Ensure tomorrow... Comply today 1 Corporate Compliance Board Training 2015

2 Upon completion of this presentation you should: 1.Understand the core requirements of the Agency’s Corporate Compliance Program; 2.Understand the definitions of fraud, waste and abuse (FWA) as they pertain to the Agency and its programs; 3.Understand your role in Corporate Compliance; 4.Understand the key processes of the Agency’s corporate risk management strategy.

3 What are the key laws that ACCMHS must comply with?  Health Insurance Portability and Accountability Act of 1996, (HIPAA)  Michigan Medical Records Access Act, Public Act 47 of 2004 (i.e. the Michigan HIPAA Law)  Michigan Mental Health Code Act 258 of the Public Acts of 1974  Civil Rights Act of 1964  Rehabilitation Act of 1973  Americans with Disabilities Act of 1990  Social Security Act, specifically 1903(m)(95)(i)  HHS-OIG Compliance Program Advisories  Guidelines for Addressing Medicaid Fraud and Abuse in Managed Care issued by the Department of Health and Human Services (HHS)

4  Affordable Care Act (Public Law ; of 2010)  Deficit Reduction Act of 2005 (DRA)  Civil False Claims Act of 1863/As amended in 1986 (FCA)  Medicaid False Claims Act of 1977  Michigan False Claims Act (Act 72 of 1977) (MFCA)  Anti-Kickback Statute of 1977  Whistleblowers Protection Act of 1980  Civil Monetary Penalties Law of 1981  Stark I Laws of 1989 and Stark II of 1993  Balanced Budget Act of 1997  HITECH Act of 2009  Healthcare Fraud and Abuse Commission Act of 1993  MDCH Contract and Medicaid Manual requirements  Other federal and state laws applicable to health plans

5 Part I Deficit Reduction Act and other Federal & State Laws

6 So…..where did all this begin? In February 1998, The Office of Inspector General (OIG) developed voluntary Compliance Program Guidance (CPG) that health care plans and providers could use to detect and address waste, fraud, and abuse.

7 In 2005, Congress passed the Deficit Reduction Act (DRA). The legislation resulted in the establishment of a 5-year comprehensive plan to further combat provider fraud, waste, and abuse in the Medicaid program. As a result, Corporate Compliance went from voluntary to mandatory.

Deficit Reduction Act (DRA) Federal False Claims Act  First signed into law in 1863 in the wake of Civil War Anyone who violates the FCA is liable for a civil penalty of $5,500 to $11,000 per claim, plus three times the amount paid.  A person violating the FCA can be liable for the costs of a civil action brought to recover any penalties or damages.  Violators can be excluded from participating in Medicare, Medicaid, and other government programs. 8

The Federal False Claims Act applies when an organization or person:  Knowingly presents the government with a false claim for payment;  Knowingly makes a false statement to get a fraudulent claim paid;  Conspires to defraud the government by getting a false claim paid by the government;  Knowingly makes a false record or statement to conceal, avoid, or decrease an obligation to pay the Government; and/or  “Causes” a false claim to be submitted. 9

Federal False Claims Act  “Knowingly” includes: 1.actual knowledge that the information on the claim is false; 2.acting in deliberate ignorance of the truth or falsity of the information on the claim; or 3.acting with “reckless disregard” to the truth or falsity of the claim. Deliberate intent to defraud is not required. 10

Michigan False Claims Act  This law is similar to the Federal False Claims Act.  Authorizes the Attorney General to investigate alleged violations of this act.  Provides for civil actions to recover money received by reason of fraudulent conduct.  Provides for certain civil fines; and prescribes remedies and penalties.  Prohibits fraud in the obtaining of benefits or payments in connection with the Medicaid program.  Prohibits kickbacks or bribes in connection with the Medicaid program.  Prohibits conspiracies in obtaining benefits or payments. 11

How common is Fraud?  In 2014, the Office of Inspector General reported:  Expected recoveries of over $4.9 billion, consisting of nearly $834.7 million as a result of ongoing audits, and about $4.1 billion as a result of fraud investigations.  Identified about $15.7 billion in savings on the basis of prior legislative, regulatory, or administrative actions. 12

