Avoid Overpayments and Penalties by Auditing Physician Payments and Arrangements
By Lori Laubach
Principal, Health Care Practice
Moss Adams LLP
Original Publish Date: July 11, 2017
Health care entities are at risk of noncompliance with Stark Law and the federal Anti-Kickback Statute when they provide remuneration for referring a patient.
The Office of Inspector General (OIG) and law enforcement agencies continue to focus on identifying improper physician arrangements and payments, which have resulted in the US Department of Justice recovering over $17.1 billion since 2009 from fraud and false claims against federal health care programs.
This continued focus means health care organizations will need to stay extra vigilant to help ensure future compliance, prevent fraud, and avoid steep federal penalties.
Stark Law and the Anti-Kickback Statute
The two most problematic regulations for health care organizations in terms of penalties are Stark Law and the federal Anti-Kickback Statute. Civil monetary penalties may be levied for violations of Stark Law or the Anti-Kickback Statute, and entities that violate either may be excluded from participation in federal health care programs. The Anti-Kickback Statute is also punishable by up to five years of imprisonment and a $25,000 fine.
Best Practices to Avoid Improper Physician Arrangements
“An ounce of prevention is worth a pound of cure.” Truer words were never spoken as it relates to health care entities protecting themselves against any potential Stark Law or Anti-Kickback Statute violation. Fortunately, there are some best practices to prevent inadvertent violations.
An Easy Culprit: Lacking Physician Arrangement Policies and Procedures
Organizations often have incomplete policies, procedures, and standards related to physician arrangements—making them susceptible to penalties under the above-mentioned regulations. In some instances, we’ve observed that the internal controls related to the initiation, approval, and implementation of a physician arrangement are lacking and payments are made without sufficient support.
Key Questions to Ask
There are some questions an organization should ask about physician payments and contracts as it considers its risk for overpayments and penalties:
- Who are the individuals responsible for physician arrangements and payments? Do they have access to the most recent agreements and amendments?
- Are key personnel aware of the regulations impacting physician contracting? How are these individuals trained on the requirements and risks associated with physician arrangements and payments?
- What controls are in place to ensure compliance with regulations for each type of physician arrangement and payment?
- Does the accounting system allow for the identification of 100 percent of payments to or from physicians?
- How is fair market value (FMV) determined? Where is supporting documentation for FMV stored, and is it readily available?
- Is there a policy or procedure related to contracting with physicians?
- Is there a procedure for contract approval, including legal review?
- Do documented policies and procedures exist for physician contracting? Are they comprehensive and are they followed?
- Is physician contracting centralized? Can all physician contracts be located?
- How does accounts payable or accounting validate physician payments? Do they have access to a centralized database or is the approver required to validate the contract requirements?
- Do medical directors submit monthly timesheets? If so, who approves timesheets and confirms that documentation supporting the time is sufficient?
Health care organizations that can’t answer these questions or that have misgivings about their information might want to consider having a compliance audit or internal audit performed.
Regulatory-Compliance Monitoring and Internal Audits
An internal audit or regulatory-compliance monitoring provides a comprehensive evaluation of an organization’s regulatory environment to confirm it’s adherence to the rules and regulations outlined by external agencies and authorities.
An internal audit is the examination, monitoring, and analysis of activities related to an organization’s operations. It tests:
- Compliance environment
- Information systems
- Various other controls and departments
An internal audit also confirms an organization is managing physician arrangements in accordance with policies and legal and regulatory requirements that control financial arrangements.
Recommended Audit Approach
The steps taken during an audit include:
- Obtaining data. Data includes general ledger accounts, a vendor master file, accounts payment and payroll information for physician payments, and accounts receivable for payments from physicians.
- Selecting a random sample of payments. The sample is taken from the list or lists that have been provided by the health care entity.
- Collecting materials and support. Materials include contracts covering payment, legal contract request forms, documentation that required legal review occurred, evidence of sanction screenings for contracting parties, FMV analysis, request for payment documentation, and check requests or other documentation.
- Validating payments. This includes a review of time sheets or monthly call reports, invoices, check requests, and other documentation against the contract or arrangement.
- Conducting interviews. Controls are determined by completing interviews with key stakeholders.
We’re Here to Help
For questions about how to identify improprieties and misconduct regarding physician arrangements and payments and to determine the best internal controls to address these risks and prevent future fraud, contact your Moss Adams health care professional.
Lori Laubach has practiced public accounting for more than 22 years. She helps health care organizations with regulatory compliance, revenue cycle assessments, forensic and operational reviews, and risk assessments. Lori can be reached at (253) 284-5256 or lori.laubach@mossadams.com.