Last summer, dramatic scenes of federal investigators carting boxes of billing records away from the Nashville, Tenn., headquarters of Columbia/HCA Healthcare Corp. made front-page news.
Many physicians attacked the behemoth for-profit company for cheating the nation's federal health program for the elderly, lamenting anew corporate medicine's perceived preoccupation with the bottom line.
But soon thereafter, the federal government's fraud probes hit doctors a little too close to home. In fact, it was at their offices, where auditors began to look at physician billing records for potential false billing of Medicare. Physicians found that even small group practices weren't immune to investigation and prosecution.
The General Accounting Office estimates that as much as $20 billion a year is lost in healthcare fraud, abuse and waste. To plug that financial drain, Attorney General Janet Reno in 1995 declared healthcare fraud to be the Department of Justice's No. 2 priority -- second only to violent crime.
The government's investigations mostly have focused on large institutions, including Columbia, which is embroiled in widespread federal and state probes of its operations. And the Physicians at Teaching Hospital investigation, which focuses on the billing practices of university-based teaching hospitals, has resulted in settlements in the tens of millions of dollars.
Such well-publicized cases have forced many healthcare providers to start thinking about how to avoid a fraud-and-abuse audit or investigation. The government recently encouraged all providers to develop compliance plans designed to detect fraud before it's committed, and announced that the presence of such a plan could soften punishment and decrease fines if fraud is discovered.
Although most hospitals and academic health centers now employ full-time compliance officers, most physician groups, particularly small ones, are far behind on that front. Many small groups believe they are too little to appear on the government's radar, or think they're not at risk because they're not out to cheat the government.
As recently as April, however, a physician in Southern California was indicted on Medicare fraud charges, and last December, Arcadia, Calif., ophthalmologist Badrudin Kurwa, M.D., paid the government more than $375,000 to settle Medicare billing fraud charges. Kurwa, a solo practitioner who operates three clinics in the Arcadia area east of Los Angeles, was charged with defrauding Medicare through false billings. The case reportedly turned out to be one of the largest settlements involving an individual physician.
These cases are proof that small groups are very much on the government's radar, and providers who continue to ignore compliance issues are flirting with disaster, says Robert Milligan, an attorney with the Phoenix-based firm Gallagher & Kennedy. Compliance plans can be formal and elaborate, or informal and less extensive, but physician groups must begin thinking about some sort of plan, he says.
"I think folks who just sit and wait, they're playing the wheel of misfortune," Milligan says. "They may not get tapped, but if they do, they could get ruined."
Providers found guilty of healthcare fraud now can be held liable for as much as three times the amount of the fraudulent claims, as well as $5,000 to $10,000 for each false claim. In addition, the Health Insurance Portability and Accountability Act of 1996 made healthcare fraud a felony, and threatens jail time for those found guilty.
The Justice Department now has more than 400 full-time FBI agents and 100 federal prosecutors devoted to the healthcare industry. And the Department of Health and Human Services announced that in 1997 it collected almost $1.9 billion in criminal fines, civil judgments and settlements. It also filed more than 282 criminal indictments in healthcare fraud cases and excluded more than 2,700 individuals and companies from federally sponsored healthcare programs.
It's not always outrageous or scandalous behavior that brings investigators knocking. The Medicare program routinely conducts random prepayment audits, where 20 charts randomly are pulled and reviewed to determine if the medical documentation justifies the amount billed.
All Medicare visits are ranked on a scale of one to five, based on complexity. If a physician always bills at the same level -- even if it's always a low level -- the audit will flag the charts as unusual or suspicious. Or if a provider seems to perform more expensive procedures than other physicians in the area, the audit will detect that.
Physicians also are at risk of being named by a whistleblower in their organization or even a patient in what are known as qui tam cases. The 1996 Federal False Claims Act authorizes private citizens to bring suit on behalf of the Federal government against participants in federal programs, and whistleblowers are eligible to receive up to 30% of any recovery. According to the Dallas-based law firm Jenkens & Gilchrist, 40% of all pending qui tam actions involve healthcare fraud. Kurwa's investigation was the result of a whistle-blower complaint by former practice administrator Sandra Hearn.
Some of the physicians under investigation are accused of such fraudulent schemes as double billing and submitting Medicare claims for deceased patients.
However, most others, like Kurwa, are accused of fraudulent billing or overcharging for services, according to attorneys who represent providers. Even physicians who believe themselves to be in full compliance may be committing fraud by unintentionally upcoding and overbilling, as Kurwa asserts he was.
HCFA's evaluation and management guidelines are the first area of risk, says Kenneth Gordon, an attorney with Jenkens & Gilchrist. "Getting the right coding is usually an education issue. You need to keep the education level high so that physicians know how to mark (charts) so that the coders in the office know how to document it. Physician executives do need to spend some time learning how the coding and billing works."
Kurwa says his overbilling problem occurred because he was unable to provide documentation of diagnostic images required for a cataract procedure he performed. He said new technology eliminates the need for those images.
As part of his settlement with the government, Kurwa was required to implement a
compliance plan.
Kurwa hired a professional consultant to create a customized plan, but like all formal compliance plans, his is based on seven core components. The Federal Sentencing Commission, which ensures consistency in criminal sentencing for federal crimes, developed a set of guidelines in 1991 that define an effective compliance program for all industries.
According to the guidelines, the seven core elements of a compliance plan are:
Like Kurwa, physicians can hire a consultant or attorney to create and monitor a plan that incorporates the guidelines. Hundreds of vendors are hawking compliance plans to physician groups, but the cost, depending on the size and type of practice, can range from several thousand to upward of $100,000. Kurwa says his plan will cost him about $8,000 per year.
