2 0 1 4

MODULE I: MEDICARE & MEDICAID GENERAL COMPLIANCE TRAINING

A Message From Our CEO and Compliance Officer

At PacificSource, we pride ourselves on maintaining a culture of compliance and high ethical behavior. These are

core beliefs that each one of us must uphold.

To that end, we are proud to offer you these important trainings. Please take the time to go through the content,

and help us maintain a culture of compliance.

Introduction

PacificSource contracts with the Federal and State government to provide Medicare and Medicaid services. We are governed by Federal and State laws

If you feel that you require more specialized training for your job, you may contact your contract administrator or the Compliance Department

We also have to maintain an effective Compliance Program which includes measures to prevent, detect and correct non-compliance and fraud, waste and abuse (FWA)

Why Do I Need Training?

As a first-tier, downstream or related (FDR) entity that contracts with PacificSource to provider administrative or clinical services to our members, you are required to take this training. It is also a condition of your contract

We want you to be able to recognize and report incidents of noncompliance

You are part of the solution

Objectives

This training is designed to:

Give you an understanding of our Compliance Program

Meet the regulatory requirement for training and education

Explain your obligation to recognize noncompliance and know when and where to report them

Provide examples of noncompliant issues

Test your knowledge of compliance

Who Are The Key Agencies?

As a Medicare and Medicaid plan, we are governed by Federal and State regulatory agencies, such as:

CMS: The Centers for Medicare and Medicaid Services oversees the Medicare and Medicaid programs

OIG: The Office of Inspector General enforces compliance on a national scale

DMAP: Oregon’s Division of Medical Assistance Programs administers the Medicaid program for low income individuals

Description of Compliance Program

We maintain a Compliance Program to prevent, detect, and correct non-compliance issues.

The Compliance Program is maintained by the Compliance Department

Our Compliance Officer, Executive Management and Board of Directors fully support our compliance initiatives, including the Compliance Program and Standards of Conduct

The Compliance Program addresses important topics such as:

Training and education

Standards of Conduct

Compliance policies and procedures

Compliance Officer and Compliance Committee

Monitoring and auditing

How to report compliance issues

Compliance investigation and resolution

Disciplinary guidelines

Standards of Conduct

We maintain a Standards of Conduct that articulate our commitment to compliance

The Standards of Conduct provide information such as: Duty to report compliance issues

Non-retaliation policy

Reference to Federal and State laws that govern our business

Reference to conflict of interest policy

Your responsibilities and expectations

Disciplinary actions due to noncompliance

You are required to comply with our Standards of Conduct

FAQ

Q. What is the difference between the “Compliance Program” and the “Standards of Conduct”?

A. The Standards of Conduct is a subset of the Compliance Program, and addresses personnel matters such as ethical behavior and your duty to report compliance issues

Compliance Policies and Procedures

Our Compliance Program is comprised of policies and procedures

Reporting Policy: You have an obligation to report compliance concerns to the appropriate channel. You are also expected to assist in the investigation and resolution of these issues. Failure to do so may result in actions, up to and including termination of contract

Non-Retaliation Policy: We have a strict policy on retaliating against those who make a good faith report of a compliance issue. Those who retaliate against an individual who reports a compliance issue will be subject to actions

Conflict of Interest Policy: A conflict of interest arises when your activity or relationship may prevent you from performing your responsibilities to PacificSource in an impartial manner

Example: If you work in the Contracting Department and your spouse works in PacificSource’s procurement department, this may be a conflict of interest

Example: If you work in Business Development and have a financial ownership in PacificSource, this may be a conflict of interest

Example: If you work in Finance and your son works for an auditing firm that audits your firm’s financial records, this may be a conflict of interest

If you believe that you have a conflict of interest, you must disclose the potential conflict to your immediate supervisor, or Human Resources

Compliance Officer and Compliance Committee

Our Compliance Officer oversees the day-to-day activities of the Compliance Department

Our Compliance Committee is made up of executive members, Operations, Legal, Internal Audit, and other key areas, and meets frequently to discuss compliance issues and the effectiveness of the Compliance Program

The Compliance Officer and Compliance Committee are here to assist you with addressing and resolving any compliance concerns you may have

Monitoring & Auditing

Our Compliance Department and Internal Audit conduct routine monitoring and auditing of operational areas through our annual work plans

The work plans allow us to make an independent assessment of the operational area’s level of compliance

If our work plans impact your area, you should be familiar with the workplan, and take the necessary steps to prepare for the monitoring reviews and audits

If you believe that there are high-risk areas not on the workplan, please contact the Compliance Officer

Tips on how to prepare for an upcoming review or audit:

