2020 Compliance Program - Medicaid - Passport's mission is to improve the health and - Passport Health Plan
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
2020 Compliance Program
Medicaid
Passport’s mission is to improve the health and
quality of life of our members.“Passport” is comprised of associates under Medicare Advantage lines of business. The UHC
both Passport Health Plan Inc. servicing our Board consists of fifteen (15) members with the
Medicaid line of business (Passport Health Plan) Chief Executive Officer as an ex officio board
and University Healthcare Inc. servicing our member. The Board bear ultimate fiduciary,
Medicare line of business (Passport Advantage). regulatory and contractual responsibility for the
Passport Health Plan Inc. was previously UHC operations as set forth in the Articles of
identified as University Healthcare Inc. Incorporation and the Bylaws. The executive
management team consists of a Chief Executive
Healthcare compliance is the continuous Officer, six (6) Vice Presidents, a Chief of Staff
process of abiding by federal and state laws, and the Executive Director of the Passport
contractual obligations, and ethical standards Health Plan Foundation.
applicable to a healthcare organization. To
be compliant with these rules and guidelines, UHC has also established an entity known
healthcare organizations establish compliance as the Partnership Council, which is a broad
programs that set forth processes, policies, coalition of providers and consumers,
and procedures to define appropriate conduct, including physicians, nurses, hospitals, health
educate staff, and monitor adherence to these departments and ancillary providers. The
rules and guidelines. Partnership Council is led by a thirty-two (32)
member Board of Directors who help govern
This compliance program outlines the the operations of the Medicaid and Medicare
manner in which University Health Care, Inc. Advantage lines of business.
(UHC) promotes organizational adherence to
applicable federal and state law and outlines
the practices it uses to protect against fraud,
waste, abuse, and other potential liability and II. Compliance Department
potential risks. Operating Philosophy
I. University Health Care, dba A. Compliance Department
Mission and Principles
Passport Health Plan
Mission Statement: The Compliance
UHC is a Kentucky nonprofit corporation. It Department’s mission is to ensure Passport, its
is recognized by the Internal Revenue Service Board members, associates and subcontractors
as a Section 501(c)(3), tax exempt charitable maintain compliance with the letter and
organization. University Health Care, Inc. has spirit of all applicable state and federal laws
two lines of business – (1) a Medicaid line of and contractual obligations and carries out
business; and (2) a Medicare Advantage line its mission and values with a high degree
of business. The Medicaid line of business of honesty and integrity. The Compliance
does business under the name Passport Health Department accomplishes its mission by:
Plan (Passport). The Medicare Advantage line establishing effective guidelines to maintain
of business does business under the name compliance with federal and state laws;
Passport Advantage. UHC was formed in 1997 implementing a means of preventing fraud,
by five (5) health care organizations known as waste and abuse; performing audits, risk
Sponsors. The current Sponsors are University of assessments, conducting investigations;
Louisville Physicians, Jewish Heritage Fund for establishing and communicating compliance
Excellence, University Medical Center, Norton policies and procedures; educating and training
Healthcare and Louisville – Jefferson County Board members, associates and subcontractors;
Primary Care Association. and fostering a culture of high ethical and moral
UHC has one Board of Directors (Board) and standards as outlined in Passport’s Code of
one management team for its Medicaid and Conduct (“Code”).
2Principles: The Compliance Department values managers and Compliance Department staff
provide guidance for responsible decision- collaborate in developing business plans and
making by encouraging a culture of integrity strategies, all staff assist Passport in attaining
based on ethical leadership and integration the ultimate goal of making the business
of ethical considerations into decision-making more competitive without sacrificing integrity
processes. or accountability. Below are some ways
Passport integrates compliance efforts with the
operational aspects of Passport’s business.
B. The Compliance Department
Values include: • Oversight and monitoring of Subcontractors
• Review of the provider recoupment/
Integrity overpayment process
• Respect, show courtesy and treat each • Development of strategies to improve
other fairly subcontractor encounter submissions
• Honest and open communication when • Review policies for the handling of grievances
working with each other and appeals
• Build trust among each other, and with our • Coordination on the implementation of
customers, suppliers and communities prospective and retrospective claim edits
• Make principle-based decisions Passport acknowledges the implementation of
High Expectations such a program cannot guarantee that improper
employee conduct will be entirely eliminated.
• Take pride in what we do and how we do it Nonetheless, it is Passport’s expectation that
• Continually improve our service associates will comply with the Code; and the
• Establish clear expectations of each other policies and procedures established in support
• Strive for excellence in all we do of the Code. In the event Passport becomes
aware of violations of law or company policy,
• Achieve superior results consistently Passport will investigate the matter and,
Team Players where appropriate, take disciplinary action
or implement corrective measures to prevent
• Accountable to each other
future violations.
• Share information broadly
• Encourage diverse viewpoints Passport associates are expected to:
• Meet our commitments to each other • Carry out their job duties with integrity,
and to others excellence, respect, and honesty
• View success as our collective achievement • Learn and understand what laws and
regulations apply to their position and to
comply with those requirements
III. Passport’s Collaborative • Exercise good judgment and do the right
thing when performing your job duties
Approach to Compliance • Know Passport’s mission and values and
At Passport, our goal is to cultivate a dynamic become a partner in fulfilling it
environment that will encourage compliant • Report suspected compliance violations,
and ethical business conduct by integrating errors or issues
compliance considerations into business
Passport has fundamental elements of its
planning and execution. In this way, we can
Compliance Program. Passport has tailored
improve compliance efforts by bringing down
the Compliance Program to fit the unique
the real and perceived walls that separate
environment and characteristics for in which
Compliance Department staff from their
Passport operates (e.g., Passport is a provider-
colleagues. We understand that when business
3sponsored organization, considered to be of behavior in the organization meets Passport’s
medium size in terms of associates, structured Code. The CCO, together with the Passport
with most associates in operational units, and Compliance Committee, is authorized to
heavily dependent on contractual relationships implement all necessary actions to ensure
with Subcontractors that assist in providing achievement of the objectives of an effective
Medicaid services to beneficiaries in Passport’s compliance program.
service area.
