VNSNY Compliance Orientation

Transcription

1 VNSNY Compliance Orientation

2 VNSNY COMPLIANCE ORIENTATION CONTENT 1. General Compliance Orientation Training a. Code of Conduct b. HIPAA c. HIV Confidentiality 2. Corporate Policies and Procedures a. CCD.1 Code of Conduct b. CCD.2 Federal Deficit Reduction Act for 2005 Policy Regarding the Detection Prevention of Fraud Waste and Abuse and Applicable federal and State Laws (DRA) c. CCD.3 Self-Reporting and Self-Disclosure to Governmental Agencies d. CCD.4 Sanction Checks e. CCD.5 Conflict of Interest-Board members, Officers and Key Employees f. CCD.6 Compliance Hotlines g. CCD.7 Reporting Non-Compliance and Fraud Waste and Abuse h. CCD.8 Investigating Compliance Issues and Corrective Action Plans i. CCD.9 Non Retaliation and Non Intimidation (Whistleblower) Policy j. CCD.10 Corrective Action and Disciplinary Guidelines 3. HIPAA Policies and Procedures a. Safeguards/ HIPAA Policy on Use and Disclosure of Patient Information b. VNSNY Provider Policy on Use and Disclosure of Patient Information c. VNSNY CHOICE Policy on Use and Disclosure of Member Information 4. Compliance Poster

3 9/21/ Compliance Team Welcomes You! We will be covering: Key Elements of our Compliance Program: Code of Conduct Fraud, Waste and Abuse HIPAA Confidentiality and special considerations for HIV Key Policies and Procedures 2 1

4 9/21/2016 Program Structure & Implementation Our program is comprised of: Compliance Officers for VNSNY and VNSNY CHOICE Provider and CHOICE Compliance Teams All Centralized at: 1250 Broadway, New York Corporate and Provider Compliance: 26 th Floor Choice Compliance: 11 th Floor VNSNY is governed by: A Code of Conduct Policies and Procedures 3 VNSNY Compliance Program Eight Elements 1. Written Policies and Procedures 2. Designation of a Compliance Officer; Compliance and Risk Structure and Governance 3. Training and Education 4. Communication Lines to Corporate Compliance 5. Disciplinary Policies and Procedures 6. Routine Identification of Compliance Risk Areas and Non-Compliance 7. Responding to Compliance Issues 8. Policy of Non-Intimidation and Non-Retaliation 4 2

5 9/21/2016 VNSNY Compliance Program: Element 1 Written Policies and Procedures VNSNY has written policies and procedures that govern the Compliance Program, which include, the Code of Conduct, Compliance Program, Non-Retaliation Policy, and Conflict of Interest Policy. These policies and procedures can be found in the Intranet under the Corporate Compliance. 5 VNSNY Compliance Program: Element 2 Designation of a Compliance Officer; Compliance and Risk Structure and Governance The VNSNY Vice President of Compliance & Regulatory Affairs together with the VNSNY CHOICE Vice President of Compliance & Regulatory Affairs: Ensure all compliance issues are properly addressed Appropriate compliance assurance reviews, audits and inquiries are conducted Ensure required educational materials and training related to compliance are provided to all Personnel, as defined in the Code of Conduct Coordinate with appropriate members of senior management, the Internal Audit Department, the Legal Department, and, if necessary, outside compliance counsel Refers to: Code of Conduct (CCD.1) 6 3

6 9/21/2016 Compliance Officers Annie Miyazaki-Grant VNSNY Vice President of Compliance & Regulatory Affairs Compliance Officer HIPAA Privacy Officer At (212) or Dorian Needham VNSNY Choice Vice President of Compliance & Regulatory Affairs Compliance Officer At or 7 VNSNY Compliance Program: Element 3 Training and Education All employees hired receive training on the Code of Conduct, HIPAA and HIV Confidentiality and additional education and training based on each job position. The VNSNY Compliance Program includes: Annual training on Conduct of Conduct, HIPAA, HIV and key policies and procedures training based on the job position. Additional training on specific compliance issues may be provided throughout the year as new rules or regulations come out or as internal compliance issues are identified. 8 4

7 9/21/2016 VNSNY Compliance Program: Element 4 Communication Lines to Corporate Compliance You can contact the Compliance Officers or any member of the Compliance Department directly in person, by phone or by . You can also report any concerns ANONYMOUSLY: Compliance Hotlines: VNSNY Provider VNSNY Choice Online: Refers to: Compliance Hotlines (CCD.6) 9 VNSNY Compliance Program: Element 5 Disciplinary Policies and Procedures Discipline may arise if there are Compliance violations such as violating the Code of Conduct, non-adherence to compliance policies and procedures or applicable laws and regulations. Disciplinary Action will NOT be taken against you for reporting compliance concerns or suspected compliance concerns. However, failure to report compliance concerns and/or compliance violations can result in disciplinary action up to and including termination of employment with VNSNY. Disciplinary action may also be taken against anyone who: Refuses to cooperate in a compliance investigation. Engages in an action of retaliation and/or intimidation against an individual for reporting a violation or possible violation of the Code of Conduct. Refers to: Corrective Action and Disciplinary Guidelines (CCD.10) 10 5

8 9/21/2016 VNSNY Compliance Program: Element 6 Routine Identification of Compliance Risk Areas and Non-Compliance: VNSNY s Compliance Department engages in ongoing self-evaluation, monitoring, and auditing; coordination of internal and external auditing activities; and tracking new compliance developments. Compliance reports to the VNSNY Board of Directors. 11 VNSNY Compliance Program: Element 7 Responding to Compliance Issues The Compliance Department will conduct a prompt and full investigation of any reported compliance concern. If it is determined that a compliance violation has occurred, prompt and effective corrective action will be taken. Refers to: Investigating Compliance Issues and Corrective Action Plans (CCD.8) 12 6

9 9/21/2016 VNSNY Compliance Program: Element 8 Policy of Non-Intimidation and Non-Retaliation: VNSNY will not take disciplinary or retaliatory action against anyone who in good faith raises a compliance concern or otherwise participates in the VNSNY Compliance Program. Retaliation or intimidation in any form by any individual associated with VNSNY is strictly prohibited and is itself a serious violation of the VNSNY Code of Conduct. Managers have the responsibility to maintain an environment whereby employees feel comfortable raising issues or asking questions. Refers to: Non-Retaliation and Non-Intimidation (Whistleblower) (CCD.9) 13 We are Bound by Laws and Regulations VNSNY complies with all federal, state, and local laws, rules and regulations regarding licensure and credentialing of employees VNSNY ensures all providers and suppliers are appropriately credentialed in accordance with applicable laws, rules, regulations and policy. Refers to: Sanction Checks (CCD.4) 14 7

10 9/21/2016 Code of Conduct The Code of Conduct covers ALL personnel at VNSNY Provides guidance to carry out everyday activities within legal and ethical standards Compliance expectations are identified; if you ever have a question or concern, contact Compliance in person, by phone or online The VNSNY Board of Directors oversees Compliance 15 Code of Conduct at VNSNY In alignment with the VNSNY Mission and Values, we follow the highest ethical, business and legal standards. All personnel are expected to follow the Code and participate in the Compliance program Unlawful and unethical behavior is not tolerated Open door policy communication and discussion of any concerns or questions this means an open door with your supervisor, Human Resources and Compliance VNSNY is regulated by multiple regulatory agencies i.e. NY State Department of Health, Medicare, Medicaid. 16 8

11 9/21/2016 Code of Conduct Standards for All Act honestly and lawfully in all business dealings, avoiding any conduct that may give the appearance of impropriety Report any actions that may be unlawful, inappropriate or violate any law, regulation or VNSNY policy/procedure or code of conduct Cooperate fully with any Compliance inquiries or investigations Identify any improper practices and help in work to correct these VNSNY expects an environment where everyone treats each other with respect and dignity and without discrimination Refers to: Code of Conduct (CCD.1) 17 Standards Relating to Eligibility VNSNY providers ensure that patients/members meet all applicable eligibility requirements Services provided are medically necessary, appropriately ordered and provided within care standards VNSNY complies with billing, coding and reimbursement regulations, policies & procedures and guidelines Eligibility is documented in a truthful, complete and legible manner All reports to governmental agencies are truthful, accurate, timely and in accordance with applicable laws & requirements 18 9

12 9/21/2016 Client Care & Billing: VNSNY Expectations Each employee who interacts with clients does so by properly evaluating, treating, enrolling and/or managing care; this includes appropriately applying regulations and standards of care Care providers are qualified and licensed, registered and/or credentialed Billing, coding and reimbursement regulations, policies & procedures and guidelines are complied with Services provided are medically necessary, appropriately ordered and provided within care standards Only accurate, truthful and timely documentation is submitted Refers to: Visit Verification and Documentation (CCD.11) 19 Standards for Preventing Fraud, Waste and Abuse Significant fines and penalties are associated with Violations of Fraud, Waste and Abuse The Compliance Department helps to PREVENT Fraud, Waste, and Abuse 20 10

13 9/21/2016 Avoiding Fraud, Waste and Abuse Fraud intentional misrepresentation for benefit or gain Waste unnecessary use/consumption of financial or medical resources Abuse inconsistent practice that results in unnecessary cost or reimbursement You are expected to make sure that you always provide: Accurate coding and billing Truthful and compliant documentation All services provided are documented Equitable care with your clients, without discrimination Refers to: Federal Deficit Reduction Act for 2005 Detection/Prevention of FWA (CCD.2) 21 Penalties 22 11

14 9/21/2016 Help us Prevent Fraud, Waste and Abuse!!! If you see something.say something.to US!! Anonymous and non-anonymous reports can be made through our EthicsPoint Hotlines: VNSNY: (212) CHOICE: (888) Online: REMEMBER: VNSNY Policy Regarding Non-Retaliation and Non-Intimidation PROTECTS YOU! 23 Conflict of Interest The Code of Conduct identifies an expectation that you have a duty of loyalty and commitment to VNSNY. To avoid any situation that may comprise integrity, the Code of Conduct asks you identify any potential conflict of interest to your Manager or a member of the Compliance Department. Examples of conflict of interest are: Employment with a competitor or supplier of VNSNY Financial ownership or interest in company doing business with VNSNY Having a supervisory or reporting relationship with family working at VNSNY *Note: On an annual basis, all employees (Director-level and above) must complete a Conflict of Interest Disclosure Refers to: Conflict of Interest (CCD.5) 24 12

15 9/21/2016 Referrals, Bribes and Kickbacks VNSNY does not solicit, pay or receive payment for referrals, items or services from providers, physicians or anyone else. Federal and state anti-kickback laws make it a crime to knowingly pay, solicit or receive something of value to induce or reward referrals of business VNSNY does not offer items or services for free or below market value to beneficiaries to induce referrals or provide free or below market rate services to physicians/hospitals to induce referrals. Refers to: Code of Conduct (CCD.1) 25 Governmental Inquiries VNSNY cooperates fully with government investigations or inquiries Contact your Manager immediately if you become aware of an investigation If you are asked for documents and/or receive a subpoena or other request for information related to a government investigation, promptly contact the Legal department for assistance Refers to: Code of Conduct (CCD.1) 26 13

16 9/21/2016 Our Intranet site provides you with: Policies and Procedures Elements of the Compliance Program Regulatory Requirements Education Materials HIPAA Information and Breach Reporting How to Contact us!! 27 Health Insurance Portability and Accountability Act (HIPAA) Passed into law in 1996 by President Bill Clinton Helps make better decisions to protect confidential health information Set standards for payment related transactions and privacy and security of patient/member information 28 14

17 9/21/2016 HIPAA HIPAA requires VNSNY staff to adhere to certain rules when using and disclosing protected health information or PHI of its patients/members Protected health information is defined by HIPAA as: information, in any form or medium (including oral, written and electronic communications) relates to an individual s physical or mental health (e.g., provision of payment for) identifies, or could be reasonably expected to be used to identify, an individual Refers to: Safeguards Policy 29 Health Information Technology for Economic and Clinical Health Act (HITECH) Passed into law in 2009 by President Barack Obama Requires hospitals and health care professionals to use electronic medical systems Must have option to submit data to public health agencies Lab results will be added to the Electronic Medical Record Patient has access to their own medical record 30 15

18 9/21/2016 Access Control Access control is a process of restricting workforce access to internal and external application websites to the minimum necessary to perform their job function. It ensures that all users are approved and authorized to access these applications and restrict separated employees or those who no longer require access. By complying with HIPAA, HITECH, PCI-DSS and other regulatory requirements VNSNY decreases the risk of breach incidents with systems outside VNSNY control. Access control poses a significant risk that sensitive data including patient health information can be viewed, accessed, and or misused by unauthorized users and may lead to HIPAA fines and regulatory penalties. Refers to: Access Control Policy and Safeguards Policy 31 Privacy Rights Patients/Members have the right to: Receive a copy of the Notice of Privacy Practices Request restriction on Use and Disclosure of PHI Request access to PHI Request an accounting of certain disclosures of PHI Request an amendment to PHI/Patient Record Request PHI not be disclosed to his/her health plan if the patient pays privately Receive communications by alternative means (i.e. or fax) or to different locations Refers to: Uses and Disclosures of Patient Information; HIPAA Policy on Uses and Disclosures of Member Information; Accounting for Disclosure of Patient and Member Information; Individuals Rights to Access Their Records; Individual s Right to Record Amendment; Patient Request Not to Disclose PHI to a Health Plan 32 16

19 9/21/2016 Permitted Disclosure without Authorization Communication with: The interdisciplinary team at VNSNY The referring MD Insurance companies regarding billing and payment Vendors who have a contract with VNSNY such as Durable Medical Equipment companies, Software vendors, transportation or home health aide vendors, and Quality Assurance Agents Refers to: Uses and Disclosures of Patient Information and HIPAA Policy on Uses and Disclosures of Member Information 33 Follow the Minimum Necessary Rule DO NOT: Use or disclose any PHI except as necessary to do your job Discuss PHI in common areas, your home, another patient/member s home, or out in public (Starbucks, train, etc.) Look at patient/member s medical information unless specifically requested or pertaining to your job Provide the entire medical record or additional information if not required Share PHI with co-workers unless necessary for their job Discuss PHI in front of family members, paraprofessionals, neighbors, volunteers, unless the patient/member has indicated they have no objection Refers to: Minimum Necessary Rule; Uses and Disclosures of Patient Information; and HIPAA Policy on Uses and Disclosures of Member Information 34 17

20 9/21/2016 What can you do? Protect Your Work Area Electronic Devices Printers/Fax Machines/Copy Machines Telephone Inquiries s (ENCRYPTME) Texting Social Media Refers to: Safeguards Policy; Minimum Necessary Rule; Uses and Disclosures of Patient Information; HIPAA Policy on Uses and Disclosures of Member Information 35 Proper Disposal of PHI Paper records containing PHI should be shredded Any other records or files must be destroyed or erased so no PHI can be recovered Hard drives must be erased by IT Department before the device is reused or disposed Refers to: Safeguards Policy 36 18

21 9/21/ HIV Confidentiality Patients/members with diagnoses of HIV, alcohol and/or substance abuse and mental health issues have additional confidentiality protections by state and federal law NYS Public Health Law 27-F Part 63 of the DOH Regulations Governs: HIV Testing HIV Confidentiality HIV Reporting and Partner Notification More protective HIV-related information than HIPAA Refers to: Safeguards Policy; Minimum Necessary Rule; Uses and Disclosures of Patient Information; HIPAA Policy on Uses and Disclosures of Member Information 38 19

22 9/21/2016 Disclosure of HIV Information The General Rule You can only share HIV-related information with other providers or employees if: It is necessary for the patient/member to receive services, OR You have a patient/member consent that specifically authorizes the release of HIV information 39 Reminder A patient/member s HIV status or other HIVrelated information cannot be shared with anyone solely for the purpose of infection control. All health care providers must use standard precautions when providing care to ALL patients. Refers to: Safeguards Policy; Minimum Necessary Rule 40 20

23 9/21/2016 Partner and Contact Information Mandated Reporters Only physicians, nurse practitioners, physician assistants, or laboratories performing an HIV test are mandated to report HIV/AIDS cases to the NYSDOH ONLY physicians and specific Department of Health staff are permitted to notify identified partners or contacts of HIV exposure to risk Physicians do not have a legal duty to notify at-risk partners It is a violation of the law for non-physicians to make this notification (without the HIV infected individual s specific, written release) 41 Releasing HIV information inappropriately is professional misconduct and a violation of the law as well as a violation of VNSNY Policy. When in doubt, do not disclose Ask your Supervisor, Manager or the Privacy Officer 42 21

24 9/21/2016 Breach of Confidentiality Notify your Manager or Supervisor immediately Manager or Supervisor will notify the Privacy Officer/Compliance Department Privacy Officer will evaluate the risk potential of the compromised PHI Privacy Officer is responsible for responding to complaints regarding HIPAA Disciplinary action will be taken by VNSNY if it is determined a staff member knowingly and willfully failed to comply with HIPAA Policies Not sure if an occurrence needs to be reported? Ask your Supervisor, Manager or Privacy Officer 43 HIPAA Policies & Procedures and Breach Incident Report 44 22

25 9/21/ Who should you contact with a HIPAA question? PROVIDER Rachel Lelia-Schwartz, MSN, CCM, CHC Provider & Corporate Compliance Specialist (212) Rachel.Lelia-Schwartz@vnsny.org CHOICE Rachel McCammon, J.D. Compliance Specialist Rachel.McCammon@vnsny.org 46 23

26 9/21/2016 You can also find us at 1250 Broadway in Manhattan: Provider & Corporate Team: 26 th Floor Choice Team: 11 th Floor 47 Compliance Contact Information We encourage you to report issues to a member of the Compliance Department, but we also have a confidential hotline (accessible by phone and on-line) for you to report issues: VNSNY Corporate Compliance Hotline: VNSNY CHOICE Compliance Hotline: Via Web: REMEMBER YOU CAN REPORT ANONYMOUSLY! 48 24

27 9/21/2016 Q & A Session 50 25

28

29

30

31 Dorian Needham VNSNY CHOICE VP of Compliance and Regulatory Affairs (212)

32 26th

33

34

35

36

37

38

39

40

41

42

43

44

45

46 VNSNY CORPORATE POLICY & PROCEDURE TITLE: Federal Deficit Reduction Act of 2005: Policy Regarding the Detection & Prevention of Fraud, Waste and Abuse and Applicable Federal and State Laws (DRA) APPLIES TO: All VNSNY Entities and Their Respective Contractors POLICY OWNER: Corporate Compliance Department FIRST ISSUED: August 2010 NUMBER: CCD.2 PURPOSE: Visiting Nurse Service of New York (together with its affiliates, VNSNY ) is committed to complying with the requirements of Section 6032 of the Federal Deficit Reduction Act of 2005, and to preventing and detecting any fraud, waste and abuse. In furtherance of this policy and to promote compliance with the Deficit Reduction Act, VNSNY disseminates this policy to all personnel (including management, contractors and other agents) to ensure that such persons are aware of relevant federal and state laws regarding the submission of false claims. POLICY: VNSNY prohibits the submission of a false claim for payment from a federal or state funded health care program. The submission of a false claim (i) violates federal and state law; (ii) may result in significant administrative and civil penalties under the federal False Claims Act and/or New York State False Claims Act, respectively; and (iii) may also violate federal and state criminal laws. To assist VNSNY in meeting its legal and ethical obligations, any individual who reasonably suspects or is aware of the preparation or submission of a false claim or report, or any other potential fraud, waste or abuse related to a federal or state funded health care program, is required to report such information to his or her supervisor and the VNSNY Compliance Officer. Any individual who reports such information will have the right and opportunity to do so anonymously, and will be protected against retaliation and intimidation for reporting such information under our internal compliance policies and procedures, as well as federal and state law. However, VNSNY retains the right to take appropriate action against an individual who has participated in a violation of federal or state law or VNSNY policy. VNSNY is committed to the prompt and thorough investigation of actual or potential fraud, waste and/or abuse, and requires all personnel to assist in such investigations. If an individual believes that VNSNY is not responding to his or her report within a reasonable period of time, he or she is required to bring the matter to the attention of the Compliance Officer. Failure to report and disclose, or assist, in an investigation of fraud, waste and/or abuse is a breach of the duty that Federal Deficit Reduction Act of 2005: Policy regarding the detection & prevention of fraud, waste and abuse and applicable Federal and State Laws Page 1 of 11

