The Ultimate False Claims Act (FCA) Audit Checklist for Small Medical Practices (31 U.S.C. § 3729)

The False Claims Act (FCA) is one of the most powerful enforcement tools available to the federal government to combat fraud in healthcare. Under 31 U.S.C. § 3729, small medical practices face liability for knowingly submitting false claims for payment, retaining overpayments, or making false statements related to federal healthcare programs. Penalties include treble damages, per-claim civil fines, and potential exclusion from Medicare and Medicaid. This guide provides a structured, actionable FCA audit checklist specifically tailored for small medical practices, ensuring that compliance gaps are identified and corrected before they trigger government investigations or whistleblower actions.

Small medical practices operate under tight budgets and lean staffing. However, in the eyes of the Department of Justice (DOJ) and the Office of Inspector General (OIG), the size of your practice is irrelevant when it comes to FCA compliance. Every claim submitted to Medicare, Medicaid, TRICARE, or other federal payers is a potential liability if it is inaccurate, unsupported, or fraudulent.

The FCA’s broad scope means violations can arise from billing errors, documentation deficiencies, or misinterpretation of coding rules. An internal FCA audit, conducted regularly, is your best defense. By applying the following structured checklist, small practices can proactively detect and fix issues, reducing exposure to costly litigation and penalties.

Understanding the FCA’s “Knowing” Standard

The FCA imposes liability for knowingly submitting false claims. “Knowingly” is defined broadly and includes:

• Actual knowledge: Awareness of the false claim.

• Deliberate ignorance: Willfully avoiding learning the truth.

• Reckless disregard: Failing to verify accuracy despite obvious risks.

This standard means that even unintentional errors can be deemed “knowing” if a practice fails to implement proper compliance systems.

FCA Risk Areas for Small Practices

1. Upcoding – Billing for a higher-level service than provided.

2. Unbundling – Separating services that should be billed as a package.

3. Medical Necessity Failures – Billing for services not justified by patient records.

4. Duplicate Billing – Submitting claims more than once.

5. Improper Modifier Use – Applying modifiers inaccurately to bypass payment rules.

6. Overpayment Retention – Failing to return identified overpayments within 60 days (42 CFR 495.368).

7. Kickbacks and Referrals – Violations of the Anti-Kickback Statute impacting claims.

A two-physician cardiology practice outsourced its billing to a third-party vendor. A patient complaint triggered an internal review that found hundreds of claims coded at the highest complexity levels, unsupported by documentation. The compliance officer noted the issue but delayed corrective action until the annual audit.

Key Facts:

• The issue was discovered in March, but not corrected until October.

• DOJ argued the delay demonstrated “reckless disregard” under the FCA.

• The whistleblower, a former billing clerk, filed a qui tam lawsuit.

Outcome:

• $420,000 settlement (including treble damages and civil penalties).

• A five-year Corporate Integrity Agreement with mandatory external coding audits.

This case shows the importance of immediate remediation once an FCA risk is identified.

Step 1: Establish Audit Leadership

• Assign a compliance officer or designate a senior staff member responsible for FCA oversight.

• Ensure they have direct access to ownership or governing bodies.

Step 2: Review Billing Accuracy

• Randomly sample at least 10% of claims from the last quarter.

• Cross-check coding against medical documentation.

• Verify that modifiers are used in compliance with payer rules.

Step 3: Validate Medical Necessity

• Ensure documentation supports the billed services and meets coverage criteria.

• Confirm that all services billed are included in the patient’s treatment plan.

Step 4: Examine Overpayment Handling

• Review the last 12 months for identified overpayments.

• Confirm repayment within 60 days of identification.

• Maintain a written log of overpayment investigations and repayments.

Step 5: Assess Vendor Compliance

• Review contracts with billing companies to ensure FCA obligations are included.

• Verify that vendors provide regular error reports and cooperate in audits.

Step 6: Evaluate Staff Training

• Check training logs for all clinical and billing staff.

• Confirm training includes FCA awareness, coding accuracy, and documentation standards.

Step 7: Monitor High-Risk Claims

• Identify providers with above-average billing levels.

• Conduct targeted reviews of their documentation and coding.

Step 8: Review Policies and Procedures

• Ensure written policies address FCA compliance, reporting, and corrective action.

• Update policies annually or when regulations change.
  

Best Practices to Strengthen FCA Compliance

Create a Reporting Culture

Encourage staff to report errors or concerns without fear of retaliation.

Perform Real-Time Claim Scrubbing

Use billing software that flags potential errors before claims are submitted.

Conduct Surprise Audits

Unannounced reviews can reveal issues missed during scheduled audits.

Maintain Open Communication with Vendors

Hold quarterly performance reviews with third-party billers.

Engage Legal Counsel in Complex Cases

If a potential FCA issue is identified, seek legal guidance before reporting.

Pitfall 1: Relying solely on annual audits.

• Solution: Conduct quarterly reviews to catch errors early.

Pitfall 2: Failing to document corrective actions.

• Solution: Keep detailed records of findings, steps taken, and timelines.

Pitfall 3: Not training new hires immediately.

• Solution: Require FCA compliance training during onboarding.

Pitfall 4: Ignoring vendor errors.

• Solution: Hold vendors accountable through contract clauses and oversight.
  

An FCA-ready practice is one that has the systems, documentation, and culture to detect and address risks proactively. This includes:

• Integrating compliance into daily workflows.

• Maintaining transparent communication between billing, clinical, and administrative teams.

• Using data analytics to identify outliers before they trigger audits.

To protect your small practice from FCA liability:

1. Conduct quarterly FCA compliance audits using this checklist.

2. Keep comprehensive documentation of all findings and corrective actions.

3. Train staff regularly and make compliance part of daily operations.

4. Hold vendors accountable and monitor their performance closely.

5. Engage legal counsel early when potential violations are discovered.

By embedding these practices into your operations, you can reduce the likelihood of FCA enforcement, protect your financial stability, and maintain trust with patients and payers.

For added assurance, invest in a compliance management tool. These solutions centralize regulatory tracking, provide continuous risk evaluation, and ensure your practice is prepared for audits by addressing weak points before they escalate, reflecting a proactive commitment to compliance.

1. 31 U.S.C. § 3729 – False Claims Act provisions.

2. CMS Medicare Program Integrity Manual – Guidance on billing and claims submission.

3. HHS-OIG Compliance Program Guidance for Individual and Small Group Physician Practices.