While some physicians may balk at the cost of hiring a consultant, Jenkens & Gilchrist's Gordon suggests that only an outside observer can get at the root of compliance issues. "The reason they would need a consultant or lawyer to set up a compliance program is that there are lots of questions that need to be answered. If a physician is looking at how he or she is running their own practice, it's harder to step back and harder to know what all the questions are," he says.
Lisa Murtha, senior manager in the Philadelphia office of the accounting and consulting firm Deloitte and Touche, suggests caution when choosing a compliance consultant. "I would look for experience in the trenches. Look for a firm that has strong billing and coding expertise, that maybe has people who are nurses or professional coders on staff -- people who have the right qualifications and the right training," she says. "We can all read the sentencing guidelines and the model compliance programs, but can they tell you how to (implement them)?"
Kurwa hired a consulting group that has experience running ophthalmology practices. The group is putting together a compliance manual that addresses everything from Kurwa's billing practices to how appointments are made.
Dennis Holmstead, director of medical economics for the Pennsylvania Medical Society, is more skeptical. "Be careful of who you're buying (a compliance plan) from," he says. "Especially if a consultant approaches you and says 'I have a canned program that would really work for your practice.' Canned programs don't work. If someone's trying to sell you a program off the shelf, run the other way as fast as you can."
In the past two years, HHS' inspector general's office has released model compliance plans for hospitals and laboratories, but has not produced a model plan for physicians and has no plans to do so. Many vendors and consultants, however, offer their own model plans that they say can be used by most groups.
Robert Saner, an attorney with Washington-based Powers, Pyle, Sutter & Verville and co-author of a program manual, cautions against such a cookie-cutter approach. "I'm really scared of model plans. What's wrong with them is that the diversity in medical practices is so substantial that the plan that fits the 20-physician multispecialty practice that operates at a single site is probably irrelevant to a 20-physician single-specialty group that operates at multiple sites."
Instead, Saner and others suggest, physician groups should customize plans either with the help of a professional consultant or through their own efforts.
Groups can turn to the American Medical Association, the American Health Lawyers Association, state societies and other organizations which have developed compliance manuals.
Perhaps the most realistic approach for busy small groups is to build compliance efforts into existing practices. "The school answer tends to be, 'you should do your own audit, you should check your own charts, have a compliance plan in place and have some way to respond to inquires,' " says Barbara Harty-Golder, M.D., a Sarasota, Fla., pathologist who also is an attorney and treasurer of the Florida Medical Association. "That's all very nice on paper, but it takes time away from patient care and it takes money away from patient care," she says.
"People get a little hung up sometimes on the formality of a corporate compliance plan. I tend to try to get people to think a little differently and think of these as corporate compliance processes,"says attorney Sanford Teplitzky, partner in the Baltimore firm Ober, Kaler, Grimes & Shriver. "All they really need to do is, first establish the corporate ethic of compliance, i.e., let everybody know you intend for the company and everybody to comply with the law. And then identify those areas of the law that are applicable to that part of the practice and provide training to staff about how to comply.
"If you're talking about a small group, you don't want to set up a huge bureaucratic form," he adds. "What you want to do is convey to the staff that if they have a question or concern, they have to raise it. And then establish a process to either answer the question or review the concern."
Jenkens & Gilchrist's Gordon even thinks it will be simpler for small groups to incorporate compliance efforts. "It's one person deep or two people deep, as opposed to this complex reporting process and throwing bunches of resources and hiring an auditor," he says.
"For example, when we talk about oversight of billing operations, what that might mean is the lead physician will randomly take home five charts and claims every month and do a comparison."
Physician executives in small groups likely will bear the brunt of new work involved in overseeing the billing process, Gordon says. But the task shouldn't be overwhelming. "The physician executives do have one more hat to wear, but it's an incrementally larger hat as opposed to a whole new one," he says.
Roy Snell, former chief compliance officer at the University of Wisconsin Medical Foundation in Madison and now a senior manager with Deloitte and Touche, suggests forming a compliance committee. Even in a group with only nine employees, Snell says a four-person committee that meets once a month can be very effective. "The compliance committee is a perfect example of how to create your own compliance program as opposed to buying one. If you meet for an hour and a half every month, you're going to get into discussions about how your organization is going to meet the compliance requirements."
The first task of any compliance committee will be determining what sort of internal or external audit system will be used to review coding and billing practices. "The problem is we've got people deciding what to bill who don't understand the billing rules well enough. We can teach them and audit them and yell until we're blue in the face, but it just may be too many rules for somebody who's primary job is being a physician, nurse or administrator," Snell says.
One option is investing in software that can help with compliance efforts, although Snell says most of it is geared toward large organizations and inpatient procedures.
Consultants, certified medical records technicians or certified public accountants can be hired twice a year to perform an audit, usually for about $100 to $200 an hour.
Another alternative Snell suggests is hiring a full-time coder, typically for an annual salary of about $25,000 to $35,000. "It's my belief that a well-trained coder rarely makes mistakes. It's the people that are dabbling in coding like physicians and nurses and clerks that make the mistakes," he says.
Establishing an anonymous hotline may be helpful, although it probably isn't realistic for most practices, Snell says. Putting together a drop box where employees can anonymously give comments or questions about compliance may be more feasible, and it's something that even the smallest physician groups can do to improve compliance.
Harty-Golder says physicians should be concerned about compliance and need to start thinking about it, but they need not put their practice through a complete overhaul. "Panic, but panic slowly," she says.