Compliance Fraud, Waste and Abuse HIPAA Privacy and Security

Similar documents
Medicare Parts C & D Fraud, Waste, and Abuse Training and General Compliance Training. Developed by the Centers for Medicare & Medicaid Services

Medicare Parts C & D Fraud, Waste, and Abuse Training

Medicare Parts C & D Fraud, Waste, and Abuse Training and General Compliance Training

Compliance Program. Health First Health Plans Medicare Parts C & D Training

Developed by the Centers for Medicare & Medicaid Services Issued: February, 2013

Commitment to Compliance

COMPLIANCE TRAINING 2015 C O M P L I A N C E P R O G R A M - F W A - H I P A A - C O D E O F C O N D U C T

Developed by the Centers for Medicare & Medicaid Services

Compliance and Fraud, Waste, and Abuse Awareness Training. First Tier, Downstream, and Related Entities

FWA (Fraud, Waste and Abuse) Training

Medicare Parts C & D Fraud, Waste, and Abuse Training and General Compliance Training

Mission Statement. Compliance & Fraud, Waste and Abuse Training for Network Providers 1/31/2019

Vendor Code of Business Conduct & Ethics

Medicare Parts C & D General Compliance Training

Answers to Frequently Asked Questions

FDR. Compliance Guide

D E B R A S C H U C H E R T, C O M P L I A N C E O F F I C E R

Medicare Advantage High Level Training

DEFICIT REDUCTION ACT AND FALSE CLAIMS POLICY INFORMATION FOR All NEW YORK WORKFORCE MEMBERS

Health Alliance Plan utilizes the Centers for Medicare and Medicaid Services (CMS) current definitions to define (FDRs):

FRAUD, WASTE, & ABUSE (FWA) for Brokers. revised 10/17

Corporate Legal Policy

MEDICARE PARTS C&D GENERAL COMPLIANCE AND FRAUD, WASTE AND ABUSE TRAINING

MEDICARE PARTS C&D GENERAL COMPLIANCE AND FRAUD, WASTE AND ABUSE TRAINING

DEFICIT REDUCTION ACT AND FALSE CLAIMS POLICY INFORMATION FOR All MASSACHUSETTS WORKFORCE MEMBERS

STRIDE sm (HMO) MEDICARE ADVANTAGE Fraud, Waste and Abuse

What is a Compliance Program?

Corporate Compliance Program. Intended Audience: All SEH Associates 2016 Content Expert: Lisa Frey -

OHC CORPORATE COMPLIANCE PROGRAM (ACF & ECF) DOING THE RIGHT THING

Pharmacy Compliance- Credentialing, HIPAA and Fraud, Waste and Abuse (FWA) ACPE# L04-P ACPE# L04-T

IEHP Medicare DualChoice Program Pharmacy Program Manual

Medicare Parts C and D General Compliance Training

ANTI-FRAUD PLAN INTRODUCTION

FDR Compliance Guide. Paramount

This course is designed to provide Part B providers with an overview of the Medicare Fraud and Abuse program including:

In this course, we will cover the following topics: The structure and purpose of Navicent Health s Compliance Program The requirements of the

National Policy Library Document

Effective Date: 4/3/17

Ridgecrest Regional Hospital Compliance Manual

MMP (CalMediconnect) Community Health Group. and. First Tier, Downstream & Related Entity

MENTAL HEALTH MENTAL RETARDATION OF TARRANT COUNTY. Board Policy. Number A.3 July 31, 2001 COMPLIANCE PLAN

PREVENTION, DETECTION, AND CORRECTION OF FRAUD, WASTE AND ABUSE

Completing the Journey through the World of Compliance. Session # COM6, March 5, 2018 Gabriel L. Imperato, Managing Partner Broad and Cassel

C. Enrollees: A Medicaid beneficiary who is currently enrolled in the MCCMH PIHP.

Region 10 PIHP FY Corporate Compliance Program Plan

Standards of Conduct Compliance & Training Requirements for Providers - First Tier, Downstream & Related Entities (FDR)

MEDICARE COMPLIANCE PROGRAM GUIDE F I R S T T I E R, D O W N S T R E A M, A N D R E L A T E D E N T I T I E S ( F D R )

