Compliance Plans: The Truth About Templates

by  Sean M. Weiss, CHC CEMA CMCO CPMA CPC-P CMPE CPC
Jul 15th, 2016 - Reviewed/Updated Aug 17th

This is not an article about building an effective compliance plan. It is about the most efficient and accurate way to build it and some of the nuances to be aware of when using a template to build your plan. As a compliance officer and someone that spends my days working with physician practices and integrated delivery health systems sorting through compliance related issues, developing corrective action plans, and ensuring steps are put into place to prevent the same mistake from happening again, I often find myself reverting to templated compliance programs I have developed over the last 18 years of focusing solely on compliance. Templates make the process move a lot faster and save you a ton of time with formatting and not having to search for specific sections of the Regulations, Guidelines, Statutes, Acts, etc.

The part where things fall apart for most who use templates is that they believe you can highlight the word "PRACTICE NAME", then hit replace all and type in the name of their practice and the compliance program is complete. This is not a compliance plan and it is surely not going to be one that is effective and adhered to. A template is only as good as the effort you put into taking it from a template to something that is specifically designed for the organization it is intended for.

As an example, recently I was brought into a group to evaluate their compliance program and effectiveness. When I got to the practice, they provided me with a binder that contained a plan, policies, and other various items that could be considered the pieces of a compliance plan. But upon staff interviews, it became quite clear that what they had provided me was nothing more than an out-of-the-box program that failed to address the needs of their group. The compliance plan and policies themselves had not been updated since 2011 and what they were providing to their employees each year was the same tool with just a change of the date (i.e., 2015 to 2016). What did we do? We put a BIG RED RETIRED across the front of the binder and went back to the drawing board to start from scratch and build them something that would work and that they could maintain year after year.

This is the same thing I see over and over each time I work with clients in this capacity. So, what can you do to prevent the same thing from happening in your practice? The answer is very simple but complex at the same time especially if your group or organization has never faced an audit investigation by the Department of Justice or Office of Inspector General. Below are my recommendations for developing a compliance plan using a template:

1. Perform a "Gap" analysis of your organization and all of its functions. A Gap analysis allows you to look at what the compliance requirements are with regard to coding, billing, documentation, EMRs, responding to subpoenas, onsite investigations by auditors, use of locums, developing corrective action plans, training and education, disciplinary actions, etc. and the gaps that exist in your current way of doing things.

2. Read the compliance plan and all of the policies to understand what it actually says and then begin to make determinations on what in the template actually applies to you. For example, if Medicare's 72 Hour Rule does not apply, remove it from the template so as not to cause confusion.

3. Templates are not going to cover everything that you are going to need so you will have to get your creative hat on and determine what is missing and then write the policy such as regarding Modifier 25, "Medical Necessity", Handling a ZPIC Unannounced Site Visit, etc. Most template creators do not think of some of these items so you need to be thorough in your evaluation of policy needs.

4. Lost of template compliance plans I have reviewed are very hospital-centric, addressing things like provider based billing or Cost Reports, yet these items remain in the actual compliance plan of a medical practice that is not tied to a hospital or health system. Remove this information.

Healthcare professionals I speak with routinely believe that if the compliance plan is not this 200 page overwhelming document with hereto and whereas, etc. then it is not an effective plan. The size and length of the document means nothing; its what's contained on the pages that make it worth the paper it is written on. Keep in mind; the more complex you make the plan, the less likely you are to comply with it. The last thing you want to do is develop something that no one in the organization will follow, thus opening yourself up to all sorts of scrutiny during an investigation. Create your policy based on the needs specific to your organization and use the KISS principle. Most of the compliance plans I develop for clients are right around the 20 page or less mark unless they are a hospital or health system. The reason is simple - I covered everything I needed to and kept out irrelevant information.

For me, the most important part of any compliance program is the policies and procedures as this is where all of the meat of what, how and why we do things is spelled out. Policies should be specific to the operational functions of the organization based on a thorough analysis of the current processes in place. Taking the time to understand how compliance templates work for and against you is critical to establishing an effective compliance program. The key takeaway from this article is Don't Be Lazy if using a template- spend the time and effort on the front end to save you money and sanity on the back end.