47 VNSNY CORPORATE POLICY & PROCEDURE all personnel have to VNSNY and may result in disciplinary action, up to and including termination. Name VNSNY VP of Compliance and Regulatory Affairs: Annie Miyazaki-Grant VNSNY CHOICE Director of Compliance: Joel Levi VNSNY Compliance Hotlines and Online Reporting Tool Contact Information Phone Number: (212) Telephone: (212) VNSNY Hotline: (212) VNSNY CHOICE Hotline: (888) VNSNY Online Reporting Tool: Written reports may be mailed to: VNSNY Attn: Compliance Department 1250 Broadway, 26nd Floor New York, NY VNSNY CHOICE Attn: Compliance Department 1250 Broadway, 11nd Floor New York, NY Federal & New York State Statutes Relating To False Claims Following is a brief summary of federal and New York State laws regarding false claims and whistleblower protections. I. FEDERAL LAWS The Federal False Claims Act (31 U.S.C ) The federal False Claims Act ( FCA ) provides, in pertinent part, that: (1) (a) In general. Subject to Paragraph (2), any person who (A) knowingly presents, or causes to be presented, a false or fraudulent claim for payment or approval; (B) knowingly makes, uses, or causes to be made or used, a false record or statement material to a false or fraudulent claim; (C) conspires to commit a violation of subparagraphs (A), (B), (D),... or (G); (D) has possession, custody, or control of property or money used, or to be used, by the Government and knowingly delivers, or causes to be delivered, less than all of that money or property; or (G) knowingly makes, uses, or causes to be made or used, a false record or statement material to an obligation to pay or transmit money or property Federal Deficit Reduction Act of 2005: Policy regarding the detection & prevention of fraud, waste and abuse and applicable Federal and State Laws Page 2 of 11

48 VNSNY CORPORATE POLICY & PROCEDURE to the Government, or knowingly conceals or knowingly and improperly avoids or decreases an obligation to pay or transmit money or property to the Government, is liable to the United States Government for a civil penalty of not less than $5,000 and not more than $10,000, 1 plus 3 times the amount of damages which the Government sustains because of the act of that person. (2) Reduced Damages. *** If the court finds that (A) the person committing the violation of this subsection furnished officials of the United States responsible for investigating false claims violations with all information known to such person about the violation within 30 days after the date on which the defendant first obtained the information; (B) such person fully cooperated with any Government investigation of such violation; and (C) at the time such person furnished the United States with the information about the violation, no criminal prosecution, civil action, or administrative action had commenced under this title with respect to such violation, and the person did not have actual knowledge of the existence of an investigation into such violation, the court may assess not less than 2 times the amount of damages which the Government sustains because of the act of that person. (3) Costs of civil actions. A person violating this subsection shall also be liable to the United States Government for the costs of a civil action brought to recover any such penalty or damages. (b) Definitions. For purposes of this section: (1) the terms knowing and knowingly (A) mean that a person, with respect to information (i) has actual knowledge of the information; (ii) acts in deliberate ignorance of the truth or falsity of the information; or (iii) acts in reckless 1 Although the statutory provisions of the FCA authorize a range of penalties between $5,000 and $10,000, as of the effective date of this policy, those amounts have been adjusted for inflation and increased by regulation to not less than $5,500 and not more than $11, CFR 85.3(a)(9). The amounts of these penalties are subject to change in the future. Federal Deficit Reduction Act of 2005: Policy regarding the detection & prevention of fraud, waste and abuse and applicable Federal and State Laws Page 3 of 11

49 VNSNY CORPORATE POLICY & PROCEDURE disregard of the truth or falsity of the information; and (B) require no proof of specific intent to defraud; (2) the term claim (A) means any request or demand, whether under a contract or otherwise, for money or property and whether or not the United States has title to the money or property, that (i) is presented to an officer, employee, or agent of the United States; or (ii) is made to a contractor, grantee, or other recipient, if the money or property is to be spent or used on the Government s behalf or to advance a Government program or interest, and if the United States Government (I) provides or has provided any portion of the money or property requested or demanded; or (II) will reimburse such contractor, grantee, or other recipient for any portion of the money or property which is requested or demanded; (3) the term obligation means an established duty, whether or not fixed, arising from an express or implied contractual, grantor-grantee, or licensor-licensee relationship, from a fee-based or similar relationship, from statute or regulation, or from the retention of any overpayment; and (4) the term material means having a natural tendency to influence, or be capable of influencing, the payment or receipt of money or property. (d) Exclusion. * * * This section does not apply to claims, records, or statements made under the Internal Revenue Code of Federal Deficit Reduction Act of 2005: Policy regarding the detection & prevention of fraud, waste and abuse and applicable Federal and State Laws Page 4 of U.S.C While the FCA imposes liability only when the claimant acts knowingly, it does not require that the person submitting the claim have actual knowledge that the claim is false. A person who acts in reckless disregard or in deliberate ignorance of the truth or falsity of the information also can be found liable under the Act. 31 U.S.C. 3729(b). In sum, the FCA imposes liability on any person who submits a claim to the federal government, or submits a claim to entities administering government funds,that he or she knows (or should know) is false. An example may be a physician who submits a bill to Medicare for medical services she knows she has not provided. The FCA also imposes liability on an individual who may knowingly submit a false record in order to obtain payment from the government. An example of this may include a government contractor who submits records that he knows (or

50 VNSNY CORPORATE POLICY & PROCEDURE should know) are false and that indicate compliance with certain contractual or regulatory requirements. The third area of liability includes those instances in which someone may obtain money from the federal government to which he may not be entitled, and then uses false statements or records in order to retain the money. An example of this so-called reverse false claim may include a health care facility that obtains interim payments from Medicare or Medicaid throughout the year, and then knowingly files a false cost report at the end of the year in order to avoid making a refund to the Medicare or Medicaid program. In addition to its substantive provisions, the FCA provides that private parties may bring an action on behalf of the United States. 31 U.S.C. 3730(b). These private parties, known as qui tam relators, may share in a percentage of the proceeds from an FCA action or settlement. Section 3730(d)(1) of the FCA provides, with some exceptions, that a qui tam relator, when the government has intervened in the lawsuit, shall receive at least 15 percent but not more than 25 percent of the proceeds of the FCA action depending upon the extent to which the relator substantially contributed to the prosecution of the action. When the government does not intervene, section 3730(d)(2) of the FCA provides that the relator shall receive an amount that the court decides is reasonable and shall be not less than 25 percent and not more than 30 percent. Administrative Remedies for False Claims (31 U.S.C ) This statute allows for administrative recoveries by federal agencies. If a person submits a claim that the person knows is false or contains false information, or omits material information, then the agency receiving the claim may impose a penalty of up to $5,000 for each claim. The agency may also recover twice the amount of the claim. Unlike the federal FCA, a violation of this law occurs when a false claim is submitted, not when it is paid. Also unlike the federal FCA, the determination of whether a claim is false, and the imposition of fines and penalties, is made by the administrative agency, not by prosecution in the federal court system. NEW YORK STATE LAWS New York State False Claim laws fall under the jurisdiction of both New York s civil and administrative laws as well as its criminal laws. Some apply to recipient false claims and some apply to provider false claims. The majority of these statutes are specific to health care or Medicaid. Yet some of the common law crimes apply to areas of interaction with the government and so are applicable to health care fraud. Federal Deficit Reduction Act of 2005: Policy regarding the detection & prevention of fraud, waste and abuse and applicable Federal and State Laws Page 5 of 11

51 VNSNY CORPORATE POLICY & PROCEDURE Civil and Administrative Laws New York False Claims Act (State Finance Law ) The New York False Claims Act is similar to the federal FCA. It imposes penalties and fines on individuals and entities who knowingly file false or fraudulent claims for payment from any state or local government, including health care programs such as Medicaid. It also has a provision regarding reverse false claims similar to the federal FCA, such that a person or entity will be liable in those instances in which the person obtains money from a state or local government to which the person may not be entitled, and then uses false statements or records in order to retain the money. The penalty for filing a false claim under the New York False Claims Act is $6,000 -$12,000 per claim, plus three times the amount of the damages which the state or local government sustains because of the act of that person. In addition, a person who violates this act is liable for costs, including attorneys fees, of a civil action brought to recover any such penalty. The New York False Claims Act allows private individuals to file lawsuits in state court, just as if they were state or local government parties. If the suit eventually concludes with payments back to the government, the person who started the case can recover 25%-30% of the proceeds if the government did not participate in the suit; or 15%-25% if the government did participate in the suit. Social Services Law 145 b False Statements It is a violation to knowingly obtain or attempt to obtain payment for items or services furnished under any Social Services program, including Medicaid, by use of a false statement, deliberate concealment or other fraudulent scheme or device. The state or the local Social Services district may recover three times the amount incorrectly paid. In addition, the New York State Department of Health may impose a civil penalty of up to $10,000 per violation. If repeat violations occur within 5 years, a penalty up to $30,000 per violation may be imposed if the repeat violations involve more serious violations of Medicaid rules, billing for services not rendered, or providing excessive services. Social Services Law 145-c Sanctions If any person applies for or receives public assistance, including Medicaid, by intentionally making a false or misleading statement, or intending to do so, the needs of the individual or that of his family shall not be taken into account for six months if a first offense, for twelve months if a second offense (or if benefits wrongfully received are at least $1,000 and no more than Federal Deficit Reduction Act of 2005: Policy regarding the detection & prevention of fraud, waste and abuse and applicable Federal and State Laws Page 6 of 11

52 VNSNY CORPORATE POLICY & PROCEDURE $3,900), for eighteen months if a third offense (or if benefits wrongfully received are in excess of $3,900), and five years for any subsequent occasion of any such offense. Criminal Laws Social Services Law 145 Penalties Any person who submits false statements or deliberately conceals material information in order to receive public assistance, including Medicaid, is guilty of a misdemeanor. Social Services Law 366-b Penalties for Fraudulent Practices Any person who obtains or attempts to obtain, for himself or others, medical assistance by means of a false statement, concealment of material facts, impersonation or other fraudulent means is guilty of a class A misdemeanor. Any person who, with intent to defraud, presents for payment any false or fraudulent claim for furnishing services, knowingly submits false information to obtain greater Medicaid compensation, or knowingly submits false information in order to obtain authorization to provide items or services is guilty of a class A misdemeanor. Penal Law Article 155 Larceny The crime of larceny applies to a person who, with intent to deprive another of his property, obtains, takes or withholds the property by means of trick, embezzlement, false pretense, false promise, including a scheme to defraud, or other similar behavior. It has been applied to Medicaid fraud cases Fourth degree grand larceny involves property valued over $1,000. It is a class E felony Third degree grand larceny involves property valued over $3,000. It is a class D felony Second degree grand larceny involves property valued over $50,000. It is a class C felony First degree grand larceny involves property valued over $1 million. It is a class B felony. Federal Deficit Reduction Act of 2005: Policy regarding the detection & prevention of fraud, waste and abuse and applicable Federal and State Laws Page 7 of 11

53 VNSNY CORPORATE POLICY & PROCEDURE Penal Law Article 175 False Written Statements Four crimes in this Article relate to filing false information or claims and have been applied in Medicaid fraud prosecutions: Falsifying business records involves entering false information, omitting material information or altering an enterprise s business records with the intent to defraud. It is a class A misdemeanor Falsifying business records in the first degree includes the elements of the offense and includes the intent to commit another crime or conceal its commission. It is a class E felony Offering a false instrument for filing in the second degree involves presenting a written instrument (including a claim for payment) to a public office knowing that it contains false information. It is a class A misdemeanor Offering a false instrument for filing in the first degree includes the elements of the second degree offense and must include an intent to defraud the state or a political subdivision. It is a class E felony. Penal Law Article 176 Insurance Fraud This law applies to claims for insurance payments, including Medicaid or other health insurance and it includes six crimes Insurance fraud in the 5th degree involves intentionally filing a health insurance claim knowing that it is false. It is a class A misdemeanor Insurance fraud in the 4th degree is filing a false insurance claim for over $1,000. It is a class E felony Insurance fraud in the 3rd degree is filing a false insurance claim for over $3,000. It is a class D felony Insurance fraud in the 2nd degree is filing a false insurance claim for over $50,000. It is a class C felony Insurance fraud in the 1st degree is filing a false insurance claim for over $1 million. It is a class B felony. Federal Deficit Reduction Act of 2005: Policy regarding the detection & prevention of fraud, waste and abuse and applicable Federal and State Laws Page 8 of 11

54 VNSNY CORPORATE POLICY & PROCEDURE Aggravated insurance fraud is committing insurance fraud more than once. It is a class D felony. Penal Law Article 177 Health Care Fraud This statute primarily applies to claims for health insurance payments, including Medicaid, and contains five crimes: Health care fraud in the 5th degree a person is guilty of this crime when, with intent to defraud a health plan, he or she knowingly and willfully provides material false information or omits material information for the purpose of requesting payment from a health plan. It is a class A misdemeanor Health care fraud in the 4th degree a person is guilty of this crime upon filing such false claims on one or more occasions and annually receiving more than $3,000. It is a class E felony Health care fraud in the 3rd degree a person is guilty of this crime upon filing such false claims on one or more occasions and annually receiving over $10,000. It is a class D felony Health care fraud in the 2nd degree a person is guilty of this crime upon filing such false claims on one or more occasions and at least $50,000 in the aggregate, within one year, is filed with a single health plan. It is a class C felony Health care fraud in the 1st degree a person is guilty of this crime upon filing such false claims on one or more occasions and annually receiving over $1 million from a single health plan. It is a class B felony. WHISTLEBLOWER PROTECTIONS Federal False Claims Act (31 U.S.C. 3730(h)) The federal FCA provides protection to qui tam relators (individuals who commence a False Claims action) who are discharged, demoted, suspended, threatened, harassed, or in any other manner discriminated against in the terms and conditions of their employment as a result of their furtherance of an action under the FCA. 31 U.S.C. 3730(h). Remedies include reinstatement with comparable seniority as the qui tam relator would have had but for the discrimination, two times the amount of any back pay, interest on any back pay, and compensation for any special Federal Deficit Reduction Act of 2005: Policy regarding the detection & prevention of fraud, waste and abuse and applicable Federal and State Laws Page 9 of 11

55 VNSNY CORPORATE POLICY & PROCEDURE damages sustained as a result of the discrimination, including litigation costs and reasonable attorneys fees. New York False Claims Act (State Finance Law 191) The New York State False Claims Act also provides protection to qui tam relators who are discharged, demoted, suspended, threatened, harassed, or in any other manner discriminated against in the terms and conditions of their employment as a result of their furtherance of an action under the Act. Remedies include reinstatement with comparable seniority as the qui tam relator would have had but for the discrimination, two times the amount of any back pay, interest on any back pay, and compensation for any special damages sustained as a result of the discrimination, including litigation costs and reasonable attorneys fees. New York Labor Law 740 An employer may not take any retaliatory action against an employee if the employee discloses information about the employer s policies, practices or activities to a regulatory, law enforcement or other similar agency or public official. Protected disclosures are those that assert that the employer is in violation of a law that creates a substantial and specific danger to the public health and safety or which constitutes health care fraud under Penal Law 177 (knowingly filing, with intent to defraud, a claim for payment that intentionally has false information or omissions). The employee s disclosure is protected only if the employee first brought up the matter with a supervisor and gave the employer a reasonable opportunity to correct the alleged violation. If an employer takes a retaliatory action against the employee, the employee may sue in state court for reinstatement to the same, or an equivalent position, any lost back wages and benefits and attorneys fees. If the employer is a health provider and the court finds that the employer s retaliatory action was in bad faith, it may impose a civil penalty of $10,000 on the employer. New York Labor Law 741 A health care employer may not take any retaliatory action against an employee if the employee discloses certain information about the employer s policies, practices or activities to a regulatory, law enforcement or other similar agency or public official. Protected disclosures are those that assert that, in good faith, the employee believes constitute improper quality of patient care. The employee s disclosure is protected only if the employee first brought up the matter with a supervisor and gave the employer a reasonable opportunity to correct the alleged violation, unless the danger is imminent to the public or patient and the employee believes in good faith that reporting to a supervisor would not result in corrective action. If an employer takes a retaliatory action against the employee, the employee may sue in state court for reinstatement to the same, or an equivalent position, any lost back wages and benefits and attorneys fees. If the Federal Deficit Reduction Act of 2005: Policy regarding the detection & prevention of fraud, waste and abuse and applicable Federal and State Laws Page 10 of 11

56 VNSNY CORPORATE POLICY & PROCEDURE employer is a health provider and the court finds that the employer s retaliatory action was in bad faith, it may impose a civil penalty of $10,000 on the employer. Reviewed Sept 2010 Nov 2013 May 2014 Oct 2014 Oct 2015 Revised Sept 2010 Nov 2013 May 2014 Oct 2014 Federal Deficit Reduction Act of 2005: Policy regarding the detection & prevention of fraud, waste and abuse and applicable Federal and State Laws Page 11 of 11

57 VNSNY CORPORATE POLICY & PROCEDURE TITLE: SELF-REPORTING AND SELF-DISCLOSURE TO GOVERNMENTAL AGENCIES APPLIES TO: All VNSNY Entities POLICY OWNER: Corporate Compliance Department FIRST ISSUED: March 2014 PURPOSE This Policy seeks to ensure that VNSNY identifies, investigates and addresses all potential violations of law and compliance issues and discloses those issues to appropriate governmental agencies, consistent with its obligations under applicable laws, regulations, guidelines and contractual requirements. Certain federal and state laws, in addition to requirements contained in contracts between VNSNY Entities and governmental agencies, require VNSNY to return Overpayments (defined below) within a certain time period once they are identified. If an identified Overpayment is not returned within the designated period, VNSNY may be subject to enforcement procedures, additional fines and penalties, including but not limited to actions brought under the False Claims Act. This Policy discusses how Overpayments arise, when they are identified and how VNSNY ensures that such Overpayments are accurately quantified and timely returned. The Policy should be read together with those additional policies and procedures referenced below and any other applicable policies or procedures specific to a business unit, department or group. Any questions or concerns regarding potential Overpayments should be addressed to the VP of Compliance (either directly or through the Compliance Hotlines) or to the Legal Department. SCOPE This Policy applies to all VNSNY Personnel (defined below) who encounter billing, reimbursement or other compliance issues that may lead to an Overpayment. To the extent an Overpayment has arisen between a VNSNY Entity (as defined below) and a commercial payor or downstream provider, please contact the Compliance or Legal Departments for additional guidance. DEFINITIONS CMS means the Centers for Medicare and Medicaid Services

58 VNSNY CORPORATE POLICY & PROCEDURE DOH means the New York State Department of Health. MAC means the Medicare Administrative Contractor. OIG means the Office of Inspector General of the U.S. Department of Health and Human Services. OMIG means the New York State Office of the Medicaid Inspector General. Overpayment any funds that VNSNY receives or retains under title XVIII or XIX to which VNSNY, after applicable reconciliation, is not entitled under such title. VP of Compliance means the VNSNY VP of Compliance and Regulatory Affairs. VNSNY means, as appropriate, one or more VNSNY Entities and VNSNY Personnel. VNSNY Entity means any corporate entity among the Visiting Nurse Service of New York, which would include a VNSNY Provider or VNSNY CHOICE. VNSNY Personnel means any and all directors, officers, employees, agents, contractors and volunteers at the Visiting Nurse Service of New York, VNSNY Providers and/or VNSNY CHOICE. VNSNY Providers means, collectively, Visiting Nurse Service of New York Home Care, VNSNY Hospice and Palliative Care, Partners in Care and VNS CHOICE Community Care. POLICY 1. VNSNY reports timely to appropriate governmental agencies all Overpayments, and VNSNY will make any refunds that are necessary. 2. If there is an indication that VNSNY received an Overpayment, the VP of Compliance, or his/her designee, will investigate the allegations and underlying facts, quantify the potential overpayment amount, and ensure that any errors are corrected and refunds are made to the appropriate governmental agencies in the appropriate timeframes. 3. The VP of Compliance, in consultation with the Chief Risk Officer and the Legal Department, may determine that it is necessary to communicate an Overpayment directly to the OMIG, DOH, the Department of Justice, the OIG, and/or other appropriate state or federal governmental agencies. PROCEDURES 1. All VNSNY Personnel must immediately notify the VP of Compliance, their supervisor, the VNSNY CHOICE Director of Compliance and Regulatory Affairs or other - 2 -

