Corporate Compliance General Compliance Training Its The Right

Corporate Compliance General Compliance Training It’s The Right Thing to Do!!!

General Compliance Training This training module has been developed to provide required General Compliance Education for Team Members and others as applicable. The training incorporates specific elements of the Organization as well as the Center for Medicare and Medicaid Services (CMS) General Compliance Training and Fraud, Waste and Abuse Training as required by those participating with Medicare Parts C (Medicare Advantage Plan) and D (Medicare Prescription Drug Plan). As a person who provides health services to a Medicare Part C or D enrollee, you are either: • Sponsor: Examples incl Medicare Advantage Organizations [MAOs]; Prescription Drug Plans [PDPs] • First-Tier Entity: Examples incl Pharmacy Benefit Management (PBM), Hospital/Health Care Facility, Provider, Clinical Lab, Claims processing/adjudication company, Company that handles enrollment/membership functions, and contracted agent) • Downstream Entity: Examples incl Pharmacies, Provider, Firms providing agent/broker services, Marketing firms and Call centers • Related Entity: Examples incl Entity with common ownership or control of a Sponsor, or Health promotion provider CMS Requirement: Anyone who provides health or administrative services to Medicare enrollees must satisfy general compliance training requirements. Certain training requirements apply to people involved in performing or delivering Medicare Parts C and D benefits. Employees of Medicare Advantage Organizations (MAOs) and Prescription Drug Plans (PDPs) (“Sponsors”) and entities with which they contract to provide administrative or health care services for enrollees on behalf of the sponsor (“FDRs”) must receive training about compliance with CMS program rules.

General Compliance Training Course Objectives When you complete this course, you should: • Be familiar with the Organization’s Compliance Program • Understand your role within the Compliance Program • Recognize key aspects of a Compliance Program Recognize how Compliance Program violations should be reported • Understand key aspects of Fraud, Waste and Abuse

What is Compliance? Complying with regulations and laws that govern our operations. Compliance is: Doing the Right Thing! Why is Compliance so Important? CMS: Every year billions of dollars are improperly spent because of Fraud, Waste, and Abuse (FWA). It affects everyone – including you. This training helps you detect, correct, and prevent FWA. You are part of the solution. Compliance is everyone’s responsibility. As an individual who provides health or administrative services for Medicare enrollees, your every action potentially affects Medicare enrollees, the Medicare Program, or the Medicare Trust Fund. The Center for Medicare and Medicaid (CMS), along with the Office of the Inspector General (OIG) and the Department of Justice (DOJ) investigate healthcare organizations for fraudulent and abusive practices.

General Compliance Training What is an Effective Compliance Program? An effective Compliance Program fosters a culture of compliance within an organization and, at a minimum: • • • Prevents, detects, and corrects non-compliance Is fully implemented and is tailored to the Organization’s operations Has adequate resources Promotes the Organization’s Code of Ethics; and Establishes lines of communication for reporting non-compliance An effective Compliance Program is essential to prevent, detect, and correct Medicare non-compliance as well as Fraud, Waste, and Abuse (FWA). It must, at a minimum, include the seven core Compliance Program requirements.

General Compliance Training Compliance Program Requirements CMS: The Centers for Medicare & Medicaid Services require Sponsors, First-Tier Entities, Downstream Entities, and Related Entities to implement and maintain an effective Compliance Program for its Medicare Parts C and D plans. An effective Compliance Program should: • Articulate and demonstrate the Organization’s commitment to legal and ethical conduct • Provide guidance on how to handle compliance questions and concerns • Provide guidance on how to identify and report compliance violations

Healthcare is 2 nd most regulated industry HHS Congress IRS F E D E R A L OCR Federal Circuit Courts Medicare Contractors FCC NRC OIG/DOJ CMS DME Regional Contractors DOT Supreme Court Center for Medicare Medicaid Services DEA OCR . . more Regional Offices State Medicaid FDA State Surveys Provider USA OSHA EPA HRSA State Licensure CONs State Attorney General State Dept of Health State Nursing Boards SEC State Medical Boards FBI Regional Intermediaries DOL Local Government State Professional Boards Accreditation Bodies Pharm LAB Joint Commission . . more HFAP CLIA CHAP AATB PT/OT EMS RT CAP. . more S T A T E