Update your policies and procedures

Be very knowledgeable of your operations

Train your staff on the regulatory requirements

Re-acclimatize yourself with the Compliance Program

Be knowledgeable with your systems to be able pull requested data accurately and timely

FAQ

Q. Will results from monitoring and auditing activities be shared with government agencies?

A. We sometimes disclose issues to the government, depending on the risk and severity of the findings

Q. If I have an area of concern that is not covered by the workplan, what should I do?

A. You may contact the Compliance Officer and express your concerns. We will do a risk assessment to determine how best to resolve the issue

How to Report Compliance Issues

If you suspect noncompliant behavior, you must report it. Not only is it required by law, but it is required by company policy. Failure to do so may result in disciplinary actions

You may report anonymously if you choose

Our non-retaliation policy allows you to report a compliance concern without fear of retaliation

Once reported, we will treat it confidentially and investigate the issue

You may also contact the Compliance Officer or any member of the Compliance Department to ask a compliance question, or request a clarification of the rule

Examples of Compliance Issues

The following are examples of noncompliant issues that must be reported:

Doing business with PacificSource when you are on the OIG exclusion list

Failing to meet your contractual performance standards

Inappropriate disclosure or violation of the HIPAA Privacy and Security Rule

Not paying claims accurately or timely

Failing to send member notices timely

The following methods are available to report compliance issues or inquiries

Report to your immediate supervisor

Report to your company’s Compliance Department

Report to the PacificSource Compliance Officer

Report to your PacificSource contract administrator

Report anonymously to EthicsPoint 24 hours a day/7 days a week: 1-888-265-4068, https://secure.ethicspoint.com/domain/media/en/gui/16499/index.html

Compliance Investigation and Resolution

If you report a compliance issue, we have an obligation to investigate the matter and resolve the issue

You may be asked to assist with the investigation and resolution

Usually, we resolve an issue through formal and documented corrective action plans (CAPs)

We may also retrain, validate data, and enhance processes to ensure that the issue is not likely to reoccur

PacificSource may impose disciplinary actions, or terminate a contract

We may refer matters over to law enforcement and Federal and State agencies for serious violations

Example: If we discover that a provider is submitting fraudulent claims, we will refer the matter over to law enforcement

Example: If you accept unlawful payments to encourage members to receive a service, we will refer the matter over to law enforcement. This is in addition to any disciplinary actions that may be imposed

FAQ

Q. Is the Compliance Department only to be contacted when there is an issue?

A. No. We encourage you to openly ask questions, seek a regulatory interpretation, or go over an issue of fact that you are unsure about

Q. Do I have to do any investigation or research before reporting an issue?

A. No. As long as you have a reasonable basis for believing a compliance issue has occurred, once reported, we will do the fact finding and investigation

Q. Will I be notified of the outcome of an issue I reported? A. All efforts will be made to notify you of the outcome. Due to

confidentiality reasons, you may not always be notified of the outcome. Rest assure, however, that your issue will be thoroughly investigated

Disciplinary Guidelines

We maintain disciplinary guidelines to deal with noncompliant behavior

There are different levels of disciplinary actions. They range from mandatory retraining, to verbal warning, to suspension and termination of contract, and will depend on the level of severity. You may be required to retake compliance training as part of the disciplinary action imposed Example: If you fail to report a compliance violation, even if you

didn’t commit the act, you may be subject to disciplinary actions Example: If you retaliate against an employee who reports a

compliance issue, you may be subject to disciplinary actions Example: If you routinely fail to correct a recurring compliance

violation, you may be subject to disciplinary actions

Confidentiality Rules You Need to Know

HIPAA: This act protects the confidentiality and integrity of protected health information held by PacificSource and its business partners

As a individual who has access to protected health care information, you are responsible for adhering to HIPAA

CMS Data Use Agreement: You must restrict your use of data obtained from CMS information systems for Medicare purposes. You cannot use the CMS information system or its data for non-Medicare business

Vendor Oversight

If you work in an area that delegates certain responsibilities to a vendor, you must exercise reasonable oversight over your vendor’s performance

You are ultimately responsible for their performance

Example: If you rely on a subcontractor to perform a service, you must make sure the vendor is doing it timely and accurately

Test Questions

#1

If I suspect that a violation has occurred, but the issue has been corrected, I should:

A. Not report it because it is no longer an issue

B. Report it anyway

C. Only report it if it is likely to happen again

D. Not report it because the violator has learned his/her lesson

#2

If I fear that my immediate supervisor will retaliate against me for reporting a violation, I should (select all correct responses):

