Wound Care Compliance Program: OIG 7 Elements for Mobile Practices

The Office of Inspector General doesn't leave compliance to interpretation. Since 2000, the OIG has published guidance spelling out exactly what a healthcare compliance program should include. Seven elements. Not suggestions --- requirements if you want to demonstrate good faith when something goes wrong. And in wound care, things go wrong in ways that are specific to this specialty: debridement upcoding, unnecessary skin substitute applications, vendor kickback arrangements that nobody calls kickbacks, and documentation that tells a clinical story the wound measurements don't support.

Mobile wound care practices carry additional compliance risk because the care happens outside a facility's compliance infrastructure. Your clinicians are working in SNFs, assisted living facilities, and private homes --- each with different documentation environments, different oversight levels, and different temptations to cut corners. A compliance program built for a hospital outpatient department doesn't translate to a van-based practice treating 12 patients across 4 facilities in a single day.

This guide walks through each of the OIG's 7 elements adapted specifically for mobile wound care operations, with the compliance risks that matter most in this specialty.

Element 1: Written Policies and Standard Operating Procedures

A compliance program starts with written policies that define what compliant behavior looks like in your practice --- not in healthcare generally, but in the specific clinical and billing workflows your clinicians and billers execute daily.

For wound care, your written policies need to address:

Coding and billing standards. Define which debridement code (97597, 97598, 11042-11047) applies to which clinical scenario. The line between selective and excisional debridement is where most wound care upcoding occurs --- your policy must state that the code follows the clinical documentation, not the other way around. If the note describes removing devitalized tissue without crossing into viable tissue planes, the code is 97597 regardless of what reimburses higher. For the full breakdown of debridement coding, see our debridement billing guide.

Skin substitute application protocols. Written criteria for when a skin substitute application is medically necessary versus when it's premature. This includes conservative treatment timelines, wound progression thresholds that justify escalation, and product selection criteria that are clinically driven --- not vendor-driven. Your policy should reference the LCD requirements governing your MAC jurisdictions.

Documentation standards. What every wound care visit note must contain: wound measurements in centimeters, wound bed tissue percentages, medical necessity narrative, photographic documentation with measurement markers, and patient-specific treatment rationale. "Document thoroughly" is not a policy. "Every note must include L x W x D measurements, tissue type percentages, and a medical necessity narrative referencing the applicable LCD criteria" is a policy.

Vendor and referral relationships. Written policies governing interactions with skin substitute manufacturers, DME suppliers, and referral sources. This is where Anti-Kickback Statute and Stark Law risks concentrate in wound care, and vague policies create liability. More on this below.

Prior authorization workflows. Define when prior authorization is required, who is responsible for obtaining it, and what happens when a clinician performs a procedure before authorization is confirmed. See our prior authorization guide for the operational framework.

Element 2: Designated Compliance Officer

Someone in your practice owns compliance. Not as an afterthought to their clinical or administrative role --- as a defined responsibility with authority to investigate concerns, access to billing and documentation records, and a direct reporting line to practice leadership.

In a smaller mobile practice, the compliance officer is often the practice owner or a senior administrator. That's fine, as long as the role is formally designated and documented. What doesn't work: assuming compliance is "everyone's job" without anyone specifically accountable for monitoring, investigating, or acting on compliance concerns.

The compliance officer's core responsibilities:

Overseeing the implementation of all written compliance policies
Conducting or coordinating internal audits (chart audits, billing audits, vendor relationship reviews)
Receiving and investigating compliance concerns from staff
Reporting compliance status and audit findings to practice leadership
Staying current on regulatory changes --- LCD updates, OIG work plan priorities, MAC policy changes --- that affect wound care billing and documentation

For mobile practices, the compliance officer also needs visibility into field operations. Your clinicians are treating patients without direct oversight in facilities you don't control. The compliance officer must have a mechanism for reviewing documentation in near-real-time, not 30 days after the visit.

Element 3: Training and Education

Your clinicians and billers cannot comply with policies they don't understand. Annual compliance training is the OIG baseline, but wound care requires more targeted education because the compliance risks are specialty-specific.

Clinical staff training should cover:

Debridement coding criteria --- the clinical distinction between selective and excisional debridement, and why the documentation must describe the tissue depth reached, not the reimbursement desired
Skin substitute medical necessity --- when LCD criteria support application versus when conservative treatment hasn't been adequately documented
Documentation completeness --- what every wound care note must contain to satisfy LCD requirements across all MAC jurisdictions the practice bills
Photographic documentation standards --- consistent angles, measurement rulers visible, date stamps, proper storage as part of the clinical record

Billing staff training should cover:

LCD-specific documentation review before claim submission
Code-to-documentation matching --- verifying that the CPT code billed aligns with the clinical documentation, not the encounter form or superbill
Modifier rules specific to wound care (59, 25, XE, XS)
Denial pattern recognition --- identifying systemic documentation gaps versus one-off coding errors

All staff training should cover:

Anti-Kickback Statute basics --- what constitutes illegal remuneration for referrals, and why free products, volume-based discounts, and lavish vendor dinners are compliance risks
Stark Law self-referral prohibitions --- particularly relevant when the practice has financial relationships with entities to which it refers patients
How to report compliance concerns without fear of retaliation

Training must be documented. Dates, attendees, topics covered, and attestations of completion. When the OIG or a MAC audits your practice, documented training history is evidence of a functioning compliance program.

Element 4: Communication Lines and Reporting

Staff must have a way to report compliance concerns --- and they must believe it's safe to use. This is the element that separates a compliance program on paper from one that actually surfaces problems before they become investigations.

For mobile wound care practices, communication lines matter more than usual because your clinical staff works independently in the field. A clinician who notices a pattern --- documentation being altered after visit completion, a vendor representative pressuring product selection, a colleague consistently billing excisional debridement for wounds that clinically present as selective --- needs a clear, confidential path to report it.

Minimum reporting infrastructure:

A designated person (the compliance officer) who receives reports
Written assurance of non-retaliation for good-faith reporting
A process for anonymous reporting if the concern involves a supervisor or the compliance officer themselves
Documented response timelines --- how quickly reports are acknowledged, investigated, and resolved

The OIG considers the absence of any compliance complaints suspicious, not reassuring. If your reporting channel has never received a concern, it's more likely that staff don't trust the process than that your practice has zero compliance issues.

Element 5: Internal Monitoring and Auditing

This is where compliance programs either prove their value or reveal themselves as shelf decorations. Regular, structured audits catch problems before payers do.

Chart Audits

Pull a statistically meaningful sample of wound care charts quarterly. Review each chart against your documentation standards and the applicable LCD requirements:

Are wound measurements present at every visit?
Does the tissue type documentation support the debridement code billed?
Is the medical necessity narrative specific to the patient and the LCD, or is it template boilerplate copied across patients?
Do serial wound photographs exist with measurement markers?
Is there documented conservative treatment history before advanced therapy initiation?
Do wound progression records justify continued treatment?

Flag patterns, not just individual deficiencies. A single chart missing a measurement is a documentation error. Ten charts in a month with missing measurements is a training problem. Twenty charts from the same clinician with debridement codes that consistently exceed what the documentation supports is a compliance investigation.

Billing Audits

Billing audits focus on coding accuracy and claims integrity:

Debridement code distribution --- compare your practice's ratio of 11042+ (excisional) to 97597 (selective) debridement against specialty benchmarks. A practice billing 80% excisional debridement is an outlier that will attract MAC attention.
Skin substitute utilization rates --- are application frequencies within LCD-permitted limits? Are the same patients receiving weekly applications without documented wound progression?
E/M code distribution --- is the practice consistently billing high-level E/M codes (99215) alongside wound care procedures? For E/M coding in wound care, see our E/M code guide.
Modifier usage --- are modifiers 59 and 25 being used correctly to unbundle services, or are they being used routinely to bypass NCCI edits?
Claims-to-documentation match --- do the codes on the claim match what the clinical note actually describes?

Vendor Relationship Audits

Review all vendor relationships annually for Anti-Kickback Statute and Stark Law compliance. Specific wound care risks:

Skin substitute manufacturer relationships --- Are product selection decisions clinically driven, or is the practice using a specific manufacturer's product because of volume rebates, free samples beyond legitimate trial quantities, or consulting arrangements that are functionally kickbacks?
DME supplier arrangements --- If the practice refers patients for DME (wound VACs, compression devices), does any financial relationship exist between the practice and the supplier?
Referral source relationships --- Are referring facilities (SNFs, assisted living) sending patients to your practice based on clinical appropriateness, or based on an arrangement where the practice provides free wound care assessments, staff training, or other items of value?

