2020 Compliance Program - Medicaid - Passport's mission is to improve the health and - Passport Health Plan

2020 Compliance Program

Passport’s mission is to improve the health and
        quality of life of our members.
“Passport” is comprised of associates under        Medicare Advantage lines of business. The UHC
    both Passport Health Plan Inc. servicing our       Board consists of fifteen (15) members with the
    Medicaid line of business (Passport Health Plan)   Chief Executive Officer as an ex officio board
    and University Healthcare Inc. servicing our       member. The Board bear ultimate fiduciary,
    Medicare line of business (Passport Advantage).    regulatory and contractual responsibility for the
    Passport Health Plan Inc. was previously           UHC operations as set forth in the Articles of
    identified as University Healthcare Inc.           Incorporation and the Bylaws. The executive
                                                       management team consists of a Chief Executive
    Healthcare compliance is the continuous            Officer, six (6) Vice Presidents, a Chief of Staff
    process of abiding by federal and state laws,      and the Executive Director of the Passport
    contractual obligations, and ethical standards     Health Plan Foundation.
    applicable to a healthcare organization. To
    be compliant with these rules and guidelines,      UHC has also established an entity known
    healthcare organizations establish compliance      as the Partnership Council, which is a broad
    programs that set forth processes, policies,       coalition of providers and consumers,
    and procedures to define appropriate conduct,      including physicians, nurses, hospitals, health
    educate staff, and monitor adherence to these      departments and ancillary providers. The
    rules and guidelines.                              Partnership Council is led by a thirty-two (32)
                                                       member Board of Directors who help govern
    This compliance program outlines the               the operations of the Medicaid and Medicare
    manner in which University Health Care, Inc.       Advantage lines of business.
    (UHC) promotes organizational adherence to
    applicable federal and state law and outlines
    the practices it uses to protect against fraud,
    waste, abuse, and other potential liability and    II. Compliance Department
    potential risks.                                   Operating Philosophy

    I. University Health Care, dba                     A. Compliance Department
                                                       Mission and Principles
    Passport Health Plan
                                                       Mission Statement: The Compliance
    UHC is a Kentucky nonprofit corporation. It        Department’s mission is to ensure Passport, its
    is recognized by the Internal Revenue Service      Board members, associates and subcontractors
    as a Section 501(c)(3), tax exempt charitable      maintain compliance with the letter and
    organization. University Health Care, Inc. has     spirit of all applicable state and federal laws
    two lines of business – (1) a Medicaid line of     and contractual obligations and carries out
    business; and (2) a Medicare Advantage line        its mission and values with a high degree
    of business. The Medicaid line of business         of honesty and integrity. The Compliance
    does business under the name Passport Health       Department accomplishes its mission by:
    Plan (Passport). The Medicare Advantage line       establishing effective guidelines to maintain
    of business does business under the name           compliance with federal and state laws;
    Passport Advantage. UHC was formed in 1997         implementing a means of preventing fraud,
    by five (5) health care organizations known as     waste and abuse; performing audits, risk
    Sponsors. The current Sponsors are University of   assessments, conducting investigations;
    Louisville Physicians, Jewish Heritage Fund for    establishing and communicating compliance
    Excellence, University Medical Center, Norton      policies and procedures; educating and training
    Healthcare and Louisville – Jefferson County       Board members, associates and subcontractors;
    Primary Care Association.                          and fostering a culture of high ethical and moral
    UHC has one Board of Directors (Board) and         standards as outlined in Passport’s Code of
    one management team for its Medicaid and           Conduct (“Code”).

Principles: The Compliance Department values      managers and Compliance Department staff
provide guidance for responsible decision-        collaborate in developing business plans and
making by encouraging a culture of integrity      strategies, all staff assist Passport in attaining
based on ethical leadership and integration       the ultimate goal of making the business
of ethical considerations into decision-making    more competitive without sacrificing integrity
processes.                                        or accountability. Below are some ways
                                                  Passport integrates compliance efforts with the
                                                  operational aspects of Passport’s business.
B. The Compliance Department
Values include:                                   •	Oversight and monitoring of Subcontractors
                                                  •	Review of the provider recoupment/
Integrity                                           overpayment process
• Respect, show courtesy and treat each          •	Development of strategies to improve
   other fairly                                     subcontractor encounter submissions
• Honest and open communication when             •	Review policies for the handling of grievances
   working with each other                          and appeals
• Build trust among each other, and with our     •	Coordination on the implementation of
   customers, suppliers and communities             prospective and retrospective claim edits
• Make principle-based decisions                 Passport acknowledges the implementation of
High Expectations                                 such a program cannot guarantee that improper
                                                  employee conduct will be entirely eliminated.
• Take pride in what we do and how we do it       Nonetheless, it is Passport’s expectation that
• Continually improve our service                 associates will comply with the Code; and the
• Establish clear expectations of each other      policies and procedures established in support
• Strive for excellence in all we do              of the Code. In the event Passport becomes
                                                  aware of violations of law or company policy,
• Achieve superior results consistently           Passport will investigate the matter and,
Team Players                                      where appropriate, take disciplinary action
                                                  or implement corrective measures to prevent
• Accountable to each other
                                                  future violations.
• Share information broadly
•	Encourage diverse viewpoints                   Passport associates are expected to:
•	Meet our commitments to each other             •	Carry out their job duties with integrity,
  and to others                                     excellence, respect, and honesty
•	View success as our collective achievement     •	Learn and understand what laws and
                                                    regulations apply to their position and to
                                                    comply with those requirements
III. Passport’s Collaborative                     •	Exercise good judgment and do the right
                                                    thing when performing your job duties
Approach to Compliance                            •	Know Passport’s mission and values and
At Passport, our goal is to cultivate a dynamic     become a partner in fulfilling it
environment that will encourage compliant         •	Report suspected compliance violations,
and ethical business conduct by integrating         errors or issues
compliance considerations into business
                                                  Passport has fundamental elements of its
planning and execution. In this way, we can
                                                  Compliance Program. Passport has tailored
improve compliance efforts by bringing down
                                                  the Compliance Program to fit the unique
the real and perceived walls that separate
                                                  environment and characteristics for in which
Compliance Department staff from their
                                                  Passport operates (e.g., Passport is a provider-
colleagues. We understand that when business

