Sound the Alarms:

Compliance Training

2013

NY State Medicaid Office of Inspector General (OMIG) has mandated compliance for providers who meet state requirements.

The Patient Protection and Affordable Care Act (PPACA) mandates compliance programs for all.

Compliance 2013

What does this mean for you? You are encouraged to report issues that you suspect are

violations of compliance or fraud, waste and abuse. Call the company hotline number posted at all sites or

speak to your superior or your Compliance Officer. Know who your Compliance Officer is. Henrietta’s

Compliance Officers are: Matt Comer and Matt Jarrett

Compliance 2013

Compliance includes everyone at all levels. From management to field providers to business associates.

Participation is required, it will become a part of your evaluations, You are encouraged to report any issues whether it is patient care, operational, procedural,

suspected non-compliance, Fraud, Waste or Abuse.

Compliance 2013

Guidance for identifying Fraud, Waste and Abuse.

Mistake = Error

Inefficiency = Waste Bending the Rules = Abuse Intentional Deception = Fraud

Compliance 2013

Code of Conduct

Everyone must have made a commitment to ethical behavior

Respect for the patient and each other Business is conducted with absolute

integrity Employees and Management all have

responsibility to adhere to state and federal regulations

Compliance 2013

8 Elements of Compliance:

1. Written compliance plan and code of conduct 2. Designation of a Compliance Officer 3. Compliance Training and Education 4. Communication 5. Consistent Disciplinary Policies 6. Auditing and Monitoring 7. Response and Investigation 8. Non-intimidation and Non-retaliation

Compliance 2013

“Effective” Compliance Program per NYS OMIG. 18 NY CRR Part 521

1. A written policy or procedure in a Code of Conduct that describes compliance expectations.

2.The designation of a Chief Compliance Officer responsible for day to day operation of the compliance program who must report directly to the CEO or other senior administrator and also report periodically to the Governing Board.

Compliance 2013

3. Training and Education to appropriate employees, volunteers including executives and Governing Board members regarding compliance expectations which occurs periodically and is part of orientation.

Compliance 2013

4. Chief Compliance Officer must be accessible to staff with a mechanism for confidential reporting (Hotline Number).

5. Consistent disciplinary policies to encourage good faith participation in the compliance program which must be clear and include participation in non-compliant behavior and failure to report suspected problems as grounds for discipline.

Compliance 2013

6. A mechanism for the “routine identification of compliance risk areas” and an implementation of internal and external audits for evaluation of non-compliance.

7. A mechanism for responding to compliance issues as they develop and for reporting issues to the Department of health or OMIG and a mechanism for refunding over payments.

Compliance 2013

8. A policy of non-intimidation and non-retaliation for good-faith participation in the compliance program.

PLUS

Fraud Waste and Abuse –on the radar screen of State and Federal governments.

Compliance 2013

Fraud – any Intentional act or omission designed to deceive patients or the government as payor, resulting in the patients or government suffering a loss and/or the perpetrator achieving a gain.

Examples: Overbilling billing for services not rendered falsifying documentation for any reason

Compliance 2013

Waste - the careless expenditure, consumption, mismanagement or use of resources, whether intentional or unintentional, resulting in charge to patients or the government.

Examples: The use of supplies or rendering of services for which

medical necessity was not clearly documented. Inefficiency

Compliance 2013

Abuse - mistreatment of patients or destructive misuse or diversion of assets and resources, and activities that are inconsistent with sound medical or professional practices.

Examples: physical or mental mistreatment of patients providing substandard or inferior care or treatment of patients billing for substandard care or services waste to such a scale that it is more than careless destruction or acts which shorten the useful life of equipment

used by the provider. Not following protocol- Bending the Rules

Compliance 2013

OMIG has identified Focus Items to audit:

Not Medically Necessary 90 Day exception codes – July 1, 2003 – December 31, 2005 Services billed when patient is an inpatient Non-emergency ambulance services Documentation review Compliance programs.

Compliance 2013

Lin-Wil Transportation February 2011 A review of payments to Lin-Wil Transportation Inc.

for services paid by Medicaid Jan 1, 2005 – Dec. 31, 2008

3,963 services rendered Sample size 200 with Medicaid overpayments of

$16,162.14 Extrapolation of the sample findings across the

universe of cases resulting in $320,253.00 due back to Medicaid.