How common is Fraud? (con’t)  In 2014, the Office of Inspector General reported:  Exclusions of 4,017 individuals and entities from participation in federal healthcare programs;  971 criminal actions against individuals or entities;  533 civil actions, which included settlements, as a result of self disclosures or administrative recoveries. 13

“Hot” Fraud Areas in the US  The OIG’s HEAT Program (Health Care Fraud Prevention and Enforcement Action Team) has identified:  Top 3 Fraud Prone States as Florida, Louisiana, and Texas.  Top 10 Fraud Prone Cities include Detroit and Chicago. 14

Fraud in the mental health field?? Sorry, but yes……  February 2015 – Detroit – Psychotherapist admitted to using Medicare information and identities of hundreds of Medicare beneficiaries, without their consent, to submit claims for psychotherapy services not provided. Also admitted to using personal information of licensed social workers, without their consent, which he used to submit false claims to Medicare. Social workers had not provided the care for which he submitted claims. Admitted to submitting $3.3 million in fraudulent claims, and Medicare paid $1,453,064 for those claims. 15

Fraud in the mental health field … (con’t)  October 2014 – Miami – Physician Assistant at a MH partial hospitalization program. PA and conspirators submitted false and fraudulent claims. PA and other medical professionals fabricated and signed fraudulent medical documents and patient files to justify billings to Medicare. This included submitting claims for patients who were ineligible for PHP treatment because of ‘vegetative states, in the late stages of disease causing permanent cognitive memory loss, or had substance abuse issues and were living in halfway houses.” 16

Fraud in the mental health field … (con’t) January 2013 – Missouri Mental Health Clinic – Psychotherapist sentenced to 36 months imprisonment and ordered to pay $1 million in restitution for fraud. Submitted claims for daily or near daily psychotherapy services for which he was paid $1.3 million. He admitted to seeing clients less frequent and admitted to forging or causing another person to forge signatures on sign-in sheets. June 2013 – Florida Psychiatric Hospital – CEO and 3 hospital executives were convicted of a $67 million Medicare fraud scheme. Unlawfully obtained Medicare payments by fraudulent claims, falsified patient records, and administering of unnecessary psychotropic medications. 17

Whistleblowers’ Protection Act  A law that provides protection to employees who report a violation or suspected violation of state, local, or federal law.  Provides protection to employees who participate in hearings, investigations, legislative inquiries, or court actions; and prescribes remedies and penalties.  An employer shall not discharge, threaten, or otherwise discriminate against an employee because the employee reports or is about to report a violation.  An employer shall post notices and use other appropriate means to keep employees informed of Whistleblowers’ protections. 18

19 Part II Corporate Compliance Program

20 So, why should ACCMHS have a Compliance Program?  Required by law for agencies receiving over $5.0 million dollars in Medicaid and/or Medicare funding;  Reduces the risk of unlawful or improper conduct;  Establishes an effective method to assess and manage risks;  Reduces the potential for civil suits liability if violations occur, and financial and other costs of litigation;  Establishes a mechanism for employee training thereby increasing their awareness and decreasing the possibility to breach the law.

21 What are the Seven Elements of an Effective Compliance Program? From the OIG Compliance Program Guidelines and the Affordable Care Act: 1.Implement a written Compliance Program, Policies, and Plan. 2. Designate a Compliance Officer and Compliance Committee. 3. Conduct effective training and education. 4. Maintain effective communication. 5. Perform internal monitoring and auditing. 6. Enforce standards through well-publicized disciplinary guidelines. 7. Respond promptly to detected offenses.

22 Who is responsible for ensuring the effectiveness of the compliance program?  Everyone!!!!!! ACCMHS:  Board  Management Team  Consumers  Supervisors  Staff  Providers

23 Who is responsible for ensuring the overall management of the ACCMHS Compliance Program?  The Compliance Director and the Compliance Officer: serve as the focal points for all Agency compliance activities.  The Compliance Director and the Compliance Officer: must be high-level staff with direct access to the Executive Director and the ACCMHS Board.