General Compliance Training Government Focus Areas Providing and Billing for Medically Unnecessary Services Not Providing Medically Necessary Services in an Emergency situation Upcoding- Misreporting Diagnosis Codes to obtain a Higher Reimbursement Billing for Inpatient when Patient should have been an Outpatient Physicians and Vendors: Bribes, Kickbacks, inappropriate Referrals Billing for Services not Provided Medical Cost Reporting Privacy and Security Regulations Wage and Hour Laws Financial Statement Reporting OSHA Regulations Patient Safety and Quality of Care Environmental Law The Federal government has invested heavily in resources dedicated to combating healthcare fraud, waste and abuse. The OIG develops and publishes an annual work plan that details specific areas to review in the upcoming year. The work plan is available on the OIG’s website: http: //www. oig. hhs. gov

General Compliance Training Our Corporate Compliance Program is based on the core values of the Organization. Doing the Right Thing! The following slides outline the benefits of the Compliance Program, the Seven Core Elements required by CMS and what the Program means to you.

Seven Core Elements: Element 1 Policies, Procedures and the Code of Ethics CMS: These articulate commitment to comply with all applicable Federal and State standards and describe compliance expectations according to standards of conduct. • Policies and procedures are available that document the Organization’s intent and operating procedures. • The core policy that outlines the standards and expectations of all Team Members is the “Code of Ethics”. • It is your responsibility to know the rules, regulations, policies and procedures that affect your job. • Team Members, Physicians, Business Partners and others are given a copy of the “Code” and must abide by it at all times. • You are expected to help the organization remain compliant in your area of responsibility by staying up-todate and initiating changes to policies and procedures as applicable. • Anyone found in violation of the Code is subject to disciplinary action, up to termination or barred from doing business with the Organization.

Seven Core Elements: Element 2 Compliance Officer, Compliance Committee, High-Level Oversight CMS: The Sponsor must designate a Compliance Officer and a Compliance Committee that is accountable and responsible for the activities and status of the Compliance Program, including issues identified, investigated, and resolved by the Compliance Program. The Sponsor’s senior management and governing body must be engaged and exercise reasonable oversight of the Compliance Program. The System Compliance Officer is: Tim Belisle, Executive Vice President, Compliance Officer, General Counsel To support day to day compliance operations, Facility Compliance Officers are also available. In addition, various Compliance Committees to assist with compliance efforts across the Organization.

Seven Core Elements: Element 3 Effective Training and Education CMS: This covers the elements of the Compliance Plan as well as prevention, detection, and reporting of Fraud, Waste and Abuse (FWA). This training and education should be tailored to the different responsibilities and job functions of employees. The Organization has various ongoing avenues to ensure compliance training and education including but not limited to: Mandatory In-services Departmental Training Annual Computerized Programs ……. . and more New Team Member Orientation Seminars Newsletters

Seven Core Elements: Element 4 Effective Lines of Communication CMS: Effective lines of communication must be accessible to all, ensure confidentiality, and provide methods for anonymous and good-faith reporting of compliance issues at Sponsor and First-Tier, Downstream, or Related Entity (FDR) levels. CMS expects that all Sponsors will apply their training requirements and “effective lines of communication” to their FDRs. Having “effective lines of communication” means that employees of the Sponsor and the Sponsor’s FDRs have several avenues to report compliance concerns. Various avenues are available for anonymous and good-faith reporting without fear of retaliation. These include: Your Supervisor, Manager, Dept Director Facility Compliance Officers System Compliance Officer Human Resource Representatives Legal Services Medical Ethics Consultant Direct Line Patient/Guest Feedback System Patient Safety Reporting 1 -800 -535 -9057 The Compliance Hotline, a toll-free line, is available 24 hours a day, seven days a week to communicate concerns or questions regarding ethics, compliance or legal business practices. The caller may remain anonymous.