To increase the effectiveness and integrity of
Associates are encouraged to contact the Compliance Program, the CCO shall have
their manager, the CCO, a member of the cooperation of and access to all associates
the Compliance Team or the Compliance of the organization. The Board and Executive
Committee with questions or concerns Management shall provide the CCO with
regarding compliance issues. An associate will appropriate resources to effectively manage
be assured when contacting any member of the and satisfy the elements of the Program. Also,
compliance team that: the CCO shall have the authority to inquire
into any matters arising or appearing to arise
• They will be treated with dignity and respect.
within the scope of the Compliance Program.
• Communication will be protected to the The CCO may appoint such staff as necessary
greatest extent possible. to assist in the performance of his/ her
• Questions or concerns will be seriously responsibilities.
addressed and if not resolved at the time, the
employee will be kept informed of the answer The CCO is a critical member of the ELT, with
or the outcome. duties that are extensive and include:
An associate need not identify themselves, • Developing and/or updating policies
although it may be helpful for the CCO to and procedures and Code governing the
contact the employee with additional questions. compliance program;
• Ensuring management of day-to-day
operations of the program;
IV. Leadership and Structure • Receiving, evaluating and investigating
compliance-related complaints, concerns
and problems, including those from the
A. Chief Compliance Officer compliance hotline;
Passport’s Vice President of Compliance • Ensuring proper reporting of violations to
and Chief Compliance Officer (“CCO”), is a duly authorized enforcement agencies, as
member of the Executive Leadership Team appropriate or required;
(“ELT”), reports directly to the Chief Executive • Assuring that compliance training programs
Officer (“CEO”), monitors and reports results are appropriate and meet regulatory
of the compliance and ethics efforts of requirements;
Passport, and provides guidance for the Board • Responding to reports of potential
and Executive Leadership Team on matters FWA, including coordination of internal
relating to compliance. The CCO oversees the investigations with the Internal Audit
Medicaid Compliance Program, functioning Department and development of appropriate
as an independent and objective person that corrective or disciplinary actions.
reviews and evaluates compliance issues/ and • Developing procedures to promote and
concerns within the organization. The position ensure that all Subcontractors are in
ensures the Passport Board, management compliance with all applicable laws, rules,
and associates, and Subcontractors are in and regulations with respect to Medicare
compliance with the rules and regulations of delegated responsibilities;
regulatory agencies, that company policies
and procedures are being followed, and that
4• Ensuring the Department of Health and Audits and Assessments Team: The
Human Services (“DHHS”) Office of Inspector Compliance Audits and Assessments Team is
General (“OIG”) and Government Services established to assist the Passport Advantage
Administration exclusion lists have been compliance department in fulfilling its audit
checked with respect to all associates, and oversight responsibilities and thereby
governing body members and Subcontractors ensure Passport complies with state and federal
at least monthly, and coordinating any
statutes and regulations, contractual obligations
resulting personnel issue with HR, Security,
Legal, or other departments, as appropriate; and its internal policies and procedures.
• Maintaining documentation for each report Compliance audits are intended to help the
of non-compliance or potential FWA received company make course corrections as necessary
through any source; in the way we run our day to day business.
• Reporting to the CEO on risk areas, strategies The intent is to test business practices and
for addressing risks, implementation procedures to make sure we can identify gaps
results and all governmental compliance on the processes. We do internal audits to
enforcement activity; identify best practices and expose weaknesses
• Regularly evaluating the effectiveness and prior to external audits which could lead to
strengthening the compliance program; lead to sanctions that might threaten our ability
• Serving as a resource to associates and to participate in programs to issues that may
Subcontractors; and threaten the financial solvency of the company.
Activities involve development of conducting
• Ensuring that compliance reports are provided
audits, responding to audit and performing
regularly to the CEO, Passport Board and
Compliance Committee. Reports include risk assessments. Developing risk assessments,
the status of the compliance program including prioritization, communication,
implementation, identification and resolution auditing and completion in collaboration with
of suspected, detected or reported instances Passport departments and associates.
of non-compliance, governmental compliance
enforcement activity, such as Notices of Non- Program Integrity Team: This team was
Compliance to formal enforcement actions, as established to promote ethical business
well as oversight and audit activities. conduct and to establish internal controls,
policies and procedures for the prevention and
detection of fraud, waste, and abuse in the
B. Compliance Department Teams Medicaid program.
To ensure that we have an effective compliance
HIPAA Privacy Team: This team, led by
program, we have established four Department
Passport’s Privacy Officer was established to
teams to represent our primary areas of focus.
investigate and document HIPAA disclosures
These are the 1) Communications Team, 2) The
and related activities. The team consists of
Audits and Assessments Team, 3) The Program
the Privacy Officer, Director of Compliance,
Integrity Unit, and 4) HIPAA Privacy Team.
Compliance Manager and Managing Attorney,
Communications Team: The purpose of Regulatory Affairs. The team meets monthly to
the Compliance Communications team is to review privacy readiness and on an ad hoc basis
define the communication requirements of when an investigation is needed.
the Department and how this information will
be distributed to our Department and the C. Board of Directors (Board) –
other business areas in our organization. The
team revises the Compliance Communication High Level Oversight
plan annually and sets the communications The Board retains accountability for the
framework that will serve as a guide for oversight, implementation and effectiveness
communications throughout the year and will of the compliance program. Due to the
be updated as communications needs change. importance and time necessary for effective
5oversight, the Board has established an Audit Committee is accountable to, and provides
Committee and a Compliance Committee, each regular reports to, the CEO and the Board via
of which is chaired by a member of the Board the CCO.
and reports at least quarterly to the full Board.
