FY 2013 Corporate

Compliance& Rights

Protection Training

REASONS FOR A COMPLIANCE PLAN

To prevent unwanted events from happening - intentionally and unintentionally.

To help the organization learn about these unwanted events first.

If they do occur and the organization does not learn about them first, an effective plan can help mitigate or reduce negative effects by showing that they are exceptions.

2

SEVEN ELEMENTS OF EFFECTIVE

COMPLIANCE PLANS

1. Written standards of conduct for all employees, contractors and volunteers that promote a clear commitment to compliance.

2. The appointment of high level individuals in the organization to oversee the compliance effort.

3. Due care taken by the organization to not delegate responsibility or authority to those who may engage in illegal activity.

4. Effective training and education programs for all employees and volunteers.

3

SEVEN ELEMENTS …CONTINUED

5. Monitoring and reporting systems to uncover potential problems and to encourage the reporting of potential problems by employees without fear of retaliation.

6. Disciplinary systems for non-compliant employees - and their managers- that are consistently enforced at all levels of the organization.

7. Reasonable steps taken to respond appropriately to detected offenses and to prevent reoccurrence.

4

GAO: 3 PRIMARY CATEGORIES OF FRAUD

AND ABUSE

Improper billing practices: upcoding, phantom treatment, delivering more treatment than necessary.

Misrepresenting qualifications: lapsed, expired or false credentials; performing outside the bounds of one’s license.

Improper business practices: kickbacks for referrals to a provider, cost report issues, enhancement of profits by limiting care.

5

LAWS TO BE AWARE OF

The Federal Anti-kickback Statute

The Stark Law The Texas Illegal

Remuneration Statute Civil Money Penalties

Statute The Federal False

Claims Act The Medicaid Fraud

Prevention Act6

THE ANTI-KICKBACK STATUTE

Applies to everyone not just licensed staff

“knowingly & willfully” - There must be intent to engage in wrongful act

“solicits or receives/offers or pays” – the prohibition applies both to the offer and acceptance of a kickback.

“Remuneration, directly or indirectly…” – does not require exchanges of money just anything of value.

7

THE STARK LAW- “SELF REFERRALS”

Physician must have a financial relationship with an entity

Referrals to self or entity owned or receiving compensation

No proof of intent to violate the statute is required to impose penalties

8

THE FEDERAL FALSE CLAIMS ACT

Submitting or causing to be submitted a claim for payment using a false record.

Knowingly or with reckless disregard or deliberate ignorance of the falsity of the claim.

Fines can be enormous. Fraud Enforcement and

Recovery Act expanded FCA to include claims to non government payors. Creates liability for knowingly concealing the retention of an overpayment.

9

MEDICAID FRAUD PREVENTION ACT

Applies to everyone not just licensed staff

Knowledge or acts with conscious indifference or reckless disregard

Provides a multitude of actions that constitute fraud, including actions by managed care organizations.

Penalties: Revocation of provider agreement, Medicaid Exclusion list for no less than 10 yrs., state license discipline, and monetary restitution.

10

PROVIDER EXCLUSIONS DATABASE

Any individual or entity that provides or is involved in the provision of, or billing for services or items reimbursable by federal health care programs may be excluded (MDs, nurses, aides, PTs, billing companies, non-licensed persons involved in some aspect of health care industry).

Most common exclusions include: license revocation/suspension, program-related convictions, patient abuse and neglect and default on health education loans.

Exclusion does not expire or end on its own terms; an individual or entity must apply to the OIG for reinstatement.

Liability for using an excluded individual or entity include:o Civil money penalty of $10K for each

item or service claimedo Assessment of up to three times the

amount claimedo The violating entity could be added

to the exclusion database 11

QUI TAM ACTA PROVISION UNDER THE

FEDERAL CIVIL FALSE CLAIMS ACT

Qui Tam is also known as “Whistleblower Act”

Actions can be brought by individuals even if government declines prosecution

Suits are filed under seal with the US Attorney.

Individual filing suit must be “original source.”

Financial rewards for Qui Tam plaintiffs can be significant – 25% - 30% of proceeds from the action or settlement.

Disgruntled employees and competitors frequently Qui Tam plaintiffs. 12

REPORTING COMPLIANCE ISSUES

(CODE OF CONDUCT, # 14)

As a general rule, report to your supervisor

As another option you may report directly to the Compliance Officer, Cindy Keggo In person at the League City officeo Phone / voice mail: 1-888-839-

3229o Interoffice mail (send to GCC-

League City)o U.S. Mail: 4444 W. Main League

City 77573 o E-mail:

cindyk@gulfcoastcenter.orgo FAX: (281) 338-2460

DO NOT MAKE THE EASY

MISTAKE OF FAXING TO 388-2460 (this is a CPA Office in Alvin!)

