Today, there are two vital areas of physician practice which demand compliance plans: Fraud and Abuse and HIPAA. We have spent many hours creating two documents that can help physician practices create or update their existing plans. (They also have guidance useful to other types of providers.) We call them “Compliance Plan Development Protocols”. We help our clients craft their own compliance plans. We review compliance plans and make suggestions regarding improvements and updating. We help clients assess whether their plans are working, using attorney-client privilege. We do not believe in or make available a canned plan for either topic. We think they are more dangerous than helpful. But any medical practice without a compliance plan for each of these issues is simply being foolhardy in this day and age.

Each document (described in detail below) is available for sale separately for $250 each, prepaid by credit card, to non-clients. Bought together, we discount to non-clients for both for $400. For clients, we charge $175 each or $300 if both are purchased. See below for instructions. Scroll to the end to buy both.

We have also created a new document for Measuring Plan Effectiveness which has been incorporated into the Fraud and Abuse Protocol but can also be bought separately as a stand-alone for $40. (See below) 


The need for a vibrant, updated, functional compliance plan in any medical practice is greater than ever. Given the many enormous false claims settlements, the first Stark settlement over internal compensation formulas and the voluntary repayment regulations, the context for compliance plans is decidedly different from fifteen years ago when we first offered our Physician and Medical Practice Fraud and Abuse Compliance Plan Development Protocol. Our document was completely revised in 2016. It has now been further updated a year later to reflect the implications of new information. It is designed to help physician practices develop, update and maintain a meaningful compliance plan, specific to their circumstances. For practices that already have a compliance plan, as you can see from the Table of Contents, this 56 page document addresses much more than billing and documentation issues. Most compliance plans need to be tweaked and updated to reflect the breadth of the voluntary repayment rules, the new enrollment environment, and the potential for quality-based and reporting-based fraud and more. This document offers strong, practical advice. It also has an Exhibit with links to 10 compliance relevant websites, 2 books, 60 articles, 7 newsletters and 6 teleconferences.

To buy the Fraud and Abuse Protocol alone click here if you are NOT a client. Clients should call the office at 215-735-2384 to verify their status for the discounted rate. 


The OIG and the Health Care Compliance Association have jointly published a Resource Guide to measuring compliance program effectiveness. It is 54 pages long with more than 400 measures, designed to be used by any entity with a compliance program. For our readers, that is unwieldly. We have created a 10 page document which draws on the Guide, with some modifications. It is included in our updated Protocol, but is also available as a stand-alone for $40. Click here

Anyone who bought our Fraud and Abuse Protocol since 2016 may request the new, complete version of the whole Protocol with measurement guidance (or the measurement guidance alone) FOR FREE!! Call the office at 215-735-2384 to verify your status. 


It has been twenty years since the Health Insurance Portability and Accountability Act (HIPAA) was signed into law, and sixteen years since the first regulations governing HIPAA were published. Since that time, HIPAA and its regulations have been modified extensively, adding new, complex requirements for compliance. We fear for those medical practices that have not taken these obligations seriously. The penalties, especially for small entities, are draconian. 

Although many physicians and physician practices are aware of their duties under HIPAA’s Privacy Rule (the first set of regulations published in 2000), many have not kept up with the additional requirements posed by the Security Rule, the Breach Notification Rule, and the so-called “Omnibus” Rule. Beginning in 2012, the Department of Health and Human Services’ Office of Civil Rights (“OCR”) began to take notice of the fact that physicians and physician practices were not meeting their requirements under HIPAA. With the first enforcement action against a small practice, resulting in a $100,000 fine against a cardiac surgery group, the OCR effectively put small physician practices on notice: you can no longer afford to ignore these issues. Furthermore, the OCR is now conducting audits of physician practices and their business associates to determine whether they are compliant with HIPAA’s requirements, including the need to conduct a security risk analysis, designate individuals responsible for ensuring HIPAA compliance within the group, and develop policies and procedures to address ongoing compliance obligations.

Our new “HIPAA Compliance Plan Development Protocol” can help make sense of the myriad requirements a physician practice faces under HIPAA. This 63-page document (see Table of Contents)  addresses the requirements of the Privacy Rule, the Security Rule, and the Breach Notification Rule. It includes sample Business Associate Agreement language, as well as links to resources from both the government and private organizations, all of which can help your practice confront its HIPAA obligations. Dan Shay takes the lead on this work for us. 

To buy the HIPAA Compliance Plan Development Protocol alone, click here if you are not a client. If you are a client, call the office at 215-735-2384 to verify your status and receive the discounted rate. 

TO BUY BOTH PROTOCOLS FOR $400 AS A NON-CLIENT click here. TO BUY BOTH PROTOCOLS AS A CLIENT FOR $300, call the office at 215-735-2384 to verify your status.