Mandatory Vendor Compliance Training & Regulatory Requirements Overview

Welcome to ECMCC's mandatory compliance training for vendors covering regulatory requirements, compliance program overview, fraud Prevention, OMIG compliance, Code of Ethical Conduct, and communication policies. Learn about Stark Law, Anti-Kickback Statute, and False Claims Act for ethical conduct and integrity.

• Compliance training
• Vendor requirements
• Regulatory compliance
• OMIG
• Code of Conduct

auggie Follow

Uploaded on Mar 20, 2024 | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Mandatory Vendor Compliance Training Regulatory Requirements 2024 1

2. Compliance Program Overview & Requirements OMIG Compliance Program Requirements Fraud, Waste and Abuse Regulating Financial Arrangements The Anti-Kickback Statute Compliance With State and Federal Fraud and Abuse Laws The Stark Law The False Claims Act Exclusion Screening Conflict of Interest HIPAA Quiz & Attestation 2

3. Introduction Welcome to ECMCC s Mandatory Compliance Training for vendors. In order to receive credit for this course you will be required to pass a quiz and complete an attestation. ECMCC is committed to fostering a culture of compliance and integrity and to ensuring that all operate at only the highest standards for ethical conduct This training will provide you with important information regarding ECMCC s Compliance Program This training also will cover compliance with laws, rules and regulations that apply to ECMCC, including the Stark Law and Anti-Kickback Statute and the False claims Act Once you have completed this training course, please complete the attached attestation and return it to the Compliance Office to nmund@ecmc.edu If you have any questions about this training, please contact ECMCC s Office of Corporate Compliance at 716-898-6439 3

4. Code of Ethical Conduct Integrity Value Honesty Ethics Principles Choice Fairness ECMCC has adopted a Code of Conduct that serves as an organizational Constitution that applies to employees and vendors of ECMCC Vendors are expected to follow the Code of Conduct as well as applicable ECMCC policies and procedures A copy of the Code is enclosed with this training 4

5. OMIG OMIG Compliance Compliance Program Program Requirements Requirements The New York State Office of the Medicaid Inspector General or OMIG, enhances the integrity of the New York State Medicaid program by: Preventing and detecting fraudulent, abusive, and wasteful practices within the Medicaid program; and Recovering improperly expended Medicaid funds while promoting a high quality of patient care. 5

6. Lines of communication Policies and procedures Compliance Committee Elements of an effective compliance program Training and education Disciplinary Standards OMIG Compliance Program Requirements Compliance Officer Auditing and Monitoring Responding to Compliance Issues To assist providers in this effort, the OMIG provides comprehensive guidance related to provider compliance programs, self- disclosure, and Medicaid managed care fraud, waste, and abuse prevention program regulations. It is the responsibility of the Chief Corporate Compliance Officer to ensure we meet all of these requirements through our ECMCC Compliance Program. The requirements for an effective Compliance Program as defined by OMIG are shown here. 6

7. OMIG Compliance Program Risk Areas Billings According to OMIG requirements, a Provider s Compliance Program shall apply to the required provider s risk areas, which are those areas of operation affected by the compliance program shown here. Coding Ordered Services Quality of Care Medical Necessity Mandatory Reporting Contractor, Subcontractor, agent or independent contract oversight Payments Governance Credentialing Other Risk Areas identified through organizational experience 7

8. ECMCCs Compliance Program Overview ECMCC s Compliance Program is designed to promote compliance with federal and state laws and the rules governing participation in government healthcare programs, such as Medicare and Medicaid ECMCC s Compliance Program incorporates, among other things, elements considered to be essential to an effective compliance program: 1.A designated Compliance Officer and Compliance Committee 2.Written policies, procedures and standards of conduct 3.Compliance training and education 4.Lines of communication between personnel and the Compliance Officer 5.Policy of Non-Retaliation and Non-Intimidation 6.Internal monitoring and auditing 7.Disciplinary guidelines for enforcement of standards 8.Protocols for prompt response to detected offenses and the undertaking of corrective action 8

9. ECMCCs Chief Compliance Officer ECMCC has designated an individual to serve as its Chief Compliance Officer, Lindy Nesbitt. The Chief Compliance Officer is the focal point for ECMCC s compliance program and is responsible for the day-to-day operation of the compliance program. The Chief Compliance Officer leads the ECMCC Compliance Program. The Chief Compliance Officer reports to the Audit and Compliance Committee of the ECMCC Board, and the Chief General Counsel on at least a quarterly basis. 9

