COMPLIANCE TRAINING 2015 C O M P L I A N C E P R O G R A M - F W A - H I P A A - C O D E O F C O N D U C T

Similar documents
Compliance Program. Health First Health Plans Medicare Parts C & D Training

Compliance Fraud, Waste and Abuse HIPAA Privacy and Security

D E B R A S C H U C H E R T, C O M P L I A N C E O F F I C E R

Ridgecrest Regional Hospital Compliance Manual

Commitment to Compliance

HIPAA, 42 CFR PART 2, AND MEDICAID COMPLIANCE STANDARDS POLICIES AND PROCEDURES

Region 10 PIHP FY Corporate Compliance Program Plan

Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule

Mission Statement. Compliance & Fraud, Waste and Abuse Training for Network Providers 1/31/2019

Medicare Parts C & D Fraud, Waste, and Abuse Training and General Compliance Training. Developed by the Centers for Medicare & Medicaid Services

Interim Date: July 21, 2015 Revised: July 1, 2015

FRAUD, WASTE, & ABUSE (FWA) for Brokers. revised 10/17

In this course, we will cover the following topics: The structure and purpose of Navicent Health s Compliance Program The requirements of the

Developed by the Centers for Medicare & Medicaid Services

Health Alliance Plan utilizes the Centers for Medicare and Medicaid Services (CMS) current definitions to define (FDRs):

What is a Compliance Program?

CORPORATE COMPLIANCE POLICY AND PROCEDURE

Compliance and Fraud, Waste, and Abuse Awareness Training. First Tier, Downstream, and Related Entities

MENTAL HEALTH MENTAL RETARDATION OF TARRANT COUNTY. Board Policy. Number A.3 July 31, 2001 COMPLIANCE PLAN

Triad Healthcare Network Accountable Care Organization Participants

Fraud, Waste and Abuse: Compliance Program. Section 4: National Provider Network Handbook

Medicare Parts C & D Fraud, Waste, and Abuse Training and General Compliance Training

Medicare Parts C & D Fraud, Waste, and Abuse Training

STANDARDS OF CONDUCT For Care1st s Contracted First-Tier, Downstream, and Related Entities (FDRs)

Developed by the Centers for Medicare & Medicaid Services Issued: February, 2013

STANDARDS OF CONDUCT

Cape Fear Valley Health System Corporate Compliance, HIPAA, and ACO Module Annual Required Education

FDR. Compliance Guide

HIPAA The Health Insurance Portability and Accountability Act of 1996

Suffolk Care Collaborative. Compliance Program. And. Compliance Guidelines

Corporate Compliance Program. Intended Audience: All SEH Associates 2016 Content Expert: Lisa Frey -

Medicare Parts C & D General Compliance Training

STRIDE sm (HMO) MEDICARE ADVANTAGE Fraud, Waste and Abuse

Corporate Legal Policy

Regenstrief Center for Healthcare Engineering HIPAA Compliance Policy

FWA (Fraud, Waste and Abuse) Training

NOTIFICATION OF PRIVACY AND SECURITY BREACHES

Disclaimer LEGAL ISSUES IN PHYSICAL THERAPY

Vendor Code of Business Conduct & Ethics

This course is designed to provide Part B providers with an overview of the Medicare Fraud and Abuse program including:

UNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP

Breach Policy. Applicable Standards from the HITRUST Common Security Framework. Applicable Standards from the HIPAA Security Rule

Required CMS Contract Clauses Revised 8/28/14 CMS MCM Guidance Chapter 21

New. To comply with HIPAA notice requirements, all Providence covered entities shall follow, at a minimum, the specifications described below.

Dear Colleague, In the steadfast pursuit of excellence, I remain, Sincerely yours,

Improving Integrity in Nursing Centers

National Policy Library Document

vendor Code of Conduct

HOSPITAL COMPLIANCE POTENTIAL IMPLICATION OF FRAUD AND ABUSE LAWS AND REGULATIONS FOR HOSPITALS

Pharmacy Compliance- Credentialing, HIPAA and Fraud, Waste and Abuse (FWA) ACPE# L04-P ACPE# L04-T

Standards of Conduct Compliance & Training Requirements for Providers - First Tier, Downstream & Related Entities (FDR)

HIPAA Redux 2013 Kim Cavitt, AuD Audiology Resources, Inc. Expert e-seminar 4/29/2013. HIPAA Redux Presented by: Kim Cavitt, AuD

Effective Date: 4/3/17

Compliance. Provider Manual

Certifying Employee Training Navicent Health s Corporate Integrity Agreement Year Two

HIPAA Privacy & Security Plan October 2016

HIPAA 102a. Presented by Jack Kolk President ACR 2 Solutions, Inc.

