The following information is a result of excerpts from guidance documents from HCFA, other government agencies, and the Office of the Inspector General. PRACTICE NAME has been inserted for the name of the practice.


PRACTICE NAME has and will continue to be committed to the highest standards of integrity and accountability. PRACTICE NAME’s Compliance Plan was developed to ensure that spirit continues into the future. PRACTICE NAME’s Compliance Plan has the following objectives:

      1. First, this Compliance Plan, coupled with the Code of Business Conduct, establishes a tone for conducting business ethically as well as reinforces PRACTICE NAME’s commitment to integrity.

2. Second, the Compliance Plan provides a basis for PRACTICE NAME’s to implement the practices Code of Business Conduct.

3. Third, it identifies for PRACTICE NAME’s staff and business partners about how PRACTICE NAME’s sets expectations for compliance with existing laws and policies and subscribes to the accepted standards of business practice.

4. Fourth, the Compliance Plan complies with the federal law, which have been established regarding corporate compliance programs as well as with the Office of Inspector General’s (OIG’s) Compliance Program Guidance for physicians in small groups or private practice.

Structure of PRACTICE NAME’s Compliance Plan for Fraud and Abuse

While compliance with all laws is inherent in the PRACTICE’s Code of Business Conduct (“Code”), and has always been the standard by which the practice has operated, the following plan establishes the broad outlines of a specific Compliance Plan to address Medicare fraud and abuse laws. The structure of the Compliance Plan for fraud and abuse will establish a foundation for expansion of a formal compliance program into other areas.

No individual’s position or influence is considered more important than the goal of organizational integrity. Practice personnel are required as well as ethically obligated to report internally all potential violations of the Business Code or Compliance Plan. Failure to do so may constitute an actual violation of the Business Code or Compliance Plan. The Compliance Plan outlines a variety of methods available to the staff for reporting potential violations and/or to express concerns. It is our organizations duty to ensure we are protecting confidentiality of those staff members making known or sharing their concerns with the compliance department, where appropriate. The compliance department encourages reporting of potential violations when it is believed a potential abuse of the system is occurring, and personnel who openly and honestly report wrongdoing or raise concerns will be protected from retaliation at all costs.

1. Standards of Conduct

A. High Risk Areas
This organization’s Compliance Program will focus on the following high risk areas and then expand its scope into other areas as they are identified as potential high risk areas. Our practice shall establish written procedures in where appropriate and if necessary in different departments with responsibilities related to ensuring that the following illegal conduct does not occur:

1. Providing services which are not medically necessary.
2. Duplicate billing
3. Billing for items or services not actually rendered.
4. Failure to refund credit balances.
5. Knowing failure to provide covered services or necessary care to members of health maintenance organizations.
6. Unbundling of tests or services required to be billed together, at a reduced cost.
7. Violation of physician self-referral laws.
8. Patient dumping.
9. Upcoding.

Training and education will be developed as part of the compliance program and will be provided to all staff on an annual basis at a minimum and more as required.

B. Claims Submission Process

1. With regards to insurance reimbursement claims, the written policies and procedures of our practice will reflect current federal and state statutes and regulations regarding the submission of claims.

2. The Compliance Officer of our organization will be responsible for establishing effective means for the coding/billing and reimbursement staff to communicate effectively with all medical providers who have the responsibility for CPT, HCPCS II and ICD-9CM throughout the organization including satellite sites if applicable. The Compliance Officer will have the responsibility of monitoring the effectiveness of the program and the mechanisms that have been put into place by meeting periodically with the Practice Administrator, Business Office Manager, Office Manager, Managing Physician Partner, and the Reimbursement specialists to determine whether they feel policies are appropriate, effective and being followed, as well as implementing other procedures for ensuring compliance company wide.

3. Claims submission policies and procedures should:

a. Ensure that all documentation is complete, accurate, and timely and that it exists in the medical record for all physician and other professional services prior to a claim being sent to the insurance company to ensure that only accurate and properly documented services are billed;

b. Emphasize that claims should be submitted only when appropriate documentation supports the claims and only when such documentation is maintained and available for audit and review;

c. Require that physician and medical notes be organized and in a legible form so they can be audited and reviewed. In the event documentation is missing, incomplete or illegible it the claim will be held until the issue(s) are resolved;

d. Indicate that the diagnosis and procedures reported on the reimbursement claim be based on the medical record and other documentation, and that the documentation necessary for accurate code assignment be available to coding staff; and

e. Compensation for coders/billers as well as billing consultants used in the practice should not provide any financial incentive to improperly upcode claims.