sponsored organization, considered to be of         behavior in the organization meets Passport’s
    medium size in terms of associates, structured      Code. The CCO, together with the Passport
    with most associates in operational units, and      Compliance Committee, is authorized to
    heavily dependent on contractual relationships      implement all necessary actions to ensure
    with Subcontractors that assist in providing        achievement of the objectives of an effective
    Medicaid services to beneficiaries in Passport’s    compliance program.
    service area.
                                                        To increase the effectiveness and integrity of
    Associates are encouraged to contact                the Compliance Program, the CCO shall have
    their manager, the CCO, a member of                 the cooperation of and access to all associates
    the Compliance Team or the Compliance               of the organization. The Board and Executive
    Committee with questions or concerns                Management shall provide the CCO with
    regarding compliance issues. An associate will      appropriate resources to effectively manage
    be assured when contacting any member of the        and satisfy the elements of the Program. Also,
    compliance team that:                               the CCO shall have the authority to inquire
                                                        into any matters arising or appearing to arise
    •	They will be treated with dignity and respect.
                                                        within the scope of the Compliance Program.
    •	Communication will be protected to the           The CCO may appoint such staff as necessary
      greatest extent possible.                         to assist in the performance of his/ her
    •	Questions or concerns will be seriously          responsibilities.
      addressed and if not resolved at the time, the
      employee will be kept informed of the answer      The CCO is a critical member of the ELT, with
      or the outcome.                                   duties that are extensive and include:
    An associate need not identify themselves,          • Developing and/or updating policies
    although it may be helpful for the CCO to              and procedures and Code governing the
    contact the employee with additional questions.        compliance program;
                                                        • Ensuring management of day-to-day
                                                           operations of the program;
    IV. Leadership and Structure                        • Receiving, evaluating and investigating
                                                           compliance-related complaints, concerns
                                                           and problems, including those from the
    A. Chief Compliance Officer                            compliance hotline;
    Passport’s Vice President of Compliance             • Ensuring proper reporting of violations to
    and Chief Compliance Officer (“CCO”), is a             duly authorized enforcement agencies, as
    member of the Executive Leadership Team                appropriate or required;
    (“ELT”), reports directly to the Chief Executive    • Assuring that compliance training programs
    Officer (“CEO”), monitors and reports results          are appropriate and meet regulatory
    of the compliance and ethics efforts of                requirements;
    Passport, and provides guidance for the Board       • Responding to reports of potential
    and Executive Leadership Team on matters               FWA, including coordination of internal
    relating to compliance. The CCO oversees the           investigations with the Internal Audit
    Medicaid Compliance Program, functioning               Department and development of appropriate
    as an independent and objective person that            corrective or disciplinary actions.
    reviews and evaluates compliance issues/ and        • Developing procedures to promote and
    concerns within the organization. The position         ensure that all Subcontractors are in
    ensures the Passport Board, management                 compliance with all applicable laws, rules,
    and associates, and Subcontractors are in              and regulations with respect to Medicare
    compliance with the rules and regulations of           delegated responsibilities;
    regulatory agencies, that company policies
    and procedures are being followed, and that

• Ensuring the Department of Health and            Audits and Assessments Team: The
   Human Services (“DHHS”) Office of Inspector      Compliance Audits and Assessments Team is
   General (“OIG”) and Government Services          established to assist the Passport Advantage
   Administration exclusion lists have been         compliance department in fulfilling its audit
   checked with respect to all associates,          and oversight responsibilities and thereby
   governing body members and Subcontractors        ensure Passport complies with state and federal
   at least monthly, and coordinating any
                                                    statutes and regulations, contractual obligations
   resulting personnel issue with HR, Security,
   Legal, or other departments, as appropriate;     and its internal policies and procedures.
• Maintaining documentation for each report        Compliance audits are intended to help the
   of non-compliance or potential FWA received      company make course corrections as necessary
   through any source;                              in the way we run our day to day business.
• Reporting to the CEO on risk areas, strategies   The intent is to test business practices and
   for addressing risks, implementation             procedures to make sure we can identify gaps
   results and all governmental compliance          on the processes. We do internal audits to
   enforcement activity;                            identify best practices and expose weaknesses
• Regularly evaluating the effectiveness and       prior to external audits which could lead to
   strengthening the compliance program;            lead to sanctions that might threaten our ability
• Serving as a resource to associates and          to participate in programs to issues that may
   Subcontractors; and                              threaten the financial solvency of the company.
                                                    Activities involve development of conducting
• Ensuring that compliance reports are provided
                                                    audits, responding to audit and performing
   regularly to the CEO, Passport Board and
   Compliance Committee. Reports include            risk assessments. Developing risk assessments,
   the status of the compliance program             including prioritization, communication,
   implementation, identification and resolution    auditing and completion in collaboration with
   of suspected, detected or reported instances     Passport departments and associates.
   of non-compliance, governmental compliance
   enforcement activity, such as Notices of Non-    Program Integrity Team: This team was
   Compliance to formal enforcement actions, as     established to promote ethical business
   well as oversight and audit activities.          conduct and to establish internal controls,
                                                    policies and procedures for the prevention and
                                                    detection of fraud, waste, and abuse in the
B. Compliance Department Teams                      Medicaid program.
To ensure that we have an effective compliance
                                                    HIPAA Privacy Team: This team, led by
program, we have established four Department
                                                    Passport’s Privacy Officer was established to
teams to represent our primary areas of focus.
                                                    investigate and document HIPAA disclosures
These are the 1) Communications Team, 2) The
                                                    and related activities. The team consists of
Audits and Assessments Team, 3) The Program
                                                    the Privacy Officer, Director of Compliance,
Integrity Unit, and 4) HIPAA Privacy Team.
                                                    Compliance Manager and Managing Attorney,
Communications Team: The purpose of                 Regulatory Affairs. The team meets monthly to
the Compliance Communications team is to            review privacy readiness and on an ad hoc basis
define the communication requirements of            when an investigation is needed.
the Department and how this information will
be distributed to our Department and the            C. Board of Directors (Board) –
other business areas in our organization. The
team revises the Compliance Communication           High Level Oversight
plan annually and sets the communications           The Board retains accountability for the
framework that will serve as a guide for            oversight, implementation and effectiveness
communications throughout the year and will         of the compliance program. Due to the
be updated as communications needs change.          importance and time necessary for effective

