SAINT FRANCIS HEALTHCARE PARTNERS ACO, INC. CORPORATE COMPLIANCE PLAN. Adopted by Resolution of the Board of Directors on June 24, 2014

Transcription

1 SAINT FRANCIS HEALTHCARE PARTNERS ACO, INC. CORPORATE COMPLIANCE PLAN Adopted by Resolution of the Board of Directors on June 24, 2014

2 TABLE OF CONTENTS PAGE CORPORATE COMPLIANCE PLAN... 1 MISSION STATEMENT AND CODE OF CONDUCT... 2 COMPLIANCE POLICY... 3 COMPLIANCE OFFICER & COMPLIANCE COMMITTEE... 5 COMPLIANCE EDUCATION AND TRAINING POLICY... 8 COMPLIANCE AUDITING AND MONITORING POLICY COMPLIANCE WITH ACO-APPLICABLE LAWS BUSINESS AND PROFESSIONAL ETHICS POLICY CONFIDENTIALITY POLICY DOCUMENT RETENTION POLICY CONFIDENTIAL REPORTING POLICY INVESTIGATION PROCEDURE FRAUD AND ABUSE COMPLIANCE POLICY PERSONNEL POLICIES CONCERNING CORPORATE COMPLIANCE REPORTING TO OUTSIDE AGENCIES POLICY AND NOTIFICATION PROCEDURE FOR INVESTIGATIONS, SEARCH WARRANTS AND OTHER REGULATORY REQUESTS OR DEMANDS FOR INFORMATION Attachment A Acknowledgement Form... 28

3 CORPORATE COMPLIANCE PLAN Saint Francis HealthCare Partners ACO, Inc. (hereinafter referred to as SFHCP ACO or the ACO ) reserves the right to modify and/or eliminate any and all policies or procedures at the discretion of the ACO at any time. These policies and related procedures are not a promise or contract of employment or entitlement to benefits. 1

4 MISSION STATEMENT AND CODE OF CONDUCT The SFHCP ACO is a cohesive network of independent healthcare practitioners, Saint Francis Hospital and Medical Center and other facilities that serve as a vehicle through which the clinical and related economic interests of patients, providers, and payers become aligned. Our success is achieved through the continual improvement of quality and patient outcomes, and the efficient management of clinical and financial resources. Integrity and trust are essential to our mission of providing excellent service to ACO Participants, ACO Providers/Suppliers (as such terms are defined under the Medicare Shared Savings Program) and their patients. In order to foster this trust, the ACO is committed to carrying out its mission in compliance with all applicable Federal and State laws and regulations and ethical guidelines that apply to the operations of the ACO and to conduct the affairs of the ACO in keeping the highest ethical, medical and legal standards. The ACO has implemented a Corporate Compliance Plan to prevent, detect and resolve illegal or unethical conduct that may occur within the ACO. The Corporate Compliance Plan applies to every individual or entity affiliated with the ACO, including ACO Participants, ACO Providers/Suppliers and their staff, ACO employees, agents, officers, directors, and any contractor or individual that performs functions on behalf of the ACO (collectively referred to as the ACO Parties or individually as an ACO Party ). Questions or concerns that the ACO policies and procedures or legal requirements are not being followed are to be reported to the ACO Compliance Officer ( Compliance Officer ) so that the question or concern can be dealt with appropriately. 2

5 COMPLIANCE POLICY 1. It is the policy of the ACO to comply with all applicable Federal, State and local laws and regulations, both civil and criminal, pertaining to the operations of the ACO. 2. In addition to complying with the law, it is also the policy of the ACO to comply with standards of conduct which ensure compliance with such laws. It is the policy of the ACO to implement and comply with its Corporate Compliance Plan (the Plan ). 3. No ACO Party has any authority to act contrary to the provisions of the Plan or any policy or procedure, law or regulation or to authorize, direct or condone violations by any other ACO Party. 4. Any ACO Party who has knowledge of activities that he or she believes may violate the Plan or applicable law has an obligation, after learning of such activities, to report the matter promptly to the Compliance Officer. Reports may be made anonymously and no ACO Party will be penalized for reports of activity the individual reasonably believes to be true at the time of the report. Failure to report known violations, failure to detect violations due to negligence or reckless conduct, and making reports known to be false at the time of the report shall be considered a violation of this policy and grounds for disciplinary action, including termination, if applicable. 5. In addition to the Plan, the ACO may develop and implement written policies and procedures to describe in more detail ACO compliance processes and procedures. It is the policy of the ACO to comply with such materials. 6. The ACO will take steps to communicate its policies and procedures to all ACO employees, directors, officers, ACO Participants and ACO Providers/Suppliers by requiring participation in training programs where indicated and by disseminating information that explains what is required. The ACO will also disseminate this Plan and ensure that each ACO Party complete a form acknowledging review of the Plan and agreeing to comply with its terms (the Acknowledgement Form ). 7. The ACO will take steps to achieve compliance with its Plan by utilizing periodic or ongoing education, monitoring and auditing systems reasonably designed to detect misconduct by ACO Parties and by having in place and publicizing a reporting system whereby any individual can report suspected misconduct or noncompliance by others within the ACO without fear of retribution. 8. The Plan will be consistently enforced through appropriate monitoring, auditing and disciplinary mechanisms, including, as appropriate, discipline of individuals responsible for the failure to detect or correct violations. The appropriate form of discipline will be case-specific and determined in the discretion of the ACO and may include (as applicable) termination of employment. 3

