MMP (CalMediconnect) Community Health Group. and. First Tier, Downstream & Related Entity

MMP (CalMediconnect) Community Health Group and First Tier, Downstream & Related Entity MMP (CalMediconnect)MMP (CalMediconnect) and Part D Compliance Plan 2015 i

TABLE OF CONTENTS Policy Statement 1 Purpose 1 (1) Written Policies, Procedures, and Standards of Conduct that Articulate the Organization s Commitment to Comply with all Applicable Federal and State Standards 2 Code of Conduct. 2 (2) Compliance Officer, Compliance Committee, and Governing Body 6 Compliance Officer. 6 Compliance Committee. 8 Board of Directors 9 (3) Effective Lines of Communication between the Compliance Officer and Organization s Employees, FDRs, Agents, Directors, and Members of the Compliance Committee, and the Board of Directors 11 Compliance Hotline. 11 (4) Effective Training and Education between the Compliance Officer and Organization s Employees, FDRs, Agents, Directors, and Board Members 12 Education for Employees, Managers, and Board Members. 12 Education for FDRs. 13 (5) Procedures for Effective Internal Monitoring and Auditing 14 Risk Assessments. 14 Development of System to Identify Risks 15 Development of the Monitoring and Auditing Work Plan 15 Audit of CHG s Operations and Compliance Program 16 (6) Procedures for Ensuring Prompt Response to Detected Offenses and Development of Corrective Action Initiatives. 18 Conduct a Timely and Reasonable Inquiry of Detected Offenses 18 Corrective Actions 18 Investigation of FWA Issues. 18 Responding to CMS-Issued Fraud Alerts 19 i

Identifying Providers with a History of Complaints 19 Effectiveness Measures 19 Use of Data Analysis for Fraud, Waste and Abuse Prevention and Detection 19 (7) Enforcement of Standards through Well-Publicized Disciplinary Guidelines 20 (8) First Tier, Downstream & Related Entity Compliance 21 What is an FDR? 21 FDR & Affiliate Compliance Requirements 22 Annual FDR and Affiliate Compliance Attestation 22 Standards of Conduct and Compliance Information 23 Fraud, Waste and Abuse Training 23 OIG and GSA Exclusion Screening 24 Reporting Fraud, Waste, Abuse and Compliance Issues 24 Monitoring and Auditing 25 CHG Investigations 25 Corrective Action 26 Oversight of Delegated Activities 26 Comprehensive Fraud and Abuse Plan to Detect, Correct, and Prevent Fraud, Waste and Abuse in Connection with Drug Benefit 27 ii

Policy Statement / Charter Community Health Group (CHG) is dedicated to conducting business in an ethical and legal manner. CHG s Compliance Plan describes our comprehensive plan for the prevention, detection and reporting of fraud, waste and abuse (FWA) across various categories of health care related fraud (e.g., internal fraud, electronic data processing fraud, external fraud). CHG s written policies, procedures and standards of conduct mandate that every CHG employee and any First Tier, Downstream and Related Entity (FDR) comply with all applicable Federal and State standards. CHG aggressively pursues allegations of health care FWA. Purpose The CHG and FDR Compliance Plan provides comprehensive prevention, detection and awareness training. The Compliance Program helps employees and FDRs understand and follow federal and state laws related to their jobs and demonstrates CHG s commitment to conducting business honestly and responsibly to the Centers for Medicare and Medicaid Services (CMS), members and the community at large, while at the same time advancing the mission of using resources to achieve optimum health care outcomes and providing exemplary service. As a Medicare Health Plan and a Part D plan sponsor, CHG is responsible for the oversight and management of the Part C and Part D benefits pursuant to its contract with CMS. CHG s program to detect, prevent, correct and control FWA and compliance issues with respect to CHG's operations and the MMP (CalMediconnect) and Part D benefits have been incorporated into the components described in this Compliance Plan. CHG is committed to complying with all applicable statutory, regulatory, and other requirements, sub-regulatory guidance, and contractual requirements, including, but not limited to, the following requirements related to the delivery of the Part C and Part D benefits: Federal and state false claims acts; Anti-kickback statute, Prohibition on inducements to beneficiaries, Health Insurance Portability and Accountability Act, Other applicable criminal statutes, Code of Federal Regulations including 42 C.F.R. Sections 400, 403, 411, 417, 422, 423, 1001, 1003, All sub-regulatory guidance produced by CMS in manuals, training materials and guides, Applicable civil monetary penalties and exclusions, Applicable provisions of the Federal Food, Drug and Cosmetic Act, Applicable state laws, Contractual commitments. 1