PREVENTION, DETECTION, AND CORRECTION OF FRAUD, WASTE AND ABUSE

AMA Practice Management Center, What you need to know about the new health privacy and security requirements

Medical Ethics. Paul W. Kim, JD, MPH O B E R K A L E R

AGREEMENT PURSUANT TO THE TERMS OF HIPAA ; HITECH ; and FIPA (Business Associate Agreement) (Revised August 2015)

Compliance. Provider Manual

CODE OF CONDUCT AND ETHICS OF URBAN OUTFITTERS, INC.

SALLY BEAUTY HOLDINGS, INC. CODE OF BUSINESS CONDUCT AND ETHICS. General Policy and Procedures

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel

Limited Data Set Data Use Agreement For Research

CODE OF CONDUCT BOARD OF DIRECTORS APPROVAL FEBRUARY 21, 2017

HIPAA Basic Training for Health & Welfare Plan Administrators

Completing the Journey through the World of Compliance. Session # COM6, March 5, 2018 Gabriel L. Imperato, Managing Partner Broad and Cassel

Corporate Compliance Program Overview

C. Enrollees: A Medicaid beneficiary who is currently enrolled in the MCCMH PIHP.

Safeguarding Your HIPAA and Personal Health Information Data. Robert Hess, Office of General Counsel Steve Cosentino, Stinson Morrison Hecker

Self Funded Provider Manual. Self Funded Provider Manual 1. Section 8: Compliance

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES

Medicare Parts C & D Fraud, Waste, and Abuse Training and General Compliance Training

HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT

Changes to HIPAA Privacy and Security Rules

BREACH NOTIFICATION POLICY

OCR Phase II Audit Protocol Breach Notification. HIPAA COW Spring Conference 2017 Page 1 Boerner Consulting, LLC

2016 Business Associate Workforce Member HIPAA Training Handbook

University of California Group Health and Welfare Benefit Plans HIPAA Privacy Rule Policies and Procedures (Interim)

Medicare Advantage High Level Training

COMPLIANCE DEPARTMENT. LSUHSC-S Louisiana State University Health Sciences Center Shreveport ACKNOWLEDGEMENT RECEIPT

HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS

CODE OF CONDUCT AND ETHICS OF URBAN OUTFITTERS, INC.

OHC CORPORATE COMPLIANCE PROGRAM (ACF & ECF) DOING THE RIGHT THING

CHANGE HEALTHCARE CODE OF BUSINESS CONDUCT AND ETHICS

OFFICE OF INSPECTOR GENERAL'S COMPLIANCE PROGRAM GUIDANCE FOR THE DURABLE MEDICAL EQUIPMENT, PROSTHETICS, ORTHOTICS, AND SUPPLY INDUSTRY

Section (Primary Department) Medicaid Special Investigations Unit. Effective Date Date of Last Review 01/30/2015 Department Approval/Signature :

DEFICIT REDUCTION ACT AND FALSE CLAIMS POLICY INFORMATION FOR All NEW YORK WORKFORCE MEMBERS

The American Recovery Reinvestment Act. and Health Care Reform Puzzle

MMP (CalMediconnect) Community Health Group. and. First Tier, Downstream & Related Entity

Compliance Concerns: Reporting, Investigating, and Protection from Retaliation

6/7/2018. HIPAA Compliance Simplified. HHS Wall of Shame. Marc Haskelson, President Compliancy Group

CODE OF BUSINESS ETHICS. (First Tier, Downstream Providers and Related Entities)

THE CITY AND COUNTY OF SAN FRANCISCO SECTION 125 CAFETERIA PLAN HIPAA PRIVACY POLICIES & PROCEDURES

COMPLIANCE; It s Not an Option

CODE OF BUSINESS CONDUCT AND ETHICS

Corporate Compliance Program Prepared With Assistance Of Grassi Healthcare Consulting

ARE YOU HIP WITH HIPAA?

Transcription:

COMPLIANCE TRAINING 2015 QUALITY MANAGEMENT COMPLIANCE DEPARTMENT 2015 C O M P L I A N C E P R O G R A M - F W A - H I P A A - C O D E O F C O N D U C T

Compliance Program why? Ensure ongoing education & monitoring related to all aspects of the compliance program - ANNUALLY Oversee and monitor the implementation of the compliance program. Develop policies and programs that encourage managers and employees to report suspected fraud and other improprieties without fear of retaliation. Investigate and act on matters related to compliance, including the coordination of internal investigations and any resulting corrective action with all departments, and providers where applicable.