A. Not report it because I don’t want a bad performance review

B. Report anonymously without having to provide my name

C. Report to the appropriate channel and express my fear of retaliation

D. Not report it because I should not have to put my job at risk

#3

Indicate which scenario is a possible conflict of interest (select all correct answers):

A. You work in Human Resources and your wife works for a catering company that sometimes caters meals for your office

B. You work in the Contracting Department and your son is a procurement specialist for PacificSource

C. You work in Medical Records and your son’s little league coach is a PacificSource employee

D. You are in management and your wife works in Business Intelligence at PacificSource

#4

Select all noncompliant activities that must be reported (select all correct answers):

A. Doing work for PacificSource when you are on the OIG exclusion list

B. An employee is written up due to work attendance

C. Inappropriate disclosure of protected health information

D. Not performing at contractual performance levels

#6

The following are components of the Compliance Program (select all correct answers):

A. Standards of Conduct

B. Employee compensation and time off policy

C. Reporting and investigating compliance issues

D. Training and education

#7

Company A is a claim processor that PacificSource contracts with. It subcontracts a portion of the work to Company B. Unknown to Company A, Company B inappropriately processed a number of claims. PacificSource will hold which party accountable (select all correct answers):

A. Company A only

B. Company A and Company B

C. Company B only

D. State Department of Insurance

#8

Sarah is an office manager for Company A, a claim processor that PacificSource contracts with. Sarah negotiated a contract with Company B to subcontract a portion of the work. The contract requires Company B to process accurate and timely claim submission, along with performance guarantees and a termination clause. Sarah’s department doesn’t perform any quality checks over Company B’s activities due to the protection in the contract language. Has Sarah done enough to provide reasonable oversight over Company B’s performance? A. Yes. Company B is contractually obligated to perform, and there

are financial protections written in the contract B. No. Contract alone is not adequate. Sarah must occasionally

validate Company B’s work

#9

Upholding high standards of compliance and ethical conduct is the responsibility of (select all correct answers):

A. The Office Manager only

B. Management only

C. Everyone

D. Human Resources only

#10

Name all activities that help promote a culture of compliance:

A. Non-retaliation policy

B. Anonymous reporting

C. Training and education

D. Management support for compliance

#11

Alex works in the Claim Department. He has been on the job for 2 months. During this time, he has made numerous avoidable errors that resulted in incorrect claims. Mary, his manager, is unaware of the errors and has not been able to adequately train him due to her busy schedule. Is this a potential compliance issue? A. Yes. His manager has an obligation to oversee Alex’s work,

and train him adequately. Alex also has an obligation to disclose his errors

B. No. Time and resource are always issues. His manager’s inability to train him is not intentional

#12

Select the best answer:

A. I should wait for PacificSource to review my operations to uncover any deficiencies

B. I should wait for a government audit to understand my operation’s weaknesses

C. I should be conducting ongoing quality checks of my own operations to detect and correct any weaknesses

D. The process I implemented 2 years ago is solid. I haven’t heard of any issues, and there is no need to quality check what’s not broken

#13

Select all behaviors that run counter to a culture of compliance:

A. Management values financial returns over ethical behavior

B. Output is emphasized over accuracy

C. Employees are reprimanded for reporting issues

D. Reported issues are routinely ignored

#14

Jen works in the Billing Department. Due to her busy workload, she has been making avoidable errors over a 2 month period. IT uncovered the error, but does not relay the information to Jen because they know how busy she is. A compliance issue may have occurred with:

A. IT only

B. IT and Jen

C. Jen only

D. The billing system

Answer Key

1. B: You should report all known or suspect fraud, waste and abuse issues even if the issue has been resolved

2. B & C: You will not be retaliated against for reporting a concern or violation. If you suspect that you will be retaliated against, you may report both the violation and the retaliation to the appropriate channel, such as Human Resources

3. B & D: Both cases involve parties who are family members, and roles that may compromise the parties’ objectivity and confidentiality

4. A, C & D: All of these are examples of noncompliant behavior that must be reported.

5. C

6. A, C & D

7. A: Even though Company A did not commit the violation, it is ultimately accountable for Company B’s actions since they are a delegated vendor, regardless if it knew of the violation

8. B: Sarah must exercise reasonable oversight over Company B’s performance, such as spot audits and quality checks

9. C

10. A-D

11. A: The government requires Alex to receive specialized training due to his highly technical role. “B” is incorrect because a noncompliance does not require intent

12. C: Maintaining compliance is everyone’s responsibility. You should be quality checking your operations on a regular basis. Not only will this ensure optimal compliance, but it is smart business practice

13. A-D

14. B: Jen has an obligation to use reasonable care in her job duty. IT has an obligation to bring the issue to the appropriate person to resolve the issue