59 VNSNY CORPORATE POLICY & PROCEDURE management staff, or alternatively use the Compliance Hotlines or portal to inform them, of any potential Overpayment in accordance with the VNSNY Code of Conduct and the VNSNY Corporate Policy: Reporting Non-Compliance and Fraud, Waste and Abuse Failure to report a potential Overpayment as described in this Section will subject that VNSNY Personnel member to discipline up to, and including, termination in accordance with the VNSNY Compliance Program Disciplinary Standards and Procedures. 3. The VP of Compliance is responsible for ensuring that VNSNY properly discloses all Overpayments, makes any reports and refunds that are necessary within the timeframes listed in Section d below of this Policy, and tracks and records these disclosures. a. Potential Overpayments may be identified from the following non-exhaustive list of sources: i. Payments to VNSNY Providers 1. Inaccurate cost reporting; 2. Incorrect medical record coding; 3. Medicare Coverage Options Review; 4. Kickbacks; 5. Routine checks conducted by VNSNY of employees and contractors who appear on an exclusion list; 6. Audits and monitoring activities, including medical record and billing reviews, and reviews of functions performed by contractors; 7. Identified non-compliance with billing standards, as identified by governmental or outside auditors that have extended beyond the audit period; 8. Credit balances; or 9. Other compliance and departmental oversight activities that may identify Overpayments. ii. For VNSNY CHOICE 1 Patient Accounts shall not be required to notify the VP of Compliance for Overpayments to VNSNY Providers that are less than five thousand dollars ($5,000) unless Overpayments is the result of fraudulent activity or other misconduct

60 VNSNY CORPORATE POLICY & PROCEDURE 1. HEDIS/QARR and Plan Quality and Performance Ratings; 2. Routine member eligibility checks conducted by Membership Development, the Membership and Eligibility Unit or governmental or outside auditors; 3. Inaccurate Medicaid Managed Care Operating Reports; 4. Inaccurate Medicare Risk Adjustment Processing System and/or Encounter Data Submission data; 5. Improper supplemental capitation (kickback) payments; 6. Periodic reports generated by the Finance Department, Membership Development or the Membership and Eligibility Unit listing the claims that have been voided or adjustment or credit balances that have been received; 7. Other compliance and departmental oversight activities that may identify Overpayments. b. When the VP of Compliance learns of a potential Overpayment, he or she or his/her designee will investigate the underlying facts to determine whether an Overpayment occurred. c. The VP of Compliance may enlist the assistance of other VNSNY departments to help investigate the potential Overpayment, including, without limitation, the Finance, Human Resources, Information Technology, Internal Audit, and the Legal Departments. The VP of Compliance may also engage outside legal counsel, auditors or other consultants to help determine whether an Overpayment has occurred. d. The VP of Compliance and/or designee, meets with the Legal Department on a biweekly basis to discuss ongoing investigations and potential refunds. e. Once the VP of Compliance has confirmed than an Overpayment has occurred, VNSNY has sixty (60) days to quantify and report the Overpayment to the appropriate government agency. If the VP of Compliance, with help of internal staff, outside legal counsel, auditors, or other consultants, as needed, is unable to quantify the amount to be refunded within sixty (60) days from the date on which the Overpayment was confirmed to have occurred, the VP of Compliance will notify the appropriate governmental agency that a VNSNY Entity has learned of a potential Overpayment and that the VNSNY Entity is currently undertaking efforts to quantify the amount of the Overpayment to be refunded. In the communication with the governmental agency, the VP of Compliance will provide an estimate of when such work will be completed

61 VNSNY CORPORATE POLICY & PROCEDURE i. The OMIG shall be notified of Overpayments to VNSNY Providers and the OMIG and/or DOH, as appropriate, shall be notified for Overpayments to VNSNY CHOICE arising from the Medicaid program. ii. The OIG, CMS, the MAC or another applicable federal agency or contractor will be notified for Overpayments arising from the Medicare program based on a determination made by the VP of Compliance in consultation with the Legal Department. f. Once quantified, VNSNY will refund the Overpayment to the appropriate governmental agency or contractor in accordance with any guidance, protocols or procedures issued by the governmental agency to which the refund will be made. i. For any Overpayments arising from the Medicaid program that are nonroutine, systemic or otherwise warrant reporting due to the amount or nature of the Overpayment, as determined by the VP of Compliance, VNSNY must submit a report to the OMIG that follows the requirements contained in the most recent OMIG Self-Disclosure Submission Guidelines. A copy of the OMIG Self-Disclosure Guidelines is available at here. ii. For any Overpayments arising from Medicare or another government health care program that are non-routine, systemic or otherwise warrant reporting due to the amount or nature of the Overpayment, as determined by the VP of Compliance, VNSNY shall submit a report to CMS, the MAC or another governmental agency or contractor using analogous selfdisclosure protocols issued by the applicable governmental agencies. 1. Such reports shall include: a. The basis for the disclosure, including how the Overpayment was discovered, the approximate time period covered, and an assessment of the potential financial impact; b. The federal and state laws, regulations, guidelines, and policies that were potentially violated, if any; c. The proposed corrective actions that have been or will be taken to address the problem that has led to disclosure of the Overpayment and the process for monitoring the issue to prevent recurrence; and d. Other information that the VP of Compliance may deem pertinent to include in the report

62 VNSNY CORPORATE POLICY & PROCEDURE iii. Overpayments to VNSNY Providers that total more than twenty-five thousand ($25,000) will generally warrant reporting, but the VP of Compliance makes the final decision, taking into consideration the facts and circumstances surrounding the Overpayment. iv. Overpayments to VNSNY CHOICE that total more than twenty-five thousand ($25,000) will generally warrant reporting, but the VP of Compliance makes the final decision, taking into consideration the facts and circumstances surrounding the Overpayment, and any other contractual or legal requirements v. For any Overpayments that are routine, non-systematic or do not otherwise warrant reporting due to the amount or nature of the Overpayment, the VP of Compliance may authorize in writing the appropriate department to void or adjust the claims to be refunded in accordance with the VNSNY practice for voiding transactions and/or processing refunds. The responsible department may not void or adjust a paid claim to refund an Overpayment without the prior written authorization of the VP of Compliance. g. The VP of Compliance will maintain a log of all Overpayments that have been disclosed to governmental authorities pursuant to this Policy. The log will include the following information: i. The date that the potential Overpayment was discovered; ii. The date that the Overpayment was disclosed and/or refunded; iii. The cause of the Overpayment; iv. The amount of the Overpayment; v. A summary of the corrective action being implemented to prevent the Overpayment from recurring; and vi. The status of the refund. h. All Overpayments will be reported to the VNSNY Board of Directors (or a committee thereof), the respective VNSNY Entity Board and the VNSNY Compliance Working Group. i. The VP of Compliance is responsible for taking all necessary actions to ensure that corrective action is taken by VNSNY to prevent the same or similar Overpayments from occurring in the future. RECORDS RETENTION - 6 -

63 VNSNY CORPORATE POLICY & PROCEDURE All VNSNY Personnel affected by this Policy should review and must comply with VNSNY s document retention policies as set forth in the Compliance Program Code of Conduct, and any applicable document hold and preservation orders issued by the General Counsel or his/her designee. REPORTING & QUESTIONS/ASSISTANCE If you are aware of a situation that you believe may violate this Policy, you must promptly contact an immediate supervisor, the VP of Compliance and Regulatory Affairs, a member of the VNSNY Compliance Department or the General Counsel. Reports may also be submitted anonymously via the VNSNY CHOICE Compliance Hotline at or the VNSNY Compliance Hotline at or the VNSNY Online Reporting Tool: See Compliance Hotlines Policy. In addition, if you have any questions or concerns about this Policy, you may raise them with any of the individuals identified above or via the Compliance Hotlines. POLICY OWNER: Corporate Compliance and Legal Departments REFERENCES: The contractual and regulatory requirements applicable to this policy area include the VNSNY Code of Conduct; VNSNY Corporate Policy: Reporting Non-Compliance and Fraud, Waste and Abuse; VNSNY Compliance Program Disciplinary Standards and Procedures; OMIG Self Disclosure Guidance (March 12, 2009); OMIG Self-Disclosure Program (August 2012); 18 N.Y.C.R.R (link); and 42 U.S.C. 1320a-7k(d) (link). Reviewed April 2014 Nov 2015 Revised Approved & April 2014 June 3, 2014 (by NYSDOH) - 7 -

64 VNSNY CORPORATE POLICY & PROCEDURE TITLE: Sanction Checks APPLIES TO: All VNSNY Entities POLICY OWNER: Corporate Compliance Department FIRST ISSUED: October 2011 NUMBER: CCD.4 PURPOSE: As mandated by federal and state laws, and in accordance with the VNSNY Compliance Program (the Program ), VNSNY will conduct all required exclusion screenings on employees, Board members, referral sources, and contractors. This Policy and Procedure outlines the respective processes for ensuring that all required screening occurs, that the screenings are tracked and monitored, and that any potential exclusions are investigated and immediately acted upon. DEFINITIONS: 1. Sanction. A sanction means exclusion, censure, conditional/limited participation in a Federal Health Care Program or any Federal procurement or Federal non-procurement program imposed because of the commission of unacceptable practices such as unprofessional conduct, submission of false claims, and acceptance of bribes or kickbacks, solicitation of clients with impermissible premiums or inducements. 2. Exclusion. An exclusion is a type of sanction. A person who is excluded from the program cannot be involved in any activity relating to furnishing medical care, services or supplies to recipients of medical assistance for which claims are submitted to the program, or relating to claiming or receiving payment for medical care, services or supplies during the period. 3. Ineligible Person. An Ineligible Person means an individual or entity who/which is or has been excluded, debarred or suspended from, or is otherwise ineligible to participate in any Federal health care program or any Federal procurement or non-procurement program and has not been reinstated after the period of exclusion, debarment, suspension or ineligibility. 4. Federal Health Care Program. A Federal Health Care Program is any plan or program that provides health benefits, whether directly, through insurance, or otherwise, which is funded directly, in whole or in part, by the United States Government or any State health care program, including, without limitation, Medicare, Medicaid, Tricare, and programs receiving federal or state grants. Sanction Checks Page 1 of 8

65 VNSNY CORPORATE POLICY & PROCEDURE 5. Exclusion Lists. Exclusion Lists means the following lists, which are checked in accordance with the Procedures detailed in this document: a. The United States Department of Health and Human Services, Office of Inspector General s ( OIG ) List of Excluded Individuals/Entities ( LEIE ) (currently available on-line at: b. The General Service Administration s ( GSA ) Excluded Parties List System ( EPLS ) (currently available on-line at : c. The New York State Office of the Medicaid Inspector General s ( OMIG ) List of Restricted, Terminated or Excluded Individuals or Entities (currently available on-line at: d. The National Plan Provider Enumeration System (NPPES) (currently available on-line at: e. The Social Security Administration Death Master File. Access to the Death Master File is restricted and requires all users to complete a certification form). 4C84-AB61- C12ACD095FE3%7D/PageVars/Library/InfoManage/Guide.htm f. The OIG Most Wanted Fugitives (currently available on-line at: and g. The Office of Foreign Assets Control Specially Designated Nationals (currently available on-line at: List/Pages/fuzzy_logic.aspx). Other sources and lists may also be checked as VNSNY deems necessary and appropriate. For example, if a potential employee s application for employment indicates that he/she worked in any other state(s), or if a contractor has worked, or works, in any other state(s), the equivalent state-specific lists, if available, may also be checked. Sanction Checks Page 2 of 8

66 VNSNY CORPORATE POLICY & PROCEDURE 6. Primary Exclusion Lists. The Primary Exclusion Lists include databases a.-d. of the Exclusion Lists. POLICY: VNSNY is committed to using good faith, reasonable efforts to not employ, allow to serve on its Board, contract with, or otherwise accept referrals from individuals or entities that are currently excluded, debarred or suspended from, or otherwise ineligible to participate in any Federal Health Care Program or in any Federal procurement or non-procurement program. This Policy applies to all candidates for employment with VNSNY and employees and certain volunteers; members of the Board of Directors of VNSNY and the Boards of Directors of each of the VNSNY subsidiaries and affiliates (collectively, the VNSNY Board Members ); all physicians, practitioners, and other providers who order health care services provided by VNSNY (collectively referred to as referral sources ); any individuals or entities in the VNSNY CHOICE networks, and all other vendors and contractors who/which do business with VNSNY (collectively referred to as contractors ). PROCEDURES: In order to ensure compliance with the above Policy, VNSNY will, at minimum, take the following actions: A. PROCEDURES FOR DETERMINING INELIGIBILITY 1. EMPLOYEES a. Candidates For Employment. Each candidate for employment is required to disclose on his/her employment application whether he or she is an Ineligible Person. Any applicant who is an Ineligible Person will not be hired or otherwise become affiliated in any way with VNSNY. b. New Employees. Before hiring any new employee and for certain volunteers, VNSNY or its designee will, at minimum, check the individual s name against the Exclusion Lists. If the individual s name appears on any of the Exclusion Lists, any offer of employment must be withdrawn and the individual may not be hired unless clear evidence is presented showing that the matters leading to appearance on the Exclusion Lists(s) have been finally resolved, making that individual no longer an Ineligible Person. c. Monthly Checks of Current Employees. On a monthly basis, VNSNY or its designee will check the names of all current VNSNY employees and certain volunteers against each of the Exclusion Lists. If an individual s name appears on any of the Exclusion Lists, the Procedures set forth in Section B, below, will be followed. Sanction Checks Page 3 of 8

67 VNSNY CORPORATE POLICY & PROCEDURE 2. REFERRAL SOURCES a. New Referral Sources. Before accepting orders for healthcare services from any new referral source, VNSNY or its designee will, at minimum, check the individual s/entity s name against the Primary Exclusion Lists. If the individual s/entity s name appears on any of the Primary Exclusion Lists, the individual/entity may not serve as a referral source to VNSNY unless clear evidence is presented showing that the matters leading to their appearance on the Primary Exclusion Lists(s) have been finally resolved, making that individual/entity no longer an Ineligible Person. b. Monthly Checks of Referral Sources. On a monthly basis, VNSNY or its designee will check the names of all current health care referral sources against each of the Exclusion Lists. If an individual s/entity s name appears on any of the Exclusion Lists, the Procedures set forth in Section B, below, will be followed. 3. VNSNY CHOICE NETWORK PROVIDERS AND SUPPLIERS. a. Credentialing. At the time of credentialing, VNSNY CHOICE checks all new providers and suppliers against databases a.-d. of the Primary Exclusion Lists. If the individual s/entity s name appears on any of the Primary Exclusion Lists, the provider or supplier will be denied credentialing and will be placed on a HOLD payment, which will prohibit payment from being made to the provider or supplier. b. Monthly Network Checks. On a monthly basis, VNSNY or its designee will check the names of the entire VNSNY CHOICE network all against each of the Exclusion Lists. If an individual s/entity s name appears on any of the Exclusion Lists, and the provider or supplier will be placed on a HOLD payment which will prohibit payment from being made to the provider or supplier, the provider or supplier will receive a written termination letter, and the contract will be terminated. 4. CONTRACTORS/VENDORS a. Monthly Checks of Current Contractors. On a monthly basis, VNSNY or its designee will check the names of all current contractors against each of the Exclusion Lists. If a contractor s name appears on any of the Exclusion Lists, the Procedures set forth in Section B, below, will be followed. In addition, VNSNY will require certain contractors providing health related services (e.g., LHCSAs, DME vendors, temporary staffing agencies, etc.) to (i) perform monthly checks of each of the Exclusion Lists for all of the contractor s employees and subcontractors; (ii) maintain evidence of these monthly checks for 10 years; and (iii) make such evidence available to VNSNY promptly upon its request. If the contractor or any of its employees or subcontractors Sanction Checks Page 4 of 8

68 VNSNY CORPORATE POLICY & PROCEDURE becomes an Ineligible Person at any time, the contractor will be required to immediately disclose such information to VNSNY s VP of Compliance and Regulatory Affairs ( VP of Compliance ) or his/her designee, and the Procedures set forth in Section B, below, will be followed. If a contractor providing health related services to VNSNY becomes an Ineligible Person, then the contract shall be terminated immediately. b. Recommended Contract Provisions. It is recommended that any agreement/contract with VNSNY include at least a representation/warranty from the contractor that he/she/it and each of his/her/its employees and contractors are not Ineligible Persons. To the extent that a contractor provides health care services that are reimbursed by any Federal Health Care Program, directly or indirectly, the agreement/contract should contain the following: i. A requirement that the contractor perform monthly checks of each of the Exclusion Lists for all of its employees and subcontractors, and maintain documentation thereof for 10 years, and that the documentation will be made available to VNSNY promptly upon its request; ii. iii. iv. A requirement that the contractor immediately disclose to VNSNY s VP of Compliance or his/her designee if the contractor or any of its employees or subcontractors becomes an Ineligible Person at any time during the term of the agreement/contract or at any time relating to its performance of services for or on behalf of VNSNY; and A provision that gives VNSNY the right to immediately terminate the agreement/contract in the event the contractor or any of its employees or subcontractors becomes an Ineligible Person at any time during the term of the agreement/contract or at any time relating to its performance of services for or on behalf of VNSNY. Legal counsel drafting a contract/agreement shall have discretion in the crafting of the appropriate provision. B. RESPONSE TO A DETERMINATION OF INELIGIBILITY Should any of the processes set forth above result in the determination that any individual/entity is, or has been, an Ineligible Person, then the following procedures will be followed: 1. NOTIFICATION OF THE VP OF COMPLIANCE. The VP of Compliance or designee will be immediately notified in writing. The VP of Compliance or designee will then promptly notify the affected VNSNY Sanction Checks Page 5 of 8

69 VNSNY CORPORATE POLICY & PROCEDURE entity or entities and all other individuals and departments within VNSNY that are necessary and appropriate. 2. SUSPENSION OF BILLING OR PAYMENT. If an ineligibility determination relates to an individual or entity for which claims for reimbursement are being submitted by or on behalf of VNSNY to a Federal Healthcare Program, any such billing or payment that is related (whether directly or indirectly) to the Ineligible Person will be immediately suspended. 3. INTERNAL INVESTIGATION AND CORRECTIVE ACTION. 4. REMOVAL REQUIREMENT. The VP of Compliance or designee will promptly undertake an appropriate investigation of the matter, consulting, as necessary, with counsel, and appropriate corrective and/or disciplinary action will be implemented promptly. For example, such action may include, but is not necessarily limited to: suspension without pay, or termination of an individual s employment or contract; termination of a contractor s agreement; not accepting orders, prescriptions or referrals from such individual or entity; the return of monies or reimbursement improperly received, in accordance with applicable law; and/or disclosure or reporting to the appropriate government agency or agencies, in accordance with applicable law. If VNSNY has actual notice that any individual/entity has become an Ineligible Person, it will, at minimum, remove that individual/entity from responsibility for, or involvement with, VNSNY s business operations related to Federal Health Care Programs. VNSNY will also remove such individual/entity from any position for which his/her/its compensation, or the items or services furnished, ordered or prescribed by such individual/entity, are paid in whole or in part, directly or indirectly, by a Federal Health Care Program or otherwise with Federal funds, at least until such time as the individual/entity is reinstated into the applicable Federal Health Care Program(s) and is no longer an Ineligible Person. Such action will be in addition to any other action deemed necessary and appropriate in connection with the investigation referenced above. Sanction Checks Page 6 of 8

70 VNSNY CORPORATE POLICY & PROCEDURE 5. PROPOSED INELIGIBILITY. If VNSNY has actual notice that an individual/entity is the subject of an action that proposes to make the individual/entity an Ineligible Person, VNSNY will take all appropriate actions to ensure that the responsibilities of such individual/entity have not and will not adversely affect either the quality of care rendered to any Federal Health Care Program beneficiary or the integrity of any claim submitted to any Federal Health Care Program. Such action will be in addition to any other action deemed necessary and appropriate in connection with the investigation referenced above. Any individual/entity who knows or should have known of his/her Ineligible Person status is required to report that immediately to the VP of Compliance or designee and the Human Resource Department. 6. NOTIFICATIONS TO FEDERAL OR STATE AGENCIES. C. REPORTS As may be required pursuant to any federal or state law, regulation, or contractual requirement, the VP of Compliance or designee will notify the relevant federal or state agency of the Ineligible Person in accordance with any required timeframe. At least annually, and more frequently as appropriate, the VP of Compliance or designee will report to the Board of Directors of VNSNY or the affiliate Board of Directors and/or the appropriate Board Committee on the checks of the Exclusions Lists performed under this Policy and Procedure, whether the results of those checks revealed any Ineligible Persons, and if so, what corrective or other action(s) were or will be instituted, and the status or results thereof. D. DOCUMENTATION The search results page of the Exclusion Lists, or other proof that the required checks of each of the Exclusion Lists have been performed, will be maintained by the VP of Compliance or his/her designee (which may include, for example, a contractor retained to perform all or some of the required checks on VNSNY s behalf). Such documentation will be maintained for no less than 10 years. Records of any investigations, corrective action and/or disciplinary action taken in accordance with this Policy and Procedure will also be maintained by the VP of Compliance or his/her designee, and a copy will also be maintained in the individual s Sanction Checks Page 7 of 8