oversight, the Board has established an Audit       Committee is accountable to, and provides
    Committee and a Compliance Committee, each          regular reports to, the CEO and the Board via
    of which is chaired by a member of the Board        the CCO.
    and reports at least quarterly to the full Board.
    The Board makes inquiries into compliance           The Compliance Committee composition
    issues and takes appropriate action to ensure       includes Vice Presidents, Directors and
    resolution. The Board oversees the Compliance       Managers who represent senior level associates
    Program to ensure the use of Quantitative           from across the organization with decision-
    measurement tools, such as performance              making authority within their respective areas,
    indicators and trend reports, to demonstrate        as well as operational staff that understands
    compliance with key Medicaid Parts C and D          specific areas of expertise. The Compliance
    operations.                                         Committee is responsible for oversight of the
                                                        compliance program and meets on at least a
    Oversight includes:                                 quarterly basis.
    • Approving the Code (by full Board);              The following are the Committee’s
    • Understanding the compliance program             responsibilities:
                                                        • Develop strategies to promote compliance
    • Remaining informed about the                        and the detection of any potential violations;
       outcomes, including results of internal
                                                        • Review and approving compliance and FWA
       and external audits;
                                                           training, and ensuring that training and
    • Remaining informed about governmental               education are effective and appropriately
       compliance enforcement activity, such as            completed;
       Notices of Non- Compliance, warning letters
                                                        • Assist with the creation and implementation
       and/or more formal sanctions;
                                                           of the compliance risk assessment and
    • Receiving regularly scheduled, periodic             monitoring and auditing work plan;
       updates from the Compliance Officer and
                                                        • Assist in the creation, implementation and
       Compliance Committee; and
                                                           monitoring of corrective action activities;
    • Reviewing the results of performance and
                                                        • Review effectiveness of the system of internal
       effectiveness assessments of the compliance
                                                           controls related to daily operations;
                                                        • Review and addressing reports of monitoring
    The CCO provides training and education to             and auditing of areas and ensuring that
    the Board related to structure and operation           corrective action plans are implemented and
    of the compliance program. The Board                   monitored for effectiveness; and
    meeting minutes reflect active engagement
                                                        • Provide regular and ad hoc reports on the
    in the oversight of the compliance program,
                                                           status of compliance with recommendations
    demonstrated by questions, follow-up actions,          to the Board.
    as necessary.
                                                        E. Compliance Liaison Committee
    D. Passport Compliance
                                                        The purpose of Passport’s Compliance Liaison
    Committee                                           Committee (“Liaison Committee”) is to support
    Passport’s Compliance Committee                     the efforts of the Compliance Department
    (“Compliance Committee”) is established to          and the Compliance Committee in creating a
    ensure Passport complies with applicable state      complaint and ethical environment at Passport.
    and federal laws, contractual obligations, and      The Liaison Committee’s responsibility is to
    Code. In addition, the Compliance Committee         develop and initiate programs, ideas, and
    assists the CCO in the oversight of the Passport    feedback about compliance and ethics matters,
    Compliance Program. The CCO serves as chair         train associates on compliance and ethical
    of the Compliance Committee. The Compliance         issues, and assist in identifying compliance and

ethics topics that should be communicated to       delegation oversight audit, the Subcontractor’s
associates, members and providers. This Liaison    policies are audited for compliance and the
Committee is comprised of associates who           Subcontractor’s training attendance records
represent the various Passport departments and     are verified.
who are not members of management.

F. Delegation Oversight                            V. Elements of the Passport
Committee                                          Health Plan Compliance Program
The Delegation Oversight Committee (DOC)           The Compliance Program is designed to foster
is accountable to Passport’s Compliance            a culture of compliance that begins at the
Committee. The DOC is responsible for the          executive level and permeates throughout the
oversight of Passport’s Subcontractors to which    organization.
utilization management, case management,           We also recognize that our compliance model
credentialing, claims operations, pharmacy,        must evolve so that we can support the
and other administrative functions have been       objectives of our operational areas. To do so
delegated. In particular, the DOC reviews the      we are focusing our compliance efforts on the
delegated entities’ quality improvement and        following:
utilization management program descriptions,
annual work plans, policies, and performance       • Utilizing data analytics and metrics to direct
reports, Oversight is accomplished through            compliance activities
assessment of Subcontractors and by the use of     • Implementing compliance systems and
the DOC to review their activities.                   software
Passport has entered into contracts and            • Focusing on the high risk activities of our
delegated certain administrative services, as         vendors and ensuring vendors act in an ethical
listed below. Passport maintains accountability       manner
for adherence to DMS contractual
requirements and subcontractor oversight.          In addition, this Compliance Program is
Passport has developed and implemented             based on the seven (7) widely recognized
policies, procedures and processes related         and fundamental elements of an effective
to Subcontractor oversight to ensure that          compliance program listed below:
such entities are in compliance with all           Seven Elements of an Effective Compliance
applicable laws, rules and regulations with        Program:
respect to Medicaid and Passport policies.
A structured oversight system is in place to       1. Written policies and procedures and
monitor Subcontractors’ compliance with the            standards of conduct
requirements.                                      2. Designating a Compliance Officer
Passport ensures that general compliance           3. Education and Training
information is communicated to its                 4. Internal Lines of Communication
Subcontractors and that training occurs within
(ninety) 90 days of hire and on an annual basis.   5. System for Routine Identification of
Passport conducts training on fraud, waste and         Compliance Risks
abuse, Medicaid laws, regulations, bulletins,      6. Procedure and System for Prompt
and policies. Passport also provides updates           Responding to Compliance Issues
to Subcontractors when there are changes           7. Corrective Action Procedures
to relevant laws. The training occurs during
scheduled conference calls or meetings,            The following is a description of how Passport
pre-delegation oversight audits, and annual        incorporates the seven (7) elements into its
delegation oversight auditing. During the          Compliance Program.