The Board makes inquiries into compliance The Compliance Committee composition
issues and takes appropriate action to ensure includes Vice Presidents, Directors and
resolution. The Board oversees the Compliance Managers who represent senior level associates
Program to ensure the use of Quantitative from across the organization with decision-
measurement tools, such as performance making authority within their respective areas,
indicators and trend reports, to demonstrate as well as operational staff that understands
compliance with key Medicaid Parts C and D specific areas of expertise. The Compliance
operations. Committee is responsible for oversight of the
compliance program and meets on at least a
Oversight includes: quarterly basis.
• Approving the Code (by full Board); The following are the Committee’s
• Understanding the compliance program responsibilities:
structure;
• Develop strategies to promote compliance
• Remaining informed about the and the detection of any potential violations;
outcomes, including results of internal
• Review and approving compliance and FWA
and external audits;
training, and ensuring that training and
• Remaining informed about governmental education are effective and appropriately
compliance enforcement activity, such as completed;
Notices of Non- Compliance, warning letters
• Assist with the creation and implementation
and/or more formal sanctions;
of the compliance risk assessment and
• Receiving regularly scheduled, periodic monitoring and auditing work plan;
updates from the Compliance Officer and
• Assist in the creation, implementation and
Compliance Committee; and
monitoring of corrective action activities;
• Reviewing the results of performance and
• Review effectiveness of the system of internal
effectiveness assessments of the compliance
controls related to daily operations;
program.
• Review and addressing reports of monitoring
The CCO provides training and education to and auditing of areas and ensuring that
the Board related to structure and operation corrective action plans are implemented and
of the compliance program. The Board monitored for effectiveness; and
meeting minutes reflect active engagement
• Provide regular and ad hoc reports on the
in the oversight of the compliance program,
status of compliance with recommendations
demonstrated by questions, follow-up actions, to the Board.
as necessary.
E. Compliance Liaison Committee
D. Passport Compliance
The purpose of Passport’s Compliance Liaison
Committee Committee (“Liaison Committee”) is to support
Passport’s Compliance Committee the efforts of the Compliance Department
(“Compliance Committee”) is established to and the Compliance Committee in creating a
ensure Passport complies with applicable state complaint and ethical environment at Passport.
and federal laws, contractual obligations, and The Liaison Committee’s responsibility is to
Code. In addition, the Compliance Committee develop and initiate programs, ideas, and
assists the CCO in the oversight of the Passport feedback about compliance and ethics matters,
Compliance Program. The CCO serves as chair train associates on compliance and ethical
of the Compliance Committee. The Compliance issues, and assist in identifying compliance and
6ethics topics that should be communicated to delegation oversight audit, the Subcontractor’s
associates, members and providers. This Liaison policies are audited for compliance and the
Committee is comprised of associates who Subcontractor’s training attendance records
represent the various Passport departments and are verified.
who are not members of management.
F. Delegation Oversight V. Elements of the Passport
Committee Health Plan Compliance Program
The Delegation Oversight Committee (DOC) The Compliance Program is designed to foster
is accountable to Passport’s Compliance a culture of compliance that begins at the
Committee. The DOC is responsible for the executive level and permeates throughout the
oversight of Passport’s Subcontractors to which organization.
utilization management, case management, We also recognize that our compliance model
credentialing, claims operations, pharmacy, must evolve so that we can support the
and other administrative functions have been objectives of our operational areas. To do so
delegated. In particular, the DOC reviews the we are focusing our compliance efforts on the
delegated entities’ quality improvement and following:
utilization management program descriptions,
annual work plans, policies, and performance • Utilizing data analytics and metrics to direct
reports, Oversight is accomplished through compliance activities
assessment of Subcontractors and by the use of • Implementing compliance systems and
the DOC to review their activities. software
Passport has entered into contracts and • Focusing on the high risk activities of our
delegated certain administrative services, as vendors and ensuring vendors act in an ethical
listed below. Passport maintains accountability manner
for adherence to DMS contractual
requirements and subcontractor oversight. In addition, this Compliance Program is
Passport has developed and implemented based on the seven (7) widely recognized
policies, procedures and processes related and fundamental elements of an effective
to Subcontractor oversight to ensure that compliance program listed below:
such entities are in compliance with all Seven Elements of an Effective Compliance
applicable laws, rules and regulations with Program:
respect to Medicaid and Passport policies.
A structured oversight system is in place to 1. Written policies and procedures and
monitor Subcontractors’ compliance with the standards of conduct
requirements. 2. Designating a Compliance Officer
Passport ensures that general compliance 3. Education and Training
information is communicated to its 4. Internal Lines of Communication
Subcontractors and that training occurs within
(ninety) 90 days of hire and on an annual basis. 5. System for Routine Identification of
Passport conducts training on fraud, waste and Compliance Risks
abuse, Medicaid laws, regulations, bulletins, 6. Procedure and System for Prompt
and policies. Passport also provides updates Responding to Compliance Issues
to Subcontractors when there are changes 7. Corrective Action Procedures
to relevant laws. The training occurs during
scheduled conference calls or meetings, The following is a description of how Passport
pre-delegation oversight audits, and annual incorporates the seven (7) elements into its
delegation oversight auditing. During the Compliance Program.
71. Written Policies and and associates may receive disciplinary action,
up to and including termination, for failure
Procedures and Standards to acknowledge receipt and training on
of Conduct compliance policies.
