Can you do it yourself?

The way to stay out of hot water is to learn the regulations and assign an employee the task of keeping the practice in compliance.

In a small office, it will likely take about 15 hours per month to research and develop a protocol, maintain the protocol and train employees, said Michael Manere, vice president of sales at Total Compliance Solutions in Wellesley.

However, he compares compliance to doing your own taxes. You can do it yourself, but do you really want to?

“You don’t have your employees do your taxes; what makes you think they’re going to [create the right] HIPAA program?” Manere said.

The costs to hire a third party to provide a compliance program vary by the size of the practice and services provided.

While Manere’s operation charges $1,400 for the research and development of a site-specific program, Vincent DiCianni’s Affiliated Monitors in Boston charges roughly $6,000 for a package that includes conducting an audit for a small practice, drafting a compliance manual and training the staff. Lyn Henderson, vice president of medical staff and regulatory affairs at the Needham campus of Beth Israel Deaconess Hospital and a private compliance consultant, said she might charge $24,000 for a complete compliance package for a 10-doctor group, which includes her ongoing consultation.

Of course, for these prices, different services are included.

While they are obviously biased, third-party companies note that these charges pale in comparison to the fines an insurer or Medicare might levy on a practice that’s noncompliant.

“It’s better to be proactive,” DiCianni said. “It’s better to recognize that maybe it’s time to have somebody else come in and look at what you’re doing. We all have blinders on when we’re dealing with ourselves.”

If bringing in a third party won’t work, he suggests doctors attend coding seminars to stay in touch with regular practices. It’s not uncommon for a practice to develop its own shorthand that isn’t the same as standard coding.

While it’s okay to do that, it’s also important to document what your own codes mean, keep your key with the records and distribute it to your entire staff, he said.

Recordkeeping classes also teach an approach to charting, and then a physician’s practice can conduct a random audit to evaluate proper implementation, DiCianni noted.

Probably the most important aspect of regulatory compliance is ensuring that members of your staff are adequately trained.

Manere said he often walks into offices where office staff members have been following the various regulations to the best of their ability, but the physicians have never written a policy and never officially trained their employees on compliance.

Compliance doesn’t happen overnight, and physicians don’t have to tackle everything at once, said Anne Huben-Kearney, a clinical manager in the risk management department at ProMutual Group in Boston.

She suggests starting with setting up systems to bring high-risk areas such as Medicare, Medicaid and insurance billing into compliance first, and then moving on to other areas.

­— Amy Johnson Conner