6 9. After a violation has been detected, the ACO will take all reasonable steps to respond appropriately, to implement corrective action, if necessary, and to prevent further similar violations, including any necessary modifications to ACO procedures or to the Plan to prevent and detect violations of law. 10. The ACO shall periodically review the Plan. The ACO reserves the right to change, modify or waive any or all of its policies and procedures. If any ACO Party has a question concerning a particular provision contained herein or concerning any practice not addressed in this document, he or she should consult with the Compliance Officer. 4

7 COMPLIANCE OFFICER & COMPLIANCE COMMITTEE 1. The ACO s Board of Directors has ultimate responsibility for ACO compliance. The Plan shall be implemented and operated under the guidance and supervision of the Compliance Officer, the Compliance Committee of the Board of Directors ( Compliance Committee ) and ACO management. 2. The ACO Compliance Officer or the Compliance Officer s designee shall have the authority to carry out the responsibilities set forth in this Compliance Plan. In the event that the Compliance Officer is not available, the President & Chief Executive Officer of the ACO ( President ) shall carry out the responsibilities of the Compliance Officer in the Compliance Officer s absence. The Compliance Officer shall have direct access to the President, the Compliance Committee, senior management and legal counsel. The ACO shall provide the Compliance Officer with sufficient funding and staff (within the budget of the ACO) to reasonably perform his or her responsibilities. 3. The compliance functions to be performed by the Compliance Officer include: overseeing and monitoring the implementation and on-going operation of the Plan; reporting directly to the ACO Board of Directors on a regular basis regarding the status of the Plan and compliance related issues; monitoring and reporting on developments in state and federal laws that relate to the ACO and its operations; periodically revising the Plan in light of changes in the ACO s needs, or changes in the law and policies and procedures of government and private payor health plans; maintaining executed Acknowledgement Forms; developing, coordinating and administering an educational and training program for ACO staff, ACO Participants and ACO Providers/Suppliers that focuses on the elements of the Plan and seeking to ensure compliance with the Plan and pertinent Federal and State laws and regulations; ensure that the Office of Inspector General s List of Excluded Individuals and Entities and the General Services Administration s List of Parties Debarred from Federal Programs have been reviewed and results confirmed prior to initial hiring or engagement and no less frequently than annually thereafter with respect to all ACO Parties; assisting ACO management in coordinating internal compliance review and monitoring activities, including annual or periodic reviews, to the extent deemed necessary and appropriate by the President or Compliance Officer; investigating any report or allegation concerning possible unethical or improper practices or other possible violations of the Plan and recommending corrective action; continuing execution of the Plan and the accomplishment of its objectives after implementation. 4. The Compliance Officer and other staff designated to perform these functions shall have the authority to review all documents and other information that are relevant to 5

8 compliance activities, including, but not limited to, patient records (where appropriate, and subject to applicable ACO policies and procedures relating to protection of personal health information and other individually-identifiable information), records concerning marketing efforts and records concerning the ACO s arrangements with other parties, including staff, physicians, professionals, facilities, drug and device manufacturers, ancillary service providers, independent contractors, suppliers and agents. This Plan authorizes the Compliance Officer to review contracts and obligations with any provider or entity in a position to refer that may contain referral and payment provisions that could violate statutory or regulatory requirements. In connection with the review of such contracts and obligations, the Compliance Officer shall ensure that advice of legal counsel is obtained, where appropriate. 5. The Compliance Officer shall be copied on the results of all internal audit reports. The Compliance Officer shall ascertain patterns that may require a change in policy and forward those issues to the Compliance Committee and the President, as appropriate, to remedy the problem. 6. The Compliance Officer shall, biannually, or more frequently as deemed necessary by the Compliance Officer or the Compliance Committee, review the Compliance Plan with legal counsel and propose changes to the Plan as may be necessary or desirable in light of changes in ACO operations or changes in laws, regulations, or interpretations thereof. Any such changes to the Plan shall be approved by the Board of Directors. 7. For purposes of this Plan, to the extent the President may be charged by the Board of Directors with carrying out the functions and responsibilities of the Compliance Officer under this Plan, then, when any provision in this Plan shall direct the President to consult with the Compliance Officer, said provision shall be read to direct the President to consult with the Compliance Committee. 8. The Compliance Committee shall assist and advise the Compliance Officer in the development, implementation and on-going monitoring and operation of the Compliance Plan. The Committee s functions shall include: analyzing legal requirements and specific ACO risk areas; assessing policies and procedures that address these risk areas for possible incorporation into the Plan; working with the President, the Compliance Officer, and legal counsel to develop policies and procedures to promote compliance with legal and ethical requirements; recommending and monitoring, in conjunction with the relevant departments, the development of internal systems and controls to carry out the ACO s policies and procedures as part of its daily operations; determining the appropriate strategy or approach to promote compliance with the Plan and detection of any potential violations, such as through hotlines and other fraud reporting mechanisms; developing a system to solicit, evaluate and respond to complaints and problems, including the development of independent reporting paths for any ACO Party to anonymously report fraud, waste or abuse; and 6

