2020 Compliance Program - Medicaid - Passport's mission is to improve the health and - Passport Health Plan
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
2020 Compliance Program Medicaid Passport’s mission is to improve the health and quality of life of our members.
“Passport” is comprised of associates under Medicare Advantage lines of business. The UHC both Passport Health Plan Inc. servicing our Board consists of fifteen (15) members with the Medicaid line of business (Passport Health Plan) Chief Executive Officer as an ex officio board and University Healthcare Inc. servicing our member. The Board bear ultimate fiduciary, Medicare line of business (Passport Advantage). regulatory and contractual responsibility for the Passport Health Plan Inc. was previously UHC operations as set forth in the Articles of identified as University Healthcare Inc. Incorporation and the Bylaws. The executive management team consists of a Chief Executive Healthcare compliance is the continuous Officer, six (6) Vice Presidents, a Chief of Staff process of abiding by federal and state laws, and the Executive Director of the Passport contractual obligations, and ethical standards Health Plan Foundation. applicable to a healthcare organization. To be compliant with these rules and guidelines, UHC has also established an entity known healthcare organizations establish compliance as the Partnership Council, which is a broad programs that set forth processes, policies, coalition of providers and consumers, and procedures to define appropriate conduct, including physicians, nurses, hospitals, health educate staff, and monitor adherence to these departments and ancillary providers. The rules and guidelines. Partnership Council is led by a thirty-two (32) member Board of Directors who help govern This compliance program outlines the the operations of the Medicaid and Medicare manner in which University Health Care, Inc. Advantage lines of business. (UHC) promotes organizational adherence to applicable federal and state law and outlines the practices it uses to protect against fraud, waste, abuse, and other potential liability and II. Compliance Department potential risks. Operating Philosophy I. University Health Care, dba A. Compliance Department Mission and Principles Passport Health Plan Mission Statement: The Compliance UHC is a Kentucky nonprofit corporation. It Department’s mission is to ensure Passport, its is recognized by the Internal Revenue Service Board members, associates and subcontractors as a Section 501(c)(3), tax exempt charitable maintain compliance with the letter and organization. University Health Care, Inc. has spirit of all applicable state and federal laws two lines of business – (1) a Medicaid line of and contractual obligations and carries out business; and (2) a Medicare Advantage line its mission and values with a high degree of business. The Medicaid line of business of honesty and integrity. The Compliance does business under the name Passport Health Department accomplishes its mission by: Plan (Passport). The Medicare Advantage line establishing effective guidelines to maintain of business does business under the name compliance with federal and state laws; Passport Advantage. UHC was formed in 1997 implementing a means of preventing fraud, by five (5) health care organizations known as waste and abuse; performing audits, risk Sponsors. The current Sponsors are University of assessments, conducting investigations; Louisville Physicians, Jewish Heritage Fund for establishing and communicating compliance Excellence, University Medical Center, Norton policies and procedures; educating and training Healthcare and Louisville – Jefferson County Board members, associates and subcontractors; Primary Care Association. and fostering a culture of high ethical and moral UHC has one Board of Directors (Board) and standards as outlined in Passport’s Code of one management team for its Medicaid and Conduct (“Code”). 2
Principles: The Compliance Department values managers and Compliance Department staff provide guidance for responsible decision- collaborate in developing business plans and making by encouraging a culture of integrity strategies, all staff assist Passport in attaining based on ethical leadership and integration the ultimate goal of making the business of ethical considerations into decision-making more competitive without sacrificing integrity processes. or accountability. Below are some ways Passport integrates compliance efforts with the operational aspects of Passport’s business. B. The Compliance Department Values include: • Oversight and monitoring of Subcontractors • Review of the provider recoupment/ Integrity overpayment process • Respect, show courtesy and treat each • Development of strategies to improve other fairly subcontractor encounter submissions • Honest and open communication when • Review policies for the handling of grievances working with each other and appeals • Build trust among each other, and with our • Coordination on the implementation of customers, suppliers and communities prospective and retrospective claim edits • Make principle-based decisions Passport acknowledges the implementation of High Expectations such a program cannot guarantee that improper employee conduct will be entirely eliminated. • Take pride in what we do and how we do it Nonetheless, it is Passport’s expectation that • Continually improve our service associates will comply with the Code; and the • Establish clear expectations of each other policies and procedures established in support • Strive for excellence in all we do of the Code. In the event Passport becomes aware of violations of law or company policy, • Achieve superior results consistently Passport will investigate the matter and, Team Players where appropriate, take disciplinary action or implement corrective measures to prevent • Accountable to each other future violations. • Share information broadly • Encourage diverse viewpoints Passport associates are expected to: • Meet our commitments to each other • Carry out their job duties with integrity, and to others excellence, respect, and honesty • View success as our collective achievement • Learn and understand what laws and regulations apply to their position and to comply with those requirements III. Passport’s Collaborative • Exercise good judgment and do the right thing when performing your job duties Approach to Compliance • Know Passport’s mission and values and At Passport, our goal is to cultivate a dynamic become a partner in fulfilling it environment that will encourage compliant • Report suspected compliance violations, and ethical business conduct by integrating errors or issues compliance considerations into business Passport has fundamental elements of its planning and execution. In this way, we can Compliance Program. Passport has tailored improve compliance efforts by bringing down the Compliance Program to fit the unique the real and perceived walls that separate environment and characteristics for in which Compliance Department staff from their Passport operates (e.g., Passport is a provider- colleagues. We understand that when business 3
