2012-2013

MEDICARE COMPLIANCE TRAINING EMPLOYEES & FDR’S

2012 Revised

1

Introduction – CMS Requirements

As of January 1, 2011, Federal Regulations require that Medicare Advantage Organizations (MAOs) and Prescription Drug Plans (PDPs) have an effective compliance program designated to deter Fraud Waste and Abuse (FWA). This includes compliance program requirements for annual training on compliance and FWA. Refer to 42 CFR 422.503(b)(4)(vi)(C) and 42 CFR 423.504(b)(4)(vi)(C) for details on required training and education for General Compliance and FWA.

Simply Healthcare Plans (SHP or the Company) is a MAO/health plan that has a contract with the federal government. MAO and Part D Sponsors must provide compliance and FWA training to employees and first tier entities. First tier entities must ensure that compliance and FWA training is distributed to their downstream entities (and such distribution must be documented).

First tier, downstream, and related entities (FDRs) who have met the fraud, waste, and abuse certification requirements through enrollment into the Medicare program are deemed to have met the training and educational requirements for fraud, waste, and abuse; however, Compliance training is still required for all FDR’s, even if deemed for FWA training.

Additional regulatory guidance can be found in Chapter 9 and 21 of the CMS Managed Care Manuals at www.cms.gov.

2

COMPLIANCE PROGRAM AND

CODE OF BUSINESS ETHICS

3

Description of the Compliance Program

4

The Compliance Program is a written guide directed to all employees and FDRs that outlines SHP’s core values and foundation for business operations and prevention of fraud, waste and abuse.

Supports all applicable laws and regulations governing Medicare, Medicaid, and Florida Department of Elder Affairs (Nursing Home Diversion).

SHP has delegated the implementation and oversight of the Compliance Program to the Compliance Committee and Compliance Officer.

Purpose of the Compliance Program

5

Assure compliance with federal and state laws.

Establish framework for Compliance activities that are designed to avoid legal and compliance problems

Provide the general public, employees and FDRs with an official statement of how SHP conducts its business

Identify how to communicate compliance issues to the appropriate personnel

Describe how potential compliance issues are investigated and includes a policy for non intimidation and non retaliation.

Code of Business Conduct and Code of Business Ethics

6

The Code of Business Conduct and Code of Business Ethics (Codes) were prepared by senior management of SHP and approved by the SHP Board of Directors to provide officers, directors, and employees, as well as those with whom we do business (i.e., FDRs), with a formal statement of the Company’s commitment to the standards and rules of ethical business conduct spelled out in the Codes and to enhance SHP’s ability to achieve its corporate mission.

All Company personnel and FDRs are required to comply with the standards contained in the Codes and report any alleged violation to the Compliance Officer and assist in the investigation of complaints.

Performance expectations are outlined in the Codes as it relates to (activities outside of SHP, use of company funds and assets, proper accounting, trade secrets, protecting member information and much more).

It is the policy of SHP to prevent the occurrence or unethical behavior and discipline personnel or take action against FDRs that violate the Codes.

Seven Elements of a Compliance Program

7

Every effective compliance program must begin with a formal commitment to seven key elements. These seven elements are set by the federal government for contractors of the federal government to follow.

Written policies, procedures, and standards of conduct

Compliance Officer and Compliance committee

Effective training and education

Effective lines of communication

Enforcement of standards

Effective Internal Monitoring and Auditing

Prompt Response to Detected Offenses

Element #1: Policies, Procedures and Standards of Conduct

8

The first element of a Compliance Program involves the development of written policies, procedures, and standards of conduct to help prevent issues from occurring in the first place. Policies and procedures (P&Ps) are created to:

Articulate an organization’s commitment to comply with all applicable Federal and State standards

Describe the expectations embodied in the organization’s Code of Conduct

Provide guidance on how to deal with potential compliance issues

Identify how to report compliance issues

Describe how potential compliance issues are investigated and resolved

The Compliance Department at SHP has developed a series of policies and procedures that outline the organization’s commitment to complying with standards and regulations set by the federal government (i.e. the Centers for Medicare and Medicaid Services –CMS), state departments of insurance, etc.