Amy Bingham, Compliance Director Reviewed Only Date: 6/05,1/31/2011, 1/24/2012 Supersedes and replaces: "CC-02 - Anti-

Montefiore Medical Center Compliance Program. Welcome House Staff Orientation

Current Status: Active PolicyStat ID: Fraud, Waste and Abuse

2016 Business Associate Workforce Member HIPAA Training Handbook

Required CMS Contract Clauses Revised 8/28/14 CMS MCM Guidance Chapter 21

Fraud, Waste and Abuse: Compliance Program. Section 4: National Provider Network Handbook

Cape Fear Valley Health System Corporate Compliance, HIPAA, and ACO Module Annual Required Education

STANDARDS OF CONDUCT

HIPAA Privacy & Security. Transportation Providers 2017

Triad Healthcare Network Accountable Care Organization Participants

Certifying Employee Training Navicent Health s Corporate Integrity Agreement Year Two

SUNY DOWNSTATE MEDICAL CENTER POLICY AND PROCEDURE. No:

CORPORATE COMPLIANCE POLICY AND PROCEDURE

Health Care Fraud for Physicians

Medicare Part D Regulatory Pharmacy Training

CORPORATE COMPLIANCE POLICY AND PROCEDURE

STANDARDS OF CONDUCT For Care1st s Contracted First-Tier, Downstream, and Related Entities (FDRs)

vendor Code of Conduct

AGENCY POLICY. IDENTIFICATION NUMBER: CCD001 DATE APPROVED: Nov 1, 2017 POLICY NAME: False Claims & Whistleblower SUPERSEDES: May 18, 2009

CODE OF BUSINESS CONDUCT COMPLIANCE AND ETHICS PROGRAM Knowledge Check Questions

HIPAA Privacy Policy and Procedures Supplement for KP-IT

Sharp HealthCare s 2017 Compliance Education. Fraud, Waste, and Abuse: Prevention, Detection and Reporting Module 2

Fraud, Waste and Abuse A Presentation for Network Providers

Fraud, Waste and Abuse

CODE OF CONDUCT BOARD OF DIRECTORS APPROVAL FEBRUARY 21, 2017

Charging, Coding and Billing Compliance

Policy to Provide Information for Combating Fraud, Waste and Abuse and the Ability of Employees to Report Wrongdoing

University of California Group Health and Welfare Benefit Plans HIPAA Privacy Rule Policies and Procedures (Interim)

CODE OF BUSINESS ETHICS. (First Tier, Downstream Providers and Related Entities)

WellCare icare Compliance Training on Fraud, Waste and Abuse and HIPAA Module 2

Effective Date: 1/01/07 N/A

Compliance. Provider Manual

COMPLIANCE DEPARTMENT. LSUHSC-S Louisiana State University Health Sciences Center Shreveport ACKNOWLEDGEMENT RECEIPT

MultiPlan Code of Business Conduct and Ethics for Network Providers and Third-Parties

National Policy Library Document

Clinical and Administrative Policies and Procedures

Whistleblower Protection

False Claims Liability, Anti-Retaliation Protections, and Detecting and Responding to Fraud, Waste, and Abuse

ADMINISTRATIVE MANUAL SECTION 700 Functional Section: Leadership (LD) POLICY 716.5

Medicare Part D: Retiree Drug Subsidy

High mark First Tier, Downstream, and Related Entity Handbook and General Compliance Training

Approval Signatures: *This policy is based on VO legacy policy LC310 issued 12/4/06 and last approved 3/14/14

HOSPITAL COMPLIANCE POTENTIAL IMPLICATION OF FRAUD AND ABUSE LAWS AND REGULATIONS FOR HOSPITALS

Code of Conduct U.S. Supplemental Requirements

Institutional Compliance New Employee Orientation 2017

First Tier Entity Attestation 2017 Medicare Advantage Organization (Sponsor) Compliance Program

