Hotline:

Transcription

1 Compliance 2013 University at Buffalo School of Dental Medicine Compliance Plan Employee Hotline: LLC- Compliance Copyright 2011

2 Compliance Plan Table of Contents 1.0 Preface 2.0 Compliance Structure 3.0 Compliance Manual Eight Elements of NYS Office of Medicaid Inspector General (OMIG) Compliance: 3.1 Commitment to Compliance Plan 3.2 Designation of a Compliance Officer 3.3 Education and Training 3.4 Development of Open Lines of Communication 3.5 Non-Intimidation and Non-Retaliation 3.6 Enforcement of Disciplinary Standards 3.7 Auditing and Monitoring 3.8 Investigation, Response Commitment to 4.2 Purpose of 4.3 Management s Responsibilities 4.4 Employee Responsibilities 4.5 Agents Responsibilities 4.6 Patient Rights 4.7 Conduct if Contacted by a Regulatory Agency 4.8 Compliance Guidelines 4.9 Questions and Answers. LLC- Compliance Copyright 2011

3 1.0 Preface Office of Inspector General (OIG) - The OIG is charged with oversight of healthcare delivery on a national basis, particularly with regard to Medicare regulations. And while each state also has oversight responsibilities, most state regulations to a great extent mirror the federal regulations. It has been stated that the OIG s most important responsibility with respect to healthcare is the prevention and detection of fraud, waste and abuse Office of Medicaid Inspector General (OMIG) New York State has recently joined in the health care compliance arena with laws and regulations that became effective September NY OMIG policies and processes are the model for ten other states who have mandated compliance for health care providers as well. New York mandates includes a Medicaid revenue threshold however whether you meet the threshold or not, a provider could become entangled in an OMIG audit through association with a provider who does meet the threshold (i.e. DME, Pharmacy) Fraud - any intentional act or omission designed to deceive patients or the government as payor, resulting in the patients or government suffering a loss and/or the perpetrator achieving a gain. (The most common examples of fraud include overbilling for services rendered, billing for services not rendered, and falsifying documentation either to cover up billing errors or simply to complete filing requirements when carelessness resulted in the information not initially being completed) Waste - the careless expenditure, consumption, mismanagement or use of resources, whether intentional or unintentional, resulting in charge to patients or the government. (The most common example of waste includes use of supplies or rendering of services that were not necessary. It should be noted that upon audit the government views the use of supplies or rendering of services for which medical necessity was not clearly documented as waste). (i.e. Inefficiencies) Abuse - intentional mistreatment of patients or destructive misuse or diversion of assets and resources, and activities that are inconsistent with sound medical or professional practices. (The most common examples of abuse are physical or mental mistreatment of patients, providing substandard or inferior care or treatment of patients, billing for substandard care or services, waste to such a scale that it is more than careless, and destruction or acts which shorten the useful life of equipment used by the provider). (i.e. Bending the Rules) Purpose of this Compliance Plan The SDM Compliance Plan is intended to demonstrate in the clearest possible terms the absolute commitment of the SDM to prevent and detect non-compliance, fraud, waste and abuse as well as misconduct by the company s employees and other agents (including independent contractors). As stated directly in the adoption certificate by Senior Management our intent is to implement and enforce an Effective Corporate Healthcare Compliance Program *1 that is active and will detect, disclose and prevent misconduct as well as fraud, waste and abuse. All employees and agents are expected to understand and adhere to this compliance program. LLC - Compliance Preface

4 *1 the term Effective Corporate Healthcare Compliance Program is not an arbitrary term, but rather is a specific term created and used by the OIG to describe a compliance plan which contains the required elements as established and from time-to-time modified by the OIG and which can reasonably be expected to detect and prevent fraud, waste and abuse. To have an Effective Corporate Healthcare Compliance Program an organization shall: Promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law Exercise due diligence to prevent and detect both intentional criminal conduct and unintentional errors Perform Risk Assessments to identify areas of most likely concern and diligently perform audits and monitoring in such manner that intentional misconduct and unintentional errors would be expected to be discovered Assure that the compliance program is reasonably designed, implemented and enforced so that the program is generally effective in preventing and detecting improper conduct Board/Governance Understanding and Commitment - The Governing Board/Board of Directors *2 of the SDM fully supports that one of their primary responsibilities is to oversee that the operations of the company are guided by policies which foster a culture of integrity and that are guided by policies that establish an Effective Corporate Compliance Program. As such, the Governing Board has adopted this Compliance Plan, and Policies and Procedures aimed at detecting and preventing Medicare and Medicaid fraud, waste and abuse, as more fully attested to in the Adoption Certificate. *2 throughout this document the term Governing Board shall be used to describe the oversight body of the SDM Management Understanding and Commitment - Senior Management of the SDM fully understands and supports that it is both their and every employee s responsibility to conduct themselves in accordance with the conditions listed in this Compliance Plan, and that no one can delegate this responsibility. As such, Senior Management will conduct themselves in accordance with the Compliance Plan, and will themselves certify and require each employee certify that they have read and understood the plan Summary - The adoption of a Compliance Plan creates standards and processes upon which the company is agreeing to be held accountable. The Compliance Plan requires that all applicable parties be properly trained in healthcare compliance matters, and that the company periodically test all aspects of the Compliance Plan so that it is not just a paper document. Preface