71 VNSNY CORPORATE POLICY & PROCEDURE personnel file or other appropriate file. Such records will be maintained for 10 years or as otherwise required by applicable law, whichever is longer. E. QUESTIONS/ENFORCEMENT If you are aware of a situation that you believe may violate this Policy, you must promptly contact an immediate supervisor, the VP of Compliance, or a member of the VNSNY Compliance Department. Reports may also be submitted anonymously via the VNSNY CHOICE Compliance Hotline at , or the VNSNY Compliance Hotline at , or the VNSNY Online Reporting Tool: In addition, if you have any questions or concerns about this Policy, you may raise them with any of the individuals identified above or via the Compliance Hotlines. REFERENCES: Federal: 42 U.S.C. 1320a-7b; 42 CFR (b); Department of Health and Human Services Office of Inspector General: Updated Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs, Special Advisory Opinion (May 9, 2013); Department of Health and Human Services Office of Inspector General, The Effect of Exclusion From Participation in Federal Health Care Programs, Special Bulletin (September 1999); Centers for Medicare & Medicaid Services, State Medicaid Director Letters # (January 16, 2009) and # (June 12, 2008) State: 18 NYCRR 515.5; New York DOH Medicaid Updates (April 2010, Vol. 26, No. 6; June 2007, Vol. 23, No. 6; June 2005, Vol. 20, No. 7) Reviewed Aug 2014 Feb 2015 Nov 2015 Revised Aug 2014 Feb 2015 Nov 2015 Sanction Checks Page 8 of 8

72 VNSNY CORPORATE POLICY & PROCEDURE TITLE: Conflict of Interest - Board Members, Officers and Key Employees APPLIES TO: All VNSNY Entities POLICY OWNER: Corporate Compliance Department FIRST ISSUED: June 21, 2006 (Separated prior policy into one for the Board and one for Employees) NUMBER: CCD. 5 PURPOSE: The Visiting Nurse Service of New York family of corporations (collectively, VNSNY ) has implemented a comprehensive compliance program (the Program ) to ensure that all of its business practices are in compliance with all applicable laws, rules and regulations. 1 As part of the Program, this Policy is designed to ensure that conflicts of interest are appropriately identified and addressed. Specifically, this Policy is designed to ensure that: (i) members of the Board of Directors and committees with Board-delegated powers (collectively, the Board Members ), (ii) Officers (as defined herein), and (iii) Key Employees (as defined herein) of VNSNY understand their duty to disclose actual and potential conflicts of interest. It is important that both the fact and the appearance of an actual or potential conflict of interest be avoided. All Board Members, Officers and Key Employees owe a duty of loyalty to VNSNY. The duty of loyalty requires that Board Members, Officers and Key Employees exercise their powers in good faith and in the best interests of VNSNY, rather than in their own interests or the interests of another person or entity. Conflicts between the interests of VNSNY and the personal or financial interests of a Board Member, Officer or Key Employee may arise from time to time. Some conflicts of interest are illegal, and some are legal but may be unethical or create an appearance of impropriety. This Policy is designed to protect VNSNY s interest when it is contemplating entering into a transaction or arrangement that might benefit the private interest of a Board Member, Officer or Key Employee, or might result in a possible excess benefit transaction. This Policy is intended to supplement, but not replace, any applicable state and federal laws governing conflicts of interest. 1 As used in this Policy, the term VNSNY includes Visiting Nurse Service of New York and each Affiliate (as defined herein) thereof, including: Visiting Nurse Service of New York Home Care, Visiting Nurse Service of New York Hospice Care, Family Care Services, Partners in Care, VNSNY CHOICE, VNS CHOICE Community Care and VNS Continuing Care Development Corporation. Conflict of Interest Page 1 of 12

73 VNSNY CORPORATE POLICY & PROCEDURE All Board Members, Officers and Key Employees are expected to read and understand this Policy in order to be alert to situations that may pose potential or actual conflicts of interest. Neither VNSNY, nor any Board Member, Officer or Key Employee thereof, shall enter into any transaction or arrangement that involves an actual, potential or apparent conflict of interest except in compliance with this Policy. Although, this policy is applicable only to Board Members, Officers, and Key Employees, all employees are subject to the conflict of interest provisions in the VNSNY Code of Conduct. Any questions about the applicability of this policy should be directed to the VP of Compliance & Regulatory Affairs. OVERSIGHT OF THIS CONFLICTS OF INTEREST POLICY The adoption and implementation of, and compliance with, this Policy shall be overseen by the Audit Committee of the Board. The Audit Committee of the Board may, at its discretion, authorize certain functions relating to the implementation of, and compliance with, this Policy to one or more VNSNY employees, but the Audit Committee of the Board will, at all times, retain overall responsibility for all aspects of the oversight of this Policy. DEFINTIONS: Affiliate. The term Affiliate means any entity controlled by, in control of, or under common control of VNSNY. Board. The term Board means a board of directors or any other body constituting a Governing Board as defined below. Director or Board Member. The term Director or Board Member means the members of each Governing Board of VNSNY. Governing Board. The term Governing Board means each governing body responsible for the oversight of a VNSNY entity. Independent Director. The term Independent Director means a Director who: (i) is not, and has not been within the last three years, an employee of VNSNY, and does not have a Relative who is, or has been within the last three years, a Key Employee of VNSNY; (ii) has not received, and does not have a Relative who has received, in any of the last three fiscal years, more than ten thousand dollars ($10,000) in direct compensation from VNSNY (other than reimbursement for expenses reasonably incurred as a Director or reasonable compensation for service as a Director as permitted under New York s Not-For-Profit Corporation Law ( 202(a)); and (iii) is Conflict of Interest Page 2 of 12

74 VNSNY CORPORATE POLICY & PROCEDURE not a current employee of or does not have a substantial financial interest in, and does not have a Relative who is a current Officer of or has a substantial financial interest in, any entity that has made payments to, or received payments from, VNSNY for property or services in an amount which, in any of the last three fiscal years, exceeds the slesser of twenty-five thousand dollars ($25,000) or two percent of VNSNY s consolidated gross revenues. Note that payment, as used in this definition, does not include charitable contributions. Key Employees. Key Employee means any individual who is in a position to exercise substantial influence over the affairs of a VNSNY entity, as determined by VNSNY in accordance with current laws, rules and regulations. The term Key Employee includes, but is not limited to: (a) (b) (c) (d) (e) (f) With respect to any transaction involving VNSNY, any person who was, at any time during the 5-year period ending on the date of the contemplated transaction, in a position to exercise substantial influence over the affairs of a VNSNY entity. Any individual serving on the Governing Board of a VNSNY entity who is entitled to vote on any matter over which the Governing Board has authority; Any person who, regardless of title, has ultimate responsibility for implementing the decisions of the Governing Board of a VNSNY entity, for supervising the management, administration, or operation of a VNSNY entity, or for managing the finances of a VNSNY entity. Included in this group is presumed to be the Presidents, Chief Executive Officers, Chief Operating Officers, Treasurers and Chief Financial Officers of VNSNY entities; Any person with a material financial interest in a provider-sponsored organization (i.e., a Medicare Advantage Organization) in which VNSNY participates. Any person who satisfies the definition of a Key Employee pursuant to the IRS Form 990 instructions, as amended from time to time. Any other person for whom all the relevant facts and circumstances tend to show that the person has substantial influence over the affairs of a VNSNY entity including, but not limited to, the facts and circumstances tending to show Conflict of Interest Page 3 of 12

75 VNSNY CORPORATE POLICY & PROCEDURE substantial influence does or does not exist as outlined in IRS regulations at 26 CFR (e)(2) and (3). 2 Officer. The term Officer means those individuals defined as officers in the bylaws of a VNSNY entity, and those who are otherwise appointed as officers of a VNSNY entity, in accordance with the by-laws of a VNSNY entity (including, but not limited to, the Presidents, Chief Executive Officers, Chief Financial Officers, Treasurers, Chief Operating Officers, and Senior Vice Presidents). Related Party. The term Related Party means any Director, Officer or Key Employee of VNSNY; (ii) any Relative of any Director, Officer or Key Employee of VNSNY; or (iii) any entity in which such individual has a thirty-five percent (35%) or greater ownership or beneficial interest or, in the case of a partnership or professional corporation, a direct or indirect ownership interest in excess of five percent (5%). 2 Facts and circumstances tending to show that a person has substantial influence over the affairs of a VNSNY entity include, but are not limited to, the following: (i) the person founded the entity; (ii) the person is a substantial contributor to the entity (taking into account only contributions received by the entity during its current taxable year and the four preceding taxable years); (iii) the person's compensation is primarily based on revenues derived from activities of the entity, or of a particular department or function of the entity, that the person controls; (iv) the person has or shares authority to control or determine a substantial portion of the entity s capital expenditures, operating budget, or compensation for employees; (v) the person manages a discrete segment or activity of the entity that represents a substantial portion of the activities, assets, income, or expenses of the entity, as compared to the entity as a whole; (vi) the person owns a controlling interest (measured by either vote or value) in a corporation, partnership, or trust that is a disqualified person; or (vii) the person is a non-stock entity controlled, directly or indirectly, by one or more disqualified persons. Facts and circumstances tending to show that a person does not have substantial influence over the affairs of an entity include, but are not limited to, the following: (i) the person has taken a bona fide vow of poverty as an employee, agent, or on behalf, of a religious organization; (ii) the person is a contractor (such as an attorney, accountant, or investment manager or advisor) whose sole relationship to the entity is providing professional advice (without having decision-making authority) with respect to transactions from which the contractor will not economically benefit either directly or indirectly (aside from customary fees received for the professional advice rendered); (iii) the direct supervisor of the individual is not a disqualified person; (iv) the person does not participate in any management decisions affecting the entity as a whole or a discrete segment or activity of the entity that represents a substantial portion of the activities, assets, income, or expenses of the entity, as compared to the entity as a whole; or (v) any preferential treatment a person receives based on the size of that person's contribution is also offered to all other donors making a comparable contribution as part of a solicitation intended to attract a substantial number of contributions. Conflict of Interest Page 4 of 12

76 VNSNY CORPORATE POLICY & PROCEDURE Related Party Transaction. The term Related Party Transaction means any transaction, agreement or any other arrangement in which a Related Party has a financial interest and in which VNSNY is a participant. Relative. The term Relative means (i) spouses, ancestors, brothers and sisters (whether whole or half-blood), children (whether natural or adopted), grandchildren, great grandchildren, and spouses of brothers, sisters, children, grandchildren and great-grandchildren; or (ii) domestic partner as defined in Public Health Law a. POLICY: Vendor. The term Vendor includes vendors, suppliers, consultants, other care providers, referral sources, manufacturers, payors and other third parties (whether individuals or entities) seeking to do, or that are currently engaged in, business with VNSNY Board Members, Officers and Key Employees must, at all times, refrain from being influenced by personal considerations of any kind in the performance of their duties. Whenever a potential or actual conflict of interest exists, the matter must be fully disclosed as set forth below, and the affected Board Member(s), Officer(s) and Key Employee(s) must refrain from participating in the consideration or determination of the transaction until the matter has been resolved as provided herein. PROCEDURE: A. Disclosable Conflicts of Interest/Related Party Transactions. Board Members, Officers and Key Employees have a disclosable conflict of interest if an actual or potential conflict exists between (1) the Board Member, Officer or Key Employee s duty to act in the best interests of VNSNY, and (2) the interests of the Board Member, Officer or Key Employee in personal gain or benefit for himself/herself or another third party. Board Members, Officers and Key Employees also have a disclosable conflict of interest if they are involved in a Related Party Transaction. Although it is impossible to list every circumstance giving rise to a conflict of interest, the following list includes examples of the more common categories of disclosable interests. There is a disclosable interest if a Board Member, Officer or Key Employee or his/her Relative: (a) Relationships with Vendors. Has any financial interest in a Vendor; is a member, owner, director, trustee or officer of a Vendor; or has a contractual or employment relationship with a Vendor. Conflict of Interest Page 5 of 12

77 VNSNY CORPORATE POLICY & PROCEDURE (b) (c) Relationships with Competitors. Has any financial interest in an entity that competes with VNSNY, or has a contractual or employment relationship with an entity that competes with VNSNY. Gifts or Other Favors. Solicits or accepts any gifts, entertainment or other favors from any Vendor under circumstances where it might be inferred that such action was intended to influence the Board Member, Officer or Key Employee in the performance of his/her duties on behalf of VNSNY. (d) Board Member of Other Governing Boards. Serves as a member of the governing board or officer of another health care organization which does business with or is affiliated with VNSNY, or refers business to or from VNSNY. The foregoing shall not include the service on any such corporation (e) (f) (g) When the Board Members, Officers or Key Employee is requested to engage in such service by the Board of VNSNY. Relationships Between Board Members or Between Board Members and Officers. Has any family or business relationship with another Board Member or Officer of VNSNY. A business relationship with a Board Member or Officer includes (i) direct business relationships, (ii) indirect business relationships through or between entities of which either or both parties is a member, owner, director, trustee or officer, and (iii) co-ownership in an enterprise. Related Party Transaction. Has, or has a Relative who has, a thirty-five percent (35%) or greater ownership or beneficial interest in an entity (or, in the case of a partnership or professional corporation, has a direct or indirect ownership interest in excess of five percent (5%)) that engages in a transaction or has an agreement or any other arrangement with VNSNY. B. Disclosure Requirements. Initial Election of Board Member. Prior to the initial election of any Board Member, such Board Member shall complete, sign and submit to the Secretary of VNSNY a written Conflict of Interest Disclosure Statement identifying, to the best of the Board Member s knowledge, any entity of which the Board Member is an officer, director, trustee, member, owner (either as a sole proprietor or a partner), or employee and with which VNSNY has a relationship, and any transaction in which VNSNY is a participant and in which the Board Member might have a disclosable conflict of interest. All such statements will be filed with the Board Secretary. The Board Conflict of Interest Page 6 of 12

78 VNSNY CORPORATE POLICY & PROCEDURE Secretary will provide copies of all completed Disclosure Statements to the Chair of the Audit Committee. Annual Disclosure Statements. Board Members, Officers and Key Employees will, at least annually, file a Conflict of Interest Disclosure Statement. For Board Members, the Conflict of Interest Disclosure Statement will specifically include, among other disclosable conflicts of interest, a statement identifying, to the best of the Board Member s knowledge, any entity of which he or she is an officer, director, trustee, member, owner (either as a sole proprietor or a partner), or employee and with which VNSNY has a relationship, and any transaction in which VNSNY is a participant and in which the Board Member might have a disclosable conflict of interest. Such statements will initially be filed with the Vice-President ( VP ) of Compliance and Regulatory Affairs or his/her designee, who shall keep a confidential file of these Disclosure Statements. The VP of Compliance and Regulatory Affairs or his/her designee may consult with the SVP, General Counsel and Chief Risk Officer or outside counsel, as necessary. Board Members, Officers and Key Employees shall disclose all situations that pose a potential or actual conflict of interest, including, but not limited to, the following: (a) (b) (c) The Board Member, Officer or Key Employee or his/her Relative has a disclosable interest; The Board Member, Officer, Key Employee or his/her Relative is considering or is entering into a relationship with a Vendor which poses a potential or actual conflict of interest; and/or The Board Member, Officer, Key Employee or his/her Relative has received or been offered any gift or gratuity under circumstances from which it might be inferred that the gift or gratuity was being given to influence the Board Member, Officer or Key Employee s actions or decisions on behalf of VNSNY. Continuing Obligation to Update Annual Statement. Board Members, Officers and Key Employees have an affirmative obligation to update their annual Disclosure Statement whenever new information arises which is otherwise required to be stated in the annual Disclosure Statement. Disclosure to Secretary of VNSNY/Audit Committee. The VP of Compliance and Regulatory Affairs or his/her designee will provide all Disclosure Statements to the Board Secretary. The Board Secretary will provide a copy of all completed statements to the Chair of the Audit Committee of the Board. Conflict of Interest Page 7 of 12

79 VNSNY CORPORATE POLICY & PROCEDURE If a Board Member, Officer or Key Employee is unsure if they have a conflict of interest or potential conflict of interest, he/she should err on the side of disclosure and file a Conflict of Interest Disclosure Statement with the VP of Compliance and Regulatory Affairs or his/her designee disclosing the issue(s). C. Procedures for Addressing Potential and Actual Conflicts of Interest. Review by the Audit Committee. All completed Conflict of Interest Disclosure Statements and all other disclosures of disclosable conflicts of interest that raise an actual or potential conflict of interest, or that create the appearance of an actual or potential conflict of interest, will be reviewed by the Audit Committee of the Board. In so doing, the Audit Committee: (a) (b) (c) (d) Will consider all relevant facts and circumstances involved in the matter, and in particular, what is fair, reasonable and in the best interests of VNYNY and its patients. Will exclude the affected individual(s) from being present at or participating in the deliberations or voting on the matter. Will prohibit the affected individual(s) from any attempt to influence improperly the deliberations or voting on the matter. Will permit the affected individual(s), upon request of the Audit Committee of the Board, to present information concerning the matter at a meeting prior to commencement of deliberations or voting on the matter. Determination by the Audit Committee. 3 (a) (b) The Audit Committee of the Board will make a final and binding determination as to whether a conflict of interest exists or may exist, and what course VNSNY will take in connection with the matter before it. The Audit Committee of the Board will contemporaneously document in writing in appropriate minutes of any meeting at which the matter is discussed or voted upon all deliberations and determinations relating thereto, to include, at minimum, a summary of the matter, a summary of the discussion, consideration 3 If the conflict of interest is brought before the full Board, only the Independent Directors on the Board may deliberate and vote on the matter. Conflict of Interest Page 8 of 12

80 VNSNY CORPORATE POLICY & PROCEDURE of any alternatives, the meeting attendees, the vote taken, and the basis for the determination, including, but not necessarily limited to, whether the matter is as fair and reasonable to VNSNY as would otherwise then be obtainable by VNSNY. (c) If a more advantageous transaction or arrangement is not reasonably possible under circumstances not producing a conflict of interest, the Audit Committee shall determine by a majority vote of Independent Directors whether the transaction or arrangement is in VNSNY s best interest, for its own benefit, and whether it is fair and reasonable. Based on such determination, the Audit Committee will make its decision about whether or not to enter into the transaction or arrangement. Special Rules for Related Party Transactions. (a) In addition to the general considerations outlined above, all Related Party Transactions are subject to the following additional special rules: VNSNY may not enter into a Related Party Transaction unless the transaction is determined to be fair, reasonable and in VNSNY s best interest at the time of the determination. (b) (c) In considering the Related Party Transaction, the Audit Committee shall ensure that any Board Member, Officer or Key Employee who has an interest in the Related Party Transaction has disclosed in good faith all material facts concerning such interest. No Related Party may participate in the deliberations or voting relating to any Related Party Transaction. However, the Audit Committee may request that a Related Party present information concerning a Related Party Transaction at a meeting prior to the commencement of deliberations or voting relating thereto. With respect to any Related Party Transaction involving VNSNY and in which a Related Party has a substantial financial interest, in addition to the considerations outlined above, the following shall also apply: (a) (b) Prior to entering into the transaction, the Audit Committee shall consider alternative transactions to the extent available. The transaction must be approved by not less than a majority vote of the members present at the meeting (all of which must be Independent Directors). Conflict of Interest Page 9 of 12

81 VNSNY CORPORATE POLICY & PROCEDURE (c) The Audit Committee will contemporaneously document in written minutes the basis for its approval or disapproval, including its consideration of any alternative transactions. Violations of this Policy. If the Audit Committee, the VP of Compliance and Regulatory Affairs, or the SVP General Counsel and Chief Risk Officer has reasonable cause to believe that a Board Member, Officer or Key Employee has failed to disclose an actual or possible conflict of interest, it shall inform the Board Member, Officer or Key Employee of the basis for such belief and afford the Board Member, Officer or Key Employee an opportunity to explain the alleged failure to disclose. If, after hearing the Board Member, Officer or Key Employee s response and such additional investigation as may be necessary or appropriate under the circumstances, the Audit Committee determines that the Board Member, Officer or Key Employee has failed to disclose an actual or potential conflict of interest, it shall take appropriate disciplinary and corrective action. Records of Proceedings. The minutes of the Audit Committee meetings shall contain: (a) (b) (c) The names of the persons who disclosed, or were determined to have, a financial interest in connection with an actual or potential conflict of interest, the nature of the financial interest, any action taken to determine if a conflict existed, and the final decision about whether a conflict existed; and The names of the persons who were present for discussions and votes relating to the transaction or arrangement, the content of the discussion, including any alternatives to the proposed transaction or arrangement, and a record of any votes taken. The Audit Committee meeting minutes where a Conflict of Interest is discussed and voted on shall be forwarded to the VP of Compliance and Regulatory Affairs or his/her designee to be maintained in a confidential file. Certain Compensation Matters. The Board shall have the authority to fix the compensation of Officers of the Corporation. All compensation must be in a reasonable amount for services rendered and be in compliance with the By-Laws and all other legal requirements. No person Conflict of Interest Page 10 of 12

