2015 Compliance Program Table of Contents:

Transcription

1 2015 Compliance Program Table of Contents: 10 Introduction 20 Definitions 30 Overview of Mandatory Compliance Program 40 Sponsor Accountability for and Oversight of FDRs 50 Elements of an Effective Compliance Program 50.1 Element I: Written Policies, Procedures and Standards of Conduct Standards of Conduct Policies and Procedures Distribution of Compliance Policies and Procedures and Standards of Conduct 50.2 Element II: Compliance Officer, Compliance Committee and High Level Oversight Compliance Officer Compliance Committee Governing Body Senior Management Involvement in Compliance Program 50.3 Element III: Effective Training and Education General Compliance Training Fraud, Waste, and Abuse Training 50.4 Element IV: Effective Lines of Communication Effective Lines of Communication between the Compliance Officer, Compliance Committee, Employees, Governing Body, and FDRs Communication and Reporting Mechanisms Enrollee Communications and Education 50.5 Element V: Well-Publicized Disciplinary Standards Disciplinary Standards Methods to Publicize Disciplinary Standards Enforcing Disciplinary Standards 50.6 Element VI: Effective System for Routine Monitoring, Auditing and Identification of Compliance Risks Routine Monitoring and Auditing Development of a System to Identify Compliance Risks Development of the Monitoring and Auditing Work Plan Audit Schedule and Methodology Audit of the Sponsor s Operations and Compliance Program Rev. 4/30/15

2 Monitoring and Auditing FDRs Tracking and Documenting Compliance and Compliance Program Effectiveness OIG/GSA Exclusion Use of Data Analysis for Fraud, Waste and Abuse Prevention and Detection Special Investigation Units (SIUs) Auditing by CMS or its Designee 50.7 Element VII: Procedures and System for Prompt Response to Compliance Issues Conducting a Timely and Reasonable Inquiry of Detected Offenses Corrective Actions Procedures for Self-Reporting Potential FWA and Significant Non Compliance NBI MEDIC Referrals to the NBI MEDIC Responding to CMS-Issued Fraud Alerts Identifying Providers with a History of Complaints Page 2 of 49

3 2015 Compliance Program Introduction Brand New Day, its Board of Directors, its management, its staff, and its contracting providers are committed to honoring and following all guidance and regulations promulgated and distributed by the Centers for Medicare and Medicaid Services (CMS). Following is the Brand New Day Compliance Program Description indicating how Brand New Day (BND) works to ensure compliance to meet the regulatory requirements set forth at 42 CFR (b)(4)(vi) and (b)(4)(vi). Brand New Day monitors and ensures the prompt implementation of HPMS memos, Call Letters, Best Practices, and any other guidance released by CMS. Minimum Seven Core Elements The Brand New Day Compliance Program includes the minimum seven core requirements listed below: 1. Written Policies, Procedures, and Standards of Conduct 2. Compliance Officer, Compliance Committee, and High Level Oversight 3. Effective Training and Education 4. Effective Lines of Communication 5. Well Publicized Disciplinary Standards 6. Effective System for Routing Monitoring and Identification of all Compliance Risks 7. Procedures and System for Prompt Response to Compliance Issues. Resources, Roles, and Responsibilities Brand New Day understands the need and requirement to dedicate appropriate resources to ensure the Program s success in achieving and maintaining compliance. The following BND staff members are responsible for working with the Compliance Officer and have accepted responsibility to implement and oversee the following main areas of compliance: Page 3 of 49

4 # Responsibilities / Duties Responsible Party With Assistance from: 1. Promote and enforce Standards of Conduct 2. Promote and enforce the BND Compliance Program 3. Effectively train and educate its governing body members, employees, and FDRs 4. Establish effective lines of communication within BND and between BND and its First Tier and Downstream Related Entities (FDRs) 5. Oversee FDR compliance with Medicare Part C and D requirements 6. Establish and implement an effective system for routine auditing and monitoring 7. Identify and promptly respond to risks and findings Director of Human Resources Compliance Officer Compliance Officer Chief Operations Officer (COO) and Chief Information Officer (CIO) Compliance Officer Compliance Officer Compliance Officer Executive Management as needed Executive Officers Compliance Dept. and Provider Service Representatives Provider Services Representatives Delegation Oversight Auditors, Delegation Coordinator and Compliance Dept. Staff Director of Compliance and staff Director of Compliance and staff First Tier and Downstream Related Entities (FDRs) and Delegated Functions Part D Delegation: Brand New Day utilizes a Pharmacy Benefit Manager (PBM), currently MedImpact, to help manage its formulary and the administration of its pharmacy benefits. Some functions are delegated to the PBM and some functions are retained. Prior to the start of each year BND and the PBM meet on multiple occasions to discuss which functions will be delegated and how they are to be performed in accordance with the BND Plan Benefit Packages (based on the next year s Bid). BND requests and reviews the PBM s policies and procedures (P&Ps) as requirements change and annually at a minimum. BND Subject Matter Experts (SMEs) review the P&Ps and the Medicare / Medi-CAL Operations Compliance, Quality, and Service Improvement (MOCQSI) Committee gives final approval. The BND Compliance Officer and departmental leadership meet with the PBM weekly or bi-weekly to review new CMS guidance, communications with Pharmacies, and to discuss and track issues and requests. BND conducts desk review audits of the PBM to monitor and help ensure its compliance. BND requests corrective Page 4 of 49