9 monitoring internal and external audits and investigations for the purpose of identifying troublesome issues and deficient areas as may be experienced by the ACO, and implementing corrective and preventive action as necessary. 9. The Compliance Committee shall meet at least quarterly to review the ongoing operations of the Compliance Plan and may review compliance issues more frequently if necessary at the request of the Compliance Officer, or as may be warranted. From time to time, the Compliance Committee shall report to, and consult with, the Board of Directors or its appropriate committees. 10. The Compliance Committee shall be comprised of those individuals appointed by the Board to serve on such committee in accordance with the ACO Bylaws governing committee appointment.. 7

10 COMPLIANCE EDUCATION AND TRAINING POLICY 1. The ACO shall communicate compliance policies and procedures, as well as applicable laws, to all ACO Parties. The Plan shall be located in the ACO President s office and the office of the Compliance Officer and readily available to any ACO Party who requests the Plan. All ACO Parties shall be given an opportunity to review a copy of the Plan and shall also be instructed on any specific policies and procedures that affect their position or affiliation with the ACO. In addition, all ACO Parties shall acknowledge in writing their acceptance and understanding of the Plan and agreeing to comply with its requirements by executing an Acknowledgement Form (a copy of which is attached hereto as Attachment A). 2. ACO employees, officers, directors, ACO Participants and ACO Providers/Suppliers will be required to participate in periodic training programs that are appropriate to their positions or affiliation with the ACO and their respective obligations or responsibilities. The Compliance Officer, in his or her discretion, may require other individuals to participate in training programs. Any formal training undertaken as part of the Plan shall be documented. 3. New ACO employees, officers, directors, ACO Participants and ACO Providers/Suppliers shall receive compliance training within thirty (30) days of the date of their hire or affiliation with the ACO and shall undergo refresher training on a regular basis, and at least annually. Specifically, all ACO employees, officers, directors, ACO Participants and ACO Providers/Suppliers shall participate in the ACO s compliance training program (the Training Program ), which includes initial training at the time of hire or affiliation and annual training as part of mandatory annual education. As part of the Training Program, ACO employees, officers, directors, ACO Participants and ACO Providers/Suppliers are required to take quizzes and sign attestation statements. The Compliance Officer shall coordinate such training and shall be responsible for ensuring that appropriate individuals participate in the Training Program. The goals of the Training Program are: (1) education regarding how to perform responsibilities and obligations in compliance with the policies and procedures of the ACO and any applicable laws and regulations; (2) understanding duties and obligations under the Compliance Plan; and (3) understanding that compliance is a condition of continued employment and/or affiliation with the ACO. 4. General compliance training for all applicable ACO Parties shall emphasize the commitment of the ACO to comply with applicable laws and each ACO Party s duty to report misconduct to the ACO. General compliance training shall include: a. the importance of the Plan and how it works; b. an overview of the applicable laws and regulations; c. corporate ethics; d. an overview of the Plan; 8

11 e. consequences of violating the policies and procedures that are part of the Plan; and f. the role of each person subject to the requirements of the Plan and how to report misconduct. 5. Attendance and participation in compliance training shall be a condition of continued employment for employed staff and a condition of continued engagement or affiliation for ACO Participants and ACO Providers/Suppliers. Failure to comply with training requirements may result in termination. 6. The Compliance Officer shall establish a procedure for all ACO Parties to submit questions about, or request clarification of, any compliance issues. If appropriate, and subject to confidentiality requirements, the Compliance Officer shall share the questions and answers with others if appropriate for training purposes. 7. The Compliance Officer may conduct an exit interview with any ACO Party whose employment or affiliation is terminated for any reason. The Compliance Officer may inquire whether the individual is aware of or participated in any conduct or activity that could be construed as non-compliant with applicable laws, third party payor requirements, or any ACO policy, including the Plan. If the departing individual answers in the negative, the Compliance Officer shall prepare a brief statement and maintain such statement as a contemporaneous record in the departing individual s employment file or in the files maintained by the Compliance Officer. If the answer is in the affirmative, the Compliance Officer shall initiate an investigation and review as set forth in the Plan. 9

12 COMPLIANCE AUDITING AND MONITORING POLICY 1. An ongoing auditing and monitoring system shall be developed consistent with the operations of the ACO. 2. The ongoing auditing and monitoring system shall include, at a minimum, periodic review of the following: a. accuracy of data submitted to the Centers for Medicare and Medicaid Services (CMS); b. the ACO s compliance with Medicare Shared Savings Program (MSSP) regulations governing beneficiary inducements; c. screening of ACO Parties for Medicare exclusions/sanctions; d. CMS approval of ACO marketing materials; e. the ACO s compliance with MSSP regulations governing the prohibition on certain required referrals and cost shifting; f. notifying Medicare beneficiaries of MSSP participation; g. ensuring that the ACO is not avoiding at-risk beneficiaries, as such term is defined by CMS guidance; h. as applicable, compliance with the Data Use Agreement entered into between the ACO and CMS; i. the ACO s compliance with applicable Federal and state health care laws governing things such as healthcare privacy, referral, financial and contractual arrangements that must comply with fraud and abuse laws, and antitrust; j. the ACO s compliance with applicable federal regulations governing the ACO s participation in MSSP; k. the effectiveness and implementation of the Plan, including: i. dissemination of ACO policies and procedures; ii. ongoing educational programs regarding corporate compliance issues; iii. the reporting system; iv. disciplinary actions; and v. corrective action plans. 3. As part of the audit process, the Compliance Officer or independent, qualified reviewers may use one or more of the following techniques: 10