This Compliance Plan shall address the activities of all CHG employees, Board of Director (Board) members, officers and first tier entities, downstream entities and any other related entities (FDRs) involved in the delivery of, payment for or monitoring of benefits and services provided by CHG (including lessors of real property). CHG shall perform the functions specified in this Plan in connection with its own activities and the activities of CHG Partnership Plan, which has delegated compliance functions to CHG. Standards The eight elements of CHG s Compliance Plan, which is intended to assure compliance with the foregoing, are: (1) Written Policies, Procedures, and Standards of Conduct that Articulate the Organization s Commitment to Comply with all Applicable Federal and State Standards Written policies and procedures are found in the Personnel Policies and Procedures Manual and the organization s intranet. The standards of conduct are described in CHG s Code of Ethical Business Conduct ( Code of Conduct or Code ), which has been approved by the Board. Code of Conduct. The Code is intended to complement, but not replace, existing policies and procedures found in CHG s Personnel Policies and Procedures Manual. If there is no existing policy on a particular subject matter, the Code shall become the applicable policy. The Code is designed to serve several purposes: To assure that all employees in the work environment share in the responsibility for keeping CHG in compliance with all applicable laws, regulations, policies, procedures, medical and business practices; To communicate the commitment of CHG s management to compliance with laws, regulations, contractual obligations and business standards of care; and To familiarize all employees and the Board with the basic legal principles and ethical standards of behavior expected throughout this organization. To ensure that issues of noncompliance and potential fraud and abuse are reported through appropriate mechanisms and that reported issues are addressed and corrected. The Code is a living document that is updated periodically to respond to changing conditions. Therefore, CHG reserves the right to modify any or all of the Code at any time. 2

Policies and Procedures. In addition to the Code, CHG has specific policies that address the following: Procedures for the identification of potential compliance issues in CHG's operations. Procedures for the identification of potential fraud waste and abuse in CHG s provider network and among other FDRs. A process to conduct a timely, reasonable inquiry if a potential violation of federal or state criminal, civil, administrative laws, rules and regulations is suspected, on a timely basis. A process to refer violations of applicable federal and state criminal, civil and administrative laws, rules and regulations to appropriate law enforcement agencies for further investigation within a reasonable period (generally, no more than 60 days after a determination that a violation may have occurred). A process to insure that CHG, its FDRs, agents and brokers are marketing in accordance with applicable federal and state laws, including state licensing laws and CMS policy. A process to identify overpayments and underpayments at any level within CHG s network and properly provide for reporting and repayment of, where applicable, such overpayments in accordance with CMS policy. CHG uses the Virtual Examiner (VE) system. The VE is a claim screening system that assesses the appropriateness of medical claims payments in the context of patients medical claim history. A process to identify improper coverage determinations, services or enrollment at any level within its network and properly report and repay, where applicable, any overpayments resulting from inaccurate enrollment numbers in accordance with CMS policy. A process to identify any claims that were submitted for services or drugs that were provided or prescribed by an excluded or debarred provider, and a process to report and properly repay any overpayments resulting from inaccurate payments in accordance with CMS policy. A process to insure full disclosure to CMS, upon request, of all CHG pricing decisions for Part D items or services, including data and pricing records. This policy should insure transparency in the pricing structure to include all rebate and negotiated price discounts applicable to Part D drugs and services and hold CHG and first tier entities, downstream entities, and related entities accountable for accurately reporting pricing information. Policies and procedures for coordinating with CMS and law enforcement, including policies to fully cooperate with any audits conducted by the above-mentioned entities, or their designees, and information requests, from law enforcement agencies to 3

support health oversight activities. Policies that emphasize confidentiality, anonymity and non-retaliation for compliancerelated questions, or reports for potential non-compliance. Procedures for corrective actions designed to correct any underlying problems that could result in Medicare program violations and prevent future misconduct. Procedures to retain all records documenting any and all corrective actions imposed for conduct related to the administration or delivery of Medicare benefits and follow-up compliance reviews for future health oversight purposes and/or referral to law enforcement, if necessary. Policies that ensure and document the review of the Office of Inspector General (OIG) and General Services Administration (GSA) exclusion lists for all new employees, and at least monthly thereafter, to ensure that all employees, Board members, officers and FDRs that assist in the administration or delivery of benefits are not included on such lists. If any of the aforementioned parties are on such lists, CHG shall require the immediate removal of such parties from any work related directly or indirectly to federal health care programs, and shall take such further corrective actions as may be necessary. In addition, CHG shall implement a policy requiring all new and existing employees responsible for administering or delivering benefits to immediately disclose a debarment, exclusion or other event that makes them ineligible to perform work related directly or indirectly to a federal health care program. A process to comply with applicable record retention requirements. A commitment to Pharmacy and Therapeutic Committee (P&T Committee) decisions that are made in accordance with CMS regulations and guidance. In addition, the determination of clinical efficacy and appropriateness of formulary drugs should precede and be paramount to cost considerations. To implement the foregoing, CHG procedures incorporate the following: P&T Committee members shall sign and continually update conflict of interest statements that divulge their relationship to any pharmacy benefit managers or pharmaceutical manufacturers; The P&T Committee should demonstrate a clear and transparent decision-making process when making formulary decisions; The P&T Committee should establish a process for reviewing exceptions and other utilization management processes. The policy should include provisions for Drug Utilization Review and Prior Authorization. CHG employs a process to insure that its officers, directors, and managers sign a statement, attestation or certification related to conflict of interest at time of hire. The certification states (1) that the individual has reviewed CHG s conflict of interest 4