5 action plans (CAPs) as needed from the PBM and re-measures later to determine the effectiveness of the CAP. Part C Delegation: Brand New Day expanded its network of direct contracting physicians in 2012 by slowly adding delegated medical groups and independent physician associations (IPAs) to its network. With that expansion BND started conducting pre-delegation due diligence audits of the IPAs and contracting medical groups (CMGs) that were interested in accepting delegation. Subject matter experts (SMEs) from each delegating department were designated to perform audits utilizing tools approved by the Delegation Oversight Team (DOT) and forwarded for final approval to the Medicare Operations, Compliance, Quality and Service Improvement (MOCQSI) Committee (the Compliance Committee at large). BND Delegation Oversight Auditors (designated SMEs) audit and monitor the delegated entities including pre-delegation and annual review of the delegates policies and procedures (P&Ps). The annual audits also include file review. The Delegation Oversight Auditors (DOAs) meet with the Compliance staff monthly at a minimum as the Delegation Oversight Team (DOT). The Compliance Delegation Oversight Coordinator facilitates and chairs the DOT. The DOT reports its findings and delegation recommendations to the MOCQSI (Compliance) Committee which makes final delegation decisions and gives final delegation approval. Delegation agreements are signed by both parties identifying duties and functions to be delegated and notating functions that are not delegated. BND requires delegates to submit reports at specific intervals (monthly, quarterly, and annually) and additionally whenever required by BND. BND conducts annual Delegation Oversight Audits at a minimum and Focused Audits as needed. BND provider service representatives, the Chief Operations Officer (acting CEO), Medical Director, and Pharmacist (when available), with other BND staff) visit delegated providers by conducting Joint Operations & Utilization Management (JOUM) Committee (JOUMC) meetings with the providers at their location(s) or at the BND corporate offices. The frequency of JOUMC meetings is determined based on experience, utilization data, and compliance issues. BND is hoping to move some JOUMCs to a webinar format during 2015 or BND requires corrective actions as needed and follows them through completion to ensure effectiveness. Retention of Ultimate Responsibility: Although BND delegates functions and duties to other entities, BND always retains full responsibility for the actions, lack of action, and inappropriate actions of its delegates. BND works to train delegates to learn and understand Medicare requirements to ensure the beneficiaries have good experiences, good care, and good outcomes. Page 5 of 49

6 Chapter One Written Policies, Procedures, and Standards of Conduct Written Policies and Procedures: Brand New Day has written policies and procedures (P&Ps or policies ). Every policy statement includes a commitment to comply with all applicable State and Federal requirements. Policies are routinely reviewed and updated as regulations change, as departmental procedures change, and bi-annually at a minimum. Policies are reviewed by impacted departments. Leadership of the departments discuss the policies and when agreement is reached, they jointly submit policies to the Medicare / Medi-CAL Operations Compliance, Quality, and Service Improvement (MOCQSI / Compliance)) Committee for final approval tracking. Between meetings the policies may be adopted and implemented if approved by all impacted departmental leadership and the Compliance Officer (CO) and the Chief Operations Officer (COO) or Chief Medical Officer (CMO). The Compliance Officer or designee maintains a tracking log of all policies including review dates, authors, and important historical information such as policy number changes, replacement policies, etc. Policies are stored on the Intranet or in a Shared Drive where all staff can access the most recent policies, use them, or recommend changes as needed. Changes are tracked to enable ease in identifying the modifications. Retired versions and retired policies are stored in the Archives. Policies are developed by each department regarding how they comply with Federal and State requirements and regulations. Policies generally include important information such as standards for timeliness, responsible parties, actions or process steps required for compliance, and steps to prevent and detect potential fraud, waste, and abuse. Distribution of Policies to BND Employees Policies are posted on the Brand New Day intranet / shared drive for easy access by all staff. This ensures that the staff has the most current versions available at all times. Page 6 of 49

