10  I want to know about a violation of law in my practice before the government and the world know about it. In a world with information readily available at the press of a button, the government and patients have access to lots of data. Knowing your high risk areas allows you to put controls in place. The cost of attorneys, gov’t fines, and a degraded reputation could put a physician out of business.

9     I don’t want to repay all my federal program reimbursements for the past two years because my receptionist was on the OIG Exclusions list. All employees should be screened versus the OIG Exclusions list regularly.

8      I don’t want to pay fines (OSHA range $100,000-$2,000,000+) for being identified as an unsafe workplace through an oversight surrounding our Exposure Control Plan. Practice procedures should ensure the testing and revising of your OSHA standard practices each year. Staff should know what to do when OSHA shows up at your site.

7      I don’t want to pay fines of $50,000-$100,000 or more for not having proper procedures in place to ensure patient data privacy. Have you considered the possibility of having a laptop stolen? Your practice should have a consistent process to ensure all patient data is secure. The Office of Civil Rights (OCR) is committed to enforcing HIPAA and HITECH policies via audits and education.

6      I don’t want to repay all my federal program reimbursements for the time I’ve contracted with our Document Shredding Company (business associate), who is on the OIG Exclusions list. All of your business associates should be screened versus the Exclusion list regularly to protect your practice. Also ensure you have a signed business associate agreement with each of your vendors that have access to PHI. Business associates fall under the OCR’s enforcement of HIPAA and HITECH policies.

5      I don’t want my reputation and my practice destroyed because one of my coders was violating the False Claims Act in order to have a good performance review. Clear expectations of code of conduct and rewarding the proper results from employees are key, as the physician is ultimately responsible for claims submitted. Filing false claims can result in fines three times the overpayments made plus $11,000 per claim. Improper billing rates for Medicare Fee for Service are approximately 9% nationwide but are closer to 12-13% for E&M services. In 2011, CMS Recovery Audits recovered almost $940 million in improperly paid claims. You should know if your billing code practices are out of line with peers nationwide, which puts your practice at high risk of being audited.

4      I don’t want to end up paying $50,000 plus three times the value of the season football tickets I received from a neighbor, because I referred patients to his imaging center. Regular reminders of all aspects of the Stark Law will help identify questionable areas.

3      I don’t want to pay my employees to repeat work due to inadequate training or procedural issues. Not only do high billing error rates cost you more in payroll but also make you more likely to be audited if it puts you on a high error rate review by the OIG. Revenue opportunities can be missed by (1) billing errors leading to under-billing or claim rejections and (2) inefficient operations leading to slow reimbursement. Having procedures in place and consistent ongoing training for all employees helps to ensure a strong accuracy rate.

2      I don’t want to pay hundreds of thousands of $ to attorneys, consultants, malpractice insurance companies to react to an audit, because I waited too long to implement a compliance program in my practice. The benefits of a compliance program are only achieved if it is implemented on a proactive basis. Putting in a compliance program after being fined as a defensive measure defeats the intended purpose of such a program.

1      I want to focus on patient care and not worry that something is slipping through the cracks in my practice operations. If procedures and controls are in place to give you reasonable assurance that deviations would be identified and corrected, that your staff is trained on a regular basis, that you have open communication paths for concerns to be raised, and that you have someone managing all of this, then you can have peace of mind and focus on your patients.

Actually, the question should be, why would I NOT have a compliance program in place for my practice? It’s smart business especially in a highly regulated industry like healthcare. Oh, and I didn’t even mention that having a compliance program is now mandatory under the Affordable Care Act.