Compliance Program Elements & Training Requirements Compliance Department Compliance Plan Compliance Program Training & Education Audit & Monitor Code of Conduct HIPAA Fraud, Waste, and Abuse Medi-Cal & Medicare Regulatory Requirements

Compliance Program Promote an environment that encourages employees to report potential problems. Increase likelihood of identification and prevention of unlawful and unethical conduct. Develop procedures that allow prompt, thorough investigation of possible misconduct Develop disciplinary mechanisms to consistently enforce standards Early detection and reporting, and thereby reducing employee and organizational exposure to civil damages and penalties, criminal sanctions, and administrative remedies, such as program exclusion.

Training and Education All employees are required to attend compliance training. Each employee is required to sign an attestation that reflects the employee s knowledge of, and commitment to, PPMC s Code of Conduct, FWA & HIPAA Compliance. Documentation and data submission requirements

Code of Conduct What is it? Overarching principles & values by which PPMC operates; defines underlying framework for compliance P&Ps Expected performance in each area of operations As such, each member of the PPMC staff is responsible for compliance with the Code of Conduct. Applies to all employees, managers, directors, administrators, Medical Directors and officers of PPMC Responsible and accountable for compliance with state and federal laws and regulations, including laws governing Medi- Cal and Medicare

Code of Conduct Expectations? Support the mission, vision and values of PPMC as articulated in PPMC s Mission, Vision and Values Statement. Comply with state, federal and organization policies as applicable to their respective role and job responsibilities. Conduct business in a professional and ethical manner. Attend applicable educational sessions related to compliance and fraud and abuse.

Code of Conduct Know PPMC policies and procedures as they relate to compliance, including notification of suspected noncompliance or fraud and abuse. Participate in compliance monitoring and auditing activities as appropriate and identify potential non-compliance issues within their respective work environment. Report suspected or potential non-compliance or fraud and abuse to their respective supervisor or the QM/Compliance Dept. in a timely fashion.

Code of Conduct Cooperate and assist, as appropriate, with investigations and corrective actions. Maintain confidentiality as relates to members, practitioners, organizational business, and communications. Confidentiality Agreement Keep licensure and certification current as applicable.

What is - HIPAA? HIPAA applies to the protection of individual s health information Protected Health Information (PHI) means individually identifiable health information names, email addresses, phone numbers, medical record numbers, photos, drivers license numbers, etc. It gives patients the right to their records and the right to know who's seen their records. Notice of Privacy

Privacy and Security Rule what is required..? Security Standards Administrative Safeguards Risk Management Sanction Policy Information Systems Activity Reviews Physical safeguards Facility access controls Contingency operations Facility security plan Access control & validation procedures Maintenance records Workstation use & security Data backup and storage

Privacy and Security Rule PHI - Examples Direct Individual Identifiers name date of birth postal address, zip code telephone number fax number electronic mail address social security number medical record number health plan beneficiary number account number certificate/license number vehicle identifiers and serial numbers, including license plate numbers device identifiers and serial numbers web universal resource locators internet protocol address numbers biometric identifiers including finger and voice prints full face photographic image and any comparable images

Breach Notification Rule Health Information Technology for Economic and Clinical Health Act (HITECH Act) Under HITECH, "business associates," or third parties such as a billing company, now must follow the HIPAA privacy laws by protecting patient information and reporting data breaches, The Act provides for substantial penalties for failures to certify or comply with the new standards and operating rules. Requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information

Breach Notification Rule Definition of a Breach A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information such that the use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual.

Breach Notification Rule Breach Notification Requirements Following a breach of unsecured protected health information covered entities must provide notification of the breach to affected individuals, the Health Plan, Secretary of Health and Human Services, and, in certain circumstances, to the media. In addition, business associates must notify covered entities that a breach has occurred.

Breach Notification Rule Individual Notice Must provide this individual notice in written form by firstclass mail, or alternatively, by e-mail if the affected individual has agreed to receive such notices electronically. Must be provided without unreasonable delay and in no case later than 60 days following the discovery of a breach and must include: A description of the breach, a description of the types of information that were involved in the breach, The steps affected individuals should take to protect themselves from potential harm, A brief description of what the covered entity is doing to investigate the breach, mitigate the harm, and prevent further breaches, as well as contact information for the covered entity.

Breach Notification Rule Notice to Health Plan & State - TAT Report to Health Plans per their policies Will notify the State by visiting the HHS web site and filling out and electronically submitting a breach report form, if a breach affects 500 or more individuals without unreasonable delay and in no case later than 60 days following a breach. Reports of breaches affecting fewer than 500 individuals are due to the State no later than 60 days after the end of the calendar year in which the breaches occurred.

Breach Notification Rule Burden of Proof The IPA and business associates have the burden of proof to demonstrate that all required notifications have been provided or that a use or disclosure of unsecured protected health information did not constitute a breach.

