This is a continuation of a series on medical coding, billing, and reimbursement.

Previous posts are here:

• Part 1–Intro & Procedural Coding
• Part 2–E&M Coding
• Part 3–ICD-9 (Diagnosis) Coding

There–glad you’re back. Hope you enjoyed your lunch. I know after a meal we all tend to get a little drowsy. So to keep you from dozing off, I thought I’d tell a really, really scary story.

A number of commenters have asked the question, in so many words: “How did physicians ever allow this crazy system to come to pass?”

Good question.

And the answer is easy: when you dance with an 600-pound gorilla, the dance ain’t over ’til the gorilla says it’s over.

The gorilla, of course, is the federal government, and the dance, the provision of health care services covered under federal programs such as Medicare and Medicaid. For most medical practices treating adult patients, Medicare constitutes a significant percentage of total patients in a practice–and therefore a substantial percentage of income. One cannot accept federal reimbursements for medical services without being subject to federal regulations and restrictions. Since the vast majority of patients over the age of 62 are covered by Medicare, you’re pretty much stuck with the gorilla. She ain’t pretty, but she’s the only gal available–and she sure can dance.

Initially, after the introduction of federal health care financing in 1964, the system was pretty easy-going. Billing was done on a UCR basis (see part 1), and while federal fraud statutes existed, they were rarely implemented except in egregious cases of financial mendacity. When the federal coding regulations and guidelines came out about 10 years ago, physicians were stunned and angry–although not entirely surprised: the feds had been tightening up on hospitals for several years using a fixed-payment-by-diagnosis-group system called DRGs (diagnosis related groups), which grouped hospital admission diagnoses into groups based on the resources they used, and paid accordingly. DRG’s started the chess match between federal payers and private providers, where the feds tried to slash expenditures, and the hospitals, under increasing financial pressure, sought to maximize revenues by “working the system”–taking advantage of its complexity and vague definitions to improve–or at least maintain–their bottom line. As you can imagine, the perspective of the federal payers and the hospitals on what constituted correct interpretation of the complex rules–and what constituted fraud–was quite different–and some hospitals (especially several large for-profit hospital chains) moved a bit (or more than a bit) too far into the gray zones, and found themselves under federal investigation.

Physicians watched this high-stakes chess match with fascination and horror. Hospitals were under intense pressure to discharge patients sooner (they were reimbursed a fixed amount by diagnosis, and lost a boatload of money if your stay was too long), and in turn pressured doctors on their staffs to follow suit. Even though it was the hospitals, not the doctors, who stood to lose, most physicians complied (the hospitals played hardball with physicians, kinda like your Italian cousin Guido: “It’d be a real shame if yuz had a terrible accident or sometin’ like dat”). While shortened hospital stays were not all bad–there was definitely fat in the system–the inevitable result was more patients were discharged “quicker and sicker.”

So when the coding guidelines for physicians were released, the rules of the game were already known: the feds would use the complexity of the rules, and their hand on the purse strings, to ratchet down reimbursements–and doctors knew they had to know the rules inside and out to avoid a financial bloodbath–or worse.

Nothing sharpens the mind quite like the threat of financial disaster. Except maybe jail time.

Doctors are nothing if not problem-solvers: throw them a bone and they’ll hollow out the marrow like a hungry dog. So they threw themselves with abandon into mastering the rules. The implementation of the coding guidelines for physicians was in reality the Medical Consultant Full Employment Act: everybody needed help mastering these bad boys. There were conferences, seminars, lectures, books galore; doctors paid thousands to practice consultants in courses and in-house practice assessments. But many physicians, calculating that the complexity of the rules–and safety in numbers–would keep the feds from looking too closely at the “little guy,” made an entirely rational choice: ignore the rules, and keep doing what you’re doing, taking care of patients.

This laisser-faire attitude came to a screeching halt with the introduction of federal compliance programs.

The shot over the bow was the passage of HIPAA–the Health Insurance Portability and Accountability Act of 1996. This act is best known by its privacy regulations: it is the reason for that proliferation of forms and brochures about information release and privacy policies you get to sign at your doctor’s office. But it also established a national Health Care Fraud and Abuse Control Program–a program designed to coordinate federal, state, and local enforcement activities with respect to health care fraud and abuse. With HIPAA’s enactment, the OIG (Office of Inspector General) launched a major initiative to promote “voluntary” adoption of compliance programs by provider organizations, such as hospitals, nursing homes, laboratories, and doctors’ practices.

