Have a question for “Coding Commentary”? Tweet it to us at

Ms. Adams is a consultant with Corcoran Consulting Group. She can be reached at 1-800-399-6565 or at www.corcoranccg.com.

As we all move toward pandemic recovery, it’s time to think about how to recover. Will you resume “business as usual” or try to reinvent your practice with improvements?

Of course, you want to emerge better and stronger. So, if you haven’t done so already, consider implementing a compliance plan now. This may sound like a crazy idea. You may think a compliance plan is too much work, too much aggravation, not enough payback, not really needed and a huge waste of paper.

But consider this: Since the late 1990s, the Office of the Inspector General (OIG, a.k.a. the “Medicare Police”) has published guidance for medical practices to develop a voluntary compliance program.  The OIG stated that compliance program efforts “can also streamline and improve the business operations within the practice and therefore inoculate itself against future problems.”1 

Although not a guarantee against a Medicare allegation of fraud or abuse, the statement hints at the value of a compliance plan. When you develop, maintain and adhere to a robust compliance plan, you can point to it to support your intent to avoid fraud and abuse if you’re the subject of a Medicare audit.  


Sample: Retina group compliance plan

Issued to all employees 1/1/2021

Review date:

A. Written policies are located on the practice shared drive in the folder labeled “Compliance.” All staff members are sent a reminder to review the policies every January 1. Compliance policies:

a. Surgery policy:  Review all surgery center claims for correct CPT and diagnosis prior to submission.

b. Modifier-25 policy and procedure: Run a Modifier-25 utilization report quarterly.  Audit 10 percent of encounters billed with Modifier-25. Report findings to Practice Board.

c. Other areas of Office of Inspector General/Centers for Medicare and Medicaid Services concern.

B. The practice compliance officer (CO) is Leslie Oversight. The CO reports directly to the Practice Board and is responsible for performing or assigning audits. The CO has an open-door policy and will investigate all compliance concerns within two business days. The CO will develop policies and procedures to address vulnerabilities and report complaints, investigation outcomes and remediation plans to the practice board.

From suggestion to requirement

Rules change, however, and the OIG’s guidance became a requirement in 2014. That year, the Affordable Care Act established the requirement that “a provider of medical or other items or services” shall establish a compliance program as a condition of enrollment [emphasis added] in Medicare, Medicaid, or the Children’s Health Insurance Program (CHIP).”  

Even if it weren’t required, a compliance plan can bring many benefits to the practice. They include increasing the potential for proper claim submissions and a reduction in billing errors and, through the process, promoting patient safety and improving quality of care. Though not always a direct result, often a compliance plan can lead to improved revenue by reducing denials and appeals and, through correct coding, resulting in appropriate payment. 


Only seven core elements

Although it can seem daunting to consider developing your compliance plan, the ACA has defined only seven core elements of an effective compliance program.2 They are: 

1. Written policies, procedures and standards of conduct for all employees. The material must be readily available to employees and reviewed by all employees within 90 days of hire, and annually thereafter.

Comment: Policies and procedures should be specific to your practice and address areas of vulnerability.

2. Compliance plan oversight by a designated compliance officer who reports directly to your practice leadership. The compliance officer is responsible for the day-to-day plan operations.

Comment: A viable option is to assign a team to monitor day-to-day activities, with your compliance officer managing those employees. This model allows you to assign the compliance officer position to an engaged physician. 

3. Training and education of all employees—possibly the most important element of your compliance plan. In addition to new hire training and annual training, periodic refresher training is helpful to enforce your intention to maintain a compliant practice.

Comment: As part of your training, regular compliance reminders can be helpful. A short email on a regular schedule reminds employees of your compliance plan, policies and procedures and serves a wider purpose of enforcing your intention to avoid fraud and abuse. Reminders may include instruction on how to report a concern anonymously, “hot topics” in your billing department, or, assuming your plan is helping everyone submit clean claims, a congratulatory nod to everyone on successful audits.

4. Open lines of communication between all employees and the compliance officer. This should include an option for employees to report anonymously, in person or electronically. The compliance officer should answer all questions regarding compliance, routine and urgent, in a timely and appropriate manner.

Comment: The American Medical Association stresses the importance of an open-door policy for your compliance officer. The compliance officer shouldn’t be feared, but be seen as a resource for all employees to help them navigate Medicare and other entity rules.

5. Auditing and monitoring to identify risks, measure effectiveness of the plan and ensure Medicare billing compliance. Auditing and monitoring should assure procedures are working properly and corrective actions implemented. Keeping a written record of audits is important. The audit process needs to be supported by policies and procedures to investigate and report misconduct.

Comment: You can train a staff member to perform audits or hire an external company; the auditor must be independent and competent to identify areas of concern. Your auditor must be strong and supported enough to point out vulnerabilities without fear of retribution.

6. Written sanctions for non-compliance. The sanctions for non-compliance must be clear and widely publicized, and reviewed by all staff within 90 days of hire and, at minimum, annually.

7. Finally, your compliance plan needs to have a method to apply corrective action when violations are detected by monitoring and audit. Corrective actions include repayment of erroneously paid claims and/or disciplinary action.

Comment: If your compliance plan doesn’t have a mechanism to perform corrective actions, a mistake could easily be redefined as fraud or abuse.


Keep it simple

It’s important to keep your compliance plan simple. It needs to be a living document that all employees understand. If it sits on a shelf, it will do more harm than good. Your plan needs to support your efforts to avoid fraud and abuse, not be a bookshelf decoration. If an OIG representative visits your office, all employees should be able to say where the plan is located and confirm that they’ve reviewed it.

Although it’s tempting to purchase a compliance plan, caveat emptor: An off-the-shelf plan may be too complicated, too expensive and blind to the real vulnerabilities for your practice. Will an off-the-shelf plan address Modifier-25 billing issues? Will it include retina-specific billing bundles as part of its auditing recommendations? Probably not, unless you purchase an ophthalmology-specific plan. You also want to be sure the template includes customer support to answer questions and help guide you as you write your plan. 

Without a template, what are your options? You could use the seven core elements listed previously and expanded in the previously cited footnotes, and develop your plan. Your plan might look something like the sample in the box on page 40. 

The simpler your plan, the easier it will be to get started. Over time, your plan will expand in some areas as your compliance officer identifies areas of risk. Other policies may be retired as risks recede. That’s what a living document is supposed to do: evolve with your practice to keep your activities compliant.


Bottom line

Compliance may sound awful at first blush, but for the engaged compliance officer, it’s an interesting and evolving challenge. Finding the right compliance officer to lead your program, even if the task falls to you, with enthusiasm, an open and welcoming attitude and a strong attention to auditing details can make all the difference in your success. It’s time to reinvent your practice with an eye toward compliance. RS



1. Department of Health and Human Services: Office of Inspector General. OIG compliance program for individual and small group physician practices. Federal Register. 2000;65:59434-59452. Available at: https://oig.hhs.gov/authorities/docs/physician.pdf

2. Centers for Medicare and Medicaid Services. Affordable Care Act Provider Compliance Programs: Getting Started Webinar. Presented June 17, 2014. Available at: https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNEdWebGuide/Downloads/MLN-Compliance-Webinar.pdf