IPA/MSO Breach PREVENTION Examples of PHI Safeguards to Prevent a Breach Securing of Lap Top and mobile devices with PHI, to prevent loss or stolen Not giving unauthorized personnel access to PHI Not giving employee access codes Not using unsecure emails when sending PHI(gmail, aol, yahoo.) Not using unsecure emails when sending PHI (not encrypted or password protected) Not sending faxes without the disclosure statement Not leaving documents with PHI in unsecured areas Not having open discussions outside of work about members

Fraud, Waste & Abuse Defined Fraud: The intentional misrepresentation of data for financial gain. Fraud occurs when an individual knows or should know that something is false and makes a knowing deception that could result in some unauthorized benefit to themselves or another person.¹ Waste: Is overutilization: the extravagant, careless or needless expenditure of healthcare benefits or services that results from deficient practices or decisions.¹ Abuse: Involves payment for items or services where there was no intent to deceive or misrepresent but the outcome of poor insufficient methods results in unnecessary costs to the Medicare program. 2 Source: 1.CMS Glossary; CMS Medicare Learning Network (MLN) 2. Medicare Physician Guide: A Resource for Residents, Practicing Physicians, & Other Health Care Professionals, Tenth Edition (October 2008)

Physician Self Referral Law / Stark Law Purpose: Prohibit improper referral relationships that can harm the Federal health care programs and program beneficiaries. Improper referral relationships can lead to overutilization can lead to increased costs, & corruption of the medical decision making process Starks Law accomplishes this by prohibiting physician from submitting referrals for Medicare patients to entities where the physician s immediate family member has a financial relationship ---------example?

Anti-Kickback Key Things Every Health Care Provider Should Know About the Anti-Kickback Statute 1. Anti-kickback statute prohibits asking for or receiving anything of value to induce or reward referrals involving federal health care programs.

Federal Anti-Kickback Statute 2. Know the penalties under the law Criminal = Felony = JAILTIME. Conviction can result in fines up to $25,000 per violation or up to a five year prison term or both Civil & Administrative Penalties: Can lead to False Claims Act Liability Program exclusion from Medicare & Medicaid Can lead to penalties under the civil monetary penalties law up to a $50,000 penalty per violation and an assessment of up to three times the total amount of the kickback payment (even if some part of the payment was for a legitimate purpose).

Conflict of Interest An employee must disclose any possible conflicts so that PPMC may assess and prevent potential conflicts of interest from arising. A potential or actual conflict of interest occurs when an employee is in a position to influence a decision that may result in a personal gain for the employee/family member as a result of the Company s business dealings. An employee/family member may not own or hold any significant interest in a supplier, customer or competitor of the company Employee must disclose actual/potential conflicts of interest in writing to supervisor / human resources.

Gifts & Gratuities PPMC employees will not solicit or accept gifts of significant value (i.e., in excess of $25.00), lavish entertainment or other benefits from potential and actual customers, suppliers or competitors. This policy is provided to all employees upon hire in the Employee Handbook.

Disciplinary Standards Disciplinary action may result where a responsible employee s failure to detect a violation is attributable to his or her negligence or reckless conduct. Possible disciplinary actions for improper conduct, including oral and written warnings, suspension, and termination. PPMC makes reasonable best efforts to see that disciplinary actions are applied consistently to all staff and managers. No employee is exempt.

Auditing and Monitoring Department / Company The level of compliance within each functional area is assessed on an ongoing basis. Periodic audits to determine the level of compliance with federal and state statutes, regulations and program requirements.

Auditing and Monitoring Prohibition of the employment of or contracting with persons known to have a propensity to engage in inappropriate or improper conduct. Efforts to ensure that individuals who have been recently convicted of a criminal offense related to heath care or who are listed as debarred, excluded or otherwise ineligible for participation in Federal health care programs are not hired. - OIG Established sanction verification processes for all potential employees and contracted providers.

Reporting Employees are responsible for reporting a concern or potential misconduct to their supervisor or manager. The Compliance Dept. has an open door policy to receive employee reports or concerns regarding potential violations. Employees, enrollees and providers may also use the COMPLIANCE HOTLINE to report any potential misconduct or concerns. If an investigation ultimately reveals criminal, civil, or administrative violations have occurred, the appropriate federal and state officials will be notified immediately.

Required Reporting Violations of the code of conduct, ethics or any fraud, waste or abuse must be reported. Not reporting fraud or suspected fraud can make you a party to a case by allowing the fraud to continue.. Fraud or suspected fraud may also be reported anonymously Everyone has the right and responsibility to report possible fraud, waste, or abuse. Remember: You may report anonymously Employees may report any suspected compliance issue (HIPAA, FWA, Clinical, etc.) anonymously, without fear of intimidation and retaliation as this is prohibited when reporting a concern in good faith.

PPMC Hotline Information Suspected Fraud and Abuse Suspected HIPAA / Confidentiality violations Suspected Compliance violations (951) 280-7766

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback