OIG Compliance Updates for Medical Billing Companies

Health care providers are relying on medical billing companies to a greater degree in assisting them in processing claims in accordance with applicable statutes and regulations. Additionally, health care professionals are consulting with billing companies to provide timely and accurate advice with regard to reimbursement matters, as well as overall business decision-making. Compliance program guidance is a major effort by the OIG in its effort to engage the health care community in combating fraud and abuse. The development of these types of compliance program guidance is based on the belief that a health care provider can use internal controls to more efficiently monitor, adherence to applicable statutes, regulations, and program requirements.

The OIG has identified 7 fundamental elements to an effective compliance program. They are:

1. Standards of Conduct

Billing companies should develop standards of conduct for all affected employees that include a clearly delineated commitment to compliance by the billing company’s senior management and its divisions. Standards should articulate the billing company’s commitment to comply with all Federal and State standards, with an emphasis on preventing fraud and abuse. They should state the organization’s mission, goals, and ethical principles relating to compliance and clearly define the organization’s commitment to compliance and its expectations for all billing company governing body members, officers, managers, employees, and, where appropriate, contractors and other agents. The standards should promote integrity, support objectivity, and foster trust. Standards should not only address compliance with statutes and regulations but should also set forth broad principles that guide employees in conducting business professionally and properly. Furthermore, a billing company’s standards of conduct should reflect a commitment to the highest quality health data submission, as evidenced by its accuracy, reliability, timeliness, and validity.

2. Written Policies for Risk Areas

As part of its commitment to compliance, billing companies should establish a comprehensive set of policies that delineate billing and coding procedures for the company. The written policies should articulate specific procedures personnel should follow when submitting initial or follow-up claims to Federal health care programs. Among the issues to be addressed in the policies are the education and training requirements for billing and coding personnel; the risk areas for fraud, waste, and abuse; the integrity of the billing company’s information system; the methodology for resolving ambiguities in the provider’s paperwork; the procedure for identifying and reporting credit balances; and the procedure to ensure duplicate bills are not submitted in an attempt to gain duplicate payment. Billing companies that provide coding services should provide additional policies for risk areas that apply specifically to coding. The policies and procedures should describe the necessary steps to take in reviewing a billing document. Specific attention should be placed on the proper steps the coder should take if unable to locate a code for a documented diagnosis or procedure or if the medical record documentation is not sufficient to determine diagnosis or procedure. Billing companies that provide additional services should consider consulting an attorney for guidance on other regulatory issues.

3. Claim Submission Process

With respect to claims, a billing company’s written policies and procedures should reflect and reinforce current Federal and State statutes. The policies must create a mechanism for the billing or reimbursement staff to communicate effectively and accurately with the health care provider. Policies and procedures should:

    • Ensure that proper and timely documentation of all physician and other professional services is obtained prior to billing to ensure that only accurate and properly documented services are billed;
    • Emphasize that claims should be submitted only when appropriate documentation supports the claims and only when such documentation is maintained, appropriately organized in legible form and available for audit and review. The documentation, which may include patient records, should record the time spent in conducting the activity leading to the record entry and the identity of the individual providing the service;
    • Indicate that the diagnosis and procedures reported on the reimbursement claim should be based on the medical record and other documentation and that the documentation necessary for accurate code assignment should be available to coding staff at the time of coding. The HCFA Common Procedure Coding System (HCPCS), International Classification of Disease (ICD), Current Procedural Terminology (CPTTM), any other applicable code or revenue code (or successor code(s) ) used by the coding staff should accurately describe the service that was ordered by the physician;
    • Provide that the compensation for billing department coders and billing consultants should not provide any financial incentive to improperly up code claims;
    • Establish and maintain a process for pre- and post-submission review of claims to ensure claims submitted for reimbursement accurately represent services provided, are supported by sufficient documentation, and are in conformity with any applicable coverage criteria for reimbursement;
    • Obtain clarification from the provider when documentation is confusing or lacking adequate justification. Because coding for providers often involves the interpretation of medical diagnosis and other clinical data and documentation, a billing company may wish to contract with/assign a qualified physician to provide guidance to the coding staff regarding clinical issues. Procedures should be in place to access medical experts when necessary. Such procedures should allow for medical personnel to be available for guidance without interrupting or interfering with the quality of patient care.

4. Credit Balances

Credit balances occur when payments, allowances, or charge reversals posted to an account exceed the charges to the account. Providers and their billers should establish policies and procedures, as well as responsibility, for timely and appropriate identification and resolution of these overpayments. For example, a billing company may re-designate segments of its information system to allow for the segregation of patient accounts reflecting credit balances. The billing company could remove these accounts from the active accounts and place them in a holding account pending the processing of a reimbursement claim to the appropriate payer. A billing company’s information system should have the ability to print out the individual patient accounts that reflect a credit balance in order to permit simplified tracking of credit balances. The billing company should maintain a complete audit trail of all credit balances. In addition, a billing company should designate at least one person (e.g., in the patient accounts department or the reasonable equivalent thereof) as having the responsibility for the tracking, recording, and reporting of credit balances. Further, a comptroller or an accountant in the billing company’s accounting department (or the reasonable equivalent thereof) may review reports of credit balances and adjustments on a monthly basis as an additional safeguard

5. The integrity of Data Systems

Increasingly, the health care industry is using electronic data interchange (EDI) to conduct business more quickly and efficiently. As a result, the industry is relying on the capabilities of computers. Billing companies should establish procedures for maintaining the integrity of their data collection systems. This should include procedures for regularly backing-up data (either by diskette, restricted system, or tape) to ensure the accuracy of all data collected in connection with the submission of claims and reporting of credit balances. At all times, the billing company should have a complete and accurate audit trail. Additionally, billing companies should develop a system to prevent the contamination of data by outside parties. This system should include regularly scheduled virus checks. Finally, billing companies should ensure that electronic data are protected against unauthorized access or disclosure.

6. Retention of Records

Billing company compliance programs should provide for the implementation of a records system. This system should establish policies and procedures regarding the creation, distribution, retention, storage, retrieval, and destruction of documents. The three types of documents developed under this system should include:

      • All records and documentation required by either Federal or State law and the program requirements of Federal, State and private health plans (for billing companies, this should include all documents related to the billing and coding process);
      • Records listing the persons responsible for implementing each part of the compliance plan; and
      • All records are necessary to protect the integrity of the billing company’s compliance process and confirm the effectiveness of the program.

The documentation necessary to satisfy the third requirement includes evidence of adequate employee training; reports from the billing company’s hotline; results of any investigation conducted as a consequence of a hotline call; modifications to the compliance program; self-disclosure; all written notifications to providers; and the results of the billing company’s auditing and monitoring efforts.

7. Compliance as an Element of a Performance Plan

Compliance programs should require that the promotion of, and adherence to, the elements of the compliance program be a factor in evaluating the performance of all employees. Employees should be periodically trained in new compliance policies and procedures. In addition, all managers and supervisors involved in the coding and claims submission processes should:

      • Discuss with all supervised employees and relevant contractors the compliance policies and legal requirements applicable to their function;
      • Inform all supervised personnel that strict compliance with these policies and requirements is a condition of employment
      • Disclose to all supervised personnel that the billing company will take disciplinary action up to and including termination for violation of these policies or requirements.

In addition to making a performance of these duties, an element in evaluations, the compliance officer or company management should include a policy that managers and supervisors will be sanctioned for failure to instruct adequately their subordinates or for failure to detect noncompliance with applicable policies and legal requirements, where reasonable diligence on the part of the manager or supervisor should have led to the discovery of any problems or violations.