General Compliance Training CMS: How to Report Potential Non-Compliance Employees of a Sponsor • Call the Medicare Compliance Officer • Report through the organization website • Call the Compliance Hotline First-Tier, Downstream, or Related Entity (FDR) Employees • Talk to a Manager or Supervisor • Call the Ethics/Compliance Help Line • Report to the Sponsor Beneficiaries • Call the Sponsor’s Compliance Hotline or Customer Service • Report through the Sponsor’s website • Call 1 -800 -Medicare Don’t Hesitate to Report Non-Compliance There can be no retaliation for reporting suspected non-compliance in good faith. Each Sponsor must offer reporting methods that are: • Anonymous • Confidential, and • Non-retaliatory

General Compliance Training No Retaliation Philosophy Protections provided under Federal and State False Claims Acts prevent whistleblowers from being discharged, demoted, suspended, threatened, harassed or discriminated against as a result of lawful actions taken under the acts. Retaliation against a Team Member who in good faith reports a compliance or ethics concern is not tolerated.

Seven Core Elements: Element 5 Well-Publicized Disciplinary Standards CMS: Sponsor must ensure standards through wellpublicized disciplinary guidelines. Disciplinary standards are published in policies and conveyed throughout the Organization. Refer to the Intranet to view the policies and applicable documents. Violations can result in disciplinary action up to and including termination.

Seven Core Elements: Element 6 Effective System for Routine Monitoring, Auditing, and Identifying Compliance Risks CMS: Conduct routine monitoring and auditing of Sponsor’s and FDR’s operations to evaluate compliance with CMS requirements as well as effectiveness of the Compliance Program. Note: Sponsors must ensure that FDR’s performing administrative or health care service functions concerning Sponsor’s Medicare Parts C and D program comply with Medicare Program requirements. CMS: What Are Internal Monitoring and Audits? • Internal monitoring activities are regular reviews that confirm ongoing compliance and ensure that corrective actions are undertaken and effective. • Internal auditing is a formal review of compliance with a particular set of standards (for example, policies and procedures, laws, and regulations) used as base measures.

Seven Core Elements: Element 6 -cont. Effective System for Routine Monitoring, Auditing, and Identifying Compliance Risks Aspects of the Organization’s Compliance Program: q Monitor operations to ensure compliance and effectiveness of our Compliance Program. q Review the Organization Compliance Program to remain current as regulatory environments change. q Perform Continuous Monitoring through Dept Self Assessments q Conduct Periodic Audits by Corporate Audit and Compliance Services, external auditors and consultants. q Perform sanction checks on all newly hired individuals and vendors prior to employment or contracts to ensure that we are not employing or doing business with any individual or entity that may have been excluded from federally funded programs.

Seven Core Elements: Element 7 Procedures & System for Prompt Response to Compliance Issues CMS: The Sponsor must use effective measures to respond promptly to noncompliance and undertake appropriate corrective action. CMS: What Happens After Non-Compliance Is Detected? After non-compliance is detected, it must be investigated immediately and promptly corrected. However, internal monitoring should continue to ensure: • There is no recurrence of the same non-compliance; • Ongoing compliance with CMS requirements; • Efficient and effective internal controls; and • Enrollees are protected. All reported concerns are taken seriously. Concerns are thoroughly and promptly reviewed, investigated and every effort made to reach a resolution. Team Members have a responsibility to report compliance issues, quality of care or patient safety concerns. The Organization provides various methods for anonymous and good-faith reporting options without the fear of retaliation.

General Compliance Training Ethics-Do the Right Thing! CMS: As part of the Medicare Program, you must conduct yourself in an ethical and legal manner. It’s about doing the right thing! • • Act fairly and honestly Report suspected violations Adhere to high ethical standards in all you do Comply with all applicable laws, regulations, and CMS requirements Team Members are expected to: • Set an example - adhere to and enforce the standards of the Organization • Abide by all policies, procedures, laws and regulations • Keep current on regulatory requirements; examine operations to ensure compliance • Do what is right the first time • Use your best judgement - when in doubt, seek advice. Ask! • Immediately report any potential non-compliance • Silence is not always Golden. “See Something-Say Something” “Integrity is doing the right thing, even when no one is watching” …. C. S. Lewis (poet)