1. Written Policies and                                and associates may receive disciplinary action,
                                                            up to and including termination, for failure
        Procedures and Standards                            to acknowledge receipt and training on
        of Conduct                                          compliance policies.
    Passport has comprehensive and well publicized          Passport requires all Subcontractors to have
    written policies, procedures and standards of           comprehensive compliance policies and
    conduct, that clearly articulate the objectives,        procedures and standards of conduct that
    expectations and operations of the compliance           are consistent with internal requirements.
    program, including, but not limited to:                 Passport includes contractual language in
                                                            agreements with Subcontractors that requires
    1. Clear commitment to comply with all                 adherence to compliance requirements.
        applicable federal and state statutes,              Additionally, documents are reviewed as part
        regulations and standards, throughout the           of subcontractor oversight activities, including
        organization, including the Board and First         monitoring for compliance based on any risk
        Tier Downstream and Related Entities;               assessment.
    2. A Code that describes compliance
        expectations;                                       Compliance policies are reviewed and updated
                                                            at least annually, and upon changes to federal
    3. A conflict of interest policy that requires those   and state requirements.
        with a conflict, (or who think they may have
        a conflict), to disclose the conflict/potential     Passport believes that two policies should be
        conflict, and that prohibits interested             the foundation of the standards of conduct for
        associates from making decisions, and Board         associates and Board members – (1) The Code;
        members from voting, on any matter in which         and (2) Conflict of Interest policies. The Code
        there is a conflict;                                and Conflict of Interest policies set a minimum
    4. Policies that describe the operations of the        standard of conduct for associates and Board
        compliance program;                                 members and are Passport’s most fundamental
                                                            statement of governing principles.
    5. Guidance to passport staff, also referred to as
        associates, and others, on how to deal with         a. Code of Conduct
        suspected, detected or reported compliance
        issues;                                             Passport’s Code is Passport’s statement of
                                                            ethical and compliance principles that guide
    6. Options available to communicate                    passport’s daily operations. The Code provides
        compliance issues to appropriate personnel;         evidence of Passport’s commitment to the
    7. Processes to investigate and resolve reported       lawful and ethical conduct of its business, to
        compliance issues;                                  promote lawful and ethical behavior by its
    8. A policy of non-intimidation and non-               associates, and to protect those who report
        retaliation for good faith participation in the     violations of the Code consistent with Passport’s
        compliance program, including reporting             Non-Retaliation Policy. The Code, approved by
        and/or investigating issues, conducting self-       the Board of Directors, establishes that Passport
        evaluations, audits and remedial actions and        expects associates, Subcontractors and agents
        reporting to appropriate officials; and             of Passport to act in accordance with law and
                                                            applicable Passport policies that issues of non-
    9. Formalized training requirements related to         compliance and potential FWA are reported
        FWA.                                                through appropriate mechanisms, and that
    Due to the importance of compliance policies            reported issues will be addressed
    and procedures, and standards of conduct, all           and corrected.
    new associates receive copies within ninety (90)        The Code is Passport’s most fundamental
    days of hire, with any updates, and annually            statement of governing principles, values
    thereafter. Distribution to associates is tracked       and framework for action within Passport’s

organization. The Code clearly articulates             Policy requires associates to report suspected
Passport’s expectations that all associates,           or actual occurrences of illegal, unethical or
Subcontractors and agents of Passport, and             inappropriate activities including possible
Board members carry out their responsibilities         violations of state or federal law. In addition,
ethically and in a manner which avoids even the        Passport does not tolerate any action by
appearance of improper behavior. The Code              an associate that intimidates, threatens,
is written in a format that is easy to read and        discriminates against or takes any other
comprehend.                                            retaliatory action against any other Passport
                                                       associate or other individual who makes a good
b. Conflict of Interest                                faith report of suspected or actual occurrence(s)
The Conflict of Interest Policy is not designed        of illegal, unethical or inappropriate activities.9
to prohibit conflicts of interest, but to protect
Passport’s interest when it is contemplating           2. Designating a Compliance
entering into a transaction or arrangement
that might benefit the private interests of            Officer
an associate or Board member. A conflict of            Passport has designated a CCO who is directly
interest occurs when a Passport associate              employed, a member of the ELT, and who
or Board member allows personal gain to                reports directly to the CEO. The CEO and the
interfere or influence the performance of his/her      ELT ensure that the CCO is given the credibility,
responsibilities. Associates and Board members         authority and resources necessary to operate
are encouraged to avoid situations, which may          an effective compliance program. The CCO
be called into question, trained to disclose any       is responsible for the Medicaid Compliance
potential conflict of interest, and educated to        Program implementation and management of
contact the CCO whenever there is doubt about          Passport’s day-to-day compliance operations,
any activity or relationship.                          which is critical to ensuring that the Medicaid
Situations which could be perceived as a               Compliance Program remains visible, active and
conflict of interest include:                          accountable. The CCO defines the compliance
                                                       program structure, educational requirements,
• Receiving gifts, payments or services from          reporting and complaint mechanisms, response
   suppliers or vendors seeking to do business         and correction procedures, and compliance
   with Passport.                                      expectations for all staff and Subcontractors.
• An employee or employee’s immediate
   family having significant financial interest in a   The CCO periodically reports directly to
   supplier or vendor that conducts business with      the Board on the activities and status of
   Passport.                                           the compliance program, including issues
                                                       identified, investigated and resolved. The
• Disclosing Passport’s confidential business         CCO has the authority to provide unfiltered,
   information, such as financial data, fee            in-person reports to the Board at any time,
   schedule and pricing practices.                     as well as implement needed compliance
To facilitate assessment of any potential or           actions and activities. The CCO provides
actual conflicts of interest, Passport requires        reports and training to the Board, so that they
annual conflict of interest disclosures and            are knowledgeable about the content and
encourages associates and Board members to             operation of the compliance program and can
disclose any potential or perceived conflict of        exercise reasonable oversight with respect to
interest when they occur.                              the implementation and effectiveness of the
                                                       compliance program.
c. Non-Retaliation Policy
                                                       The CCO or his/her designee, has the
Passport is committed to high standards of             authority to interview staff and other relevant
ethical and legal business conduct. In line            individuals regarding any potential compliance
with this commitment, The Non- Retaliation             issues, review contracts and other pertinent

documents, review submission of data to DMS        and live courses available for use by associates
     to ensure accuracy and in compliance with          on topics covered by Passport’s Compliance
     requirements, independently seek legal counsel     Program. Associates are kept up-to-date on
     advise, report potential FWDMS, its designee       the availability of training materials and any
     or law enforcement, conduct and/ or direct         significant changes to Passport’s Company
     audits and investigations of any Subcontractors,   intranet and email system. Passport regularly
     conduct and/or direct audits of any area or        reviews and updates its training programs,
     function involved with Medicaid Parts C and D      and identifies additional areas of training on a
     and recommend policy, procedure and                continuing basis.
     process change.
                                                        a. General Compliance Training