7 Policies are shared with Providers in the Provider Operations Manual and through other electronic media depending upon the provider s ability to view electronic media. Distribution of Policies to the Board of Directors: Policies are available to the Board of Directors upon request and via the Brand New Day intranet to which all Board members have unlimited access. Distribution of Policies to FDRs and their Employees: BND distributes policies to its First Tier and Downstream Related Entities (FDRs) and their employees via one or more of the following methods: Providers Provider Orientation Manual contains the BND policies Medicare Mandated Training is posted on the internet at HIPAA Policy is posted on the internet at Some policies are restated in the Provider Manual which is referenced in the provider contract, indicating the requirement for compliance with the policies Providers may at any time request additional copies of the policies. Employees Medicare Mandated Training is posted on the internet at HIPAA Policy is posted on the internet at A complete set of P&Ps are posted on the company intranet where they are listed by department / functional area. Demonstrating Delivery of Policies and Standards of Conduct to FDRs and their Employees: BND maintains a tracking log of dates when policies and Standards of conduct were mailed to providers. Providers are asked to attest regarding their Codes of Conduct and delivery to their staff and contracting providers. Additionally the Brand New Day Code of Conduct appears (ongoing) on the internet. Monitoring Compliance Policies: Brand New Day Compliance Department conducts periodic auditing of a sample of FDRs based on the volume of members and/or any noted risk factors. The audit includes a review of the FDR s compliance policies. The Compliance Department conducts ongoing monitoring of policy updates to ensure compliance as follows: P&P Tracking Log: Compliance Dept. maintains the Tracking Log of the BND P&Ps. FDR P&Ps Audited: BND collects and reviews the P&Ps of delegated contracting medical groups and IPAs during pre-delegation and annual audits. Corrective actions are required when policies do not meet standards. Page 7 of 49

8 PBM P&Ps Audited: Annually and as regulations change BND collects and reviews the P&Ps from the PBM to ensure compliance with existing and changed standards. The Compliance Officer addresses any findings during the weekly PBM Oversight Meetings and requests corrections. Standards of Conduct / Code of Conduct: Approved by the Board of Directors: The Brand New Day Code of Conduct is the company s statement of its ethical business expectations for all Board members, all staff, and all First Tier and Downstream Related Entities (FDRs) and their staff. Therefore the Code of Conduct is presented to the Board of Directors of Universal Care, Inc. for review and adoption annually. The Board is committed to adhering to ethical standards as set forth in the Code of Conduct. The Board of Directors lead by example. Shared with Employees: The Brand New Day Code of Conduct is shared with all new employees by the Director of Human Resources upon hiring. Employees must sign an acknowledgement of receipt. Additionally within 90 days of hiring and the Code of Conduct is reviewed and us discussed with staff during the New Hire Orientation by a designated staff person from the Compliance Department. The Annual Staff Training includes the Code of Conduct as one component. Failure to comply with the standards results in disciplinary action up to and including potential termination of services. Shared with FDRs: The Code of Conduct is shared with Providers during the New Provider Orientation and is posted on the website in the Provider section (which is reviewed with them and serves as the Provider Guidelines). Brand New Day is committed to doing business only with ethical individuals and entities. The Annual Provider Training includes the Code of Conduct in addition to other mandated training like Compliance, Model of Care, Fraud/Waste/Abuse, and HIPAA training. Providers are asked to attest to training their staff. Internal Tracking of Training / Distribution of the Code of Conduct: The Compliance Officer and designee are responsible to ensure the training of all newly hired Brand New Day employees within the first 90 days of employment and annually thereafter. The Compliance Coordinator tracks the initial training. The Director of Human Resources provides a listing of all employees to the Compliance Department upon request including the Hire Date. The HR Director also notifies the Compliance Coordinator each time a person is hired. Page 8 of 49

9 Annually the Compliance Department distributes (or posts) materials for self study (either electronically or in hard copy). Department Leadership may request the Compliance Coordinator to schedule a training meeting with the Compliance Department if preferred. Any staff member may attend a monthly New Hire Training to brush up on their skills or to satisfy the training and testing requirements. The materials include a Knowledge Check (test) to measure their understanding. Scores under 85% result in a corrective action plan requiring re-testing with a passing score within 30 days. Shared with the Public: The Code of Conduct is placed on the Brand New Day website to ensure the public that Brand New Day has ethical standards to which it is committed. Monitoring / Auditing: The Compliance Department conducts full or random sample audits to ensure compliance as follows: New Hire Training: The Compliance Officer or designee monitors tracking logs to monitor compliance and reports any compliance issues to MOCQSI (the compliance committee). The Compliance Officer addresses non-compliance by sending non-compliance notices including warnings of suspension to staff who have not completed the training as required. Annual Staff Training: The Compliance Officer or designee reviews tracking logs to monitor compliance and reports any compliance issues to MOCQSI (the compliance committee). The Compliance Officer addresses non-compliance by sending non-compliance notices including warnings of suspension to staff who have not completed the training as required. Provider Orientation: The Provider Services Dept. reports Provider Orientation summaries to MOCQSI periodically. FDR Compliance P&Ps Audited: BND auditors review FDR policies for compliance to Medicare standards during pre-delegation and annual audits. They report findings to the Delegation Oversight Team (DOT) which is under the Compliance Department. DOT reviews and approves corrective action plans CAPs required of non-compliant FDRs. FDR Codes of Conduct: BND collects and reviews attestations regarding Codes of Conduct from delegated contracting medical groups annually. BND makes several attempts to collect these. Page 9 of 49