4. Close attention will be focused to issues of medical necessity, the importance of appropriate diagnosis codes, individual Medicare Part B claims (including evaluation and management service code selection).

5. PRACTICE NAME’s claims submission process shall focus on compliance in the following areas: This practice will comply with the Medicare and other private and commercial payer billing rules for outpatient services rendered in connection with an inpatient stay.

6. To the best of this practice’s ability, we will attempt to adopt the following measures:

A. Implementing a periodic manual review to determine the appropriateness of billing each office service claim, to be conducted by one or more appropriately trained individuals familiar with applicable billing rules. In addition to the pre-submission undertakings described above, this practice will attempt to implement a post-submission testing process, as follows:

1) implement a retrospective testing process that examines or re-examines previously submitted claims for accuracy;

2) when necessary to assure compliance with Medicare and other payer requirements, inform the carrier(s) and any other appropriate government fiscal agents of this practice’s testing process; and

3) advise carriers and any other appropriate government agents in accordance with current regulations or program instructions with respect to return of overpayments of any incorrectly submitted or paid claims and, if the claim has already been paid, promptly reimburse the carrier(s) and the beneficiary for the amount of the claim paid by the government payor and any applicable deductibles or copayments, as appropriate.

B. Submission of Claims for Laboratory Services

This practice shall take reasonable steps to ensure that all claims for clinical and diagnostic laboratory testing services are accurate and correctly identify the services ordered by the physician (or other authorized providers) and performed by the laboratory. The practice’s written policies and procedures will require, at a minimum, that:

1) bills for laboratory services will be generated only after they are performed;

2) The practice will bill only for medically necessary services;

3) The practice bills only for those tests actually ordered by a physician and provided by the practice’s laboratory;

C. The CPT or HCPCS II code used by the coding/billing staff accurately describes the service(s) that were ordered by the physician and performed by the practice’s laboratory.

      3. Coding/Billing Staff:

a. The practice will only submit diagnostic information obtained from qualified personnel;

b. The coders or billers will contact the appropriate personnel to obtain diagnostic information in the event that the individual who ordered the test has failed to provide such information.

c. Where diagnostic information is obtained from a physician or the physician’s staff after receipt of the specimen and request for services, the receipt this information will be documented and maintained.

D. Medical Necessity—Reasonable and Necessary Services:

1. This practice will establish written policies and procedures to ensure that claims are only submitted for services that the practice has reason to believe are medically necessary and those that were ordered by a physician or other appropriately licensed individual.

2. The practice will make medical necessity coding information available in all clinical areas and will make all reasonable efforts to provide training to ensure that all staff are familiar with appropriate coding. This practice will require proper documentation of all medical necessity. Physicians and other medical providers who do not comply with appropriate medical necessity requirements shall be subject to disciplinary actions.

E. Anti-Kickback and Self-Referral Concerns

1. This practice will establish a system that assures compliance with all federal and state anti-kickback statutes, as well as the Stark I, II and III physician self-referral laws. The goal of that system is to ensure that:

a. All of this practices contracts and arrangements with referral sources comply with all applicable statutes and regulations;

b. This practice does not submit or cause to be submitted to the federal health care programs claims for patients who were referred to our organization pursuant to contracts and financial arrangements that were designed to induce any referrals that would be in violation of the anti-kickback statute, Stark physician self-referral laws or similar federal and state statutes or regulations; and

c. The practice does not enter into financial arrangements with physicians that are designed to provide inappropriate remuneration to this practice in return for the physician’s ability to provide services to federal health care program beneficiaries.

F. Bad Debts

1. This practice’s policy is to review, at a minimum annually:

a. Whether it is properly reporting bad debts to Medicare;

b. All Medicare bad debt expense claims are reviewed and or audited, to ensure that this practice’s procedures are in accordance with all applicable federal and state statutes, regulations, guidelines and policies.

