First Tier, Downstream and Related Entities · Element 1: Written Policies ... Contact your...
Transcript of First Tier, Downstream and Related Entities · Element 1: Written Policies ... Contact your...
Introduction – CMS Requirements As of January 1, 2011, Federal Regulations require that Medicare Advantage
Organizations (MAOs) and Prescription Drug Plans (PDPs) have an effective compliance program designated to deter Fraud Waste and Abuse (FWA). This includes compliance program requirements for annual training on compliance and FWA. Refer to 42 CFR 422.503(b)(4)(vi)(C) and 42 CFR 423.504(b)(4)(vi)(C) for details on required training and education for General Compliance and FWA.
Simply Healthcare Plans (SHP or the Company) is a MAO/health plan that has a contract with the federal government. MAO and Part D Sponsors must provide compliance and FWA training to employees and first tier entities. First tier entities must ensure that compliance and FWA training is distributed to their downstream entities (and such distribution must be documented).
First tier, downstream, and related entities (FDRs) who have met the fraud, waste, and abuse certification requirements through enrollment into the Medicare program are deemed to have met the training and educational requirements for fraud, waste, and abuse; however, Compliance training is still required for all FDR’s, even if deemed for FWA training.
Additional regulatory guidance can be found in Chapter 9 and 21 of the CMS Managed Care Manuals at www.cms.gov.
2
Description of the Compliance Program
The Compliance Program is a written guide directed to all employees and FDRs that outlines SHP’s core values and foundation for business operations and prevention of fraud, waste and abuse.
Supports all applicable laws and regulations governing Medicare, Medicaid, and Florida Department of Elder Affairs (Nursing Home Diversion).
SHP has delegated the implementation and oversight of the Compliance Program to the Compliance Committee and Compliance Officer.
4
Purpose of the Compliance Program
Assure compliance with federal and state laws.
Establish framework for Compliance activities that are designed
to avoid legal and compliance problems
Provide the general public, employees and FDRs with an official
statement of how SHP conducts its business
Identify how to communicate compliance issues to the
appropriate personnel
Describe how potential compliance issues are investigated and
includes a policy for non intimidation and non retaliation.
5
6
Corporate Compliance Plan
Policies and Procedures
Code of Business Conduct
and
Code of Business Ethics
Anti-Fraud Program
An Effective Compliance Program Includes
Code of Business Ethics The Code of Business Ethics (Codes) was prepared by senior management
of SHP and approved by the SHP Board of Directors to provide a formal statement of the Company's commitment to the standards and rules of ethical business conduct to First Tier Entities, Downstream Entities and Related Entities, including all providers and vendors who provide or arrange for the provision of health care services or administrative services in connection with or relating to the health plan benefits offered by SHP. All Company personnel and FDRs are required to comply with the standards contained in the Codes and report any alleged violation to the Compliance Officer and assist in the investigation of complaints.
Performance expectations are outlined in the Code
It is the policy of SHP to prevent the occurrence of unethical behavior and discipline personnel or take action against FDRs that violate the Code.
7
Seven Elements of a Compliance Program Every effective compliance program must begin with a formal
commitment to seven key elements. These seven elements are set by the federal government for contractors of the federal government to follow. Written Policies & Procedures, and Code of Ethics
Compliance Officer, Compliance Committee and High-Level Oversight (Governing Body)
Effective Training and Education
Effective Lines of Communication
Enforcement of Well Publicized Disciplinary Standards
Effective System for Routine Auditing and Monitoring
Procedures and Systems for Prompt and Effective Response to Detected Offenses
8
Element 1: Written Policies & Procedures,
and Code of Ethics The first element of a Compliance Program involves the development of written
policies & procedures, and standards of conduct to help prevent issues from occurring in the first place. Policies and procedures (P&Ps) are created to:
Articulate an organization’s commitment to comply with all applicable Federal and State standards
Describe the expectations embodied in the organization’s Code of Conduct
Provide guidance on how to deal with potential compliance issues
Identify how to report compliance issues
Describe how potential compliance issues are investigated and resolved
The Compliance Department at SHP has developed a series of policies & procedures that outline the organization’s commitment to complying with standards and regulations set by the federal government (i.e. the Centers for Medicare and Medicaid Services –CMS), state departments of insurance, etc.
Additionally, business associate agreements, contracts and other agreements between SHP and entities to which SHP delegates its business functions contain language emphasizing compliance-related expectations and/or stipulations.