     3. Education and Training                          Passport has established and implemented
                                                        effective training and education, which is
     A critical element of Passport’s Compliance        required minimally annually, and is also
     Program is the education and training of           integrated into the orientation for all new
     Passport’s ELT, associates, the Board, and         associates, including consultants, members
     Subcontractors on their legal and ethical          and Subcontractors within (ninety) 90 days.
     obligations under applicable state and federal     Specialized training or refresher training may
     laws, contractual requirements, and Passport       also be provided based on an individual’s job
     policies. In order to achieve and ensure           function.
     compliance with applicable laws and Medicaid
     guidance, Passport is committed to training        Passport regularly conducts in-person training
     and education, including the ELT, associates,      presentations and seminars relating to the
     the Board, and Subcontractors, on their legal      compliance program requirements. Additionally,
     and ethical requirements under applicable state    several e-learning courses are available for
     and federal laws, contractual requirements, and    associate use. Compliance training is a Passport
     internal policies. Training focuses on general     requirement, and so attestation is required
     compliance and fraud, waste and abuse.             indicating that the Code and policies and
                                                        procedures have been received and read. Proof
     Passport ensures that general compliance           of training includes sign-in sheets, attestations
     information is communicated to its                 and electronic certifications following
     Subcontractors and that training occurs within     completion. Training records are maintained for
     (ninety) 90 days of hire and on an annual          ten (10) years.
     basis. Passport may provide training on fraud,
     waste and abuse, Medicare laws, regulations,       General compliance training includes, but is
     bulletins, and policies. Passport also provides    not limited to:
     updates to Subcontractors when there are           • Description of the compliance program,
     changes to relevant laws. During the annual           including a review of policies and procedures,
     delegation oversight audit, the Subcontractor’s       the Code and Passport’s commitment to
     policies are reviewed for compliance and the          business ethics and compliance with all
     Subcontractor’s training attendance records are       Medicaid program requirements;
                                                        • How to learn more about compliance and
     Passport is committed to taking all necessary         how to ask questions, request clarification or
     steps to effectively communicate Passport’s           report suspected or detected non-adherence,
     policies and procedures to all affected               including potential FWA. Training emphasizes
     associates, Subcontractors, vendors, and              confidentiality, anonymity and non-retaliation;
     Board members. Passport regularly conducts         • A review of disciplinary guidelines for non-
     in-person training presentations and seminars         compliance or fraudulent behavior or failure to
     relating to Passport policies and procedures.         report, including retraining, disciplinary action
     Passport also has several e-learning, video           up to possible termination;

• Mandatory attendance and participation in        subcontractors maintain records of attendance,
   compliance and FWA training as a condition       topic and certificates of completion, as
   of employment and integrated within              applicable for ten (10) years.
   associate evaluations;
• Review of policies related to government         4. Internal Lines of
   contracts, such as gifts and gratuities;
• Review of potential conflicts and Passport’s
   process for disclosure;                          Passport provides effective and open lines of
• An overview of HIPAA/HITECH, DMS Data            communication for the reporting of suspected
   Use Agreement (if applicable), and the           improper activity. Passport maintains and
   requirement of maintaining confidentiality of    communicates the availability of an anonymous
   personal health information;                     hotline for employees, members and others in
                                                    the public to report issues.
• Overview of the monitoring and auditing
   process; and                                     Passport uses an external organization for
• Review of the laws that govern associate         Compliance Hotline reporting to help increase
   conduct in the Medicaid program.                 responsiveness and to help associates,
                                                    members and others in the public feel
b. Fraud, Waste and Abuse (FWA) Training            comfortable that anything reported will be
                                                    completely confidential and anonymous.
All associates, Board members and                   Passport believes this added layer of protection
subcontractor associates involved in the            will encourage associates to report any
administration of Medicaid benefits receive         concerns without fear of retaliation.
FWA training within ninety (90) days of
employment, Board service or contracting, as        Passport is committed to fostering dialogue
applicable, and minimally annually thereafter.      between management and associates.
                                                    Passport’s goal is that all associates, when
FWA training includes, but is not limited to:       seeking answers to questions or reporting
• Laws and regulations related to Medicare         potential instances of fraud and abuse should
   Advantage and Part D FWA (e.g., False Claims     know who to turn to for a meaningful response
   Act, Anti-Kickback statute, HIPAA/HITECH,        and should be able to do so without fear of
   etc.);                                           retaliation. To that end, Passport has adopted
                                                    open-door policies, as well as confidentiality
• Obligations of subcontractor to have             and non-retaliation policies. In order to further
   appropriate policies and procedures to           encourage open lines of communication
   address FWA;                                     regarding potential violations, Passport has
• Processes for reporting suspected FWA;           established a toll-free Hotline.
• Protections for Passport associates who report   Passport encourages the use of emails,
   suspected FWA; and                               newsletters, suggestion boxes, and other forms
• Types of FWA that can occur in associate work    of information exchange to maintain open lines
   settings                                         of communication. In addition, Passport has
                                                    designed an effective employee exit interview
Additional or refresher training may be provided
                                                    program to solicit information from departing
more frequently based on an individual’s job
                                                    employees regarding potential misconduct and
function, when requirements change, when
                                                    suspicious violations of company policy and
associates are found to be non-compliant, as
corrective action to address a non-compliance
issue, or when an associate works in an area        a. Reporting Mechanisms
implicated in past FWA. All associates and BOD
members must acknowledge in writing that            Associates, Board and associates of
they have received FWA training. Passport and       Subcontractors are expected to promptly report