Passport has comprehensive and well publicized Passport requires all Subcontractors to have
written policies, procedures and standards of comprehensive compliance policies and
conduct, that clearly articulate the objectives, procedures and standards of conduct that
expectations and operations of the compliance are consistent with internal requirements.
program, including, but not limited to: Passport includes contractual language in
agreements with Subcontractors that requires
1. Clear commitment to comply with all adherence to compliance requirements.
applicable federal and state statutes, Additionally, documents are reviewed as part
regulations and standards, throughout the of subcontractor oversight activities, including
organization, including the Board and First monitoring for compliance based on any risk
Tier Downstream and Related Entities; assessment.
2. A Code that describes compliance
expectations; Compliance policies are reviewed and updated
at least annually, and upon changes to federal
3. A conflict of interest policy that requires those and state requirements.
with a conflict, (or who think they may have
a conflict), to disclose the conflict/potential Passport believes that two policies should be
conflict, and that prohibits interested the foundation of the standards of conduct for
associates from making decisions, and Board associates and Board members – (1) The Code;
members from voting, on any matter in which and (2) Conflict of Interest policies. The Code
there is a conflict; and Conflict of Interest policies set a minimum
4. Policies that describe the operations of the standard of conduct for associates and Board
compliance program; members and are Passport’s most fundamental
statement of governing principles.
5. Guidance to passport staff, also referred to as
associates, and others, on how to deal with a. Code of Conduct
suspected, detected or reported compliance
issues; Passport’s Code is Passport’s statement of
ethical and compliance principles that guide
6. Options available to communicate passport’s daily operations. The Code provides
compliance issues to appropriate personnel; evidence of Passport’s commitment to the
7. Processes to investigate and resolve reported lawful and ethical conduct of its business, to
compliance issues; promote lawful and ethical behavior by its
8. A policy of non-intimidation and non- associates, and to protect those who report
retaliation for good faith participation in the violations of the Code consistent with Passport’s
compliance program, including reporting Non-Retaliation Policy. The Code, approved by
and/or investigating issues, conducting self- the Board of Directors, establishes that Passport
evaluations, audits and remedial actions and expects associates, Subcontractors and agents
reporting to appropriate officials; and of Passport to act in accordance with law and
applicable Passport policies that issues of non-
9. Formalized training requirements related to compliance and potential FWA are reported
FWA. through appropriate mechanisms, and that
Due to the importance of compliance policies reported issues will be addressed
and procedures, and standards of conduct, all and corrected.
new associates receive copies within ninety (90) The Code is Passport’s most fundamental
days of hire, with any updates, and annually statement of governing principles, values
thereafter. Distribution to associates is tracked and framework for action within Passport’s
8organization. The Code clearly articulates Policy requires associates to report suspected
Passport’s expectations that all associates, or actual occurrences of illegal, unethical or
Subcontractors and agents of Passport, and inappropriate activities including possible
Board members carry out their responsibilities violations of state or federal law. In addition,
ethically and in a manner which avoids even the Passport does not tolerate any action by
appearance of improper behavior. The Code an associate that intimidates, threatens,
is written in a format that is easy to read and discriminates against or takes any other
comprehend. retaliatory action against any other Passport
associate or other individual who makes a good
b. Conflict of Interest faith report of suspected or actual occurrence(s)
The Conflict of Interest Policy is not designed of illegal, unethical or inappropriate activities.9
to prohibit conflicts of interest, but to protect
Passport’s interest when it is contemplating 2. Designating a Compliance
entering into a transaction or arrangement
that might benefit the private interests of Officer
an associate or Board member. A conflict of Passport has designated a CCO who is directly
interest occurs when a Passport associate employed, a member of the ELT, and who
or Board member allows personal gain to reports directly to the CEO. The CEO and the
interfere or influence the performance of his/her ELT ensure that the CCO is given the credibility,
responsibilities. Associates and Board members authority and resources necessary to operate
are encouraged to avoid situations, which may an effective compliance program. The CCO
be called into question, trained to disclose any is responsible for the Medicaid Compliance
potential conflict of interest, and educated to Program implementation and management of
contact the CCO whenever there is doubt about Passport’s day-to-day compliance operations,
any activity or relationship. which is critical to ensuring that the Medicaid
Situations which could be perceived as a Compliance Program remains visible, active and
conflict of interest include: accountable. The CCO defines the compliance
program structure, educational requirements,
• Receiving gifts, payments or services from reporting and complaint mechanisms, response
suppliers or vendors seeking to do business and correction procedures, and compliance
with Passport. expectations for all staff and Subcontractors.
• An employee or employee’s immediate
family having significant financial interest in a The CCO periodically reports directly to
supplier or vendor that conducts business with the Board on the activities and status of
Passport. the compliance program, including issues
identified, investigated and resolved. The
• Disclosing Passport’s confidential business CCO has the authority to provide unfiltered,
information, such as financial data, fee in-person reports to the Board at any time,
schedule and pricing practices. as well as implement needed compliance
To facilitate assessment of any potential or actions and activities. The CCO provides
actual conflicts of interest, Passport requires reports and training to the Board, so that they
annual conflict of interest disclosures and are knowledgeable about the content and
encourages associates and Board members to operation of the compliance program and can
disclose any potential or perceived conflict of exercise reasonable oversight with respect to
interest when they occur. the implementation and effectiveness of the
compliance program.
c. Non-Retaliation Policy
The CCO or his/her designee, has the
Passport is committed to high standards of authority to interview staff and other relevant
ethical and legal business conduct. In line individuals regarding any potential compliance
with this commitment, The Non- Retaliation issues, review contracts and other pertinent
9documents, review submission of data to DMS and live courses available for use by associates
to ensure accuracy and in compliance with on topics covered by Passport’s Compliance
requirements, independently seek legal counsel Program. Associates are kept up-to-date on
advise, report potential FWDMS, its designee the availability of training materials and any
or law enforcement, conduct and/ or direct significant changes to Passport’s Company
audits and investigations of any Subcontractors, intranet and email system. Passport regularly
conduct and/or direct audits of any area or reviews and updates its training programs,
function involved with Medicaid Parts C and D and identifies additional areas of training on a
and recommend policy, procedure and continuing basis.