2. This practice will create a mechanism to ensure proper beneficiary deductible or co-payment collection efforts. Additionally, this practice regarding bad debts will not routinely or consistently waive Medicare co-payments and/or deductibles.

G. Credit Balances

1. This practice will develop procedures and policies to provide for the timely and accurate reporting of Medicare and other federal health care program credit balances.

2. The Compliance Officer will appoint at least one person as having the responsibility for the tracking, recording and reporting of credit balances.

H. Retention of Records

1. This practice’s document retention system will address the creation, distribution, retention, storage, retrieval, dissemination, and destruction of documents. The document retention system will address, among other documents:

a. All records and documentation, e.g., clinical and medical records and claims documentation, required either by federal or state law for participation in federal health care programs (e.g., Medicare’s conditions of participation requirement that clinic records regarding Medicare claims be retained for a minimum of five years, see 42 C.F.R. § 482.24(b)(1) and HCFA Hospital Manual § 413 (C)(12-91); and

b. All records necessary to protect the integrity of this practices compliance process and confirm the effectiveness of the program, e.g., documentation that employees are adequately trained;

c. Modifications to the compliance program; self-disclosures; and,

d. The results of this practice’s auditing and monitoring efforts.

I. Compliance as an Element of a Performance Plan

1. Promotion of, and adherence to, the elements of this practice’s Compliance Program shall be a factor in evaluating the performance of administrators, managers and supervisors. Those listed above as well as other employees will be periodically trained in new compliance policies and procedures as determined appropriate by the Compliance Officer. In addition, all administrators, managers and supervisors involved in the coding, claims submission processes should:

a. Hold discussions with all supervised employees regarding the compliance policies and legal requirements applicable to their specific job functions;

b. Inform all supervised personnel that strict compliance with these policies and requirements is a condition of employment; and

c. Disclose to all supervised personnel and to physicians and other medical providers that this practice will take any and all disciplinary action up to and including termination or revocation of privileges for violation of these policies, procedures or requirements.

2. Additionally, practice administrators, managers and supervisors will be subject to possible disciplinary action for failure to adequately instruct subordinates or for failing to detect noncompliance with applicable policies, procedures, and legal requirements, where reasonable efforts on the part of the administrator, manager or supervisor would have led to the discovery of any potential problems or violations and given the practice an opportunity to correct them in a more timely manner.

J. Compliance Officer and Compliance Committee

A. Compliance Officer

1. The physician leaders or if applicable the Board of Directors will appoint the practice Compliance Officer from the administrative staff of the practice. The Compliance Officer will report directly to the physician leader(s) or the Board of Directors, and will carry the responsibilities for reporting directly to the Executive Committee at least twice a year. The Compliance Officer’s primary responsibilities include but are not limited to:

      a. Performance of monitoring and the implementation of the compliance program;

b. Reporting on a regular basis to the practice’s Compliance Committee and Executive Committee on the progress of implementation, and assisting governing authorities to establish mechanisms to improve the practice’s efficiency and quality of services, and to reduce the practices potential vulnerability to fraud, abuse and waste;

c. Periodically revising the program based on newly published changes in governmental guidance and the needs of the organization, and in the law and policies and procedures of government and private payer health plans;

d. Developing, and participating in educational and training programs that focus on the elements of the compliance program, and ensure that all appropriate employees and management are knowledgeable of, and comply with, pertinent federal and state standards;

e. Ensuring that independent contractors and agents who furnish medical services for the practice are aware of the requirements of the practice’s Compliance Program with respect to coding, billing, and marketing, among other others;

f. Coordinating personnel issues with the practice’s administrator, manager, Human Resources Department or medical staff office to ensure that the National Practitioner Data Bank and Cumulative Sanction Report have been checked with respect to all employees, medical staff and independent contractors;

g. Assisting the Practice Administrator and management in coordinating internal compliance reviews and monitoring activities, including periodic reviews of departments;

h. Independently investigating and acting on matters related to compliance, including the flexibility to design and coordinate internal investigations (e.g., responding to reports of problems or suspected violations) and any resulting corrective action with all departments, providers, related facilities, agents and, if appropriate, independent contractors; and

i. Developing policies, procedures, and programs that encourage administrators, managers and employees to report suspected fraud and other improprieties without fear of retaliation by management.