Anti-Kickback Statute and False Claims Act Enforcement

A Day In The Life Of A Healthcare Fraud Investigator

Federal Deficit Reduction Act of 2005, Section 6032 on Fraud, Waste, and Abuse

Code of Conduct/Ethics Policies and Procedures

Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300

False Claims Prevention

HIPAA Overview Health Insurance Portability and Accountability Act. Premier Senior Marketing, Inc

Transcription:

2017 Compliance Fraud, Waste and Abuse HIPAA Privacy and Security

Table of Contents/Agenda Welcome to General Compliance Training for Providers! Training Objectives: Understand why you need Compliance Training and how Compliance affects everyone Learn about the 7 Elements of an Effective Compliance Program Learn about Fraud, Waste and Abuse Learn about HIPAA/Privacy & Security Understand Reporting Requirements 2

Compliance Training: Overview IEHP Policies and Procedures Fraud, Waste and Abuse Code of Conduct HIPAA Compliance Program IEHP Compliance Training Privacy and Security 3

Compliance Training Overview Mission Statement: To organize and improve the delivery of quality, accessible and wellness based healthcare service for our community. 4

Compliance Training: Overview Annual Compliance Training is mandatory for: Team Members Temporary Staff Contractors Providers Business Associates Vendors First tier, downstream and related entities (FDRs) Governing Board Chief Officers Introductory Compliance Training Within 90 days of hire, all new Team Members & Temporary Staff, and contractors must attend Introductory Compliance Training Newly assigned Governing Board Members will be provided Compliance Training upon assignment to the Board All First Tier Entities, including IPAs, must provide Compliance training to their staff and attest on an annual basis to IEHP that they have provided training to their employees and FDRs. 5

What is Compliance and Why is it Important? Federal and State laws regulate the Health Care Industry To ensure compliance with applicable laws To protect our Members To prevent abuse of federal and state tax payer money To guide IEHP/FDRs to always do the right thing! 6

Everyone has a Role in Compliance Team Members Business Associates First Tier Entity (e.g., IPA, Hospital, Pharmacy Benefit Manager (PBM), etc.) Temporary Staff Vendors Downstream Entity (e.g., Pharmacy contracted with PBM, claims processing contracted with IPA) Governing Board Interns Contractors Related Entity (e.g., common ownership or control of entity) This group is also known as FDRs 7

Corporate Compliance Program Structure OIG Guidance: 7 Elements The Federal Sentencing Guidelines (FSG) and Office of Inspector General (OIG) have identified 7 Elements of an Effective Compliance Program: Governance / Board Oversight Compliance Professional Code of Conduct and Policies & Procedures Employee Training Reporting & Communication Monitoring & Auditing Corrective Action 8

Element 1 Written Policies, Procedures and Standards of Conduct 9

Written Policies, Procedures and Standards of Conduct All Team Members and FDRs are expected to be familiar with IEHP policies and procedures, including the following: Show commitment to comply with both Federal and State standards Provide guidance to Team Members, Business Associates, Vendors and FDRs with issues related to Fraud, Waste and Abuse, HIPAA Privacy & Security, and other issues of noncompliance. Identify how to communicate compliance issues Describe how potential compliance issues are investigated 10

IEHP Code of Business Conduct and Ethics Provides guidance to Team Members, Governing Board, Temporary Employees and Contractors about our Culture of Compliance and our role in preserving this culture Provides the requirements for FDRs to fully participate in any investigation, as needed. Guides you in your responsibility to report incidents of non-compliance without fear of intimidation and/or retaliation IEHP also provides a Vendor Code of Conduct that mirrors our internal standards for our Business Associates, IPA s, Hospitals and other FDRs. 11

Element 2 Compliance Officer, Compliance Committee and High Level Oversight 12

Role of the Compliance Officer The Compliance Officer is responsible for the oversight of IEHP s: Oversight of FDRs Compliance Program Compliance Committee IEHP Compliance Officer The Compliance Officer is responsible to: IEHP s Chief Executive Officer (CEO) IEHP s Governing Board The Compliance Officer is responsible for reporting on a quarterly basis to the Governing Board regarding all Compliance issues, including, but not limited to: Fraud, Waste and Abuse Privacy Auditing and Monitoring Non-compliant activities 13

