Compliance Program Guidelines for Third-Party Medical Billing Companies - DoctorsManagement Compliance Program Guidelines for Third-Party Medical Billing Companies - DoctorsManagement

Compliance Program Guidelines for Third-Party medical Billing Companies

“Yes, You Have to Comply as Well”

by Sean Weiss, Partner & VP of Compliance

A couple of weeks ago, I had the privilege to speak for a Medical Billing Association and without a doubt there were some very sharp people there. What impressed me most was that this 2-day program was centered on Compliance. When it was my turn to present on Creating a Culture of Compliance, I began with a question I normally ask when talking about compliance programs; how many of you have a compliance program and how many of you believe it is effective. Almost every hand went up when I asked the first question of how many have a compliance program. Half, if not more, of the hands dropped when I asked the second part of the question, how many believe it is an effective program.

I told them not to feel bad as that is the response I typically get when I ask this question of physician practices, hospitals, health systems, etc. However, it does not justify having a program that is based on ABCs and not really a Living, Breathing Document (LBD). As I have shared with y’all in the past, having a binder with a bunch of pages in it with meaningless words does nothing to protect your organization in the event of an administrative action, investigation or litigation.

In 1998, The Office of Inspector General via the Federal Register released “Compliance Program Guidelines for Third-Party Medical Billing Companies” (Vol. 63, No. 243 / Friday, December 18, 1998 / Notices) in which they provided their outline/guidelines for what they would consider to be the basis for constructing an effective compliance plan. Just as with Physician Practice Guidelines for Compliance, the OIG has identified 7 fundamental elements to an effective compliance program. They are:

  • Implementing written policies, procedures and standards of conduct;
  • Designating a compliance officer and compliance committee;
  • Conducting effective training and education;
  • Developing effective lines of communication;
  • Enforcing standards through well publicized disciplinary guidelines;
  • Conducting internal monitoring and auditing; and
  • Responding promptly to detected offenses and developing corrective action.

However, as I discussed in my previous Blog Post May 08 2019 DOJ and Corporate Compliance Program Risk Assessment, they have really added an 8th element: “Risk Assessment” and it really has become the most crucial part of the program in my opinion. Within the Federal Register, I found this section to be really interesting and pertinent: “At this juncture, it is important to note the tremendous variation among billing companies in terms of the type of services and the manner in which these services are provided to their respective clients. For example, some billing companies code the bills for their provider clients, while others only process bills that have already been coded by the provider. Some billing companies offer a spectrum of management services, including accounts receivable management and bad debt collections, while others offer only one or none of these services. Clearly, variations in services give rise to different policies to ensure effective compliance.” What they are saying here is that there is no one-size fits all when it comes to billing company compliance plans and, as such, effort needs to be put forth by these companies to ensure the creation of policies fit the spectrum of service(s) they are providing clients. The guidance continues with the following, “For those billing companies that focus their services in a particular sector of the health care industry, the billing company should also consult any compliance program guidance previously issued by the OIG for that particular sector. This guidance is pertinent for all billing companies, large or small, regardless of the type of services provided. The applicability of the recommendations and guidelines provided in this document depend on the circumstances of each particular billing company. However, regardless of the billing company’s size and structure, the OIG believes every billing company can and should strive to accomplish the objectives and principles underlying all of the compliance policies and procedures recommended within this guidance.” The above is providing you with a “roadmap,” if you will, to refer to other previously published guidance in the sector of health care where the billing company is providing services but more importantly, they are telling you regardless of your size you have an obligation to accomplish the objectives and principles underlying all of the compliance policies and procedures recommended by OIG.

As with other types of recommended compliance by OIG, they first address the benefits of having a Compliance Program: “Benefits of a Compliance Program – The OIG believes an effective compliance program (emphasis added) provides a mechanism that brings the public and private sectors together to reach mutual goals of reducing fraud and abuse, improving operational quality, improving the quality of health care and reducing the costs of health care… In addition to fulfilling its legal duty to ensure that it is not submitting false or inaccurate claims to Government and private payors, a billing company may gain numerous additional benefits by implementing an effective compliance program. These benefits may include:

