Corporate Compliance Instructor Notes: Instructors should -- present the information provided in notes printed in normal type, and -- summarize the information on the slides, where specified. The notes printed in italics are intended to provide you additional assistance. Total estimated time needed for presentation and assessment is 180 minutes INCLUDING total of 15 minutes throughout for questions: PART I: Corporate Compliance Awareness: 50 minutes BREAK: 15 minutes PART II: HIPAA Overview: 30 minutes PART III: HIPAA Privacy and Security: 30 minutes ASSESSMENT: 15 minutes Supplemental: HIPAA Transaction Standards: 15 to 25 minutes depending on the audience Explain that today’s program is an educational awareness session, intended to provide an introduction and overview of important new DHMH initiatives and Federal HIPAA requirements. -- Encourage questions -- Check that everyone can hear, see, check lighting, etc. -- Turn off all cell phones and pagers

What is a “Corporate Compliance Program”? Corporate Compliance is an agency-wide program with the following goals: Reduce health care fraud and abuse, Improve operational quality, and Reduce the cost of health care These are accomplished by ensuring both Federal and State laws are applied in a uniform and fair manner to all How may people here know what a Code of Conduct is? Take informal poll This is why we are having this lesson. Corporate Compliance is a program that will reach all DHMH members. The goals are to: Reduce Health Care fraud and abuse through a more educated workforce – that is held accountable for upholding DHMH’s ethical standards Improve operational quality by creating a framework so that all employees can make decisions based on a clearer understanding of DHMH’s Code of Conduct. And reduce the costs of health care by making sure benefits and services are provided to the citizens of Maryland in a fair, consistent and ethical manner, in accordance with Federal and State laws.

Overview of Corporate Compliance Now that we’ve been reminded of our Mission, let’s look at ways we can improve our services through the Corporate Compliance Program…

Corporate Compliance Program What is Corporate Compliance? A nationwide effort to prevent fraud, abuse, and waste in healthcare programs while still providing quality care to patients special focus on programs funded by Medicare and Medicaid We all are part of the Compliance effort! So what is this Corporate Compliance thing? Simply put, it is a way we should act when we conduct the Department’s business. It can be described as a way we should act when we conduct our business. Maryland has joined the other States in establishing a set of formal principles to define how we are to behave when we administer health care programs, particularly those funded by Medicare and Medicaid. The primary focus is to reduce fraud, abuse and waste while still providing quality care to our citizens. Summarize slide

Why Have a Corporate Compliance Program? Health care fraud and abuse cost the health care industry Public trust must be maintained by the integrity and honesty of the people involved in providing health care services Fraud and abuse can hurt our reputation and increase the cost of providing services – pick two examples Health Care Fraud is Number Two on DOJ Priority List In late 1993, the Attorney General designated health care fraud as the Department of Justice's number two enforcement priority, second only to violent crime initiatives. GAO Report 187, 1996 Medicare Fraud A former president of several home health agencies pleaded guilty to a felony offense of defrauding Medicare. He was sentenced to 30 months probation, four months of home detention and ordered to pay a $20,000 fine and a $100 special assessment. ((Does this seem fair?)) In addition, he agreed to permanent exclusion from any further participation in Medicare, Medicaid or other federal health care programs. U.S. Attorney Ray Gruender said, "The Medicare system operates on the good faith and honesty of its providers, and we cannot tolerate misuse of the reimbursement system." St Louis Business Journal, January 10, 2002 Psychologist blames clerk in fraud trial (Macon GA) Telegraph Staff Writer  A Macon, GA psychologist on trial after being accused of submitting more than 1,300 fraudulent Medicaid claims totaling over $1 million. He admitted the claims are false, but blames the error on a billing clerk, who he alleges submitted the false claims to cover up how far behind she was in getting claims to Medicaid. The psychologist claimed the clerk was falling behind in submitting claims because of the increased workload and made billing errors. The state alleges the psychologist was the only one with access to the center's finances and bank account, where many of the fraudulent claims were allegedly sent via direct deposit. He faces a maximum sentence of 10 years and up to a $10,000 fine. Civil penalties also can be levied for up to twice the amount of any excess benefit or payment, according to Georgia state law. Macon Telegraph 2/19/2002 ((Does this excuse absolve the psychologist??)) Summarize the slide