13

ACTION TAKEN IN DETECTED COMPLIANCE OFFENSES AND OTHER CONFIRMED CASES OF

MISCONDUCT (INCLUDING ABUSE NEGLECT AND

EXPLOITATION)

Considerations: Seriousness, Circumstances, Work Record, Length between violations

Possible Actions: Required Training, Written Reprimand, Probation, Demotion, Reassignment, Termination, Disclosures as required by Law

Confirmed Cases of Abuse, Neglect or Exploitation: Reported in CANRS May be reported to the Employee Misconduct Registry, effective September 1, 2010. (Senate Bill 806, 81st Legislature)

Compliance Detected Offenses: May Include a Corrective Action Plan

Reassignment may occur during an investigation

14

RESPONSIBILITIES OF

SUPERVISORS/MANAGERS

(CODE OF CONDUCT, # 3)

Supervisory staff must: Promote, adhere to and participate in the compliance

program Ensure adherence to and participation in the

compliance program by employees they are responsible for managing

Instruct supervised personnel on the strict adherence to the compliance program, policies/procedures and legal requirements as a condition of employment

Instruct supervised personnel that the Center may take disciplinary action up to and including termination for violations of the compliance program, policies / procedures or legal requirements

Supervisors/Managers should be aware that:

They will be held accountable for failure to detect non-compliance with applicable policies/procedures/legal requirements where reasonable diligence on the part of the supervisor or manager would have led to the discovery of the problem.

15

BUSINESS CODE OF CONDUCT

(NOTE BOLDED & UNDERLINED REVISIONS)

1. Statement of Purpose2. Ethical Standards3. Leadership

Responsibilities4. Conflict of

Interest/Outside Business and Financial Interests5. Gifts and Favors6. Compliance7. Accounting and

Reporting16

CONFLICTS OF INTEREST IN GENERAL

(CODE OF CONDUCT, # 4)

Staff are obligated to remain free of conflicts of interest in the performance of your responsibilities to the Center.

A conflict of interest may exist if your outside activities or personal interests influence or appear to influence your ability to make objective decisions in you job responsibilities.

A conflict may exist if the demands of any outside activities hinder or distract you from the performance of your job or cause you to use Center resources for other than Center purposes.

Remember, policy 13.51 Outside Employment specifically states that non-Center employment may be granted at the discretion of the ED and shall be documented in the employee’s personnel file prior to the acceptance of such employment.

17

THE BOARD OF TRUSTEES AND CENTER EMPLOYEES MAY NOT HAVE A CONFLICT OF INTEREST

WITH CONTRACTS MANAGEMENT

(CODE OF CONDUCT # 4)

Employed by Contractor Receiving paid consultation

by Contractor Received > 10% of your

Gross Income for the previous year from Contractor

Are a Member of Contractor’s Board of Trustees/Directors

Have Ownership > 10% of voting stock of shares of the Contractor

Have Ownership of > 10% / $5000 of the Fair Market Value of the Contractor

18

BUSINESS CODE OF CONDUCT…CONTINUED

8. Corporate Resources 9. Political Activities10. Confidentiality11. Employee Relations 12. Customer Focus /

Client Relations13. Controlled Substances14. Reporting Misconduct15. Risk Reporting

19

PROTECTING CONFIDENTIALITY

(CODE OF CONDUCT, # 10) You have breached confidentiality if you

disclose information to a third party who is not involved in furthering care or does not have a legitimate need to know.

People included in furthering care are doctors, nurses, social workers, service coordinators & others directly involved in the care of the individual.

People not included in furthering care are those in environmental services, personnel, patient friend’s and family, your friends, and colleagues not involved in the care of the individual.

The Mental Health Code (MHC) does allow the release of information to law enforcement if there is a threat of harm to self or others, or to assist in medical evaluation or treatment.

If your employment ends, you are still bound to maintain confidentiality of all records and information accessed during your employment.

Information is not given to: family members or friends without a release, law enforcement who do not meet the MHC exceptions, legislature, or Center personnel not involved in care.

20

THE HITECH ACT & BREACH

NOTIFICATION

The act defines a breach as the “unauthorized acquisition, access, use or disclosure of protected health information which compromises the security or privacy of the protected health info, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information .

Must notify the consumer/client within 60 days of discovery of the breach

Notification shall include: description of what happened, what info was involved, steps they should take, and steps we have taken, and contact procedures for if they have questions.