13 assessment of existing relationships with physicians, hospitals and other potential referral sources; unannounced mock surveys, audits and investigations; examination of ACO complaint logs; checking personnel records to determine whether any individuals who have been reprimanded for compliance issues in the past are among those currently engaged in improper conduct; and evaluation of written materials and documentation outlining ACO policies and procedures. 4. All reviewers shall: have access to relevant personnel and all relevant areas of operation; present written evaluative reports on compliance activities to the President, members of the Compliance Committee; and specifically identify areas where corrective actions are needed. 5. In addition, ACO policies and procedures should be reviewed periodically, by the Compliance Officer and any individual in the ACO with special knowledge, to determine if they are current and complete. If necessary, the policies and procedures should be updated. 6. Problem areas identified through the auditing and monitoring process shall be incorporated into the ACO training program for relevant ACO Parties. The ACO shall take reasonable steps as necessary to correct identified problems and prevent them from recurring. In some situations, subsequent reviews or studies shall be used to ensure that the recommended corrective actions have been implemented successfully. 7. Auditing and monitoring shall be conducted by internal personnel, outside consultants, and, when necessary, legal counsel, as determined by the Compliance Officer. 11

14 COMPLIANCE WITH ACO-APPLICABLE LAWS As a managed care contracting entity participating in MSSP, the ACO s activities may implicate a number of Federal and State laws, such as laws governing healthcare privacy, referrals, fraud and abuse, and antitrust. All ACO Parties are required to comply with MSSP regulations and any other laws applicable to the ACO-related activities of such person or entity. The Compliance Officer, in consultation with legal counsel, shall periodically review federal and state laws applicable to the ACO s participation in MSSP. Based upon such review, the Compliance Officer and/or legal counsel shall propose changes to the Plan as may be necessary. Any such changes to the Plan shall be approved by the ACO Board of Directors. The Compliance Officer may also revise the Training Program in order to ensure that relevant ACO Parties are kept current about any applicable laws. Subject to narrow exceptions, ACO Parties are prohibited from providing gifts or other remuneration to beneficiaries as inducements for receiving items or services from or remaining in, an ACO or with ACO Providers/Suppliers in a particular ACO or receiving items or services from ACO Participants or ACO Providers/Suppliers. Any ACO Party that is unsure whether a particular item or service may be provided at no cost to a beneficiary is encouraged to contact the Compliance Officer. The ACO, ACO Participants, ACO Providers/Suppliers and any contractor or individual that performs functions on behalf of the ACO must check the Office of Inspector General s List of Excluded Individuals and Entities and the General Services Administration s List of Parties Debarred from Federal Programs prior to initial hiring of employees and periodically thereafter. If any member of the ACO community is aware that an ACO Party or any employee of such party has been excluded from participation in the Medicare program, such member must immediately notify his or her supervisor or the Compliance Officer. Any ACO Party who suspects that a particular activity, communication, agreement or situation may violate this Policy or State or Federal laws, should report those concerns to his or her supervisor, the Compliance Officer, or the President. If any member of the ACO community has any issue, question or concern relating, in any way, to the ACO or its operations or activities, whether or not they are addressed in this Policy and the Plan, is encouraged to communicate such question or concern, as the case may be, to the Compliance Officer or the ACO President. 12

15 BUSINESS AND PROFESSIONAL ETHICS POLICY 1. No officer, director, employee or agent of the ACO may make improper use of the property of the ACO or permit others to do so. Examples of improper use include the unauthorized appropriation or personal use of services, equipment, technology and patents, software and computer and copying equipment and the alteration, destruction or disclosure of data. 2. Seeking, accepting, offering or making any payment, gift or other thing of value to or from any subcontractor, vendor, supplier or potential contractor for the purpose of obtaining or acknowledging favorable treatment under a private or government contract or subcontract is strictly forbidden. Ordinary business courtesies or noncash de minimis gifts (under $50 in value) which are not solicited may be accepted by the ACO. 3. The ACO may provide gifts of de minimis value (under $50) in the nature of pens, mugs, etc., to participating providers for attendance at ACO events such as the ACO s Annual Meeting. 4. Offering or making any payment, gift or other thing of value to an actual or potential referral source (e.g. a referring physician) is prohibited unless permitted by this Plan or unless approved by the President after consultation with legal counsel. 5. As a general rule, ACO Parties are prohibited from providing gifts or other remuneration to beneficiaries as inducements for receiving items or services from, or remaining in, an ACO or with ACO Providers/Suppliers in a particular ACO or receiving items or services from ACO Participants or ACO Providers/Suppliers. Certain in-kind items or services may be provided to beneficiaries if they are reasonably connected to the beneficiaries care and the items or services are preventive care items or services or advance a clinical goal for the beneficiary (such as adherence to a drug or treatment regime, a follow-up care plan, or management of a chronic disease or condition). 6. ACO Parties are prohibited from avoiding at risk beneficiaries. An at-risk beneficiary includes, but is not limited to, a beneficiary who: (1) Has a high risk score on the CMS-HCC risk adjustment model; (2) Is considered high cost due to having two or more hospitalizations or emergency room visits each year; (3) Is dually eligible for Medicare and Medicaid; (4) Has a high utilization pattern; (5) Has one or more chronic conditions. (6) Has had a recent diagnosis that is expected to result in increased cost. (7) Is entitled to Medicaid because of disability; or 13