sponsored organization, considered to be of behavior in the organization meets Passport’s medium size in terms of associates, structured Code. The CCO, together with the Passport with most associates in operational units, and Compliance Committee, is authorized to heavily dependent on contractual relationships implement all necessary actions to ensure with Subcontractors that assist in providing achievement of the objectives of an effective Medicaid services to beneficiaries in Passport’s compliance program. service area. To increase the effectiveness and integrity of Associates are encouraged to contact the Compliance Program, the CCO shall have their manager, the CCO, a member of the cooperation of and access to all associates the Compliance Team or the Compliance of the organization. The Board and Executive Committee with questions or concerns Management shall provide the CCO with regarding compliance issues. An associate will appropriate resources to effectively manage be assured when contacting any member of the and satisfy the elements of the Program. Also, compliance team that: the CCO shall have the authority to inquire into any matters arising or appearing to arise • They will be treated with dignity and respect. within the scope of the Compliance Program. • Communication will be protected to the The CCO may appoint such staff as necessary greatest extent possible. to assist in the performance of his/ her • Questions or concerns will be seriously responsibilities. addressed and if not resolved at the time, the employee will be kept informed of the answer The CCO is a critical member of the ELT, with or the outcome. duties that are extensive and include: An associate need not identify themselves, • Developing and/or updating policies although it may be helpful for the CCO to and procedures and Code governing the contact the employee with additional questions. compliance program; • Ensuring management of day-to-day operations of the program; IV. Leadership and Structure • Receiving, evaluating and investigating compliance-related complaints, concerns and problems, including those from the A. Chief Compliance Officer compliance hotline; Passport’s Vice President of Compliance • Ensuring proper reporting of violations to and Chief Compliance Officer (“CCO”), is a duly authorized enforcement agencies, as member of the Executive Leadership Team appropriate or required; (“ELT”), reports directly to the Chief Executive • Assuring that compliance training programs Officer (“CEO”), monitors and reports results are appropriate and meet regulatory of the compliance and ethics efforts of requirements; Passport, and provides guidance for the Board • Responding to reports of potential and Executive Leadership Team on matters FWA, including coordination of internal relating to compliance. The CCO oversees the investigations with the Internal Audit Medicaid Compliance Program, functioning Department and development of appropriate as an independent and objective person that corrective or disciplinary actions. reviews and evaluates compliance issues/ and • Developing procedures to promote and concerns within the organization. The position ensure that all Subcontractors are in ensures the Passport Board, management compliance with all applicable laws, rules, and associates, and Subcontractors are in and regulations with respect to Medicare compliance with the rules and regulations of delegated responsibilities; regulatory agencies, that company policies and procedures are being followed, and that 4
• Ensuring the Department of Health and Audits and Assessments Team: The Human Services (“DHHS”) Office of Inspector Compliance Audits and Assessments Team is General (“OIG”) and Government Services established to assist the Passport Advantage Administration exclusion lists have been compliance department in fulfilling its audit checked with respect to all associates, and oversight responsibilities and thereby governing body members and Subcontractors ensure Passport complies with state and federal at least monthly, and coordinating any statutes and regulations, contractual obligations resulting personnel issue with HR, Security, Legal, or other departments, as appropriate; and its internal policies and procedures. • Maintaining documentation for each report Compliance audits are intended to help the of non-compliance or potential FWA received company make course corrections as necessary through any source; in the way we run our day to day business. • Reporting to the CEO on risk areas, strategies The intent is to test business practices and for addressing risks, implementation procedures to make sure we can identify gaps results and all governmental compliance on the processes. We do internal audits to enforcement activity; identify best practices and expose weaknesses • Regularly evaluating the effectiveness and prior to external audits which could lead to strengthening the compliance program; lead to sanctions that might threaten our ability • Serving as a resource to associates and to participate in programs to issues that may Subcontractors; and threaten the financial solvency of the company. Activities involve development of conducting • Ensuring that compliance reports are provided audits, responding to audit and performing regularly to the CEO, Passport Board and Compliance Committee. Reports include risk assessments. Developing risk assessments, the status of the compliance program including prioritization, communication, implementation, identification and resolution auditing and completion in collaboration with of suspected, detected or reported instances Passport departments and associates. of non-compliance, governmental compliance enforcement activity, such as Notices of Non- Program Integrity Team: This team was Compliance to formal enforcement actions, as established to promote ethical business well as oversight and audit activities. conduct and to establish internal controls, policies and procedures for the prevention and detection of fraud, waste, and abuse in the B. Compliance Department Teams Medicaid program. To ensure that we have an effective compliance HIPAA Privacy Team: This team, led by program, we have established four Department Passport’s Privacy Officer was established to teams to represent our primary areas of focus. investigate and document HIPAA disclosures These are the 1) Communications Team, 2) The and related activities. The team consists of Audits and Assessments Team, 3) The Program the Privacy Officer, Director of Compliance, Integrity Unit, and 4) HIPAA Privacy Team. Compliance Manager and Managing Attorney, Communications Team: The purpose of Regulatory Affairs. The team meets monthly to the Compliance Communications team is to review privacy readiness and on an ad hoc basis define the communication requirements of when an investigation is needed. the Department and how this information will be distributed to our Department and the C. Board of Directors (Board) – other business areas in our organization. The team revises the Compliance Communication High Level Oversight plan annually and sets the communications The Board retains accountability for the framework that will serve as a guide for oversight, implementation and effectiveness communications throughout the year and will of the compliance program. Due to the be updated as communications needs change. importance and time necessary for effective 5