Organizational Structure of IEHP Committees 14

Element 3 Effective Training and Education 15

Compliance Training: A CMS Requirement The following is from Chapter 21 of the Medicare Managed Care Manual The sponsor must establish, implement and provide effective training and education for its employees, including the CEO, senior administrators or managers, and for the governing body members, and FDRs. The training and education must occur at least annually and be made a part of the orientation for new employees, including the chief executive and senior administrators or managers, governing body members, and FDRs. Effectiveness of training, education, compliance policies and procedures, and Standards of Conduct will be apparent through sponsor s compliance with all Medicare program requirements. Sponsors must ensure that employees are aware of the Medicare requirements related to their job function. Sponsors must be able to demonstrate that their employees have fulfilled these training requirements. Examples of proof of training may include copies of sign-in sheets, employee attestations and electronic certifications from the employees taking and completing the training. 16

Element 4 Effective Lines of Communication 17

Lines of Communication The following is from Chapter 21 of the Medicare Managed Care Manual The sponsor must establish and implement effective lines of communication, ensuring confidentiality between the compliance officer, members of the compliance committee, the sponsor s employees, managers and governing body, and the sponsor s FDRs. Such lines of communication must be accessible to all and allow compliance issues to be reported including a method for anonymous and confidential good faith reporting of potential compliance issues as they are identified. Team Member/FDR/IEHP Member Compliance CEO Governing Board 18

Element 5 Well-Publicized Disciplinary Standards 19

Disciplinary Standards: Consequences of Non-Compliance FDRs are required to review the Department of Health and Human Services OIG List of Excluded Individuals and Entities and the General Services Administration System for Award Management prior to the hiring or contracting of any new employee, temporary employee, volunteer, consultant, governing body member, or FDR, and monthly thereafter to ensure that none of these persons or entities are excluded or become excluded from participation in federal programs. First tier or downstream entity found to be non-compliant, are subject to disciplinary actions, up to and including contract termination. No Federal health care program payment may be made for any item or service furnished, ordered, or prescribed by an individual or entity excluded by the OIG. 20

Element 6 Effective Systems for Routine Monitoring, Auditing and Identification of Compliance Risks 21

Effective System for Routine Monitoring, Auditing and Identification of Compliance Risks Why spend time evaluating? To help ensure compliance with State and Federal laws and regulations Reduce risk for government programs against non-compliance and FWA Help correct any non-compliance with a corrective action plan that includes ongoing monitoring and auditing Monitoring Internal monitoring activities are regular reviews that confirm ongoing compliance and ensure that corrective actions are undertaken and effective. Auditing Internal auditing is a formal review of compliance with a particular set of standards procedures that are used as a base measure. 22

Element 7 Procedures and Systems for Prompt Response to Compliance Issues 23

Procedures and System for Prompt Response to Compliance Issues What happens when a potential issue is reported to Compliance? What happens when a compliance issue is reported? Compliance reviews report of non-compliance and determines if an investigation is needed. Appropriate actions are taken based upon the report. Compliance may require a corrective action plan (CAP). The Compliance Officer provides monthly reports of compliance activities to Chief Officers, and as necessary, Directors. Quarterly reports of compliance activities are provided at the Compliance Committee. Quarterly reports of compliance activities are provided to the Governing Board. 24

Fraud, Waste and Abuse Program Fraud, Waste and Abuse Detection, Correction and Prevention 25

Fraud, Waste and Abuse Program What is Fraud? Fraud The intentional (knowing and willful intent) misrepresentation of data or facts for financial gain. It occurs when a person knows or should know that something is false and knowingly deceives someone for monetary gain. Some examples are: Billing for services not furnished or provided Soliciting, offering, or receiving a kickback, bribe or rebate Offering beneficiaries a cash payment or other incentive to enroll in the plan Intentionally and repeatedly billing at a higher rate, or unbundling claims Collecting higher co-pays than specified Using someone else s Member ID to receive services Medical identity theft (using someone else s ID card) Eligibility (Member stating they live in a service area; misstatement of income) Drug seeking behavior (Doctor Shopping; Selling Medication) Billing for prescriptions that are never picked up Additional dispensing fees for split prescriptions when entire prescription cannot be filled 26

