top of page


The Office of Inspector General (OIG) of the Department of Health and Human Services (HHS) continues in its efforts to promote voluntarily developed and implemented compliance programs for the health care industry. The State False Claims Auditors Organization(SFCAO) trying to keep billing company aware about OIG and HHS programs. The following compliance program guidance is intended to assist third-party medical billing companies (hereinafter referred to as ‘‘billing companies’’) 1 and their agents and subcontractors in developing effective internal controls that promote adherence to applicable Federal and State law, and the program requirements of Federal, State and private health plans. Billing companies are becoming a vital segment of the national health care industry.2 Increasingly, health care providers 3 are relying on billing companies to assist them in processing claims in accordance with applicable statutes and regulations. Additionally, health care providers are consulting with billing companies to provide timely and accurate advice regarding reimbursement matters, as well as overall business decision-making. As a result, the OIG considers the compliance guidance for third-party medical billing companies particularly important in the partnership to defeat health care fraud.

At this juncture, it is important to note the tremendous variation among billing companies in terms of the type of services 4 and the manner in which these services are provided to their respective clients. For example, some billing companies code the bills for their provider clients, while others only process bills that have already been coded by the provider. Some billing companies offer a spectrum of management services, including accounts receivable management and bad debt collections, while others offer only one or none of these services. Clearly, variations in services give rise to different policies to ensure effective compliance. This guidance does not purport to provide instruction on all aspects of regulatory compliance. Rather, we have concentrated our attention on general Federal health care reimbursement principles. For those billing companies that focus their services in a particular sector of the health care industry, the billing company should also consult any compliance program guidance.

Benefits of a compliance program

The OIG believes an effective compliance program provides a mechanism that brings the public and private sectors together to reach mutual goals of reducing fraud and abuse, improving operational quality, improving the quality of health care and reducing the costs of health care. Attaining these goals provides positive results to business, Government and individual citizens alike. In addition to fulfilling its legal duty to ensure that it is not submitting false or inaccurate claims to Government and private payors, a billing company may gain numerous additional benefits by implementing an effective compliance program. These benefits may include:

• The formulation of effective internal controls to assure compliance with Federal regulations, private payor policies and internal guidelines;

• Improved medical record documentation;  

• Improved collaboration, communication and cooperation among health care providers and those processing and using health information;

• The ability to more quickly and accurately react to employees’ operational compliance concerns and the capability to effectively target resources to address those concerns;

• A more efficient communications system that establishes a clear process and structure for addressing compliance concerns quickly and effectively;

• A concrete demonstration to employees and the community at large of the billing company’s strong commitment to honest and responsible corporate conduct;

• The ability to obtain an accurate assessment of employee and contractor behavior relating to fraud and abuse;

• Increased likelihood of identification and prevention of criminal and unethical conduct; • A centralized source for distributing information on health care statutes, regulations and other program directives related to fraud and abuse and related issues;

• A methodology that encourages employees to report potential problems;

• Procedures that allow the prompt, thorough investigation of possible misconduct by corporate officers, managers, employees and independent contractors, who can impact billing decisions;

• An improved relationship with the applicable Medicare contractor;

• Early detection and reporting, minimizing the loss to the Government from false claims, and thereby reducing the billing company’s exposure to civil damages and penalties, criminal sanctions, and administrative remedies, such as program exclusion;  and

• Enhancement of the structure of the billing company’s operations and the consistency between separate business units.

Risk Assessment— All Billing Companies

The OIG believes a billing company’s written policies and procedures, its educational program and its audit and investigation plans should take into consideration the particular statutes, rules and program instructions that apply to each function or department of the billing company. Consequently, we recommend coordination between these functions with an emphasis on areas of special concern that have been identified by the OIG through its investigative and audit functions.

Furthermore, the OIG recommends that billing companies conduct a comprehensive self-administered risk analysis or contract for an independent risk analysis by experienced health care consulting professionals. This risk analysis should identify and rank the various compliance and business risks the company may experience in its daily operations. Once completed, the risk analysis should serve as the basis for the written policies the billing company should develop. The OIG has provided the following specific list of particular risk areas that should be addressed by billing companies. It should be noted that this list is not all-encompassing and the risk analysis completed as a result of the company’s audit may provide a more individualized road map. Nonetheless, this list is a compilation of several years of OIG audits, investigations and evaluations and should provide a solid starting point for a company’s initial effort. Among the risk areas the OIG has identified as particularly problematic are:

• Billing for items or services not actually documented; 

• Unbundling;

• Upcoding, such as, for example, DRG creep;

• Inappropriate balance billing;

• Inadequate resolution of overpayments;

• Lack of integrity in computer systems;

• Computer software programs that encourage billing personnel to enter data in fields indicating services were rendered though not actually performed or documented;

• Failure to maintain the confidentiality of information/records;

• Knowing misuse of provider identification numbers, which results in improper billing 

• Outpatient services rendered in connection with inpatient stays; 

• Duplicate billing in an attempt to gain duplicate payment; 

• Billing for discharge in lieu of transfer; 

• Failure to properly use modifiers.

• Billing company incentives that violate the anti-kickback statute or other similar Federal or State statute or regulation; 

• Joint ventures; 

• Routine waiver of copayments and billing third-party insurance only; and

• Discounts and professional courtesy.

A billing company’s prior history of noncompliance with applicable statutes, regulations and Federal health care program requirements may indicate additional types of risk areas where the billing company may be vulnerable and may require necessary policy measures to prevent avoidable recurrence.44 Additional risk areas should be assessed by billing companies as well as incorporated into the written policies and procedures and training elements developed as part of their compliance programs. Billing companies that do not code bills should implement policies that require notification to the provider who is coding to implement and follow compliance safeguards with respect to documentation of services rendered. Moreover, the OIG recommends that billing companies who do not code for their provider clients incorporate in their contractual agreements the provider’s acknowledgment and agreement to address the following coding compliance safeguards.

bottom of page