policy; (2) that the individual has disclosed any potential conflicts of interest; and (3) if any conflicts are disclosed, that the individual has obtained management approval to work despite any conflicts or has eliminated the conflict. To implement the foregoing, CHG has policies, procedures and a disclosure protocol for: Insuring that officers, directors, and managers do not have a conflict that provides a potential unfair competitive or monetary advantage as a result of CHG performing its contracts; e.g., ownership, control or contractual arrangements with a drug manufacturer or other supplier that creates an incentive to include a certain drug on a formulary; Ownership, control or contractual arrangement with a downstream entity that would create an incentive to use the entity. Insuring that CHG s judgment is not biased or in some way compromised (e.g., CHG s formulary decisions and/or choice of FDRs are not determined by ownership, control or any inappropriate contractual agreement). Ensuring that ownership, control or contractual arrangements between third parties and CHG or CHG s directors, officers, managers or employees do not create a conflict; Designating a system for employees, officers, directors and managers who are seeking employment from health providers, health plans or other sponsors to determine if this outside employment would create a conflict; Designating a system for employees and others to bring potential conflicts to the attention of an appropriate individual; Insuring that conflicts do not arise because of CHG s access to proprietary data as a result of its Medicare responsibilities; Insuring that CHG s relationships with its FDRs do not violate the anti-kickback statute and/or other applicable federal or state laws or regulations; and Insuring that all CMS reporting requirements for potential conflicts and appropriate lobbying disclosure requirements are satisfied. The applicable department s Chief Executive approves all of CHG s employee policies and procedures. CHG s policies, procedures, and standards of conduct are consistent with the requirements of all applicable federal and state standards. The Code of Conduct and the applicable policies and procedures are made available to employees at time of hire, when the standards are updated, and annually thereafter. As a condition of employment, CHG s employees certify that they have received, read, and agree to comply with all written standards of conduct. CHG also disseminates applicable standards of conduct and policies to its FDRs, and FDRs are required to distribute CHG s written standards of conduct or comparable standards to its employees at the time of hire, when the standards are updated, and annually thereafter. (2) Compliance Officer, Compliance Committee and Governing Body Compliance Officer. 5

The Compliance Officer is responsible for informing CHG staff of applicable regulatory and contract compliance standards, and assisting staff in designing systems, procedures, and documents that foster compliance. Internally the Compliance Officer coordinates CHG s Compliance Committee, and serves on the Utilization Management Committee as needed. As needed she participates in ad hoc work groups within the organization when an independent analysis of health plan compliance, related to the work group s purposes, is needed. As needed, CHG s Compliance Officer participates in various health policy development workgroups to keep up to date with new legislation that may have compliance impact. In addition to the foregoing, the Compliance Officer s duties include the following: Developing and monitoring implementation and compliance with CHG compliance policies and procedures through the creation and implementation of the risk assessment process. Reporting, at least on a quarterly basis, or more frequently as necessary, to CHG s Chief Executive Officer (CEO), Compliance Committee, and the Board on the status of CHG s compliance program implementation, the identification and resolution of potential or actual instances of noncompliance, and CHG s oversight and audit activities. Reporting periodically to CHG s CEO on risk areas facing the organization, the strategies being implemented to address them, and the results of those strategies. The Compliance Officer will advise CHG s CEO of all governmental compliance and enforcement activity, from Notices of Non-compliance to formal enforcement actions. Creating and coordinating, or appropriately delegating, educational training programs to ensure that CHG s officers, directors, managers, employees, FDRs, Board members, and other individuals are knowledgeable of CHG s compliance program; its written standards of conduct, policies, and procedures; and the applicable statutory, regulatory, and other requirements. Briefing the Compliance Committee and senior management on the status of compliance training. Developing and implementing methods and programs that encourage managers and employees to report suspected fraud and other misconduct without fear of retaliation. Maintaining the compliance reporting mechanism and closely coordinating with the internal audit department, where applicable. Responding to reports of potential instances of FWA, including the coordination of internal investigations and the development of appropriate corrective or disciplinary actions, if necessary. Ensuring that CHG s Human Resources Department coordinates personnel issues to ensure that the OIG and GSA exclusion lists have been checked with respect to all employees (including temporary employees and volunteers), officers, Board members, directors and managers to assure they are not included on such lists; this is monthly. Ensuring that CHG s Credentialing Department coordinates the review of contracted providers against the OIG and GSA exclusion list monthly. Coordinating any personnel issue with respect to excluded providers with CHG s Human Resources Department, or legal or security department as appropriate. Reporting any potential fraud or misconduct related to Medicare to CMS their designee and/or law enforcement, when and as appropriate, in accordance with applicable law. 6