General Compliance Training What is Non-Compliance? CMS: Non-compliance is conduct that does not conform to the law, Federal health care program requirements, or an organization’s ethical and business policies. CMS has identified the following Medicare Parts C and D high risk areas: • Agent/broker misrepresentation • Appeals and grievance review • Beneficiary notices • Conflicts of interest • Credentialing and provider networks • Documentation and Timeliness requirements • Ethics • FDR oversight and monitoring • Health Insurance Portability and Accountability Act (HIPAA) • Marketing and enrollment • Pharmacy, formulary, and benefit administration • Quality of care Know the Consequences of Non-Compliance Failure to follow Medicare requirements & CMS guidance can lead to serious consequences incl: • Contract termination • Criminal penalties • Civil monetary penalties • Exclusion from participation in all Federal health care programs Additionally, organizations must have disciplinary standards for non-compliant behavior. Those who engage in non-compliant behavior may be subject to the following: • Mandatory training or re-training • Disciplinary action • Termination For more information, refer to the Compliance Program Guidelines in the “Medicare Prescription Drug Benefit Manual” and “Medicare Managed Care Manual” on the CMS website.

General Compliance Training Non-Compliance Affects Everybody Without programs to prevent, detect, and correct non-compliance, we all risk: Harm to beneficiaries, such as: • Delayed services • Denial of benefits • Difficulty in using providers of choice • Other hurdles to care Less money for everyone, due to: • High insurance copayments • Higher premiums • Lower benefits for individuals and employers • Lower Star ratings • Lower profits

General Compliance Training Understanding Fraud, Waste and Abuse There are differences among Fraud, Waste, and Abuse (FWA). One of the primary differences is intent and knowledge. Fraud requires intent to obtain payment and the knowledge that the actions are wrong. Waste and Abuse may involve obtaining an improper payment or creating an unnecessary cost to Medicare, but does not require the same intent and knowledge. Laws exist that prohibit FWA. Penalties for violations may include Civil Monetary Penalties, Civil Prosecution, Criminal Conviction/Fines, Exclusions from Federal health care programs, Imprisonment and/or Loss of Provider License. The following screens provide high-level information about the following laws: • • • Civil False Claims Act Anti-Kickback Statute Stark Statute (Physician Self-Referral Law) For more detailed information on these or other laws such as safe harbor provisions, consult the applicable statute and regulations.

General Compliance Training False Claims Act (FCA) The FCA make a person liable to pay damages to the Government if he or she knowingly: Damages and Penalties Any person who knowingly submits • Conspires to violate the FCA false claims to the Government is • Carries out other acts to obtain property from the liable for three times the Government by misrepresentation Government’s damages caused by • Knowingly conceals or knowingly and improperly avoids or the violator plus a penalty. decreases an obligation to pay the Government • Makes or uses a false record or statement supporting a false claim • Presents a false claim for payment or approval For more information, refer to 31 United States Code (U. S. C. ) Sections 3729 -3733. Violation Example A Medicare Part C plan in Florida hired an outside company to review medical records to find additional diagnosis codes that could be submitted to increase risk capitation payments from the Medicare. The Plan was informed by the outside company that certain diagnosis codes previously submitted to Medicare were undocumented or unsupported. The Plan failed to report the unsupported diagnosis codes to Medicare; and agreed to pay $22. 6 million to settle FCA allegations.

General Compliance Training Anti-Kickback Statue The Anti-Kickback Statute prohibits knowingly and willfully soliciting, receiving, offering, or paying remuneration Damages and Penalties (including any kickback, bribe, or rebate) for referrals for services that are paid, in whole or in part, under a Federal Violations are punishable by a fine of up to $25, 000; Imprisonment health care program (including the Medicare Program). for up to 5 year or Both. For more information, refer to 42 U. S. C. Section 1320 a-7 b(b ). information, refer to the Social Security Act, Section 1128 B(b). Violation Example A radiologist who owned and served as medical director of a diagnostic testing center in New Jersey obtained nearly $2 million in payments from Medicare and Medicaid for MRIs, CT scans, Ultrasounds, and other tests. He paid other doctors for referring patients. He pleaded guilty to violating the Anti-Kickback Statute; and was sentenced to 46 months in prison. The radiologist was among 17 people, including 15 physicians, who have been convicted in connection with this scheme.

