The following is an excerpt from the Human & Health Services – Guidelines for 3rd Part Medical Billing Companies


Program Guidance for Third Party Medical Billing Companies
1. Introduction
A. Benefits of a Compliance Program
B. Application of Compliance Program Guidance
II. Compliance Program Elements
A. Written Policies and Procedures – Part I | Part II
B. Designation of a Compliance Officer and a Compliance Committee
C. Conducting Effective Training and Education
D. Developing Effective Lines of Communication
E. Enforcing Standards Through Well-Publicized Disciplinary Guidelines
F. Auditing and Monitoring
G. Responding to Detected Offenses and Developing Corrective Action Initiatives
III. Conclusion

A. Written Policies and Procedures

Every compliance program should require the development and distribution of written compliance policies, standards and practices that identify specific areas of risk and vulnerability to the billing company.
These policies should be developed under the direction and supervision of the chief compliance officer and the compliance committee (if such a committee is practicable for the billing company) and, at a minimum, should be provided to all individuals who are affected by the particular policy at issue, including the billing company’s agents and independent contractors 19 who may affect billing decisions.

1. Standards of Conduct
Billing companies should develop standards of conduct for all affected employees that include a clearly delineated commitment to compliance by the billing company’s senior management 20 and its divisions. The standards should function in the same fashion as a constitution, i.e., as a foundational document that details the fundamental principles, values and framework for action within an organization. Standards should articulate the billing company’s commitment to comply with all Federal and State standards, with an emphasis on preventing fraud and abuse. They should state the organization’s mission, goals and ethical principles relating to compliance and clearly define the organization’s commitment to compliance and its expectations for all billing company governing body members, officers, managers, employees, and, where appropriate, contractors and other agents. The standards should promote integrity, support objectivity and foster trust. Standards should not only address compliance with statutes and regulations, but should also set forth broad principles that guide employees in conducting business professionally and properly. Furthermore, a billing company’s standards of conduct should reflect a commitment to the highest quality health data submission, as evidenced by its accuracy, reliability, timeliness and validity.

2. Written Policies for Risk Areas
As part of its commitment to compliance, billing companies should establish a comprehensive set of policies that delineate billing and coding procedures for the company. In contrast to the standards of conduct, which are designed to be a clear and concise collection of fundamental standards, the written policies should articulate specific procedures personnel should follow when submitting initial or follow-up claims to Federal health care programs.

Among the issues to be addressed in the polices are the education and training requirements for billing and coding personnel; the risk areas for fraud, waste and abuse; the integrity of the billing company’s information system; the methodology for resolving ambiguities in the provider’s paperwork;21 the procedure for identifying and reporting credit balances; and the procedure to ensure duplicate bills are not submitted in an attempt to gain duplicate payment.

Billing companies that provide coding services should provide additional policies for risk areas that apply specifically to coding.22 The policies and procedures should describe the necessary steps to take in reviewing a billing document. Specific attention should be placed on the proper steps the coder should take if unable to locate a code for a documented diagnosis or procedure or if the medical record documentation is not sufficient to determine a diagnosis or procedure.23 Billing companies that provide additional services should consider consulting an attorney for guidance on other regulatory issues.24

a. Risk Assessment—All Billing Companies
The OIG believes a billing company’s written policies and procedures, its educational program and its audit and investigation plans should take into consideration the particular statutes, rules and program instructions that apply to each function or department of the billing company. Consequently, we recommend coordination between these functions with an emphasis on areas of special concern that have been identified by the OIG through its investigative and audit functions.25

Furthermore, the OIG recommends that billing companies conduct a comprehensive self-administered risk analysis or contract for an independent risk analysis by experienced health care consulting professionals. This risk analysis should identify and rank the various compliance and business risks the company may experience in its daily operations.

Once completed, the risk analysis should serve as the basis for the written policies the billing company should develop. The OIG has provided the following specific list of particular risk areas that should be addressed by billing companies. It should be noted that this list is not all-encompassing and the risk analysis completed as a result of the company’s audit may provide a more individualized road map. Nonetheless, this list is a compilation of several years of OIG audits, investigations and evaluations and should provide a solid starting point for a company’s initial effort.

Among the risk areas the OIG has identified as particularly problematic are:26

• Billing for items or services not actually documented;27
• Unbundling;28
• Upcoding,29 such as, for example, DRG creep;30
• Inappropriate balance billing;31
• Inadequate resolution of overpayments;32
• Lack of integrity in computer systems;33
• Computer software programs that encourage billing personnel to enter data in fields indicating services were rendered though not actually performed or documented;
• Failure to maintain the confidentiality of information/records;34
• Knowing misuse of provider identification numbers, which results in improper billing;35
• Outpatient services rendered in connection with inpatient stays; 36
• Duplicate billing in an attempt to gain duplicate payment; 37
• Billing for discharge in lieu of transfer; 38
• Failure to properly use modifiers; 39
• Billing company incentives that violate the anti-kickback statute or other similar Federal or State statute or regulation; 40
• Joint ventures; 41
• Routine waiver of copayments and billing third-party insurance only; 42 and
• Discounts and professional courtesy.43

A billing company’s prior history of noncompliance with applicable statutes, regulations and Federal health care program requirements may indicate additional types of risk areas where the billing company may be vulnerable and may require necessary policy measures to prevent avoidable recurrence.44 Additional risk areas should be assessed by billing companies as well as incorporated into the written policies and procedures and training elements developed as part of their compliance programs.

Billing companies that do not code bills should implement policies that require notification to the provider who is coding to implement and follow compliance safeguards with respect to documentation of services rendered. Moreover, the OIG recommends that billing companies who do not code for their provider clients incorporate in their contractual agreements the provider’s acknowledgment and agreement to address the following coding compliance safeguards.45

b. Risk Assessment—Billing Companies That Provide Coding Services
The written policies and procedures concerning proper coding should reflect the current reimbursement principles set forth in applicable statutes, regulations 46 and Federal, State or private payer health care program requirements and should be developed in tandem with organizational standards. Furthermore, written policies and procedures should ensure that coding and billing are based on medical record documentation. Particular attention should be paid to issues of appropriate diagnosis codes, DRG coding, individual Medicare Part B claims (including documentation guidelines for evaluation and management services) and the use of patient discharge codes.47

The billing company should also institute a policy that all rejected claims pertaining to diagnosis and procedure codes be reviewed by the coder or the coding department. This should facilitate a reduction in similar errors. Among the risk areas that billing companies who provide coding services should address are:

• Internal coding practices; 48
• ‘‘Assumption’’ coding; 49
• Alteration of the documentation;
• Coding without proper documentation 50 of all physician and other professional services;
• Billing for services provided by unqualified or unlicensed clinical personnel;
• Availability of all necessary documentation at the time of coding; and
• Employment of sanctioned individuals.51

Billing companies that provide coding services should maintain an up-to-date, user-friendly index for coding policies and procedures to ensure that specific information can be readily located. Similarly, for billing companies that provide coding services, the billing company should assure that essential coding materials are readily accessible to all coding staff.52

Finally, billing companies should emphasize in their standards the importance of safeguarding the confidentiality of medical, financial and other personal information in their possession.