Health Share of Oregon Compliance Program Self Assessment Tool

Transcription

1 Health Share of Oregon Compliance Program Self Assessment Tool Name of Organization: Person Completing Assessment: Date Assessment Completed: Title: 1. Written Policies and Procedures 1.1 Are compliance expectations included in a written code of conduct or code of ethics? 1.2 Has the compliance program been implemented within the organization? 1.3 Does the compliance program provide guidance to employees and others associated with the Delegate on how to identify and communicate compliance issues to compliance personnel? 1.4 Does the compliance program describe how potential compliance problems are investigated and resolved? 1.5 Does the compliance program clearly communicate the Delegate s compliance expectations to the governing board, management, employees and others associated with the Delegate? 1.6 Have the compliance program and its associated policies and procedures been reviewed and approved by the governing board or senior management? 1.7 Is the compliance program made accessible to the governing board, senior management, employees, customers and others associated with the Delegate? Page 1 of 9

2 2. Designate an employee vested with responsibility 2.1 Is the responsible compliance position an employed position? 2.2 Does the responsible compliance position have responsibility for day to day operation of the compliance program? 2.3 Does the person with responsibility for the day to day operation of the compliance program have responsibilities other than compliance? 2.4 If the answer to question 2.3 is Yes, are sufficient resources made available to the person with responsibility for the day to day operation of the compliance program to satisfactorily carry out their compliance activities? What evidence exists to demonstrate that the Compliance Officer is conducting his/her compliance activities satisfactorily? 2.5 Does the responsible compliance position report to the CEO or other senior staff (and not through the legal dept or the CFO)? 2.6 Does the responsible compliance position periodically communicate with the governing board on the activities of the compliance program? 2.7 Does the responsible compliance position have a regularly pre-scheduled meeting with the governing board to report on activities of the compliance program? 2.8 Is the responsible compliance position part of the Delegate s leadership? 2.9 Does the person with responsibility for the day to day operation of the compliance program have a background in compliance? Page 2 of 9

3 2.10 Has the Delegate created compliance committees at both the management and governing body levels? 3. Training and education 3.1 Is there evidence of a compliance training program which includes the Code of Conduct/Ethics; expectations of the compliance program; and how the compliance program operates? 3.2 Are new employees, board members and affiliated trained in compliance so that they could identify circumstances of fraud, waste and abuse? 3.3 Is the compliance training made part of orientation for new employees, board members and affiliates? 3.4 Is there annual training on compliance to employees, board members and affiliates so that they could identify circumstances of fraud, waste and abuse? 3.5 If a compliance issue arises that appears to be systemic or broad-based, is there a specific compliance related training performed to address the specific issue? 3.6 Do training materials include information identifying the responsible compliance position; their contact information; anonymous and confidential methods to report potential compliance violations and ways to obtain additional assistance? 3.7 Is the training information made accessible throughout the organization? 3.8 Is training provided by qualified individuals or entities? Page 3 of 9

4 4. Communication lines to the responsible compliance position 4.1 Are there accessible mechanism(s) for the governing board, management, employees and others associated with the Delegate to communicate compliance related concerns to the responsible compliance position? Provide examples 4.2 Do the accessible mechanism referred to in 4.1 include methods for anonymous or confidential communication? 4.3 Are the available lines of communication and examples of the types of issues to be reported to the responsible compliance position well publicized throughout the Delegate(e.g. orientation/education sessions, posters, pamphlets, intra/internet, etc)? 4.4 Does the entity maintain a tracking system for all questions or concerns that come to the responsible compliance position? 4.5 Does a mechanism exist for providing feedback to those that raise questions/concerns (even those communicated on an anonymous or confidential basis)? 5. Disciplinary policies to encourage good faith participation 5.1 Do disciplinary policies exist which encourage good faith participation in the compliance program by the governing board, senior management, Page 4 of 9

