Ah, the new year—a perfect time for reflection: What did we do well? What could we do better? What do we need to change? These questions lead us to our resolutions. At the heart of any New Year’s resolution is a person’s strong desire to protect where he or she is in life. People work hard to achieve what they have, and they don’t want to lose that. In a very real sense, compliance plans speak to this desire: You work hard to build and maintain a successful business, and you believe you’re following all the rules and regulations related to your industry—but you’re not certain. And it’s that uncertainty that makes you feel like, at any moment, your entire life could get turned upside-down with a single knock on the door, phone call, or letter.

If sincerely implemented, a compliance plan—and the compliance program resulting from that plan—can provide some peace of mind and security. When I say “sincerely implemented,” I mean your compliance plan and program must be more than a binder on a shelf. Compliance is the collagen that runs through your business and holds it together. It provides peace of mind—reassurance that you’re actively making reasonable efforts to comply with the requirements of your business. The plan provides employees with the means to seek answers to compliance questions and raise potential concerns.

Under the Affordable Care Act (ACA), CMS was given the authority to mandate compliance programs to providers who participate in federally-funded insurances. The ACA required CMS to develop risk categories for fraud, waste, and abuse for Medicare providers. CMS has been gradually introducing requirements around compliance programs, starting with large and “high-risk” providers as defined by CMS. Skilled Nursing Facilities (SNFs) are the most recent group of providers added to the list of those mandated to have compliance programs.

CMS also has given Medicare Part C insurance providers (e.g., Medicare Advantage Plans or Medicare Managed Care) the ability to require contracted service suppliers to have compliance programs. I first noticed this in a recent newsletter from a Medicare Part C insurance provider. In the newsletter, the provider told contracted service suppliers that they had 90 days to attest that they had a compliance program. If a supplier fails to attest within the 90 days, it runs the risk of losing its contract. To learn more about CMS-required compliance programs under Part C and Part D, check out this link.

The Medicare Manual (Pub 100-16, Chapter 21) actually does a nice job of outlining Medicare’s expectations regarding compliance plans:

  • Compliance plans contain the seven essential elements for an effective compliance plan as outlined by OIG guidance on effective compliance plans.
  • Compliance plans must be customized for the supplier of Medicare covered services.
  • A compliance plan will not be effective unless adequate resources are provided for the program.

What can you do?

It seems inevitable that all Medicare/federally-funded insurance providers will require compliance plans. With that in mind, here are my recommendations:

  • Read those insurance newsletters. You could be missing important information. If you haven’t done so, create, implement, and track your compliance program.
  • Purchase a packaged compliance plan if you don’t have the time or resources to institute your own. For additional advice on crafting your own compliance plan, check out these blog posts: Creating a Compliance Plan for Your Practice, What are Compliance Programs and Why Does My PT Practice Need One?, and Four Considerations For Hiring a Medicare Compliance Consultant.
  • Assess your practice for compliance, including, but not limited to, compliance with:
    • Insurance providers, including both federal and commercial insurances. In recent cases, I have seen the Department of Justice teaming up with BCBS providers on false claims cases.
    • HIPAA—in terms of both federal requirements and your local state privacy requirements.
    • OSHA/DOH. For me, these are two sides of the same coin. OSHA is about having a safe working environment, and the Department of Health is about having a safe environment for the public.
    • Employment requirements—again, in terms of both federal and state requirements.
  • Once you have assessed your practice for potential compliance risks, prioritize those risks and develop your compliance plan for addressing your risks.
  • If it all seems too much, seek outside expert assistance.