Overview of regulatory compliance for medical practices
By Matt Dickstein
Click on a heading for more articles ⇒
In this article, I give you a quick overview of the major regulatory compliance areas for physicians and medical practices, namely:
1. Referral Laws — Anti-Kickback and Stark Self-Referrals
2. Billing Medicare and Other Payers
4. Supervision of Staff
5. Test Case — Sharing Offices with other Health Care Providers
The regulatory schemes covering medical practices are unbelievably complex, so this article only gives a bird’s eye view. For an outline of legal issues related to a medical corporation, read Legal Compliance Checklist for a Medical Corporation on my website. You should also read the related set of articles that you’ll find linked in that article.
Without further ado,
The Referral Laws: Anti-Kickback and Stark Self-Referral
Both the US and California have their own versions of the anti-kickback and Stark self-referral laws. To sum them up: Don’t make or take referrals for money.
*** Under the CA and federal anti-kickback laws, a physician may not knowingly offer or pay, or even receive, anything of value for a referral of medical work.
*** Under the CA and federal “Stark” self-referral laws, for certain designated health services, a physician may not refer a patient to a provider with which the physician (or a family member) has a financial relationship.
Violation of these laws is punishable by fines, exclusion from participation in Medicare and Medi-Cal (see next), loss of license to practice, and even imprisonment. The federal and state referral laws are very broad and very complex. They touch on almost all financial aspects of a practice, and it is very important that you hire an attorney to run each of your transactions through a referrals analysis.
For more on the referral laws as they relate to your group’s compensation plan, read Stark and Anti-Kickback laws regarding the compensation structure of a group medical practice.
Billing Fraud and Exclusion from Medicare and Medi-Cal
You must be very careful when billing for services, because you do not want to inadvertently commit health care fraud. It is very easy for medical practices to become sloppy in their billings as they try to maximize reimbursement, for example, using a physician’s provider number to cover the work of a non-physician.
The federal Office of Inspector General (OIG) can exclude anyone who has engaged in billing abuse from participation in Medicare. Exclusion is very serious because you cannot get reimbursement from Medicare for your medical work. The California Department of Health Services has its own exclusion (suspension) provisions regarding Medi-Cal.
The OIG prohibits payment even to an innocent health care provider (e.g. a hospital) who employs an excluded individual. A provider can itself be excluded if it submits claims for payment connected with an excluded person. Hence a medical practice must be sure that all of its employees and contractors are not excluded. Both OIG and California maintain online lists of excluded health care providers.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires “covered entities” to protect electronic health information from unauthorized access, alteration, deletion, and transmission. Covered entities include medical practices.
HIPAA is extensive and I’m sure you’ve had about all you can stand of it already. One thing to keep in mind about HIPAA is that, when working with third-party contractors who handle patient data, a health care practice must obtain contractual assurances of their HIPAA compliance. Make sure your contracts with third parties have language to this effect.
Supervision of Staff
California has a multitude of regulations on your supervision of staff, including medical assistants, nurse practitioners and more. The California Medical Board’s website has many publications that address these regulations. I will not belabor them in this short outline.
Test Case — Sharing Offices with other Health Care Providers
Sharing office space with other health care practices brings up all of the above issues. The primary problems are violation of the referral laws (above), creation of a de-facto partnership, and opening access to patient data in violation of HIPAA.
The various health care providers may make referrals to one another, but they must comply with the state and federal referral laws (Stark and Kickback). In essence, they may not take or receive any compensation (direct or indirect) for a referral. Be extra careful of the office leases for the shared space. The Stark and Kickback referral laws have specific requirements to prevent the leases from acting as indirect conduits for financial compensation.
The risk with a de-facto partnership is that patients of another practice sue you based on the argument that you and the other practice are partners. The more resources you and the other practices share, and the more integrated you look, the higher the risk. You must keep your medical practice absolutely separate from the other practices in the shared space. All health care practices in the shared space should give written disclosure of the space-sharing relationship to patients, including disclosure that the various practices are not in a partnership of any kind.
One final note: Never let another health care practice bill under your provider number, no matter how many rationales that other practice has for it being OK. Most likely this would constitute billing abuse.