April 200846<strong>Compliance</strong> pitfallsin behavioral healthprograms: What towatch for from thestartBy Kenneth P. MarionEditor’s note: Kenneth Marion is the principalat New York <strong>Compliance</strong> Planning in AtlanticBeach, New York. He can be reached by e-mailat kmarion@nycomplianceplanning.com.It is surprising and overwhelming when themanagement team at a behavioral health providerlearns that requirements for a complianceprogram previously limited to hospitals(they thought) are now required of them.Where do they start? What have others done?What mistakes can be avoided?This discussion is targeted at the free-standingbehavioral health program. Programs thatare part of a hospital-based health system arealready well into corporate compliance. However,even those of us in the thick of it mayfind a pitfall they have not yet identified.The Deficit Reduction Act of 2005 (DRA)brought many organizations to the realizationthat a compliance program is a necessity. We nowfind ourselves operating in jurisdictions that havetheir own False Claims Act, and those jurisdictionsare learning to use it as a recovery tool.The basic principles of compliance programsare universal. Regardless of the size of thesetting, the seven pieces of the complianceprogram puzzle, found in Federal SentencingCOMPLIANCEGuidelines and guidances offered by theOffice of the Inspector General (OIG) of theDepartment of <strong>Health</strong> and Human Services(HHS), are your starting point:1. Policies and procedures, especially acode of conduct2. A compliance officer3. Education and training4. Monitoring and auditing5. Reporting and investigating6. Discipline and enforcement7. Response and preventionAll the pieces of the compliance puzzle for behavioralhealth have to be derived from othersources, because our programs do not haveguidance like that for hospitals, physicianpractices, etc. Therefore, everything we do isbased on our understanding and extrapolationof requirements for others.The value to the organization of a clear code ofconduct and a clear code of ethics may not beobvious to the workforce. The codes become apowerful disciplinary tool, when the workforcehas documented knowledge of these corporatestandards. Right from the start, you will meetthe questions/objections of the social workprofessionals who want to know how this codeinteracts with the code of their national association.And you should receive similar queriesfrom the psychologists and others as well. Thisis a minefield that is fairly easy to navigate.Specific requirements should be limited toyour organizational code of conduct, ratherthan your code of ethics. With this arrangement,there is little to conflict.What is the difference between a code of ethicsand a code of conduct? A code of conductcontains the “thou shalt nots,” but the code ofethics contains the “thou shalts.”The most difficult and complicated pitfall inbehavioral health compliance is caused by101<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.orgthe medical model of treatment. Medicareand Medicaid are medical programs. Theinclusion of the allied professions found inbehavioral health is unique and begrudging atbest. Herein lay denials and take backs whichare avoidable if behavioral health staff “get it.”The medical model we’re talking about is theassessment of a patient, followed by a diagnosisbased on the assessment results, whichyields a plan of treatment that is executed,and results in a return of function or theneed to reassess for additional problems. Thecommon disconnects in behavioral healthare between diagnosis and treatment and thedetermination of return of function.The physician in behavioral health doesnot fall prey to this pitfall, because it is his/her model of treatment. The social workerand other providers of the mainstay of ourindustry, verbal therapies, are the ones vexedwhen trying to apply this concrete, measurablemodel of care.Failure to achieve clarity about the model willyield denials and take backs. The patient whois diagnosed with schizophrenia, paranoidtype with both positive and negative symptomatology,is very often not a good candidatefor individual therapy, and auditors willwant to see documentation of the therapeuticapproach and the results of this treatment. Atthe same time, when there is a “best practice”followed, treatment will be standardized and,hopefully, focused.In behavioral health, where a very smallnumber of CPT® (AMA Current ProceduralTerminology) and HCPCS® (CMS <strong>Health</strong>careCommon Procedure Coding System)codes are routinely in use, it is very importantto keep up with changes that do occur. TheCPT “Changes” volume and each annualHCPCS manual require review. And keep
a look out for the World <strong>Health</strong> OrganizationInternational Statistical Classification ofDiseases and Related <strong>Health</strong> Problems-10thRevision (ICD-10).Other training pitfalls abound. The way inwhich the enforcement process works is commonlymisunderstood. It is the antithesis of thebasic concept “innocent until proven guilty.”Teaching the typical enforcement effort (whichidentifies a potential problem, investigates, andthen requires payback) leaves many concerned,if not outraged. Some will never recover.With others, an opportunity presents itself toenlighten them to the importance of attentionto detail and adherence to the rules.The Recovery Audit Contractor (RAC)programs, which are coming online now, areanother problem. Although we would expectthat big fish will get fried first, because this isa program where the contractor gets a piece ofthe recovery, we find that it is our documentation,which is often not concrete, that maycause us many take backs.Behavioral health operations face huge risks.Paramount is the potential for fraud in fieldoperations. Often, case management services ortherapeutic services are needed outside of theoffice. Fraught with risk regarding the actualdelivery of service and the length of service, administratorsneed to watch carefully and to putrestrictions in place. If you don’t start with thesecontrols, they can be difficult to put in place.What was provided and to whom and for howlong are the questions that will be asked.The question of how long the service was providedis a common one and easily becomes aproblem. The standard requirements foundin the CPT environment include “up to 20minutes” or “less than 20 minutes” or “20 to30 minutes.” The code set used in a Medicaidplan may expect “15 minutes” or “15 to 30minutes,” etc. These multiple requirements,not found in the purely medical setting whereCPT is exclusive, create additional confusionand potential for error, as does the structureof the work — the 30 minute session, the 50minute hour, etc.Identifying the targets of OIG is the easiestpart. Each year, the OIG proffers its WorkPlan for the coming year and literally tells uswhat is on the target range. The risk, however,does not lie here, but in our organizations. Itis the employee who files a complaint or blowsthe whistle who can cause serious problems.Continued on page 63Want to include a Stark review in your audit plan this year,but don’t know how to get started?Consider our new STARK COMPLIANCE - GUIDED SELF ASSESSMENTWe provide your staff with classroom training on theStark law and regulations and on what to look forwhen conducting a Stark audit; We supply audit toolsthat allow your staff to review the most commonfinancial relationships with physicians; and we makeour experts available to answer questions as youconduct your self-assessment, and to help with orconduct review of unique financial relationships thatyou discover. Package pricing starts at $7,500.For more information visit www.meaderoach.com orcall Steve Ortquist at 312-285-4850.Steve OrtquistPartner, Meade & Roach, LLP312.285.4850SOrtquist@MeadeRoach.com<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org47April 2008