B. The Compliance Officer has the authority and the obligation to review any and all documents and other information relevant and applicable to compliance activities, including, but not limited to, patient records, billing records, and records concerning the marketing efforts of the practice and the practice’s arrangements with other parties, including employees, professionals on staff, independent contractors, suppliers, agents, and physicians. This policy provides for the compliance officer to review contracts and obligations (seeking the advice of legal counsel, where appropriate) that may contain referral and payment issues that could violate the anti-kickback statute, as well as the physician self-referral prohibition and other legal or regulatory requirements.

C. Compliance Committee (This will depend on the size of your group or practice, this will not apply to all medical practices)

1. The Compliance Committee, under the leadership of the Compliance Officer, shall include the general counsel, Practice Administrator, at least one physician chosen by the Executive Committee, and other personnel with varying responsibilities in key operating units appointed by the Board of Directors and approved by the Executive Committee. The Committee’s functions shall include:

a. Analyzing the organization’s environment, the legal requirements with which it must comply, and specific risk areas;

b. Assessing existing policies and procedures that address specific risk areas for possible incorporation into the compliance program;

c. Working with appropriate departments to develop standards of conduct and policies and procedures to promote compliance with this plan and the Code of Business Conduct;

d. Recommending and monitoring, in conjunction with the relevant departments, the development of internal systems and controls to carry out the organization’s standards, policies and procedures as part of its daily operations;

e. Determining the appropriate strategy/approach to promote compliance with this plan and the detection of potential violations; and

f. Developing a system to solicit, evaluate and respond to complaints and problems.

2. The committee may also address other functions as the compliance concept becomes part of the overall operating structure and daily routine of the practice.

D. Conducting Effective Training and Education

1. This practice realizes that all practice personnel cannot be expected to comply with policies and legal standards, which they do not understand. Therefore, education becomes a critical part of the practice’s Compliance Program. The practice will develop and/or offer ongoing educational programs in each department affected by the requirements of the compliance program. The training program will explain our Code of Business Conduct, compliance program, summarize fraud and abuse laws, coding requirements, claim development and submission processes and marketing practices that reflect legal and program standards.

2. Administrators and/or managers will identify areas that require training. New employees will be required for training early in their tenure. All physicians, nurse practitioners, physician assistants, other ancillary medical personnel, and all personnel involved in billing and coding are in critical roles that are vital to the success of the compliance program and their attendance at education sessions will be mandatory.

3. In addition to education in the risk areas identified above, education shall be given to other appropriate members of the organization on the following topics:

a) General prohibitions on paying or receiving remunerations to induce referrals;

b) Proper confirmation of diagnoses;

c) Signing a form for a physician without the physician’s authorization;

d) Alterations to medical records;

f) Submitting a claim for physician services when rendered by a non-physician (i.e., the “incident to” rule and the physician physical presence requirement);

g) Prescribing medications and procedures without proper authorization;

h) Proper documentation of service rendered;

i) and Government and private payor reimbursement principles;

j) Duty to report misconduct.

E. The Compliance Officer is responsible for establishing a system for retention of adequate records of employee education, including logs of personnel who receive educational materials or attend training sessions.

1. Developing Effective Lines of Communication

a. Access to the Compliance Officer

2. The Compliance Officer and staff will establish open lines of communication to all practice. staff. The practice’s confidentiality and non-retaliation policies will be distributed to all employees to encourage communication and the reporting of incidents of potential violations of practice policies. The practice will develop independent reporting methods for employees to report potential problems so that such reports cannot be passed over by supervisors or other personnel.

3. The Compliance Officer holds the responsibility to provide an outlet for personnel to seek clarification in the event of any confusion or question with regard to practice policies or procedures. Questions and answers will be documented and dated and maintained in the compliance file. The practice compliance officer will develop and establish regular systems to update, clarify, or revise policies and procedures.

