101 FDROversight TurningTheoryIntoPractice · The FDR Selection Committee (“FDRSC”) will...

1

FDR Oversight

Turning Theory Into Practice:

A systemic, tool-laden approach to

meeting CMS expectations

Presenters

ERNESTO MARRERO Jr. , JD, CHCMedicare & FIDA Compliance Officer

CORINNE SINCLAIR, MBA, CHCDirector, Medicare Compliance

THOMAS WILSON, Ph.D., M.H.A. Business Ethics, Integrity & Compliance

2

Disclaimer

The views and opinions expressed during this

presentation are those solely of the presenters and

not those of any company or entity with which they

may be associated.

CMS Requirements

Sponsor oversees and is accountable for any

functions or responsibilities that are delegated to

other entities.

� Accountable to CMS or the State for performance of

the delegated function

� Responsible for ensuring the function is performed in

accordance with applicable federal and state standards

� Sponsor remains wholly accountable for the activities

of its subcontractors

� Source: CMS Best Practices for FDR Oversight: Training, Auditing and Enforcement , December 10, 2014.

3

Must: Requirements created by statute or regulation; no discretion

Should: Expectations identified in

Guidelines; discretion as to

how you accomplish effectiveness

Best Practices: Procedures that work well for some

Sponsors; may not work for all� Source: CMS Focused Training, Compliance Program Guidelines, CMS Compliance Program Element VI - Monitoring, Auditing

and Identification of Compliance Risks, March 27, 2013.

Definitions

“Must”…“Should”…“Best Practices”

Topic Requirement

Element I:

Written Policies,

Procedures and Standards

of Conduct

� should ensure that Standards of Conduct (“SOC”) and policies and procedures (“P&Ps”)

are distributed to FDRs’ employees. Alternatively, may ensure that the FDR has

comparable P&Ps and SOC.

� should have a method to demonstrate that SOC and P&Ps were distributed to FDRs’

employees.

� best practice to include appropriate contract provisions in the FDR contract, coupled with

periodic monitoring of a sample of FDRs based on risk assessment, including a review of

the FDRs’ compliance with P&Ps and SOC.

Element III:

Effective Training and

Education

� must establish, implement, and provide effective training and education for … FDRs.

� must occur at least annually and be made a part of the orientation for new … FDRs.

� must ensure that general compliance information is communicated to FDRs.

� should review and update, if necessary, the general compliance training whenever there are

material changes in regulations, policy or guidance, and at least annually.

� must ensure that FDRs’ employees who have involvement in the administration or delivery

of Parts C and D benefits, at a minimum, receive FWA training within 90 days of initial

hiring (or contracting in the case of FDRs), and annually thereafter.

� must be able to demonstrate that … FDRs have fulfilled these training requirements as

applicable.

� must provide the FWA training directly to FDRs or provide appropriate FWA training

materials to FDRs.

� must require FDRs to maintain records of the training of the FDRs’ employees.

4

Common Findings and Best Practices

Topic Requirement

Element I:

Written

Policies,

Procedures and

Standards of

Conduct

� should ensure that Standards of Conduct (“SOC”) and

policies and procedures (“P&Ps”) are distributed to

FDRs’ employees. Alternatively, may ensure that the

FDR has comparable P&Ps and SOC.

� should have a method to demonstrate that SOC and

P&Ps were distributed to FDRs’ employees.

� best practice to include appropriate contract provisions

in the FDR contract, coupled with periodic monitoring of

a sample of FDRs based on risk assessment, including a

review of the FDRs’ compliance P&Ps and SOC.

Element 1: P&Ps

5

Element 1: P&Ps

OVERARCHING POLICY

� COMMITMENT TO OVERSIGHT

ALL ELEMENTS OF OVERSIGHT PROGRAM

� CONTRACTUAL REQUIREMENTS: CMS BEST PRACTICE

RFPs

PRE-DELEGATION SURVEYS

�DELEGATION (NCQA) AUDITS

9

Element 1: P&Ps

OVERARCHING POLICY

� AUDITS

EXTERNAL

COMPLIANCE

� CREDENTIALING

� NETWORK/PROVIDER OPERATIONS

� BUSINESS AREA MONITORING

� REPORTING TO COMMITTEES

10

6

Element 1: P&Ps

FDR SELECTION COMMITTEE

� CHARTER

� SELECTION TOOL

�OPERATING PROCEDURE: COMMITTEE FUNTIONING

DOCUMENTATION OF WORK

�OPERATING PROCEDURE: ATTESTATION PROCESS

11

Charter: FDR Selection Sub Committee

PURPOSE:

The First Tier, Downstream, or Related Entity (“FDR”) Selection Committee supports the

Compliance Program by identifying entities to which Company has delegated

administrative or health care service functions relating to relevant Company healthcare

contracts to ensure compliance with applicable federal and state laws and regulations.