10. ECMCC Compliance Program Overview Policies and Procedures ECMCC policies and procedures function like internal laws that govern the conduct of employees, agents, contractors and other staff (including medical staff) Vendors are expected to follow applicable policies and procedures as well as the ECMCC Code of Conduct 10

11. ECMCC Compliance Program Overview Monitoring and Auditing The Office of Corporate Compliance develops annual monitoring and auditing plans base on a compliance risk assessment that considers: Identified areas of compliance concern for ECMCC, specifically, and for the healthcare industry generally Regulatory guidance, such as the annual OIG and OMIG Work Plan The Office of Corporate Compliance conducts annual reviews of its compliance program to determine its effectiveness, and whether any revision of corrective action is required. The Office of Corporate Compliance partners with many departments across the organization to ensure that we are documenting, coding and billing appropriately and accurately. 11

12. ECMCC Compliance Program Overview Disciplinary Standards ECMCC has published system-wide compliance disciplinary standards All individuals within the ECMCC system, regardless of position, are subject to ECMCC s disciplinary standards Disciplinary standards with respect to vendors may include measures up to and including reassignment or vendor personnel or suspension or termination of contract. 12

13. ECMCC Compliance Program Overview Communicating with the Office of Corporate Compliance ECMCC provides multiple lines of communication to the Office of Corporate Compliance to ensure that all employees and vendors are aware of and feel comfortable raising questions or reporting concerns regarding possible violations of the Code of Ethical Conduct, policies and procedures, or any applicable law, regulation or administrative rule It is critical that you immediately notify your supervisor or the Compliance Officer if you believe that there has been a potential violation of: Your contract with ECMCC, ECMCC s Code of Ethical Conduct, or any ECMCC policies and procedures applicable to your contract Criminal, civil or administrative laws The rules governing participation in any federal or state healthcare program The Office of Corporate Compliance can be reached at 716-898-6439. Confidential Compliance & HIPAA Anonymous Hotline at 855-222-0758 available 24 hours a day, seven days a week. The Office of Corporate Compliance will make a good-faith investigation into reports about ECMCC, whether received through the hotline or otherwise. 13

14. ECMCC Compliance Program Overview Investigations and Corrective Actions ECMCC takes seriously any compliance concerns raised ECMCC s Office of Corporate Compliance will follow up on any compliance concerns that may be identified through investigations, reports, auditing or monitoring The Office of Corporate Compliance, in consultation with applicable stakeholders, will determine whether corrective action is required to addr4ess compliance risks and vulnerabilities The office of Corporate Compliance may perform re-audits, implement new or amended policies and procedures, or implement new or enhanced monitoring processes, among other things The Office of Corporate Compliance may call on you to assist with evaluating the need for or implementing corrective actions, where appropriate 14

15. Fraud, Waste and Abuse 2022 2022 The United States Department of Justice collected more than $2 Billion dollars in False Claims. It is important to know too that government officials are increasingly likely to take executives and other individuals involved in corporate fraud, waste and abuse to court. 2023 2023 Federal and State governmental agencies continued to take an aggressive stance in protecting taxpayer-funded healthcare programs from fraud, waste and abuse. 15

16. Fraud and Abuse Laws Refer to these ECMCC policies that are designed to ensure compliance with fraud and abuse laws: Corporate Compliance: Billing and Coding Fraud, Waste and Abuse Compliance Non-Retaliation and Non-Intimidation Physician Compensation Policy Vendor Access Policy Competitive Bidding Procedure Interactions Between ECMCC and Industry Sanction Screening Policy 16

17. Fraud and Abuse Laws Civil Monetary Penalties Law Prohibits the submission of claims for unnecessary items and services or items and services that were not actually provided Prohibits giving Medicare and Medicaid patients something of value to influence the patient to choose a specific provider. Penalties for violations can be severe. 17

18. Regulating Financial Arrangements - Anti- kickback Statute & Stark Law The Anti-Kickback Statute (AKS) and Stark Law are designed to prevent fraud and abuse that could harm federal healthcare programs and patients The AKS and the Stark Law prohibit a variety of financial relationships that would be completely permissible in other industries Laws Emphasize both substance (Is the nature and intent of the arrangement appropriate?) and form (Is the agreement in writing? Does it include required provisions?) A financial relationship might be illegal even if it doesn't feel or seem wrong Even well-intentioned arrangements can violate the law Compliance with laws governing financial arrangements with sources or recipients of referrals is essential to protecting ECMCC against: Significant fines and penalties Reputational risk Legal costs incurred defending against an investigation 18