24 Who Has Specific Responsibilities for Ensuring the Effectiveness of the Compliance Program? Corporate Compliance Committee  Compliance Director - Debra Trout  Compliance/Security Officer - Patrick Thebert-Wright  Privacy Officer – Angela Weeks  Reimbursement Coordinator - Lynn Yetman Ad Hoc Members  Executive Director - Marianne Huff  Finance Director – Gary Smith  Clinical Director – Richard Thiemkey  Director of DD Services – Robin Lavender  Human Resource Director - Nan Lawrence  RR Officer – Meghan Launius

25 Compliance Program Functions  Train ACCMHS Board, staff, and providers in the culture of compliance.  Use audits and monitoring techniques to identify agency risks.  Investigate allegations of waste, fraud, abuse, and other compliance infractions.  Take corrective action, including recommending staff discipline, claims paybacks/adjustments, and changes to address systemic problems.

26 What is Fraud? Per 42 CRF (Code of Federal Regulations): Fraud is an intentional deception or misrepresentation made by someone with knowledge that the deception will result in benefit or financial gain. Per Michigan statute and case law interpretation: Under Michigan Law, a finding of Medicaid fraud can be based upon evidence that a person ‘should have been aware that the nature of his or her conduct constituted a false claim for Medicaid benefits.” But errors or mistakes do not constitute ‘knowing’ conduct necessary to establish Medicaid fraud, unless the person’s “course of conduct indicates a systematic or persistence tendency to cause inaccuracies to be present.”

27 Fraud Examples  Billing for services that were never provided.  Billing for individual therapy when group therapy was provided.  Billing for Durable Medical Equipment (“DME”) and supplies were never obtained.  Documentation of a service provided is proof that the service occurred; consequently, billing for a service without documentation may be construed by the Centers for Medicaid and Medicare Services as fraud. “If it’s not documented, it didn’t happen.”

28 What is Abuse?  “ Abuse” is provider practices that are inconsistent with sound fiscal, business, or clinical practices, and result in an unnecessary cost to the Medicaid programs, or in reimbursement for services that are not medically necessary or that fail to meet professionally recognized standards of care. It also includes beneficiary practices that result in unnecessary cost to the Medicaid program.  Red Flag Caution: Provider ignorance is not always accepted by the OIG. The matter may be reclassified to fraud if the auditor believes the staff/provider did not make an attempt or take prudent action to learn the rules important to their organization’s federally funded business. (i.e., having an on- going staff training program on corporate compliance laws helps keep findings classified as abuse.)

29 Potential Fraud/Abuse Examples  Improper behaviors or billing practices; physician kickbacks for unnecessary services, illegal referrals including physicians who refer for health care services to entities in which the physician has a financial interest.  Assumption that billing is being done correctly as long as claims were paid; no internal checks are implemented to validate claims submissions.  Inflation of costs for services, medical equipment, drugs, etc. without documentation to substantiate those costs.  Providing services at an inflated rate and that are not medically necessary, in order to obtain additional revenue.

30 Waste  Waste includes any practice that results in an unnecessary or consumption of federally-funded financial or clinical resources. Examples:  Supporting individual copiers and printers with a diversity of cartridge and toner needs, rather than pursuing a cost-savings by installing suite-wide copiers/printers.  No comparative pricing and/or excessive use of office supplies.  Scheduling consumer contacts in the community without considering the possibility of scheduling according to proximity within the county. This increases both staff time and mileage reimbursement.  Meetings that are non-productive or could be shortened in length.

31 ACCMHS Action and Coordination with Law Enforcement ACCMHS will always investigate suspected fraud and abuse, as appropriate, report to and cooperate with the PIHP, Federal and State agencies, including MDCH, OIG, AG, CMS, and/or law enforcement. ACCMHS will require corrective action with any staff/provider when either fraud, abuse or waste issues are substantiated, up to and including termination of employment or termination of the contract.

32 Board, Staff and Providers - Reporting of Compliance Issues Everyone has an obligation to make a good faith effort to report any activity that appears to violate compliance policies and/or procedures.