AUTHORITY AND RESPONSIBILITIES:

The FDR Selection Committee (“FDRSC”) carries out its responsibility to identify FDRs

by:

•identifying the entities with which Company contracts,

•gathering the relevant information to determine whether administrative or health care

service functions have been delegated by the Company to the entity,

•determining FDR status by vote after relevant information has been reviewed and

discussed, and

•forwarding the names of the entities designated as FDRs to Medicare Compliance for

appropriate action.

7

FDR Selection Process

Background

In implementing an effective compliance program, the Company is committed to identifying entities to which it has

delegated administrative or health care service functions relating to relevant Company healthcare contracts to ensure

compliance with applicable federal and state laws and regulations. This Operational Procedure will document the manner in

which First Tier, Downstream, and Related Entities (“FDRs) are identified by the FDR Selection Committee (“FDRSC”).

Guidelines

The FDRSC will review and discuss relevant factors to determine which of the entities with which the Company contracts

qualify as FDRs.

Process

The FDRSC Committee Coordinator will identify entities with which the Company has contracted or will contract using all

relevant sources, including Credentialing, Quality Management-Accreditation and Delegation, and Corporate Services.

The FDRSC will review and discuss the services to be provided or provided by the entity. The FDRSC will forward the

Vendor Analysis Form (“VAF”) (see Attachment “A”) to the Relationship Manager (“RM”) designated for the contracting

entity. The RM will complete the VAF by identifying the function(s) performed or to be performed by the FDR that will be

considered by the FDRSC, such as:

• sales and marketing;

• utilization management;

FDR Selection Committee

Vendor Analysis Form

FDR Selection Committee

Vendor Analysis Form

Initial Analysis Performed By: ____________________________________________________________

Title: _________________________ Department: ______________________ Date: _____________

Vendor Name: ________________________________ Type of Agreement: __ Delegation __ Other

Description of Services/Function performed by Vendor:

__________________________________________________________________________________________________________________________________

__________________________________________________

Instructions:

Medicare program requirements apply to FDRs to whom Company has delegated administrative or health care service functions relating to its Medicare Parts C

and D contracts. These requirements do not apply to persons and entities whose administrative contracts with Company do not relate to the its Medicare

functions, for example, a contract between Company and a real estate broker in connection with the rental of office space.

Unless it is very clear that an entity is or is not an FDR, the determination of FDR status requires an analysis of all of the circumstances. Below are some factors

to consider in determining whether an entity is an FDR. Answer “YES” to any that apply.

Y N

□ □ 1. Does the function performed by the vendor relate to Company’s Medicare Parts C and D contracts?

Below are examples of functions that relate to Company’s Medicare Parts C and D contracts. If any function below is checked YES, this question

should be answered “YES.”

Y N

□ □ Sales and marketing

□ □ Utilization management

8

Example: First Tier Entity Table

� Source: CMS Focused Training, Compliance Program Guidelines, CMS Compliance Program Element VI -

Monitoring, Auditing and Identification of Compliance Risks, March 27, 2013.

FDR Attestation Process

Guidelines

As part of the FDR oversight program, the Company requires a party responsible for compliance at an FDR,

such as a Compliance Officer or General Counsel, to attest to the following:

• standards of conduct and compliance policies are disseminated to all employees within 90 days of hire,

when there are updates to the policies, and annually thereafter;

• fraud, waste and abuse training and general compliance education are conducted within 90 days of

initial hire, an annually thereafter;

• exclusion/debarment/sanction screening of employees, temporary workers, volunteers, consultants,

governing board members, and downstream entities against federal exclusion lists is conducted at time

of hire/contract and monthly thereafter; and requires the same of its FDRs; and

• fraud, waste and abuse communication lines are maintained and widely published.

Process

The FDR Selection Committee (“FDRSC”) will provide Medicare Compliance with the names of entities

identified by the FDRSC as FDRs.

Medicare Compliance will identify the FDR party responsible for compliance and confirm that that party is

the appropriate person (the “FDR Contact”) to submit the required attestations on behalf of the FDR.

9

Element 1: P&Ps

CONTRACTING

� RFPs

� CONTRACTS

�DELEGATION AGREEMENTS

COMPLIANCE EXPECTATIONS

FOUR REQUIREMENTS

ATTESTATION

AUDITS

17

Element 1: P&Ps

DELEGATION OVERSIGHT

�OPERATING PROCEDURE

MONITORING REPORTS

AUDITS

CARs

SANCTIONS/TERMINATION

18

10

Common Types of FDRs

• Pharmacy Benefit Manager (PBM)

• Third Party Administrators (TPAs)

• Health Systems/Hospitals

• Network Providers

• Fulfillment Vendors

• Customer Service Call Centers

• Provider Credentialing Entity

• Sales and Field Marketing Agents

• Appeals, Grievances and Claims Processing Entity

• Pharmacies

• Data Validation vendors

� Source: CMS Best Practices for FDR Oversight: Training, Auditing and Enforcement , December 10, 2014.

Element 3: Training & Education

Topic Requirement

Element III:

Effective

Training

and

Education

� must establish, implement and provide effective training and

education for … FDRs.

� must occur at least annually and be made a part of the

orientation for new … FDRs.

� must ensure that general compliance information is

communicated to FDRs.

� should review and update, if necessary, the general

compliance training whenever there are material changes in

regulations, policy or guidance, and at least annually.

11



TRAINING OBLIGATIONS

�GENERAL COMPLIANCE

- STANDARD OF CONDUCT

- COMPLIANCE POLICIES & PROCEDURES

� FRAUD, WASTE, AND ABUSE (“FWA”)

- WITHIN 90 DAYS OF INITIAL CONTRACTING;

ANNUALLY THEREAFTER

- PROVIDE TRAINING DIRECTLY OR PROVIDE

APPROPRIATE FWA TRAINING MATERIALS

12


DISTRIBUTION MECHANISMS - SOC/P&PS

� PAPER/ELECTRONIC

- PROVIDER GUIDES, BAAs, PARTICIPATION

MANUALS

- EMAIL BLAST

- MASS MAILING

�ATTESTATION


Overview

The Prescription Drug Benefit Manual, Chapter 9 - Compliance Program Guidelines (Chapter 9 - Rev. 15, 07-27-12) and the

Medicare Managed Care Manual, Chapter 21 – Compliance Program Guidelines (Chapter 21 - Rev. 109, 07-27-12) require

BelDiaz to “develop procedures to promote and ensure that all FDRs are in compliance with all applicable laws, rules and

regulations with respect to Medicare Parts C and D delegated responsibilities” and have “a system in place to monitor

FDRs.”

As part of meeting these requirements, BelDiaz requires the compliance officer or an officer of each FDR to attest (and

document if appropriate) on an annual basis to the following requirements of a compliance program:

• Appropriate Standards of Conduct and Compliance policies are disseminated to all employees

• Fraud, waste and abuse (FWA) and general compliance education are conducted as required

• Employees, temporary workers, volunteers, consultants, governing body members and downstream entities are

regularly screened against relevant exclusions lists

• FWA communication lines are maintained and published

This year’s Compliance Attestations must be completed by XXXXXXX.

13


1. STANDARDS OF CONDUCT AND COMPLIANCE POLICIES

BelDiaz’s Standards of Conduct (SOC) and Medicare Compliance Program (MCP) communicate to employees and FDRs that compliance is

everyone’s responsibility from the top to the bottom of the organization.

To communicate our compliance expectations and general compliance information to our FDRs and their employees, BelDiaz needs to ensure that

FDRs have comparable policies and procedures and that SOC is distributed to employees.

BelDiaz Compliance Issue Resolution & Hotline

BelDiaz Medicare Compliance Program 2014

BelDiaz Non-Retaliation

BelDiaz Standards of Conduct Handbook

ATTESTATION

To attest that your SOC and relevant policies are comparable to BelDiaz’s please complete the following:

1. I have read BelDiaz’s SOC, MCP and relevant policies.

2. We have comparable SOC and policies that are distributed to our employees.

2a. Attached are our SOC and comparable relevant policies. Attach


FWA TRAINING MECHANISMS

� SPONSOR’S TRAINING MODULE

� CMS’ TRAINING MODULE

� FDR’S (OR THIRD PARTY) TRAINING MODULE

14


Florida Blue

Thomas G. Wilson, Ph.D., M.H.A.

Consultant

Government Programs and Products Compliance

Business Ethics, Integrity & Compliance Division

Florida Blue

28

15

Florida Blue – Presentation Topics

• Florida Blue Company Profile

• CMS chapter guidance: Element VI – Effective System

for Routine Monitoring, Auditing and Identification of

Compliance Risks

• Governance Structure

• Compliance Organization

• Auditing and Monitoring

• Tools

– 2014 FDR Attestation

29

Florida Blue

• Florida-based health solutions company with our

headquarters located in Jacksonville

• Approximately 4.2 million health care members and

serves 15 million people across the United States– Products: Commercial (HMO and PPO), Medicare (HMO,

PPO, RPPO, PDP), HSA, and ancillary products – life,

disability, dental, workers’ comp., long-term care, vision

and wellness programs

• Medicare Service Areas– HMO: 32 Florida Counties, RPPO Statewide (67 Florida

Counties), Local PPO 30 Counties, PDP Statewide

– Total MA and PDP Membership – 196,40930

16

CMS Regulations: Element VI.