19. The Anti-Kickback Statute (AKS) The AKS prohibits payments or other transfers of value that are intended to induce referrals The AKS prohibits ECMCC from knowingly and willfully offering, requesting, giving, or taking any remuneration basically, anything of value in exchange for healthcare business A relationship will violate the AKS if just one purpose is an intent to improperly induce referrals Violations of the AKS may result in significant civil and criminal penalties Example: A hospital chain settled for $513 million with the federal government for AKS violations stemming from above-fair-market value payments made to OB-GYN clinic operators. The federal government contended that the payments to the clinic were made to induce referrals back to the hospital chain and its subsidiaries Forfeiture of federal healthcare program reimbursement Treble damages under the False Claims Act An underlying AKS violation renders claims per se false under the False Claims Act Exclusion from federal healthcare programs Prison 19

20. The Stark Law The Stark Law prohibits a physician from referring Medicare and Medicaid patients for certain designated health services to a facility with which the physician group, physician (or an immediate family member) has a financial relationship, unless a specific exception is met ECMCC is able to employ and contract with physicians if the arrangements fit within exceptions to the Stark Law If a financial relationship violates the Stark Law, every single Medicare or Medicaid referral for designated health services that the physician makes to ECMCC is impermissible ECMCC must repay any Medicare or Medicaid reimbursement that is received for designated health services referred by the physician Additional fines and penalties are possible as well Example: The Stark Law allows employed physicians to make referrals to their employer so long as certain requirements are met, including that compensation does not take into account the volume or value of referrals. One South Carolina hospital settled for $72.4 million with the federal government because, in part, they offered productivity bonuses to physicians that took into account their volume of referrals, running afoul of this requirement 20

21. The False Claims Act A key enforcement law is the Federal False Claims Act. The Federal False Claims Act prohibits an individual or entity from submitting claims to the Federal government that they know (or should know) are false, such as, for example, claims for services that were not provided. The New York False Claims Act similarly prohibits the submission of false claims to the State of New York ECMCC submits claims to both the Federal government and the State of New York for services provided to patients enrolled in government- funded healthcare programs, such as Medicare and Medicaid 21

22. The False Claims Act False Claims: when an entity knowingly receives money it should not and says nothing or conceals that an amount is owed. Any overpayments should be reported within 60 days identification to avoid False Claims Act liability and administrative penalties. ECMCC combats fraud, waste and abuse in many ways, including but not limited to, conducting internal audits and responding to external audits. False Claims within 60 days from If you become aware of an actual or potential overpayment, you should If you become aware of an actual or potential overpayment, you should immediately notify the Office of Corporate Compliance at immediately notify the Office of Corporate Compliance at 716 716- -898 898- -6457 so that ECMCC can promptly determine whether it has 6457 so that ECMCC can promptly determine whether it has received an overpayment and repay any overpayments it discovers received an overpayment and repay any overpayments it discovers 22

23. The False Claims Act The FCA contains so-called qui tam or whistleblower provisions Whistleblowers can file a lawsuit alleging an intentional violation of the law. Whistleblowers receive a percentage of the penalties that are imposed if lawsuit is won. Allows people both inside and outside of organizations to report intentional fraud to the government. Penalties may include treble damages: Up to 3 times the amount of damages sustained by the government as a result of the fraudulent claims Substantial fines per claim 23

24. Exclusion Screening We screen our staff for excluded providers or any excluded vendors we have contracts with Excluded providers cannot bill federal or state health care programs, either directly or indirectly. Inform your manager and the Office of Corporate Compliance immediately if you are excluded from participation in any federal or state health care program. Failure to do so will result in severe sanctions. 24

25. Conflicts of Interest (COI) Gifts from Industry Gifts from Industry ECMCC s policy governing Gifts and Interactions with Industry provides parameters for appropriate decision-making regarding the acceptance or provision of business gratuities, gifts, activities, and courtesies as well as other interactions between Individuals and Industry. Gifts from health care industry vendors are prohibited regardless of any value. Prohibits physicians from participating in industry sponsored Employees should not be giving pharmaceutical and medical device sponsored presentations unless it is their own work and complies with the other requirements of our policy. Pharmaceutical sales reps are prohibited from accessing our facilities unless they make an appointment 25

26. Health Insurance Portability and Accountability Act (HIPAA) and Patient Privacy What is HIPAA? What is HIPAA? A set of rules enacted by the government which, among other purposes, requires Northwell to protect the privacy and security of individuals health information HIPAA Applies To: HIPAA Applies To: Covered Entities, including ECMCC and its staff; Business Associates (vendors and contractors acting on behalf of ECMCC) Other Privacy & Security Regulations Other Privacy & Security Regulations HIPAA / HITECH All ECMCC facilities/programs 42 CFR Part 2 Substance Abuse treatment NYS Mental Hygiene Law Mental Health treatment 26