5 2.0 Compliance Structure Covered Entities - For purpose of the SDM s Compliance Program, all entities associated with this provider will be considered participating and covered entities, all being guided and bound by the Compliance Plan, Policies, and, and will be collectively referred to in this document as "The Company" Policy Statement: Acceptance of Governing Board s - The SDM understands that compliance with standards and regulations applicable to the quality of services delivered by providers, and billing for those services, is essential for the lawful behavior and corporate success of such organizations. As such, adoption of this Compliance Plan obligates the Governing Board to provide oversight and guidance to the organization such that an Effective Corporate Healthcare Compliance Plan is maintained and that appropriate steps are taken to detect and prevent Medicare and Medicaid fraud, waste and abuse. The Governing Board s responsibilities include ensuring that: An Effective Corporate Healthcare Compliance Plan, as defined and modified from time to time by government regulations, exists and is reviewed, updated if necessary All required regulatory reporting is performed on a timely basis A culture of integrity, compliance and non-retaliation is fostered within the company The Compliance Program s objectives are consistent with the corporate mission The program s objectives are reflected in all governance, risk management, information management and financial and operational activities They receive reports from the Compliance Officer / Compliance Committee They monitor the effectiveness of the program Confidential Compliance Hotline As part of the structure of the Compliance Plan, The SDM has established a Confidential Compliance Hotline (716) for use by anyone that feels uncomfortable reporting a Compliance issue to their supervisor, management or the Compliance Officer. The Compliance Hotline is a voice mail system on which you can leave a message regarding your concern, 24 hours a day. The name or identifying details of anyone who calls the Hotline and requests to remain anonymous will be held confidential. Caller ID is not tracked. LLC - Compliance

6 3.0 Compliance Manual Commitment to Compliance Plan Policy Statement: Adoption of Plan The SDM advocates a culture of integrity and corporate responsibility. As a result, the company has designed and adopted an active Effective Corporate Compliance Program. New York State Office of Medicaid Inspector General Part 521: 8 Elements of an Effective Compliance Program: Development of Written Policies and Procedures Designation of a Compliance Officer & Compliance Committee Education and Training Developing Open Lines of Communication Non-Intimidation and Non-Retaliation Enforcement of Disciplinary Standards Auditing and Monitoring Investigation, Response and Prevention Purpose of Adoption The SDM has adopted the Compliance Plan to enhance ethical behavior, provide quality care and promote the mission of the SDM and expects the Governing Board, Senior Management, employees and agents to adhere to requirements of the Plan. Unethical behaviors, violations of the requirements of the Plan, and actions which result in Medicare or Medicaid fraud, waste or abuse will not be tolerated and may result in termination of employment or contract. LLC Compliance

7 Designation of a Compliance Officer Designation of Compliance Officer - To assist the Governing Board in carrying out its compliance responsibilities, the Board has a designated individual to act in the capacity of Compliance Officer for the SDM. The Compliance Officer s responsibilities include: Overseeing and monitoring the implementation of the Compliance Program Revising the program due to changes in the company or in the law or policies of the government, and private payor plans Developing and coordinating a training program that focuses on all the elements of the compliance program ensuring that all relevant employees are trained in the areas pertinent to their job function Ensure that all employees and agents are checked against the OIG s and State s List of Excluded Individuals/Entities Ensuring that agents who furnish health care services to patients are aware of and comply with the Compliance Program Reporting to the Governing Board on a regular or as needed basis Setting up a method of reporting incidents of possible misconduct that assures anonymity to those filing the report (direct access to the Compliance Officer and the Compliance Committee must also be set up for those who do not wish to remain anonymous) and communicating the method within the training program Investigating and resolving all reported incidents in a timely manner Periodically scheduling and coordinating audits to check for compliance on Medicare/Medicaid fraud, waste and abuse Act as an employee s advocate and liaison for all compliance issues Designation of Compliance Committee A compliance committee has been formed and includes employees of the SDM for the purpose of addressing compliance concerns. The benefit of a compliance committee is that it has the perspective of individuals with varying responsibilities, including: Advising the Compliance Officer and assisting in the implementation of the Compliance Plan Monitoring the healthcare industry for general and specific risk areas Reviewing educational and training programs and advising on the content Monitoring in conjunction with appropriate individuals/departments, standards of conduct and policies and procedures to promote compliance Reviewing and advising the strategy/approach to promote compliance with the Compliance Plan and detecting any potential violations Reviewing the system to solicit, evaluate and respond to complaints, problems and enforcement Monitoring or reviewing periodic reports from the Compliance Officer regarding internal and external audits, reviews and investigations for the purpose of identifying deficiencies and advising and reviewing corrective Action.