process change.
a. General Compliance Training
3. Education and Training Passport has established and implemented
effective training and education, which is
A critical element of Passport’s Compliance required minimally annually, and is also
Program is the education and training of integrated into the orientation for all new
Passport’s ELT, associates, the Board, and associates, including consultants, members
Subcontractors on their legal and ethical and Subcontractors within (ninety) 90 days.
obligations under applicable state and federal Specialized training or refresher training may
laws, contractual requirements, and Passport also be provided based on an individual’s job
policies. In order to achieve and ensure function.
compliance with applicable laws and Medicaid
guidance, Passport is committed to training Passport regularly conducts in-person training
and education, including the ELT, associates, presentations and seminars relating to the
the Board, and Subcontractors, on their legal compliance program requirements. Additionally,
and ethical requirements under applicable state several e-learning courses are available for
and federal laws, contractual requirements, and associate use. Compliance training is a Passport
internal policies. Training focuses on general requirement, and so attestation is required
compliance and fraud, waste and abuse. indicating that the Code and policies and
procedures have been received and read. Proof
Passport ensures that general compliance of training includes sign-in sheets, attestations
information is communicated to its and electronic certifications following
Subcontractors and that training occurs within completion. Training records are maintained for
(ninety) 90 days of hire and on an annual ten (10) years.
basis. Passport may provide training on fraud,
waste and abuse, Medicare laws, regulations, General compliance training includes, but is
bulletins, and policies. Passport also provides not limited to:
updates to Subcontractors when there are • Description of the compliance program,
changes to relevant laws. During the annual including a review of policies and procedures,
delegation oversight audit, the Subcontractor’s the Code and Passport’s commitment to
policies are reviewed for compliance and the business ethics and compliance with all
Subcontractor’s training attendance records are Medicaid program requirements;
verified.
• How to learn more about compliance and
Passport is committed to taking all necessary how to ask questions, request clarification or
steps to effectively communicate Passport’s report suspected or detected non-adherence,
policies and procedures to all affected including potential FWA. Training emphasizes
associates, Subcontractors, vendors, and confidentiality, anonymity and non-retaliation;
Board members. Passport regularly conducts • A review of disciplinary guidelines for non-
in-person training presentations and seminars compliance or fraudulent behavior or failure to
relating to Passport policies and procedures. report, including retraining, disciplinary action
Passport also has several e-learning, video up to possible termination;
10• Mandatory attendance and participation in subcontractors maintain records of attendance,
compliance and FWA training as a condition topic and certificates of completion, as
of employment and integrated within applicable for ten (10) years.
associate evaluations;
• Review of policies related to government 4. Internal Lines of
contracts, such as gifts and gratuities;
Communication
• Review of potential conflicts and Passport’s
process for disclosure; Passport provides effective and open lines of
• An overview of HIPAA/HITECH, DMS Data communication for the reporting of suspected
Use Agreement (if applicable), and the improper activity. Passport maintains and
requirement of maintaining confidentiality of communicates the availability of an anonymous
personal health information; hotline for employees, members and others in
the public to report issues.
• Overview of the monitoring and auditing
process; and Passport uses an external organization for
• Review of the laws that govern associate Compliance Hotline reporting to help increase
conduct in the Medicaid program. responsiveness and to help associates,
members and others in the public feel
b. Fraud, Waste and Abuse (FWA) Training comfortable that anything reported will be
completely confidential and anonymous.
All associates, Board members and Passport believes this added layer of protection
subcontractor associates involved in the will encourage associates to report any
administration of Medicaid benefits receive concerns without fear of retaliation.
FWA training within ninety (90) days of
employment, Board service or contracting, as Passport is committed to fostering dialogue
applicable, and minimally annually thereafter. between management and associates.
Passport’s goal is that all associates, when
FWA training includes, but is not limited to: seeking answers to questions or reporting
• Laws and regulations related to Medicare potential instances of fraud and abuse should
Advantage and Part D FWA (e.g., False Claims know who to turn to for a meaningful response
Act, Anti-Kickback statute, HIPAA/HITECH, and should be able to do so without fear of
etc.); retaliation. To that end, Passport has adopted
open-door policies, as well as confidentiality
• Obligations of subcontractor to have and non-retaliation policies. In order to further
appropriate policies and procedures to encourage open lines of communication
address FWA; regarding potential violations, Passport has
• Processes for reporting suspected FWA; established a toll-free Hotline.
• Protections for Passport associates who report Passport encourages the use of emails,
suspected FWA; and newsletters, suggestion boxes, and other forms
• Types of FWA that can occur in associate work of information exchange to maintain open lines
settings of communication. In addition, Passport has
designed an effective employee exit interview
Additional or refresher training may be provided
program to solicit information from departing
more frequently based on an individual’s job
employees regarding potential misconduct and
function, when requirements change, when
suspicious violations of company policy and
associates are found to be non-compliant, as
procedure.
corrective action to address a non-compliance
issue, or when an associate works in an area a. Reporting Mechanisms
implicated in past FWA. All associates and BOD
members must acknowledge in writing that Associates, Board and associates of
they have received FWA training. Passport and Subcontractors are expected to promptly report
11any such activity of which they become aware by retaliation includes, but is not limited to,
notifying their supervisor, notifying the CCO or terminating, suspending, demoting, failing to
other member of the Compliance Department consider for promotion, harassing, or reducing
with whom they feel comfortable, or via the the compensation of any associate due to the
Compliance Hotline. associate’s intended or actual filing of a report.