oversight, the Board has established an Audit Committee is accountable to, and provides Committee and a Compliance Committee, each regular reports to, the CEO and the Board via of which is chaired by a member of the Board the CCO. and reports at least quarterly to the full Board. The Board makes inquiries into compliance The Compliance Committee composition issues and takes appropriate action to ensure includes Vice Presidents, Directors and resolution. The Board oversees the Compliance Managers who represent senior level associates Program to ensure the use of Quantitative from across the organization with decision- measurement tools, such as performance making authority within their respective areas, indicators and trend reports, to demonstrate as well as operational staff that understands compliance with key Medicaid Parts C and D specific areas of expertise. The Compliance operations. Committee is responsible for oversight of the compliance program and meets on at least a Oversight includes: quarterly basis. • Approving the Code (by full Board); The following are the Committee’s • Understanding the compliance program responsibilities: structure; • Develop strategies to promote compliance • Remaining informed about the and the detection of any potential violations; outcomes, including results of internal • Review and approving compliance and FWA and external audits; training, and ensuring that training and • Remaining informed about governmental education are effective and appropriately compliance enforcement activity, such as completed; Notices of Non- Compliance, warning letters • Assist with the creation and implementation and/or more formal sanctions; of the compliance risk assessment and • Receiving regularly scheduled, periodic monitoring and auditing work plan; updates from the Compliance Officer and • Assist in the creation, implementation and Compliance Committee; and monitoring of corrective action activities; • Reviewing the results of performance and • Review effectiveness of the system of internal effectiveness assessments of the compliance controls related to daily operations; program. • Review and addressing reports of monitoring The CCO provides training and education to and auditing of areas and ensuring that the Board related to structure and operation corrective action plans are implemented and of the compliance program. The Board monitored for effectiveness; and meeting minutes reflect active engagement • Provide regular and ad hoc reports on the in the oversight of the compliance program, status of compliance with recommendations demonstrated by questions, follow-up actions, to the Board. as necessary. E. Compliance Liaison Committee D. Passport Compliance The purpose of Passport’s Compliance Liaison Committee Committee (“Liaison Committee”) is to support Passport’s Compliance Committee the efforts of the Compliance Department (“Compliance Committee”) is established to and the Compliance Committee in creating a ensure Passport complies with applicable state complaint and ethical environment at Passport. and federal laws, contractual obligations, and The Liaison Committee’s responsibility is to Code. In addition, the Compliance Committee develop and initiate programs, ideas, and assists the CCO in the oversight of the Passport feedback about compliance and ethics matters, Compliance Program. The CCO serves as chair train associates on compliance and ethical of the Compliance Committee. The Compliance issues, and assist in identifying compliance and 6
ethics topics that should be communicated to delegation oversight audit, the Subcontractor’s associates, members and providers. This Liaison policies are audited for compliance and the Committee is comprised of associates who Subcontractor’s training attendance records represent the various Passport departments and are verified. who are not members of management. F. Delegation Oversight V. Elements of the Passport Committee Health Plan Compliance Program The Delegation Oversight Committee (DOC) The Compliance Program is designed to foster is accountable to Passport’s Compliance a culture of compliance that begins at the Committee. The DOC is responsible for the executive level and permeates throughout the oversight of Passport’s Subcontractors to which organization. utilization management, case management, We also recognize that our compliance model credentialing, claims operations, pharmacy, must evolve so that we can support the and other administrative functions have been objectives of our operational areas. To do so delegated. In particular, the DOC reviews the we are focusing our compliance efforts on the delegated entities’ quality improvement and following: utilization management program descriptions, annual work plans, policies, and performance • Utilizing data analytics and metrics to direct reports, Oversight is accomplished through compliance activities assessment of Subcontractors and by the use of • Implementing compliance systems and the DOC to review their activities. software Passport has entered into contracts and • Focusing on the high risk activities of our delegated certain administrative services, as vendors and ensuring vendors act in an ethical listed below. Passport maintains accountability manner for adherence to DMS contractual requirements and subcontractor oversight. In addition, this Compliance Program is Passport has developed and implemented based on the seven (7) widely recognized policies, procedures and processes related and fundamental elements of an effective to Subcontractor oversight to ensure that compliance program listed below: such entities are in compliance with all Seven Elements of an Effective Compliance applicable laws, rules and regulations with Program: respect to Medicaid and Passport policies. A structured oversight system is in place to 1. Written policies and procedures and monitor Subcontractors’ compliance with the standards of conduct requirements. 2. Designating a Compliance Officer Passport ensures that general compliance 3. Education and Training information is communicated to its 4. Internal Lines of Communication Subcontractors and that training occurs within (ninety) 90 days of hire and on an annual basis. 5. System for Routine Identification of Passport conducts training on fraud, waste and Compliance Risks abuse, Medicaid laws, regulations, bulletins, 6. Procedure and System for Prompt and policies. Passport also provides updates Responding to Compliance Issues to Subcontractors when there are changes 7. Corrective Action Procedures to relevant laws. The training occurs during scheduled conference calls or meetings, The following is a description of how Passport pre-delegation oversight audits, and annual incorporates the seven (7) elements into its delegation oversight auditing. During the Compliance Program. 7
