Is your health care practice or business ready for a potential review or audit by a federal agent?

The federal government’s focus on health care fraud and privacy breaches have increased the likelihood that someone from the federal or state government may show up to review your compliance with billing rules under the Medicare and Medicaid programs or privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA).

Obviously, a practice should take any such review seriously and evaluate whether the review is just a routine audit about compliance or a more focused investigation of the practice’s conduct. Being even just a bit more informed about what audit activity is occurring in your industry can help to alleviate some of the anxiety caused by an official letter from a government agency.

So what are a couple of tips that can help? As you approach a year-end review of your health care business you may want to learn more about what federal regulators are looking at and compare that to your own compliance efforts.

Every fall, the Office of Inspector General (OIG), issues its Work Plan for the coming year. (See oig.hhs.gov.) Inside that Work Plan is an outline of what problem areas OIG will audit more closely and possibly investigate for fraud such as prescriptions for Power Mobility Devices (e.g., scooters). If you look at the outline and see services or items that your own practice provides to patients, compare OIG’s focus on that service or item to your own understanding of the rules. If they are not lined up, consider adding a policy or beefing up your training in the area so if OIG ever did send you an audit letter, you could say, sure, we looked at that too and feel pretty good that we are on solid ground.

Similarly, the federal regulators in charge of HIPAA compliance, the Office for Civil Rights (OCR), also are looking at problem areas and will start to expand upon their pilot random audit program of covered entities. (See hhs.gov/ocr.) OCR issued some guidance recently that set forth their audit protocol for when they review a covered entity’s compliance with HIPAA. Here, a practice could review exactly what the auditors will look at and compare that to their own internal compliance efforts to see if there are any holes than need filling.

While most health care providers are just trying to do the right thing, sometimes an exact answer about what the right thing is can create some gray areas for providers. Your goal is not to be perfect because everyone makes mistakes in such a complex and highly regulated industry. Your goal, simply, is to demonstrate the intent to follow the rules. If you have little documentation or guidance in place for your practice, the more difficult it will be to show that non-compliance with a rule was not an utter disregard for the rules.

Taking a look at what the federal regulators are looking at can help to improve your own compliance efforts and help better prepare you if an agent or two ever does show up at your door.