5 employees and others associated with the Delegate? 5.2 Do disciplinary policies set out expectations for reporting compliance issues and for assisting in their resolution? 5.3 Do disciplinary policies outline sanctions for failing to report suspected problems; participating in on-compliant behavior or encouraging, directing, facilitating or permitting non-compliant behavior? 5.4 If any disciplinary action was taken, was discipline fairly and consistently applied regardless of the perpetrator s position with the Delegate? 5.5 Have disciplinary policies and procedures related to the compliance program been implemented, published and communicated to the governing board, senior management, employees and others associated with the Delegate? 5.6 Is there a stated consequence for assisting, participating, facilitating in or ignoring a breach of the Delegate s compliance program? 5.7 Is there a stated consequence for assisting participating facilitating in, or ignoring fraud, waste, or abuse in the Delegate program? 6. A system for routing identification of compliance risk areas 6.1 Does a system exist within the Delegate s compliance plan to routinely identify compliance risk areas specific to the type of service provided? 6.2 Does a system exist within the Delegate compliance plan to routinely conduct selfevaluation of risk areas, including internal audits and as appropriate external audits? 6.3 Does the Delegate routinely Page 5 of 9

6 evaluate potential or actual noncompliance as a result of its selfevaluations and audits? 6.4 Does the Delegate have systems in place to ensure that its employees, contractors, grantees and other organizations providing services or billings through the Delegate are not submitting false claims as that may be defined under the federal False Claims Act? 6.5 Does the Delegate have a formal committee that assists the compliance officer in identifying risk areas and evaluating potential or actual noncompliance as part of a risk evaluation process? 6.6 If the answer to 6.4 is yes, does the committee referenced in 6.4 have regular meetings where meeting summaries are prepared or minutes are taken and reports are issued to the Delegate s management or governing board that routinely identify risk areas for the organization. 6.7 Has the Delegate identified its compliance risks to minimize its risk exposure, address weaknesses in the compliance program and correct violations of the Delegate s program s requirements? 6.8 Does the Delegate analyze the effectiveness of corrective actions identified in the risk analysis, in previous audits (e.g. billing for excluded parties, disclosure requirements for overpayments required by the federal Patient Protection and Affordable Care Act or third party zero billings)? 6.9 The federal Deficit Reduction Act of 2005 requires Medicaid providers that receive $5million or more in Medicaid payments during a federal fiscal year to certify that it has established written policies and procedures informing their employees, contractors and agents about Page 6 of 9

7 federal and state false claim acts and whistleblower protections. Has the Delegate provider met DRA s requirement? 7. A system for responding to compliance issues 7.1 Does a system exist within the Delegate compliance plan for responding to compliance issues as they are raised? 7.2 Does a system exist within the Delegate compliance plan for investigating potential compliance issues? 7.3 Does a system exist within the Delegate s compliance plan to respond to compliance issues that are identified in the course of self-evaluation and audits? 7.4 Does a system exist within the Delegate to correct compliance issues promptly and thoroughly and implement procedures, policies and systems that may be necessary to reduce the potential for recurrence? 7.5 Does a system or methodology exist to periodically prioritize compliance oversight of activities that are the most serious or most likely to occur? 7.6 Does a system exist within the Delegate s compliance plan for identifying and reporting compliance issues to Health Share and OHA? 7.7 Does a system exist within the Delegate s compliance plan to report, refund and explain overpayments received? 7.8 Do the Delegate s policies and procedures ensure immediate action to secure the health and safety of current enrollees, including those situations where a failure in compliance has occurred? Provide details on how the Page 7 of 9

8 system works. 7.9 Has the system for responding to compliance issues been used by employees, management, the governing board or affiliates? What are the details on how the system works? 7.10 Did the Delegate respond to issues on potential overpayments made which may include, but not be limited to: billing for DOS for enrollees after enrollee s date of death; checking the 3 lists for individuals who are excluded from providing, ordering or billing for services under the Medicaid program; mandatory disclosure, repayment and explanation of overpayments received under the Medicaid program as required by Section 6402 of the PPACA; and billing for services while the enrollee was in an alternative level of care that would be inconsistent with the service being billed. 8. A policy of non-intimidation and non-retaliation 8.1 Does the compliance plan or Delegate policy state intimidation or retaliation will not be permitted against individuals who in good faith participate in the compliance program, including but not limited to reporting potential issues, investigating issues, selfevaluation, audits and remedial actions and reporting to appropriate officials? 8.2 Are allegations of intimidation or retaliation fully and completely investigated? What history exists associated with investigations of allegations of intimidation or Page 8 of 9

9 retaliation? 8.3 Is the disciplinary action uniformly and consistently applied across the organization regardless of title or position? What examples exist of uniform application of discipline? Formulated: February 2013 Page 9 of 9