Associates are instructed to immediately report
Associates are made aware of reporting any retaliation to the CCO. Passport also
methods, and non-intimidation/non-retaliation utilizes associate exit interviews, conducted by
policies, through compliance training and Human Resources, as an opportunity to identify
the use of other compliance awareness potential compliance of FWA issues and any
measures, such as compliance week, posters, perception of retaliation.
emails, intranet, etc. Passport uses a vendor,
available 24 hours a day, for the Compliance c. Member Communications and Education
Hotline (1-855-512-8500) reporting to increase
responsiveness and to help associates feel Members are also educated about the
comfortable that anything reported will be identification and reporting of potential FWA
completely confidential and anonymous. via newsletters, on-hold messaging, website,
The Hotline phone number and information and new member materials.
regarding its use are predominantly displayed
on the Passport intranet site and posted 5. System for Routine
throughout the facility. Passport believes this
added layer of protection will encourage Identification of Compliance Risks
associates to report any concerns without the Passport’s Compliance Program includes efforts
fear of retaliation. In order to further encourage to evaluate compliance with Passport’s policies
open lines of communication, Passport has also and procedures, including efforts to audit the
established an email at passporthealthplan@ activities of Subcontractors and vendors. The
getintouch.com for reporting potential nature of Passport’s reviews as well as the extent
violations. and frequency of Passport’s compliance and
The CCO is responsible for reviewing all auditing varies according to a variety of factors,
compliance hotline reports, assessing whether including new regulatory requirements, changes
they warrant further investigation and ensuring in business practices and other considerations.
that any compliance problem is identified and Passport will continue to identify new and
corrected. emerging risk areas and address these risks.
b. Non-Retaliation a. Routine Oversight and Auditing
The CCO follows-up with associates who file Passport’s Medicaid Compliance Program
complaints regarding the timeliness of the is designed for the early identification of
response and to ensure that confidentiality compliance issues. This includes routine
and non-retaliation policies apply. The CCO oversight, risk assessments that identify
will provide status reports to the associate compliance risks and audits. In addition,
throughout the investigation, as appropriate. Passport conducts annual reviews of
Passport requires Subcontractors to notify their Subcontractors to evaluate compliance with
associates that they can report compliance or DMS requirements and Compliance Program
FWA issues through the hotline. effectiveness. Passport undertakes monitoring
and auditing to assure compliance with
Associates are protected from retaliation Medicaid regulations, sub-regulatory guidance,
for good faith participation in Passport’s contractual agreements, federal and state laws,
Medicaid Compliance Program. No associate internal policies and procedures to protect
who files a report of suspected FWA or other against Medicaid Compliance Program non-
improper activity in good faith will be subject to compliance and potential FWA.
retaliation by Passport in any form. Prohibited
12The Delegation Oversight Committee is The Internal Audit Group (“IAG”) is
accountable to the Passport Compliance responsible for:
Committee. The Passport Compliance
Department is responsible for the oversight • Championing the establishment of the ERM
of Passport’s Subcontractors to which certain Program
administrative functions have been delegated. • Maintaining the ERM framework
Oversight is accomplished through assessment documentation
of Subcontractors and by use of the Committee • Facilitating structured risk assessments with
to review their activities. each Passport business area to synchronize
b. Enterprise Risk Management risk tolerance and identify the most significant
risks to achieving the corporate strategy, goals
The establishment of an effective risk and objectives;
management program is a key responsibility • Assisting with the translation of risk
of management and the Board, who are assessments into risk responses; and
responsible for adopting a coordinated
approach to the identification of organizational • Evaluating the reporting and monitoring of
risks, creating controls to mitigate those key risks
risks, and monitoring and reviewing the Passport Business Units are responsible for:
identified risks and controls. They should
ensure that risk management is integrated • Aligning their risk priorities, tolerances and
into the organization, both at the strategic and strategies with Passport’s overall strategy and
operational levels. Passport uses Enterprise Risk risk appetite;
Management (“ERM”) as the framework and • Identifying, analyzing and managing key risks;
method for managing risks.
• Participating in the structured risk assessments
Passport’s Risk Management Leader is with the IAG; and
responsible for: • Assisting with the development of risk
• Establishing and communicating Passport’s responses to key risks
ERM vision; A comprehensive risk assessment of all
• Working with an empowered group of applicable Medicaid operational areas,
executives and senior leaders to define including First Tier entities, is undertaken
the appropriate role of risk management in annually by the Internal Audit Group in
the organization; collaboration with Compliance, IT and
• Developing and communicating risk associates from across the organization. This
management policies; effort has the support of the ELT and the
Compliance Committee. Potential risks are
• Working with executives to ensure the identified, ranked and prioritized considering
corporate control environment continues to (1) the following: departmental size, complexity,
monitor risk across the enterprise, (2) manage past issues, budget, and areas identified via
organizational cultural issues DMS audits and oversight.
• effectively, and (3) oversee and enforce risk
management policies; c. Auditing Work Plan
• Ensuring appropriate risk reporting to the Each year an Annual Internal Audit is created
Audit Committee of the Board and Passport to identify planned audit activities to be
leaders; and conducted by the Internal Audit Group
throughout the calendar year. The audit plan
• Providing assurance regarding the is developed based on risk assessment results,
overall effectiveness and efficiency of the regulatory requirements, business leader
ERM program assessments, and previous audit result. The
13Annual Internal Audit Plan is approved by the Passport audits the effectiveness of the
Audit Committee of the Board. compliance program at least annually
and utilizes other internal staff, or outside
d. Audit Schedule and Methodology auditors, to conduct activities. Effectiveness of
Standard audit reports are prepared that Compliance Department audits is shared with
include objectives, scope and methodology, the Audit Committee of the Board.
and findings and recommendations. f. Oversight and Auditing Subcontractors
Types of audits will consider: Passport audits Subcontractors to ensure that
• Which risk areas will most likely affect they are in compliance with all applicable laws
Passport; and regulations and that they are monitoring
compliance of their downstream entities.