Maintaining documentation, for each report of potential FWA received through any of the reporting methods (i.e. compliance hotline, mail, in-person), which describes the initial report of non-compliance, the investigation, the results of the investigation, and all corrective and/or disciplinary action(s) taken as a result of the investigation as well as the respective dates when each of these events and/or actions occurred and the names and contact information for the person(s) who took and documented these actions. Coordinating potential fraud investigations with the internal audit department, and, where applicable, the National Benefit Integrity Medicare Drug Integrity Contractor (NBI MEDIC), including facilitating any documentation or procedural requests made of CHG. Collaborating with other sponsors, state Medicaid programs, Medicaid Fraud Control Units, commercial payors when a fraud or abuse issue is discovered that involves multiple parties. Overseeing the development and monitoring the implementation of corrective action plans. The Compliance Officer has the authority to: a. Report directly to CHG s CEO, as needed. b. When suspected FWA is reported, CHG s Compliance Officer reports to the affected department Chief. The department Chief may conduct the investigation directly or may delegate the investigation responsibility to internal department staff. Once the investigation is completed, the Chief provides the report to CHG s Compliance Officer who works with legal counsel as needed. c. Review, in coordination with legal counsel, the submission of data to CMS to ensure that it is accurate and in compliance with CMS reporting requirements. d. Seek advice from legal counsel. e. Report misconduct to CMS, their designees and/or law enforcement. f. Investigate potential fraud and abuse issues by interviewing CHG employees and other relevant individuals regarding compliance issues. g. Review company contracts and other documents pertinent to the Medicare program. h. Conduct and/or direct audits and investigations of any FDRs and of any area or function involved with MMP (CalMediconnect) or Part D plans. i. Recommend compliance policy, procedure, and process changes. Compliance Committee. CHG s Compliance Committee is composed of the Chief of Regulatory and Legal Affairs/Compliance Officer (Compliance Officer), Chair; Chief Financial Officer; Interim Chief Operating Officer, Director of Claims, Director-Health Care Operations and the Director of Corporate Quality. The Interim Chief Operating Officer shall serve as Vice-Chair, and in absence of the Compliance Officer convenes the Compliance Committee as needed. The Compliance Committee has a strong commitment to developing and maintaining an effective and proactive compliance strategy for CHG. The Compliance Committee responds 7

promptly and efficiently to compliance issues by: Providing continuous improvement and innovation to enhance our program; Promoting and maintaining a high level of regulatory compliance company-wide; Encouraging monitoring and risk assessment efforts in all departments; Raising awareness through education and communication; Encouraging use of compliance resources; Guiding implementation of the Antifraud Plan. Meeting at least on a quarterly basis, or more frequently as necessary. Developing strategies to promote compliance and the detection of any potential violations. Reviewing and approving compliance and fraud, waste, and abuse training and ensuring that training and education are appropriately completed. Assisting with the creation and implementation of the monitoring and auditing risk assessment process. Assisting in the creation of effective corrective action plans and ensuring that they are implemented and monitored. Developing innovative ways to implement appropriate corrective and preventive action. Overseeing a system of internal controls to carry out the organization's standards as part of its daily operations. Supporting the Compliance Officer s needs for sufficient staff and resources to carry out the duties. Ensuring CHG has appropriate, up-to-date compliance policies and procedures. Ensuring CHG has a system for employees and FDRs to ask compliance questions, and report potential instances of FWA confidentially or anonymously (if desired) without fear of retaliation. Ensuring CHG has a method for enrollees to report potential FWA. Reviewing and addressing reports of monitoring and auditing of areas in which CHG is at risk of FWA and ensuring that corrective action plans are implemented and monitored. Providing regular and ad hoc reports on the status of compliance with recommendations to senior management. The Compliance Committee facilitates coordination of information flow within the organization; the antifraud report is presented, as appropriate, to the Corporate Quality Improvement Committee (QIC). The Compliance Committee oversees the Compliance Plan, and determines and guides appropriate responses to reports of suspected health care fraud. Board of Directors The Board exercises oversight of the implementation and effectiveness of CHG s compliance program. The Board reviews compliance issues presented to it and makes further inquiry or takes appropriate action to ensure that the issue is resolved. The Board exercises such oversight by: 8

Approving the Ethical Business Conduct; Understanding the compliance program structure; Remaining informed about the compliance program outcomes, including results of internal and external audits; Remaining informed about governmental compliance and enforcement activity such as Notices of Non-Compliance, Warning Letters and/or more formal sanctions; Receiving regularly scheduled, periodic updates from the Compliance Officer and Compliance Committee; and Reviewing the results of performance and effectiveness assessments of the compliance program. The performance and effectiveness of the compliance program may be assessed by any of the following methods or combinations therefore: Quantitative measurement tools to report, and track, and compare over time, compliance with key Medicare Parts Part C and Part D operations such as enrollment, appeals and grievances, and prescription drug benefit administration; Use of monitoring to track and review open/closed corrective action plans, Contractor, compliance, Notices of Non-Compliance, warning letters, CMS sanctions, marketing material approval rates, training completion/pass rates, etc.; Implementation of new or updated Medicare requirements, including monitoring or auditing and quality control measures to confirm appropriate and timely implementation; Increase or decrease in the number and/or severity of complaints from employees, providers, beneficiaries through customer service calls or the Complaint Tracking Module (CTM), marketing misrepresentations, Part A and Part B issues, etc.; Timely response to reported noncompliance and potential FWA issues, and effective resolution (i.e., non-recurring issues); Consistent, timely and appropriate disciplinary action; and Detection of noncompliance and FWA issues through monitoring and auditing whether the root cause was determined and corrective action was appropriately and timely implemented and tested for effectiveness, detection of FWA trends and schemes via daily claims reviews, outlier reports, pharmacy audits, etc.; and actions taken in response to compliance reports submitted by FDRs. The Board has delegated the following activities to the Compliance Committee and applicable staff/committees Annual review of compliance policies and procedures that are developed and 9