9
Element 2: Medicare Compliance Officer,
Compliance Committee and High-Level Oversight
(Governing Body)
The second element of a Compliance Program is the designation of a Compliance Officer to accept responsibility for the program and oversee its day-to-day operations. The Compliance Officer ensures the Compliance Program remains visible, active, and accountable. The Compliance Officer has the authority to review all documents and other information that are relevant to compliance activities.
The Medicare Compliance Officer routinely reports to the Board of Directors, or its designee, to ensure it is knowledgeable about the content and operation of the Compliance Program.
The Medicare Compliance Officer chairs the Medicare Compliance Committee. A key focus of the Medicare Compliance Committee is to raise and address compliance issues, escalate compliance issues to Senior Management and the Board of Directors, and to provide oversight of the Medicare Advantage and Part D programs.
Additionally, the Compliance Officer facilitates quarterly meetings of the Compliance Committee, which is comprised of several key upper management personnel. The Compliance Committee meets quarterly to discuss current and/or potential compliance-related issues, including audits, fraud, waste and abuse inquiries, and new and/or revised regulatory guidance.
10
Element 3: Effective Training and Education
The third element of a successful Compliance Program is to provide effective education and training. This enhances the organization’s ability to detect potential issues.
Compliance training addresses relevant laws and regulations, including those related to FWA.
Each delegate should conduct specialized trainings pertaining to their associates’ job functions
All trainings need to be documented with a sign-sheet and training material
To ensure trainings are effective, each employee should be tested before and after the training
All employees of SHP are required to complete compliance training upon initial hiring and annually thereafter.
11
Element 4: Effective Lines of Communication
The fourth element of a Compliance Program involves the ability to report issues through open lines of communication.
Organizations must have effective lines of communication between the Compliance Officer, members of the Compliance Committee, the organizations employees, managers and directors, and the organization’s FDRs ensuring confidentiality, between all parties in accordance with applicable law
Employees, contractors, and other parties are encouraged to report violations of law and policy, without fear of retaliation, to SHP’s Compliance Department.
12
Element 4: Effective Lines of Communication
Some examples of non-compliant behavior:
Intentionally altering CMS/AHCA approved company documents
Intentionally falsifying call log
Intentionally disposing of company documents
Intentionally altering documents for monetary gain
Stealing member information for personal use
Falsifying prescriptions
13
Element 4: Effective Lines of Communication
If you detect a potential compliance issue, it is your responsibility to report it in any of the following ways:
Contact your supervisor, manager, Medicare Compliance Officer or anyone in the SHP Compliance Department or Special Investigations Unit (SIU)
Contact SIU at 866-847-8247 or [email protected]
Contact the 24 hour Compliance Hotline at 1-877-253-9251
Write: Simply Healthcare Plans, Inc.
ATTN: Compliance/FWA Dept.
9250 W. Flagler Street
Suite 600
Miami, FL. 33174-3460
14
Element 5: Enforcement of Well Publicized
Disciplinary Standards The fifth element of a Compliance Program involves well-publicized
disciplinary standards and enforcement so any problems are corrected and resolved.
SHP maintains non-retaliation and protects caller anonymity
These same regulations hold true for FDRs (First Tier, Downstream and Related Entities).
Every associate is responsible to report non-compliant and/or unethical behavior
SHP expects all employees and contracted entities to act in an ethical and compliant manner.
Disciplinary guidelines concerning violations are described in SHP’s Code of Business Ethics
15
Element 6: Effective System for Routine
Monitoring and Auditing The sixth element of an effective Compliance Program is ensuring the organization
has an effective system for auditing and routine monitoring of compliance risks. It is an ongoing process that helps continuously improve performance.
Auditing and monitoring lets us know how we're doing and identifies any areas for improvement.
Organizations must have procedures for effective internal monitoring and auditing.
The Compliance Department and Delegation Oversight Department at SHP are responsible for conducting audits of external (i.e. contracted) entities to which SHP delegates its business functions to identify areas of risk and compliance with federal and state regulatory guidelines.
SHP develops and implements a risk based audit plan. Risks are identified through various sources including, but not limited to: the OIG work plan, external and internal audits, internal monitoring and metrics reporting, compliance issues identified by CMS, and compliance issues identified internally.
16
Element 7: Prompt Response to
Detected Offenses The seventh element of an effective Compliance Program is responding to
detected offenses as soon as they are reported with a prompt investigation, and any necessary remediation.
Regardless of the mechanism used to report potential or suspected violations, all reports are taken seriously, reviewed, and investigated in a timely and reasonable manner. Investigations should result in appropriate corrective action and are treated in a confidential manner.
FDRs are expected to have procedures for ensuring prompt responses to identified areas of non-compliance and detected offenses including the development of corrective action plans to reduce the potential for recurrence, and ensure ongoing compliance with CMS requirements.
Violation of the standards contained in the Compliance Plan may result in disciplinary or corrective action against those Associates, subcontractors, or first tier, downstream, or related entities who participate in non-compliant, illegal, fraudulent, improper, dishonest, or unethical activities.
17
Duty to Report Every employee and contractor has a duty to comply with all laws and
regulations and to report violations.
You do not have to be certain that a violation has occurred in order to report suspected wrongdoing.
Retaliating against anyone who reports a suspected violation is prohibited by Company policy.
SHP has processes to receive, record and respond to compliance questions, reports of potential or actual non-compliance, and FWA from contractors, agents, employees, enrollees, and FDRs. SHP maintains confidentiality to the extent possible, allows callers to remain anonymous if desired and ensures non-retaliation against those who report suspected misconduct in good faith.
Violations of the Code of Business Ethics, or any FWA must be reported. Not reporting fraud or suspected fraud can make you a party to a case by allowing the fraud to continue.
19
Reporting Suspected Non-Compliance
Employees/FDRs may discuss the issue with the manager of
his/her department; or
Contact the Simply Healthcare Plans Compliance Officer:
You can also call the hotline at: 1-855-782-8281 or 305 459-2377
OR email: Non-Compliance-Incident ASimplyhealthcareplans.com
You may remain anonymous
20
Michelle Watson
4343 Anchor Plaza Parkway
Tampa, FL. 33634
Phone: 305-921-2758
Email: [email protected]
Anti-Kickback Statute
The Anti-kickback statute makes it a criminal offense to
knowingly and willfully offer, pay, solicit, or receive any
remuneration to induce or reward referrals of items or services
reimbursable by a Federal health care program.
The statue ascribes criminal liability to parties on both sides of
an impermissible “kickback” transaction.
“Remuneration” includes the transfer of anything of value,
directly or indirectly, overtly or covertly, in cash or in kind.
22
Anti-Kickback Statute
The government has approved a limited number of financial arrangements that the administration considers are unlikely to result in fraud and abuse. These arrangements are referred to as Safe Harbors.
Medicare Advantage Safe Harbors
Risk-based HMOs may offer Medicare beneficiaries increased coverage, reduced cost-sharing amounts or reduced premium amounts.
Plan must offer same benefits to all Medicare/Medicaid enrollees.
Plan must not claim the costs of these benefits as a bad debt or otherwise shift the costs.
23
False Claims Act (“FCA”)
It is a crime for any person or organization to:
Knowingly present, or cause to be presented, a false or fraudulent claim for payment or approval by the federal government; or
Knowingly make, use, or cause to be made or used a false record or statement to influence the payment of a false or fraudulent claim.
Note: Unlike the Anti-Kickback Statue, no proof of specific intent to defraud is required by the False Claims Act. The person submitting a claim does not need to have actual knowledge that the claim is false. Anyone who acts in reckless disregard or in deliberate ignorance of the truth or falsity of the information can also be found liable under the False Claims Act.
24
Qui Tam Provision of the FCA
Authorizes a person alleging a violation of the FCA, also known
as a “whistleblower” or “relator,” to file a case in federal court
and sue, on behalf of the government, those engaged in fraud.
Relator’s incentive to sue is the potential to share in the recovery
of any monies received if the case is successful.
Provides protection to relators who are discharged, demoted,
suspended, threatened, harassed, or discriminated against in
any manner for prosecuting or participating in an investigation.
25
Fraud Enforcement & Recovery Act of
2009 (“FERA”) Signed into law May 20, 2009.
Amends the FCA.
Makes it illegal to “knowingly conceal or knowingly and improperly avoid” an obligation to repay federal funds that have been paid in error, even if the erroneous payment was not caused by the submission of a false record or statement.
Expands the definition of “claim” to include:
Demands for payments made by subcontractors to companies receiving federal funds.
Any request or demand for money or property, whether or not the United States has title to the money or property.
Any request for money made to any “recipient” of funds provided, in whole or in part, by the government, “to advance a Government program or interest.”
26
Health Insurance Portability and
Accountability Act (HIPAA) An important part of any Compliance Program is being compliant with
HIPAA regulations.
The Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its regulations (the "Privacy Rule" and the "Security Rule") protect the privacy of an individual’s health information and govern the way certain health care providers and benefits plans collect, maintain, use and disclose protected health information (“PHI”).
HIPAA requires us to keep health plan members’ and patients’ information secure and private.