Additionally, business associate agreements, contracts and other agreements between SHP and entities to which SHP delegates its business functions contain language emphasizing compliance-related expectations and/or stipulations.

SHP’s Code of Business Conduct & Ethics are available at: www.mysimplymedicare.com.

Policies and procedures that support the Medicare Compliance Program for SHP employees are available in the company’s internal web site.

Element #2: Compliance Officer & Compliance Committee

9

The second element of a Compliance Program is the designation of a Compliance Officer to accept responsibility for the program and oversee its day-to-day operations. The Compliance Officer ensures the Compliance Program remains visible, active, and accountable. The Compliance Officer has the authority to review all documents and other information that are relevant to compliance activities.

The Medicare Compliance Officer routinely reports to the Board of Directors, or its designee, to ensure it is knowledgeable about the content and operation of the Compliance Program.

The Medicare Compliance Officer chairs the Medicare Compliance Committee. A key focus of the Medicare Compliance Committee is to raise and address compliance issues, escalate compliance issues to Senior Management and the Board of Directors, and to provider oversight of the Medicare Advantage and Part D programs.

Additionally, the Compliance Officer facilitates monthly meetings of the Compliance Committee, which is comprised of several key upper management personnel. The Compliance Committee meets quarterly to discuss current and/or potential compliance-related issues, including audits, fraud, waste and abuse inquiries, and new and/or revised regulatory guidance.

SHP’s Compliance Officer is Cary Santamaria.

Element #3: Effective Training and Education

10

The third element of a successful Compliance Program is to provide effective education and training. This enhances the organization’s ability to detect potential issues.

Compliance training addresses relevant laws and regulations, including those related to FWA.

Organizations must have effective training and education between the Compliance Officer and the organizations employees, managers and directors, and the organizations FDRs.

SHP develops and implements regular, effective education and training for employees, contractors, providers, FDRs and the Board.

All employees of SHP are required to complete compliance training upon initial hiring and annually thereafter.

Training is also disseminated to contractors and FDRs to which SHP delegates its business functions.

Element #4: Effective Lines of Communication

11

The fourth element of a Compliance Program involves the ability to report issues through open lines of communication.

Organizations must have effective lines of communication between the Compliance Officer, members of the Compliance Committee, the organizations employees, managers and directors, and the organization’s FDRs ensuring confidentiality, between all parties in accordance with applicable law

Employees, contractors, and other parties are encouraged to report violations of law and policy, without fear of retribution, to SHP’s Compliance Department.

Not every situation can be addressed in this document

If you detect a potential compliance issue, it's your responsibility to report it in any of the following ways:

Contact your supervisor, manager or the Compliance Officer and describe the issue or

Contact the 24 hour compliance hotline at (305) 408-5718 or 1-877-235-9251. Reports to the Compliance Hotline can be made anonymously.

Element #5: Well Publicized Disciplinary Standards

12

The fifth element of a Compliance Program involves well-publicized disciplinary standards and enforcement so any problems are corrected and resolved.

SHP expects all employees and contracted entities to act in an ethical and compliant manner.

All employees are responsible for complying with the SHP Compliance Program and the Code of Business Conduct.

Disciplinary guidelines concerning violations are described in SHP’s Code of Business Conduct, Medicare Compliance Plan, policies, procedures and compliance trainings.

Element #6: Routine Monitoring and Identification of Compliance Risks

13

The sixth element of an effective Compliance Program is a system for auditing and routine monitoring of compliance risks. It is an ongoing process that helps continuously improve performance.

Compliance means we are doing the right things well. This means we follow the rules and regulations, as well as our P&Ps and standards of conduct.

Auditing and monitoring lets us know how we're doing and identifies any areas for improvement.

Organizations must have procedures for effective internal monitoring and auditing.

The Compliance Department and Internal Audit Department at SHP are responsible for conducting internal audits, as well as audits of external (i.e. contracted) entities to which SHP delegates its business functions to identify areas of risk and compliance with federal and state regulatory guidelines.

SHP develops and implements a risk based audit plan. Risks are identified through various sources including, but not limited to: the OIG work plan, external and internal audits, internal monitoring and metrics reporting, compliance issues identified by CMS, and compliance issues identified internally.