16 (8) Is diagnosed with a mental health or substance abuse disorder. 7. Subsidies from vendors for hospitality may not be accepted outside of modest meals or social events that are held as part of a conference or meeting. 7. Other subsidies shall be subject to the approval of the Compliance Officer. 8. All entries on books and records, including financial records and expense accounts, shall be accurate and complete and conform to applicable policies. 9. Staff shall use their best efforts to avoid violations of Federal copyright laws, including, but not limited to, laws pertaining to computer software. 10. Required time records shall be completed in a timely and accurate manner. 11. All officers, staff and agents shall refrain from any conduct during the performance of their duties that has the appearance of impropriety or that could reasonably be construed as contrary to the interests of the ACO or rules of professional ethics. 14

17 CONFIDENTIALITY POLICY 1. Confidential Information means business strategies, patient information, peer review records, financial data, clinical information, medical records, third party payor contracts, strategic and business plans, computer programs, research, business plans, documents and all other information kept as part of normal operations whether such information is in hard copy, electronic, digital or other format. It does not include any information that would otherwise be publicly available. 2. Maintaining the security of Confidential Information is a duty of all employees, officers, directors, staff, contractors and agents of the ACO, regardless of whether the individual in question works directly with such information. Individuals who have access to Confidential Information must ensure that such information, in whatever form it exists, is handled strictly in accordance with this policy and applicable legal and regulatory requirements regarding safeguarding Confidential Information. 3. Failure to maintain the confidentiality of such information shall be grounds for disciplinary action, including termination. 4. Confidential Information to be reviewed at meetings shall not be routinely distributed prior to meetings. If it is necessary to distribute Confidential Information prior to meetings, the following precautions may be observed, as deemed necessary by the President: a. The material shall be clearly marked as confidential; b. Distributed copies of the Confidential Information shall be numbered; c. Each numbered copy shall be retrieved at the meeting at which it is reviewed; d. All numbered copies shall be destroyed; and e. The original shall be retained in a secure location. 5. The ACO is a Business Associate of its participating providers who are Covered Entities, as those terms are defined in the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 ( HITECH ) and its accompanying regulations. It is the policy of the ACO to comply with HIPAA and its accompanying regulations. 15

18 DOCUMENT RETENTION POLICY The following policy will be observed relative to document creation, distribution, retention, storage, retrieval and destruction. 1. Documents shall be retained as required by Federal or State laws or regulations. If retention requirements vary, documents shall be retained for the longest period required. 2. It shall be the responsibility of the Compliance Officer, the President, and each staff member in a director position to monitor compliance with document retention requirements that pertain to information relative to his or her area of responsibility. 3. Record retention requirements shall be reviewed and updated periodically. 4. The Compliance Officer shall establish procedures to prevent the unintentional, intentional or accidental destruction of documents that may relate to a known or possible audit, request, investigation or similar action. Under no circumstances are records to be destroyed selectively or maintained outside the ACO s premises or designated storage facilities. 5. If the ACO is served with a subpoena, search warrant or similar official request, or is the subject of a government investigation or there is reason to believe that it may be subject to the same, the Compliance Officer shall direct the immediate retention and safeguarding of any documents that are, or may be, responsive to the request, regardless of their form. 6. The Compliance Officer shall maintain documents regarding the development and implementation of the Plan including: a. documentation that staff have been adequately trained; b. reports of suspected violations of the Plan or Federal or State laws or regulations, including the nature and results of any investigation that was conducted; c. documentation of corrective action, including disciplinary action taken and policy improvements introduced, in response to any internal investigation or audit; d. modifications to the Plan; e. self-disclosures to the Government; and f. results of the auditing and monitoring efforts. Such documents shall be maintained by the Compliance Officer and kept in a secure location. 7. The ACO shall retain all records and documentation required by applicable Federal and State laws and regulations, including the Medicare Shared Savings Program. 8. Destruction of records shall take place pursuant to this Policy so that it cannot be said that the ACO deliberately destroyed records in anticipation of a specific problem. 16