If more than 500 people involved …must notify the media

Requires encryption of data [safetosend] Red Flags for Identity Theft:

o Appointment scheduling and patient registration: info looks forged, doesn’t know DOB, physical description does not match identifying info.

o Delivery of services: records indicate treatment inconsistent with exam, info in record contradicts what is already known of client,

o Consumer/client billing and questions : address discrepancies, consumer disputes bill claiming identity theft, consumer receives a bill for services not received, address change that doesn’t seem legitimate.

o Inquiries from Third Party: law enforcement, SSA notifies us the consumer is dead, USPS informs us not an accurate

address, contact from an insurance fraud investigator

21

HIPAA...STAFF ACTIONS

Employees access PHI only to the degree necessary to perform their jobs. Staff should only have access to

PHI regarding the consumers that they are working with, not other persons receiving services

Any staff persons outside the interdisciplinary team working with a consumer probably do not have a need to know PHI about the individual

If you are unsure of who to release information to, DON’T RELEASE IT!!! Check with your Supervisor, or Linda Bell, Director of Legal Affairs.

22

Staff Actions

Employees do not identify a person directly or indirectly as a recipient of services.

When receiving a phone call, fax, or e-mail, staff should not confirm or deny that a person receives services at Gulf Coast Center.

Confirming that a consumer is at the facility would be violating HIPAA Privacy Rules

23

Staff Actions

Employees have a duty to safeguard PHI from intentional or unintentional use of disclosure that is in violation of the HIPAA Privacy Rule by…

Keeping records locked up when not in use.

Users should log off their computers while

away from their desks.Computer screens should not be in plain

sight of publicWritten information in nurse stations,

desks, etc., should be covered from public view.

Discussions about consumers should be made

in private, away from public areas. Electronic records should be kept secure.

Facilities should monitor who accesses PHI.

Paper records should be shredded and never left in the garbage for disposal with regular trash.

Do not share your computer password with anyone. Create a password that is unique and difficult for someone else to guess.

Do not write it down where someone else can see it or find it.

24

Staff Actions

Employees refer requests for PHI, requests from persons served to amend records, and related requests to the appropriate office.

All requests made by consumers should be made to Liz Bennett, Technical Assistant Medical Records Administration, located at Southern Brazoria County CSC: 

o Direct line: (281) 585-7389 or; o SBCSC (979) 848-0933

x11313o Fax: (979) 848-0937 (call to

confirm receipt of fax)

If you receive a subpoena, court

order, or a request for an affidavit,

notify Liz Bennett immediately.

25

Staff Actions

Employees report or assist others in reporting suspected privacy rights / HIPAA violations If an employee or consumer wishes to

make a complaint about The Gulf Coast Center, call or refer them to:o Cindy Kegg, The Gulf Coast

Center’s Rights Protection Officer/Corporate Compliance Officer

o TDSHS or TDADS Office of Consumer Services and Rights Protection

o U.S. Department of Health and Human Services

o Texas Attorney General’s Office 26

NO HARASSMENT SEXUAL OR OTHERWISE

(CODE OF CONDUCT , # 11)

Any form of harassment violates federal, state and local law

Harassment could be related to race, creed, color, sex, sexual orientation, national origin, ancestry, citizenship status, marital status, pregnancy, age, medical condition, handicap and/or disability

Harassment does include offensive remarks or jokes, other verbal, graphic, physical conduct and/or threats of physical aggression (note: as part of our commitment to safety, we have a No Weapons Policy)

If you feel a staff, consumer, vendor or supplier is harassing you, report the harassment immediately to a supervisor. If the supervisor is involved or you feel they can not or will not address the issue, contact the Chief Operations Officer, HR Director, or Center Attorney. Regardless of who you report to, the complaint will be immediately forwarded to the Center Attorney who will initiate an investigation within 5 business days.

The Center can only resolve an issue of harassment if we know about it. Therefore, it is your responsibility to bring these kinds of problems to our attention so that we can take the necessary steps

to correct the problem or issue at hand If you have any questions as to what constitutes

harassment do not hesitate to contact the Center Attorney or refer to the No Harassment Policy.

27

HARASSMENT IN A NUTSHELL

(CODE OF CONDUCT # 11)

Simple teasing, off-handed comments, and isolated incidents of harassment, unless very serious, will generally not constitute actionable harassment in a court of law. However, it may lead to disciplinary action, up to and including termination depending upon the circumstances of the situation.