1. Written Policies and and associates may receive disciplinary action, up to and including termination, for failure Procedures and Standards to acknowledge receipt and training on of Conduct compliance policies. Passport has comprehensive and well publicized Passport requires all Subcontractors to have written policies, procedures and standards of comprehensive compliance policies and conduct, that clearly articulate the objectives, procedures and standards of conduct that expectations and operations of the compliance are consistent with internal requirements. program, including, but not limited to: Passport includes contractual language in agreements with Subcontractors that requires 1. Clear commitment to comply with all adherence to compliance requirements. applicable federal and state statutes, Additionally, documents are reviewed as part regulations and standards, throughout the of subcontractor oversight activities, including organization, including the Board and First monitoring for compliance based on any risk Tier Downstream and Related Entities; assessment. 2. A Code that describes compliance expectations; Compliance policies are reviewed and updated at least annually, and upon changes to federal 3. A conflict of interest policy that requires those and state requirements. with a conflict, (or who think they may have a conflict), to disclose the conflict/potential Passport believes that two policies should be conflict, and that prohibits interested the foundation of the standards of conduct for associates from making decisions, and Board associates and Board members – (1) The Code; members from voting, on any matter in which and (2) Conflict of Interest policies. The Code there is a conflict; and Conflict of Interest policies set a minimum 4. Policies that describe the operations of the standard of conduct for associates and Board compliance program; members and are Passport’s most fundamental statement of governing principles. 5. Guidance to passport staff, also referred to as associates, and others, on how to deal with a. Code of Conduct suspected, detected or reported compliance issues; Passport’s Code is Passport’s statement of ethical and compliance principles that guide 6. Options available to communicate passport’s daily operations. The Code provides compliance issues to appropriate personnel; evidence of Passport’s commitment to the 7. Processes to investigate and resolve reported lawful and ethical conduct of its business, to compliance issues; promote lawful and ethical behavior by its 8. A policy of non-intimidation and non- associates, and to protect those who report retaliation for good faith participation in the violations of the Code consistent with Passport’s compliance program, including reporting Non-Retaliation Policy. The Code, approved by and/or investigating issues, conducting self- the Board of Directors, establishes that Passport evaluations, audits and remedial actions and expects associates, Subcontractors and agents reporting to appropriate officials; and of Passport to act in accordance with law and applicable Passport policies that issues of non- 9. Formalized training requirements related to compliance and potential FWA are reported FWA. through appropriate mechanisms, and that Due to the importance of compliance policies reported issues will be addressed and procedures, and standards of conduct, all and corrected. new associates receive copies within ninety (90) The Code is Passport’s most fundamental days of hire, with any updates, and annually statement of governing principles, values thereafter. Distribution to associates is tracked and framework for action within Passport’s 8
organization. The Code clearly articulates Policy requires associates to report suspected Passport’s expectations that all associates, or actual occurrences of illegal, unethical or Subcontractors and agents of Passport, and inappropriate activities including possible Board members carry out their responsibilities violations of state or federal law. In addition, ethically and in a manner which avoids even the Passport does not tolerate any action by appearance of improper behavior. The Code an associate that intimidates, threatens, is written in a format that is easy to read and discriminates against or takes any other comprehend. retaliatory action against any other Passport associate or other individual who makes a good b. Conflict of Interest faith report of suspected or actual occurrence(s) The Conflict of Interest Policy is not designed of illegal, unethical or inappropriate activities.9 to prohibit conflicts of interest, but to protect Passport’s interest when it is contemplating 2. Designating a Compliance entering into a transaction or arrangement that might benefit the private interests of Officer an associate or Board member. A conflict of Passport has designated a CCO who is directly interest occurs when a Passport associate employed, a member of the ELT, and who or Board member allows personal gain to reports directly to the CEO. The CEO and the interfere or influence the performance of his/her ELT ensure that the CCO is given the credibility, responsibilities. Associates and Board members authority and resources necessary to operate are encouraged to avoid situations, which may an effective compliance program. The CCO be called into question, trained to disclose any is responsible for the Medicaid Compliance potential conflict of interest, and educated to Program implementation and management of contact the CCO whenever there is doubt about Passport’s day-to-day compliance operations, any activity or relationship. which is critical to ensuring that the Medicaid Situations which could be perceived as a Compliance Program remains visible, active and conflict of interest include: accountable. The CCO defines the compliance program structure, educational requirements, • Receiving gifts, payments or services from reporting and complaint mechanisms, response suppliers or vendors seeking to do business and correction procedures, and compliance with Passport. expectations for all staff and Subcontractors. • An employee or employee’s immediate family having significant financial interest in a The CCO periodically reports directly to supplier or vendor that conducts business with the Board on the activities and status of Passport. the compliance program, including issues identified, investigated and resolved. The • Disclosing Passport’s confidential business CCO has the authority to provide unfiltered, information, such as financial data, fee in-person reports to the Board at any time, schedule and pricing practices. as well as implement needed compliance To facilitate assessment of any potential or actions and activities. The CCO provides actual conflicts of interest, Passport requires reports and training to the Board, so that they annual conflict of interest disclosures and are knowledgeable about the content and encourages associates and Board members to operation of the compliance program and can disclose any potential or perceived conflict of exercise reasonable oversight with respect to interest when they occur. the implementation and effectiveness of the compliance program. c. Non-Retaliation Policy The CCO or his/her designee, has the Passport is committed to high standards of authority to interview staff and other relevant ethical and legal business conduct. In line individuals regarding any potential compliance with this commitment, The Non- Retaliation issues, review contracts and other pertinent 9