General Compliance Training Stark Statute (Physician Self-Referral Law) The Stark Law prohibits a physician from making referrals for certain health services to an entity when the physician or a member of his or her family has an ownership/investment interest or a compensation arrangement (exceptions apply). For more information, refer to 42 U. S. C. Section 1395 nn Damages and Penalties Penalty of approximately $23, 800. may be imposed for each service provided. May also be fined $159, 000 for unlawful arrangement or scheme. For more information, visit the Physician Self-Referral webpage on the CMS website and refer to the Act, Section 1877. Violation Example A physician paid the Government $203, 000. to settle allegations that he violated the Stark Statute selfreferral prohibition for routinely referring Medicare patients to an oxygen supply company he owned.

General Compliance Training Examples of Fraud, Waste and Abuse Examples of actions that may constitute Medicare fraud include: • Knowingly billing for services not furnished or supplies not provided, including billing Medicare for appointments that the patient failed to keep • Billing for non-existent prescriptions • Knowingly altering claim forms, medical records, or receipts to receive a higher payment Examples of actions that may constitute Medicare waste include: • Conducting excessive office visits or writing excessive prescriptions • Prescribing more medications than necessary for the treatment of a specific condition • Ordering excessive laboratory tests Examples of actions that may constitute Medicare abuse include: • Billing for unnecessary medical services • Billing for brand name drugs when generics are dispensed • Charging excessively for services or supplies • Misusing codes on a claim, such as up-coding or unbundling codes

General Compliance Training How to Prevent Fraud, Waste and Abuse As a health care provider who supplies health services to a Medicare beneficiary, you play a vital role in preventing FWA. Ø Look for suspicious activity § § § Does the prescription, medical record look altered or possibly forged? Does the medical history support the services requested? Have there been numerous identical prescriptions? Is the person receiving the service the actual person (identity theft)? Is the diagnosis supported in the medical record? Ø Conduct yourself in an ethical manner Ø Ensure accurate and timely data/billing Ø Keep up to date with FWA policies and procedures, standards of conduct, laws, regulations, and CMS guidance Ø Verify all information provided to you

General Compliance Training Other Compliance Related Regulations In addition to the Fraud, Waste and Abuse requirements, there are other compliance regulations that providers must follow and ensure compliance through appropriate operations, policies, procedures, education, etc. The next slides provide an overview of some of these regulations. For additional information, refer to the actual regulation available through the Internet or contact the Corporate Audit and Compliance Services Department.

General Compliance Training Emergency Medical Treatment & Active Labor Act (EMTALA) Ø A Federal Act that requires qualified hospitals to provide medical screening exam (MSE) to individuals seeking treatment for medical condition regardless of citizenship, legal status or ability to pay. Ø Hospitals may not transfer or discharge patient needing emergency treatment except with informed consent or stabilization or to a hospital better equipped. Damages and Penalties May include termination of the hospital or physician's Medicare provider agreement. Hospital fines up to $50, 000 per violation; Physician fines $50, 000 per violation. For more information, visit https: //www. cms. gov/regulations-and guidance/legislation/emtala A medical screening is required to determine if an emergency exists and to provide stabilizing care. Patients will only be transferred to another facility if we do not have necessary equipment/services available or the patient/family requests a transfer to another facility.

General Compliance Training Health Insurance Portability& Accountability Act (HIPAA) Ø HIPAA created greater access to health care insurance, protection of privacy of health care data, promoted standardization and efficiency in the health care industry. Ø HIPAA safeguards prevent unauthorized access to patient protected health care information. Damages and Penalties Violations may result in Civil Monetary Penalties and Criminal Penalties including jail time. For more information, visit https: //www. hhs. gov/hipaa For information about the Privacy Program, see the HIPAA Intranet site. Violation Example A former hospital employee pleaded guilty to criminal HIPAA charges after obtaining protected health information with the intent to use it for personal gain; sentenced to 12 months in prison.