Sexual harassment is actionable under Title VII only if it is so “severe and persistent” as to alter the conditions of the person’s employment and create an abusive working environment

The four elements which will be used to make this determination are:

the frequency of the event or action; the severity; whether the event or action was physically

threatening or intimidating, and whether it unreasonably interferes with the

job performance, however this does not include a “mere offensive utterance.”

28

INTERNAL INVESTIGATION

ETIQUETTE Investigations shall only be initiated by the Executive

Director, Legal Affairs Director, HR Manager, or the Rights and Compliance Officer. EXCEPTION: Investigations involving Connect Transit and its services shall be investigated by Asset Management and/or Facility and Transportation Services staff.

Investigations shall be initiated due to harassment allegations, employee misconduct, and/or consumer-related complaints.

Unless directed by one of the individuals listed above, staff do not have the authority to initiate investigations against fellow staff, contractors, or consumers. Investigating does include and is not limited to photographing, monitoring and documenting activity, reading internal and external mail, and recording conversations without the other persons knowledge and consent. Staff involved in unauthorized investigative tactics will be subject to disciplinary action up to and including termination.

During an investigation, staff must never conceal, destroy or alter documents; lie; or make misleading statements to authorized Center staff conducting the investigation. Staff who violate this requirement shall be terminated. Full cooperation is required and includes providing complete timely and thorough information promptly.

29

CONSUMER / CLIENT RELATIONS

(CODE OF CONDUCT # 12)

All consumers/clients deserve to be treated with respect and dignity and have the right to be involved in their care. Dignity and respect include the elimination of prejudicial language

It is the responsibility of each employee to ensure that the rights of clients are protected.

Each employee must familiarize themselves with rights set forth in policy, procedures and in the rights protection handbook. 30

FORBIDDEN CONSUMER -EMPLOYEE

RELATIONSHIPS (CODE OF CONDUCT # 12)

Dating Implied Sexual and Sexual in Nature Contacts (i.e., physical act, telephonic and electronic)No Living Arrangement AgreementsNo loans or storing/holding of Consumer Funds/MoneyStaff may accept no monetary gifts. Policy does allow acceptance of gifts of <$50.00. Recovery programs can not accepts gifts, monetary or otherwiseConsumers can not do chores (i.e. picking up trash or cleaning restrooms) for cigarettes or other privileges; this is a violation of the Department of LaborCaution: Telephone communications should be limited to Center Business due to misinterpretations of others.Caution: If a consumer/client has a business and you would like to bid for his services or have him do some work for you do realize that there may be some ramifications for such action. The relationship may appear to have some form

of exploitation.Caution: Avoid the appearance of inappropriate behavior.

31

PREVENTING ABUSE, NEGLECT AND EXPLOITATION

Learn your Job Understand expectations

and focus on doing your job well.

Communication Don’t take your anger or

frustration out on persons served or their families. Do your part to help foster positive relationships with co-workers and keep morale high.

Stress Management Manage your stress levels.

Personal Problem Management Leave personal problems outside of the workplace. If you are having difficulty with this, speak to your supervisor. Seek help if you need it!

32

RECOGNIZING SIGNS / SYMPTOMS OF

POSSIBLE ABUSE(CODE OF CONDUCT # 12)

Multiple scratches, cuts, bruises, burns

Unusual patterns of injuries

Inadequate or illogical explanation of injury

Serious injuries: sprains, breaks, bedsores

Reports of confinement

Reluctance to participate in physical

exams

Passive, withdrawn behavior with certain people

33

RECOGNIZING SIGNS / SYMPTOMS OF

POSSIBLE NEGLECT(CODE OF CONDUCT # 12)

Lack of food or malnourishment

Lack of water or dehydration

Withholding meds/overmedicating

Inadequate shelter

Unsanitary living conditions

Untreated health problems

Lack of personal hygiene / clothes

34

EXAMPLES OF EXPLOITATION

(CODE OF CONDUCT # 12)

Taking, holding, borrowing money

Taking Social Security /SSI checks

Taking property

Exchanging items of unequal value

Requesting items to be purchased for staff

Using consumers as free labor     

  

  

35

REPORTING ALLEGATIONS OF

SUSPECTED ABUSE, NEGLECT OR

EXPLOITATION

ALL staff have the responsibility to report.

Immediately (within 1 hour) make a report to DFPS via the reporting website:

owww.txabusehotline.org or;

ocall 1-800-647-7418

Complete an Incident Report within 24 hours and fax to RPO if the alleged perpetrator is a Center staff or contract staff

Employees and Consumers are protected from retaliation when reporting.