10 Chapter Two Compliance Officer, Compliance Committee, and High Level Oversight Compliance Officer ( Medicare Managed Care Manual, Part C, Chapter ; Prescription Drug Manual, Chapter ) Unfiltered Reporting to the Governing Body Brand New Day has a full-time employed Compliance Officer who is able to give unfiltered, in person reports directly to the senior-most leader (the CEO) and to the governing body (the Board of Directors) at the discretion of the Compliance Officer. The Compliance Officer attends the Board of Director meetings on a regular basis. If needed, the Compliance Officer (CO) may request and meet with the Board of Directors in Executive Session. The CO s reports are not routed through the COO or other executives. The Compliance Officer furnishes reports regarding the status and the activities of the compliance program. The CO is free to raise compliance issues without fear of retaliation. To ensure this, the Board of Directors must approve any decision to terminate the services of the CO. Overall Responsibilities The Compliance Officer is responsible for developing and implementing the health plan s compliance program. The CO defines the program structure, educational requirements, reporting, complaint mechanisms, response and corrective action procedures, and compliance expectations of all FDRs. Therefore, the CO is required to have training and experience in working with the Medicare Advantage and Prescription Drug programs and must communicate well with regulatory authorities. The CO is a member of the senior management team. Duties The basic duties of the Compliance Officer (CO) are as follows: Page 10 of 49

11 Routine Compliance Reports: Ensure that regular compliance reports are developed and delivered to the CO, the Board of Directors (BOD), CEO, and Compliance Committee; Reports of Oversight & Potential Non-compliance: Ensure that reports include existing and potential areas of non-compliance, oversight and audit activities; Operational Interactions: Ensure awareness of daily business activities by interacting with operational areas; Compliance Training: Develop and implement training programs about the compliance program elements and compliance expectations for the Board of Directors, management, employees, contractors, and FDRs; Ensure that BND staff and FDRs know where and how to report compliance issues; Regulations Training: Train and educate regarding applicable and statutory regulations and requirements; Prevent Retaliation for Reporting: Develop and implement programs and methods for the reporting of program non-compliance and potential Fraud, Waste, or Abuse (FWA) without fear of retaliation (which includes the opportunity to report to the CO anonymously. Confidentiality is maintained to the greatest extent possible); Prompt Investigation & Response: Develop and implement programs to ensure quick responses to potential FWA via close coordination of internal investigations; Exclusion Lists Monitoring: Ensure that the Department of Health and Human Services (DHHS) Office of the Inspector General (OIG), Government Services Administration (GSA), and/or other lists are reviewed monthly for any sanctioned or excluded personnel of Brand New Day or its FDRs; Non-Compliance Documentation: Maintain documentation for each report of potential noncompliance or potential FWA received from any source; CAP Implementation & Tracking: Oversee the development, implementation, tracking, and monitoring and effective completion of any necessary corrective action plans (CAP) Authority: The compliance officer should collaborate with other sponsors (health plans and Prescription Drug Plans), State Medicaid programs, the California Department of Managed Health Care (DMHC), Medicaid Fraud Control Units (MCFUs), the MEDIC, commercial payers, and other organizations, where appropriate, when a potential FWA issue is discovered that involves multiple parties; and the Brand New Day Compliance Officer has the authority to: Interview or delegate the responsibility to interview the sponsor s employees and other relevant individuals regarding compliance issues; Page 11 of 49

12 Review company contracts and other documents pertinent to the Medicare program; Review or delegate the responsibility to review the submission of data to CMS to ensure that it is accurate and in compliance with CMS reporting requirements; Independently seek advice from legal counsel; Report potential FWA to CMS, its designee or law enforcement; Conduct and/or direct audits and investigations of any FDRs; Conduct and/or direct audits of any area or function involved with Medicare Parts C or D plans; and Recommend policy, procedure, and process changes Compliance Committee ( Medicare Managed Care Manual, Part C, Chapter ; Prescription Drug Manual, Chapter ) The primary Brand New Day compliance committee is the Medicare / Medi-CAL Operations, Compliance, Quality, and Service Improvement (MOCQSI) Committee. It is a multidisciplinary team of departmental leadership, chaired by the Compliance Officer, that meets monthly a minimum of ten times per year. The MOCQSI Committee (referred to hereafter as The Committee or MOCQSI ) reviews compliance data and advises the Compliance Officer (CO). The Committee is accountable to and provides regular compliance reports to the Chief Executive Officer (CEO) and Board of Directors (BOD) through the CO. The Committee designates subgroups (called Work Groups, Teams, and Subcommittees that meet regarding investigatory matters or matters that require greater confidentiality. Subgroups at the time of writing include: Sales Allegation Review Team (SART): Investigates and reviews every marketing allegation; The SART meets ad hoc as needed and makes determinations regarding Fault, No Fault, or No Determination; The SART requires corrective actions which it tracks to ensure satisfactory completion and effectiveness. Special Investigation Unit (SIU): is comprised of designated Compliance staff appointed by the Compliance Officer and possible some Subject Matter Experts (SMEs). They meet on an ad hoc basis to investigate matters of potential FWA, or other non-compliance that requires the strictest confidentiality. Compliance Ongoing Oversight Leadership (COOL): is comprised of the Compliance staff. They meet weekly to review HPMS memos and determine the COOL member responsible for implementing any new guidance, or changes in the existing guidance. This ensures that the Compliance team (staff) are all at least somewhat aware of every HPMS memo and its guidance. Page 12 of 49

