Physician Risk Management in Fraud and Abuse

By: Michael J. Schoppmann, Esq.


One of the first steps for physicians seeking to manage their risk from becoming embroiled in a Fraud and Abuse investigation is to recognize the cold hard perspective of those who bring such investigations. According to recent studies, the Federal Government estimates that a staggering 72% of physicians are involved in issues or actions involving fraud. Casually rejecting such an estimate as simply absurd will only increase a physician’s likelihood of being investigated in that government reacts just as strongly to perceptions as truths and/or realities. As proof, and in response to these estimates, for the fiscal year 2003, more than $720 million dollars was devoted to investigating Health Care fraud. The recovery for that investment? More than $2.1 billion dollars.

Therefore, how do physicians manage the risks attendant to the arenas of Fraud and Abuse? In simple terms, every physician must (a) Know the Rules and (b) Live the Rules.

To “Know the Rules” in a fashion sufficient to dramatically reducing risk, a physician does not have to become a Certified Coder, however, he or she does need to know enough to seek out the services of such a specialist—someone who is an expert in the nuances of CPT coding, Medicare Regulations, Medicare Publications/Bulletins, Medicare Fraud Alerts and the never ending plethora of Health Plan/Carrier Notices/Manuals.

As much as physicians rely upon the expert advice of accountants for tax return preparation, they must now understand that the larger threat actually comes from not the IRS, but rather, CMS. However, just as physicians manage their risk of a tax investigation through expert accounting advice, they should now manage their Fraud and Abuse risk by securing the advice of certified coding specialists. Moreover, in choosing such a specialist, physicians should carefully scrutinize the credentials of any person or entity claiming to hold such a specialty, interview several potential candidates and obtain and verify all references so provided to the practice in support of their credentials.

To “Live the Rules” in the Fraud and Abuse arena, physicians must understand that compliance is not a one-time event or simply a once a year filing. Each and every time a physician files a claim for payment, whether it be with a public or private payor, there is an attendant risk that must be managed. In order to do so, physicians must view everything differently than before.

Payors: The first change in very physician’s perspective is to understand that there is rarely “simple” correspondence from payors in today’s environment. Anything “out of the norm” usually carries an underlying intent or plan. Practices who are subject to “delayed” payments must understand that this measure is by no means benign. There is much more than education at play in CMS “Educational” Audits and such steps are part of an ongoing and potentially escalating scrutiny by the federal government.

Practices: One of the key steps in risk managing Fraud and Abuse is for the physician to recognize that, in regards to billing practice, they are more than likely—and quite simply—doing something wrong. Through the application of such measures as “Snap Shot Audits,” physicians can monitor ongoing compliance with the ever changing myriad of billing procedures and react long before the punitive intervention of the federal government.

Employees: There can be no dispute that the number of employees acting as whistleblowers and/or adverse witnesses has risen exponentially over the past several years. A simple yet rarely undertaken risk management measure for every physician is to restrict and differentiate the degree of access to information held by every employee of the medical practice. There is no reason a parttime, recently hired, receptionist should have unfettered access to the practice’s billing, financial or other confidential data.

Patients: In light of CMS’s tactic of initiating confidential contact with the practice’s patients (through mailed questionnaires, telephone inquiries and/or in-person interviews), conducted without the knowledge or participation of the physician, it is critically important that every service so billed to CMS is fully documented in the medical record. As patients will certainly not recall, or understand, every aspect of their care, a chart that is silent or insufficient will leave the scrutinized physician defenseless.

In conclusion, just as every taxpayer retains receipts, maintains detailed records and secures the expert advice of an accountant in the hopes of avoiding, or in the unfortunate alternative, defending a potential IRS investigation, every physician must now manage their risk of a CMS investigation by building a record that adequately confirms their care and preemptively securing the expert advice of coding specialists. The longstanding luxury of simply ignoring the possibility of a Fraud and Abuse investigation is no longer available to today’s physician. To believe otherwise is akin to the belief that failing to pay one’s taxes will bear no ill consequence. An investigation will be forthcoming; however, the degree of negative impact will depend upon the risk management measures taken today.