any such activity of which they become aware by      retaliation includes, but is not limited to,
     notifying their supervisor, notifying the CCO or     terminating, suspending, demoting, failing to
     other member of the Compliance Department            consider for promotion, harassing, or reducing
     with whom they feel comfortable, or via the          the compensation of any associate due to the
     Compliance Hotline.                                  associate’s intended or actual filing of a report.
                                                          Associates are instructed to immediately report
     Associates are made aware of reporting               any retaliation to the CCO. Passport also
     methods, and non-intimidation/non-retaliation        utilizes associate exit interviews, conducted by
     policies, through compliance training and            Human Resources, as an opportunity to identify
     the use of other compliance awareness                potential compliance of FWA issues and any
     measures, such as compliance week, posters,          perception of retaliation.
     emails, intranet, etc. Passport uses a vendor,
     available 24 hours a day, for the Compliance         c. Member Communications and Education
     Hotline (1-855-512-8500) reporting to increase
     responsiveness and to help associates feel           Members are also educated about the
     comfortable that anything reported will be           identification and reporting of potential FWA
     completely confidential and anonymous.               via newsletters, on-hold messaging, website,
     The Hotline phone number and information             and new member materials.
     regarding its use are predominantly displayed
     on the Passport intranet site and posted             5. System for Routine
     throughout the facility. Passport believes this
     added layer of protection will encourage             Identification of Compliance Risks
     associates to report any concerns without the        Passport’s Compliance Program includes efforts
     fear of retaliation. In order to further encourage   to evaluate compliance with Passport’s policies
     open lines of communication, Passport has also       and procedures, including efforts to audit the
     established an email at passporthealthplan@          activities of Subcontractors and vendors. The
     getintouch.com for reporting potential               nature of Passport’s reviews as well as the extent
     violations.                                          and frequency of Passport’s compliance and
     The CCO is responsible for reviewing all             auditing varies according to a variety of factors,
     compliance hotline reports, assessing whether        including new regulatory requirements, changes
     they warrant further investigation and ensuring      in business practices and other considerations.
     that any compliance problem is identified and        Passport will continue to identify new and
     corrected.                                           emerging risk areas and address these risks.

     b. Non-Retaliation                                   a. Routine Oversight and Auditing

     The CCO follows-up with associates who file          Passport’s Medicaid Compliance Program
     complaints regarding the timeliness of the           is designed for the early identification of
     response and to ensure that confidentiality          compliance issues. This includes routine
     and non-retaliation policies apply. The CCO          oversight, risk assessments that identify
     will provide status reports to the associate         compliance risks and audits. In addition,
     throughout the investigation, as appropriate.        Passport conducts annual reviews of
     Passport requires Subcontractors to notify their     Subcontractors to evaluate compliance with
     associates that they can report compliance or        DMS requirements and Compliance Program
     FWA issues through the hotline.                      effectiveness. Passport undertakes monitoring
                                                          and auditing to assure compliance with
     Associates are protected from retaliation            Medicaid regulations, sub-regulatory guidance,
     for good faith participation in Passport’s           contractual agreements, federal and state laws,
     Medicaid Compliance Program. No associate            internal policies and procedures to protect
     who files a report of suspected FWA or other         against Medicaid Compliance Program non-
     improper activity in good faith will be subject to   compliance and potential FWA.
     retaliation by Passport in any form. Prohibited

The Delegation Oversight Committee is               The Internal Audit Group (“IAG”) is
accountable to the Passport Compliance              responsible for:
Committee. The Passport Compliance
Department is responsible for the oversight         • Championing the establishment of the ERM
of Passport’s Subcontractors to which certain          Program
administrative functions have been delegated.       • Maintaining the ERM framework
Oversight is accomplished through assessment           documentation
of Subcontractors and by use of the Committee       • Facilitating structured risk assessments with
to review their activities.                            each Passport business area to synchronize
b. Enterprise Risk Management                          risk tolerance and identify the most significant
                                                       risks to achieving the corporate strategy, goals
The establishment of an effective risk                 and objectives;
management program is a key responsibility          • Assisting with the translation of risk
of management and the Board, who are                   assessments into risk responses; and
responsible for adopting a coordinated
approach to the identification of organizational    • Evaluating the reporting and monitoring of
risks, creating controls to mitigate those             key risks
risks, and monitoring and reviewing the             Passport Business Units are responsible for:
identified risks and controls. They should
ensure that risk management is integrated           • Aligning their risk priorities, tolerances and
into the organization, both at the strategic and       strategies with Passport’s overall strategy and
operational levels. Passport uses Enterprise Risk      risk appetite;
Management (“ERM”) as the framework and             • Identifying, analyzing and managing key risks;
method for managing risks.
                                                    • Participating in the structured risk assessments
Passport’s Risk Management Leader is                   with the IAG; and
responsible for:                                    • Assisting with the development of risk
• Establishing and communicating Passport’s           responses to key risks
   ERM vision;                                      A comprehensive risk assessment of all
• Working with an empowered group of               applicable Medicaid operational areas,
   executives and senior leaders to define          including First Tier entities, is undertaken
   the appropriate role of risk management in       annually by the Internal Audit Group in
   the organization;                                collaboration with Compliance, IT and
• Developing and communicating risk                associates from across the organization. This
   management policies;                             effort has the support of the ELT and the
                                                    Compliance Committee. Potential risks are
• Working with executives to ensure the            identified, ranked and prioritized considering
   corporate control environment continues to (1)   the following: departmental size, complexity,
   monitor risk across the enterprise, (2) manage   past issues, budget, and areas identified via
   organizational cultural issues                   DMS audits and oversight.
• effectively, and (3) oversee and enforce risk
   management policies;                             c. Auditing Work Plan
• Ensuring appropriate risk reporting to the       Each year an Annual Internal Audit is created
   Audit Committee of the Board and Passport        to identify planned audit activities to be
   leaders; and                                     conducted by the Internal Audit Group
                                                    throughout the calendar year. The audit plan
• Providing assurance regarding the                is developed based on risk assessment results,
   overall effectiveness and efficiency of the      regulatory requirements, business leader
   ERM program                                      assessments, and previous audit result. The