8 Education and Training Policy Statement: Commitment to Training The SDM is committed to providing adequate training to all employees so that they are aware of and understand all aspects of the SDM Compliance Plan, relevant government regulations and proscribed methods and accepted compliance practices Purpose of Compliance Training - The purpose of compliance training is so that the Governing Board, management, employees and agents understand: The elements of the Compliance Plan and the Ensure a commitment of compliance throughout the organization Enhance the ability to identify all compliance issues. Communicate reporting expectations Educate regarding the State and Federal government laws and regulation Training Topics - The following topics are included in, but not limited to, the Compliance Training Program: Elements of Compliance Understanding the Fraud, Waste and Abuse Compliance with Medicare and Medicaid Conditions of Participation OMIG and OIG Work Plan focus items Prohibition on paying or receiving remuneration to induce referrals Improper alterations to clinical or financial records The duty to report misconduct or fraud. Proper documentation in clinical and financial records Medical Identity Theft New pertinent Federal laws and regulations State Regulations Communication and Training - The Compliance Officer is responsible for all communications and training involving the Compliance Plan. Management and staff will be required to attend a training session(s), conducted by the Compliance Officer or his designee, with the objective to ensure that all participants understand and appreciate all aspects of the Compliance Plan, including the risks of non-compliance to the organization and for themselves Employee and Agent Compliance Certification The SDM is dedicated to the understanding and acceptance of the Compliance Plan throughout the company. Upon completion of Compliance Training, and on an annual basis thereafter, employees and agents will certify/recertify receiving, reading and understanding the Compliance Plan Business Associate Agreements The SDM, as part of our Compliance Plan, is dedicated to the safeguarding of individual identifiable health information under the HIPAA regulations. Business Associates are required to complete a Business Associate Agreement and adhere to it.

9 Development of Open Lines of Communication Policy Statement: Commitment to Open Line of Communication The SDM is committed to maintaining a hotline to receive and process complaints and to ensure effective lines of communication between the Compliance Officer and all employees and agents, which allows complainants to remain anonymous, and protects whistleblowers from retaliation. Further information regarding the Hotline can be found in the Code of Conduct in section Posting of Compliance Program Policy Compliance hotline numbers are posted in a conspicuous place for easy access. Hotline numbers are provided for the employee to report non-compliance, fraud, waste and abuse to the company. In the event the employee feels these issues have been left unresolved by the internal corporate Compliance Plan, State and Federal Hotline numbers are also posted in a conspicuous place Purpose of Compliance Hotline - The primary purpose of the Compliance Hotline is to provide a means for employees and agents of the company, who are uncomfortable talking to supervisors, management or a member of the Compliance Committee, to report any activity or conduct which he/she suspects is not consistent with the company s Compliance Plan and Federal, State and local laws and regulations ( improper or illegal activity or conduct or non-compliant activity ) on an anonymous basis Procedure for Reporting Through the Hotline - The Compliance Hotline is a voice mail system on which you can leave a message regarding a concern, 24 hours a day. The telephone number for the Compliance Hotline: (716) The following information should be left on the voic system so that the appropriate members of the Compliance Committee can follow up on the concern: Detailed statement explaining the concern and type of suspected improper or illegal activity or conduct Dates or time period of the suspected improper or illegal activity or conduct The department to which the concern relates Whether the suspected improper activity or conduct was reported to anyone if yes, to whom, how, when and what was the response Description of any documentation that would assist with an investigation Caller May Remain Anonymous - Callers do not have to leave their name if they wish to remain anonymous. However, it is helpful if employees give their name so that during an investigation of the report, additional information can be obtained if necessary. The SDM will preserve an employee s anonymity to the extent possible. While the company will always strive to maintain the confidentiality of an employee s identity, there may be a point where the individual s identity may become known or may have to be revealed in certain circumstances. If the caller does not leave their name, they should leave a telephone number (home or cell) where they can or would like to be reached if the company needs additional information.