82 VNSNY CORPORATE POLICY & PROCEDURE who may benefit from such compensation may be present at or otherwise participate in any deliberation or vote concerning his or her compensation. However, such person may be asked to present information as background or answer questions at a meeting prior to the commencement of deliberations or voting relating thereto. Annual Statements. As part of the Annual Disclosure Statement, each Board Member, Officer and Key Employee shall sign a statement that affirms that he/she: (a) (b) (c) (d) Has received a copy of this Policy; Has read and understands this Policy; Agrees to comply with this Policy; and Understands that VNSNY is a charitable organization and in order to maintain its federal tax exemption it must engage primarily in activities which accomplish one or more of its tax-exempt purposes. D. Enforcement The VP of Compliance and Regulatory Affairs will ensure that all Board Members, Officers and Key Employees file annual Conflict of Interest Disclosure Statements in accordance with this Policy. If any Board Members, Officers or Key Employees fail to comply with such disclosure requirements, the VP of Compliance and Regulatory Affairs will report such information to the SVP, General Counsel and Chief Risk Officer, who shall make appropriate findings and recommend corrective action, subject at all times to the oversight of the Audit Committee. REFERENCES: New York State Not-For-Profit Corporation Law; IRS Form 1023 Appendix A: Sample of Conflict of Interest Policy available at: Reviewed Sept 2010 Nov 2013 May 2014 Oct 2014 Oct 2015 Revised Sept 2010 Nov 2013 May 2014 Oct 2014 (combined policies) Conflict of Interest Page 11 of 12

83 VNSNY CORPORATE POLICY & PROCEDURE TITLE: Compliance Hotlines APPLIES TO: All VNSNY Entities POLICY OWNER: Corporate Compliance Department FIRST ISSUED: August 2013 NUMBER: CCD.6 PURPOSE: In accordance with our compliance program (the Program ) and Code of Conduct, VNSNY is committed to establishing a culture that promotes prevention, detection and resolution of instances of conduct that do not conform to organizational policies, state and federal laws or regulations, program requirements of the Centers for Medicare and Medicaid Services ( CMS ) and the New York Office of Medicaid Inspector General, and other federal, state and local health care programs. In order to facilitate reporting potential instances of non-compliance, fraud, waste, abuse ( FWA ), and criminal activity, VNSNY maintains a VNSNY Compliance Hotline and a VNSNY CHOICE Compliance Hotline and an online web portal (each a Hotline, and collectively, the Hotlines ). This policy is intended to create a consistent approach to responding to Hotlines calls and submissions, communicating information, and tracking the investigation of each call, and maintaining secure records regarding the resolution of all concerns reported to the Hotlines. POLICY: It is the policy of VNSNY to provide an open line of communication to the VNSNY Compliance Department and to allow persons to report violations of the Code of Conduct or Compliance Program, potential FWA or criminal activity, to ask compliance questions or raise compliance concerns anonymously and confidentially, 24 hours a day, 7 days a week. The Hotlines are administered by an independent third-party vendor ( EthicsPoint ). Every Hotline call or submission (a Report ) is logged by EthicsPoint and transmitted immediately to the VP of Compliance and Regulatory Affairs ( VP of Compliance ) and/or his/her designee for review and assignment. Hotline Numbers, Website and Access VNSNY Compliance Hotline can be accessed at VNSNY CHOICE Compliance Hotline can be accessed at Online Portal can be accessed Compliance Hotlines Page 1 of 3

84 VNSNY CORPORATE POLICY & PROCEDURE The Hotlines are accessible 24 hours a day, 7 days a week and are available to VNSNY s directors, officers, employees, contractors, members, providers, and first tier, downstream or related entities (FDR), and posted on our intranet and external website. Calls or submissions to the Hotlines allow a reporter to remain anonymous if he/she wishes, as no identifying information is available to the Compliance Department unless the caller provides identifying information to the Hotlines. PROCEDURE: 1. Oversight of the Hotlines Upon receipt of a call or submission, EthicsPoint notifies the VP of Compliance, and the CHOICE Director of Compliance of the Report, unless the Report implicates any of these persons. The VP of Compliance or the CHOICE Director of Compliance will review the Report and assign it to appropriate Compliance Department staff member for investigation. If the case implicates one of the Officers of the Compliance Department, then only the VP of Compliance would receive the Report, and the VP of Compliance would perform the investigation. If the case implicates the VP of Compliance, then the Report would be forwarded to the Legal Department for investigation. 2. Investigation The VP of Compliance, or his/her designee, shall ensure that an investigation of each Report commences within three (3) business days of receiving a Report from EthicsPoint. If the Caller has left his/her identity and contact information, the Compliance Department may contact the individual for follow-up to obtain any additional information. If the Caller has elected to remain anonymous, the Compliance Department may utilize the online portal to communicate with the Caller anonymously. The Policy and Procedure on Investigating Compliance Issues and Corrective Actions shall be followed, including consulting with the Legal Department to determine whether the Legal Department should direct the investigation. If the report needs to be referred to another department for follow-up and investigation, the referral will be noted in the online portal and the other department will be required to confirm that this matter has been accepted for investigation. If the Caller s identity is known, he/she is notified of the referral to another department. 3. Retention of Compliance Hotline Logs All files related to Hotline reports shall be maintained for no fewer than ten (10) years from the date of the conclusion of the investigation, the imposition of disciplinary sanctions or corrective actions resulting therefrom, or seven (7) years from the date of the employee s separation (if an employee is implicated), whichever is longer, or for such longer period of time as may be required by applicable law or any court order. Compliance Hotlines Page 2 of 3

85 VNSNY CORPORATE POLICY & PROCEDURE REFERENCES: For Medicare: Social Security Act 1857; 42 C.F.R (b)(4)(vi), (b)(4)(vi); Centers for Medicare & Medicaid Services, Medicare Managed Care Manual, Chpt. 21 ( Compliance Program Guidelines ) (see also, CMS, Medicare Prescription Drug Benefit Manual, Chpt. 9); Compliance-and-Audits/index.html For Medicaid: Deficit Reduction Act of 2005; NYS Social Services Law 363-d; 10 NYCRR ; 18 NYCRR Part 521; Office of Inspector General s Model Compliance Guidance Reviewed Nov 2013 Aug 2014 Oct 2015 Nov 2015 Revised Aug 2014 Oct 2015 Compliance Hotlines Page 3 of 3

86 VNSNY CORPORATE POLICY & PROCEDURE TITLE: Reporting Non-Compliance and Fraud, Waste and Abuse APPLIES TO: All VNSNY Entities POLICY OWNER: Corporate Compliance Department FIRST ISSUED: June 2013 NUMBER: CCD.7 PURPOSE: Visiting Nurse Service of New York and its affiliated entities (collectively, VNSNY ) are committed to maintaining compliance with all laws and regulations that apply to the conduct of their various businesses, services and operations. In accordance with our compliance program and Code of Conduct, VNSNY is committed to establishing a culture that promotes prevention, detection and resolution of instances of conduct that do not conform to organizational policies, state and federal laws or regulations, or program requirements of the Centers for Medicare and Medicaid Services ( CMS ) or the Office of Medicaid Inspector General ( OMIG ), other federal, state and local health care programs. DEFINITIONS: MEDICARE DEFINITIONS Abuse occurs when an individual or entity unintentionally provides information to Medicare which results in higher payments than the individual or entity is entitled to receive. The CMS MA Compliance Guidance defines abuse as including actions that may, directly or indirectly, result in: unnecessary costs to the Medicare Program, improper payment, payment for services that fail to meet professionally recognized standards of care, or services that are medically unnecessary. Abuse involves payment for items or services when there is no legal entitlement to that payment and the provider has not knowingly and/or intentionally misrepresented facts to obtain payment. Abuse cannot be differentiated categorically from fraud, because the distinction between fraud and abuse depends on specific facts and circumstances, intent and prior knowledge, and available evidence, among other factors. See 42 C.F.R , 422.2, , , , , , 423.4, , , ; CMS MA Compliance Guidance 20. Fraud is knowingly and willfully executing or attempting to execute a scheme or artifice to defraud any health care benefit program or obtain (by means of false or fraudulent pretenses, representations or promises) any of the money or property owned by, or under the custody or control of, any health care benefit program. See, 18 U.S.C. 1347, CMS MA Compliance Guidance 20. Reporting Non-Compliance and Fraud, Waste and Abuse Page 1 of 6

87 VNSNY CORPORATE POLICY & PROCEDURE Waste is the inappropriate utilization and/or inefficient use of resources. The CMS MA Compliance Guidance defines waste as the overutilization of services, or other practices that, directly or indirectly, result in unnecessary costs to the Medicare program. Waste is generally not considered to be caused by criminally negligent actions but rather the misuse of resources. See 42 C.F.R , CMS MA Compliance Guidance 20. NEW YORK STATE MEDICAID DEFINITIONS Abuse means practices that are inconsistent with sound fiscal, business, medical or professional practices and which result in unnecessary costs to the medical assistance program, payments for services which were not medically necessary, or payments for services which fail to meet recognized standards for health care. 42 CFR 455.2, 18 NYCRR 515.1(b)(1) Fraud means an intentional deception or misrepresentation made with the knowledge that the deception could result in an unauthorized benefit to the provider or another person. It also includes the acts prohibited by section 366-b of the Social Services Law. 42 CFR 455.2, 18 NYCRR 515.1(b)(7) POLICY: It is the policy of VNSNY that all VNSNY employees, agents, contractors, officers and directors (collectively, Personnel ) and VNSNY CHOICE first tier, downstream, and related entities ( FDR ) must report potential instances of non-compliance and fraud, waste, abuse ( FWA ), and criminal activity. PROCEDURE: VNSNY expects that Personnel and FDRs will raise questions and report concerns relating to the VNSNY Code of Conduct, compliance policies and procedures, suspected or actual violations of federal and state laws, rules and regulations, and FWA. A. To Whom to Report Reports and concerns should be directed to the following groups of individuals: Compliance Officers: Questions and concerns can be directed to the VP of Compliance and Regulatory Affairs ( Corporate Compliance Officer ), or designee and VNSNY CHOICE Director of Compliance, each of whom maintains open lines of communication with, and availability to, all Personnel and FDRs, to facilitate communication and reporting of compliance, FWA and criminal issues. VNSNY also offers methods for anonymous and confidential reporting of compliance issues. Reporting Non-Compliance and Fraud, Waste and Abuse Page 2 of 6

88 VNSNY CORPORATE POLICY & PROCEDURE Managers: In addition, VNSNY management has an open door policy that encourages and supports open communication and discussion of any concern regarding noncompliance, FWA, and/or criminal activity. Personnel may consult with their managers or supervisors about any questions regarding operational compliance. Management will respond to any inquiry and are required to promptly report any compliance concern, no matter how small, to the Compliance Officers. B. How to Report Personnel or FDRs may make reports and/or raise concerns, either orally or in writing as follows: VNSNY Providers: For matters involving or affecting the VNSNY Providers, reports should be made to a department manager, the Corporate Compliance Officer, or designee at the telephone numbers or addresses below. VNSNY CHOICE: For matters involving or affecting VNSNY CHOICE, or any FDR, reports should be made to a department manager, the Corporate Compliance Officer, or the VNSNY CHOICE Director of Compliance, or the MEDIC at the phone numbers, addresses, or physical addresses below. Compliance Hotlines: All Personnel or FDR may also report compliance issues or concerns to the Compliance Hotlines, as appropriate, using the telephone numbers or online portal (the Hotlines ), listed below. The Hotlines are accessible 24 hours a day, 7 days a week Confidential and Anonymous Reporting: All compliance issues or concerns, including the identity of the reporting Personnel or FDR, will be kept confidential to the extent possible, consistent with applicable law and the need to investigate the issue(s) raised. Personnel may also report compliance issues or concerns anonymously if they wish, whether through the appropriate Compliance Hotline or otherwise. However, we encourage Personnel to identify themselves when making reports so that an investigation can be conducted with a full factual background and without undue delay. At all times, VNSNY is committed to encouraging open lines of communication and to its strict anti-retaliation and anti-intimidation policy. Hotline Information VNSNY Hotline: (212) VNSNY CHOICE Hotline: (888) VNSNY Online Reporting Tool: Reporting Non-Compliance and Fraud, Waste and Abuse Page 3 of 6

89 VNSNY CORPORATE POLICY & PROCEDURE Compliance Department Leadership Annie Miyazaki-Grant, Corporate Compliance Officer VNSNY VP of Compliance & Regulatory Affairs and HIPAA Privacy Officer Telephone: (212) Joel Levi, VNSNY CHOICE VNSNY CHOICE Director of Compliance Telephone: (212) address: - Postal Mail Contact Information VNSNY Attn: Annie Miyazaki-Grant Compliance Department 1250 Broadway 26th floor New York, New York VNSNY CHOICE Attn: Compliance Department 1250 Broadway, 11 th Floor New York, New York or to: Health Integrity, LLC (for Medicare Managed Care or Prescription Drugs) Attn: NBI MEDIC 9240 Centreville Road Easton, MD SafeRX OMIG To file a complaint with OMIG, please access the following link OCR To file a complaint with OCR please access the following link for the various addresses that may apply to complaint. Reporting Non-Compliance and Fraud, Waste and Abuse Page 4 of 6

90 VNSNY CORPORATE POLICY & PROCEDURE OIG To file a complaint with the OIG, please access the following link C. Information to Include in Reports of Potential Non-Compliance and FWA, and Criminal Activity Personnel and FDRs are encouraged to provide as much information as possible regarding the question or concern of potential non-compliance, FWA, or criminal activity. Information that will be helpful in investigations of reports includes the following: The entity(ies) engaged in the alleged activity; The activity that the individual or entity is concerned is non-compliant, potentially fraudulent, wasteful or abusive or criminal; Date(s) on which the activity occurred; Date(s) the reporting individual or entity discovered the potential issue; Departments and other identifying information regarding where the activity has occurred; Other individuals to whom this concern was reported and when; and Other Personnel who might be able to give further information. D. Response to Reports of Potential Non-Compliance, FWA, or Criminal Activity Any individual or entity who reports suspected non-compliance, FWA or criminal activity in good-faith will be protected from retaliation or discipline. Because the failure to report suspected concerns or take action against violations can be perceived as acceptance of noncompliance, FWA or criminal activity, it is the policy of VNSNY that the failure to report a violation may result in disciplinary action against any individual who fails to report, or could result in the termination of any contractor s or FDR s contract. Personnel reporting any concerns or suspicions to VNSNY will retain all whistleblower protections under the law. See, Whistleblower Policy. Nonetheless, Personnel also has the ability to bring his or her concerns to the appropriate government agency, including, without limitation, CMS, OCR and the MEDIC under applicable federal and state laws although Reporting Non-Compliance and Fraud, Waste and Abuse Page 5 of 6

91 VNSNY CORPORATE POLICY & PROCEDURE VNSNY encourages Personnel to first report information to VNSNY so it can conduct a thorough investigation and take prompt correction action. The Corporate Compliance Officer is responsible for promptly reviewing and investigating all reports of potential non-compliance, FWA, or criminal activity in accordance with the VNSNY CHOICE Compliance and Anti-Fraud/Waste/Abuse Program. All reports of non-compliance, FWA and criminal activity shall be logged by the Compliance Department. Substantiated reports shall be reported to appropriate management and the appropriate Board(s) of Directors. E. Reporting & Questions/Assistance If you are aware of a situation that you believe may violate this Policy, you must promptly contact an immediate supervisor, the Corporate Compliance Officer, a member of the VNSNY Compliance Department or the Legal Department. Reports may also be submitted anonymously via the Hotlines. See Answering Compliance Hotlines Calls Policy. In addition, if you have any questions or concerns about this Policy, you may raise them with any of the individuals identified above or via the Compliance Hotlines. REFERENCES: For Medicare: Social Security Act 1857; 42 C.F.R (b)(4)(vi), (b)(4)(vi); Centers for Medicare & Medicaid Services, Medicare Managed Care Manual, Chpt. 21 ( Compliance Program Guidelines ) (see also, CMS, Medicare Prescription Drug Benefit Manual, Chpt. 9); Compliance-and-Audits/index.html For Medicaid: Deficit Reduction Act of 2005; 42 CFR 455.2; NYS Social Services Law 363-d; 10 NYCRR ; 18 NYCRR Part 521; Office of Inspector General s Model Compliance Guidance Reviewed June 2013 May 2015 Oct 2015 Revised June 2013 May 2015 Reporting Non-Compliance and Fraud, Waste and Abuse Page 6 of 6

92 VNSNY CORPORATE POLICY AND PROCEDURE TITLE: Investigating Compliance Issues and Corrective Action Plans APPLIES TO: All VNSNY Entities POLICY OWNER: Corporate Compliance Department FIRST ISSUED: Issued: November 2013 PURPOSE: Visiting Nurse Service of New York and its affiliated entities (as listed above) (collectively, VNSNY ) are committed to maintaining compliance with all laws and regulations that apply to the conduct of their various businesses, services, and operations. In accordance with our compliance program and Code of Conduct, VNSNY is committed to establishing a culture that promotes prevention, detection and resolution of instances of conduct that do not conform to organizational policies, state and federal laws or regulations, or program requirements of the Centers for Medicare and Medicaid Services ( CMS ), the Office of Medicaid Inspector General ( OMIG ), or other federal, state and local health care programs. This policy and procedure addresses the manner in which the VNSNY Compliance Department investigates reports of potential instances of non-compliance, fraud, waste, or abuse ( FWA ), and/or criminal activity ( Report ) and, as appropriate, develops and implements corrective action to remediate the issue. POLICY: It is VNSNY s policy to promptly investigate Reports and, as appropriate, develop and implement corrective actions to remediate the issue. PROCEDURE: The VNSNY Vice President of Compliance and Regulatory Affairs ( VP of Compliance ), or the Compliance Officer or his/her designee is responsible for reviewing all Reports, regardless of the method by which the Report comes to the attention of the Compliance Department. Each Report shall be logged in the appropriate locations, e.g., Ethics Point, SharePoint Log, or Special Investigator Unit (SIU) Access Database.