documents, review submission of data to DMS and live courses available for use by associates to ensure accuracy and in compliance with on topics covered by Passport’s Compliance requirements, independently seek legal counsel Program. Associates are kept up-to-date on advise, report potential FWDMS, its designee the availability of training materials and any or law enforcement, conduct and/ or direct significant changes to Passport’s Company audits and investigations of any Subcontractors, intranet and email system. Passport regularly conduct and/or direct audits of any area or reviews and updates its training programs, function involved with Medicaid Parts C and D and identifies additional areas of training on a and recommend policy, procedure and continuing basis. process change. a. General Compliance Training 3. Education and Training Passport has established and implemented effective training and education, which is A critical element of Passport’s Compliance required minimally annually, and is also Program is the education and training of integrated into the orientation for all new Passport’s ELT, associates, the Board, and associates, including consultants, members Subcontractors on their legal and ethical and Subcontractors within (ninety) 90 days. obligations under applicable state and federal Specialized training or refresher training may laws, contractual requirements, and Passport also be provided based on an individual’s job policies. In order to achieve and ensure function. compliance with applicable laws and Medicaid guidance, Passport is committed to training Passport regularly conducts in-person training and education, including the ELT, associates, presentations and seminars relating to the the Board, and Subcontractors, on their legal compliance program requirements. Additionally, and ethical requirements under applicable state several e-learning courses are available for and federal laws, contractual requirements, and associate use. Compliance training is a Passport internal policies. Training focuses on general requirement, and so attestation is required compliance and fraud, waste and abuse. indicating that the Code and policies and procedures have been received and read. Proof Passport ensures that general compliance of training includes sign-in sheets, attestations information is communicated to its and electronic certifications following Subcontractors and that training occurs within completion. Training records are maintained for (ninety) 90 days of hire and on an annual ten (10) years. basis. Passport may provide training on fraud, waste and abuse, Medicare laws, regulations, General compliance training includes, but is bulletins, and policies. Passport also provides not limited to: updates to Subcontractors when there are • Description of the compliance program, changes to relevant laws. During the annual including a review of policies and procedures, delegation oversight audit, the Subcontractor’s the Code and Passport’s commitment to policies are reviewed for compliance and the business ethics and compliance with all Subcontractor’s training attendance records are Medicaid program requirements; verified. • How to learn more about compliance and Passport is committed to taking all necessary how to ask questions, request clarification or steps to effectively communicate Passport’s report suspected or detected non-adherence, policies and procedures to all affected including potential FWA. Training emphasizes associates, Subcontractors, vendors, and confidentiality, anonymity and non-retaliation; Board members. Passport regularly conducts • A review of disciplinary guidelines for non- in-person training presentations and seminars compliance or fraudulent behavior or failure to relating to Passport policies and procedures. report, including retraining, disciplinary action Passport also has several e-learning, video up to possible termination; 10
• Mandatory attendance and participation in subcontractors maintain records of attendance, compliance and FWA training as a condition topic and certificates of completion, as of employment and integrated within applicable for ten (10) years. associate evaluations; • Review of policies related to government 4. Internal Lines of contracts, such as gifts and gratuities; Communication • Review of potential conflicts and Passport’s process for disclosure; Passport provides effective and open lines of • An overview of HIPAA/HITECH, DMS Data communication for the reporting of suspected Use Agreement (if applicable), and the improper activity. Passport maintains and requirement of maintaining confidentiality of communicates the availability of an anonymous personal health information; hotline for employees, members and others in the public to report issues. • Overview of the monitoring and auditing process; and Passport uses an external organization for • Review of the laws that govern associate Compliance Hotline reporting to help increase conduct in the Medicaid program. responsiveness and to help associates, members and others in the public feel b. Fraud, Waste and Abuse (FWA) Training comfortable that anything reported will be completely confidential and anonymous. All associates, Board members and Passport believes this added layer of protection subcontractor associates involved in the will encourage associates to report any administration of Medicaid benefits receive concerns without fear of retaliation. FWA training within ninety (90) days of employment, Board service or contracting, as Passport is committed to fostering dialogue applicable, and minimally annually thereafter. between management and associates. Passport’s goal is that all associates, when FWA training includes, but is not limited to: seeking answers to questions or reporting • Laws and regulations related to Medicare potential instances of fraud and abuse should Advantage and Part D FWA (e.g., False Claims know who to turn to for a meaningful response Act, Anti-Kickback statute, HIPAA/HITECH, and should be able to do so without fear of etc.); retaliation. To that end, Passport has adopted open-door policies, as well as confidentiality • Obligations of subcontractor to have and non-retaliation policies. In order to further appropriate policies and procedures to encourage open lines of communication address FWA; regarding potential violations, Passport has • Processes for reporting suspected FWA; established a toll-free Hotline. • Protections for Passport associates who report Passport encourages the use of emails, suspected FWA; and newsletters, suggestion boxes, and other forms • Types of FWA that can occur in associate work of information exchange to maintain open lines settings of communication. In addition, Passport has designed an effective employee exit interview Additional or refresher training may be provided program to solicit information from departing more frequently based on an individual’s job employees regarding potential misconduct and function, when requirements change, when suspicious violations of company policy and associates are found to be non-compliant, as procedure. corrective action to address a non-compliance issue, or when an associate works in an area a. Reporting Mechanisms implicated in past FWA. All associates and BOD members must acknowledge in writing that Associates, Board and associates of they have received FWA training. Passport and Subcontractors are expected to promptly report 11
