Misconceptions About the Cost of Healthcare Compliance

Author: Wiks Moffat, CHC, Cofounder, Principal

Jul 18, 2023 | Audit, CMS-OIG, Compliance, Risk

I have been actively engaged in healthcare compliance for the last 25 years. Over that time, I have frequently heard the complaint that compliance is a costly nuisance.  Why is it so expensive? Is there a way around it? Who pays for this unfunded mandate?

I’ll let you in on a secret – healthcare compliance is actually not expensive – certainly not compared to the cost of non-compliance because of monetary fines and reputational damage.

Of course, there are still real costs to be allocated to maintaining an effective compliance program so how do you budget for it at a time when reimbursements from CMS and commercial payers are being ratcheted down? We all know healthcare businesses can’t ignore compliance at a time when it has become such a priority with the government (CMS/HHS) and commercial payers.

The good news is that payers all have plenty of monetary incentives in place to reward high-performing providers who play within the rules. This goes beyond billing accurately and collecting every dollar billed – there are monetary incentives for measured and proven quality outcomes. Those include things like, chronic care management (CCM), remote patient monitoring (RPM), and hierarchal condition category coding (HCC). At a surface level, this counterbalances the financial output of compliance but there’s an industry secret – this can actually turn compliance into a profit center, effectively changing what is traditionally seen as a cost, into a source of revenue and bottom-line improvement.

For years, compliance was handled by Human Resources departments as something that was necessary for risk avoidance. In modern practices, while there are still some crossovers with HR, compliance is often its own stand-alone department. This obviously looks a lot different in a 1-5 doctor practice compared to larger practices and platform groups being formed by the investment community. Regardless of the organization’s size, the stigma of the “expense” of compliance lingers. As a result, organizations will often try to manage compliance on their own, without the services of outside compliance expertise. This can be a risky move due to the complexity of compliance law and frequency of regulatory change.  The recent industry trend of mergers and acquisitions adds another wrinkle as organizations develop increasingly complex relationships with other entities, like hospitals and ancillary service providers who add more requirements for compliance oversight and legal review.

Compliance is very complicated and overarches virtually every facet of a healthcare organization. Expectations from regulators and payers may vary based on group size, giving rise to the term “reasonable precautions”. For smaller groups, having written policies and site-specific employee trainings, along with Office of Inspector General (OIG) exclusion list checks and some level of chart audit may be considered “reasonable precautions”. But often these are not complete and will fail to achieve a defensible position if a federal audit is imposed.

For larger groups, a more formal compliance program is needed to demonstrate “reasonable precautions”, including  appointing a formal compliance committee with scheduled meetings and minutes to show proactivity, addressing and resolving issues by adapting policies into organization-specific procedures. In the M&A arena, this is where private equity firms and other investors will be most protected by partnering with compliance experts ensuring this is all implemented correctly and minimizing risk in acquisitions.

Over years of implementation and analytics, we have found several areas to have opportunity when considering using compliance as a profit center versus its traditional perceived role as a cost center. These include:

  1. Payment Integrity. Discover underpayments and overpayments for services delivered. This analysis accurately identifies Provider-Payer contractual reimbursement and facilitates billing/coding compliance.
  2. Coding Audit. Identify missed billing opportunities. Capturing missed billings and correcting overall charges capture and billing practices going forward maximizes payment for documented services.
  3. Value-Based Care (VBC). Help navigating new incentivized risk arrangements. Correctly identify your organization’s participation in established and mandated VBC care initiatives ensures the correct metrics are captured and incentive dollars are maximized. It is expected that financial penalties will be established as VBC matures.

Whether you need a simple employee training or larger scale evaluation to establish compliance as a profit center, the old-school mindset of straight sunken cost no longer applies. As the healthcare industry morphs with continuous M&As, regulatory changes, and an increase in audits and penalties, the right approach to compliance strengthens your risk protection and financial condition.