Anyone may report potential compliance issues to ACCMHS by: Notifying their supervisor, Contacting the ACCMHS Compliance Officer, Contacting any member of the ACCMHS Corporate Compliance Committee. If preferred, potential compliance issues may be reported to the Lakeshore Regional Partners PIHP. Nothing will happen to anyone who reports in good faith. Board, Staff and Providers – Reporting of Potential Compliance Issues (con’t) 33

Board, Staff and Providers - Reporting Potential Compliance Issues (con’t) To contact ACCMHS Compliance Officer: Phone: , ext In writing (either anonymously or with your name): use interoffice mail addressed to Compliance Officer at CSB. The CC Suspected Violation form may be used, but any other format is also acceptable. PIHP (Lakeshore Regional Partners)

35 Part III Corporate Compliance includes: RISK MANAGEMENT

36 Risk Management A Risk Management Program is a sub-part of the Compliance Program and must be established in accordance with the Medicaid Managed Specialty Supports and Services Concurrent 1915 (b)/(c) Waiver and the MDCH/PIHP Contract. RISK MANAGEMENT is a logical and systematic method of identifying, analyzing, prioritizing, treating, and monitoring the risks involved in any organizations activities or processes.

37 Risk Management Process Eight Components: 1)Establish the Context (risk categories) 2)Identify the Risks 3)Analyze the Risks 4)Evaluate (Prioritize) the Risks 5)Treat the Risks 6)Communicate & Consult (on-going) 7)Monitor and Review (on-going) 8)Reassess risk categories (start cycle over )

38 There are a number of categories within risk management. These include:  Risks of injury (to persons served, staff and the public)  Risks to the service user experience (appeals/complaints)  Risks to compliance with standards and regulations  Risks to business organization (e.g. lawsuits; bankruptcy)  Risks to organizational reputation  Risk to finances (claims payback, audit adjustments, fines)  Risk to the program environment (hazards, fires, threats, etc.)  Risks to the Workforce (turnover, absenteeism, sick time, lack of skill sets/trainings)  Other Risks not included above. Categories of Risks

39 Risk Management Process Identify the Risks Determine the type of risks by risk category e.g. “strategic” or “financial” risks to the Agency; Identify the Stakeholders, i.e. who is involved, who is affected; Identify past events; anticipate future developments.

40 Risk Management Process Analyze the Risks How likely is the risk event to happen, (i.e. frequency, probability)? What would be the impact, cost or consequence if event occurred ( i.e. financial, political, social)?

41 Risk Management Process Evaluate the Risks Rank the risks in each risk category according to: Agency strategic priorities; Rated likelihood of occurrence and severity of possible costs or consequence.

42 Risk Management Process Treat the Risks Develop & implement a plan to address the identified risks. Consider: Agency Priorities (strategic and operational) Resources (human, financial, technical) Risk Acceptance (low…high) ROI (Return On Investment)

Throughout the process: Communicate and Consult Monitor and Review Reassess risk categories (start cycle over ) Risk Management Process 43

44 Part III Board Roles

45 Role of the ACCMHS Board  Understand that you are the oversight board for the Agency’s Corporate Compliance Program.  Understand the roles and purposes of the Compliance Program.  Hold the Agency accountable for the effective management of the Compliance Program.  Receive periodic reports about the Program.

46 Role of the ACCMHS Board (con’t)  Ask questions about the Compliance Program.  Ensure the seven required elements of a Compliance Program are addressed in training, policies, procedures, etc.  Ensure Management is addressing key issues and findings.  Require an Annual Report be submitted.  Require the Risk Management Plan be updated with new risk targets, and then implemented and reported upon.

47 Role of Individual Board Members  Learn about the Corporate Compliance Program;  Maintain a commitment to organizational compliance;  Maintain ethical behavior in decisions;  Hold self accountable to Agency policies;  Assist the Agency in assuring the highest standard of care for the residents of Allegan County.

48 Board Summary  Understand why the Agency’s Corporate Compliance Program is important.  As desired, ask questions about the Program. Patrick and Deb are here to help you better understand the compliance program.  Hold your compliance program accountable. Require periodic reports from the Compliance Director.

49 QUESTIONS