F. Practice Compliance Reports and Other Forms of Communication

1. The practice will establish an email address, and written forms to maintain open lines of communication. Employees will be permitted to report matters on an anonymous basis. Matters reported through the hot line or other communication sources that suggest violations of the Code, practice policies, or any law will be documented and investigated promptly.

2. The Compliance Office has the responsibility of maintaining a log of all reports, including the nature of any investigation and its results. Any such reports shall be maintained in a fashion that protects the attorney-client privilege, work product privilege, professional review privilege or any other legal protection that applies.

3. As appropriate, relevant reports and the information generated as a result of investigations should be included in reports to the Compliance Committee, managing partners of the group, or Board of Directors.

4. Further, while the practice will always strive to maintain the confidentiality of an employee’s identity, it will also explicitly communicate that there may be a point where the individual’s identity may become known or may have to be revealed in certain instances when governmental authorities become involved and/or litigation becomes necessary.

G. Enforcing Standards Through Well-Publicized Disciplinary Guidelines

1. Discipline Policy and Action

a) The practice will develop and implement a system of disciplinary action for corporate officers, managers, employees, physicians and other health care professionals that fail to comply with practice Code, policies, procedures or regulations. The disciplinary action will be based on intentional or reckless disregard for compliance and subject to significant sanctions. Disciplinary action will be taken on a fair and equitable basis. Administrators, Managers, Supervisors, and other appropriate practice personnel, including th Medical Director and/or Human Resources Department, will receive training on how to discipline employees in an appropriate and consistent manner. (This section may or may not be applicable depending on the size of your practice or group).

b) The practice will disseminate and publish the range of disciplinary standards for improper conduct and will educate officers and other staff regarding these standards. All levels of employees will be subject to the same disciplinary standards for similar offenses.

H. New Employee Policy

For all new employees who have discretionary authority to the practice will conduct a reasonable and prudent background investigation, including a reference check, as part of every such employment application. The application will specifically require the applicant to disclose any criminal conviction, as defined by 42 U.S.C § 1320a-7(i), or exclusion action. Pursuant to the compliance program, the practice will not employ individuals who have discretionary authority to make decisions who have been recently convicted of a criminal offense related to health care or who are listed as debarred, excluded or otherwise ineligible for participation in federal health care programs (as defined in 42 U.S.C § 1320a-7b(f)). In addition, pending the resolution of any criminal charges or proposed debarment or exclusion, the practice will implement oversight programs to monitor that individual’s involvement in any federal health care program. With regard to current employees or independent contractors, if resolution of the matter results in conviction, arrangement with the individual or contractor, as soon as possible.

I. Auditing and Monitoring

1. The Compliance Office will establish ongoing evaluation process’, which shall incorporate thorough monitoring of its implementation and regular reporting. Compliance reports created by this ongoing monitoring, including reports of suspected non-compliance, should be maintained by the compliance officer in the compliance file and shared with the compliance committee, and maintained in a manner that complies with any existing legal privilege.

2. The practice will establish a realistic schedule of internal compliance auditing in high risk areas and in areas where compliance has been identified as a problem. Such audits shall be conducted either by internal or external auditors who have expertise in federal and state health care statutes, regulations and federal health care program requirements. At a minimum, these audits are designed to address the practice’s compliance with laws governing kickback arrangements, the physician self-referral prohibition, CPT/HPCS ICD-9 coding, claim development and submission, reimbursement and cost reporting. Monitoring techniques may include sampling protocols that permit the Compliance Officer to identify and review variations from an established baseline. Significant variations from the baseline should trigger a reasonable inquiry to determine the cause of the deviation. If the inquiry determines that the deviation occurred for legitimate reasons, the practice may take limited or no corrective action. If it is determined that the deviation was caused by improper procedures, misunderstanding of rules, including fraud and systemic problems, the practice will take prompt steps to correct the problem. Any overpayments discovered as a result of such deviations should be returned promptly to the affected payor, with appropriate documentation.

3. The Compliance Program will incorporate periodic reviews of whether the program’s compliance elements have been satisfied. This process will verify actual conformity by all members of the organization with the Compliance Program. Such reviews could support a determination that appropriate records have been created and maintained to document the implementation of an effective program.