13 Delegation Oversight Team (DOT): This team is comprised of Brand New Day SME auditors and key stakeholders who review all matters related to the delegation oversight of medical groups and independent physician associations (IPAs) such as but not limited to: pre-contractual audits, focused audits, annual audits, required reporting, corrective action plans, and other issues that may arise. This Team works under the direction of the Compliance Officer and the Compliance Committee. PBM Oversight Team (PBM-OT): This team meets telephonically with the PBM at scheduled intervals. They meet weekly, bi-weekly, or monthly at various times of the year, depending on the number of issues or matters of delegation to discuss. The Compliance Officer is present and invites Brand New Day SMEs to participate in the meetings (some ongoing and some as needed). Duties of the Compliance Committee: The basic duties of the Compliance Committee are as follows: Oversee the Compliance Program: All aspects of the compliance program are under the MOCQSI (Compliance) Committee; FWA Prevention: Develop strategies to detect, report, and correct any FWA issues; FWA Training Program: Review and approve FWA Training materials ensuring that the education is appropriately completed and effective; Preventive Plans: Develop prevention strategies and actions to reduce violations; Risk Assessment: Review and approve the risk assessment, developing and implementing work plans to mitigate risk; Audit Results: Review and implement corrective actions as needed to resolve issues detected during audits (internal or external); CAP Tracking: Monitor CAPs to ensure completion and effectiveness; Resource Monitoring: Monitor the effectiveness and completeness of internal controls to ensure that adequate staff and other resources are available to the Compliance Department to enable its ability to complete required tasks and duties; Policies and Procedure Maintenance: Monitor policies and procedures to ensure that compliance policies are up to date; System for Questions and Answers: Ensure that Brand New Day has a process in place by which members, FDRs, employees, and contractors can ask compliance questions and report potential issues of non-compliance in a confidential / anonymous manner without fear of retaliation. Monitoring Compliance / Non-compliance: Review and ensure that appropriate corrective actions are taken to address audits and other reports of non-compliance; Page 13 of 49

14 Reports to the CEO and Board of Directors: The Compliance Committee provides quarterly and ad hoc reports to the Board of Directors via the Compliance Officer, with recommendations regarding improving compliance; This may be done via minutes from the MOCQSI Committee; Composition of the MOCQSI / Compliance Committee: The multi-disciplinary compliance committee includes some clinicians, non-clinicians, auditors, departmental leadership, senior management. Departmental leaders in attendance have decision making authority. Governing Body ( Medicare Managed Care Manual, Part C, Chapter ; Prescription Drug Manual, Chapter ) 42 CFR (b)(4)(vi)(B), (b)(4)(vi)(B) The Universal Care, Inc., (parent company) Board of Directors (BOD) oversees the implementation and effectiveness of the Brand New Day Compliance Program. (Universal Care dba Brand New Day. The Compliance Officer s written report advises the BOD of compliance issues and/or risk, and makes recommendations to the BOD. The BOD may request additional actions and/or resources to ensure the issues are resolved. They follow up to ensure actions are completed and effective. The Compliance Officer provides information to educate the BOD regarding the structure, operations, risks, and strategies of the Compliance so the BOD is able to judge the outcome measurements to determine the effectiveness of the Compliance Program. Oversight: The BOD oversees the following at a minimum: Code of Conduct: Review and approve Compliance Program Structure: Understand the program Monitoring: Be informed regarding program outcomes, and results of internal and external audits; Review Compliance Committee / Officer s reports and updated information; Have the ability to review minutes from various committees CMS Enforcement Activities: Be informed regarding: o CMS Notices of Non-Compliance o Warning Letters o Corrective Actions o Formal Actions Page 14 of 49

15 Assessments: Review results of performance and effectiveness assessments of the compliance program including (but not limited to) Model of Care Fidelity Assessments and any other risk assessments Involvement or Delegation At their discretion, the BOD may be involved in, may delegate to senior management, or may delegate to the MOCQSI Committee the following activities: BOD Delegated Activities The BOD has chosen to delegate the following activities to the MOCQSI Committee: Policies and Procedures: development, implementation, annual review, and approval of P&Ps Compliance and FWA Training: development, implementation, annual review, and approval of training materials Compliance Risk Assessment: review and approval Internal and External Audit Work Plans and Results: review and approval Corrective Action Plans: review and approval Compliance Dashboards and Self Assessment Tools: review and assess program based on outcomes BOD Involved Activities The BOD is responsible for the following activities: Compliance Officer: only the BOD has the authority to hire or fire the Compliance Officer Compliance Officer s Job Description: only the BOD has the authority to determine, review duties of, and approve performance goals for the Compliance Officer Senior Management s Commitment: the BOD is involved in the evaluation of the senior management s commitment to ethics and the compliance program, and may seek input from others as needed Monitoring Evidence: the BOD reviews measurable evidence to determine if the compliance program is detecting and correcting issues of non-compliance in a timely manner. The BOD requests data showing that the Compliance Program has reduced the risks of Program non-compliance and FWA. Some indicators it monitors are: o Enrollment and Disenrollment data o Appeals and Grievance data o PDE Errors data o Claims timeliness data Page 15 of 49