How are Employees Affected? As employees, we will achieve our Corporate Compliance goals by: Performing all activities in compliance with pertinent laws and regulations Operating with -- and promoting -- high standards of business ethics and integrity Not engaging in activities intended to defraud Performing all duties accurately and honestly Maintaining appropriate levels of confidentiality You are probably wondering how the Corporate Compliance Program will impact you. Your duties under the program are to: - Follow Federal and State laws as they are interpreted for us by DHMH - Avoid the appearance of a conflict of interest by not engaging in questionable activities - Choose not to participate in any activity that is intended to defraud, or that that would cost the State resources or deprive anyone of their rights - For example, offering professional discounts or waiving third party payments - Perform to the best of our abilities - And respect the privacy and confidentiality of our citizens

Employees Must: Conduct business with suppliers, vendors, contractors and others free from offers or solicitations of improper inducements, such as gifts or favors Avoid conflicts of interest, in appearance or fact If conflicts occur, promptly notify appropriate authorities Protect the agency’s assets through: prudent, effective use of resources and property accurate financial reporting We must: - Make sure all business arrangements are conducted above board and honestly – for example, do not accept offers or favors from business associates! - Never cross the line where your actions may be questioned – stop and think, is this action a conflict of interest, or does it LOOK like one? - Report any violations or appearance of violations before someone else does. We will cover this in detail later. - Protect the Department’s reputation as if it were your own, because it is!

How Will We Achieve Compliance? Becoming educated on compliance issues and factors -- and today’s program is just the beginning! Working “smart” and staying aware of potential “risk areas” Reporting incidents Auditing and monitoring Investigating suspected violations Reporting to the Corporate Compliance Officer We can achieve and maintain compliance through: - Education of our employees – today’s session is just the start! - Periodic auditing and monitoring of our actions to identify and correct any problems e.g., review prior claims and billing records The Compliance Officer and Committee are developing procedures for this. - Aggressively investigating suspected violations so that corrective actions can be implemented before a problem can become worse Remember, unlike a fine wine, bad news does NOT get better with age!

Senior Leadership The Compliance Officer manages the Corporate Compliance Program. Oversees compliance program education and enforcement Investigates reports of possible violations Initiates policy changes to prevent similar violations in the future The Corporate Compliance Committee is the Compliance Officer’s front line team The Department has designated a leadership team that oversees Corporate Compliance. The Compliance Officer reports to the Office of the Inspector General. The Compliance Officer: Oversees the program’s educational and enforcement activities, Promptly investigates reports of possible violations, and Recommends policy changes to prevent future violations. The Compliance Officer works with a specially selected Committee to help in the Program’s administration and enforcement. Together, the Compliance Officer and the Committee serve as DHMH’s front line team for Corporate Compliance. The Department works closely with Personal Services Administrator who will make the final disciplinary determination.

Confidentiality in Incident Reporting and Investigation Your agency is committed to maintaining the confidentiality of all Corporate Compliance reports and records Personnel actions are generally not subject to public review There are limited circumstances where the public has a right to know DHMH recognizes that the need for investigative action, when required, must be balanced with a corresponding need for confidentiality. The goal is to foster an environment…, a job culture that will identify and resolve any issues early, before they can cause bigger problems. All reported violations will be investigated to determine if they can be substantiated. Reports and records will be treated confidentially. It is important to keep an environment where people feel it’s safe to comply. Even if an investigation determines that an improper action may have occurred, the cause could be due to a training or policy deficiency, poor supervision, and NOT through deliberate intent to violate a rule. It is not the intent of DHMH to demoralize or embarrass an employee by publicizing an incident. It is intended to keep the incident confidential and under control. Summarize slide

Legal Foundations and Code of Conduct Now let us explore the legal foundations of our Corporate Compliance Policy and Code of Conduct.