93 If the initial review of the Report reveals a potential instance of non-compliance, FWA or criminal activity or a potential violation of the VNSNY Code of Conduct or other applicable policies and procedures a Compliance Officer or his/her designee will fully investigate the Report, and will report this investigation to the VP of Compliance. The Compliance Officers shall consult with the Legal Department to determine whether legal privileges apply. If the Legal Department determines that privilege(s) apply, the Compliance Department and other appropriate personnel will conduct the Investigation (defined below) at the direction of the Legal Department and will follow any procedures the Legal Department determines necessary to protect the privilege. If appropriate, the VP of Compliance, Compliance Officer or designee will also inform the Chief Risk Officer and the Human Resource Department. If the Report is not a Compliance Concern, then the Compliance Officer or designee will refer the Report to the appropriate department for follow-up and investigation, the details of the referral will be noted on the appropriate SharePoint Log, and the Compliance Department will intermittently followup, as necessary and appropriate, with that department on its progress until the concern is resolved. A Compliance Officer will promptly investigate any Report, and will involve senior management and other VNSNY Departments, as well as outside counsel, in any investigation, as appropriate. Investigations 1 Each Compliance Officer is responsible for timely conducting or directing the conduct of a full and well-documented investigation into any Report (an Investigation ), except when the Investigation is directed by the Legal Department. Internal or outside counsel, auditors, or health care experts may be engaged to assist in an investigation and analysis of potential liability, as necessary and appropriate, after a consultation with the VP of Compliance. The Investigation will be commenced within three (3) business days following the receipt of the Report. The Investigation will include research of the applicable law, regulation, subregulatory guidance, policies and procedures, and interviews with appropriate VNSNY Personnel to determine the scope of the Compliance Concern that is the subject of the Report. In accordance with the VNSNY Code of Conduct, VNSNY Personnel are expected to cooperate and to produce requested information and documents in a timely manner. If, during the course of the Investigation, a Compliance Officer determines that VNSNY Personnel should be temporarily relieved of job responsibilities during that Investigation, the Compliance Department will notify and consult with the Human Resources Department to make a determination regarding any change in job responsibilities, administrative leave, or suspension. When the Investigation is complete, depending on the outcome, the Compliance Officer will consult with the Human Resources Department to determine whether the VNSNY Personnel will be returned to work (if the employee had been asked to not work during the investigation), disciplined, or terminated in accordance with VNSNY policies and procedures. 1 For Medicare Sales allegations investigations, please also refer to the VNSNY CHOICE Policy on Sales Allegations Investigations

94 Potential Sources of Information for Investigations Each Compliance Officer must ensure that all potentially relevant information and documentation is gathered and reviewed as part of the Investigation. Documentation will be compiled in a discrete, confidential manner. While each Compliance Officer must use his/her discretion in determining the relevance of any documentation, he/she must use the attached lists of potential sources of information to guide the Investigation. Attachment A lists the potential sources of information for the VNSNY Providers. Attachment B lists the potential sources of information for VNSNY CHOICE. The Compliance Department will make best efforts to close any investigation within thirty (30) days of receipt of a Report, if possible. The close date shall be indicated in the appropriate log. (The close date is the date that the investigation has been completed, but not necessarily the date on which all aspects of a Corrective Action Plan ( CAP ) have been completed.) Members of the Compliance Department may request from a Compliance Officer extension in thirty (30) day increments to complete the investigation if there are unusual circumstances that cause a delay. Documenting the Investigation Each Compliance Department will maintain confidential documentation regarding each Report investigated, including, without limitation, how and when the Report was received, any additional staff member(s) responsible for the Investigation, and the results of the Investigation. Records of the Investigation must include, without limitation, the following: Documentation of the Report; A description how the Report was investigated; Copies of interview notes; Copies of key documents; A log/list of the witnesses interviewed; A log/list of the documents reviewed; The results of the investigation; If applicable, documentation of with whom and when the Report and the results were shared with other members of VNSNY, including senior management, the Enterprise Risk Committee, the Compliance Working Group, the VNSNY CHOICE Compliance Committee, the VNSNY Audit Committee of the Board of Directors and the appropriate the Board(s) of Directors. (See below for guidelines on when reports should be made to the above-referenced stakeholders.) These documents will be maintained in the appropriate log, or in such other confidential shared drive as determined by the VP of Compliance

95 The destruction of documents or other evidence related to the Investigation is prohibited. The Compliance Officer will take appropriate steps to prevent the destruction of evidence. Any failure to comply with these steps will result in the appropriate disciplinary action for VNSNY Personnel. Development of Corrective Action As outlined in the Compliance Program, if a Report has been substantiated, the VP of Compliance or his/her designee will ensure that appropriate and effective corrective action is implemented in a timely manner. The VP of Compliance or his/her designee will direct the responsible VNSNY departments to develop and implement an appropriate CAP. Any CAP must be designed to ensure that the violation or problem does not reoccur, or to reduce the likelihood that it will reoccur, and be based on a root cause analysis. In addition, the CAP should include, whenever possible, a review of the effectiveness of the corrective action following its implementation. If a follow-up review establishes that the CAP has not been effective, then additional or new corrective actions must be implemented. Corrective actions are always documented and may include, but are not limited to, the following: Creating new compliance, business or billing procedures, or modifying and improving existing procedures, to ensure that similar errors will not reoccur; Informing and discussing with the offending personnel both the violation and how it should be avoided in the future; Providing remedial education to ensure that personnel understand the applicable rules, regulations, policies or procedures; Conducting a follow-up review to ensure that any corrective action instituted has been effective, and that the problem is not recurring; Refunding to the proper payor any and all overpayments that have been identified, or reconciling any payment reported in a cost report; Recouping from the provider(s) of service; Disciplining the offending personnel, as appropriate; and Making a voluntary disclosure to an appropriate governmental agency, as appropriate. The Compliance Department must maintain documentation regarding each CAP, including, without limitation, the department(s) and VNSNY Personnel responsible for and involved in the CAP, the dates for implementation and completion of corrective actions, any VNSNY disciplinary action taken, and the results of the short- and long-term monitoring activity. The CAP completion date will be indicated in the appropriate log once all activities have been completed. The Compliance Officer will also ensure that, where appropriate, the existence, implementation, and effectiveness of CAPs are reported to the appropriate VNSNY Departments, Committees, and Board(s) of Directors

96 Reporting on the Investigation As outlined in the Compliance Program, if the Investigation substantiates the Report, the VP of Compliance, or the Compliance Officer, as appropriate, will inform the Executive Risk Committee ( ERC ), the Audit Committee of the VNSNY Board of Directors, the Compliance Committee, senior management, the Legal Department, and the appropriate Board(s) of Directors. Self-Reporting The Compliance Officer, with the assistance of the internal and outside legal counsel, and others as appropriate, will determine whether and when to self-report a substantiated Report to government agencies and their designees, including, without limitation, the New York Department of Health, New York Office of Medicaid Inspector General, CMS, Medicare Drug Integrity Contractor ( MEDIC ), and law enforcement, per the enterprise-wide Self-Disclosure Policy. Contractors Investigations and corrective action may involve contractors or vendors to the agency, including VNSNY CHOICE First-Tier, Downstream and Related Entities ( FDR ) (collectively, Contractors ). A Compliance Officer with the VP of Compliance, in coordination with the department(s) served by the Contractor that is the subject of the Report, shall determine the scope of any investigation and corrective action, including any remedial actions the Contractor will be required to implement, the monitoring and auditing that will be conducted to confirm implementation, and report(s) that the Contractor and VNSNY department(s) will be required to submit to the Compliance Officer to confirm the effectiveness of the corrective action. A Contractor may be terminated, after a consultation with and agreement by the Legal Department, as a result of a substantiated Report and/or failure to implement required corrective action. QUESTIONS/ASSISTANCE If you have any questions or concerns about this Policy, you may raise them with any member of the Compliance Department or via the Compliance Hotlines. REFERENCES: For Medicare: Social Security Act 1857; 42 C.F.R (b)(4)(vi), (b)(4)(vi); Centers for Medicare & Medicaid Services, Medicare Managed Care Manual, Chpt. 21 ( Compliance Program Guidelines ) (see also, CMS, Medicare Prescription Drug Benefit Manual, Chpt. 9); Compliance-and-Audits/index.html For Medicaid: Deficit Reduction Act of 2005; NYS Social Services Law 363-d; 10 NYCRR ; 18 NYCRR Part 521; Office of Inspector General s Model Compliance Guidance - 5 -

97 Reviewed: Revised & Approved: May 2014 May 2014 Nov

98 VNSNY CORPORATE POLICY AND PROCEDURE TITLE: Non-Retaliation and Non-Intimidation (Whistleblower) Policy APPLIES TO: All VNSNY Entities POLICY OWNER: Corporate Compliance Department FIRST ISSUED: October PURPOSE The purpose of this Non-Retaliation and Non-Intimidation (or Whistleblower) Policy (the Policy ) is to ensure that all Covered Persons (as defined below) understand that VNSNY expects and encourages the good faith reporting of conduct or suspected conduct by or within VNSNY that is violates any federal or state law or regulation, is fraudulent or violates any adopted policy or the Code of Conduct of VNSNY, or any related compliance concerns ( Compliance Concerns ), without fear of retaliation or intimidation. 2. DEFINITIONS 2.1. Adverse Action means, without limitation: (i) (ii) (iii) termination, demotion, suspension, refusal to hire, and denial of training and/or promotion; actions affecting employment or contractual relationships such as threats, harassment, discrimination, unjustified negative evaluations, unjustified negative references, or increased surveillance or scrutiny; or any other actions that are likely to deter a reasonable individual from reporting illegal conditions, violations of law, rules, policies, or procedures, cooperating in/with an investigation, and/or otherwise participating in the Compliance Program. However, an Adverse Action does not include any employment action(s), disciplinary action(s), and termination(s) taken as a result of an individual s own violation(s) of laws, rules, policies, or procedures, or negative comments in an otherwise positive or neutral evaluation, or negative comments or evaluations that are justified by the individual s substandard work performance or history Audit Committee means the Audit Committee of the Board of Directors of VNSNY _3 1

99 2.3. Compliance Concern includes conduct or suspected conduct by, or within VNSNY, that is violates federal or state laws or regulations, is fraudulent or in violation of any adopted policy or the VNSNY Code of Conduct, or any other related compliance concern, including, but not limited to, any violations of laws or policies that create and present a substantial and specific danger to the public health or safety of, or a significant threat to, one of more of VNSNY s clients Covered Person means any employee, officer, member of the Board of Directors (or Board Committee), contractor, vendor, agent, representative or client of VNSNY. The definition of Covered Person specifically includes all First Tier, Downstream and Related Entities ( FDRs ) as such entities are defined by the Centers for Medicare and Medicaid Services ( CMS ) Good Faith participation or reporting includes, but is not limited to: (i) (ii) (iii) (iv) Reporting actual or potential issues or concerns, including, but not limited to, any action taken by, or within, VNSNY that is or is reasonably believed to be illegal, fraudulent or in violation of any adopted VNSNY policy or the Code of Conduct; Cooperating or participating in the investigation of such matters; Assisting with or participating in self-evaluations, audits and/or remedial actions; and/or Reporting to the appropriate Governmental Agency Intimidation generally means any action that is reasonably likely to manipulate an individual or intentionally cause feelings of fear or inadequacy. The Compliance Department investigates allegations of intimidation and makes the determination of whether intimidation has occurred, depending on the facts-and-circumstances of each particular instance Governmental Agency means any federal, state or local governmental body, whether legislative, administrative or judicial, including, but not limited to, the Office of Inspector General of the U.S. Department of Health and Human Services ( OIG ), New York State Office of the Medicaid Inspector General ( OMIG ) and CMS, or their respective contractors Retaliation generally means any Adverse Action against an individual because of the Covered Person s good faith report of a compliance concern, participation in the Compliance Program, or other report of suspected improper conduct. The Compliance Department investigates allegations of intimidation and makes the determination of whether intimidation has occurred, depending on the facts-and-circumstances of each particular instance VNSNY or VNSNY Entities means Visiting Nurse Service of New York and each of its family of organizations, including: Visiting Nurse Service of New York Home Care, VNSNY Hospice & Palliative Care, Partners in Care, VNSNY CHOICE, and VNS Continuing Care Development Corporation _3 2

100 3. BACKGROUND In furtherance of VNSNY s Compliance Program and Code of Conduct, VNSNY is committed to adhering to all laws and regulations that apply to the conduct of its various businesses, services and operations. Under applicable laws and regulations, which are set forth in Section 7 (Legal and Regulatory References) below, all Covered Persons, as a condition of working with VNSNY, are expected to report any actual or potential Compliance Concern in good faith and assist in the investigation and resolution of any such Compliance Concern. The failure to report, or participate in the resolution of, a Compliance Concern in good faith or the Intimidation or Retaliation against any Covered Person who reports, or participates in the investigation and resolution of, a Compliance Concern in good faith is a violation of this Policy, the Code of Conduct and applicable laws and regulations, and will subject a Covered Person to disciplinary action under VNSNY s Compliance Program Disciplinary Policy, Standards and Procedures. 4. POLICY 4.1. Personal Obligation to Report Compliance Concerns: Each Covered Person, as a condition of employment or his or her ongoing working relationship with VNSNY, has an individual responsibility to report all Compliance Concerns, including, but not limited to, potential Fraud, Waste or Abuse ( FWA ) under the Policy and Procedure on Reporting Non-Compliance and FWA and the Special Investigations Unit and FWA Policy, and to participate in the investigation and resolution of any reported Compliance Concern-s No Intimidation or Retaliation for Reporting Compliance Concern: A Covered Person, who in good faith reports, or participates in the investigation and resolution of a Compliance Concern by, or within, VNSNY shall not suffer any form of Intimidation or Retaliation Intimidation and Retaliation Is Expressly Prohibited: Intimidation of, and/or Retaliation against, any Covered Person who in good faith reports actual or potential Compliance Concerns and participates in the investigation and resolution of Compliance Concerns is strictly prohibited and is itself a violation of this Policy, the Compliance Program and the VNSNY Code of Conduct. Any Covered Person who engages in, or condones, Retaliation or Intimidation in violation of this Policy shall be subject to disciplinary action under VNSNY s Compliance Program Disciplinary Policy, Standards and Procedures, which may include termination of the Covered Person s employment or his/her ongoing relationship with VNSNY Monitoring and Oversight: The adoption and implementation of, and compliance with, this Policy shall be overseen by the Audit Committee. The Audit Committee of the Board has authorized certain functions relating to the implementation of, and compliance with, this Policy to the Vice President of Compliance, but the Audit Committee will, at all times, retain overall responsibility for of the oversight of this Policy Distribution and Training: This Policy shall be distributed to all Covered Persons who are employed or provide substantial services to VNSNY. VNSNY may require Covered Persons _3 3

101 to acknowledge and attest to receipt of this Policy. Moreover, this Policy shall be incorporated into VNSNY s Code of Conduct, shall appear on the Compliance Department s Intranet Site and shall be contained in other informational materials related to VNSNY s Compliance Program. 5. PROCEDURES 5.1. Reporting Compliance Issues In accordance with the Policy and Procedure on Reporting Non-Compliance and FWA and the Compliance Hotlines Policy, a Covered Person may report Compliance Concerns, or suspected Intimidation or Retaliation as a resulting of reporting a Compliance Concern by taking one or more of the following actions: To any member of the Compliance Department[, including the Vice President of Compliance and Regulatory Affairs, Annie Miyazaki-Grant, at Annie.Miyazaki@vnsny.org; or the VNSNY CHOICE Director of Compliance, Joel Levi, at (212) or Joel.levi@vnsny.org]; Anonymously via the VNSNY CHOICE Compliance Hotline at (888) or the VNSNY Compliance Hotline at (212) or the VNSNY Online Reporting Tool: Human Resources; General Counsel; To Audit Committee of the Board; or To an applicable Governmental Agency, including the OMIG, the OIG or CMS Consistent with the Policy and Procedure on Reporting Non-Compliance and Fraud, Waste and Abuse and the Compliance Hotlines Policy, VNSNY will maintain the confidentiality of any reports of Compliance Concerns, including the information contained in the report and identity of the Covered Person making the report of any misconduct, to the maximum extent possible Full and Complete Investigation All Compliance Concerns will be fully and completely investigated pursuant to the Policy on Investigating Compliance Issues and Corrective Action Plans If a Covered Person reports a Compliance Concern to the Compliance Department that appears exclusively related to employment-related issues, the matter will be referred to Human Resources for investigation and resolution _3 4

102 If a Covered Person reports a Compliance Concern to the Compliance Department that appears exclusively related to Fraud, Waste and Abuse by a firsttier, downstream or related party (FDR) or other third party performing services for VNSNY CHOICE, the matter will be referred to VNS CHOICE s Special Investigations Unit for investigation and resolution All allegations of Intimidation of, and/or Retaliation against anyone who, in good faith, reports a Compliance Concern (including, but not limited to, potential FWA) in accordance with this Policy, or participates in the investigation and resolution of a Compliance Concern, will be fully and completely investigated by the Compliance Department Appropriate disciplinary and corrective action will be promptly undertaken The Vice President of Compliance or her/his designee will oversee the investigation, and will be assisted by internal and external personnel, as determined by the Vice President of Compliance For each allegation, investigative steps and actions may include, but need not be limited to, the following: Interviews: Conducting interviews of Covered Persons who may have relevant knowledge. At the outset of the interview process, the interviewee will be reminded that Intimidation of, and/or Retaliation against, those who in good faith report Compliance Concerns, or participate in the investigation and resolution of Compliance Concerns, is a violation of this Policy, the Compliance Program and the Code of Conduct, as well as federal and state laws and regulations. The interviewee will also be reminded of VNSNY s Compliance Program Disciplinary Policy, Standards and Procedures Confidentiality: Consistent with Section 6.1.2, keeping all reported information confidential, consistent with the need to investigate the issue(s) raised Document Review: Reviewing hard copy and electronic materials that may include relevant information Document Retention: Treating all documentation related to the investigation as confidential to the extent possible. Such investigative files will be kept separately from personnel files. All investigative files (including files relating to the imposition of disciplinary sanctions and/or corrective actions) will be maintained for no fewer than ten (10) years from the date of the conclusion of the investigation or the imposition of disciplinary sanctions or corrective actions resulting therefrom, or for such longer period of time as may be required by applicable law _3 5

103 Disciplinary Action: Imposing disciplinary sanctions promptly against the offender(s), without regard to their title or position at VNSNY if, as a result of the investigation, VNSNY determines that there was Intimidation of, and/or Retaliation against, any Covered Person who in good faith reported a Compliance Concern, or participated in the investigation and resolution of a Compliance Concern. Such disciplinary sanctions will be imposed following consultation with Human Resources and in accordance with the Human Resources Guidelines for Disciplinary Action and VNSNY s Compliance Program Disciplinary Policy, Standards and Procedures Corrective Action: Taking appropriate corrective action promptly if, as a result of the investigation, VNSNY determines that there has been Intimidation of, and/or Retaliation against, any Covered Person who in good faith reported a Compliance Concern, or participated in the investigation and resolution of a Compliance Concern In the case of a Covered Person who is an employee of VNSNY, such corrective action may include, but is not necessarily limited to, removal of a negative evaluation from an employee s personnel record; promotion to a position to which the employee sought and was entitled; reinstatement of the individual to the same or an equivalent position; reinstatement of full fringe benefits and seniority; and/or repayment of lost wages and benefits In a case involving a Covered Person who is an independent contractor or FDR, or other person or entity who has been Intimidated or Retaliated against, such corrective action may include, but is not necessarily limited to, reinstating contracts or other affiliations or relationships with VNSNY Additional or Different Steps: Additional or different investigative steps and resulting actions may be taken, as necessary, appropriate and permissible, depending on the particular facts and circumstances of the matter involved and/or the results of an investigation Vice President of Compliance: Oversight and Responsibilities The Vice President of Compliance shall report to the Chief Executive Officer and the Audit Committee, and periodically to each of the VNSNY Boards, on matters concerning violations and alleged violations of this Policy, both on a periodic and as-needed basis The Vice President of Compliance shall take those actions necessary to conduct audits and reviews of compliance with this Policy and any related policies as it relates to Non- Intimidation and Non-Retaliation for reporting Compliance Concerns. Such acts may include a periodic review of personnel records and other information to ensure that those who report Compliance Concerns are not the victims of Retaliation and/or Intimidation _3 6

104 The Vice President of Compliance, or designee, shall review this Policy on an annual basis and update the Policy as appropriate in his or her determination Distribution. This Policy shall be made available to all Covered Persons. 6. LEGAL AND REGULATORY REFERENCES The current versions of the following laws, regulations and guidance documents are incorporated into this Policy by reference: Section 6032 of the Deficit Reduction Act of 2005, 42 U.S.C. 1396a(a); Federal False Claims Act, 31 U.S.C. 3730(h); Pilot Program for Enhancement of Protection from Reprisal for Disclosure of Certain Information, 31 U.S.C. 4712; Federal Sentencing Guidelines for Organizations, Guidelines Manual Section 8B2.1(b)(5)(C); HIPAA Administrative Simplification: Enforcement; Final Rule, 45 C.F.R ; 42 C.F.R (b)(4)(vi)(A) & (b)(4)(vi)(A); CMS, Compliance Program Guidelines, Medicare Managed Care Manual, Ch. 21 & Prescription Drug Benefit Manual, Ch. 9, 50.1, & ; Mandatory Compliance Program Requirements, New York Soc. Serv. Law 363-d(2)(h); New York State False Claims Act, New York State Finance Law 191; New York Lab. Law 740 & 741; New York Not-For-Profit Corp. Law 715-b; and 18 N.Y.C.R.R (c)(8) _3 7

105 7. REFERENCES TO RELATED POLICIES Code of Conduct Compliance Program, Structure and Guidelines Federal Deficit Reduction Act of 2005: Policy Regarding the Detection and Prevention of Fraud, Waste & Abuse and Applicable Federal and State Law Special Investigations Unit and FWA Policy Compliance Program Disciplinary Policy, Standards and Procedures Policy on Investigating Compliance Issues and Corrective Action Plans Policy and Procedure on Reporting Non-Compliance and Fraud, Waste and Abuse Compliance Hotlines Policy Reviewed Oct 2013 Nov 2015 Revised & Approved Nov 2013 June _3 8

106 VNSNY CORPORATE POLICY AND PROCEDURE TITLE: Corrective Action and Disciplinary Guidelines APPLIES TO: All VNSNY Entities POLICY OWNER: Corporate Compliance Department FIRST ISSUED: November 2015 All VNSNY Personnel are expected to be aware of and comply with governing laws and regulations, as well as the Compliance Program, VNSNY s Code of Conduct, and any other applicable policies and procedures. Adherence to these rules ensures the wellbeing of patients, employees, and the company s business operations. Failure to company with these rules, or other instances of unacceptable behavior, will result in corrective actions and/or disciplinary measures. The purpose of these Corrective Action and Disciplinary Guidelines is to ensure that corrective action and disciplinary measures imposed for a violation of VNSNY s standards are administered in a consistent manner across the organization. Corrections to unacceptable behavior may be addressed under these Guidelines, or under other VNSNY policies depending on the nature of the conduct and the extent of the correction needed. VNSNY Personnel should familiarize themselves with these policies, including: VNSNY Code of Conduct, VNSNY Conflict of Interest Policy, VNSNY Prevention of Fraud, Waste and Abuse, VNSNY Visit Verification and Documentation Policy, VNSNY Patient Confirmation of Staff Visits Policy, and VNSNY Whistleblower, Non- Retaliation and Non-Intimidation Policy. I. Examples of Behavior or Conduct that May be Subject to Corrective Action and Discipline Under this Policy: As outlined in the Code of Conduct s Standards Relating to Disciplinary Action, disciplinary actions may be taken for, among other things: (1) Authorization of or participation in actions that violate the Code; (2) Failure to report a violation of the Code or to cooperate in an investigation; (3) Failure by a violator s supervisor(s) to detect and report a violation of the Code if such failure reflects inadequate supervision or lack of oversight; and (4) Retaliation and/or intimidation against an individual for reporting a violation or possible violation of the Code.

