Compliance Risks for Growing Practices – Are You Prepared?

Many medical practices strategize and work hard to experience growth. It can be exciting and rewarding. Increased growth is often accompanied by increased revenues, along with an opportunity to positively impact the health of more people. 

Increased growth can sometimes also bring an increase in compliance risks. Some of these risks can be found in the revenue cycle, HIPAA/patient privacy, and financial arrangements. 

Revenue Cycle 

If a practice’s growth is the result of expanding the types of its medical specialties, offering new procedures/services, or expanding into new states, then revenue cycle compliance risks should be reviewed.  

New medical specialties often bring new compliance risks related to third party payors’ coverage policies, such as Medicare local coverage determinations (LCDs). For example, if a general cardiology practice grows by hiring specialists in cardiac electrophysiology (EP), then the revenue cycle team needs to review payors’ policies on cardiac EP procedures. The policies likely did not apply to services of general cardiologists, but likely will apply to the EP services. Knowing the coding and billing rules from these newly applicable coverage policies will be an essential part of revenue cycle compliance. 

Offering new services such as x-ray or other imaging services when such services were not provided previously will require a review of compliance regulations related to radiology safety, equipment maintenance and inspections as well as training requirements for those operating the equipment. 

Growth that results in an expanding footprint across state lines will require a review of the new states’ professional licensure requirements (MD, RN, Licensed Technologists, etc.), supervision or collaboration agreements for nurse practitioners or physician assistants, and prescription drug laws, especially for controlled substances. 

HIPAA and Patient Privacy 

Growing practices can face heightened risk factors related to HIPAA and patient privacy laws. If expansion includes practicing in new states, it will be critical to review any new state’s patient privacy laws including statutes requiring affected party notification deadlines in the event of breaches or non-compliant disclosures. 

Risk in the area of HIPAA and patient privacy can also rise when the number of employees, physical locations, and informational technology devices (laptops, portable tablets, etc.) increase. It is much easier to encrypt, track, update software, etc. on two laptops that are used in only one physical location by five or six employees than it is to do the same for 21 laptops used by four times as many employees in three different physical locations. 

Financial Arrangements 

As a practice grows, especially as it grows into new markets, the pressure to funnel more and more patients into new clinics or procedure suites increases as well. Marketing and referral source strategies need to account for compliance with unique health care laws such as the federal anti-kickback statute and the physician self-referral (i.e., Stark) laws.  

Though practices were likely aware of these laws before significant growth, justification and rationalization for cutting compliance corners can creep in when executive management or a board is reviewing reports of low patient volumes at a new multi-million dollar clinic or procedure suite that was designed to churn three or four times as many patients through in a given week than is actually happening. Rent, leases, or mortgages need to be paid regardless of whether anticipated patient volumes are being met. Under such pressures, decision makers might be tempted to ‘think outside the box,’ even unintentionally, resulting in financial relationships that can taint referrals or run afoul of anti-kickback rules. When that is the case, the False Claims Act can be implicated and significant investigations and settlements might result. 

Growth-minded practices should not let the temptation for growth bias their compliance decision-making. If choices become clouded, they could result in non-compliance with healthcare financial arrangement laws that, even in good times, can be tricky to maneuver. 

Conclusion 

Compliance risks should not discourage growth-minded practices from their plans to grow. Rather, such practices should be mindful of compliance risks as they grow so they anticipate and appropriately plan for compliance risks instead of ignoring them before it is too late.   

To download this blog post as a pdf, click the button below.