10 3.4.5 Resolution of Complaint - Reports will be referred to appropriate personnel for investigation and resolution, which may include corrective action, discipline and disclosure to the appropriate agency Whistleblower or Qui Tam Provisions - In order to encourage individuals to come forward and report misconduct involving false claims; the Federal False Claims Act contains a Qui Tam or whistleblower provision. The Government, or an individual citizen acting on behalf of the Government, can bring actions under the False Claims Act. An individual citizen, referred to as a whistleblower or Relator, who has actual knowledge of allegedly false claims may file a lawsuit on behalf of the U.S. Government Communication to Patients - A copy of the Compliance Plan and will be made available to patients or their representatives to review on the company premises upon request.

11 Non-Intimidation and Non-Retaliation Policy Statement: Commitment to Non-Intimidation and Non-Retaliation The SDM is committed to establishing a Compliance culture of non-intimidation and nonretaliation. The SDM is committed to a policy that individuals who make a good faith effort to report activity or conduct that they suspect is not consistent with the Compliance Plan, and Federal, State and local laws and regulations, will not be subject to retaliation of any kind. This policy is set at the Governing Board level and communicated and enforced throughout the organization by Senior Management and the Compliance Officer Purpose of Policy - The purpose of this policy and procedures on retaliation is to further state the commitment of the SDM to require its employees and agents to report, in good faith, activity or conduct that they suspect is not consistent with the Compliance Plan, and Federal, State and local laws and regulations, because the likelihood of employees and agents reporting suspected improper or illegal activity or conduct would likely be reduced if they feared that they would be the subject of retaliation for reporting the activity or conduct Forms of Retaliation - Retaliation can take several different forms, some examples include harassment, demotion and termination Reporting Suspected Retaliation - If someone reported activity or conduct that they suspected was not consistent with the company s Compliance Plan, and Federal, State and local laws and regulations (improper or illegal conduct or activity) and they believe that they have been subject to retaliation or intimidation as a result of the report, they should report the suspected retaliation to the Compliance Officer or someone on the Compliance Committee Compliance Committee Investigation - The Compliance Officer or another member of the Compliance Committee will investigate and consider the facts regarding the suspected retaliation or intimidation. Considerations may include the following: The facts surrounding the conduct or event that led to the suspected retaliation The documented reason for the demotion or termination The timing of the suspected retaliation in relation to the reporting of the suspected improper or illegal activity or conduct Past performance evaluations Corrective Action - The Compliance Committee may consult with the Senior Management to determine if retaliation has occurred and if appropriate, take corrective action, which may include: Discipline of the individual(s) taking the retaliatory action Reversal of the results of the retaliatory conduct

12 3.5.6 Those who intimidate or retaliate subject to discipline - Those who intimidate or retaliate against individuals who in good faith report activity or conduct that they suspect is not consistent with the Compliance Plan, and Federal, State and local laws and regulations, will be subject to discipline consistent with the SDM s discipline policy up to and including dismissal.

13 Enforcement of Disciplinary Standards Policy Statement: Commitment to Uniform Disciplinary Procedures The SDM has established uniform disciplinary procedures and will provide explanations of standard disciplinary sanctions for non-compliance to all employees and agents Violation of Policy and Procedure - Investigations resulting in a decision that an employee has violated the SDM s, Policies and Procedures, or Federal and State laws and regulations will result in sanctions against the employee if necessary Violations List - Potential violations include, but are not necessarily limited to: Authorization of participation in any activity that violates the Code of Conduct, policies and procedures or Federal and State laws and regulation Failure to report activity or suspected activity that violates the Code of Conduct, policies and procedures or Federal and State laws and regulation Encouraging, directing, facilitating or permitting either actively or passively non-compliant behavior that violates the, policies and procedures or Federal and State laws and regulation Failure to detect and report an offense by a violator s supervisor if such failure is due to inadequate oversight and supervision Refusal to cooperation in any investigation by the Compliance Officer Retaliation against or Intimidation of an individual for reporting a compliance violation Extent of Disciplinary Sanction The extent of any disciplinary sanctions, which will be determined by members of Senior Management, in consultation with the Compliance Officer, and the violator s supervisor, will depend on several factors, including, but not necessarily limited to: Severity of the violation Self-disclosure of the violation History of past violations Level of cooperation in relation to the investigation of the violation Whether the violation was committed: Accidentally Negligently Recklessly Intentionally Follow-up to Violations - In additional to any disciplinary action, the SDM will implement corrective or remedial measures if appropriate and necessary. Consideration will also be given to the violation s impact on training and monitoring activities.