Fraud, Waste and Abuse Program What is Waste? Waste The overutilization of services that result in unnecessary costs. Waste is generally not considered to be caused by criminally negligent actions but rather the misuse of resources. It is the extravagant, careless or needless expenditure of healthcare benefits and/or services, which results in unnecessary costs. Waste is considered a misuse of resources. Some examples are: Providing medically unnecessary services, such as additional tests or procedures; and Failure to provide medically necessary services Performing unnecessary services for the member 27

Fraud, Waste and Abuse Program What is Abuse? Abuse Includes actions that may, directly or indirectly, result in: unnecessary costs, improper payment, payment for services that fail to meet professionally recognized standards of care, or services that are medically unnecessary. Abuse involves payment for items or services when there is no legal entitlement to that payment and the provider has not knowingly and/or intentionally misrepresented facts to obtain payment. Some examples are: Re-ordering the same lab tests because the report could not be found in the chart Providing services that do not meet professionally recognized standards Inadvertently and consistently using the incorrect billing code on a claim Failure to effect timely disenrollment of a beneficiary from CMS systems Hospital billing issues, e.g. incorrect billing practices Overprescribing narcotics 28

Federal Healthcare Fraud Laws False Claims Act (FCA) Anti-Kickback Statute Stark Statute Damages and Penalties California Recovered hundreds of millions of dollars Liable for up to three times the amount of money fraudulently obtained Whistleblower protection Federal Imposes liability on individuals or entities who defraud governmental programs Whistleblower protection 2014: 89% of all False Claim actions were initiated by whistleblowers 2014: 5.7 billion dollars recovered Knowingly or willfully soliciting, receiving, offering or paying for referrals for services (e.g. kickback, bribe, or rebate) Violations are punishable by a fine of up to $25,000; imprisonment for up to 5 years; or both. Civil Monetary Penalty: Penalty range from $5,500 and $11,000 for each false claim and damages may be tripled. Prohibits a physician from referring Medicare patients for designated health services to an entity with which the physician (or a member of his or her family) has a financial relationship, unless an exception applies Prohibits the designated health services entity from submitting claims to Medicare for those services resulting from a prohibited referral A penalty of up to $15,000 may be imposed for each service provided; may also be up to a $100,000 fine for entering into an unlawful arrangement. 29

Repercussions of Committing Fraud, Waste, or Abuse Potential penalties, depending on the violation Civil Monetary Penalties Exclusion from Federal Health Care programs Criminal Conviction/Fines Loss of Provider License Civil Prosecution Imprisonment 30

Reporting Fraud, Waste and Abuse Every Team Member has the right and responsibility to report suspected Fraud, Waste and Abuse. Not reporting fraud or suspected fraud can make you a party to a case by allowing the fraud to continue. You may report anonymously and retaliation is prohibited when you report a concern in good faith. 31

HIPAA/Privacy & Security Health Insurance Portability and Accountability Act Privacy and Security 32

HIPAA Health Insurance Portability and Accountability Act of 1996 (HIPAA) Creates greater access to health care insurance, protection of privacy of health care data, and promotes standardization and efficiency in the health care industry. Provides safeguards to prevent unauthorized access to protected health care information. As an FDR who has access to protected health care information of our members, you are responsible for complying with the HIPAA guidelines. Violations may result in civil monetary penalties. In some cases, criminal penalties may apply. 33

HIPAA Requires that healthcare entities take specific steps to ensure that Member protected health care information (PHI) is not viewed by anyone without a business need to know, is not stolen, lost or accidentally destroyed. Requires that Members be provided with rights over the use and disclosure of their own PHI. HIPAA Security Rule covers information that is stored or transmitted electronically. HIPAA Privacy Rule covers certain health information in any form. 34