107 VNSNY CORPORATE POLICY AND PROCEDURE In particular, engaging in any of the following actions is a violation of VNSNY s Compliance Program standards and will result in the imposition of appropriate disciplinary sanctions in accordance with the procedures outlined below: Authorizing or participating in non-compliant behavior, including but not limited to, actions that violate federal and/or state laws and regulations, the Code of Conduct, the Compliance Program, or other VNSNY compliance-related policies and procedures; Failing to report a violation, or suspected violation, of federal and/or state laws and regulations, the Code of Conduct, the Compliance Program, or other VNSNY compliance-related policies and procedures; Encouraging, directing, facilitating, or permitting, either actively or passively, noncompliant behavior; Failing to detect and report a compliance violation by a violator s supervisor(s), if such failure reflects inadequate supervision or lack of oversight; Refusing to cooperate in the investigation of a potential violation or issue; Assisting in, participating in, facilitating or ignoring a breach of the Compliance Program; Failing to produce and implement a Corrective Action Plan in a timely manner as requested by the Compliance Department; Failing to notify the Compliance Department when Corrective Action Plan deadlines and requirements are not met; Assisting in, participating in, facilitating or ignoring fraud, waste or abuse issues relevant to our payers (including, but not limited to, Medicaid, Medicare, other federal and state health care programs, and commercial insurers), businesses, services or operations; Retaliating against, or intimidating, anyone who in good faith participates in the Compliance Program; and/or Engaging in other illegal or inappropriate conduct. As part of the Compliance Program and Code of Conduct, VNSNY Personnel are required to report any actions they reasonably believe may be unlawful or that otherwise violate VNSNY policy or the Code of Conduct to the Compliance Department or the Human Resource Department, no later than forty-eight (48) hours after the event. No personnel should engage in

108 VNSNY CORPORATE POLICY AND PROCEDURE any investigation or disciplinary action against the alleged offending employee without first consulting with the Human Resource Department. II. Investigation of Credible Allegations of Misconduct VNSNY s Compliance, Legal and/or Human Resources Departments will investigate all credible allegations of misconduct. All VNSNY Personnel are required to cooperate in investigations undertaken by these Departments. When a complaint is received by Compliance or Human Resources, the Department that receives the report shall promptly report to the other Department the nature of the report and coordinate the approach to the investigation and share any information received. Both Departments will also coordinate with VNSNY Legal as appropriate. III. Determination of Corrective Actions and Disciplinary Sanctions. If an investigation determines that a Compliance Program standard has been violated, disciplinary sanctions will be promptly imposed on an impartial, consistent, and equitable basis. In determining disciplinary action for non-compliance or unlawful activity, Personnel are not and will not be insulated from disciplinary action due to their position or role within VNSNY; all Personnel are subject to the same scrutiny, expectations, sanctions, and compliance standards. In order to ensure consistency, senior representatives from the Compliance and Human Resource Departments will meet periodically to discuss any disciplinary actions that were imposed and/or reporting requirements to help ensure that discipline was applied consistently for similar offenses. A. Factors Relevant to Correct Action and Discipline Determination The nature and extent of disciplinary sanctions taken in a given case will depend on a variety of factors, including but not limited to, the following: The severity of the violation; Whether the violation was committed intentionally, recklessly, negligently, or mistakenly; Whether the individual has committed any other violations in the past, and if so, whether those violations are similar to the one currently at issue; Whether the individual has previously been disciplined, and if so, the nature of the disciplinary sanction imposed;

109 VNSNY CORPORATE POLICY AND PROCEDURE Whether the individual self-reported his or her misconduct before discovery inside or outside of VNSNY, or before such discovery was reasonably likely; Whether the individual attempted to hide or cover up his or her misconduct; Whether (and the extent to which) the individual cooperated with the Compliance Department s investigation in connection with the investigation of the misconduct; and Any other facts or circumstances relevant to the matter. B. Range of Disciplinary Outcomes The particular discipline imposed will be tailored to the facts of the specific situation that needs to be remedied, and will follow the applicable steps outlined in the Guidelines for Disciplinary Action-1199, the Guidelines for Disciplinary Action-UFT or the Guidelines for Disciplinary Action-MGMT, whichever applies under the circumstances. Disciplinary action may include: Written Counseling Written Warning Final Written Warning Suspension Pending Further Investigation Termination or Immediate Termination Other VNSNY policies may also set forth specific sanctions for certain types of non-compliant behavior. IV. Board Oversight & Senior Management Oversight The Compliance Department, as part of its standing reports to the Audit Committee of the VNSNY Board of Directors, VNSNY Board of Directors and the subsidiary Board of Directors, provides a list of all Personnel who received disciplinary action because of noncompliant behavior. The Compliance Department reports to senior management identifying responsible departments and parties that are significantly late in responding to requests for Corrective Action Plans, or that fail to notify the Compliance Department when Corrective Action Plan deadlines and requirements are not met.

110 VNSNY CORPORATE POLICY AND PROCEDURE REFERENCES: N/A Reviewed: Revised & Approved:

111 VNSNY CORPORATE POLICY AND PROCEDURE SAFEGUARDS POLICY TITLE: APPLIES TO: PREPARED BY: Safeguards Policy VNSNY; Visiting Nurse Service of New York Home Care, VNSNY Hospice and Palliative Care, Family Care Services, Partners in Care, and VNS CHOICE Community Care (collectively, the VNSNY Providers ) and VNSNY CHOICE and VNS Continuing Care Development Corporation (collectively, VNSNY CHOICE ). Corporate Compliance Department APPROVED: May 27, 2009 PURPOSE VNSNY has put into place appropriate administrative, physical and technical safeguards to prevent the intentional or unintentional use of disclosure of protected health information (PHI) in violation of Covered Entity policy or applicable law. VNSNY s workforce and business associates (collectively, Personnel ) shall be expected take comply with these steps to reasonably safeguard PHI. POLICY A. Administrative Safeguards 1. Policies. VNSNY has implemented administrative policies to address the privacy and security requirements under HIPAA. Such policies are located at VNSNY Corporate Compliance Tab and the IT Security Policy Site. VNSNY Privacy Officer will review this policy periodically and update as needed. 2. Oral Communications. Personnel must exercise due care to avoid unnecessary disclosures of PHI through oral communications and pay attention to unauthorized listeners. In addition, Personnel must not: (a) (b) discuss PHI in public areas, including elevators or lunch rooms. discuss or disclose PHI outside of VNSNY.

112 (c) discuss patients or members with other Personnel unless they have a job related reason to do so. 3. Facsimiles. Facsimile transmissions of PHI are permissible. In order to protect the confidentiality of PHI and reduce the risk of unauthorized receipt of a fax, Personnel will be instructed to take the following steps: (a) (b) (c) (d) (e) (f) Verify the correct fax number. When reasonable, contact the recipient of the PHI to ensure that the recipient knows that the fax is coming and arrange for its timely pick up from the fax machine. When reasonable, check the fax transmittal summary, log and/or fax confirmation sheet to ensure that the fax was sent to the correct recipient(s). If the sender determines that the fax was erroneously received by an unauthorized recipient, the sender must take steps to immediately contact the unintended recipient and ask that the fax be destroyed. The sender also must document the erroneous transmission, record the date and events, and inform his/her supervisor of the error, who must inform the Privacy Officer. Locate fax machines in areas that are secured, and not accessible to the public. Check fax machines to assure that faxes containing PHI are not left unattended in the machine. Send facsimile transmissions with a fax cover sheet that includes a confidentiality statement. 4. Telephone Protocols. (a) Personnel will not discuss PHI over the phone until the following can be confirmed: (i) (ii) The identity of the caller. Verification that the caller has the need to know the requested information and that the disclosure of PHI is permissible. (b) Telephone messages and appointment reminders may be left on answering machines and voice mail systems, unless the patient or member has requested and received approval for an alternative means of communication. However, the amount of PHI that is left must be limited. Telephone messages regarding test results or that contain information that links a patient s or member s name to a particular medical condition should be avoided. 2

113 5. Texting. PHI may only be communicated via text message if text messages are sent using a VNSNY issued mobile device and sent using encryption (via an approved VNSNY application). Further, only clinician-to-clinician text message communications may include PHI; and VNSNY clinicians and other staff members are not permitted to communicated PHI via text messaging to patients, members, clients or their respective family members. Text message communications must comply with the relevant text message policies. 6. Disposal. PHI will be disposed in a manner to make it unreadable and unusable. For example, paper records will be shredded; floppy discs will be cut in half; CDs and hard drives will be sanitized, before disposal. Electronic PHI must be deleted from information systems when there is no longer a business or clinical need to access such information. It shall be destroyed in accordance with the IT Security Data Disposal Procedure. 7. Media Re-Use. Any electronic PHI residing on electronic media (e.g., tapes) must be removed by Director of IT Security or his/her designee before such media can be reused. 8. Remote Work Areas. The following safeguards will be put into place when Personnel are working remotely: (a) (b) (c) (d) (e) PHI will not be removed from VNSNY unless authorized and required for Personnel to perform their job functions. Personnel will ensure the privacy and security of remote work areas, including locked remote (home) offices, locked file cabinets and locked desks. If permitted to remove PHI, Personnel will secure PHI when in transit, (e.g., Do not leave PHI unattended in a car or, if information must be kept in the car, store it in the trunk, lockable attaches, lock boxes, or other secure opaque containers). Personnel will not download PHI onto computers in remote locations (e.g., hotel computers). Personnel will not share passwords necessary for remote access. 9. Additional Considerations. In addition to the administrative safeguards discussed above, VNSNY Personnel will comply with the following safeguards: (a) (b) Sign-in sheets that are viewed by multiple patients or persons will not contain health information (e.g., reason for visit) and unnecessary identification information (e.g., address, Social Security Number). Patient/member records used by Personnel for their job functions in shared workspaces will be reasonably protected to prevent inadvertent disclosures. This may include placing a cover sheet over records sitting 3

114 B. Technical Safeguards on a desk or positioning a patient/member record so that the patient/member name is not visible All transmissions containing PHI shall be encrypted. All s sent to another vnsny.org address are automatically encrypted. All s sent to any other address must be manually encrypted by following the process set forth in Sending Encrypted document, unless a secure tunnel has been established with the receiving party. In addition, Personnel will comply with the following safeguards: (a) (b) (c) s will be reviewed to ensure that they are addressed to the correct recipient. Senders contact information will be included on the . Where practical, the will be labeled Confidential. 2. Access Controls. (a) (b) VNSNY s computer systems are to be used only by those individuals authorized to do so through the policies of VNSNY. Personnel shall be assigned user IDs/passwords for access authorizations to electronic PHI. Such User IDs/passwords shall be based on their job responsibilities. A person s right of access to a workstation, transaction, program or process shall be modified upon a change in the person s job function. (c) All passwords are required to be complex. See, Complex Password Policy. (d) (e) (f) Personnel are not permitted to share user ID or passwords. Upon termination of a Personnel member, his or her user ID/password will be promptly terminated. Only authorized Personnel, including authorized third-party maintenance personnel, may access software programs for testing and revision. See also, additional IT Security Policies available at the IT Security Policy Site. 3. Workstation Use: VNSNY must maintain secure workstations to eliminate or minimize the possibility of unauthorized access to both PHI and electronic PHI. Personnel must exercise prudence and common sense to maintain the security of information accessible from their workstations. Workstations include fixed devices, such as terminals, as well as laptops, personnel digital assistants, and other portable devices. At a minimum the following procedures should be followed: 4

115 (a) (b) (c) (d) (e) All workstations should be locked or turned off when unattended for more than fifteen (15) minutes. Automatic log-off or password protected screen savers are used when a computer is not being used for more than a few minutes. Printing and copying of documents with electronic protected health information should only occur to the extent necessary. Electronic PHI may only be downloaded to portable workstations with proper authorization. If electronic PHI is properly downloaded to a portable workstation, to the extent possible, only the minimum amount of information necessary for the Personnel job function may be downloaded. 4. Text Messaging. Any text message containing PHI must comply with the texting PHI policy and the standards set forth in Section A.5. above. 5. Use of Social Media Sites. PHI shall not be posted on social media sites such as Facebook or Twitter. Personnel will be educated that just because a patient s name is not used, does not mean that the patient or member is not identifiable. 6. Audits. Access to electronic PHI will be periodically audited. 7. Additional Technical Safeguards. Additional technical safeguards will be implemented in accordance with VNSNY s HIPAA Security Policies. C. Physical Safeguards 1. Facility Security Plan. (a) All hardware, network connections, software, data or other files will, as much as possible, be stored away from potential natural physical hazards, such as water/cooling/heating pipes, vents or ducts, any visible signs of water/cooling/heating or other natural damage, direct sunlight, and extreme cold. (b) Electrical circuits will not be overloaded. Additional circuits will be installed if needed. Power strips may be used where necessary, but must be used individually and not plugged into each other. VNSNY will assure that there are no frayed or otherwise defective electrical cords. Electrical equipment with cords found defective will be taken out of service promptly and replaced. (c) Please also refer to IT Security Policy Site. 2. Access Control And Validation Procedures. 5

116 (a) (b) Personnel will take reasonable steps to ensure that visitors do not obtain unauthorized access (e.g., question visitors who appear to be where they should not be and report any unauthorized access to Director of Safety and Security). Any person performing physical work on the premises (e.g., repair of equipment or utilities) must show identification before entering VNSNY. All Personnel must have their VNSNY-issued ID while on VNSNY s premises. Personnel must only physically access these areas containing PHI if they have a legitimate clinical or business purpose. 3. Additional Physical Safeguards. In addition to the physical safeguards discussed above, Personnel will comply with following safeguards: (a) (b) (c) (d) PHI will be securely stored in locked drawers, file cabinets, offices, or office suites when the work area is unattended. Only a patient/member first name and last initial (or vice versa) will be posted on boards that may be viewable to the public. PHI will not be left unattended in public or other open areas, such as conference or meeting rooms. When PHI is placed in a bin or mailbox outside an area that is visible to visitors or others, the record will be positioned so that the PHI is not exposed. D. Training All Personnel shall receive training at the time of employment with annual updates thereafter, or as otherwise needed, regarding VNSNY s HIPAA compliance program and the safeguards discussed in this Policy. Reviewed: 7/14/2010; 9/23/2013; 2/20/2014 Revised: 9/23/2013; 2/20/2014 REFERENCES: 45 CFR

117 VNSNY CORPORATE POLICY AND PROCEDURE USES AND DISCLOSURES OF PATIENT INFORMATION TITLE: APPLIES TO: PREPARED BY: Uses and Disclosures of Patient Information VNSNY; Visiting Nurse Service of New York Home Care, VNSNY Hospice and Palliative Care, Family Care Services, Partners in Care, and VNS CHOICE Community Care (collectively, the VNSNY Providers ). Corporate Compliance Department APPROVED: May 27, 2009 PURPOSE This Policy and Procedure establishes the general rules which VNSNY Providers will follow when using and disclosing the health information of its patients. POLICY A. Protected Health Information. HIPAA requires VNSNY Providers to adhere to certain rules when using and disclosing protected health information or PHI of its patients. Protected health information is defined by HIPAA as information, in any form or medium (including oral, written and electronic communications), that is created by VNSNY Providers, relates to an individual s physical or mental health (e.g., provision of payment for) and identifies, or could be reasonably expected to be used to identify, an individual. Once a patient has been deceased for more than 50 years, such information about him or her is no longer considered to be PHI. PHI includes everything from a patient s name, address and telephone number to the clinical and billing records. B. Use and Disclosure for Treatment, Payment and Health Care Operations. Consistent with VNSNY Providers s privacy notice to patients, VNSNY Providers may use and disclose PHI of its patients for VNSNY Providers treatment, payment and health care operations purposes. No written consent or authorization is required for uses and disclosures of PHI for these purposes unless VNSNY Providers receives direct or indirect remuneration (e.g., payment in any form) in exchange for the PHI.