Compliance 2013

Audit Focus for Linwil:

Drivers/vehicles were properly licensed, inspected, certified and/or registered

prior authorizations were obtained All billing and rate requirements were met Mcd reimburseable services were rendered for the dates billed Appropriate procedure codes were billed for services rendered Vendor records contained the documentation required by the regulations Claims for payment were submitted in accordance with Dept regulations

and the Provider Manuals for Transportation.

Lin-Wil failed to comply with Title(s) 10, 14, and/or 18 of the Official Compilation of Codes, Rules and regulations of the State of NY (NYCRR) and the MMIS Provider Manual for Transportation

Compliance 2013

TYMPF Co. Inc $85,000 TLC Ambulette Corp $36,210 Rzan Medical Transportation $642,983 Medical Answering Services CIA

*CIA – Corporate Integrity Agreement Civil settlement mandating the provider to implement

compliance procedures often at considerable expense, including retaining an independent review organization for oversight, government involvement for a period of years, hiring a Compliance Officer. Typical term of a CIA is five years.

Compliance 2013

Rural Metro – CIA since 2007 $2.5 million fine Violated anti-kickback statute, medically unnecessary services

billed Whistleblower lawsuit – DOJ has joined FBI search – KY Investigation ongoing CIA June 2011 in OHIO - Overpayments

Metropolitan Ambulance and First Aid (SEZ Metro Corp.) Metro North Ambulance Corp. Big Apple Ambulance Service One owner- 3 companies $2.85 million fine Appealed Medicare decision with falsified documents.

Compliance 2013

Expanded Risk Areas: Quality of care Mandatory Reporting Credentialing Exclusion list checks Self-Reporting “other risk areas that are or should with due diligence

be identified by the provider”

Compliance 2013

Risk Assessments Internal processes reviewing internal practices against regulatory requirements to ensure compliance.

Audit schedules will include results from the analysis of the risk assessment.

Compliance 2013

Auditing and Monitoring Auditing allows for identification of errors which can

be corrected before they become patterns of errors that must be self-reported.

Eyeball – You can help reduce errors by giving your documentation a review before submitting it.

Is the transport medically necessary? Were other means of transportation contraindicated?

Compliance 2013

Auditing and Monitoring

The documentation resulting from audits and monitoring is proof during a state or federal audit that you are complying with the mandated requirements.

All 8 elements plus FWA efforts are being

addressed anddocumented.

Compliance 2013

Anti-Kickback Act – prevents inducements, payments or rewards for referrals of Federal health care program business including Medicare and Medicaid.

(section 1128B(b) of Act (42 U.S.C. 1320a-7b)

Penalties include possible imprisonment, criminal fines, civil monetary penalties, exclusion from government programs.

Note : A person need not have knowledge of the anti-kickback statute or specific intent to commit a violation. PPACA

Compliance 2013

Every claim submitted based on a referral made in violation of the Anti-kickback statute will now automatically constitute a false claims violation under the False Claims Act.

Safe Harbors – describe payment practices that do not violate the Anti-Kickback statute provided the payments fit squarely within a Safe Harbor.

Compliance 2013

Examples of Safe Harbors: Space Rental Equipment Rental Personal Services and Management Contracts Discounts Employees Price reductions Offered to Health Care Plans Shared Risk Arrangements Ambulance Restocking Arrangements

Compliance 2013

HIPAA Health Insurance Portability and Accountability Act PROTECT PATIENT HEALTH INFORMATION 1. Privacy – The right of individuals to keep his/her

health information from being disclosed. 2. Security – The mechanism in place to protect the

privacy of health information.

Compliance 2013

Privacy of patient health information (PHI) encompasses controlling who is:

• authorized to access it• under what conditions patient information may

be accessed and used• under what conditions patient information may be disclosed to a third party. National standards exist to protect individuals medical

records and other personal health information.

Compliance 2013

Individuals have the right to review their medical information, copy it as well as correct it.

HIPAA required the Department of Health and Human Services to adopt national standards for electronic health transactions including code sets and specific identifiers.

Compliance 2013

Security Rule –

Controls access to PHI as well as safeguard PHI from unauthorized disclosure, alteration, loss or destruction.

The security rule requires appropriate administrative,

physical and technical safeguards to ensure the confidentiality, integrity and security of electronic PHI.

Compliance 2013

Administrative Safeguards- policies and procedures and disciplinary standards to ensure all personnel protect PHI.

Physical Safeguards – Security of the company’s buildings, offices, server rooms, filing cabinets, etc.; where PHI is stored as well as your computers, workstations and electronic media.