OIG guidelines list seven components of a basic voluntary compliance program:

1. Establish auditing and monitoring activities. A practice’s standards and procedures are periodically reviewed for currency and accuracy and to identify where its current compliance program may put the practice at risk.
2. Develop written practice standards and procedures to address all identified areas of risk. The practice should develop written procedures to reduce the chance of coding and billing errors, filing of erroneous claims, and to deal with those particular areas that have been identified during the audit that put the practice most at risk.
3. Designate one or more individuals to provide compliance oversight. The designated compliance officer(s) can be responsible for developing a corrective strategy to cure areas of identified risk, and for overseeing the practice’s implementation of its comprehensive compliance program.
4. Conduct appropriate education and training of employees. At a minimum, OIG recommends all professional and support staff with any involvement in coding and billing be trained in the practice’s compliance standards and procedures. Training should consist of, but not be limited to, coding requirements, information on developing and submitting claims, federal and private health care program requirements in order to submit accurate bills, and the sanctions for non-compliance.
5. Respond to and cure compliance breaches. A practice’s commitment to compliance includes ongoing monitoring in order to detect and respond to evidence of misconduct. If it becomes apparent that the compliance program is failing to prevent a particular type of violation, the program may require modification or that staff training be enhanced.
6. Develop open lines of communication to foster compliance and reporting of violations. Policies should be developed to encourage meaningful and open communication to the designated compliance officer of suspected erroneous or fraudulent conduct and protecting, as much as possible, the anonymity of the reporting party.
7. Develop and publicize guidelines to inform staff of the consequences of non-compliance. Employees at all levels must be accountable for the practice’s compliance requirements and subject to disciplinary action for their intentional or reckless non-compliance.

Each and every health care entity–from the humble country GP treating your sore throat to national hospital and nursing home chains–was “encouraged” to implement these “voluntary” programs. No, there was no penalty if you didn’t–but if you got audited, and didn’t have one in place–well, as one summary succinctly put it:

The penalties for submitting fraudulent claims are significant: criminal prosecution and civil and administrative enforcement that can result in huge monetary penalties and sanctions that exclude the physician from Medicare and Medicaid. However, penalties for violating the law may not be as severe for those with a compliance program in place. Of course, establishing compliance duties and failing to live up to them may serve as evidence of intentional disregard of the law and may therefore enhance penalties. [emphasis mine]

Notice the Catch-22 here?

• If you are audited, and problems found (as they always will be), and have no compliance program in place, you’re screwed.
• If you are audited, and problems found (as they always will be), and have a compliance program in place, you’re still screwed–but maybe a little less–unless we determine you weren’t following your own policies (and we always will).
  Can you say, “Abu Ghraib”? (“Just stand on this platform, Doctor, while we hook up these electrodes. Nice cloak you’re wearing there…”)

Now, it’s not too hard to see that setting up a compliance program is no small undertaking: there’s policy and procedure manuals to write; extensive internal risk assesments; employee training on a regular (and well-documented) schedule; mandatory corrective disciplinary actions against employees who violate the rules (knowingly or unknowingly); formal lines of communication to establish (including the right to anonymity for anyone reporting a problem); internal and external audits. No small task even for a large organization such as a hospital or large medical group; absolutely crushing for small medical practices. The OIG’s solution for the small medical group? Deputize the physician to be the sheriff, policing not only his own staff but his own behavior. Anyone see a conflict of interest here? You decide your coding is just fine; the feds disagree. Not only are you guilty of fraud, but of a cover-up because you didn’t report your own failings to the proper authorities. If you think it sounds a little like Communist re-education camps (“I am a lowly worm, a bourgeois capitalist enemy of the State, unworthy of the Chairman’s mercy!”), you’re definitely getting good at this stuff. Want to come work in my office? I’ll make you the compliance officer.

The legislation uses the False Claims Act as its principle weapon to fight fraud. And what a weapon it is–and that’s where our story starts to get really scary. So stretch your legs and be back in five. Soft drinks and a bowl of Prozac will be in the hallway to the right.