implemented by Compliance Officer and Compliance Committee. Approval of compliance policies and procedures; Review of Compliance Committee s development, implementation, and approval of FWA training; Review and approval of CHG s compliance risk assessment; Review of internal and external audit work plans and audit results; Review and approval of corrective action plans resulting from audits; Review and approval of appointment of the Compliance Officer; Review and approval of performance goals for the Compliance Officer; and Evaluation of the senior management team s commitment to ethics and the compliance program; and review of dashboards, scorecards, self-assessment tools, etc., that reveal compliance issues. (3) Effective Lines of Communication between the Compliance Officer and Organization s Employees, FDRs, Agents, Directors, and Members of the Compliance Committee, and the Board of Directors CHG has a system in place to receive, record, and respond to compliance questions, or reports of potential or actual non-compliance from employees, FDRs, Board members, agents and directors while maintaining confidentiality, allowing anonymity if desired (e.g. through its compliance hotlines), and ensuring non-retaliation against callers. CHG has established a system that fosters effective lines of communication between the Compliance Officer and the organization s employees, FDRs, agents, directors, Board members, and members of the compliance committee regarding how to report compliance concerns and suspected or actual misconduct. Compliance Officer regularly communicates appropriate information such as statutory, regulatory, and sub-regulatory changes and changes to policies and procedures and Code of Conduct to employees, FDRs, managers, directors, Board members, and others through email distribution, CHG s internal website, and meetings. To facilitate coordination of information flow within the organization, the Compliance Committee reports on its proceedings, as appropriate, to the QIC. CHG educates its enrollees about identification and reporting of potential FWA through flyers, letters, or newsletters. Compliance Hotline. Having a mechanism for reporting suspected health care fraud is one way CHG detects FWA, and works to preserve resources to care for those who truly need and deserve it. CHG has a special toll free voicemail telephone line for reporting suspected health care fraud: (800) 651-4459. Providers and employees are encouraged to use this number to report suspected health care fraud. CHG s Compliance Officer monitors this system. Reports may 10

be made anonymously, if desired. CHG requires all employees, FDRs, Board members, agents and directors to report compliance concerns and suspected or actual misconduct. These concerns and risks are captured via independent mechanisms, which include the Compliance Hotline, employee exit interviews, e-mails, and other forums that promote information exchange. These mechanisms are available and easily accessible to CHG s employees, FDRs, Board members, agents and directors. All reports of FWA will be tracked, investigated, and responded to promptly, and corrective action taken as appropriate. Records of such reports are maintained for ten (10) years, as set forth in Appendix G, Managing Incidents of Suspected Fraud. CHG has a zero-tolerance policy for retribution against any employee or FDR who in good faith reports suspected FWA. (Appendix E establishes the Anti-Retaliation Policy.) CHG publicizes its procedures for reporting compliance concerns and its anti-retaliation policy and that of its FDRs throughout its facilities and those of FDRs. Information is available on its website, is posted at appropriate locations, and is included in compliance training. CHG s Compliance Committee or Compliance Officer may consult with legal counsel for assistance in guiding CHG s response to reported or suspected fraud. CHG contracts with the law firm of Foley & Lardner which possesses specific investigative expertise in fraud investigation, provides consultation in refining fraud prevention, detection, and investigation strategies and procedures; and conducts investigations as directed by CHG. (4) Effective Training and Education between the Compliance Officer and Organization s Employees, FDRs, Agents, Directors, and Board Members CHG conducts training and education between the Compliance Officer and organization s employees, managers, directors, Board members, and FDRs. The following is a description of CHG s compliance training: Education for Employees, Managers, and Board Members. New employees (including temporary employees and volunteers), managers, Board members, and directors receive fraud awareness training and instruction in CHG antifraud policies, including identification of the mechanisms available to report suspected fraud, during their new employee or Board orientation. New employee orientations are conducted within the first 30 days of employment with CHG, and Board member orientations are conducted within the first ninety (90) days of appointment. On a yearly basis, employees and managers whose positions involve work that, by its nature, may present significant opportunities to observe fraud receive specialized 11

training. This includes job-appropriate aspects of fraud detection, reporting, and investigation. CHG s Compliance Officer conducts a mandatory employee annual compliance training program for all employees, Board members, managers, and directors. The training includes, but is not necessarily limited to, the following topics: U.S. health care spending and the impact of health care fraud. Overview of statutes and regulations pertaining to health care fraud and CHG s compliance program. Types of fraud encountered in the type of job being performed. Ways the fraud can be detected, including "red flags. The obligations of an employee concerning fraud. How to report the suspected fraud. How to preserve evidence. The need to maintain confidentiality and continuity of care. Discipline for non-compliant or fraudulent behavior. This compliance training program is updated at least annually, or whenever there are material changes in the regulations, policy or guidance. CHG will maintain records for ten (10) years of the time, attendance, topic, and sign-in sheet or certification of completion of training. Education for FDRs. CHG contracts with first tier entities that meet the FWA certification requirements through enrollment into the Medicare program are deemed to have met the training and educational requirements for FWA in compliance with CFR 422.503(b)(4)(vi)(C)(2). CHG offers annual trainings to first tier contracted providers, and CHG s pharmacy benefit manager provides trainings to their contracted downstream entities to comply with CFR 422.503(b) (4)(vi)(C)(1) regulation requirements. CHG training includes how to identify and report FWA. It includes expectations for reporting non-compliance and FWA; assist in the resolution of issues; and that are timely, consistently, and effectively enforced. In the unlikely event CHG has a contract with providers and suppliers who currently are not enrolled as providers or suppliers in the Medicare program, CHG provides education and training as follows: It educates primary care providers about fraud through distribution of appropriate printed material. It presents antifraud information in new provider orientation. Fraud prevention, detection, and reporting are covered during each new primary care provider s 12

orientation. Antifraud information is found in the CHG Provider Manual and on the website. Refresher training is made available as appropriate. FWA training for FDRs is further described in Section 8 (First Tier, Downstream & Related Entity Compliance). (5) Procedures for Effective Internal Monitoring and Auditing Antifraud Program. CHG s antifraud program, which includes an internal monitoring and auditing program and an audit plan which identifies audits to be performed. CHG monitors its antifraud program for areas for improvement. Through communication with its consultant, legal counsel, and others, and analysis of cases of suspected fraud identified, CHG s Compliance Committee will identify areas for operational improvement. As appropriate, targeted changes to procedures and staff and/or contractor trainings are made. CHG tracks performance indicators to measure antifraud program success. Performance indicators to be tracked include the following: Number of cases of suspected fraud reports recorded by CHG Number of cases investigated Number of cases referred to law enforcement Number of cases prosecuted (to the extent this is known by CHG) CHG prepares other reports concerning its antifraud efforts as directed by its Board of Directors or senior management. CHG procedures for internal monitoring and auditing test and confirm compliance with the Medicare regulations, subregulatory guidance, contractual agreements, and all applicable state and federal laws, as well as internal policies and procedures in order to protect against potential FWA. Risk Assessments CHG s Compliance Officer is responsible for monitoring and auditing CHG s compliance with the CMS requirements and the overall effectiveness of the compliance program. The Compliance Officer monitors the annual risk assessments and provides a report to the Compliance Committee, the CEO, senior leadership, and the Board of Directors. The monitoring of risk assessments includes the following: 13

Utilize statistical methods, when appropriate, in: The Claims Supervisor audits claims exceeding $25,000.00 for accuracy before they are processed for payment. CHG also uses the Virtual Examiner (VE) system. The VE is a claim screening system that assesses the appropriateness of medical claims payments in the context of patients medical claim history. CHG contracts with an outside vendor, SHPS, specializing in hospital claim review and recovery. SHPS audit all CHG hospital claims with over $10,000 payable amounts (excluding per diem and case rate payments). Nurses review medical charts against charges to ensure proper coding and that the care charged was provided. This external process allows CHG to provide detailed review and ensure payment is made solely on services provided, properly coded and documented. CHG contracts with a Pharmacy Benefit Manager (PBM) MedImpact Healthcare Systems. They oversee the audit process and credentialing of the pharmacy network for CHG. The PBM s Provider Auditing Unit conducts desk verifications of network pharmacies on-site audits. During these review audits, claim history is audited, compares submitted claims with prescriptions and documents at the pharmacy. Action is taken where pharmacies do not produce appropriate documentation. If dollars paid out for services cannot be substantiated through proper pharmacy documentation are recovered. These activities are designed to monitor their pharmacy network and client networks under management by the PBM in order to provide for accurate billing, dispensing practices and to substantially reduce and/or eliminate FWA. Examine the performance of the compliance program including review of training, the reporting mechanism (e.g. compliance hotline log), investigation files, sanction screenings, certifications for receipt of standards of conduct, and conflict of interest disclosure/attestation. Conduct follow up review of areas previously found non-compliant to determine if the corrective actions taken have fully addressed the underlying problem. CHG also includes in its risk assessment a process for responding to all monitoring and audit results. As part of the risk assessments, a strategy to monitor and audit FDRs involved in the administration or delivery of the benefits. Development of System to Identify Risks CHG conducts an ongoing review of potential risks of noncompliance and FWA and reevaluation of the baseline assessment. Risks identified by the risk assessment are ranked to determine which risk areas have the greatest impact on CHG, and the auditing and monitoring strategy takes into account these priority risk areas. Risk areas identified through CMS audits and oversight, as well as through CHG s own monitoring, audits and investigations are priority risks. Development of the Monitoring and Auditing Work Plan Once the risk assessment has been completed, the Compliance Officer will oversee the 14