Technical Safeguards- Passwords, back-up and other security features on the company’s computers, networks, PDA’s, laptops, etc.

Compliance 2013

HITECH Health Information Technology for

Economic and Clinical Health Act Contains incentives related to PHI technology Expands the protections guaranteed by HIPAA Increases the financial penalties for violations

Compliance 2013

HITECH protects unsecured PHI Requires notification in the event of a breach Applies a portion of HIPAA’s privacy and security rules

directly to business associates Prohibits sale of PHI without patient authorization If PHI is maintained in electronic format, patients have

a right to receive it in electronic format. Strengthens enforcement mechanisms Patients can opt out of the use of their PHI for

fundraising activities.

Compliance 2013

HIPAA – protects electronic PHIHITECH- protects all other PHI (i.e.paper)

Compliance 2013

HITECH requirements: Providers must conduct annual HIPAA privacy and security

risk assessments, document audit results and take proactive steps to reduce risk of unauthorized exposure of PHI

Conduct an incident specific post-breach risk assessment when a data breach incident occurs. The determination must be made if it is a breach that poses a significant risk of financial, reputation or other harm to the affected individuals

Compliance 2013

Status on Government Audits:

HIPAA/ HITECH audits began 11/11 NY OMIG audits began 10/09 Now include compliance plan

effectiveness audits

Compliance 2013

Do’s and Don’ts Do log off the computer when away Do not leave your paperwork on the copy

machine Do not post pictures on facebook or other

social media sites of yourself with PHI Do not help yourself to PHI with no apparent

reason.

Compliance 2013

Do’s and Don’t

Do not leave PHI unattended Do not discuss patient names and

conditions or details that could identify a patient or occurrence while in public areas or among people who have no need to know.

Do keep cabinets containing PHI locked

Compliance 2013

OMIG Social Service Law 363-d Part of the legislation that established OMIG. Primary objective are to coordinate FWA

activities for all agencies involved with Medicaid. OMIG Final regulations N.Y.C.R.R Part 521 Identifies 8 elements that must be included in the

compliance program

Compliance 2013

OMIG is an independent entity who reports to the Governor. Funded in part by CMS (50%).

NY is committed to make specific fraud and abuse

recoveries and is the most successful state in recoveries.

2008 - $550 million. (target was $215 million) 2009 - $322 million 2010 - $429 million

2011 - $644 million

Compliance 2013

OMIG Financial Sanction: $10,000 for each item of care, service or supply that

is subject to a determination as a basis for a monetary penalty.

If a previous violation in previous 5 years, $30,000 as

applied above. Penalties imposed are in lieu of repaying all or part of

any Medicaid payments.

Compliance 2013

Deficit Reduction Act 6032 Requires employee education about federal and state false claims acts and whistleblower

protections. Mandates compliance programs for providers who

have an annual revenue of $5 million.

Compliance 2013

Whistleblower Protections

Employees are protected by law for reporting incidents to the state and federal government

Employees may be eligible to a percentage of financial penalties imposed if the complaint is valid and the company is fined. Whistleblower complaints could be dismissed if the company self-reports

Compliance 2013

Self Disclosure Protocol – Substantial routine errors, systemic errors and patterns of errors. Advantage: Forgiveness or reduction of interest

payment ( up to 2 years), extended repayment (minimum 15% Mcd Withhold),

possible financial hardship waiver is granted.

Compliance 2013

Advantages Continued:

1. Waiver of penalties or sanctions 2. Timely resolution of overpayment as opposed to

lengthy audit resolution process. 3. Decreased likelihood of Corporate Integrity

agreement (government involvement) 4. May preclude whistleblower actions

Compliance 2013

False Claims Act 31 U.S.C. 3729 ET SEQ

Knowingly presented or caused to be presented a false claim

Sanctions include civil, administrative and criminal penalties

Whistleblower rewards and protections

Compliance 2013

Fraud Enforcement and Recovery Act (FERA)

Primary Goal is to increase government recoveries. (FBI, DOJ)

Extends FCA to private parties if government funds

are involved. Extends prohibited retaliation beyond employees to

agents and contractors.

Compliance 2013

Recap Know who your Compliance Officer is. Know where to find the hotline numbers. Understand the compliance requirements Understand and practice the Code of

Conduct Report issues to management or the

Compliance Officer. Be cognizant of your daily activities. Protect PHI

Compliance 2013