19 9. Any destruction procedure will be stopped to prevent the destruction of any appropriate records immediately upon receipt of service of legal process for which those records might be relevant. 10. Records maintained on computers, magnetic tape and other electronic data processing storage media as well as telephone/voice mail records are covered by the Plan. 11. All records, including electronic records, shall be kept secure with access available only to those individuals designated by the Compliance Officer. 12. Requests for exceptions from this Policy should be submitted to the Compliance Officer. In order to obtain an exception from this Policy, there must be a separate program which will assure compliance with the basic objectives stated above. 17

20 CONFIDENTIAL REPORTING POLICY Access to Compliance Officer The Compliance Officer shall have an open door policy with respect to receiving reports of violations, or suspected violations, of the law or of this Plan and with respect to answering questions from ACO Parties concerning adherence to the law and to this Plan. Duty to Report Any ACO Party must promptly report to the Compliance Officer any suspected or actual violation(s) (whether or not based on personal knowledge) of applicable law or regulations related to ACO activities. Any ACO Party making a report may do so anonymously if he or she so chooses in accordance with this Confidential Reporting Policy. Once an ACO Party has made a report, the ACO Party has a continuing obligation to update the report as new information comes into his or her possession. Confidentiality and Non-Retaliation The ACO shall keep confidential all information reported to the Compliance Officer by any ACO Party in accordance with this Plan to the extent that confidentiality is possible throughout any resulting investigation; however, there may be a point where an employee s identity may become known or may have to be revealed in certain instances when governmental authorities become involved. Under no circumstances shall the reporting of any such information or possible impropriety serve as a basis for any retaliatory actions to be taken against any ACO Party making the report to the Compliance Officer. Method to Report Suspected Non-Compliance In order to maintain these open lines of communication, the Compliance Officer will establish a mechanism by which ACO Parties may submit anonymous and confidential statements outlining what they reasonably believe to be instances of non-compliance. This mechanism may take the form of a telephone hotline, complaint box or an address for written reporting. The Compliance Officer may also create other forms of information exchange as he or she deems appropriate. Contents of Written Statements In the event an ACO Party wishes to submit a written statement or inquiry, the statement shall be based upon facts to the extent known by such Party. To the extent applicable, the statement should contain a brief explanation of the facts giving rise to the concern, the ACO Party involved, the date upon which the facts occurred, the subject area or exposure to risk area believed to be violated, and the date the statement is submitted. The individual filing the statement need not include his or her name or any other personally identifiable facts. Statements need not be limited to complaints about instances of non-compliance, but may include 18

21 suggestions for improving the quality of the ACO s operations or any other issues that would advance the integrity or quality of the ACO. The Compliance Officer will maintain a log that records all statements, the nature of any investigation and any resolution, including any corrective action taken. 19

22 INVESTIGATION PROCEDURE 1. Any report or evidence of suspected violations of law, regulations or policies and procedures shall be forwarded to the Compliance Officer who shall review the report or evidence and determine whether there is any basis to suspect that a violation has occurred. It is the policy of the ACO to take all reports of suspected violations or wrongdoing seriously. 2. In order to encourage ACO Parties to report any such violations, the Compliance Officer shall use his or her best efforts to ensure that the identity of the reporting employee, if applicable, shall be held confidential. 3. If the Compliance Officer determines that a violation may have occurred, the Compliance Officer shall commence an investigation as promptly as possible under the circumstances. The investigation shall be under the direction and control of the Compliance Officer and/or legal counsel. The Board of Directors shall determine whether the matter shall be referred to outside legal counsel. If the matter is referred to outside legal counsel, legal counsel shall, with the assistance of the Compliance Officer, conduct a detailed investigation which may include, but is not limited to, the following: a. interviews with individuals with knowledge about the facts alleged; b. a review of documents; and c. legal research and contact with governmental agencies for the purpose of clarification and/or disclosure. 4. If an investigation of an alleged violation is undertaken and the Compliance Officer believes the integrity of the investigation may be at stake because of the presence of staff under investigation, those staff should be removed from their current work activity until the investigation is completed. 5. If advice is sought from a governmental agency, the request and any written or oral response shall be fully documented. 6. At the conclusion of an investigation conducted by outside legal counsel, legal counsel may, at the request of the ACO, issue an opinion summarizing his or her findings, conclusions and recommendations and render an opinion as to whether a violation of the law has occurred. The notes and records of counsel and the Compliance Officer, all investigation documents and the opinion, if any, shall be considered a confidential and privileged communication from attorney to client and attorney work product, and no officer, director, employee or agent shall be authorized to release it to any outside agency without the approval of the Board of Directors and legal counsel. 7. Based on the facts and the report from legal counsel, as applicable, the ACO, acting through the Board of Directors and upon consultation with legal counsel, shall determine 20

23 whether a report is required or otherwise will be made to the appropriate governmental agency. 8. The Compliance Officer shall maintain a record of the investigation, including the date of the incident, name of the reporting party (unless the reporting party provided an anonymous report) and name of the person responsible for taking action. Said record shall be considered confidential and privileged and shall not be released without the approval of the President and legal counsel. 9. The Compliance Officer shall report to the Compliance Committee and the Board regarding each investigation conducted. 10. Appropriate corrective action will be taken upon the conclusion of the investigation. The ACO shall report any probable violations of law to an appropriate law enforcement agency. 11. The ACO will not tolerate any retaliation or retribution of any kind against an individual who makes a good faith report of a suspected violation or wrongdoing. 12. The privileges for attorney-client communication and attorney work product, as well as the privileges available under the Federal and State constitutions, statutes and common law, may attach to certain information, documents, communications or other information related to investigations of suspected violations. Nothing in this Policy shall be construed to be a waiver of these privileges or to require production of material protected by such privilege and/or doctrine. 21