16 o Claims accuracy data o Delegation Oversight Audit data o Compliance Internal Audit (CIA) data o External Audit data o Sales Allegation data o Tracking HPMS memos to ensure the timely, complete implementation of new or changing CMS regulations o Tracking submission of CMS required reports and monitoring analysis o Tracking CMS notices of non-compliance, warning letters, etc. o Tracking to determine if root causes were found and corrected o Ensuring there was timely, appropriate, and consistent disciplinary action as needed BOD Minutes The BOD maintains contemporaneous minutes which it is able to share with CMS auditors as evidence of the BOD s active engagement in oversight of the Medicare Compliance Program. The BOD asks questions, takes actions, and follows up as needed. Senior Management Involved in Compliance Program ( Medicare Managed Care Manual, Part C, Chapter ; Prescription Drug Manual, Chapter ) 42 CFR (b)(4)(vi)(B), (b)(4)(vi)(B) The Brand New Day senior officer, the Chief Executive Officer (CEO) and other senior management understand the importance of the compliance program. They are involved in oversight of the Compliance Program. They ensure that the Compliance Officer is given the respect, credibility, authority, and resources needed to maintain a robust and effective compliance program. The Compliance Officer updates the CEO and COO regarding areas in which Brand New Day is at risk of non-compliance. The Compliance Officer is free to discuss issues, audit results, and strategies to improve compliance. The CEO and COO are advised of all compliance enforcement notices and activities in a timely manner. Monitoring / Auditing: There is a check and balance that takes place between the Board of Directors, the Compliance Officer, and the Compliance Committee (MOCQSI). Compliance Committee: The Compliance Officer is responsible to ensure the Committee meets a minimum of 10 months per year. Page 16 of 49

17 Compliance Officer: The Board of Directors monitors the work of the Compliance Committee via quarterly reporting furnished to the Board from the Compliance Officer. Board of Directors: The Compliance Officer trains and tests the Board annually and as needed regarding Compliance, Fraud Waste & Abuse, Models of Care, and other required elements. Page 17 of 49

18 Chapter Three Effective Training and Education (Medicare Managed Care Manual, Part C, Chapter ; Prescription Drug Manual, Chapter ) 42 CFR (b)(4)(vi)(C), (b)(4)(vi)(C) Brand New Day has training at the onset of employment / contracting and again annually thereafter. The Compliance Department tracks completion of training with a passing score. Effective training should result in higher rates of compliance with all Medicare program requirements. Brand New Day Compliance Department staff and departmental leadership spend time training employees in various departments regarding how their work impacts the Compliance Program and how the Medicare requirements apply to their job functions. General Compliance Training ( Medicare Managed Care Manual, Part C, Chapter ; Prescription Drug Manual, Chapter ) 42 CFR (b)(4)(vi)(C), (b)(4)(vi)(C) The Compliance Officer with assistance from the Compliance Department staff, conducts new hire and annual Compliance Training for employees, contractors who work with BND members, members of the Board of Directors, and management staff, New Hire training is required to take place within 90 days of hiring / contracting and whenever possible it takes place in a full day of face to face training with other new hires. Annual training is self study with a test that must be completed and submitted to the Compliance Department for scoring. Corrective actions are required when the test results are less than 85%. Brand New Day Compliance staff track completion by each new hire and employee annually. The Compliance Officer or designee follow up as needed with those who did not take their test timely to ensure the test is completed. An attestation that the Code of Conduct was received, reviewed, and understood is also required and tracked to ensure completion. Page 18 of 49

19 Brand New Day mails, s, faxes, or posts on the website, the First Tier and Downstream Related Entities (FDRs) training materials. The FDRs are required to complete training and testing with their staff and/or contractors. BND requires that the FDRs submit an attestation stating they have completed training with their staff and that they have records available for audit. BND accepts FWA Certifications from those who completed requirements through Medicare. They are deemed to have met the training and educational requirements for FWA. Brand New Day encourages employees and FDRs to complete the CMS training on their website. The website URL is given as an optional training. When completed they are asked to furnish a copy of their certificate of completion. Updating Content of Compliance Training Materials Brand New Day reviews and updates training materials annually at a minimum and when there are material changes in regulations, policies, or guidance. Content of Compliance Training Materials: Brand New Day compliance training materials must include at a minimum: Compliance policies, Code of Conduct, and Brand New Day s commitment to conducting all business in an ethical manner in compliance with Medicare requirements; How to report suspected non-compliance or Fraud, Waste or Abuse (FWA); Assurance of confidentiality, anonymity, and non-retaliation for reporting; The requirement to report (against federal law to not report); Examples of non-compliance employees might witness; Review of Disciplinary Guidelines (including potential termination of services); Training is mandatory and a condition of continued employment; Review policies related to contracting with government (no gifts); Review of potential Conflicts of Interest (COI) and requirement to report it to the Brand New Day Director of Human Resources; HIPAA security and confidentiality; Compliance monitoring and auditing; Laws that govern employee conduct in the Medicare program Fraud, Waste, and Abuse Training ( Medicare Managed Care Manual, Part C, Chapter ; Prescription Drug Manual, Chapter ) Page 19 of 49

