The Fraud Spotlight series is a long-form examination of current fraud trends and investigative strategies from our team of retired OIG agents and expert fraud investigators. Stay tuned for weekly insights, updates, and information on healthcare’s most expensive crimes. 

For the past few weeks, we have been standing on the soapbox and waving the flag about, as we always do, compliance. Our retired OIG agents made a career out of providers who were not compliant. They talk incessantly about the fact that many of the providers they met along the way would never have the pleasure of a meeting if they just had some basic compliance measures in place.  

This is vastly different from the unscrupulous provider who is bent on stealing; they do not care about compliance. We are specifically speaking about providers who stick their proverbial heads in the sand and ignore the reality that providers get audited. 

The OIG has extensive guidance and toolkits on compliance. There is guidance available for everything from ambulance providers to pharmaceutical manufacturers to skilled nursing facilitates, and the list goes on.  A cornerstone of compliance is self-audit. What does that achieve? At a minimum, if you are a physician business executive, it is a way to ensure two things: revenue preservation and revenue generation.  

Yes, we just said it: revenue generation. From a preservation perspective, providers need to ensure that there is not a huge overpayment assessment, where money received will have to be paid back due to overbilling. From a generation perspective, a provider that did not realize all services and codes that were legitimately available has left reimbursement monies on the table.  

 But we really are not here to discuss either of those areas right now. The point is that compliance is about staying out of legal harm’s way. Self-audits work to mitigate risk, rectify areas that are identified that need improvement (coding and documentation), and ensure that staff (and external billing entities) are not manipulating the claims information for their benefit (and, yes, we have cited and can provide actual examples where criminal, civil and administrative liability was ascribed to a biller for fraud).  

Our retired OIG agents have done many a “facepalm” to the fact that providers continue to live in a world where there is no compliance program in their practices. We are often told that the billing, coding, and documentation in the practice is not an issue, because it has been done that way for a long time. My response is always that merely because it has been done that way does not make it correct.  

If a provider has not been audited for that code, or has not had to deal with an audit, it does not mean that it was correct; it just means that the provider has not been told otherwise. This is vastly different than having passed an audit and been in a position to say confidently that the process has passed muster.  

Our retired agents always joked that they thanked providers who failed to maintain adequate compliance controls, as it kept them gainfully employed. Now, as they sit on the other side of the table, they understand the landscape of this work, and are uniquely positioned to facilitate discussions, protocols, and efforts that come from that internal perspective

Advize Health LLC is a healthcare advisory and consulting company that provides a breadth of healthcare industry services in the payer, provider, and legal communities. Contact our former OIG and Fraud Investigation team by emailing for more information on our Fraud Spotlight series.