14 Auditing and Monitoring Policy Statement - Auditing and Monitoring The SDM has established policies and procedures to enforce the Compliance Program through Auditing and Monitoring as well as reviews and training. Auditing and Monitoring will include reviews of identified high risk areas, non-compliance, potential fraud, waste and abuse, audit results, operations, systems, processes, policies, standards and other activities. Reviews will be performed under the direction of the Compliance Officer and conducted using various methodologies including: The use of Compliance Committee members and outside resources as necessary The use of onsite reviews, interviews with employees, questionnaires and reviews of standard policies, records and communications Purpose of Auditing and Monitoring - To assist Senior Management in the effective discharge of its responsibilities by providing impartial analysis, appraisals, recommendations and pertinent concerns on: The adequacy of operational controls The efficiency and effectiveness of uses of the company s resources The reliability of information provided to Senior Management Compliance with established policies and procedures The presence of or possibility of potential matters of business risk, fraud, waste, abuse, theft, mismanagement and other similar matters Other matters at the direction of Senior Management and the Compliance Committee when and as they arise Independence and Objectivity of the Compliance Officer - Independence and objectivity are essential to the effectiveness of the Compliance monitoring function. The Compliance Officer does not exercise direct authority over other persons whose work is reviewed. While the Compliance Officer is free to review and appraise policies, plans, procedures and resources, the review does not in any way relieve other persons in the organization of the responsibilities assigned to them. The Compliance Officer s objectivity is not adversely affected, nor is the department requesting the review negatively viewed, when the Compliance Officer recommends internal controls or reviews procedures before they are implemented. Moreover, the Compliance Officer has the responsibility and authority to recommend necessary improvements and to follow the progress toward implementing appropriate improvements.

15 3.7.3 Responsibilities - The establishment and maintenance of acceptable business practices and adequate effective internal controls is the responsibility of Senior Management. To assist management in carrying out this responsibility, the Compliance Officer reviews and evaluates business practices and systems of internal control, reports to management identified weaknesses together with recommendations for improvements, and follows the progress of corrective actions. The Compliance Officer has responsibility to: Develop monitoring plans based on an assessment of risks and special requests by Senior Management Implement the monitoring plan as approved, including as appropriate any special tasks or projects requested by Senior Management Assist in the investigation of significant suspected fraudulent activities within the organization and notify the Senior Management of the results Report to the Governing Board on an annual basis or more often if necessary to summarize monitoring conducted since the last report and provide a list of significant measurement goals and results Auditing and Monitoring Standards and Ethics - The Compliance Officer has the responsibility to maintain high standards of conduct, independence and character to carry on proper and meaningful monitoring within the company. In addition, the Compliance Officer s conduct shall be consistent with the policies of company Documentation - The details of the monitoring and auditing will be documented.

16 Investigation, Response and Prevention Policy Statement: Compliance - The SDM is committed to eliminate the possibilities of non-compliance, fraud, waste and abuse and to following procedures to Self-Disclose violations when necessary Examples of Compliance Violations: Medical unnecessary services Billing for services not rendered Falsifying documentation Up-coding Unethical behavior Duplicate billing Knowing of an issue and not reporting it Intimidation and/or retaliation toward an individual who reports a compliance issue Self-Disclosure - Providers are required to maintain an effective Compliance Program and make timely disclosure and repayment of overpayments obtained from government health care programs. Providers who identify internal billing or operational issues that might affect their right to Medicare and Medicaid reimbursement must come forward and disclose the problem and the potential financial impact When Self-Disclosure is not Necessary - When billing errors and overpayments, are insubstantial, non-routine, not systemic or part of a pattern of errors, corrections can be made through resubmitting claims and Self-Disclosure is not necessary. Section 6302(a) of the Patient Protection and Affordable Care Act of 2010 (PPACA) contains a report and return requirement for overpayments. Providers are legally obligated to report and return Medicare and Medicaid overpayments no later than 60-days after the knowledge of the overpayment is obtained. A missed deadline constitutes an automatic violation of the False Claims Act When to Self-Disclose - Self- reporting will be conducted for substantial routine errors, systemic errors, patterns of errors and potential violations of fraud and abuse that are identified. Overpayments and/or inappropriate payments will be reported by the SDM as early in the discovery process as possible. The process before Self-Disclosing is to: Discuss whether or not a self-disclosure is warranted Discuss to whom self- disclosure should be made Conduct or advise about the provider s internal investigation Review the existing compliance plan for effectiveness Consult with legal counsel before Self-Disclosure