Corporate Compliance Defined Corporate Compliance Program is our program for reducing fraud and abuse, improving operational quality, and reducing costs of health care We all must abide by the Program’s Code of Conduct Written standards of conduct that, if followed, will help us comply with all Federal and State standards The Code emphasizes prevention of fraud and abuse regarding billing practices We have covered the players and our obligations, but we haven’t yet detailed what the program is.… Simply stated, the Corporate Compliance Program is a commitment by the Department to reduce fraud and abuse, improve operational quality, and reduce the cost of health care. Can anyone argue with these concepts? No! This is accomplished by adherence to DHMH Policy 01.03.01 -- the Code of Conduct -- which you have in front of you. You will be able to read this later – and, in fact, are required to read it, as part of your role in Corporate Compliance. This policy contains written standards of conduct that, if followed, will help us comply with all applicable Federal and State standards. It is important to recognize that all DHMH staff must adhere to the Code of Conduct – managers, technicians, administrators, clinical staff, support staff, EVERYONE! Hand Out Policy 0.03.01 and the addendum

Legal Foundations Our Corporate Compliance Program is rooted in the following Laws: The Social Security Act The False Claims Act The Patient Anti-dumping statutes The laws pertaining to the provision of medically necessary items and services The Federal Anti-Referral/Anti-Kickback Laws The Health Insurance Portability and Accountability Act Our program has its foundation in the following laws. Since this program is a general introduction, we will not cover the specifics of how each law applies to your individual job function. Read list on slide And there is that HIPPO again, right at the bottom.

Federal Sanctions Individual providers who violate the applicable laws may be excluded from participating in the Medicare and Medicaid programs or may receive civil or criminal sanctions Individuals charged with a criminal offense relating to health care fraud may not be involved in coding, billing or documentation activities until resolution of the charges They may be transferred or placed on leave If convicted, they are ineligible for participation in federally-funded health care programs What happens when an individual violates the laws? The Code defines a “sanctioned individual” as someone who has violated one of the applicable laws and has been penalized by the Office of the Inspector General. During the course of an investigation, such an individual cannot have responsibility for, or participate in, the coding, billing, or documentation of health care activities. So, he or she may be transferred or placed on administrative leave. If later convicted, an individual will be ineligible for participation in federally funded health care programs and cannot work for, or be retained by, DHMH.

Code of Conduct The Code of Conduct Summarizes the Corporate Compliance Program and specifies management and employee obligations All employees will sign the Code of Conduct Acknowledgement Statement which states they have received and agree to read the Code of Conduct Signed Statements are kept in Personnel File Medical staff must also acknowledge that they have not been excluded from participation in any governmental health program In a few minutes, we will go over the specifics of the Code of Conduct. It summarizes both the responsibilities of management and of employees under the Corporate Compliance Program. One feature of it is that ALL DHMH employees must sign a statement signifying that they have received the Code of Conduct and that they will read it. These statements will be kept in your permanent employee file. If you are a member of the medical community, you must further acknowledge in the form that you have not been excluded from participation from any governmental health program, in other words—a “sanctioned individual.”

Impact on Employees It can be a criminal offense to make false statements relating to health care matters or to commit health care fraud We must use our professional judgment and knowledge of the laws, statutes, and regulations to make responsible decisions Ignorance is no excuse for non-compliance! Earlier, I pointed out that Corporate Compliance is serious business. It is VERY serious business. DHMH employees can be criminally prosecuted if they make false statements relating to health care matters or if they commit health care fraud. But, not all situations we encounter will be clear. We must combine our knowledge of the laws and regulations with our professional judgment when making decisions. And, when we hit the gray areas, who are we going to call??? Compliance Hotline Compliance Officer we should get assistance when we need it…don’t hesitate – CALL! Unfortunately, NOT knowing…is NOT an excuse.