“Sponsors must establish and implement an effective system for

routine monitoring and auditing of compliance risks.”

“Sponsors must undertake monitoring and auditing to test and

confirm compliance with Medicare regulations, sub-regulatory

guidance, contractual agreements, and all applicable Federal and

State laws, as well as internal policies and procedures to protect

against Medicare program noncompliance and potential FWA.”

31

Source: Chapter 9/21 of the Prescription Drug and Medicare Managed Care Manual, Rev/ 110, 01-11-13.

Florida Blue – Governance Structure

32

Audit & Compliance Committee of the Board of Directors of GuideWell

Mutual Holding Corporation (Not-for-profit)

Parent Corporation of BCBS of Florida, Inc. d/b/a Florida Blue

General Counsel

Chief Audit

Executive

Chief Integrity and

Compliance Officer

17


33

Chairman and Chief Executive Office

(Chair)

GuideWell Mutual Holding Corporation

Enterprise Executive Management Team

Chief Financial

Officer

Chief

Communications

Officer

General Counsel

Chief Human

Resource Officer

President

Chief Strategy &

Marketing Officer


34

Chief Integrity and Compliance Officer

(Chair)

Corporate Ethics & Compliance

Committee

Commercial

Segment

Consumer Field

Sales

Government

Markets

Product Senior Counsel Chief Audit

Executive

Chief

Technology and

Security Officer

Claims,

Enrollment

Maintenance &

Billing

Organizational

Effectiveness

(HR)

Delivery

System

Operations

Government

Pharmacy

Programs

Finance and

Corp Controller

Government

Market

Services

18

Florida Blue – Risk Assessment

35

• Internal Audit

– Annual baseline risk assessment for all lines of

business

• Risk Impact Categories – Customer Service,

Regulatory Penalties, Brand and Reputational

Harm

• Score weight (1-2) – “Insignificant”

• Risk Likelihood (1-2) – “Extremely Unlikely”

• Risk Mitigation Control (1-2) – “Effective”

Florida Blue – Risk Management

36

• Internal Audit

– High risk items placed on Master Audit Plan

– Audit schedule, methodology and resources

• Board of Directors

– Ultimate accountability for oversight of risk

management program; quarterly meetings to

review status

• Executive Leadership

– Ultimate accountability for managing risk;

quarterly meetings to review status

19

Florida Blue – Auditing and Monitoring

37

• Delegation (Clinical) Oversight Committee

– Pre-delegation site visit (e.g., NCQA)

– Contract performance and corrective action plans

• Vendor Oversight

– Coordinate with Procurement, Legal and

Information Security to create and maintain

vendor profile in Compliance Tool


38

• Vendor Oversight (cont.)

– Conduct monthly calls with “high risk” vendors

• Contact with members, handle member data,

perform core “administrative” and “health

care” functions

– Receive and review reports and scorecards

• Call center performance, application

processing, appeals

• Monitor reports for “systemic issues” that

require corrective action

20


39

When a sponsor has a large number of first tier entities, making

it impractical and/or cost prohibitive to monitor or audit all first

tier entities for all compliance program requirements, the

sponsor may perform a risk assessment to identify its highest risk

first tier entities, then select a reasonable number of first tier

entities to audit from the highest risk groups.

• Business Ethics, Integrity and Compliance conducts a

compliance program risk assessment

– Collaborates with Internal Audit, SIU, Provider Network

• Criteria: Spending, location, provider type

• Method: Telephone call and email

Source: Chapter 9/21 of the Prescription Drug and Medicare Managed Care Manual, Rev/ 110, 01-11-13.


40

• Medicare Vendor Oversight

– Deploy annual FDR Attestation via Compliance

Tool

• Code of Conduct

• Education and Training

• Retention of Training Records

• Review of OIG and GSA websites

• Mechanism to report noncompliance and

potential FWA

21


41

• Medicare Vendor Oversight

– Conduct contract review of vendors identified as

FDRs; communicate compliance requirements

– Conduct monthly calls with FDRs and related

entities

• Receive and review reports and scorecards

– Conduct peer-to-peer compliance program audits

with Blue Plans

Florida Blue – Compliance Tools

42

• 2014 FDR Attestation

– Vendor attestation to five key areas

– Electronic link to Florida Blue Compliance

Resources (e.g., code of conduct, policies and

procedures and training)

22

Florida Blue – Comments & Questions

43

Questions?

101 FDROversight TurningTheoryIntoPractice · The FDR Selection Committee (“FDRSC”) will...

Documents

Transcript of 101 FDROversight TurningTheoryIntoPractice · The FDR Selection Committee (“FDRSC”) will...