any such activity of which they become aware by retaliation includes, but is not limited to, notifying their supervisor, notifying the CCO or terminating, suspending, demoting, failing to other member of the Compliance Department consider for promotion, harassing, or reducing with whom they feel comfortable, or via the the compensation of any associate due to the Compliance Hotline. associate’s intended or actual filing of a report. Associates are instructed to immediately report Associates are made aware of reporting any retaliation to the CCO. Passport also methods, and non-intimidation/non-retaliation utilizes associate exit interviews, conducted by policies, through compliance training and Human Resources, as an opportunity to identify the use of other compliance awareness potential compliance of FWA issues and any measures, such as compliance week, posters, perception of retaliation. emails, intranet, etc. Passport uses a vendor, available 24 hours a day, for the Compliance c. Member Communications and Education Hotline (1-855-512-8500) reporting to increase responsiveness and to help associates feel Members are also educated about the comfortable that anything reported will be identification and reporting of potential FWA completely confidential and anonymous. via newsletters, on-hold messaging, website, The Hotline phone number and information and new member materials. regarding its use are predominantly displayed on the Passport intranet site and posted 5. System for Routine throughout the facility. Passport believes this added layer of protection will encourage Identification of Compliance Risks associates to report any concerns without the Passport’s Compliance Program includes efforts fear of retaliation. In order to further encourage to evaluate compliance with Passport’s policies open lines of communication, Passport has also and procedures, including efforts to audit the established an email at passporthealthplan@ activities of Subcontractors and vendors. The getintouch.com for reporting potential nature of Passport’s reviews as well as the extent violations. and frequency of Passport’s compliance and The CCO is responsible for reviewing all auditing varies according to a variety of factors, compliance hotline reports, assessing whether including new regulatory requirements, changes they warrant further investigation and ensuring in business practices and other considerations. that any compliance problem is identified and Passport will continue to identify new and corrected. emerging risk areas and address these risks. b. Non-Retaliation a. Routine Oversight and Auditing The CCO follows-up with associates who file Passport’s Medicaid Compliance Program complaints regarding the timeliness of the is designed for the early identification of response and to ensure that confidentiality compliance issues. This includes routine and non-retaliation policies apply. The CCO oversight, risk assessments that identify will provide status reports to the associate compliance risks and audits. In addition, throughout the investigation, as appropriate. Passport conducts annual reviews of Passport requires Subcontractors to notify their Subcontractors to evaluate compliance with associates that they can report compliance or DMS requirements and Compliance Program FWA issues through the hotline. effectiveness. Passport undertakes monitoring and auditing to assure compliance with Associates are protected from retaliation Medicaid regulations, sub-regulatory guidance, for good faith participation in Passport’s contractual agreements, federal and state laws, Medicaid Compliance Program. No associate internal policies and procedures to protect who files a report of suspected FWA or other against Medicaid Compliance Program non- improper activity in good faith will be subject to compliance and potential FWA. retaliation by Passport in any form. Prohibited 12
The Delegation Oversight Committee is The Internal Audit Group (“IAG”) is accountable to the Passport Compliance responsible for: Committee. The Passport Compliance Department is responsible for the oversight • Championing the establishment of the ERM of Passport’s Subcontractors to which certain Program administrative functions have been delegated. • Maintaining the ERM framework Oversight is accomplished through assessment documentation of Subcontractors and by use of the Committee • Facilitating structured risk assessments with to review their activities. each Passport business area to synchronize b. Enterprise Risk Management risk tolerance and identify the most significant risks to achieving the corporate strategy, goals The establishment of an effective risk and objectives; management program is a key responsibility • Assisting with the translation of risk of management and the Board, who are assessments into risk responses; and responsible for adopting a coordinated approach to the identification of organizational • Evaluating the reporting and monitoring of risks, creating controls to mitigate those key risks risks, and monitoring and reviewing the Passport Business Units are responsible for: identified risks and controls. They should ensure that risk management is integrated • Aligning their risk priorities, tolerances and into the organization, both at the strategic and strategies with Passport’s overall strategy and operational levels. Passport uses Enterprise Risk risk appetite; Management (“ERM”) as the framework and • Identifying, analyzing and managing key risks; method for managing risks. • Participating in the structured risk assessments Passport’s Risk Management Leader is with the IAG; and responsible for: • Assisting with the development of risk • Establishing and communicating Passport’s responses to key risks ERM vision; A comprehensive risk assessment of all • Working with an empowered group of applicable Medicaid operational areas, executives and senior leaders to define including First Tier entities, is undertaken the appropriate role of risk management in annually by the Internal Audit Group in the organization; collaboration with Compliance, IT and • Developing and communicating risk associates from across the organization. This management policies; effort has the support of the ELT and the Compliance Committee. Potential risks are • Working with executives to ensure the identified, ranked and prioritized considering corporate control environment continues to (1) the following: departmental size, complexity, monitor risk across the enterprise, (2) manage past issues, budget, and areas identified via organizational cultural issues DMS audits and oversight. • effectively, and (3) oversee and enforce risk management policies; c. Auditing Work Plan • Ensuring appropriate risk reporting to the Each year an Annual Internal Audit is created Audit Committee of the Board and Passport to identify planned audit activities to be leaders; and conducted by the Internal Audit Group throughout the calendar year. The audit plan • Providing assurance regarding the is developed based on risk assessment results, overall effectiveness and efficiency of the regulatory requirements, business leader ERM program assessments, and previous audit result. The 13