  • The formulation of effective internal controls to assure compliance with Federal regulations, private payor policies and internal guidelines;
  • Improved medical record documentation;
  • Improved collaboration, communication and cooperation among health care providers and those processing and using health information;
  • The ability to more quickly and accurately react to employees’ operational compliance concerns and the capability to effectively target resources to address those concerns;
  • A more efficient communications system that establishes a clear process and structure for addressing compliance concerns quickly and effectively;
  • A concrete demonstration to employees and the community at large of the billing company’s strong commitment to honest and responsible corporate conduct;
  • The ability to obtain an accurate assessment of employee and contractor behavior relating to fraud and abuse;
  • Increased likelihood of identification and prevention of criminal and unethical conduct;
  • A centralized source for distributing information on health care statutes, regulations and other program directives related to fraud and abuse and related issues;
  • A methodology that encourages employees to report potential problems;
  • Procedures that allow the prompt, thorough investigation of possible misconduct by corporate officers, managers, employees and independent contractors, who can impact billing decisions;
  • An improved relationship with the applicable Medicare contractor;
  • Early detection and reporting, minimizing the loss to the Government from false claims, and thereby reducing the billing company’s exposure to civil damages and penalties, criminal sanctions, and administrative remedies, such as program exclusion; and
  • Enhancement of the structure of the billing company’s operations and the consistency between separate business units.

Overall, the OIG believes that an effective compliance program is a sound business investment on the part of a billing company. The OIG recognizes the implementation of an effective compliance program may not entirely eliminate fraud, abuse and waste from an organization. However, a sincere effort by billing companies to comply with applicable Federal and State standards, as well as the requirements of private health care programs, through the establishment of an effective compliance program, significantly reduces the risk of unlawful or improper conduct.” I think a really interesting point that OIG makes here is that it is not just wanting your compliance program to apply to Federal and State standards but also to those of the private health programs. Over the past few years, there has been a significant increase in the aggressiveness of private payors via their Special Investigative Units (SIUs) to conduct audits and demand refunds for services they believe fail to establish “Medical Necessity.” This is why I recommend ensuring your compliance program speaks to all payors to whom you bill.

This next section will be the last section I will address in this Blog Post. The full OIG Notice document can be found here: This section is the meat of the guidance and is the “Application of Compliance Program Guidance” The OIG again begins by talking about the diversity in size of billing companies and the actual services provided but regardless of those facts they still expect adherence and compliance to the guidance provided. “Given the diversity in size and services offered by billing companies within the industry, there is no single ‘‘best’’ compliance program. The OIG understands the variances and complexities within the industry and is sensitive to the differences between large and small billing companies. Similarly, the OIG understands the availability of resources for any one billing company can differ vastly, given that billing companies vary greatly in the type of services offered and the manner that they are provided.” So, as I said above, they take all of that into account but look at this next section because they are clear when they say none of that really matters and here is why:

“Nonetheless, elements of this guidance can be used by all billing companies, regardless of size, location or corporate structure, to establish an effective compliance program. The OIG recognizes some billing companies may not be able to adopt certain elements to the same comprehensive degree that others with more extensive resources may achieve. This guidance represents the OIG’s suggestions on how a billing company can best establish internal controls and monitor company conduct to correct and prevent fraudulent activities. By no means should the contents of this guidance be viewed as an exclusive discussion of the advisable elements of a compliance program. On the contrary, the OIG strongly encourages billing companies to develop and implement compliance elements that uniquely address the individual billing company’s risk areas.” (emphasis added) For the specific language on “Application of Compliance Program Guidance,” look to pages 70141 – 70152. When reviewing these pages, pay special attention to the section “Risk Assessment” that runs from 70142 – 70145.

Taking the time to follow the guidance provided and ensuring you are creating a Corporate Compliance Program that is an LBD will ensure you are taking the necessary steps to mitigate your risk and provide a level of comfort to the clients you serve that your organization has Created a Culture of Compliance!

What to do next…

  1. If you need help with an audit appeal or regulatory compliance concern, contact us at (800) 635-4040 or via email at
  2. Read more about our: Total Compliance Solution

Why do thousands of providers trust DoctorsManagement to help improve their compliance programs and the health of their business?

Experienced compliance professionals. Our compliance services are structured by a chief compliance officer and supported by a team that includes physicians, attorneys and a team of experienced auditors. The team has many decades of combined experience helping protect the interests of physicians and the organizations they serve.

Quality of coders and auditors. Our US-based auditors receive ongoing training and support from our education division, NAMAS (National Alliance of Medical Auditing Specialists). All team members possess over 15 years of experience and hold both the Certified Professional Coder (CPC®) as well as the Certified Professional Medical Auditor (CPMA®) credentials.

Proprietary risk-assessment technology – our auditing team uses ComplianceRiskAnalyzer(CRA)®, a sophisticated analytics solution that assesses critical risk areas. It enables our auditors to precisely select encounters that pose the greatest risk of triggering an audit so that they can be reviewed and the risk can be mitigated.

Synergy – DoctorsManagement is a full-service healthcare consultancy firm. The many departments within our firm work together to help clients rise above the complexities faced by today’s healthcare professionals. As a result, you receive quality solutions from a team of individuals who are current on every aspect of the business of medicine.