How Can My Practice Become Compliant?

By Nancy J. Beckley, MS, MBA, CHC

What does it mean to be compliant? That was one of the questions posed recently in an online email listserv. The clinic director/therapist posing the question wondered if clinic staff should reread their compliance plan (purchased), take some sort of a quiz, or listen to yet another training program.

Compliance Guidance: Background
Truth be told, compliance is not that simple, but neither is it too complex for the small therapy practice to scale a compliance program. Compliance programs are a requirement of the Affordable Care Act (ACA); however, the mandate was only for skilled nursing facilities (SNFs) to begin in 2013 and the Centers for Medicare & Medicaid Services (CMS) has yet to issue rules for implementation. The Office of Inspector General (OIG) has suggested that providers should not wait for CMS to issue guidance for SNFs or for other providers, but rather utilize the existing compliance program guidelines that the OIG began issuing in 1998. It would seem best practice for all therapy providers to adopt the OIG Compliance Guidance for Physicians and Small Practices.1 This guidance specifically mentions physical therapists as the type of small provider that can benefit. More especially notable, in this guidance the OIG specifically addresses the ability to scale a compliance program for a small practice.

Given the audit and investigation landscape of the past year involving physical therapy, every therapy practice should seek to scale an effective compliance program. The OIG has noted in one form or another in published audit reports pursuant to the annual Work Plans that provider errors occurred because the provider failed to have adequate policies or procedures (or training) in place to ensure that the provider billed for services that complied with Medicare requirements. The OIG has also indicated that the presence of an effective compliance program may serve to mitigate fines and penalties and lessen the multiplier, for example, double the damages rather than triple the damages per false claim. The fines for false claims went from a range of $5,500 and $11,000 per false claim to between $10,781.40 and $21,562.80 per claim, plus three times the amount of damages that the federal government sustains because of the false claim.2

Compliance: Practical Considerations
Getting started on the road to compliance does not really require a particular order, but there are some activities from a practical perspective that should be started sooner rather than later to mitigate compliance risk:

1. Commitment to Compliance
The path on the road to compliance is circular, a neverending process that should be endorsed and embraced from the top down. Owners and management set the tone for the compliance atmosphere. If you don’t believe that, read the 2016 complaints filed by therapy whistleblowers. While there are always various sides to every case, whistleblowers in therapy cases often contend that management did not listen to or act on their concerns.

2. Exclusion Monitoring
Ensure that all employees have been vetted against the OIG List of Excluded Individuals and Entities (LEIE). This information can be readily completed at Exclusion checks should be completed on a monthly basis. You should also ensure that no one has been excluded from participation in Medicaid. Most state Medicaid programs maintain their own exclusion lists, which are not conveyed to the OIG.

3. Scale a Compliance Plan
Using the OIG Compliance Guidance, begin your compliance program by addressing the seven key elements based on the Federal Sentencing Guidelines3 (which have been updated since the Guidance was issued).4

4. Conduct a Risk Assessment
Often called the “eighth compliance element,” a risk assessment is essential in assessing not only rehab industry risk such as medically necessary therapy over the cap, but also risks associated with past medical reviews and probes, risks associated with your Medicare Administrative Contractor (MAC), and risk associated with the billing profiles of individual therapists (as noted in Medicare Public Use Files). Without a risk assessment, a compliance auditing and monitoring plan is not likely to monitor and assess the elements of practice—including documentation, coding, and billing—that present the greatest risk. A risk assessment should also include compliance with other health care laws including Stark and the Anti-Kickback Statute (AKS). Areas of assessment include marketing practices that may violate the AKS, referrals that violate Stark, and seemingly innocent activities such as waiving of deductibles and copayments.

Screen Shot 2017-02-22 at 11.48.54 AM

5. Activate a Monitoring and Auditing Calendar of Events
Think of a monitoring activity as an “all hands on deck” continuous activity to ensure that something is completed or per policy, for example, ensuring that all Medicare plans of care are certified in a timely fashion. While the evaluating therapist is ultimately responsible for all practical purposes, this is a clerical activity assigned to front office staff. Examples of other monitoring activities could include tallies of direct treatment minutes to ensure the right number of codes have been billed, or follow-up on patients who have abandoned care to ensure that a discharge summary is completed. Audit activities can simply start with a chart review to ensure completeness of documentation. However, audit topics should address specific questions such as “Were the right codes billed?,” “Is therapy over the cap medically necessary?,” “Did documentation support the claim/codes?”5

6. Follow a Cycle of Detect, Correct, and Prevent
Inspector General (IG) Dan Levinson has frequently described in his keynote addresses at the Compliance Institute the cycle of compliance deemed best practice. A provider’s compliance program should detect potential violations, correct these violations, and take steps to implement procedures and processes to prevent future violations. Levinson has further noted in his comments that compliance programs that are not finding problems are not effective compliance programs. It may help to think that the purpose of a compliance program is to surface problems. If you are not finding areas of concern, then it may be time to dig a little deeper.

7. Understand the Health Care Fraud and Abuse Laws
Referred to as the “Five Faces of Fraud and Abuse,” the relevant laws affecting health care include the False Claims Act (FCA), Anti-Kickback Statute (AKS), Civil Monetary Penalties, Exclusions Statute, and Stark. OIG provides the following guidance on each of these laws6:

False Claims Act [31 U.S.C. § § 3729-3733]
The civil FCA protects the Government from being overcharged or sold shoddy goods or services. It is illegal to submit claims for payment to Medicare or Medicaid that you know or should know are false or fraudulent. The fact that a claim results from a kickback or is made in violation of the Stark law also may render it false or fraudulent, creating liability under the civil FCA as well as the AKS or Stark law. Under the civil FCA, no specific intent to defraud is required. The civil FCA defines “knowing” to include not only actual knowledge but also instances in which the person acted in deliberate ignorance or reckless disregard of the truth or falsity of the information. Further, the civil FCA contains a whistleblower provision that allows a private individual to file a lawsuit on behalf of the United States and entitles that whistleblower to a percentage of any recoveries. Whistleblowers could be current or ex-business partners, hospital or office staff, patients, or competitors.

Anti-Kickback Statute [42 U.S.C. § 1320a-7b(b)]
The AKS is a criminal law that prohibits the knowing and willful payment of “remuneration” to induce or reward patient referrals or the generation of business involving any item or service payable by the Federal health care programs (e.g., drugs, supplies, or health care services for Medicare or Medicaid patients). Remuneration includes anything of value and can take many forms besides cash, such as free rent, expensive hotel stays and meals, and excessive compensation for medical directorships or consultancies. In some industries, it is acceptable to reward those who refer business to you. However, in the Federal health care programs, paying for referrals is a crime. The statute covers the payers of kickbacks—those who offer or pay remuneration—as well as the recipients of kickbacks—those who solicit or receive remuneration. Each party’s intent is a key element of their liability under the AKS.

The kickback prohibition applies to all sources of referrals, even patients. For example, where the Medicare and Medicaid programs require patients to pay copays for services, you are generally required to collect that money from your patients. Routinely waiving these copays could implicate the AKS and you may not advertise that you will forgive copayments. However, you are free to waive a copayment if you make an individual determination that the patient cannot afford to pay or if your reasonable collection efforts fail. It is also legal to provide free or discounted services to uninsured people.

Civil Monetary Penalties Law [42 U.S.C. § 1320A-7a]7
OIG may seek civil monetary penalties for a wide variety of abusive conduct, including presenting a claim that is false or fraudulent because it is for a medically unnecessary procedure. OIG also may impose civil monetary penalties for violating the Medicare assignment agreement by overcharging or double billing Medicare beneficiaries.

OIG may seek Comprehensive Medical Plan (CMPs) against any person who: Presents or causes to be presented claims to a federal health care program that the person knows or should know is for an item or service that was not provided as claimed or is false or fraudulent; violates the anti-kickback statute by knowingly and willfully: (1) offering or paying remuneration to induce the referral of federal health care program business; or (2) soliciting or receiving remuneration in return for the referral of federal health care program business; or presents or causes to be presented a claim that the person knows or should know is for a service for which payment may not be made under the physician self-referral or “Stark” law.

Exclusion Statute [42 U.S.C. § 1320a-7]
OIG is legally required to exclude from participation in all Federal health care programs individuals and entities convicted of the following types of criminal offenses: (1) Medicare or Medicaid fraud, as well as any other offenses related to the delivery of items or services under Medicare or Medicaid; (2) patient abuse or neglect; (3) felony convictions for other health-care-related fraud, theft, or other financial misconduct; and (4) felony convictions for unlawful manufacture, distribution, prescription, or dispensing of controlled substances.

Screen Shot 2017-02-22 at 11.49.09 AM

You are responsible for ensuring that you do not employ or contract with excluded individuals or entities, whether in a physician practice, a clinic, or in any capacity or setting in which Federal health care programs may reimburse for the items or services furnished by those employees or contractors. This responsibility requires screening all current and prospective employees and contractors against OIG’s List of Excluded Individuals and Entities. This online database can be accessed from OIG’s Exclusion Web site.

Stark: Physician Self-Referral Law [42 U.S.C. § 1395nn]
The Physician Self-Referral Law, commonly referred to as the Stark law, prohibits physicians from referring patients to receive “designated health services” payable by Medicare or Medicaid from entities with which the physician or an immediate family member has a financial relationship, unless an exception applies. Financial relationships include both ownership/investment interests and compensation arrangements. For example, if you invest in an imaging center, the Stark law requires the resulting financial relationship to fit within an exception or you may not refer patients to the facility and the entity may not bill for the referred imaging services. “Designated health services” include physical therapy, occupational therapy, and outpatient speech-language pathology services. The in-office ancillary exception may apply to physicians offering therapy services in their practice.

The Stark law is a strict liability statute, which means proof of specific intent to violate the law is not required. The Stark law prohibits the submission, or causing the submission, of claims in violation of the law’s restrictions on referrals. Penalties for physicians who violate the Stark law include fines as well as exclusion from participation in the Federal health care programs.

The OIG has brief training videos on each of these laws that can be accessed at their YouTube channel:

8. Train and Educate Your Entire Organization
Everyone should understand and know your organization’s commitment to compliance. Annual compliance training and education is best practice in terms of educating all employees, not just therapists. Education should be focused on preventing fraud, waste, and abuse as well as providing employees information on your compliance program. Employees should be educated on how to submit an inquiry or complaint as well as assured that your organization has a policy on nonretaliation. For therapists and those involved in billing, additional training should be provided on documentation, coding, and billing. Given the new therapy evaluation codes, this training is particularly important in 2017.

Training should be documented as to attendance, and ideally a quiz is included with a minimum passing grade required. Compliance training and education should be required for employees as part of new employee orientation, and can be assigned as a refresher in instances where disciplinary action is taken as a result of a compliance infraction.

As I started this article, “Truth be told, compliance is not that simple, but neither is it too complex for the small therapy practice to scale a compliance program.” This context should give therapy practices a framework for scaling an effective compliance plan. My slogan for 2017 is “Stick with Compliance.”7


1. OIG Compliance Program for Individual and Small Group Physician Practices: FR, Vol.65, No. 194, October 5, 2000.

2. Department of Justice Interim Final Rule: FR, Vol. 81, No. 126, June 30, 2016.

3. The Federal Sentencing Guidelines can be accessed at: (Chapter 8).

4. Reference: 2012 Compliance Institute: Compliance 101, Debbie Troklus, Steven Ortquist.

5. For a complimentary copy of an outpatient therapy audit and monitoring calendar, email the author:


7. Civil Monetary Penalty authorities reference:


Nancy J. Beckley, MS, MBA, CHC, is certified in health care compliance by the Compliance Certification Board and is a frequent speaker and author on outpatient therapy compliance topics. She advises practices on compliance plan development and audit response. Questions and comments can be directed to

Copyright © 2018, Private Practice Section of the American Physical Therapy Association. All Rights Reserved.

Are you a PPS Member?
Please sign in to access site.
Enter Site!