Annual Internal Audit Plan is approved by the Passport audits the effectiveness of the Audit Committee of the Board. compliance program at least annually and utilizes other internal staff, or outside d. Audit Schedule and Methodology auditors, to conduct activities. Effectiveness of Standard audit reports are prepared that Compliance Department audits is shared with include objectives, scope and methodology, the Audit Committee of the Board. and findings and recommendations. f. Oversight and Auditing Subcontractors Types of audits will consider: Passport audits Subcontractors to ensure that • Which risk areas will most likely affect they are in compliance with all applicable laws Passport; and regulations and that they are monitoring compliance of their downstream entities. • The efficiency and effectiveness of business Oversight and auditing of Subcontractors is processes; integrated within the annual risk assessment • Use of special targeted techniques based on and work plan development. Passport requests aberrant behavior; copies of the Subcontractors’ audit work plans • Assessments of compliance with internal and audit results, as well as reviews reports, processes and procedures; such as payment, utilization (pharmacy and medical), network adequacy, etc. Subcontractors • The performance of the compliance program, are placed on a corrective action plan (“CAP”) including a review of training, reporting for results that are suboptimal or do not achieve mechanisms, investigation files, OIG/ DMS results. GSA exclusion list screenings, evidence of associate receipt of the Code and Conflict of g. Tracking and Documenting Interest disclosures/attestations; and Program Effectiveness • Necessary follow-up reviews for areas The work plan is overseen and executed by previously found non-compliant to determine the CCO, Director of Compliance and the if the implemented corrective actions have Compliance Committee. The CCO provides fully addressed the underlying problem. updates to the ELT, CEO and the Board no e. Audit of the Operations and less than quarterly. Due to the importance of Compliance Program internal auditing, the Board has established an Audit Committee that reviews the monitoring The CCO and the Compliance Committee and auditing activities (both internal and implement and audit functions appropriate external) and results, and provides direction and to Passport’s size, scope and structure. The subsequent resources, as appropriate. The CCO Internal Audit Group is primarily responsible reports findings to DMS, if necessary. for monitoring and auditing the operational areas to ensure compliance with Medicaid In addition to formal audits, Passport regularly requirements. Internal Audit staff collaborates tracks and documents compliance using and coordinates their auditing efforts with the dashboards, scorecards and self-assessment Compliance Department and other Passport tools that demonstrate the extent to which business units to ensure the effectiveness of operational areas and Subcontractors are Passport internal auditing activities. Auditors achieving compliance goals. Results are are knowledgeable about DMS operational reviewed by the ELT to assess compliance and requirements for the areas under review and identify improvement opportunities. have access to relevant operational personnel, h. OIG/GSA Exclusion including at the Subcontractor level. Auditors are independent and have a direct reporting Passport prohibits hiring or entering into relationship with the Audit Committee of the contracts with individuals and/or entities Board. that are excluded or otherwise ineligible for 14
participation in federal health programs. The Program Integrity Program is designed to Passport utilizes the a software vendor to accomplish the following: manage OIG List of Excluded Individuals and Entities (“LEIE list”) and the GSA Excluded • Reducing or eliminating Medicaid costs due parties Lists System (“EPLS”) prior to the hiring to FWA; or contracting of any new associate, temporary • Reducing or eliminating fraudulent or abusive associate, consultant, Board member, or claims paid for with federal funds; subcontractor, and monthly thereafter, to • Preventing illegal activities; ensure that none of these persons or entities are excluded or become excluded from • Identifying enrollees with over-utilization participation in federal programs. Passport issues; will not pay for services or prescription drugs • Identifying and recommending providers for prescribed or provided by a provider excluded identification to law enforcement; by either the OIG or GSA. • Referring suspected, detected or reported i. Use of Data Analysis for FWA Prevention cases of illegal drug activity including drug and Detection diversion to law enforcement; • Conducting case development and support Passport has established monitoring and activities for law enforcement investigations; analytics to prevent and detect potential and FWA. Analytics are used to identify unusual patterns, changes in trend, potential errors • Assisting law enforcement and state agencies or over-utilization suggesting potential such as the U.S. Attorney’s Office and the OIG errors and/or FWA. Metrics from internal by providing information needed to develop and all Subcontractors are tracked monthly successful prosecutions and reviewed by the ELT and the Finance k. Auditing by DMS or Designee Committee. Findings are used to determine actions and/or change in policy. All Passport’s associates, Board, contractors, and Subcontractors are expected to fully j. Program Integrity Unit cooperate in all government audits and Passport has contracted with a investigations. Subcontractor contracts include SUBCONTRACTOR to provide its Program language that requires participation in all Integrity Unit (PIU). The PIU has policies and OIG, DMS, or their designee, requests for procedures that address FWA activities, information and audits. including delegated services to Subcontractors. The PIU works collaboratively with medical 6. Procedure and System management, claims and provider claims services to assess over- and under-utilization of for Prompt Responding to services. The PIU conducts internal monitoring Compliance Issues and auditing of members and contracted providers, with activities integrated into the a. Conducting Timely and Reasonable Inquiry annual work plan. The PIU works in conjunction of Detected Offenses with a subcontractor to review claims and Passport has established and implemented conduct data mining, analysis and investigations procedures to promptly respond to compliance that aid in the prevention and detection of issues, including FWA, as they are raised. medical fraud. Passport investigates potential non-compliance Potential FWA can be reported anonymously as identified via self-evaluations, audits, hotline and via multiple channels, including the calls, member complaints, etc. Program non- Compliance Hotline. compliance detection may be at the plan or subcontractor level. Investigations occur within two (2) weeks after the date of a potential 15