• The efficiency and effectiveness of business Oversight and auditing of Subcontractors is
processes; integrated within the annual risk assessment
• Use of special targeted techniques based on and work plan development. Passport requests
aberrant behavior; copies of the Subcontractors’ audit work plans
• Assessments of compliance with internal and audit results, as well as reviews reports,
processes and procedures; such as payment, utilization (pharmacy and
medical), network adequacy, etc. Subcontractors
• The performance of the compliance program,
are placed on a corrective action plan (“CAP”)
including a review of training, reporting
for results that are suboptimal or do not achieve
mechanisms, investigation files, OIG/
DMS results.
GSA exclusion list screenings, evidence of
associate receipt of the Code and Conflict of g. Tracking and Documenting
Interest disclosures/attestations; and Program Effectiveness
• Necessary follow-up reviews for areas
The work plan is overseen and executed by
previously found non-compliant to determine
the CCO, Director of Compliance and the
if the implemented corrective actions have
Compliance Committee. The CCO provides
fully addressed the underlying problem.
updates to the ELT, CEO and the Board no
e. Audit of the Operations and less than quarterly. Due to the importance of
Compliance Program internal auditing, the Board has established an
Audit Committee that reviews the monitoring
The CCO and the Compliance Committee and auditing activities (both internal and
implement and audit functions appropriate external) and results, and provides direction and
to Passport’s size, scope and structure. The subsequent resources, as appropriate. The CCO
Internal Audit Group is primarily responsible reports findings to DMS, if necessary.
for monitoring and auditing the operational
areas to ensure compliance with Medicaid In addition to formal audits, Passport regularly
requirements. Internal Audit staff collaborates tracks and documents compliance using
and coordinates their auditing efforts with the dashboards, scorecards and self-assessment
Compliance Department and other Passport tools that demonstrate the extent to which
business units to ensure the effectiveness of operational areas and Subcontractors are
Passport internal auditing activities. Auditors achieving compliance goals. Results are
are knowledgeable about DMS operational reviewed by the ELT to assess compliance and
requirements for the areas under review and identify improvement opportunities.
have access to relevant operational personnel, h. OIG/GSA Exclusion
including at the Subcontractor level. Auditors
are independent and have a direct reporting Passport prohibits hiring or entering into
relationship with the Audit Committee of the contracts with individuals and/or entities
Board. that are excluded or otherwise ineligible for
14participation in federal health programs. The Program Integrity Program is designed to
Passport utilizes the a software vendor to accomplish the following:
manage OIG List of Excluded Individuals and
Entities (“LEIE list”) and the GSA Excluded • Reducing or eliminating Medicaid costs due
parties Lists System (“EPLS”) prior to the hiring to FWA;
or contracting of any new associate, temporary • Reducing or eliminating fraudulent or abusive
associate, consultant, Board member, or claims paid for with federal funds;
subcontractor, and monthly thereafter, to • Preventing illegal activities;
ensure that none of these persons or entities
are excluded or become excluded from • Identifying enrollees with over-utilization
participation in federal programs. Passport issues;
will not pay for services or prescription drugs • Identifying and recommending providers for
prescribed or provided by a provider excluded identification to law enforcement;
by either the OIG or GSA. • Referring suspected, detected or reported
i. Use of Data Analysis for FWA Prevention cases of illegal drug activity including drug
and Detection diversion to law enforcement;
• Conducting case development and support
Passport has established monitoring and activities for law enforcement investigations;
analytics to prevent and detect potential and
FWA. Analytics are used to identify unusual
patterns, changes in trend, potential errors • Assisting law enforcement and state agencies
or over-utilization suggesting potential such as the U.S. Attorney’s Office and the OIG
errors and/or FWA. Metrics from internal by providing information needed to develop
and all Subcontractors are tracked monthly successful prosecutions
and reviewed by the ELT and the Finance k. Auditing by DMS or Designee
Committee. Findings are used to determine
actions and/or change in policy. All Passport’s associates, Board, contractors,
and Subcontractors are expected to fully
j. Program Integrity Unit cooperate in all government audits and
Passport has contracted with a investigations. Subcontractor contracts include
SUBCONTRACTOR to provide its Program language that requires participation in all
Integrity Unit (PIU). The PIU has policies and OIG, DMS, or their designee, requests for
procedures that address FWA activities, information and audits.
including delegated services to Subcontractors.
The PIU works collaboratively with medical 6. Procedure and System
management, claims and provider claims
services to assess over- and under-utilization of for Prompt Responding to
services. The PIU conducts internal monitoring Compliance Issues
and auditing of members and contracted
providers, with activities integrated into the a. Conducting Timely and Reasonable Inquiry
annual work plan. The PIU works in conjunction of Detected Offenses
with a subcontractor to review claims and Passport has established and implemented
conduct data mining, analysis and investigations procedures to promptly respond to compliance
that aid in the prevention and detection of issues, including FWA, as they are raised.
medical fraud. Passport investigates potential non-compliance
Potential FWA can be reported anonymously as identified via self-evaluations, audits, hotline
and via multiple channels, including the calls, member complaints, etc. Program non-
Compliance Hotline. compliance detection may be at the plan or
subcontractor level. Investigations occur within
two (2) weeks after the date of a potential
15non-compliance or potential FWA incident that DMS has identified as potentially abusive
is identified. A preliminary investigation is or fraudulent.
conducted by the CCO, or a member of
the compliance team, including the PIU.