The Anti-Kickback Statute covers remuneration in any form --- not just cash payments. Free products, below-market rent, consulting fees for minimal work, and educational grants that coincidentally correlate with product purchases all create exposure.

Element 6: Enforcement and Discipline

Written policies without consequences are suggestions. Your compliance program must include a disciplinary framework that applies consistently to all staff, including leadership.

Graduated enforcement:

First offense (documentation gap): Additional training and supervised documentation review for 30 days
Pattern violations (repeated documentation deficiencies): Written corrective action plan with defined improvement milestones
Coding manipulation (upcoding, unbundling without clinical support): Immediate investigation, potential suspension of billing privileges, possible termination
Fraud (fabricated documentation, kickback participation): Immediate termination and referral to legal counsel for potential self-disclosure

The enforcement framework must be documented and applied consistently. An organization that disciplines a billing clerk for a documentation error but looks the other way when a high-revenue clinician consistently upcodes debridement is not operating a compliance program --- it's operating a liability factory.

Element 7: Corrective Action and Response

When your audits, reports, or external reviews identify compliance failures, the response must be systematic --- not ad hoc.

Corrective action protocol:

Identify the scope --- Is this an isolated incident or a systemic pattern? A single misbilled debridement is different from six months of systematic upcoding.
Quantify the exposure --- How many claims are potentially affected? What's the estimated overpayment?
Implement the fix --- Revise the policy, retrain the staff, modify the documentation template, change the billing workflow. Fix the system that allowed the failure, not just the individual who failed.
Repay overpayments --- If the practice received payments for claims that shouldn't have been paid, voluntary refund within 60 days of identification is both a legal obligation (60-day repayment rule) and evidence of good faith.
Consider self-disclosure --- For significant compliance failures, the OIG Self-Disclosure Protocol provides a structured path to resolve liability. Self-disclosure before the government discovers the problem results in significantly lower penalties than waiting to be caught.
Document everything --- The corrective action itself, the timeline, the outcome, and the follow-up audit confirming the fix held.

Wound Care-Specific Compliance Risks

The seven elements provide the framework. These are the risks that fill it in wound care:

Debridement upcoding. Billing 11042 (excisional) when the clinical documentation describes selective debridement (97597). This is the single most common wound care compliance finding. The financial incentive is clear --- excisional reimburses nearly double selective --- and the clinical line between them requires precise documentation that many templates don't prompt for.

Unnecessary skin substitute applications. Applying skin substitutes to wounds that haven't completed the required conservative treatment period, or continuing applications on wounds showing no measurable response to treatment. LCDs define coverage criteria. Applications that don't meet those criteria are not just denied --- they're potential false claims.

Vendor kickback arrangements. Skin substitute manufacturers offering volume-based pricing, free product beyond legitimate evaluation quantities, paid speaking engagements, or "consulting" fees to practices that use their products. If the arrangement's value correlates with purchase volume, it's an Anti-Kickback risk regardless of what the contract calls it.

Stark Law self-referral violations. A wound care practice that owns or has a financial interest in a lab, DME company, or other entity to which it refers patients must structure those relationships within Stark Law exceptions. The in-office ancillary services exception has specific requirements that mobile practices may not meet.

Documentation fraud. Copying forward wound assessments across visits without performing new assessments, cloning notes between patients, or altering documentation after the visit to support a higher-paying code. EHR audit logs capture all of these. Payers and the OIG request those logs during investigations.

Building the Program Into Your Operations

A compliance program that exists only in a policy manual doesn't protect your practice. The seven elements need to be embedded in daily operations --- documentation templates that enforce LCD requirements, billing workflows that flag code-to-documentation mismatches before submission, audit schedules that run quarterly without exception, and a culture where reporting concerns is expected rather than punished.

Medipyxis builds compliance checkpoints directly into the wound care workflow --- LCD-aware documentation prompts, billing audit dashboards, and chart audit tools that flag documentation gaps during the visit rather than after the claim is denied. If your compliance program is currently a binder on a shelf, the gap between that and a functioning program is an operational problem with an operational solution.