development of an auditing and monitoring work plan. Such work plan may include: The audits to be performed; Audit schedules, including start and end date Announced or unannounced audits; Audit methodology; Necessary resources; Types of audit: desk or onsite; Person(s) responsible; Final audit report due date to compliance officer; and Follow up activities from findings. In addition to determining its priority risk areas, CHG s audit work plan: Uses appropriate statistical methods in: (i) selecting sponsor facilities, pharmacies, providers, claims, and other areas for audit; (ii) determining appropriate sample size; (iii) extrapolating audit findings using statistically valid methods that comply with generally accepted auditing standards to the full universe; and (iv) applying targeted or stratified sampling methods driven by data mining and complaint monitoring; Uses special targeted techniques based on aberrant behavior; Assesses compliance with internal processes and procedures; Examines the performance of the compliance program, including a review of training, reporting mechanisms (e.g., hotline log), investigation files, OIG/GSA exclusion list screenings, evidence of employee receipt of Standards of Conduct and conflict of interest disclosures/attestations, and sampling for evidence in support of attestations, if the sponsor uses attestations to monitor compliance; and Conducts follow-up review by auditing, monitoring or otherwise of areas previously found non-compliant to determine if the implemented corrective actions have fully addressed the underlying problem. CHG s work plan includes a process to respond to all monitoring and auditing results as well as reviewing areas found to be non-compliant to determine if the implemented corrective actions have fully addressed the underlying problems. The work plan includes a schedule that lists all of the monitoring and auditing activities for the calendar year for audits of CHG s operational areas and those of first-tier entities. Audits may include desk and on-site audits. CHG prepares a standard audit report that includes items such as: Audit Objectives; Scope and Methodology; Findings: Condition; Criteria; Cause; Effect; and Recommendations. 15

The audit reports are provided to the Compliance Officer upon completion. Audit of CHG s Operations and Compliance Program CHG s internally audits the effectiveness of the compliance program annually and provides the results to the Compliance Officer, Compliance Committee, senior managers, and the Board. The following areas are reviewed: Review Element Policies and Procedures Compliance Officer and Compliance Committee Training and Education of Employees and First Tier, Downstream and Related Entities Effective Lines of Communication Well Publicized Disciplinary Guidelines Internal Monitoring and Auditing Sample Evaluation Questions Are policies and procedures specific and detailed in describing the mechanisms by which compliance objectives will be achieved? Is there proactive oversight of FDRs to ensure they are adhering to the Code of Conduct and the policies and procedures? Does the responsible compliance position report to the CEO? Does the responsible compliance position have a regular prescheduled meeting with the governing board to report on activities of the compliance program (either directly or through a report delivered by the CEO)? Is there evidence of a compliance training program which includes the code of conduct; expectations of the compliance program; and how the compliance program operates? Are new employees, board members and affiliates trained in compliance so that they could identify circumstances of fraud, waste and abuse? Are there accessible mechanism(s) for the governing board, management, employees and others associated with all programs to communicate compliance related concerns to the responsible compliance position? Do the accessible mechanisms include methods for anonymous or confidential communication? Do disciplinary policies set out expectations for reporting compliance issues and for assisting in their resolution? Do disciplinary policies outline sanctions for failing to report suspected problems; participating in non-compliant behavior; or encouraging, directing, facilitating or permitting noncompliant behavior? Does a system exist within the functional area to routinely conduct self-evaluation of risk areas, including internal audits 16

Prompt Responses to Detected Offenses and as appropriate external audits? Does the functional area routinely evaluate potential or actual non-compliance as a result of its self-assessments and audits? Does a process exist within the compliance plan for responding to compliance issues as they are raised? Does a process exist within the compliance plan for investigating potential compliance issues? Participants in the audit function are knowledgeable about CMS operational requirements for the area under review and will have access to the relevant personnel, information, records, and areas of operation under review. (6) Procedures for Ensuring Prompt Response to Detected Offenses and Development of Corrective Action Initiatives. CHG investigates and responds appropriately to reports of suspected fraud. Policy #5509.2.a, Managing Incidents of Suspected Health Care Fraud, serves as the basis for investigation by CHG of suspected health care fraud, reporting same to the appropriate law enforcement agency, assisting with law enforcement investigations, taking appropriate response measures and taking appropriate correction action when health care fraud is found to have occurred. CHG conducts timely, reasonable inquiries into evidence of misconduct related to payment or delivery of Medicare items or services, conducts appropriate corrective actions in response to any such misconduct, and implements procedures to voluntarily self-report potential fraud or misconduct related to the Medicare program to CMS or its designee. Conduct a Timely and Reasonable Inquiry of Detected Offenses CHG conducts a timely and well-documented reasonable inquiry into any compliance incident or issue involving potential Medicare program noncompliance or potential FWA, including preliminary investigation by the Compliance Officer. Corrective Actions CHG undertakes appropriate corrective actions in response to potential noncompliance or potential FWA. To correct the underlying problem that results in program violations and to prevent future noncompliance, CHG conducts a root cause analysis and tailors the corrective action to address the particular FWA, problem or deficiency identified, with timeframes for specific achievements. CHG also ensures that FDRs have corrected their deficiencies, as discussed in Section 8, First- Tier, Downstream, & Related Entity Compliance.. CHG ensures that employees have undertaken corrective action to address noncompliance, and documents such corrective action. Failure to comply with such corrective action may result in discipline, including termination. (Appendix C.) 17

