Don’t Let Compliance Gotchas Get You: An Annual Checklist for Your Practice

Don’t Let Compliance Gotchas Get You:
An Annual Checklist for Your Practice


Compliance can be a complicated issue for physicians because the laws change quickly and there are many areas of regulation that you need to consider. In the United States, the new regulations can be confusing because they often get pushed back or changed. And of course, new laws might change various aspects of the Affordable Care Act.

While regulatory compliance can be confusing, it’s also important for your practice for a number of reasons. It’s the law, of course. A primary reason that you need to pay attention to compliance regulations is to protect your practice legally. In some cases, it can also hinder you from getting paid for services, which is also detrimental to your practice.

There is one other thing about compliance that you should pay attention to as a physician. These regulations often work to protect the best interest of your patients, which should be a priority for your practice, as well.

It’s important to develop a compliance program for your practice to follow to stay on track. But it’s not enough to develop a good compliance program because it’s not a stagnant activity. It’s important to reassess the various areas of compliance, the way your program works, and what changes you might need to make as you move forward.

The New Year is a good time to re-evaluate your compliance plan. This will allow you to look into new changes that you need to keep an eye on and revisit the way that your practice handles the various compliance issues to make sure that all employees are up to date.

Developing Your Compliance Plan

Compliance programs are mandatory for any physician treating Medicare and Medicaid patients. Your practice needs an updated compliance program because it’s regulated by law. But that’s only one reason that you need a solid compliance plan. Today’s patients have more control over their healthcare choices. They’re often paying more out-of-pocket for services and treat their physicians in much the way they treat other consumer choices. This means that your practice needs to proactively think about the patient’s experience.

Maintaining compliance in most areas best serves the patient. There are regulatory requirements that protect patient’s personal information. There are also ethical requirements that allow patients to know that their health needs are being met to the highest standards, with no conflicting interest from their providers. These are important ethical rules that all physicians should strive to follow, and they serve the secondary purpose of helping you to establish a trust with your patients.

According to the Office of Inspector General of the Health and Human Services Department, there are seven elements you need to include in your compliance plan. These are:

1. Internal Monitoring and Auditing

Your compliance officer will often be in charge of this process or be involved in some fashion. Internal monitoring and auditing of your practice on a regular schedule will help you catch any possible compliance issues as early as possible, and retrain staff where necessary.

2. Implementation of Written Compliance and Practice Standards

Your written compliance standards serve to lay out the exact process for compliance within your practice. They determine your commitment to meeting regulatory compliance and give your employees a firm protocol to follow where each issue is concerned.

3. Designate a Compliance Officer

Because compliance issues are very complicated, your practice would be best serve by designating a compliance officer who can keep up to date on changes and work with the organization to develop compliance standards.

4. Mandate Training and Education for All Employees

Your staff needs to be trained in order to maintain the best compliance standards. Realize, too, that many breaches are caused by errors due to a lack of training or lapse in best practices. It’s important to upgrade training on technology, as well as compliance issues, because constant changes in digital communications can leave your practice vulnerable without proper security.

5. Develop a Plan to Respond to All Offenses

It’s important that your practice has a firm plan to respond and correct any issues once they’re found. The corrective measures depend on the scenario and should be laid out in your compliance plan.

6. Create an Ongoing Dialogue with Employees

It’s important that your management team takes the lead in following due diligence with regard to hiring new staff members. It’s equally important that your team keeps an open line of communication with employees so that any issues can be dealt with as soon as they appear.

7. Enforce Disciplinary Standards

Disciplinary standards should be included in your compliance plan and need to be followed exactly in order to maintain their effectiveness. This can be more difficult in practice than in theory. But it’s important that you deal with each employee and each scenario in a fair and unbiased manner.

Compliance Issues You Should Include in Your Compliance Plan

One reason that compliance issues are so complex is because it’s not just medical and ethics based anymore. Technology has added another layer to the concerns over data and patient privacy, which makes using best practices in your EHR a top priority for every practice, large and small. We mentioned above that it’s a good practice to designate a compliance officer in your practice. You should also seek legal counsel to make sure that you’re meeting regulatory compliance terms and standards and to protect your legal interests.

Regulations govern the way you practice medicine, but they also govern the way you use data and communicate with patients. It’s important to keep all of these facets of compliance in mind when you develop and edit your plan:


Any company or person who works with health records needs to maintain compliance to the standards set forth by HIPAA. As a practice, you need to make sure your plan includes every angle of patient privacy. This includes your EHR, patient portals, and digital records that may be susceptible to breach. It’s imperative to follow best practices with regard to your cybersecurity because healthcare organizations and practices are a growing target for cyber crime. Employee training and disciplinary standards should be included in this portion of your plan, as well. Often employees are to blame for data breaches, through simple error or through theft.

Fraud and Abuse Laws

There are some updates to the Stark Law, as detailed below. The fraud and abuse regulations cover false claims, self-referral (or the Stark Law), the anti-kickback statute, the exclusion authorities, and the exclusion statute. These laws and statutes are numerous and include specific details that your practice has to follow in record keeping and compliance. In most cases, these are common sense, ethical regulations. Physicians need to disclose monetary interests and can’t refer their own services to a patient or services where they have a financial stake (with updates to the stark law this provision may be dependent on whether this service offers the best value based care).

Relationship with Payers

These regulations govern the coding and billing process, physician documentation, enrolling in CMS as a Medicare/Medicaid provider, and prescription authority. In many cases, staying compliant in these areas directly impacts your revenue cycle management so it’s important that you monitor and assess your process with regard to coding and billing and documentation. Using a good EHR or outsourcing your coding and billing cycle can help you maintain compliance to secure prompt payment. Realize, too, that your practice is responsible for maintaining compliance, regardless of whether you’ve subcontracted any portion of the process. Make sure any vendors can guarantee the highest standard of compliance in their specialty.

Relationships with Other Providers

These compliance issues govern the way that physicians treat patients when they have vested interests or outside relationships with other providers. For instance, a physician who works through or has interests in a healthcare facility still should only recommend their patient use that facility if it’s the best option for their healthcare needs. Another aspect of these compliance issues is in making certain that patients are only referred for tests and treatments that are medically necessary.

Relationships with Vendors

These regulations govern the way that physicians are allowed to do business with vendors. For instance, a physician giving out free samples from a pharmaceutical company is fine, but they are not allowed to charge patients for these samples. They’re also not allowed to recommend specific medicine for a monetary kickback from the company.

Updates to Compliance for 2020

As the new year fast approaches, it’s important that you understand what updates or proposed updates might be coming up to prepare your practice.

Here are a few things to keep in mind in the coming year:

Proposed Modernizing of the Stark Law

The Centers for Medicare and Medicaid Services recently proposed a change to the Stark Law in order to modernize it for the current times. The new rules seek to support the Patients Over Paperwork initiative and will make regulatory compliance far more streamlined for the physicians. These rule changes are meant to update the Stark Law due to the changes in value based care.

CY 2020 Physician Fee Schedule

The CMS has updated the physician fee schedule which affects pay rates and payment policies. This new fee schedule goes into effect on January 1, 2020.

Telemedicine Changes

Medicare made several changes to telehealth in 2019. If your practice serves patients through telemedicine, it’s important that you’re up to date on issues impacting this area of healthcare.

Regulatory compliance is integral to your practice’s reputation among patients, as well as your good standing in the medical community. While there are some efforts, such as the proposal to update Stark Law, to streamline the paperwork and process, often the requirements can be time-consuming and particular. It’s important that you maintain a good, best practice plan to maintain compliance and update that plan regularly.