Definitions & Key Terms Protected Health Information (PHI) Individually identifiable health information that relates to a Member s past, present or future physical or mental health or condition, including the provision of his/her health care, or payment for that care (such as claims, enrollment and disenrollment ). A breach of PHI means the impermissible access, use or disclosure of PHI which compromises the security or privacy of the PHI. Personally Identifiable Information (PII) Information that either identifies the Member or there is a reasonable basis to believe that the information can be used to identify the Member, such as name, date of birth, address, or Social Security Number. Other personal identifiers include, but are not limited to, IEHP identification number, phone numbers, e-mail addresses, photographic images, financial information, such as transaction receipts, bank account or credit card numbers. Minimum Necessary All reasonable efforts should be made to access, use, disclose and request only the minimum amount of PHI needed to accomplish the intended purpose of the access, use, disclosure or request. 35

Common PHI Breaches Unauthorized access Family/Friends Accounts Viewing Member information without a business need to know (ask yourself, Do I need to access this information to do my job? ) Misdirected documents Sending documents to an incorrect fax number Mailing / handing documents by mistake to the wrong Member Unauthorized verbal disclosure phone voicemail in person Lost, missing or stolen mobile devices that contain unencrypted data Phones, laptops, tablets Improper disposal of documentation, computers or other materials (e.g. throwing in regular trash) Unsecured E-Mail containing Member information Web access creating data security risks (social media) 36

Treatment, Payment and Operations The law only allows disclosure of PHI under the following categories: (T) Treatment (P) Payment (O) Operations When the information requested is needed to treat our Member When the information is needed to provide payment for services that a Member received When the information is used for health care operations 37

Privacy Training Tips Never discuss PHI where you may be overheard Access Member PHI only when it pertains to your job tasks Use shredder bins to destroy PHI Confirm phone number and fax numbers prior to use Confirm you are speaking with the Member or authorized representative before discussing PHI Lock your computer when leaving your work area 38

Privacy Training Tips for the General Medical Setting Every staff member in the office should be apprised of HIPAA standards and held accountable Do not discuss sensitive issues when the patient is standing in the reception window and within earshot of those in the waiting room Use a patient sign-in system that allows the reception staff to remove or obstruct the name after sign-in When retrieving a patient from the waiting room for their appointment, use only first name When placing charts for the physician, position in such a way that patient names are not visible Offices should have a partition system/window so that those in the waiting area cannot hear business conducted by staff members When leaving appointment reminder phone calls to patient, exercise caution not to leave PHI in your message 39

Security Training Tips Assure that office staff use a secure method for sending E-Mail containing PHI Assure that the office server is in a secure area Paper based PHI should always be kept in a secure area Change passwords often Do not leave passwords/log-on info in office area (on monitor, under keyboard) Password sharing is prohibited by policy - Do not share your password with anyone Use an auto log-off or screen saver When leaving work area, lock your workstation 40

Reporting Compliance Issues Now that you know how to identify issues of noncompliance, it s your responsibility to report suspected or actual compliance concerns 41

Ways to Report Compliance Concerns Reporting suspected or detected non-compliance, FWA or Privacy Issues is your responsibility. Hotline: 866-355-9038 E-Mail: compliance@iehp.org Fax: (909) 477-8536 Mail: IEHP Compliance Officer P.O. Box 1800 Rancho Cucamonga, CA 91729 42

Reporting Compliance Issues How does someone outside of IEHP know how to report? Information is published in the Member Handbook, the Provider Manual, on the IEHP Website and in the Vendor Code of Conduct 43

Reporting Compliance Issues (cont.) Reporting issues of Non- Compliance To the extent that the law allows, reports are confidential FDRs are required to participate in any investigation, as necessary Reports can also be anonymous What kind of behavior/incidents are reportable? Behavior that is against the Code of Business Conduct and Ethics; Suspected Fraud, Waste and Abuse Suspected Privacy Issues What can happen if you fail to report an incident that they you are aware of? May be subject to disciplinary actions, up to and including termination IEHP has a non-retaliation policy Individuals who retaliate with discriminatory behavior or harassment against an individual who has reported an issue will be subject to disciplinary actions, up to and including termination 44

Questions IEHP s Compliance Department is your resource for questions or concerns related to compliance, FWA and Privacy issues. We are here to help you do the right thing. Hotline: 866-355-9038 E-Mail: compliance@iehp.org Fax: (909) 477-8536 45

Thank you for participating and expanding compliance program effectiveness by ensuring you and your organization incorporate the information into your individual compliance program and business practices. 46

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback