3.4 Compliance Programs and Fraud Prevention
Key Takeaways
- The OIG (Office of Inspector General) recommends seven elements for effective healthcare compliance programs
- Healthcare fraud and abuse cost the U.S. healthcare system billions of dollars annually and can result in criminal penalties
- Common types of fraud include upcoding, unbundling, phantom billing, duplicate billing, and kickbacks
- Abuse differs from fraud in that abuse involves practices inconsistent with sound fiscal, business, or medical practices but may not involve intentional deception
- CMAAs play a role in compliance by accurately documenting, reporting irregularities, and following office policies
- Whistleblower protections under the False Claims Act protect employees who report fraud from retaliation
Last updated: March 2026
Compliance Programs and Fraud Prevention
Healthcare fraud and abuse cost the U.S. healthcare system an estimated $100 billion+ annually. CMAAs play an important role in preventing fraud through accurate documentation, proper billing practices, and awareness of compliance requirements.
OIG Seven Elements of an Effective Compliance Program
The Office of Inspector General (OIG) recommends that healthcare organizations implement compliance programs with these seven elements:
| # | Element | Description |
|---|---|---|
| 1 | Written policies and procedures | Clear standards of conduct and compliance policies |
| 2 | Designated compliance officer | A specific individual responsible for overseeing the program |
| 3 | Training and education | Regular compliance training for all employees |
| 4 | Effective communication | Open lines of communication, including a compliance hotline or anonymous reporting mechanism |
| 5 | Internal monitoring and auditing | Regular audits to detect compliance issues |
| 6 | Enforcement through disciplinary guidelines | Consistent consequences for non-compliance |
| 7 | Response to detected offenses | Prompt investigation and corrective action |
Fraud vs. Abuse
| Term | Definition | Intent |
|---|---|---|
| Fraud | Knowingly and willfully executing a scheme to defraud a healthcare program | Intentional deception for financial gain |
| Abuse | Practices that are inconsistent with sound fiscal, business, or medical practices and result in unnecessary costs | May be unintentional or due to poor practices; no deliberate intent to defraud |
Common Types of Healthcare Fraud
| Fraud Type | Description | Example |
|---|---|---|
| Upcoding | Billing for a more expensive service than was actually provided | Billing for a comprehensive office visit (99215) when only a brief visit (99213) was performed |
| Unbundling | Billing separately for services that should be billed as a single bundled code | Billing each component of a CBC separately instead of using the panel code |
| Phantom billing | Billing for services that were never provided | Charging for a lab test that was never ordered or performed |
| Duplicate billing | Submitting the same claim more than once | Billing both the insurance company and the patient for the same service at full price |
| Kickbacks | Offering or receiving payment for referrals | A lab company paying a physician for every referral |
| Falsifying records | Altering medical records to justify billing | Changing documentation to support a higher level of service |
| Waiving copayments routinely | Routinely waiving copayments without financial hardship assessment | Advertising "no copay" to attract patients — this inflates the base charges to insurers |
| Identity theft | Using another person's insurance information | Billing under a patient's insurance for services provided to someone else |
CMAA Role in Compliance
| Responsibility | Action |
|---|---|
| Accurate documentation | Ensure patient information, codes, and charges are recorded correctly |
| Following procedures | Adhere to office policies for billing, coding, and records management |
| Reporting concerns | Report any suspected fraud, irregularities, or compliance issues through proper channels |
| Attending training | Complete all required compliance training |
| Protecting PHI | Follow HIPAA guidelines to prevent unauthorized access or disclosure |
| Verification | Verify patient identity and insurance information at every visit |
Whistleblower Protections
The False Claims Act includes whistleblower (qui tam) provisions that:
- Allow individuals to file lawsuits on behalf of the government against companies that commit fraud
- Protect whistleblowers from retaliation (termination, demotion, harassment)
- May award the whistleblower 15–30% of any recovered funds
- Apply to all federal healthcare programs including Medicare and Medicaid
CMAA Tip: If you observe practices you believe may constitute fraud, follow your office's compliance reporting procedures. If you are not comfortable reporting internally, you can contact the OIG hotline at 1-800-HHS-TIPS.
Test Your Knowledge
A provider instructs the CMAA to bill for a comprehensive office visit (99215) when the documentation only supports a brief visit (99213). This practice is known as:
A
B
C
D
Test Your Knowledge
How many elements does the OIG recommend for an effective healthcare compliance program?
A
B
C
D