27. Health Insurance Portability and Accountability Act (HIPAA) and Patient Privacy Protected Health Information (PHI) Protected Health Information (PHI) Individually Identifiable health information Protected Health Information (PHI) Identifiers Minimum Necessary Minimum Necessary As healthcare providers, we must only request, use, or disclose, the minimum necessary information about a patient in order to complete the task at hand. 27

28. Health Insurance Portability and Accountability Act (HIPAA) and Patient Privacy Individually Identifiable Information Individually Identifiable Information Demographic data relating to an individual s past, present or future Payment for the provision of health care Physical or mental health or condition Treatment 28

29. Health Insurance Portability and Accountability Act (HIPAA) and Patient Privacy It is the responsibility of all ECMCC employees and vendors to protect the security of our patients PHI and prevent disclosures to unauthorized individuals. Any vendor that has access to PHI of ECMCC patients is required to sign a Business Associate Agreement which includes requirements for securely handling and storing PHI. Any employee or vendor who becomes aware that PHI may have been improperly disclosed to unauthorized individuals must notify the Privacy Officer immediately at 716-898-5880. 29

30. Monitoring Data for Inappropriate Use ECMCC will not tolerate Mishandling of our Data! Privacy breach detection and reporting solution that collects and aggregates data 24/7 ECMCC uses FairWarning an audit program that shows all accesses of our medical record systems. Sends alerts to HIPAA Team about occurrences of possible inappropriate access to medical records New enhanced artificial intelligence controls Used to conduct investigations in response to reports/concerns Discipline up to and including termination 30

31. Accessing Medical Record for Work You cannot access a record for personal reasons, including To check on a family member Your have a business- related reason You are only accessing the PHI necessary for treatment, payment or other hospital operations To schedule an appointment for yourself To find out someone s birthday or address **Accessing a medical record for a purpose unrelated to your assigned work may be a breach! **Sharing information learned at work to someone for an unrelated work purpose (including a family member or friend) may also be a breach! 31

32. Does something not feel right, or do you have an issue you want to discuss? We can help. Reporting obligations Reporting obligations It is the duty of every employee, vendor and all other individuals affiliated with ECMCC to comply with all governing laws, regulations, ECMCC policies and procedures and the Code of Conduct. Everyone must offer their complete cooperation with any investigation by ECMCC and/or governing authorities. You are required to report to the Office of Corporate Compliance, or the Compliance & HIPAA Anonymous Hotline any actual or suspected violations of the Code, ECMCC s policies and procedures and/or federal or state law. Can I be retaliated against for report an issue or participating in an Can I be retaliated against for report an issue or participating in an investigation as a witness? investigation as a witness? No. ECMCC does not permit retaliation against anyone for good faith and honest participation in an internal or external investigation. Office of Corporate Compliance Office of Corporate Compliance 716-898-6439 Lindy Nesbitt, AVP Corporate Compliance 716-898-4595 Nadine Mund, Director of Corporate Compliance 716-898-5880 Laura Fleming, Privacy Officer 855-222-0758 Compliance & HIPAA Anonymous Hotline Compliance & HIPAA Anonymous Hotline 32

33. Quiz Question 1: Question 1: True or False: ECMCC has a strict ban on gifts of any type or value from industry vendors. a) a) True True b) b) False False 33

34. Quiz Question 2: Question 2: True or False: You should report any potential conflict of interest to your ECMCC business contact and the Office of Corporate Compliance. a) a) True True b) b) False False 34

35. Quiz Question 3: Question 3: Which of the following prohibits submission of false or fraudulent claims in order to receive payment from the federal government? a) a) HIPAA HIPAA b) b) Federal False Claims Act Federal False Claims Act c) c) EMTALA EMTALA d) d) Federal No Surprise Act Federal No Surprise Act 35

36. Quiz Question 4: Question 4: Which of the following requires ECMCC to protect the privacy and security of individuals protected health information? a) a) Stark Law Stark Law b) b) HIPAA HIPAA c) c) EMTALA EMTALA d) d) Civil Monetary Penalties Law Civil Monetary Penalties Law 36

37. Quiz Question 5: Question 5: Which of the following prohibits payments or other transfers of value that are intended to induce referrals? a) a) Stark Law Stark Law b) b) HIPAA HIPAA c) c) EMTALA EMTALA d) d) Anti Anti- -Kickback Statute Kickback Statute 37