24 FRAUD AND ABUSE COMPLIANCE POLICY 1. There are numerous Federal and State statutes relating to health care fraud and abuse. These include without limitation the federal Anti-Kickback Statute (42 U.S.C. 1320a- 7(b)), which prohibits the knowing and willful solicitation, receipt, offer, or payment of any remuneration, whether direct or indirect, overt or covert, in cash or in kind, in return for referring an individual for any item or service covered by a Federal health care program, or in return for purchasing, leasing, ordering or arranging for, or recommending or arranging for the purchase, lease or ordering of any item or service paid for in whole or in part by a Federal health care program. This includes offering any inappropriate inducements to beneficiaries or ACO providers. Connecticut has statutes similar to the Anti-Kickback Statute. Under the Connecticut anti-kickback statute (Conn. Gen. Stat. 53a-161c and Conn. Gen. Stat. 53a-161d), it is a felony to solicit, receive or pay any benefit, in cash or kind that is knowingly offered or received in exchange for the referral for services for which a claim for benefits or reimbursement has been filed with a local, state or federal agency. In addition, the federal physician self-referral statute (commonly referred to as the Stark statute, 42 U.S.C. 1395nn) in general prohibits a physician from referring Medicare patients to an entity for the provision of certain designated health services if the physician or an immediate family member of the physician has a financial relationship with the entity unless an exception applies. 2. The ACO shall not enter into any contracts or financial arrangements which it knows or reasonably believes will induce referrals of patients or the purchasing, leasing, ordering or arranging for any good, facility, service or item in violation of Federal or State antikickback laws or other applicable Federal or State statutes or regulations relating to health care fraud and abuse. To ensure compliance, the ACO will consult with legal counsel, as necessary, in the review and approval of any business arrangement that may implicate any of the foregoing laws. 3. Providing gifts or other remuneration to beneficiaries as inducements is further addressed in the Business and Professional Ethics Policy of this Plan. 4. The ACO, ACO Participants, and ACO Providers/Suppliers are prohibited from conditioning the participation of ACO Participants, ACO Providers/Suppliers, or other individuals or entities performing functions or services related to ACO activities in the ACO on referrals of Federal health care program for beneficiaries that are not assigned to the ACO. 5. The ACO, ACO Participants, and ACO Providers/Suppliers are prohibited from requiring that beneficiaries be referred only to ACO Participants or ACO Providers/Suppliers within the ACO or to any other provider or supplier. This prohibition does not apply to referrals made by an employee or contractor who is operating within the scope of his or her employment or contractual arrangement to the employer or contracting entity, as long 22

25 as such employee/contractor remains free to make referrals without restriction or limitation if: a. the beneficiary expresses a preference for a different provider, practitioner, or supplier; b. the beneficiary's insurer determines the provider, practitioner, or supplier; or c. the referral is not in the beneficiary's best medical interests in the judgment of the referring party. 6. Offering, providing or making any payment, gift or other thing of value to an actual or potential referral source (e.g. a referring physician) is further addressed in the Business and Professional Ethics Policy of this Plan. 4. Except as permitted by law, no ACO Party shall knowingly and willfully solicit, receive, offer or pay remuneration of any kind (e.g., money, goods or services) for the referral of an individual to another for the purpose of supplying items or services that are covered by a Federal health care program, or for purchasing, leasing, ordering or arranging for any good, facility, service or item that is covered by a Federal health care program, nor otherwise act in violation of any applicable Federal or State statute or regulation relating to health care fraud and abuse. 23

26 PERSONNEL POLICIES CONCERNING CORPORATE COMPLIANCE 1. All ACO Parties are required to adhere to the Plan. 2. To document efforts with respect to education and training in the Plan, certain ACO Parties (and other representatives as set forth in the Compliance Education and Training Policy) shall acknowledge in writing their acceptance and understanding of the Plan and its requirements by executing the Acknowledgement Form (a copy of which is attached hereto as Attachment A). 3. Attendance at annual compliance training will be documented on the employee s performance evaluation. 4. Failure to adhere to the Plan, violations of any applicable laws and regulations and failure to report misconduct are considered to be violations of ACO policies and procedures and may be grounds for disciplinary action by the ACO, including termination of employment when warranted. Intentional or reckless noncompliance shall result in significant sanctions. a. Sanctions shall include oral warnings, suspension with or without pay, and termination. b. Each situation shall be considered on a case-by-case basis to determine the appropriate sanction; however, the consequences of noncompliance should be consistently applied and enforced. c. Disciplinary action shall be taken on a fair and equitable basis. d. Staff shall be disciplined in accordance with ACO Human Resources policies and procedures in an appropriate and consistent manner. 5. All ACO staff will: a. receive training regarding the Plan within thirty (30) days of employment; b. receive and review a copy of the Plan and other policies and procedures applicable to their position and any revisions thereto. An executed Acknowledgement Form will be signed and filed in the employee s personnel file; c. have the opportunity to review a copy of the Plan; d. attend and participate in compliance training as a condition of continued employment; e. use candor and honesty in the performance of their responsibilities; f. protect confidential and sensitive information to prevent unauthorized or unlawful disclosure of such information and conduct all ACO activities in such a way as to 24