4. As part of the review process, the following techniques may be used:

a) On-site visits;

b) Interviews with personnel involved in management, operations, coding, claim development and submission, patient care, and other related activities;

c) Questionnaires developed to solicit impressions of a broad cross-section of practice employees and staff;

d) Reviews of medical and financial records and other source documents that support claims for reimbursement and Medicare cost reports;

e) Reviews of written materials and documentation prepared by key practice members;

5. The reviewers should:

a) Be able to operate independently of physicians and management;

b) Have access to existing audit and health care resources, relevant personnel and all relevant areas of operation;

c) Regularly (annually, if possible) present written evaluative reports on compliance activities to the Compliance Committee; and

d) Specifically identify areas where corrective actions are needed.

e) With these reports, the practice’s management will take whatever steps are necessary to correct past problems and prevent them from recurring.

J. The practice shall document its efforts to comply with applicable statutes, regulations and federal health care program requirements. For example, where the practice, in its efforts to comply with a particular statute, regulation or program requirement, requests advice from a government agency (including a Medicare carrier) charged with administering a federal health care program, the practice. shall document and retain a record of the request and any written or oral response. This step is important so that the practice can prove it relied on that response to guide it in future decisions, actions or claims, reimbursement requests or appeals. The written record of compliance efforts should include contacts with third parties contacted to get expert advice on compliance. Records should be maintained demonstrating due diligence in developing procedures that implement such advice.

K. Responding to Detected Offenses and Developing Corrective Action Initiatives

1. Violations and Investigations

a) The practice will place the highest of priority on correcting detected violations. Detected but uncorrected misconduct can seriously endanger the mission, reputation, and legal status of the practice and consequently, upon reports or reasonable indications of suspected non-compliance, the Compliance Officer or other management officials shall initiate prompt steps to investigate the conduct in question to determine whether a material violation of applicable law or the requirements of the compliance program has occurred, and, if so, take steps to correct the problem. As appropriate, such steps may include an immediate referral to criminal and/or civil law enforcement authorities, a corrective action plan, a report to the Government, and the return of any overpayments, if applicable.

b) The Compliance Officer shall monitor payment denials and overpayment detections by the practice’s reimbursement, audit, or coding division and will look to identify trends or patterns that may demonstrate a problem.

c) Depending upon the nature of the alleged violations, the practice may request that an investigation be conducted by internal or external legal counsel or may conduct an investigation using existing personnel. Auditors or other health care experts may be requested to assist in an investigation. Records of the investigation should contain documentation of the alleged violation, a description of the investigative process, copies of interview notes and key documents, a log of the witnesses interviewed and the documents reviewed, the results of the investigation, e.g., any disciplinary action taken, and the corrective action implemented, all subject to applicable legal privileges.

d) The Compliance Officer will take all necessary steps to ensure the integrity of any investigation, including removing employees from current work activities when their presence could compromise an investigation. In addition, the compliance officer should take appropriate steps to secure or prevent the destruction of documents or other evidence relevant to the investigation. If disciplinary action is warranted, it should be prompt and imposed in accordance with the practice’s written standards of disciplinary action.

L. Reporting

1. If the Compliance Officer, Compliance Committee or management official discovers credible evidence of misconduct from any source and, after a reasonable inquiry, has reason to believe that the misconduct may violate criminal, civil or administrative law, then, subject to legal advice, the practice will report the existence to misconduct to the appropriate governmental authority within a reasonable period, but not more than sixty (60) days after determining that there is credible evidence of a violation. The practice believes prompt reporting will demonstrate its good faith and willingness to work with governmental authorities to correct and remedy the problem.

2. Taking into account advice of counsel, the practice will work to provide evidence relevant to the alleged violation of applicable federal or state law(s) and potential cost impact to the government. Taking into account advice of counsel, once the investigation is completed, the Compliance Officer should notify the appropriate governmental authority of the outcome of the investigation.

NOTE: This document is a sample of a plan to meet OIG requirements for a practice. It may be tailed to fit particular and specific needs. The information is believed to be current as of the date it is published. The provision here is for helpful information only and the authors/editors and website owners assume no liability and are indemnified against any legal action. It is intended to be a framework for a practice to build a compliance program which would included policies and procedures as well as a compliance pledge or attestation.