non-compliance or potential FWA incident that DMS has identified as potentially abusive is identified. A preliminary investigation is or fraudulent. conducted by the CCO, or a member of the compliance team, including the PIU. Additionally, Passport reports significant 7. Corrective Action Procedures Medicaid program non-compliance to the DMS A compliance program increases the likelihood Regional Office, as soon as possible after its of preventing, or at least detecting, unlawful discovery. and unethical behavior. However, Passport b. Corrective Actions recognizes that even an effective compliance program may not prevent all violations. As Problems are corrected timely and thoroughly such, Passport’s Compliance Program requires to reduce the potential for reoccurrence and Passport to respond promptly to potential ensuring ongoing compliance with DMS violations of law or company policy, take requirements. Corrective actions are designed appropriate disciplinary action in a consistent to correct underlying problems that resulted manner, assess whether the violation is in part in the problem violation and to prevent future due to gaps in Passport’s policies, practices, non-compliance. or internal controls, and take action to prevent future violations. Passport conducts root cause analysis related to FWA, compliance problems or deficiencies a. Well-Publicized Disciplinary Standards to understand the occurrence and to better address appropriate corrective actions and the Passport has well publicized disciplinary timeframes for resolution. Passport requires standards that encourage good faith corrective action plans from Subcontractors to participation in the compliance program by assure correction of any identified deficiencies all affected individuals. Policies articulate and follows up to assess whether the actions expectations for reporting compliance issues undertaken were effective. Corrective action and assisting in their resolution, identifying non- plans are documented in writing and include compliance or unethical behavior, and provide ramifications for failure to implement the for timely, consistent and effective enforcement corrective action satisfactorily, including when non-compliance or unethical behavior is employment or contract termination, if determined. warranted. Associates who engage in FWA or other d. Identifying Providers with a History of misconduct are subject to disciplinary action. Complaints Passport associates and Subcontractors are made aware of disciplinary actions through Passport maintains files for a period of ten (10) new associate training, ongoing training, and years on any provider that has been subject the associate handbook. Providers are made to a complaint, investigation, violation, and/or aware of their FWA responsibilities via the prosecution related to FWA, including enrollee provider manual and provider training. Any complaints, OIG and/ or Department of Justice disciplinary action will be coordinated by the investigations, US Attorney prosecution, and Director of Human Resources in consultation any other civil, criminal, or administrative with the CCO. Depending on the severity of action for violations of federal or state health the offense, discipline may include counseling, care program requirements. Files contain oral or written warnings, modification of duties, documented warnings and educational suspension or termination. Passport maintains contacts, results of previous investigations and records of all compliance violation disciplinary copies of complaints resulting in investigation. actions for ten (10) years, and periodically Passport promptly complies with all law reviews these records to ensure that disciplinary enforcement, DMS and DMS’ designees actions are appropriate to the seriousness of the regarding monitoring of contracted providers violation, fairly and consistently administered, and imposed within a reasonable timeframe. 16
VI. Compliance Plans Program Integrity Plan Passport uses compliance plans to implement Passport is committed to maintaining program its Compliance Program. integrity through the promotion of ethical business conduct and the prevention and By implementing and adhering to the requisite detection of fraud, waste, and abuse. Passport compliance plan, Passport will increase the Advantage’s program integrity activities are likelihood of meeting its legal obligations delegated to its subcontractor Evolent Health and send a clear message to staff, regulators, LLC (Evolent) and are conducted in accordance and the public that Passport is committed with the requirements of applicable state and to conducting itself in an ethical manner, federal law, including but not limited to 42 CFR promoting good employee conduct, and § 438.600 to 438.610 and the requirements providing quality service. set out in Subtitle F, Section 6501 through 6507, of the Patient Protection and Affordable Passport has the following four compliance Care Act (PPACA) of 2010. Passport complies plans – (1) Audits and Assessments; (2) Program fully with the program integrity requirements Integrity; (3) Training; and (4) Communications. and standards set forth in 42 CFR 438.608, Below is a summary of each of these plans. the contractual requirements of its contract Audits and Assessments with DMS, and all other state and federal requirements. Passport has developed this Audits, risk assessments, and surveys conducted Program Integrity Plan for the purpose of by Compliance Department Staff and the Audits establishing internal controls, policies and & Assessment Team are intended to help the procedures to ensure the prevention, detection company make course corrections in the way and deterrence of Fraud, Waste and Abuse we run our day-to-day business as necessary in accordance with those state and federal The intent is to test business practices and requirements. procedures to promote the identification of gaps in our processes. We do internal audits to Training Plan identify best practices and expose weaknesses A critical element of the Compliance Program prior to external audits, which could lead to is the education and training of UHC’s Board sanctions that might threaten our financial of Directors Members (Board Members), UHC’s solvency and the ability to participate in associates, volunteers, temporary employees, programs. Activities involve development of interns, fellows, subcontractors and certain conducting audits, responding to audits and consultants and vendors (Trainees) on their legal performing risk assessments in collaboration and ethical obligations under applicable state with departments and associates. Our Audits & and federal laws, contractual requirements, Assessments has identified three (3) focus areas and UHC policies. UHC is committed to to guide quarterly audit and monitoring: providing the tools and resources and to take • Policies all necessary steps to effectively communicate UHC’s policies and procedures to all affected • Health Insurance Portability and Board Members and Trainees. UHC regularly Accountability (HIPAA) conducts in-person training presentations • Passport Communications and webinars relating to UHC policies and The Compliance Department also coordinates procedures. UHC also has several e-learning audits from external sources such as regulatory courses available for use by Trainees on topics agencies (e.g. DMS, DOI, APA, and IPRO. covered by UHC’s Compliance Program. Board These audits can be statutorily imposed or Members and Trainees are kept up to date ad hoc in nature due to business practices on the availability of training materials and identified by the various auditors. any significant changes to UHC policies and procedures through UHC’s Company intranet and e-mail system. UHC regularly reviews and 17
You can also read