27 maintain the confidentiality of patient information and in accordance with the ACO s HIPAA Policies and Procedures; g. report any actual or suspected compliance violations to the Compliance Officer or their immediate supervisor; h. cooperate with government officials as required by the Policy on Reporting to Outside Agencies; i. not engage in any business practice prohibited by law, including, but not limited to, kickbacks or payments intended to induce or influence new and favorable decisions to those in a position to benefit the ACO or the employee, in any way, including payments for referrals; and j. prepare and maintain all patient and business records and reports accurately and truthfully and report inaccurate documents promptly to their supervisor. 8. Prior to extending an offer of employment to any new hire or affiliation, accepting any new ACO Participant, or entering into an agreement with a contractor to provide services to the ACO, the ACO shall take reasonable steps to determine if the employee or the prospective ACO Party or any of its agents, officers or directors have been excluded from any Federal health program or recently convicted of a criminal offense related to health care. These steps shall include, but not be limited to, checking the list of persons excluded from Medicare and Medicaid as well as the list of debarred Federal contractors on applicable websites and documenting the same. The ACO may contract with an independent third party to perform this screening or, in the case of a new ACO Participant, may reasonably rely on the ACO Participant to perform this task for its ACO Providers/Suppliers. Individuals who appear on either list shall not be offered employment or affiliation with the ACO. Additionally, for all new staff who have discretionary authority to make decisions that may involve compliance with the law or compliance oversight, the ACO shall conduct a reasonable and prudent background investigation, including a reference check, as part of every such employment application. The application for employment shall specifically require the applicant to disclose any criminal conviction or exclusion action. 9. In addition to initial screening, the ACO shall ensure that periodic checks are conducted to make sure no ACO Parties are listed on the Office of Inspector General or General Services Administration lists of individuals excluded from participation in Federal health care or government procurement programs. Additionally, pending the resolution of any criminal charges involving health care fraud or abuse or proposed debarment or exclusion from a Federal health care program, the individual who is the subject of such action(s) shall be removed from direct responsibility for or involvement in any Federal health care program. If resolution of the matter results in conviction, debarment or exclusion, the ACO shall terminate its employment or other contract arrangement with the individual. 25

28 REPORTING TO OUTSIDE AGENCIES POLICY AND NOTIFICATION PROCEDURE FOR INVESTIGATIONS, SEARCH WARRANTS AND OTHER REGULATORY REQUESTS OR DEMANDS FOR INFORMATION From time to time, it may be necessary or advisable to disclose or report internal activities, communications or events to outside parties, such as governmental agencies. All such activities shall be coordinated and overseen by the Compliance Officer, the Compliance Committee and the Board of Directors. Accordingly, such disclosures and reports shall be made in accordance with the following policy. 1. INSPECTIONS AND SURVEYS In the event that any ACO employee or representative is contacted by an individual(s) representing a federal, state or local government regulatory agency for the purpose of conducting an inspection or survey, the individual should immediately contact the Compliance Officer, any member of the Compliance Committee or the President. The Compliance Officer is responsible for responding to the inquiry. The President or Compliance Officer may contact legal counsel as necessary. All ACO Parties will cooperate fully with any inspection or survey conducted by governmental and private agencies as required by law or by contract. Representatives of those agencies shall be granted full access to all books and records that are relevant to the inspection or survey in question, not otherwise privileged or confidential by law and within the authority of the agency to access. If there is a question as to the relevance of a particular document, the applicability of any privilege or the authority of the agency, that question shall be directed to the Compliance Officer or to legal counsel prior to disclosure. 2. SUBPOENAS, SEARCH WARRANTS AND OTHER DOCUMENT REQUESTS In the event that any ACO Party receives a subpoena, civil investigative demand, search warrant or other request for production of documents in the possession of the ACO, that request shall be immediately directed to the Compliance Officer who shall immediately confer with legal counsel to determine the proper response to the request. Time is usually of the essence in responding to such requests. In no case shall any documents or communications (including or voice mail communications) subject to the request be destroyed, altered or deleted after the request has been received. The following additional procedures should be followed with respect to search warrants: a. In the event a search is being executed pursuant to a search warrant, the ACO Party receiving the warrant should ask to see identification from each agent and get a business card from each agent present. The business cards should be immediately copied and transmitted by either fax or hand delivery to the Compliance Officer, President and legal counsel. b. A copy of the search warrant should also be obtained from the agents and either faxed or hand delivered to the Compliance Officer and legal counsel. The agents are required to provide a copy of the warrant. c. The agents should be requested to provide an itemized list of any things taken away. They are required to provide a receipt. 26