximizing your Reimbursement Through Better Compliance,” a webinar jointly sponsored by AACC and the American Society for Clinical Laboratory Science (ASCLS), featured presentations from Charles Root, PhD and Greg Root, Esq. of CodeMap, LLC.
For more information or to purchase, search the AACC online store for product ID 6185.