Impact on Employees: Conflicts of Interest A Conflict of Interest is a situation where there is a conflict between one’s private interests and one’s official or professional responsibilities Can occur when one’s financial or personal obligations/desires compete with the interests of employers, patients or clients The Appearance of a Conflict of Interest occurs when a situation arises that may give someone else the impression that a Conflict exists Staff are expected to avoid both actual Conflicts of Interest and the Appearance of a Conflict Not all violations are intentional. There are situations where there may be unconscious factors impacting your decisions. These situations may arise from the fact that you have a personal or financial relationship with one of your clients. You may have regular contact with a client or business associate outside of your professional responsibilities, for example, your loan officer at the bank, because of children in the same school, or membership in the same church or synagogue. It is natural to care about the interests or problems of a friend – but when it comes to DHMH matters, the state’s interests and regulations must come FIRST. There may be other situations where you will recognize a potential conflict of interest, and still be able to make conscientious professional decisions without being improperly influenced. In these situations, you should be aware of the APPEARANCE of a Conflict of Interest. This is when you have done nothing wrong, but a neutral outside observer would have reason to question your judgment. Both actual Conflicts of Interest AND the Appearance of one should be avoided.

Probable Risk Areas There are several known risk areas that we should avoid Other situations may arise where there is an appearance of a conflict of interest While these situations may not be subject to criminal or civil penalties, they could bring unnecessary and counterproductive attention to our agency Good judgment is essential! The Code of Conduct lists 21 “Probable Risky Areas” that you should avoid if possible. We need to use good judgment to avoid both a real, and appearance of a conflict of interest.

Probable Risk Areas Assumption coding Expense Vouchers Internal coding practices Coding without proper documentation of all physician services Procurement and Contracts Duplicate Billing Billing for items or services not actually rendered Inappropriate balance billing Time Sheets Knowing misuse of provider identification numbers resulting in improper billing Billing for services provided by unqualified or unlicensed clinical personnel Alteration of documentation Employment of sanctioned individuals False cost reports and credit balances Lack of integrity in computer systems Providing medically unnecessary services Discounts and professional courtesy Failure to maintain the confidentiality of information/medical records Kickbacks

Employee Obligations Under the Code of Conduct Moving on, let’s now look at our obligations as listed under the Code of Conduct…

Required Employee Actions Under the Code of Conduct Be aware of, and adhere to Federal and State laws as they pertain to the execution of your job responsibilities Seek guidance when you have questions Do not submit inaccurate, false, fictitious or fraudulent claims Report activities that may violate applicable laws and regulations Make no false or misleading reports Cooperate with training and investigation efforts These are the specific employee obligations that are in the Code of Conduct that you are holding. Pull out your Code of Conduct and Addendum. Please review this list as I read it -- you may see these on the quiz. Read the list

Program Integrity The Corporate Compliance Program requires the support of every employee It is our responsibility It may require culture changes New ways of thinking New ways of responding Front line employees are in the best position to identify fraud and abuse The only way a Corporate Compliance Program will work is if all employees, from the Department Secretary to the far corners of the State, accept their responsibilities under the Program. It is OUR responsibility to ensure that we provide the services to our citizens with the fairest of treatment. Remember, as front line employees, you have the most direct contact with our citizens; therefore, you are in a position to make or impact the vast majority of decisions that are made. So, Corporate Compliance isn’t about the “central office,” but it is about day-to-day activities of the front-line employees.

The best way to maintain compliance: Employee Obligations The best way to maintain compliance: Stand committed to meeting and demonstrating the highest ethical and legal standards The Department asks that you stand committed to meeting and demonstrating the highest ethical and legal standards.

Summary of Key Corporate Compliance Elements What can we do now? Become familiar with the Corporate Compliance Program Sign the Code of Conduct Acknowledgement Statement Report any suspected violations to the appropriate authorities Know that compliance oversight will be an important part of supervisors’ responsibilities Do the “right thing!” Today, you are getting your first introduction to the Corporate Compliance Program. You have an obligation to become familiar with the program and you must read the policies.. Following today, you will be asked to sign the Code of Conduct Acknowledgement. We know you will do the right thing.