Home 5 Lab Industry Advisor 5 Essential 5 A Due Diligence Checklist for Vetting Medical Billing Company Compliance

A Due Diligence Checklist for Vetting Medical Billing Company Compliance

by | Mar 24, 2023 | Essential, Lab Compliance Advisor, Reimbursement-lca

Labs have a duty to inquire into what their billing company is up to and whether it complies with all applicable regulations.

Myth: If you outsource billing and coding to a medical billing company, you won’t be liable for any false claims or improper bills submitted on your behalf.

Truth: When the lab services you provide are inaccurately coded or billed and submitted for payment, it’s a false claim for which somebody will be liable. That somebody may be your lab even if the claim was submitted by your billing company. Your liability will depend on whether you knew or reasonably should have known that the company was submitting false claims on your behalf.

What to Do: The “reasonably should have known” element of the equation means that you have a duty to inquire into what your billing company is up to and whether it complies with all applicable regulations. One way to live up to that duty is to carry out due diligence on your billing company’s compliance program. Specifically, you should take steps to verify that the program meets the standards that the U.S. Department of Health and Human Services Office of Inspector General (OIG) established for billing companies in 1998.1

Here’s a checklist of what you must determine to make a proper inquiry.


Instructions: Use the checklist below to assess whether a medical billing company has a proper compliance program:

Item Yes No Comments
Standards of conduct
Written policies for risk areas, including:
[  ] Billing of services not actually documented
[  ] Unbundling
[  ] Upcoding
[  ] Inappropriate balance billing
[  ] Inadequate resolution of overpayments
[  ] Lack of integrity in computer systems
[  ] Computer software programs that encourage billing personnel to enter data in fields indicating services were rendered, though not actually performed or documented
[  ] Failure to maintain confidentiality of information/records
[  ] Knowing misuse of provider identification numbers resulting in improper billing
[  ] Outpatient lab services provided in connection with inpatient stays
[  ] Duplicate billing
[  ] Improper use of modifiers
[  ] Incentives that violate the Anti-Kickback Statute or other federal and state laws
[  ] Discounts and professional courtesy
[  ] Routine waiver of copayments
[  ] Billing third-party insurance only
[  ]‘‘Assumption’’ coding
[  ] Alteration of documentation
[  ] Coding without proper documentation of all physician and other professional services
[  ] Billing for services provided by unqualified or unlicensed clinical personnel
[  ] Employment of excluded individuals
Written policies for claims submission process
Written policies for identification, resolution, and repayment of overpayments
Written policies for integrity of data systems
Written policies for retention of records
Written policies establishing compliance as part of employee performance
All policies developed by compliance officer
All policies distributed and clearly communicated to all appropriate personnel
Item Yes No Comments
Designation of high-level official with direct access to the billing company CEO as compliance officer
Compliance officer primary responsibilities include:
[  ] Compliance program oversight and monitoring
[  ] Reporting to CEO and governing board on compliance matters
[  ] Periodically revising compliance program as necessary
[  ] Reviewing employees’ certifications of having received, read, and understood standards of conduct
[  ] Developing, coordinating, and participating in a multifaceted compliance education and training program
[  ] Coordinating with HR on personnel issues
[  ] Assisting company financial management in coordinating internal compliance review and monitoring activities
[  ] Independently investigating and taking action on compliance matters
[  ] Developing policies to encourage managers and employees to report suspected fraud without fear of retaliation
[  ] Maintaining continual momentum and energy toward compliance
Compliance committee in place to assist in implementation of compliance program
Compliance committee responsibilities include:
[  ] Analyzing company’s regulatory environment, legal requirements, and specific risk areas
[  ] Assessing current policies and procedures that address these areas
[  ] Working with departments to develop standards of conduct and compliance policies and procedures
[  ] Recommending and monitoring development of internal systems and controls to carry out company’s standards, policies, and procedures as part of daily operations
[  ] Determining appropriate strategy to promote program compliance and detection of violations, e.g., via hotlines and other reporting mechanisms
[  ] Developing system to solicit, evaluate, and respond to complaints and problems
[  ] Monitoring internal and external audits and investigations to identify red flags and implement corrective or preventive action
Item Yes No Comments
All corporate officers, managers, and employees receive proper compliance education and training
All above personnel get initial training, which includes:
[  ] Annual general sessions covering fraud and abuse laws, federal/state/private payor healthcare program requirements, coding requirements, claim submission process, and marketing practices
[  ] Billing and coding training, covering:
·       Specific government and private payor reimbursement principles
·       General prohibitions on paying or receiving remuneration for referrals
·       Proper selection and sequencing of diagnoses
·       Improper alterations to documentation
·       Submitting a claim for physician services when provided by a nonphysician, i.e., the ‘‘incident-to’’ rule and physician physical presence requirement
·       Proper documentation of services provided
·       Signing a form for a physician without the physician’s authorization
·       Duty to report misconduct
Employees required to have a minimum number of educational hours per year
Employees involved in billing functions required to attend periodic training in reimbursement coverage and record documentation
Targeted training provided to corporate officers, managers, and employees involved in the coding, billing, and marketing processes
Attendance and participation at training programs is a condition of continued employment
Failure to comply with training requirements results in disciplinary action, up to and potentially including termination
Necessary continuing education is provided, including annual professional training for coding personnel on updated codes for current year
Item Yes No Comments
There’s an open line of communication between the compliance officer and billing and coding personnel
Written confidentiality and nonretaliation policies are in place to encourage communication and reporting of potential fraud
Compliance committee creates independent reporting paths for employees to report fraud, waste, or abuse to ensure that supervisors or other personnel can’t divert such reports
Procedures are in place for procedures for personnel to seek clarification from the compliance officer or compliance committee members in the event of any confusion or question about a company policy, practice, or procedure
Questions and responses are documented and dated and, if appropriate, shared with other staff enabling standards, policies, practices, and procedures to be updated and improved to reflect necessary changes or clarifications
Anonymous hotlines, e-mails, written memoranda, newsletters, and other forms of information exchange are used to maintain open lines of communication on compliance matters
Hotline and other complaints are documented and investigated promptly
Logs are maintained recording the time, date, nature, and outcome of all reports
Such information is included in reports to the governing body, CEO, and compliance committee
The identity of complainants is kept confidential
Item Yes No Comments
Compliance program includes written policy statement describing disciplinary actions that may be imposed upon corporate officers, managers, and employees for failing to comply with the billing company’s standards and policies, with intentional or reckless noncompliance subjecting transgressors to significant sanctions
Range of possible disciplinary actions for improper conduct is published and disseminated
A background investigation, including a reference check is conducted on all new employees who have discretionary authority to make decisions that may involve compliance
Job applications specifically require applicants to disclose any criminal conviction or exclusion action
Company policies ban employment of individuals recently convicted of a criminal offense related to health care or listed as debarred, excluded, or otherwise ineligible for participation in federal healthcare programs
Item Yes No Comments
Company monitors implementation of its compliance program on an ongoing basis
Results of monitoring and evaluation are reported to senior company officers on a regular basis
Compliance reports created by ongoing monitoring, including reports of suspected noncompliance, are maintained by the compliance officer and reviewed with senior management and the compliance committee
There are regular, periodic compliance audits by internal or external auditors with expertise in federal and state healthcare laws and federal, state, and private payor healthcare program requirements
Audits focus on billing company’s programs or divisions, including external relationships with third-party contractors with substantive exposure to government enforcement action
Audits address billing company’s compliance with laws on kickback arrangements, coding practices, claim submission, reimbursement, and marketing
Audits also focus on rules and policies that have been the focus of Medicare fiscal intermediaries or carriers, and law enforcement, as evidenced by OIG Special Fraud Alerts, OIG audits and evaluations, and law enforcement initiatives
There are periodic (at least annual) reviews of whether the program’s compliance elements have been satisfied
As part of the review process, the compliance officer or reviewers consider techniques such as:
[  ] On-site visits
[  ] Testing billing and coding staff’s knowledge of reimbursement and coverage criteria (e.g., presenting hypothetical scenarios of situations experienced in daily practice and assessing responses)
[  ] Unannounced mock surveys, audits, and investigations
[  ] Examination of the billing company’s complaint logs
[  ] Checking personnel records to determine whether individuals who’ve been previously reprimanded for compliance issues are among those currently engaged in improper conduct
[  ] Interviews with personnel involved in management, operations, coding, claim development and submission, and other related activities
[  ] Questionnaires to solicit impressions of a broad cross-section of employees and staff
[  ] Reviews of written materials and documentation prepared by different divisions
[  ] Trend analyses, or longitudinal studies, that seek deviations, positive or negative, in specific areas over a given period
[  ] Have the necessary qualifications and experience to adequately identify potential compliance issues with the subject matter to be reviewed
[  ] Are objective and independent of line management
[  ] Have access to existing audit and healthcare resources, relevant personnel, and all relevant areas of operation
[  ] Present written evaluative reports on compliance activities to the CEO, governing body members of the compliance committee, and its provider clients on a regular basis and at least once a year
[  ] Specifically identify areas where corrective actions are needed
The company documents its compliance efforts
Item Yes No Comments
Chief compliance officer or other management officials promptly investigate reports or reasonable indications of suspected noncompliance to determine whether a material violation has occurred and take steps to correct any problems detected, which may include immediate referral to criminal and/or civil law enforcement authorities, a corrective action plan, a report to the government, and notification to the provider of any discrepancies or overpayments
Compliance officer is made aware of significant overpayments, violations, or deviations that may reveal trends or patterns indicative of a systemic problem
Investigation records contain:
[  ] Documentation of the alleged violation
[  ] A description of the investigative process
[  ] Copies of interview notes and key documents
[  ] A log of the witnesses interviewed and documents reviewed
[  ] The results of the investigation, e.g., any disciplinary action taken
[  ] Any corrective action implemented
Compliance officer takes appropriate steps to secure or prevent the destruction of documents or other evidence relevant to the investigation
Billing company reports misconduct promptly to the appropriate government authority within a reasonable period, but not more than 60 days after the compliance officer, compliance committee, or a management official discovers credible evidence of a violation and, after reasonable inquiry, has reason to believe that the misconduct may violate criminal, civil, or administrative law
If the billing company finds evidence of misconduct by the lab (or other client it serves), it:
[  ] Refrains from submitting any questionable claims
[  ] Notifies the lab in writing within 30 days of such determination and provides the necessary details about the claims involved
If the billing company discovers credible evidence of the lab’s continued misconduct or flagrant fraudulent or abusive conduct, it:
[  ] Refrains from submitting any false or inappropriate claims,
[  ] Terminates the contract, and/or
[  ] Reports the misconduct to the appropriate federal and state authorities within a reasonable time, but no more than 60 days after determining there’s credible evidence of a violation
When reporting misconduct to the government, the billing company provides all evidence relevant to the alleged violation and its potential cost impact
Company takes appropriate corrective action, including prompt identification of any overpayment to the provider and the affected payor, and imposition of proper disciplinary action



  1. https://oig.hhs.gov/documents/compliance-guidance/805/thirdparty.pdf

Subscribe to view Essential

Start a Free Trial for immediate access to this article