The HIPAA Privacy Rule states that PHI can only be used an disclosed to the minimum necessary for treatment, payment, and healthcare operations purposes.
27
Health Insurance Portability and
Accountability Act (HIPAA) • Only those involved in the treatment, payment, or health care
operation may share, apply, utilize, examine, or analyze PHI.
• Most disclosures of PHI require health plan member or patient
authorization.
• Unauthorized use of PHI has severe consequences to our members
or patients, and to our organization. You are obligated to comply with
HIPAA standards to ensure PHI remains secure.
• Carefully handle all PHI data
• Reporting MUST be done immediately if you become
aware of or suspect a breach may have occurred.
28
HIPAA – Your Responsibility HIPAA requires us to remember the following:
Keep member and patient information secure and private.
PHI may be used and disclosed for treatment, payment and healthcare operations purposes, using the minimally necessary amount of PHI to accomplish the purpose.
You are obligated to comply with HIPAA standards to ensure PHI remains secure.
You have a responsibility to identify and promptly report privacy and security incidents using your organization’s reporting policies and procedures.
Everyone at your organization must comply with HIPAA regulations. That means EVERYONE who provides healthcare directly or anyone who works at an organization that handles any type of PHI. By following HIPAA regulations, you support your organization’s commitment to ensuring the security and privacy of PHI.
29
Protected Health Information (PHI)
Protected Health Information (PHI) is information that both
identifies a member AND relates to their past, present, or future
health condition, provision of care, or payment of care.
Examples of PHI include, but are not limited to:
Member name AND case management notes
Member ID number AND a list of current medications
Member social security number AND medical claim information
30
Physician Self-Referral Prohibition Statute
Commonly referred to as the “Stark Law.”
Prohibits physicians from referring Medicare patients for certain
designated health services to an entity with which the physician
or a member of the physician’s immediate family has a financial
relationship – unless an exception applies.
Prohibits an entity from presenting or causing to be presented a
bill or claim to anyone for a designated health service furnished
as a result of a prohibited referral.
31
Resources Resource Link
Centers for Medicare and Medicaid
Services
http://www.cms.gov
Fraud & Abuse General Information http://www.cms.gov/fraudabuseforprofs/
Health Insurance Portability and
Accountability Act (HIPAA)
http://www.cms.gov/HIPAAGenInfo/01_o
verview.asp
HITECH Act http://www.hipaasurvivalguide.com/hitech
- act-text.php
Medicare Learning Network (MLN) Fraud
& Abuse
https://www.cms.gov/MLNProducts/downl
o ads/Fraud_and_Abuse.pdf
Medicare Managed Care Manuals http://www.cms.gov/Manuals/IOM/
Office of Inspector General Department of
Health and Human Services
http://oig.hhs.gov/
(refer to OIG guidance on Compliance
Programs)
http://oig.hhs.gov/fraud/hotline/
Part D Prescription Drug Benefit Manual http://www.cms.gov/prescriptiondrugcovc
o ntra/12_partdmanuals.asp#topofpage
Attestation of Medicare Compliance
Training Completion
1. If you are a participating broker please print the last page of
this training and submit to the plan’s sales manager.
2. If you are a contracted provider, complete and sign the
attestation and return to your account representative.
3. If you have office personnel, temporary and or sub-contracted
they are also required to take this training and records must be
maintained in your office for the plan to audit for 10 years.
The undersigned organization/person (the “Organization/Person”)
certifies and attests that as a first-tier entity, downstream entity or related
entity (as such terms are defined by Centers for Medicare and Medicaid
Services (“CMS”)), it has obtained and/or conducted, The Medicare
Compliance training for it and for all of its personnel and employees, as
applicable, (including, the chief executive, senior administrators or
managers, and governing body members), as required for the calendar
year by the CMS rules in 42 C.F.R. Parts 422 and 423.
Attestation of Medicare Compliance
Training Completion
Instructions on Attestation In addition, the undersigned Organization/Person certifies and
attests that it has required its downstream entities to certify and
attest that they have obtained and conducted, as applicable, the
required Medicare Compliance training for the calendar year for it
and for all its personnel and employees, as applicable.
Upon request by Simply Healthcare Plans, Inc., the
Organization/Person agrees that it will furnish training logs from its
downstream entities, as well as the certifications or attestations it
obtains from its downstream entities to validate that the required
Medicare Compliance Training was completed.
Thank You
SHP is committed to abiding by the laws, rules and regulations that govern our business.
SHP’s Compliance Program cannot operate without the cooperation of our associates, vendors, business partners, and FDRs.
Thank you for completing this CMS required training course on the Compliance Program.
37