17 3.8.5 Determination to Self-Disclose - If a determination is made to self- disclose a problem, a series of steps must be followed and the steps are set forth in the Self-Disclosure Policy of the OIG. An initial report is prepared and must include: The basis for the disclosure How it was discovered The time period involved An approximation of any financial impact The regulations implicated Any corrective actions that may have been taken

18 4.1.0 Commitment to The SDM is committed to providing health care services in compliance with the letter and spirit of applicable laws and regulations. As each employee represents and functions as an agent of the company, it is important that each person conducts themselves with absolute integrity at all times. Violation of Federal and State rules and guidelines can result in harsh penalties imposed on the company, its managers and individual employees. The is designed to provide guidelines to avoid risk for all Condition of Employment - Compliance with legal requirements, company policies and procedures, and this is a condition of employment. Violations of the will result in consequences, including employment or relationship termination. The Governing Board and Senior Management of the SDM consider ethical behavior to be of utmost importance and as such are in full support of the consequences for violation of the Raising Concerns or Questions - If any employee or agent has a question regarding this or whether a situation is in violation of the SDM Compliance Plan, or Federal and State regulations they should immediately contact the Compliance Officer or call the Confidential Compliance Hotline. The Governing Board has gone on record to assure that there will be no retribution for asking questions or raising concerns about the SDM Compliance Plan,, or possible infraction of Federal and State regulations Purpose of - This has been designed, not because we question the honesty of our employees, but because the complexity of the health care environment can make it difficult to distinguish right from wrong, proper coding/billing from erroneous coding/billing. Supporting our is our commitment to the following shared values: We recognize the unique value of each person We believe that every patient and co-worker should be treated with respect We believe that our business should be conducted with absolute and unyielding integrity, in accordance with all industry standards and government regulations The SDM is an equal opportunity workforce and no one shall discriminate against any individual with regard to age, gender, disability, race, color, religion, national origin or sexual orientation. LLC Compliance

19 4.3.0 Management s Responsibilities - Managers are subject to all of the responsibilities assigned to employees, and additionally are expected to provide the leadership, resources and guidance to the employees to carry their duties in accordance with the SDM Policy and Procedures and. As such managers are: Required to lead by example, always displaying integrity and full compliance with industry standards and government regulations Required to make sure that their colleagues and subordinates understand and apply the ethical standards set out in this. To do so, they must listen to their employees questions and act on their concerns Required to foster and preserve a work atmosphere in which ethical concerns can be raised and candidly discussed Required to provide the appropriate training with regard to compliance so that it is reasonable to expect that their colleagues and subordinates have the knowledge base from which to expect compliant behavior Required to report to the Compliance Officer for tracking and resolution any compliance issues which they, their colleagues or subordinates discover Required not to take any retaliation against anyone for asking questions or raising concerns about the SDM Compliance Plan,, or possible infraction of Federal/State regulations Required to ensure that the company does not pay for patient referrals Required to ensure that the company does not take payment for referrals that it makes Employee s Responsibilities - Honesty and integrity in actions and knowledge of industry standards and government regulations are expected in all employees. The SDM is committed to maintaining an Effective Corporate Compliance Program, and is committed to preventing and detecting Medicare and Medicaid fraud, waste and abuse, as well as compliance violations, and as such has devoted a considerable amount of time and expense toward these ends. Every employee (including an unpaid volunteer) is required to be familiar with this and policies and laws that apply to their job. If someone is uncertain about the law, policy or procedure, they should follow the communication process outlined in the Policies and Procedures or contact the Compliance Officer for clarification. Specifically each employee is: Required to maintain the appropriate credentials and obtain the appropriate continuing education and updates which may be required for them to perform their job Required to notify the Compliance Officer if there is a lapse in, or revocation of, any of the required credentials or licensure, including a driver s license if it is required for their position with the company Required to observe at all times the Patient Rights detailed in Required to obtain a thorough understanding of regulatory requirements to enable them to perform their job with complete compliance, as claims of ignorance, good intentions, using poor judgment or repetitive unintentional policy violations are generally not acceptable as excuses for non-compliance. Prohibited from knowingly presenting or causing to be presented claims for payment or approval which are false, fictitious, fraudulent or not supported by medical necessity and appropriate coding