Element #7: Prompt Response to Compliance Issues

14

The seventh element of an effective Compliance Program is responding to detected offenses as soon as they are reported with a prompt investigation, and any necessary remediation.

Regardless of the mechanism used to report potential or suspected violations, all reports are taken seriously, reviewed, and investigated in a timely and reasonable manner. Investigations should result in appropriate corrective action and are treated in a confidential manner.

SHP has procedures for ensuring prompt responses to identified areas of non-compliance and detected offenses including the development of corrective action plans to reduce the potential for recurrence, and ensure ongoing compliance with CMS requirements.

Violation of the standards contained in the Compliance Plan may result in disciplinary or corrective action against those Associates, subcontractors, directors or first tier, downstream, or related entities who participate in non-compliant, illegal, fraudulent, improper, dishonest, or unethical activities.

HEALTHCARE FRAUD LAWS AND REGULATIONS

15

Anti-Kickback Statute

16

The Anti-kickback statute makes it a criminal offense to knowingly and willfully offer, pay, solicit, or receive any remuneration to induce or reward referrals of items or services reimbursable by a Federal health care program.

The statue ascribes criminal liability to parties on both sides of an impermissible “kickback” transaction.

“Remuneration” includes the transfer of anything of value, directly or indirectly, overtly or covertly, in cash or in kind.

The government has approved a limited number of financial arrangements that the administration considers are unlikely to result in fraud and abuse. These arrangements are referred to as Safe Harbors.

Medicare Advantage Safe Harbors

Risk-based HMOs may offer Medicare beneficiaries increased coverage, reduced cost-sharing amounts or reduced premium amounts.

Plan must offer same benefits to all Medicare/Medicaid enrollees.

Plan must not claim the costs of these benefits as a bad debt or otherwise shift the costs.

False Claims Act (“FCA”)

17

It is a crime for any person or organization to:

Knowingly present, or cause to be presented, a false or fraudulent claim for payment or approval by the federal government; or

Knowingly make, use, or cause to be made or used a false record or statement to influence the payment of a false or fraudulent claim.

Note:

Unlike the Anti-Kickback Statue, no proof of specific intent to defraud is required by the False Claims Act. The person submitting a claim does not need to have actual knowledge that the claim is false. Anyone who acts in reckless disregard or in deliberate ignorance of the truth or falsity of the information can also be found liable under the False Claims Act.

Qui Tam Provision of the FCA

18

Authorizes a person alleging a violation of the FCA, also known as a “whistleblower” or “relator,” to file a case in federal court and sue, on behalf of the government, those engaged in fraud.

Relator’s incentive to sue is the potential to share in the recovery of any monies received if the case is successful.

Provides protection to relators who are discharged, demoted, suspended, threatened, harassed, or discriminated against in any manner for prosecuting or participating in an investigation.

Fraud Enforcement & Recovery Act of 2009 (“FERA”)

19

Signed into law May 20, 2009.

Amends the FCA.

Makes it illegal to “knowingly conceal or knowingly and improperly avoid” an obligation to repay federal funds that have been paid in error, even if the erroneous payment was not caused by the submission of a false record or statement.

Expands the definition of “claim” to include:

Demands for payments made by subcontractors to companies receiving federal funds.

Any request or demand for money or property, whether or not the United States has title to the money or property.

Any request for money made to any “recipient” of funds provided, in whole or in part, by the government, “to advance a Government program or interest.”

Health Insurance Portability and Accountability Act or HIPAA

20

An important part of any Compliance Program is being compliant with HIPAA regulations.

The Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its regulations (the "Privacy Rule" and the "Security Rule") protect the privacy of an individual’s health information and govern the way certain health care providers and benefits plans collect, maintain, use and disclose protected health information (“PHI”).

HIPAA requires us to keep health plan members’ and patients’ information secure and private.

The HIPAA Privacy Rule states that PHI can only be used an disclosed to the minimum necessary for treatment, payment, and healthcare operations purposes.

Health Insurance Portability and Accountability Act or HIPAA

21

Only those involved in the treatment, payment, or health care operation may share, apply, utilize, examine, or analyze PHI.

Most disclosures of PHI require health plan member or patient authorization.

Unauthorized use of PHI has severe consequences to our members or patients, and to our organization. You are obligated to comply with HIPAA standards to ensure PHI remains secure.

Carefully handle all PHI data

Reporting MUST be done immediately if you become aware of or suspect a breach may have occurred.

HIPAA – Your Responsibilities

22

HIPAA requires us to remember the following:

Keep member and patient information secure and private.

PHI may be used and disclosed for treatment, payment and healthcare operations purposes, using the minimally necessary amount of PHI to accomplish the purpose.

You are obligated to comply with HIPAA standards to ensure PHI remains secure.

You have a responsibility to identify and promptly report privacy and security incidents using your organization’s reporting policies and procedures.

Everyone at your organization must comply with HIPAA regulations. That means EVERYONE who provides healthcare directly or anyone who works at an organization that handles any type of PHI. By following HIPAA regulations, you support your organization’s commitment to ensuring the security and privacy of PHI.

Protected Health Information (PHI)

23

Protected Health Information (PHI) is information that both identifies a member AND relates to their past, present, or future health condition, provision of care, or payment of care.

Examples of PHI include, but are not limited to:

Member name AND case management notes

Member ID number AND a list of current medications

Member social security number AND medical claim information

Physician Self-Referral Prohibition Statute

24

Commonly referred to as the “Stark Law.”

Prohibits physicians from referring Medicare patients for certain designated health services to an entity with which the physician or a member of the physician’s immediate family has a financial relationship – unless an exception applies.

Prohibits an entity from presenting or causing to be presented a bill or claim to anyone for a designated health service furnished as a result of a prohibited referral.

DUTY TO REPORT

25

Duty to Report

26

Every employee, Director, and contractor has a duty to comply with all laws and regulations and to report violations.

You do not have to be certain that a violation has occurred in order to report suspected wrongdoing.

Retaliating against anyone who reports a suspected violation is prohibited by Company policy.

SHP has processes to receive, record and respond to compliance questions, reports of potential or actual non-compliance, and FWA from contractors, agents, directors, enrollees, and FDRs. SHP maintains confidentiality to the extent possible, allows callers to remain anonymous if desired and ensures non-retaliation against those who report suspected misconduct in good faith.

Violations of the Code of Business Conduct or Code of Ethics, or any FWA must be reported. Not reporting fraud or suspected fraud can make you a party to a case by allowing the fraud to continue.

Reporting Suspected Non-Compliance

27

Employees/FDRs may discuss the issue with the manager of his/her department; or

Contact the Compliance Officer

Cary Santamaria

1701 Ponce De Leon Blvd.

Coral Gables, Florida 33134

Phone (305) 921-2643

csantamaria@simplyhealthcareplans.com

If you wish to remain anonymous, you can call the hotline at:

(305) 408-5718 or 1-877-235-9251

Resources

28

Resource

Link

Centers for Medicare and Medicaid Services

http://www.cms.gov

Fraud & Abuse General Information

http://www.cms.gov/fraudabuseforprofs/

Health Insurance Portability and Accountability Act (HIPAA)

http://www.cms.gov/HIPAAGenInfo/01_o verview.asp

HITECH Act

http://www.hipaasurvivalguide.com/hitech- act-text.php

Medicare Learning Network (MLN) Fraud & Abuse

https://www.cms.gov/MLNProducts/downlo ads/Fraud_and_Abuse.pdf

Medicare Managed Care Manuals

http://www.cms.gov/Manuals/IOM/

HITECH Act

http://www.hipaasurvivalguide.com/hitech- act-text.php

Office of Inspector General Department of Health and Human Services

http://oig.hhs.gov/ (refer to OIG guidance on Compliance Programs) http://oig.hhs.gov/fraud/hotline/

Part D Prescription Drug Benefit Manual

http://www.cms.gov/prescriptiondrugcovco ntra/12_partdmanuals.asp#topofpage

Thank You

29

SHP is committed to abiding by the laws, rules and regulations that govern our

business.

SHP’s Compliance Program cannot operate without the cooperation of our associates, vendors, business partners, and FDRs.

Thank you for completing this CMS required training course on the Compliance Program.

Attestation of Medicare Compliance Training 2012-2013