Annual Internal Audit Plan is approved by the      Passport audits the effectiveness of the
     Audit Committee of the Board.                      compliance program at least annually
                                                        and utilizes other internal staff, or outside
     d. Audit Schedule and Methodology                  auditors, to conduct activities. Effectiveness of
     Standard audit reports are prepared that           Compliance Department audits is shared with
     include objectives, scope and methodology,         the Audit Committee of the Board.
     and findings and recommendations.                  f. Oversight and Auditing Subcontractors
     Types of audits will consider:                     Passport audits Subcontractors to ensure that
     • Which risk areas will most likely affect        they are in compliance with all applicable laws
        Passport;                                       and regulations and that they are monitoring
                                                        compliance of their downstream entities.
     • The efficiency and effectiveness of business    Oversight and auditing of Subcontractors is
        processes;                                      integrated within the annual risk assessment
     • Use of special targeted techniques based on     and work plan development. Passport requests
        aberrant behavior;                              copies of the Subcontractors’ audit work plans
     • Assessments of compliance with internal         and audit results, as well as reviews reports,
        processes and procedures;                       such as payment, utilization (pharmacy and
                                                        medical), network adequacy, etc. Subcontractors
     • The performance of the compliance program,
                                                        are placed on a corrective action plan (“CAP”)
        including a review of training, reporting
                                                        for results that are suboptimal or do not achieve
        mechanisms, investigation files, OIG/
                                                        DMS results.
        GSA exclusion list screenings, evidence of
        associate receipt of the Code and Conflict of   g. Tracking and Documenting
        Interest disclosures/attestations; and          Program Effectiveness
     • Necessary follow-up reviews for areas
                                                        The work plan is overseen and executed by
        previously found non-compliant to determine
                                                        the CCO, Director of Compliance and the
        if the implemented corrective actions have
                                                        Compliance Committee. The CCO provides
        fully addressed the underlying problem.
                                                        updates to the ELT, CEO and the Board no
     e. Audit of the Operations and                     less than quarterly. Due to the importance of
     Compliance Program                                 internal auditing, the Board has established an
                                                        Audit Committee that reviews the monitoring
     The CCO and the Compliance Committee               and auditing activities (both internal and
     implement and audit functions appropriate          external) and results, and provides direction and
     to Passport’s size, scope and structure. The       subsequent resources, as appropriate. The CCO
     Internal Audit Group is primarily responsible      reports findings to DMS, if necessary.
     for monitoring and auditing the operational
     areas to ensure compliance with Medicaid           In addition to formal audits, Passport regularly
     requirements. Internal Audit staff collaborates    tracks and documents compliance using
     and coordinates their auditing efforts with the    dashboards, scorecards and self-assessment
     Compliance Department and other Passport           tools that demonstrate the extent to which
     business units to ensure the effectiveness of      operational areas and Subcontractors are
     Passport internal auditing activities. Auditors    achieving compliance goals. Results are
     are knowledgeable about DMS operational            reviewed by the ELT to assess compliance and
     requirements for the areas under review and        identify improvement opportunities.
     have access to relevant operational personnel,     h. OIG/GSA Exclusion
     including at the Subcontractor level. Auditors
     are independent and have a direct reporting        Passport prohibits hiring or entering into
     relationship with the Audit Committee of the       contracts with individuals and/or entities
     Board.                                             that are excluded or otherwise ineligible for

participation in federal health programs.           The Program Integrity Program is designed to
Passport utilizes the a software vendor to          accomplish the following:
manage OIG List of Excluded Individuals and
Entities (“LEIE list”) and the GSA Excluded         • Reducing or eliminating Medicaid costs due
parties Lists System (“EPLS”) prior to the hiring      to FWA;
or contracting of any new associate, temporary      • Reducing or eliminating fraudulent or abusive
associate, consultant, Board member, or                claims paid for with federal funds;
subcontractor, and monthly thereafter, to           • Preventing illegal activities;
ensure that none of these persons or entities
are excluded or become excluded from                • Identifying enrollees with over-utilization
participation in federal programs. Passport            issues;
will not pay for services or prescription drugs     • Identifying and recommending providers for
prescribed or provided by a provider excluded          identification to law enforcement;
by either the OIG or GSA.                           • Referring suspected, detected or reported
i. Use of Data Analysis for FWA Prevention             cases of illegal drug activity including drug
and Detection                                          diversion to law enforcement;
                                                    • Conducting case development and support
Passport has established monitoring and                activities for law enforcement investigations;
analytics to prevent and detect potential              and
FWA. Analytics are used to identify unusual
patterns, changes in trend, potential errors        • Assisting law enforcement and state agencies
or over-utilization suggesting potential               such as the U.S. Attorney’s Office and the OIG
errors and/or FWA. Metrics from internal               by providing information needed to develop
and all Subcontractors are tracked monthly             successful prosecutions
and reviewed by the ELT and the Finance             k. Auditing by DMS or Designee
Committee. Findings are used to determine
actions and/or change in policy.                    All Passport’s associates, Board, contractors,
                                                    and Subcontractors are expected to fully
j. Program Integrity Unit                           cooperate in all government audits and
Passport has contracted with a                      investigations. Subcontractor contracts include
SUBCONTRACTOR to provide its Program                language that requires participation in all
Integrity Unit (PIU). The PIU has policies and      OIG, DMS, or their designee, requests for
procedures that address FWA activities,             information and audits.
including delegated services to Subcontractors.
The PIU works collaboratively with medical          6. Procedure and System
management, claims and provider claims
services to assess over- and under-utilization of   for Prompt Responding to
services. The PIU conducts internal monitoring      Compliance Issues
and auditing of members and contracted
providers, with activities integrated into the      a. Conducting Timely and Reasonable Inquiry
annual work plan. The PIU works in conjunction      of Detected Offenses
with a subcontractor to review claims and           Passport has established and implemented
conduct data mining, analysis and investigations    procedures to promptly respond to compliance
that aid in the prevention and detection of         issues, including FWA, as they are raised.
medical fraud.                                      Passport investigates potential non-compliance
Potential FWA can be reported anonymously           as identified via self-evaluations, audits, hotline
and via multiple channels, including the            calls, member complaints, etc. Program non-
Compliance Hotline.                                 compliance detection may be at the plan or
                                                    subcontractor level. Investigations occur within
                                                    two (2) weeks after the date of a potential