20 Required to provide reliable documentation of all services rendered and must not destroy any information which is considered part of the medical record Authorized to use confidential information only to the extent necessary to perform their job and shall not share this information with anyone unless there is a legitimate need to know the information, which is allowed by law Required to treat the following information as confidential and subject to the above restrictions: all patient information: including medical, demographic and financial information, Social Security numbers and credit card information; company information: including pricing data, cost data, operating results, strategic plans, marketing techniques and supplier and subcontractor information Prohibited from accepting a gift from a potential or existing Business Associate, which might be interpreted as a referral for business related to the Federal health care program, or without first notifying the Compliance Officer and receiving permission from the Senior Management that the gift or invitation to attend an event is reasonable and allowed. Required to report to the Compliance Officer or anonymous hot line any activity by a colleague, physician, subcontractor or vendor that appears to violate applicable laws or industry standards. If an employee knows of a problem, they must not remain silent, they must step forward with information so that the issue can be investigated and resolved Agent s Responsibilities - Agents (including independent contractors, Business Associates) with which the SDM engages to perform patient healthcare services, or other services with non-incidental PHI exposure, under a Business Associate Agreement, on its behalf are expected to have the necessary skills, quality control processes, systems and appropriate procedures to ensure all work is accurate and in compliance with industry standards and government regulations. The SDM requires such agents to be familiar with and adhere to the and Compliance Plan Patient Rights The SDM is committed to providing compassionate, quality emergency medical services and transport, in a cost effective manner in compliance with all regulatory billing requirements. As such: All patients will be treated without discrimination to age, gender, disability, race, color, religion, national origin or sexual orientation In accordance with the Emergency Medical Treatment and Active Labor Act, emergency medical screening and stabilization treatment will be provided to all patients, regardless of ability to pay All Patient medical history and information will be treated as confidential and consistent with HIPAA and HITECH requirements we will not use, disclose or discuss patient information with others unless it is necessary to serve the patient or is required by law.

21 4.7.0 Contact by Regulatory Agencies - From time to time regulatory authorities conduct unannounced audits of visits. All employees and agents are required by the SDM to fully cooperate, honestly and in a professionally courteous manner with all such regulatory authorities. As indicated in the SDM policies, upon contact by any regulatory authority for audit or investigation purposes, the employee or agent should immediately contact the Compliance Officer to inform them of the audit or visit and to obtain the Compliance Officer s assistance in dealing with the audit or visit. If you are contacted by a regulatory agency when you are off-duty, you should request that all questions be deferred until you are back at work. Under this circumstance you should inform the regulator that you would be happy to cooperate fully and answer any questions when you report back to work. You should offer to schedule to meet them, during regular business hours, with both you and your Compliance Officer List of Regulatory Agencies - Regulatory agencies which might show up unannounced include: Office of Inspector General (OIG) Department of Justice (DOJ) Federal Bureau of Investigation (FBI) Occupational Safety & Health (OSHA) Centers for Medicare and Medicaid Services (CMS) State Department of Health (DOH) or any affiliated agency Medicaid Fraud Control Unit (MFCU) Food & Drug Administration (FDA) Environmental Protection Agency (EPA) Office of Medicaid Inspector General (OMIG) Compliance Guidelines - The purpose of this section is to assist the employee with some guidelines of how to proceed when issues of ethics or non-compliance with the Code of Conduct and Compliance Plan arise Ethical Situations Neither the, nor our overall Compliance Program can cover every situation you may face. If you are confronted with an ethical situation that you are not sure how to handle, judge your response against the following guidelines: Does it comply with the company Policies and Procedures? How would you feel if the situation and your contemplated actions were on the front page of tomorrow s newspaper? How would the situation look to our patients if they knew the full details? Does your action make common sense? Seek Help Regarding Compliance Questions - Compliance issues are not always black and white, nor are the decisions simple. But most times when your first impression is that you are entering a grey area, you certainly are not entering a white area. If you do not know for certain how an issue is to be treated by regulations, you should seek guidance. Open discussion of ethical and legal issues is vital to the effectiveness of the Compliance Plan and to the SDM, as indicated throughout this manual, which has indicated that integrity and compliance with regulations is important to the company. If you have a question about issues that arise in the performance of your job or want to report a compliance concern, use one of the processes described below:

22 Discuss the issue with your supervisor. They should know you and the issues in your workplace better than anyone. Give them a chance to help solve the problem, because they have access to a variety of resources Speak to the Billing Supervisor. If they can t answer your documentation and billing questions, then both of you need to seek further assistance Contact the Compliance Officer Use the Confidential Compliance Hotline (716) If you feel uncomfortable talking to your supervisor, management or the Compliance Officer, you can call the confidential Compliance Hotline. The Compliance Hotline is a voice mail system on which you can leave a message regarding your concern, 24 hours a day. When you call the Hotline, you will be given instructions. At your option you can leave your name and if you want to be contacted with the answer to a question or if you want to know about resolution of an issue, or you can remain anonymous and leave a detailed statement explaining your concern and type of suspected improper or illegal activity or conduct Reporting and Investigating Violations - If you know of a possible violation or suspect Medicare or Medicaid fraud, waste or abuse, you must report it, possibly as a matter of law, but most certainly by conditions of the Compliance Plan instituted by the SDM. If you become aware of a suspected violation and fail to report it, you will likely be subject to disciplinary action for remaining silent. Company policy mandates that employees and agents report conduct that a reasonable person would believe to be a violation of corporate policy, laws and regulations. Further discipline may be appropriate where a responsible employee s failure to detect a violation is attributable to his/her negligence or reckless conduct Questions & Answers: The purpose of this section is to answer some common questions employees may have regarding the and action they should take consistent with an Effective Corporate Healthcare Compliance Plan Q: How can I be sure of the confidentiality of any report I make? A: It is in the company s best interest to be compliant with Medicare and Medicaid regulations, and to maintain an Effective Corporate Healthcare Compliance Plan. Failure to do so could result in the company s exclusion from Medicare and Medicaid. Under penalty of law the SDM have gone on record indicating that they will not take retaliatory actions against anyone reporting a compliance issue. Additionally the company has taken the steps of implementing a Confidential Compliance Hotline Q: What will happen if I report an unintentional violation that I was involved in? A: The report will be investigated to determine the facts and circumstances. The fact that it was unintentional and that you came forward voluntarily will be taken into account and generally would absolve anyone from disciplinary actions.

23 4.9.3 Q: How am I protected if someone deliberately makes a false report in order to get me in trouble? A: All investigations will be handled professionally and without prejudice. Only the facts will determine the outcome. Intentionally making a false accusation is a serious violation and will lead to disciplinary action of the perpetrator, up to and including dismissal. Any employee who believes he/she has been treated improperly because of a reported concern should contact management or a member the Compliance Officer Q: I recently witnessed some activities which I think are violations of policy. I would like to do something but I do not want to be viewed as a squealer. What if I do not report it and it is later discovered that I knew about it? A: Depending upon the circumstances you could be subject to either legal consequences for violations of the Medicare and Medicaid anti- fraud statutes or company disciplinary actions - ethics and compliance are a shared responsibility. No employee has the right to put the company and everyone else s job in jeopardy, by violating the law. You are obligated to step forward, if you are aware of a violation by another employee. The manner in which you do so is up to you, either by discussing with the employee until you are satisfied that you made a mistake or that they are correcting the issue, by contacting the Compliance Officer, or by calling the Confidential Compliance Hotline (716) Q: What are the most common compliance violations? A: Violations can occur for a variety of reasons, but the most common have to do with: Erroneous or falsified documentation, usually supporting medical necessity where such did not exist Up-coding of claims Billing for services after date of death Q: What should I do if I receive a phone call or visit from an auditor from OIG (Office of Inspector General), or any other auditor or regulator? A: First, take a deep breath and remain calm. Audits always go best when everyone remains civil and pleasant; likewise, audits also tend to go poorly when defensiveness is displayed. Explain to the auditor that in accordance with the SDM policy, whenever the company is visited by a regulatory agency you have been instructed to ask them to wait until you can contact your Compliance Officer. You should immediately try and contact the Compliance Officer and if they are not available the senior most person possible. The auditor will usually allow you a reasonable amount of time to make this contact, provided that all other activity which could be construed as trying to hide or alter documents is ceased. If the auditor does not allow you this courtesy, do not do anything which would be contrary to their orders or do anything which could be construed as blocking their access to records. If you can t locate the Compliance Officer or a senior member of the company, comply with all of the auditor s requests, but continue to try and contact the Compliance Officer.

24 4.9.7 Q: If I am questioned by a regulatory inspector do I need to contact my attorney? A: Generally the answer is no. Most audits and interviews are routine, so your first step should be to contact the Compliance Officer. If an attorney is needed, if you or anyone else believes or recommends that an attorney is needed, including recommendation by the regulator, the Company may provide you with an attorney. This will usually be sufficient, but if there is reason why you should have a personal attorney present, the Company attorney will so advise you.

25 LLC Compliance