20 CFR (b)(4)(vi)(C), (b)(4)(vi)(C) HPMS memo of May 8, 2012, regarding CMS FWA Training and Education Guidance Like the Compliance Training, the FWA Training is conducted by the Compliance Department staff for New Hires within 90 days of employment / contracting and annually thereafter. As needed Brand New Day may conduct ad hoc training focusing on specific issues regarding FWA risks, non-compliance, or when requirements change. Brand New Day conducts the same training for all during the New Hire and Annual training but ad hoc training may be department specific. FDR Training is the general training but ad hoc training may be more specific. If FDRs have completed the training available through the CMS Medicare Learning Network (MLN) at they are not required to complete the Brand New Day training. They can submit the training certificate from MLN instead and be deemed trained. FWA Training includes: Laws and regulations related to MA and Part D FWA (False Claims Act, Anti-Kickback statute, HIPAA/HIGHTECH, etc.); FDR obligation to have FWA policies and procedures; Processes for reporting FWA to FDR or Brand New Day; Protections for FDR employees who report FWA; Types of FWA that can occur in the FDR setting; Record Retention Evidence of Training Medicare requires health plans and providers (FDRs) to retain all records for a minimum of ten (10) years. Proof of training and training materials must be retained for the ten year period to enable CMS to audit training records. Plans and providers must be able to demonstrate evidence of training via: attestations, sign-in sheets, tests, test scores, certificates, etc. BND accepts FWA Certifications from those who completed requirements through Medicare websites. They are deemed to have met the training and educational requirements for FWA. Monitoring / Auditing: Tracking Logs are maintained to monitor the completion of training. Providers attest to also training their staff. New Hire Training: The Compliance Officer or designee monitors monthly to ensure newly hired employees are trained within 90 days of hiring. Annual Employee Training: The Compliance Officer or designee monitors annually to ensure employees are re-trained annually at a minimum. Page 20 of 49

21 Provider Training: The Compliance Officer or designee monitors quarterly to assess the completion of training by providers of their staff / contractors. Page 21 of 49

22 Chapter Four Effective Lines of Communication (Medicare Managed Care Manual, Part C, Chapter ; Prescription Drug Manual, Chapter ) 42 CFR (b)(4)(vi)(D), (b)(4)(vi)(D) Brand New Day has established lines of communication that ensure confidentiality between the compliance officer, members of the compliance committee, employees, managers, the Board of Directors, and the FDRs. Compliance issues can be reported via a confidential and anonymous Hot Line answered only by the Compliance Officer or Compliance Director. Brand New Day has an box available to those who wish to report via confidential . Documentation is maintained in a confidential shared drive, GovtAffairs. Effective Lines of Communication Among the Compliance Officer, Compliance Committee, Employees, Governing Body, and FDRs ( Medicare Managed Care Manual, Part C, Chapter ; Prescription Drug Manual, Chapter ) 42 CFR (b)(4)(vi)(C), (b)(4)(vi)(C) Compliance Officer and Compliance Committee: The Compliance Officer (CO) is the Chair of the Compliance Committee (the Medicare / Medi-CAL, Operations, Compliance, Quality, and Service Improvement Committee (MOCQSI) and sets the agenda. The agenda includes changes and new information from CMS via the sharing of HPMS memos, audit findings, monitoring reports, etc. The decision-making leaders from each department are given opportunities to openly discuss issues, barriers, or concerns they may have. The CO communicates changes in regulations, requirements, company policies and procedures, and the Code of Conduct. Page 22 of 49