non-compliance or potential FWA incident            that DMS has identified as potentially abusive
     is identified. A preliminary investigation is       or fraudulent.
     conducted by the CCO, or a member of
     the compliance team, including the PIU.
     Additionally, Passport reports significant          7. Corrective Action Procedures
     Medicaid program non-compliance to the DMS          A compliance program increases the likelihood
     Regional Office, as soon as possible after its      of preventing, or at least detecting, unlawful
     discovery.                                          and unethical behavior. However, Passport
     b. Corrective Actions                               recognizes that even an effective compliance
                                                         program may not prevent all violations. As
     Problems are corrected timely and thoroughly        such, Passport’s Compliance Program requires
     to reduce the potential for reoccurrence and        Passport to respond promptly to potential
     ensuring ongoing compliance with DMS                violations of law or company policy, take
     requirements. Corrective actions are designed       appropriate disciplinary action in a consistent
     to correct underlying problems that resulted        manner, assess whether the violation is in part
     in the problem violation and to prevent future      due to gaps in Passport’s policies, practices,
     non-compliance.                                     or internal controls, and take action to prevent
                                                         future violations.
     Passport conducts root cause analysis related
     to FWA, compliance problems or deficiencies         a. Well-Publicized Disciplinary Standards
     to understand the occurrence and to better
     address appropriate corrective actions and the      Passport has well publicized disciplinary
     timeframes for resolution. Passport requires        standards that encourage good faith
     corrective action plans from Subcontractors to      participation in the compliance program by
     assure correction of any identified deficiencies    all affected individuals. Policies articulate
     and follows up to assess whether the actions        expectations for reporting compliance issues
     undertaken were effective. Corrective action        and assisting in their resolution, identifying non-
     plans are documented in writing and include         compliance or unethical behavior, and provide
     ramifications for failure to implement the          for timely, consistent and effective enforcement
     corrective action satisfactorily, including         when non-compliance or unethical behavior is
     employment or contract termination, if              determined.
     warranted.                                          Associates who engage in FWA or other
     d. Identifying Providers with a History of          misconduct are subject to disciplinary action.
     Complaints                                          Passport associates and Subcontractors are
                                                         made aware of disciplinary actions through
     Passport maintains files for a period of ten (10)   new associate training, ongoing training, and
     years on any provider that has been subject         the associate handbook. Providers are made
     to a complaint, investigation, violation, and/or    aware of their FWA responsibilities via the
     prosecution related to FWA, including enrollee      provider manual and provider training. Any
     complaints, OIG and/ or Department of Justice       disciplinary action will be coordinated by the
     investigations, US Attorney prosecution, and        Director of Human Resources in consultation
     any other civil, criminal, or administrative        with the CCO. Depending on the severity of
     action for violations of federal or state health    the offense, discipline may include counseling,
     care program requirements. Files contain            oral or written warnings, modification of duties,
     documented warnings and educational                 suspension or termination. Passport maintains
     contacts, results of previous investigations and    records of all compliance violation disciplinary
     copies of complaints resulting in investigation.    actions for ten (10) years, and periodically
     Passport promptly complies with all law             reviews these records to ensure that disciplinary
     enforcement, DMS and DMS’ designees                 actions are appropriate to the seriousness of the
     regarding monitoring of contracted providers        violation, fairly and consistently administered,
                                                         and imposed within a reasonable timeframe.

VI. Compliance Plans                               Program Integrity Plan

Passport uses compliance plans to implement        Passport is committed to maintaining program
its Compliance Program.                            integrity through the promotion of ethical
                                                   business conduct and the prevention and
By implementing and adhering to the requisite      detection of fraud, waste, and abuse. Passport
compliance plan, Passport will increase the        Advantage’s program integrity activities are
likelihood of meeting its legal obligations        delegated to its subcontractor Evolent Health
and send a clear message to staff, regulators,     LLC (Evolent) and are conducted in accordance
and the public that Passport is committed          with the requirements of applicable state and
to conducting itself in an ethical manner,         federal law, including but not limited to 42 CFR
promoting good employee conduct, and               § 438.600 to 438.610 and the requirements
providing quality service.                         set out in Subtitle F, Section 6501 through
                                                   6507, of the Patient Protection and Affordable
Passport has the following four compliance
                                                   Care Act (PPACA) of 2010. Passport complies
plans – (1) Audits and Assessments; (2) Program
                                                   fully with the program integrity requirements
Integrity; (3) Training; and (4) Communications.
                                                   and standards set forth in 42 CFR 438.608,
Below is a summary of each of these plans.
                                                   the contractual requirements of its contract
Audits and Assessments                             with DMS, and all other state and federal
                                                   requirements. Passport has developed this
Audits, risk assessments, and surveys conducted    Program Integrity Plan for the purpose of
by Compliance Department Staff and the Audits      establishing internal controls, policies and
& Assessment Team are intended to help the         procedures to ensure the prevention, detection
company make course corrections in the way         and deterrence of Fraud, Waste and Abuse
we run our day-to-day business as necessary        in accordance with those state and federal
The intent is to test business practices and       requirements.
procedures to promote the identification of
gaps in our processes. We do internal audits to    Training Plan
identify best practices and expose weaknesses
                                                   A critical element of the Compliance Program
prior to external audits, which could lead to
                                                   is the education and training of UHC’s Board
sanctions that might threaten our financial
                                                   of Directors Members (Board Members), UHC’s
solvency and the ability to participate in
                                                   associates, volunteers, temporary employees,
programs. Activities involve development of
                                                   interns, fellows, subcontractors and certain
conducting audits, responding to audits and
                                                   consultants and vendors (Trainees) on their legal
performing risk assessments in collaboration
                                                   and ethical obligations under applicable state
with departments and associates. Our Audits &
                                                   and federal laws, contractual requirements,
Assessments has identified three (3) focus areas
                                                   and UHC policies. UHC is committed to
to guide quarterly audit and monitoring:
                                                   providing the tools and resources and to take
• Policies                                        all necessary steps to effectively communicate
                                                   UHC’s policies and procedures to all affected
• Health Insurance Portability and
                                                   Board Members and Trainees. UHC regularly
   Accountability (HIPAA)
                                                   conducts in-person training presentations
• Passport Communications                         and webinars relating to UHC policies and
The Compliance Department also coordinates         procedures. UHC also has several e-learning
audits from external sources such as regulatory    courses available for use by Trainees on topics
agencies (e.g. DMS, DOI, APA, and IPRO.            covered by UHC’s Compliance Program. Board
These audits can be statutorily imposed or         Members and Trainees are kept up to date
ad hoc in nature due to business practices         on the availability of training materials and
identified by the various auditors.                any significant changes to UHC policies and
                                                   procedures through UHC’s Company intranet
                                                   and e-mail system. UHC regularly reviews and

You can also read