118 C. Other Uses and Disclosures of PHI. VNSNY Providers will not use or disclose PHI for purposes other than treatment, payment and health care operations, except that VNSNY Providers may disclose PHI: 1. to the patient. 2. for treatment activities of another health care provider (e.g., VNSNY Providers can provide PHI to a physician in order to assist the physician in treating a patient). 3. to another Covered Entity for its payment activities (e.g., to a DME provider so that the DME provider can submit an insurance claim for services it provided). 4. to another Covered Entity for certain of its health care operations, 1 provided the Covered Entity and VNSNY Providers each has or had a relationship with the patient and the PHI pertains to that relationship. 5. pursuant to a valid HIPAA authorization. 6. to a business associate, 2 subject to the terms of the applicable business associate agreement. 7. to the U.S. Department of Health and Human Services in connection with compliance reviews and investigations, subject to the requirements of applicable law. 8. to a patient s family, friends and personal representatives as described in VNSNY Providers policy regarding such disclosures. 9. to a person subject to the jurisdiction of the FDA for purposes related to a product approved by the FDA (e.g., incident reporting, tracking of products, product recalls or post-marketing surveillance). 10. for various legal, regulatory and employment purposes pursuant to VNSNY Providers policy regarding such. 11. to a public or private entity authorized by law or by its charter to assist in disaster relief efforts, subject to the requirements of HIPAA and applicable law. 12. in a limited data set that meets the requirement of HIPAA s privacy regulations, if VNSNY Providers enters into a data use agreement with the limited data set recipient. 13. limited to proof of immunization, to a patient s school if a) the school is required by state or other law to have such proof of immunization before admitting the 1 The purpose of such disclosure must be for quality assurance activities, process improvement, case management, population-based activities relating to improving health or reducing health care costs, protocol development, contacts with health care providers and patients about treatment alternatives and related activities, training programs, accreditation, licensure, credentialing, or fraud and abuse compliance. 2 Business Associate means a person to whom VNSNY Providers provides patient information and who performs a task or function on behalf of VNSNY Providers v.1 2

119 individual; and b) VNSNY Providers has written or oral agreement from the patient or his or her personal representative, as applicable. 14. as otherwise specifically permitted or required by federal regulations. Note: HIV, alcohol and/or substance abuse and mental health treatment records and genetic information enjoy additional confidentiality protections by state and federal law that must be followed. Questions concerning the disclosure of these types of information should be raised with the Privacy Officer. D. Incidental Disclosures. Incidental uses or disclosures of PHI which occur as a by-product of an otherwise permitted or required use or disclosure are not considered to be violations of HIPAA, provided adequate safeguards have been put into place and minimum necessary policies have been implemented. E. Covered Entity s Privacy Notice. VNSNY Providers will provide patients with a copy of a privacy notice which describes VNSNY Providers uses and disclosures of PHI, the patient s privacy rights and the procedure for making complaints. In addition, VNSNY Providers will make a good faith effort to obtain each patient s written acknowledgment of receipt of the privacy notice. If VNSNY Providers is unable to do so, it will document the attempts that were made and why such attempts were unsuccessful. F. Patient Restrictions. A patient has the right to request restrictions on how VNSNY Providers uses or discloses their PHI to carry out treatment, payment and health care operations. 1. VNSNY Providers has to agree to restrictions made by patients to restrict disclosure of PHI to a health plan if: a) the PHI pertains solely to health care items or services for which the patient has paid VNSNY Providers in full; and b) the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law. 2. For all other patient restriction requests, VNSNY does not have to agree to such restrictions. When a request for a restriction is made by a patient, VNSNY Providers will inform the patient of VNSNY Providers s decision regarding a request for a restriction and will document that the request was made as well as the decision made by VNSNY Providers. For VNSNY Providers that use the mainframe, this is documented in the mainframe; for all other VNSNY Providers, this is documented in the patient record. 3. Covered Entity staff may not agree to any restrictions on VNSNY Providers uses or disclosures of PHI without the prior approval of VNSNY Providers Privacy Officer. 4. If VNSNY Providers agrees to a restriction requested by a patient, VNSNY Providers will honor the restriction, unless the patient subsequently agrees to terminate v.1 3

120 the restriction, 3 and except when otherwise required to provide emergency treatment to the patient. G. Remuneration for PHI. 1. If VNSNY Providers receives remuneration for PHI, VNSNY Providers may not disclose PHI for any purpose unless it has obtained the patient s authorization, except as listed below. VNSNY Providers may disclose PHI for the following purposes even if it is receiving direct or indirect remuneration in exchange for disclosing PHI: (a) (b) (c) (d) (e) (f) (g) Public health activities; Research purposes as long as the remuneration received is reasonable cost-based fee to cover the cost to prepare and transmit the information for research purposes; Treatment and payment purposes; Sale, transfer, merger, or consolidation of all or any part of VNSNY Providers and for related due diligence; Services rendered by a business associate at the specific request of VNSNY Providers; To a patient or their personal representative when requested; or Otherwise required by law permitted under the privacy regulations. II. PATIENT AUTHORIZATIONS A. Authorization Required. If VNSNY Providers intends to use or disclose PHI for purposes other than treatment, payment or health care operations, and when the use or disclosure is not otherwise authorized under HIPAA, VNSNY Providers will first obtain a valid written and signed authorization from the patient or his or her personal representative. When VNSNY Providers receives a valid authorization, all uses and disclosures pursuant to the authorization must be consistent with its terms. B. Who Can Execute an Authorization. The following individuals are authorized to sign an authorization: 1. The patient, provided that he/she is competent and at least 18 years old; 2. A personal representative with the legal authority to make medical decisions for an incapacitated patient, such as a court appointed guardian authorized to make medical decisions, health care agent, surrogate, parent, or other person acting in loco parentis 3 Either in writing or orally. Oral agreements to terminate a restriction should be documented by VNSNY Providers v.1 4

121 that has the legal authority to make medical decisions on behalf of a minor subject to VNSNY Providers policy and procedure regarding personal representatives; 3. A person, executor or administrator of a deceased patient who has the authority to act on behalf of a deceased patient or the patient s estate. C. Documentation. VNSNY Providers will retain a written, signed copy of such authorization. This documentation will be retained for six (6) years from the date of the authorization s execution or the date when the authorization was last in effect, whichever is later. D. Defective Authorizations. VNSNY Providers will not accept an authorization if: 1. the authorization s expiration date has passed or the expiration event is known by VNSNY Providers to have occurred; 2. the authorization that has not been filled out completely or contains material information known by VNSNY Providers to be false; 3. the authorization is known by VNSNY Providers to have been revoked or incorrectly created as a compound authorization. E. Compound and Conditional Authorizations. 1. Except as indicated in this Section, VNSNY Providers will not condition a patient s treatment or payment on the patient s providing an authorization. (a) (b) VNSNY Providers may require an authorization if the purpose of providing the health care is to disclose the PHI to a third party. 4 VNSNY Providers may also condition the provision of researchrelated treatment on the provision of an authorization. 2. Generally, an authorization for the use or disclosure of PHI will not be combined with any other document. Any type of authorization may, however, be combined with any other type of authorization, with the following exceptions and conditions: (a) (b) (c) An authorization for a use or disclosure of psychotherapy notes can only be combined with another psychotherapy note authorization. An authorization for a research study may be combined with any other type of written permission for the same or another research study, including consent to participate in such research. An authorization for a research study that conditions the provision of research-related treatment on the provision of the authorization 4 For example, if a Covered Entity has a contract with an employer to provide fitness-for-duty exams to its employees, a Covered Entity can refuse to conduct the exam if the employee refuses to provide an authorization to disclose the exam results to the employer v.1 5

122 may be combined with an authorization for other research activities that are not conditioned upon the provision of the authorization, if the compound authorization clearly differentiates between the conditioned and unconditioned research components and provides the individual with an opportunity to separately opt into (or not opt into) the research activities that are not conditioned upon authorization. For additional information regarding the use of research authorizations refer to VNSNY Providers research policy. (d) Except for authorizations regarding conditioned research related treatment and unconditioned research, authorizations that condition the provision of treatment or payment cannot be combined with other authorizations. F. Revocations. An individual can revoke his or her authorization, in writing, at any time, unless VNSNY Providers has relied upon the authorization. 1. Authorizations for Marketing. Generally, VNSNY Providers will not use or disclose PHI for marketing purposes unless it obtains a patient authorization. There are, however, several exceptions to the authorization requirement for marketing. Additionally, if marketing involves financial remuneration to VNSNY Providers from a third party, the authorization form must state that such remuneration is involved. For questions regarding marketing authorizations, refer to Covered Entity s Marketing Policy. 2. Authorizations for Fundraising. The Covered Entity may use patient demographic information, dates of health care service, department of service information, treating physician, outcome information, and health insurance status of the patient for fundraising purposes, so long as this use of the information is described in the notice to patients. If the information is to be given to anyone other than a business associate or institutionally related foundation, a patient authorization is required. For questions regarding Fundraising authorizations, refer to VNSNY Providers Marketing Policy. Reviewed: 7/14/2010; 9/23/2013; 1/30/2015 Revised: 9/23/2013 REFERENCE: 45 CFR , , , , & (a) v.1 6

123 VNSNY CHOICE POLICY AND PROCEDURE HIPAA POLICY ON USES AND DISCLOSURES OF MEMBER INFORMATION TITLE: APPLIES TO: PREPARED BY: VNSNY CHOICE Uses and Disclosures of Member Information VNSNY CHOICE Corporate Compliance Department APPROVED: November 12, 2007 PURPOSE This policy and procedure establishes the general rules which VNSNY CHOICE ("CHOICE") will follow when using and disclosing the health information of its members. All Plan personnel are expected to maintain the confidentiality and privacy of member information in accordance with the Federal Health Insurance Portability and Accountability Act of 1996 and its related regulations ( HIPAA ). POLICY I. Protected Health Information. HIPAA requires CHOICE to adhere to certain rules when using and disclosing the protected health information (PHI) of its members. PHI is defined by HIPAA as information, in any form or medium (including oral, written and electronic communications), that: A. is created by a Plan, health care provider, or a health care clearinghouse; B. relates to an individual s physical or mental health, the provision of health care to an individual, or the payment for the provision of health care to an individual; and C. identifies, or could be reasonably expected to be used to identify, an individual. PHI includes everything from a member s name, address and telephone number to the member s clinical and billing records.

124 II. Use and Disclosure for Treatment, Payment and Health Care Operations. Consistent with CHOICE s privacy notice to members, CHOICE may use and disclose the PHI of its members for CHOICE s treatment, payment and health care operations purposes. However, state law requires that CHOICE obtain a consent form prior to making these types of disclosure. The suggested HIPAA consent form is available at III. CHOICE s Privacy Notice. CHOICE will provide its members with a copy of a privacy notice which describes CHOICE s uses and disclosures of member information, the member s privacy rights and the procedure for making complaints. IV. Member Restrictions. The member has the right to request restrictions on how CHOICE uses or discloses PHI to carry out treatment, payment and health care operations, but CHOICE does not have to agree to such restrictions. When a request for a restriction is made by a member, CHOICE will inform the member of CHOICE s decision regarding a request for a restriction and will document that the request was made as well as the decision made by CHOICE. The decision shall be documented either under the HIPAA tab in the member record or in the mainframe HIPAA Flag. VNSNY CHOICE staff may not agree to any restrictions on CHOICE s uses or disclosures of a member s PHI without the prior approval of CHOICE s Privacy Officer. If CHOICE does agree to a restriction requested by a member, CHOICE will honor the restriction, unless the member subsequently agrees to terminate the restriction 1 and except when otherwise required to provide emergency treatment to the member. V. Confidential Communications/Alternative Communications. The member has the right to request that CHOICE provide him/her with communications of his/her PHI by alternative means or at alternative locations. However, CHOICE is only required to permit and accommodate such requests if the member clearly states that the disclosure of all or part of the information, absent the accommodation, could endanger the member and such request is put in writing. For all other requests for alternative communications, CHOICE is not required to agree to any accommodation, but if it does, then it is bound by such agreed-upon accommodations. When a request for alternative communications is made by a member 2, CHOICE will inform the member of CHOICE s decision regarding the request for alternative communications and will document that the request was made as well as the decision made by CHOICE. The decision shall be documented either under the HIPAA tab in the member record or in the mainframe HIPAA Flag. Plan staff may not agree to any other alternative communication requests without the prior approval of CHOICE s Privacy Officer. If CHOICE does agree to a request for alternative communications, CHOICE will honor the request, unless the member subsequently 1 Either in writing or orally. Oral agreements to terminate a restriction are documented by CHOICE. 2 If the member clearly states that the disclosure of all or part of the information, absent the accommodation, could endanger the member, CHOICE will require the member to put the statement in writing and will comply with the requested accommodation. 2

125 terminates the request for alternative communications 3 and except when otherwise required to provide emergency treatment to the member. VI. Uses and Disclosures for Underwriting and Related Purposes. If CHOICE receives PHI for the purposes of underwriting, premium rating or other activities relating to the creation, renewal or replacement of a health insurance or health benefits contract, and the health insurance or benefits are not placed with CHOICE, CHOICE will not use or disclose the PHI for any other purposes, except as required by law. VII. Other Uses and Disclosures of PHI. CHOICE will not use or disclose PHI for purposes other than treatment, payment and health care operations, with the following exceptions: A. CHOICE may disclose PHI to the member. B. CHOICE may disclose PHI for treatment activities of a health care provider (e.g., CHOICE can provide PHI to a physician in order to assist the physician in treating a member). C. CHOICE may disclose PHI to another Covered Entity or health care provider for its payment activities (e.g., disclosing eligibility information to an ambulance company so that the ambulance company can submit an insurance claim for services it provided). D. CHOICE may disclose PHI to another Covered Entity or health care provider for certain of its health care operations 4, provided CHOICE and the Covered Entity each has or had a relationship with the member and the PHI pertains to that relationship. E. CHOICE may use and disclose PHI pursuant to a valid HIPAA authorization. F. CHOICE may disclose PHI to a business associate, subject to the terms of the applicable business associate agreement. G. CHOICE must disclose PHI to the Department of Health and Human Services in connection with compliance reviews and investigations, subject to the requirements of applicable law. H. CHOICE may disclose PHI to a member s family, friends and personal representatives as described in CHOICE policy regarding such disclosures. I. CHOICE may disclose PHI to a person subject to the jurisdiction of the FDA for purposes related to a product approved by the FDA (e.g., incident reporting, tracking of products, product recalls or post-marketing surveillance). J. CHOICE may use or disclose PHI for various legal, regulatory and employment purposes pursuant to CHOICE s policy regarding such disclosure. 3 Either in writing or orally. Oral agreements to terminate a restriction are documented by CHOICE. 4 The purpose of such disclosure must be for quality assurance activities, process improvement, case management, population-based activities relating to improving health or reducing health care costs, protocol development, contacts with health care providers and members about treatment alternatives and related activities, training programs, accreditation, licensure, credentialing or fraud and abuse compliance. 3

126 K. CHOICE may disclose PHI to a public or private entity authorized by law or by its charter to assist in disaster relief efforts, subject to the requirements of HIPAA and applicable law. L. CHOICE may use or disclose a limited data set that meets the requirement of HIPAA s privacy regulations, if CHOICE enters into a data use agreement with the limited data set recipient. M. CHOICE may use or disclose PHI as otherwise specifically permitted or required by federal regulations. Note: HIV-related information, genetic information, alcohol and/or substance abuse records and mental health records enjoy additional confidentiality protections of state and federal law that must be followed. Questions concerning the disclosure of these types of information should be raised with the Privacy Officer. VIII. Incidental Disclosures. Incidental uses or disclosures of PHI which occur as a byproduct of an otherwise permitted or required use or disclosure are not considered to be a violations of HIPAA, provided adequate safeguards have been put into place and minimum necessary policies have been implemented. IX. Remuneration for PHI. A. Except as listed below, if CHOICE receives remuneration for PHI, CHOICE may not disclose PHI for any purpose unless it has obtained the member s authorization. CHOICE may disclose PHI for the following purposes even if it is receiving direct or indirect remuneration in exchange for disclosing PHI: 1. Public health activities; 2. Research purposes if the remuneration received is reasonable cost-based fee to cover the cost to prepare and transmit the information for research purposes; 3. Treatment and payment purposes; 4. Sale, transfer, merger, or consolidation of all or any part of CHOICE and for related due diligence; CHOICE; 5. Services rendered by a business associate at the specific request of 6. To a patient or their personal representative when requested; or 7. Otherwise required by law permitted under the privacy regulations. MEMBER AUTHORIZATIONS I. Authorization Required. If CHOICE intends to use or disclose PHI, CHOICE will first obtain a valid written and signed authorization from the member or his/her personal 4

127 representative. When CHOICE receives a valid authorization, all uses and disclosures pursuant to the authorization must be consistent with its terms. A valid authorization should be written in plain language and specifically include: A. the information to be used or disclosed; B. the person or entity who will be using or disclosing the information; C. the person or entity who will be receiving the information; D. each purpose of the requested uses or disclosures; E. an expiration date or event which relates to the individual or the purpose of the use or disclosure 5 ; F. the signature of the individual (or personal representative) and the date; and G. various required statements and information specified by the privacy regulations. II. Who Can Execute an Authorization. The following individuals are authorized to sign an authorization for a member: A. The member, provided that he/she is competent and at least 18 years old; B. A personal representative with the legal authority to make medical decisions for an incapacitated member, such as a court appointed guardian authorized to make medical decisions, health care agent, parent, or other person acting in loco parentis that has the legal authority to make medical decisions on behalf of a minor subject to CHOICE s policy and procedure regarding personal representatives. C. An executor or administrator of a deceased member s estate. III. Defective Authorizations. CHOICE will not accept an authorization if the authorization s expiration date has passed or the expiration event is known by CHOICE to have occurred. CHOICE will also reject any authorization that has not been filled out completely or contains material information that CHOICE knows is false. An authorization is invalid if CHOICE knows it is revoked or incorrectly created as a compound authorization (as discussed below). IV. Compound and Conditional Authorizations. A. Compound Authorizations. Generally, an authorization for the use or disclosure of PHI will not be combined with any other document. Any type of authorization may, however, be combined with any other type of authorization, except when the authorization conditions the provision of treatment, payment, enrollment in a Plan, or eligibility for benefits on the member s providing one of the authorizations to be combined. 5 Under certain circumstances, research authorizations do not need to include an expiration date and, instead, end of the research or none can be documented on the form. 5

128 1. Psychotherapy notes. An authorization for a use or disclosure of psychotherapy notes will only be combined with another psychotherapy note authorization. 2. Research. An authorization for the use or disclosure of PHI for a research study may be combined with any other type of written permission for the same research study, including another authorization for the use or disclosure of PHI for such research or a consent to participate in such research. For additional information regarding the use of research authorizations refer to VNSNY s HIPAA Research Policy. B. Prohibition on Conditioning of Authorizations. Except as indicated in this Section, CHOICE will not condition a member s treatment, payment, enrollment in CHOICE, or eligibility for benefits on the member s providing an authorization. 1. CHOICE may condition the provision of health care that is solely for the purpose of creating PHI for disclosure to a third party on the member s provision of an authorization for the disclosure of the PHI to such third party. 2. CHOICE may condition enrollment in CHOICE or eligibility for benefits on the provision by the individual of an authorization requested by CHOICE prior to an individual s enrollment in CHOICE, if: (i) the authorization sought is for CHOICE s eligibility or enrollment determinations relating to the individual or for its underwriting or risk rating determinations; and (ii) the authorization is not for a use or disclosure of psychotherapy notes. V. Revocations. An individual can revoke his/her authorization, in writing, at any time, unless CHOICE has relied upon the authorization. VI. Specific Authorizations. A. Authorizations for Psychotherapy Notes. See Appendix A. Please consult with the Privacy Office if you believe the record contains psychotherapy notes. B. Authorizations for Marketing. Generally, CHOICE will not use or disclose member information for marketing purposes unless it obtains an authorization. There are, however, several exceptions to the authorization requirement for marketing. For questions regarding marketing authorizations, refer to CHOICE s Marketing Policy and Center for Medicare and Medicaid Services Marketing Guidelines. Reviewed: 7/14/2010; 9/23/2013; 1/30/2015 Revised: 9/23/2013; 1/30/2015 REFERENCE: 45 CFR , , , & (a); h_info.pdf 6

129 Appendix A Psychotherapy Notes Generally, CHOICE will obtain an authorization prior to using or disclosing a member s psychotherapy notes. Psychotherapy notes are recorded by a mental health professional, document or analyze the contents of conversations during an individual or group counseling session and are separated from the rest of the member s medical record. Psychotherapy notes do not include medication prescription and monitoring, counseling session start and stop times, the modalities and frequencies of treatment furnished, results of clinical tests, and any summary of diagnosis, functional status, treatment plan, symptoms, prognosis and progress to date. An authorization will not be required; however, when the psychotherapy notes will used or disclosed for the following purposes: 1. Use by the originator of the psychotherapy notes for treatment; 2. Use or disclosure by CHOICE for its own training programs in which students, trainees, or practitioners in mental health learn under supervision to practice or improve their skills in group, joint, family or individual counseling; 3. Use and disclosure by CHOICE to defend itself in a legal action or other proceeding brought by the member; 4. Disclosures to the Secretary of Health and Human Services to investigate CHOICE s compliance with the law; 5. Uses and disclosures required the law, if the use or disclosure complies with and is limited to the relevant requirements of such law; 6. Disclosures to a health oversight agency in connection with the oversight of the originator of the psychotherapy notes; 7. Disclosures to coroners or medical examiners for the purpose of identifying a deceased person, determining the cause of death or other duties as authorized by law; or Consistent with applicable law and standards of ethical conduct, uses and disclosures which are based on a good faith belief of CHOICE that such uses or disclosures are necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public and such uses or disclosures are to a person or persons who may reasonably be able to prevent or lessen the threat. 7

130 Visit the Corporate Compliance Department on the VNSNY Intranet:

131 VNSNY COMPLIANCE COMPLIANCE HOTLINES VNSNY S COMPLIANCE LEADERSHIP: VNSNY VP of Compliance & Regulatory Affairs and HIPAA Privacy Officer Annie Miyazaki Annie.Miyazaki@vnsny.org (212) (212) (VNSNY) (888) (VNSNY CHOICE) How employees can reach us 24 hours a day, 7 days a week: VNSNY Hotline: (212) VNSNY CHOICE Hotline: (888) VNSNY Online Reporting Tool: Anonymously, if you choose Without worry of retaliation or intimidation VNSNY CHOICE VP of Compliance & Regulatory Affairs What to report: Dorian Needham Dorian.Needham@vnsny.org (212) If you suspect that someone is doing anything that is illegal or unethical, you must report it. Examples include: Director of IT Security and HIPAA Security Officer Steven Tsavlis Steven.Tsavlis@vnsny.org (212) OTHER WAYS TO CONTACT COMPLIANCE: VNSNY Compliance 1250 Broadway, 26th Floor New York, NY (646) (Fax) VNSNY CHOICE Compliance 1250 Broadway, 11th Floor New York, NY CHOICECompliance@vnsny.org (646) (Fax) Questionable billing, coding, or medical record documentation practices. Giving or accepting something of value in exchange for patient referrals or other business. Inferior quality of care. Stealing from VNSNY or a patient or a member. Altering medical or business records. Conduct that may be fraudulent, wasteful, or abusive under our Code of Conduct. Any activity or business that could be interpreted as unethical or illegal. What we will do with your report: You have our guarantee that your comments will be heard and all reported compliance issues will be investigated. You can report anonymously through our hotlines or using the online reporting tool.