General Compliance Training Health Care Discrimination To "discriminate" means to make a difference in treatment or favor on a basis other than individual merit. In the context of law, unlawful discrimination refers to unfair or unequal treatment of an individual (or group) based on certain characteristics, such as: Age, Race, Having a Disability, Ethnicity, Gender and Gender Identity, Marital Status, National origin, Nationality, Religion, Sexual Orientation. Discrimination laws have a variety of requirements that hospitals must comply with, including: § Providing public notices of the laws and requirements § Identifying key persons of the organization to ensure compliance and address concerns § Ensuring that employees are trained on requirements § Implementing policies and procedures explaining expectations, requirements and processes to meet requirements § Providing notice to patients of grievance processes and how to file complaints These protections extend to facilities providing services under government health programs.

General Compliance Training Health Care Discrimination Laws Examples: Ø Americans with Disabilities Act (ADA) & Section 504 Rehabilitation Act § Prohibits discrimination against individuals with disabilities. Requires health care providers to provide individuals with disabilities equal access to health care services and facilities. Ø Affordable Care Act (ACA) Section 1557 § Prohibits sex discrimination, based on gender identity, transgender status, or gender stereotypes, race, national origin, age, and disability, in hospitals receiving federal financial assistance. Prohibits health insurance companies and health care providers from refusing to cover transition-related treatments or refusing to treat individuals based on gender identity. Ø Medicare and Medicaid Regulations § Protect rights of patients to choose own visitors regardless of legal relationship to the patient; hospitals cannot discriminate against lesbian, gay, bisexual or transgender individuals in visitation or recognizing personal preferences. Requires health care providers to provide individuals with disabilities equal access to health care services and facilities.

General Compliance Training Health Care Discrimination In addition to laws, Accreditation Agencies such as The Joint Commission (TJC) and others address discrimination: § Require hospitals to have internal policies prohibiting discrimination based on gender identity and sexual orientation. § Not restrict, limit or deny visitation privileges on the basis of race, color, national origin, religion, sex, gender identity, sexual orientation or disability. § Ensure that all visitors enjoy full and equal visitation privileges consistent with patient preferences.

General Compliance Training Controlled Substance Management & Diversion All health care institutions that handle controlled substances are required to develop systems to minimize the risk of diversion. The Drug Enforcement Administration (DEA) estimate that prescription drug diversion in the United States is a multi billion dollar-a-year industry. The Organization has established a process to comply with federal and state regulations for controlled substances such as Title 21 CFR Controlled Substances Act, DEA requirements, and both Tennessee and Virginia requirements. The process utilizes routine auditing and monitoring to detect intentional or unintentional breaches of policy and procedure in controlled substance handling throughout the Organization. Known or potential concerns regarding drug diversion must be reported promptly!

Your Responsibilities“Common Sense/Good Judgement” ü Abide by all policies, procedures, laws and regulations. ü Do what is right the first time. ü Use your best judgement - when in doubt, seek advice. ü Immediately report any potential non-compliance. ü Silence is not always Golden. “See Something - Say Something” “Integrity is doing the right thing, even when no one is watching” …. C. S. Lewis (poet)

General Compliance Training Summary CMS: Organizations must create and maintain compliance programs that, at a minimum, meet the seven core requirements. ü An effective Compliance Program fosters a culture of compliance. ü To help ensure compliance, behave ethically and follow the Code of Ethics. Report suspected non-compliance. ü Know the consequences of non-compliance, and resolve any non-compliance with a corrective action plan that includes ongoing monitoring and auditing. Compliance Is Everyone’s Responsibility! Prevent: Operate within the Organization’s ethical expectations; prevent non-compliance! Detect & Report: If you detect potential non-compliance, report it! Correct: Correct non-compliance to protect beneficiaries and be efficient! If you would like more information about the Corporate Compliance Program, the Corporate Audit and Compliance Services Dept, or other aspects of the material presented, please visit the Intranet page or give us a call. The CACS staff is glad to assist you. For more information about the CMS training visit: https: //www. cms. gov/Medicare/Compliance-and-Audits/Part-C-and-Part-DCompliance-and-Audits/Compliance. Program. Policyand. Guidance. html

Almost finished…. Please close this window and return to TEDS to complete the test for this course.