“They just keep changing everything so they are going to trip me up at some point,” the physician owner of Coyote Medical Group blurted out somewhat sarcastically.

“Who are they?” the group’s general counsel inquired.

“You know, the government, the insurers, the patients,” the physician responded. “And, no amount of compliance work is going to protect me a hundred percent,” she added.

“So what do you want to do?” the counselor at law asked in all sincerity.

Legal and compliance advisors are all too familiar with the resentment expressed by their medical clients when advisors bring more news about yet another new or changed legal requirement.

The physician is correct on her point, however, that no amount of compliance planning is bulletproof. Even if her practice adopted all seven elements of a formal compliance plan as recommended by the Office of Inspector General (OIG), problems still could arise and penalties still could be assessed. So why bother?

In our post-Affordable Care Act (post-ACA) health care industry, the regulatory details that can trip up a medical practice are quite detailed and ever-changing. So for a practice to continue operating its business in a manner akin to an ostrich burying its head in the sand, well, realistically, that no longer makes much practical sense.

Before ever adopting a formal compliance plan, a practice might want to think about some key considerations when working through the design and implementation of what should be routine compliance tasks. If these key considerations make business sense to the practice, they would be well along to way to designing a compliance plan that can be a useful business tool.

Minimizing Costs and Maximizing Resources

An important factor in developing a compliance plan is financial cost. Obviously, a practice would not have to go broke implementing policies and procedures that assist with it staying on the right side of federal or state regulatory schemes. But, it has to spend something.

Downloading everything that is “free” off the Internet and putting the medical practice’s logo on it, while incredibly cost-saving, could present credibility issues especially if the free polices from Acme Hospital have absolutely nothing to do with what the medical practice is doing.

Much of the expense associated with compliance plans can be mitigated, however, by practices that genuinely agree to take on a proactive role in seeking out general guidance materials, developing internal policies, conducting internal audits, and looking for low cost training solutions. A frugal medical practice would have to assess where it might need to spend some dollars on outside assistance versus relying on internal staff to become mini-experts.

So, with respect to keeping costs low and utilizing resources, “be frugal but not cheap” is not a bad mantra to adopt in developing a compliance plan.

Focus on Risks

Many medical practices, or rather, their office managers, struggle with where to start on doing anything compliance-related.

Generally, the key to getting started or to enhancing what already exists is to focus, at first, on where the greatest legal and financial exposure is and see what might be done task-wise to plug those holes a bit and keep an eye on them.

As an example, a risk area that has gained more attention in a post-ACA world is with the employment of individuals who may be excluded from participation in the federal health care programs. The risk associated with this issue is that the practice might have to refund claims and could be subject to civil monetary penalties. One way to plug that hole is to screen employee names against the exclusion database. OIG has suggested that this task be performed monthly. An overwhelmed office manager may be lucky to find time to screen everyone once a year or just upon initial hire.

Simply telling the medical practice that to address this risk area they have to screen employees, is not enough to get them to routinely build this task into a compliance plan. So to sharpen the focus on the risk, the practice needs to understand that over 50,000 names of individuals and entities populate the database. As a result, chances are pretty good that someday some practice, maybe their very own, might get a positive result. At that point, if the practice has not thought through what to do with further testing of positive results or have a simple policy in place of “call your compliance counsel,” internal panic over the matter could cause more harm.

The main point here is that risk areas should be broken down in two ways: First, what are the practical reasons for focusing on this particular risk? Second, what are the practical responses should some exposure to the risk be detected? The more the practice focuses on practical reasons and responses, the greater the likelihood the policy or procedure that is established to address the risk area will be implemented and carried out on a regular basis.

Focus on Training

Another area of compliance planning that medical practices struggle with is internal training of providers and staff.

OIG’s guidance is fairly broad on the subject matter and focuses more on the importance of why a practice should have a compliance plan and what are the consequences of violating standards and procedures under the plan for the employee (i.e., the disciplinary process). The stick versus carrot approach probably gets most practices to where they need to be on paper, but a rigid approach to training does little to improve office morale or foster a healthy ethical culture within the organization.

Practices should be thinking more about a carrot rather than a stick approach to training not only to induce employees to want to know more but to support an office culture that is cooperative about compliance issues.

One practical step to improve upon the training function is to seek out resources that force individuals to actively think about what they are learning using realistic examples versus passively responding to the same generic multiple choice questions over and over.

Accountability

Another key consideration when designing a compliance plan is the concept of accountability.

The warm and fuzzy nature of most of the elements of a compliance plan suddenly can turn very serious when corrective action and/or discipline is required. The range of responses for the average medical practice likely varies along a legal and ethical spectrum of: (a) just doing nothing; (b) objectively investigating and responding to a detected problem; and (c) using the plan to toss someone under the bus.

While a practice should be somewhere in the middle of the spectrum, the personalities involved in the management (or lack of management) of the practice largely will dictate how the concept of accountability will be handled. Advisors to a medical practice should emphasize the need for the compliance team to maintain some sense of objectivity when investigating facts and analyzing the problem, and avoid a rush to judgment on whether someone failed to meet the standards and procedures of the plan.

In sum, a medical practice today is a far riskier business than even just a few years ago. That does not mean practices should give up or do nothing. Most, if not all, industries have regulation. If practices are frugal with costs, focus on practical risk-assessment, do good training, and endorse fair accountability standards inside their businesses, the rest of the steps in designing and implementing a compliance plan should fit easier into place.