36

SUBSTANCE USE RECOVERY SERVICES

REPORTING ALLEGATIONS OF SUSPECTED ABUSE, NEGLECT

OR EXPLOITATION

WHEN THE ALLEGED PERPETRATOR IS A CENTER STAFF OR CONTRACT

STAFF

All staff have responsibility to report. Immediately (within 1 hour) make a

report to: Rights Officer at 1-888-839-3229

Complete an Incident Report within 24 hours and fax to Rights Protection Officer

Employees and Consumers are protected from retaliation when reporting.

Department of State Health Service notified within 24 hrs

Investigative Report submitted to DSHS upon completion

DSHS may accept findings or reinvestigate

If the client also has a Mental Health , diagnosis follow guidelines for reporting to

DFPS on previous slide If the AP is not a Center staff or contract staff, report to proper authorities

37

REPORTING…CONTINUED

DO NOT notify the alleged perpetrator of the impending investigation.DO NOT conduct a mini-investigation.DO NOT discuss incident with others (with the possible exception of your supervisor).

DO preserve the safety of the person and arrange for emotional support or medical care as appropriate

DO protect any evidence (i.e.. ake pictures, secure the record, etc.)

DO cooperate with DFPS investigators

38

WHEN YOU MAY NOT RELEASE INFORMATION

ON A CENTER CLIENTThe “Interpretive Guidance on Laws

Pertaining to Privacy of Mental Health and Mental Retardation Records for the MHMR Service Delivery System” pursuant to the TAC Protected Health Information, Chapter 414, Subchapter A, states:

  §When Authorization is not Required to

Use or Disclose Protected Health Information that Relates to MHMR Services (b) When required or authorized by law

            (3) A component may disclose PHI to the Department of Family and Protective Services) when necessary to report or cooperate in the investigation of suspected child abuse or neglect. 

However, the PHI of a parent or other person responsible for the care of the child who is the subject of the report or investigation may only be disclosed pursuant to a court order.

39

Notifies RPO

DFPS receives a report (website or

1-800 number)

APS initiates an investigation

Case Close

d

APS mails completed investigative report to RPO

upon completion

Copy of report given to ED, Review Committee and (if confirmed), to

staff; Case reviewed

What Happens When a DFPS Investigation

Occurs?

RPO notifies ED, Review Committee, Supervisor

Disagree with

findings

Agree with

findings

Request for

Review forwarde

d to Assistant Commis-sioner of

APS 40

REPORTING DEATHS Immediately report known information

to the RPO & treatment team

(email or phone)

Complete an incident report within 24 hours and submit to the RPO via fax or electronically

If hand written, put original in Center mail to the RPO (in League City) after notification

In some cases, staff may be requested to assist the RPO in obtaining information regarding cause & manner of death (e.g. no autopsy is conducted, family agrees to send findings/death certificate to staff)

Upon death, authorization for release of the record can be legally given by the 1) personal representative, 2) parent, 3) adult children or 4) spouse. This does not apply to other relatives, including siblings. (Please follow procedures for release of medical records).

The death of a former service recipient should also be reported to the RPO upon discovery

however, an incident report is not needed .

41

INCIDENT REPORTS…WHEN TO REPORT

(CODE OF CONDUCT #15)

• Actual or suspected abuse, neglect or exploitation /other rights violations when a staff person is the alleged perpetrator

• Vehicle Accidents &

Injuries(client or staff) Report immediately to

• James Rollens III• at 713-545-7595• Violent behavior• (client or staff)• Threats or acts of

aggression (client or staff)• Destruction /loss • of property (client

or staff)• Illegal behavior

(client or staff)

Medical emergencies

Psychiatric emergencies

Serious infraction of program rules (client or staff)

Loss of consumer record

Use of personal restraint(if not part of approved Behavior Plan)

Missing consumer Death of consumer Fire Violations of the

Business Code of Conduct, as appropriate.

EMAILS W PHI SENT

W/O ENCRYPTION

42

INCIDENT REPORTS …PROCEDURES

The following reports must be submitted to

the RPO within 24 hours:

1) abuse/ neglect/ exploitation/ other

rights issues (when staff is

the alleged perpetrator)

2) deaths (active clients)

3) incidents involving workman’s comp (also fax to Ricki at

Admin!) All other reports must be submitted to the RPO within 48

hours

Write legibly Fill in all appropriate blanks Include your

response / follow-up to

incident then…

1) Fax to RPO in League City: 281-338-

2460 / Send original to

RPO immediately, or

2) Submit electronically

REMEMBER, Do not keep a copy or put a copy in the record

43

In order to get credit for this

training you must:

Sign In&

Sign & Turn in the Employee Affirmation

44