Investigation of FWA Issues CHG s Compliance Department is responsible for efforts related to: Reducing or eliminating MMP (CalMediconnect) and Part D benefit costs due to FWA; Reducing or eliminating fraudulent or abusive claims paid for with federal dollars; Preventing illegal activities; Identifying enrollees with overutilization issues; Identifying and recommending providers for exclusion, including those who have defrauded or abused the system to the NBI MEDIC and/or law enforcement; Referring suspected, detected or reported cases of illegal drug activity, including drug diversion, to the NBI MEDIC and/or law enforcement and conducting case development and support activities for NBI MEDIC and law enforcement investigations; and Assisting law enforcement by providing information needed to develop successful prosecutions. Responding to CMS Issued Fraud Alerts CMS issues alerts to Part D sponsors concerning fraud schemes identified by law enforcement officials. When a Fraud Alert is received, CHG reviews its contractual agreements with the identified parties. The CHG Compliance Officer and Compliance Committee, in consultation with legal counsel, will determine whether the contract may be terminated. CHG will also review its past paid claims from any entities identified in a fraud alert. CHG will make its best efforts to identify claims that may be or may have been part of an alleged fraud scheme and remove them from their sets of prescription drug event data submissions. Identifying Providers with a History of Complaints CHG will maintain files for a period of ten (10) years on both in-network and out-of-network providers who have been the subject of complaints, investigations, violations, and prosecutions. This includes enrollee complaints, NBI MEDIC investigations, OIG and/or DOJ investigations, U.S. Attorney prosecution, and any other civil, criminal, or administrative action for violations of federal health care program requirements. CHG will also maintain files that contain documented warnings (i.e., fraud alerts) and educational contacts, the results of previous investigations, and copies of complaints resulting in investigations. CHG will comply with requests by law enforcement, CMS and CMS designee regarding monitoring of providers within the sponsor s network that CMS has identified as potentially abusive or fraudulent. Effectiveness Measures CHG routinely monitors and identifies compliance risks through internal monitoring and audits and, as appropriate, external audits, to evaluate CHGs and FDRs compliance with CMS requirements and the overall effectiveness of the compliance program. Use of Data Analysis for Fraud, Waste and Abuse Prevention and Detection In addition to its analysis of the appropriateness of claims, as discussed in Section 5 above, 18

CHG compares claims information against other data to identify unusual patterns suggesting potential errors and/or potential fraud and abuse both internally and externally. CHG s data analysis Establishes baseline data to enable CHG to recognize unusual trends, changes in drug utilization over time, physician referral or prescription patterns, and plan formulary composition over time; Analyzes claims data to identify potential errors, inaccurate TrOOP accounting, and provider billing practices and services that pose the greatest risk for potential FWA to the Medicare program; Identifies items or services that are being over utilized; Identifies problem areas within the plan such as enrollment, finance, or data submission; Identifies problem areas at the FDR (e.g., PBM, pharmacies, pharmacists, physicians, other health care providers and suppliers); and Uses findings to determine where there is a need for a change in policy. CHG routinely generates and reviews reports on pharmacy billing, medical claims, etc., based on the data analysis performed to identify pharmacies and other FDRs that require further review. See Section 8, First-Tier, Downstream, & Related Entity Compliance. (7) Enforcement of Standards through Well-Publicized Disciplinary Guidelines CHG s Code of Conduct as described in the Code of Conduct (Code) provided to all employees is intended to provide general ethical conduct standards to follow and to assist CHG in meeting its compliance goals. The Code and our personnel policies and procedures specify the disciplinary measures that can be taken for non-compliance, including oral or written warnings or reprimands, suspensions or termination. Employees may be subject to discipline and contractors to termination for failing to participate in the CHG s compliance efforts including, but not limited to: Conduct of an employee or FDR that leads to a violation of federal or state law, or conduct that results in violation of any other requirement relating to participation in Medicare; The failure of an employee or FDR to perform any required obligation relating to compliance with the Compliance Plan or applicable law, such as the completion of required training; or The failure of any employee or Contractor to report suspected violations of the Compliance Plan or applicable law to an appropriate person, or to assist in the resolution of reported compliance issues. CHG maintains a zero tolerance policy towards any illegal conduct. Any employee or FDR engaging in a violation of any laws or regulations (depending on the magnitude of the violation) may be terminated from employment or their contract. 19