Additionally, Passport reports significant 7. Corrective Action Procedures
Medicaid program non-compliance to the DMS A compliance program increases the likelihood
Regional Office, as soon as possible after its of preventing, or at least detecting, unlawful
discovery. and unethical behavior. However, Passport
b. Corrective Actions recognizes that even an effective compliance
program may not prevent all violations. As
Problems are corrected timely and thoroughly such, Passport’s Compliance Program requires
to reduce the potential for reoccurrence and Passport to respond promptly to potential
ensuring ongoing compliance with DMS violations of law or company policy, take
requirements. Corrective actions are designed appropriate disciplinary action in a consistent
to correct underlying problems that resulted manner, assess whether the violation is in part
in the problem violation and to prevent future due to gaps in Passport’s policies, practices,
non-compliance. or internal controls, and take action to prevent
future violations.
Passport conducts root cause analysis related
to FWA, compliance problems or deficiencies a. Well-Publicized Disciplinary Standards
to understand the occurrence and to better
address appropriate corrective actions and the Passport has well publicized disciplinary
timeframes for resolution. Passport requires standards that encourage good faith
corrective action plans from Subcontractors to participation in the compliance program by
assure correction of any identified deficiencies all affected individuals. Policies articulate
and follows up to assess whether the actions expectations for reporting compliance issues
undertaken were effective. Corrective action and assisting in their resolution, identifying non-
plans are documented in writing and include compliance or unethical behavior, and provide
ramifications for failure to implement the for timely, consistent and effective enforcement
corrective action satisfactorily, including when non-compliance or unethical behavior is
employment or contract termination, if determined.
warranted. Associates who engage in FWA or other
d. Identifying Providers with a History of misconduct are subject to disciplinary action.
Complaints Passport associates and Subcontractors are
made aware of disciplinary actions through
Passport maintains files for a period of ten (10) new associate training, ongoing training, and
years on any provider that has been subject the associate handbook. Providers are made
to a complaint, investigation, violation, and/or aware of their FWA responsibilities via the
prosecution related to FWA, including enrollee provider manual and provider training. Any
complaints, OIG and/ or Department of Justice disciplinary action will be coordinated by the
investigations, US Attorney prosecution, and Director of Human Resources in consultation
any other civil, criminal, or administrative with the CCO. Depending on the severity of
action for violations of federal or state health the offense, discipline may include counseling,
care program requirements. Files contain oral or written warnings, modification of duties,
documented warnings and educational suspension or termination. Passport maintains
contacts, results of previous investigations and records of all compliance violation disciplinary
copies of complaints resulting in investigation. actions for ten (10) years, and periodically
Passport promptly complies with all law reviews these records to ensure that disciplinary
enforcement, DMS and DMS’ designees actions are appropriate to the seriousness of the
regarding monitoring of contracted providers violation, fairly and consistently administered,
and imposed within a reasonable timeframe.
16VI. Compliance Plans Program Integrity Plan
Passport uses compliance plans to implement Passport is committed to maintaining program
its Compliance Program. integrity through the promotion of ethical
business conduct and the prevention and
By implementing and adhering to the requisite detection of fraud, waste, and abuse. Passport
compliance plan, Passport will increase the Advantage’s program integrity activities are
likelihood of meeting its legal obligations delegated to its subcontractor Evolent Health
and send a clear message to staff, regulators, LLC (Evolent) and are conducted in accordance
and the public that Passport is committed with the requirements of applicable state and
to conducting itself in an ethical manner, federal law, including but not limited to 42 CFR
promoting good employee conduct, and § 438.600 to 438.610 and the requirements
providing quality service. set out in Subtitle F, Section 6501 through
6507, of the Patient Protection and Affordable
Passport has the following four compliance
Care Act (PPACA) of 2010. Passport complies
plans – (1) Audits and Assessments; (2) Program
fully with the program integrity requirements
Integrity; (3) Training; and (4) Communications.
and standards set forth in 42 CFR 438.608,
Below is a summary of each of these plans.
the contractual requirements of its contract
Audits and Assessments with DMS, and all other state and federal
requirements. Passport has developed this
Audits, risk assessments, and surveys conducted Program Integrity Plan for the purpose of
by Compliance Department Staff and the Audits establishing internal controls, policies and
& Assessment Team are intended to help the procedures to ensure the prevention, detection
company make course corrections in the way and deterrence of Fraud, Waste and Abuse
we run our day-to-day business as necessary in accordance with those state and federal
The intent is to test business practices and requirements.
procedures to promote the identification of
gaps in our processes. We do internal audits to Training Plan
identify best practices and expose weaknesses
A critical element of the Compliance Program
prior to external audits, which could lead to
is the education and training of UHC’s Board
sanctions that might threaten our financial
of Directors Members (Board Members), UHC’s
solvency and the ability to participate in
associates, volunteers, temporary employees,
programs. Activities involve development of
interns, fellows, subcontractors and certain
conducting audits, responding to audits and
consultants and vendors (Trainees) on their legal
performing risk assessments in collaboration
and ethical obligations under applicable state
with departments and associates. Our Audits &
and federal laws, contractual requirements,
Assessments has identified three (3) focus areas
and UHC policies. UHC is committed to
to guide quarterly audit and monitoring:
providing the tools and resources and to take
• Policies all necessary steps to effectively communicate
UHC’s policies and procedures to all affected
• Health Insurance Portability and
Board Members and Trainees. UHC regularly
Accountability (HIPAA)
conducts in-person training presentations
• Passport Communications and webinars relating to UHC policies and
The Compliance Department also coordinates procedures. UHC also has several e-learning
audits from external sources such as regulatory courses available for use by Trainees on topics
agencies (e.g. DMS, DOI, APA, and IPRO. covered by UHC’s Compliance Program. Board
These audits can be statutorily imposed or Members and Trainees are kept up to date
ad hoc in nature due to business practices on the availability of training materials and
identified by the various auditors. any significant changes to UHC policies and
procedures through UHC’s Company intranet
and e-mail system. UHC regularly reviews and
17You can also read