23 Compliance Officer and Employees: The CO is available to all employees via an open door policy. Employees are able to come to the CO with any issues, concerns, or barriers to compliance. They may also share any concerns regarding suspicious activities, potential fraud, waste, or abuse. The CO issues memoranda, Medicare Alerts, or other written communications to employees and contracting staff. Each memo includes the Compliance Officer s name, address, and contact information. The CO and/or Compliance Department staff conduct training meetings with employees, leadership, contracting staff, and consultants as needed from time to time. Compliance Officer and Compliance Committee with the Board of Directors: The CO is invited to the quarterly meetings of the Board of Directors (BOD). The CO shares with the board compliance risks, issues of compliance, audit findings, and recommendations to improve compliance through new processes or the addition of needed resources. The CO shares appeals and grievance trends and interventions with the BOD. The BOD may recommend additional activities and interventions they wish to have carried out. The CO is responsible to ensure the effective implementation of such activities and interventions. The CO communicates requests / required actions from the Board of Directors. The CO communicates to the Board of Directors regarding activities and compliance issues during quarterly meetings, or as needed by or memo. The HPMS Memo Tracking Log (with hyperlinks) is posted on the intranet where all staff can access any memo at any time to view or review the details Communication and Reporting Mechanisms (Medicare Managed Care Manual, Chapter ; Prescription Drug Manual, Chapter ) 42 C.F.R (b)(4)(vi)(D), (b)(4)(vi)(D) Mandated Reporting Universal Care / Brand New Day requires employees to report possible ethical issues. The Company offers several channels by which employees and others may report ethical concerns or incidents, including, without limitation, concerns about violation of this code, our policies, accounting, internal controls, or auditing matters. We provide a Compliance Hotline that is available 24 hours a day, seven days a week. Individuals may choose to remain anonymous. We prohibit retaliatory action against any individual for raising legitimate concerns or questions regarding ethical matters, or for reporting suspected violations. Communication and Reporting Mechanisms Page 23 of 49

24 Brand New Day communicates and reminds staff regarding the importance of reporting and how to report potential compliance issues including but not limited to fraud, waste, and abuse; HIPAA violations; other ethical concerns. Some ways that communicate how to report are as follows: New employee and annual mandated training materials and discussion Code of Conduct ID badges for building access have an attached laminated information card indicating it is everyone s responsibility to report, it indicates the Hotline extension, it indicates it can be anonymous, it indicates it is retaliation free, it indicates reporting is available 24/7, it indicates an address for reporting, and it indicates the Compliance Officer s name. Framed posters are on walls throughout the building Reporting information is as follows: By telephone: Compliance Hotline: Ext 4071 By mail: Compliance Officer: 5455 Garden Grove Blvd., 5 th floor Westminster, CA By fax: By Compliance@universalcare.com or Hotline@universalcare.com Communications with the FDRs takes place in a variety of ways: Providers receive information and communication from BND in many ways including but not limited to the following: Cerecons Provider Portal Scheduled Joint Operations / Utilization Management Committee (JOUMC or JOUM) meetings take place on a regular basis with each FDR. Meetings are scheduled monthly, bi-monthly, quarterly, or semi-annually depending on the performance of the group and the length of time they have been with Brand New Day. Brand New Day Provider Alerts are sent to providers by and posted on Cerecons. Page 24 of 49

25 Outbound phone calls from the Provider Services staff take place for expedient requests / information. Mailings of information about specific members (Individual Care Plans, Predictive Modeling Reports, Listings of preventive services due, Incentive bonuses, etc. Posting of information on the BND website: Enrollee Communications and Education (Medicare Managed Care Manual, Chapter ; Prescription Drug Manual, Chapter ) 42 C.F.R (b)(4)(vi)(D), (b)(4)(vi)(D) Brand New Day has information on its website about how to report potential FWA or other compliance issues of concern. From time to time, BND includes in member mailings a brief information sheet about FWA and how to protect oneself. Monitoring / Auditing: Communications are monitored to ensure they are taking place and the avenues of communication are open. Provider Communication: The Compliance Officer or designee monitors monthly or quarterly the number of provider meetings conducted to ensure communications are open and taking place. Provider Alerts: The Director of Provider Services shares again with providers, during joint meetings any Provider Alerts developed by the Compliance Officer or department. Website: The Director of Compliance ensures the website is up to date and contains information about Compliance, Privacy, and Fraud. Page 25 of 49

26 Chapter Five Well-Publicized Disciplinary Standards (Medicare Managed Care Manual, Part C, Chapter ; Prescription Drug Manual, Chapter 9.50) 42 C.F.R (b)(4)(vi)(E), (b)(4)(vi)(E) Brand New Day has a Code of Conduct that includes the company s expectations / requirement regarding reporting compliance issues. The Code of Conduct clarifies the need to identify and report noncompliance and unethical behavior. BND includes the fact that disciplinary actions will be taken, up to and including termination of employment for violating the Code of Conduct. Brand New Day ensures timely, consistent, and effective enforcement of the standards when noncompliance or unethical behavior is determined Disciplinary Standards (Medicare Managed Care Manual, Part C, Chapter ; Prescription Drug Manual, Chapter ) 42 C.F.R (b)(4)(vi)(E), (b)(4)(vi)(E) Brand New Day has published disciplinary policies and procedures that reflect clear and specific disciplinary standards. The disciplinary policies must describe the sponsor s expectations for the reporting of compliance issues including noncompliant, unethical or illegal behavior, that employees participate in required training, and the expectations for assisting in the resolution of reported compliance issues. The policies have some examples of noncompliant, unethical or illegal behavior, through examples of violations. Disciplinary action is determined based on the seriousness of the violation. Methods to Publicize Disciplinary Standards (Medicare Managed Care Manual, Chapter ; Prescription Drug Manual, Chapter ) Page 26 of 49