Provider Training Portal

Once you have finished a training, please proceed to the next one. To navigate the training material, place your mouse over the training material to enable the scrolling feature (if you are on a mobile device, touch the training material to enable the scrolling feature).

To review the training material below, place your mouse over the training material to enable the scrolling feature (if you are on a mobile device, touch the training material to enable the scrolling feature).

Enhanced Utilization Management Model

(This is a text version of the Training. Click Here for the print version)

Enhanced Utilization Management Model at ATA-FL

Why are we improving our model now?

  • We want providers to submit all visit encounters as required by state and federal agencies, so we are linking subsequent level payments to the submission of all visit encounters. This is already required/complied with by provider under a FFS model.
  • We want to reduce administrative burden for our provider network from multiple submissions of similar documentation to one submission per episode of care.
  • We want to remain compliant with AHCA requirements.
  • We want to introduce new evidence-based criteria in our UM process.

What is Changing?

  • NEW As we continue to improve our UM model, we have recently adopted use of standardized test scores in conjunction with Milliman Care Guidelines to authorize levels of service.
  • NEW Using the submitted diagnosis, the results of standardized test scores, Milliman Care Guidelines, and the clinical record, ATA-FL will authorize levels of service. In the authorization process we will provide you with “reasonable” or “expected” ranges in the number of visits that correspond to the payment level. The provider may proceed with more visits than the “reasonable” or “expected” number contained within our authorization letter; however, actual visits should align with the Plan of Care.
  • NEW The manner of payment under the new model is a pure case rate model. We will cease issuing an initial number of subsequent visits at a FFS rate. The evaluation will no longer be paid separately. The evaluation will fall under the first level assignment along with all of the other DOS as set forth in the plan of care in the first 60 days of the certification period.
  • The Management of therapy services at ATA-FL via a case rate model will not change. This means that levels are assigned and payment is based on those levels.
  • NEW Each of these levels will correspond to a range of visits.
  • After the evaluation, an authorization must be obtained from ATA-FL before treatment begins and you will not be paid for services prior to this date. You do not need to request authorization to complete the evaluation. However, remember that all services rendered , including an evaluation only, must have a certification number in order for the claims to process. The evaluation will no longer be paid separately.

Milliman Care Guidelines(MCG)

Upon receipt of the authorization request an ATA-FL clinician will review the request and issue a Level based upon the diagnosis, Standardized Test Scores, MCG and clinical record.

  • Nationally recognized and widely used clinical guidelines.
  • Provides observed ranges of visits based upon diagnosis
  • Eight of the ten largest U.S. health plans use Milliman Care Guidelines.
  • Improves healthcare effectiveness with evidence-based care guidelines.
  • MCG’s clinical editors analyze and classify peer-reviewed research in support of the guidelines.
  • Annually more that 140,000 references are reviewed.

Upon receipt of the authorization request an ATA-FL clinician will review the request and issue a Level based upon the diagnosis, Standardized Test Scores, MCG and clinical record.

  • Level 1 – Evaluation only/within normal limits
  • Level 2 – Mild impairment level
  • Level 3 – Moderate impairment level
  • Level 4 – Severe impairment level
  • Level 5 – Profound impairment level

Tertiary, Medically Complex patients are covered by the health plan. Our UM team will assist providers in referring any patients identified as such to the health plan for appropriate authorization and services.

Using test scores to assign levels Speech Therapy examples:

ATA-FL reviews the diagnosis, results of standardized test scores, MCG and clinical record, and assigns a level.

Requesting an Authorization: 4 Critical Elements

All treating providers MUST submit the following 4 Critical Elements with the authorization request. Providers may submit via the Provider Web Portal @ ataflorida.com/hs1portal or via fax to ATA-FL at 1-855-410-0121.

  1. Prescription or Referral Form
  2. A completed ATA-FL Intake Form (N/A to Providers using the Provider Web Portal) including 3 attestations
  3. POC with diagnosis signed/dated by the referring physician and/or Letter of Medical Necessity (LMN)
    • The Plan of Care must include the evaluation and the start and stop dates
    • The Plan of Care must include the Signature of the referring physician recorded on or after the recorded date of the treating therapist
    • The therapist that develops the POC must sign and date the document on the date it is completed. The therapist must sign and date the POC prior to the PCP’s signature and date. The PCP may sign and date the POC on the same date the therapist signs and dates the POC.
  4. Standardized Assessment Scores clearly denoted

CRITICALLY IMPORTANT: If any of the above elements are missing, ATA-FL will not approve the authorization request. Based on ATA-FL delegated responsibilities, the case will either be denied by ATA-FL or referred to the health plan with recommendation for denial.

Failure to provide all required documentation could result in the delay of treatment of your patient.Retrospective requests will not be authorized.

Plan of Care Documentation

  • ATA-FL will not accept ranges from providers when indicating the following in the Plan of Care: number of visits, the duration of the visit, or the duration of the treatment.
  • Acceptable examples
    • 2 visits per week
    • 30 mins per visit
    • 6 weeks of treatment
  • Unacceptable examples
    • 1 – 2 visits per week
    • 30 mins – 60 mins per visit
    • 4 – 6 weeks of treatment

Case Scenarios

When an ATA-FL clinician identifies a significant deviation in the Plan of Care from the range in number of visits according to the diagnosis, standardized test scores, Millman Clinical Guidelines and clinical record reviewed, the provider will be contacted.

Outcomes of Peer to Peer:

  • Approved - If after Peer to Peer, clinician agrees with Plan of Care, authorization is provided.
  • Provider agrees to withdraw current request and resubmit with documentation to support medical necessity.
  • Provider chooses NOT to withdraw the current request. Provider refuses to accept the level issued. Case is referred to the Medical Director. If the Medical Director is in agreement with the clinician, and based on ATA-FL delegated responsibilities, the case will either be denied by ATA-FL or referred to the health plan with recommendation for denial.

Request for an Upgrade of an Existing Authorization

  • ATA-FL will only issue authorizations for upgrades when a change in diagnosis or a change in test scores is submitted. (In rare clinical circumstances upgrades may be authorized without a change in either diagnosis or test scores.)
  • Upgrades will not be authorized retrospectively (after the treatment period).
  • The provider must submit the Upgrade request via fax to ATA-FL at 877-583-6440.
  • The Upgrade Request must include the following:
    • The completed ATA-FL Upgrade Request Form
    • New POC, signed/dated by the referring physician, in addition to the original Plan of Care.
    • Change in Standardized Test Scores or
    • Change in Medical Diagnosis
    • Documented patient progress in metrics/quantitative data

Review Process for an Upgrade Request

ATA-FL will submit the Upgrade request to a clinician (a licensed therapist in the same discipline) for review.

If Approved:

  • ATA-FL will modify the existing authorization to a higher level.
  • The provider will receive the authorization via facsimile with the Certification Number referencing the higher level.

If NOT Approved:

  • If medical necessity is not established based on the information received, a peer-to-peer consultation with a clinician is offered to the treating provider.
  • If after the peer-to-peer, a decision cannot be agreed upon, the request for an upgrade will be submitted to the Medical Director for review.

If the Medical Director is in agreement with the clinician, based on ATA-FL delegated responsibilities, the case will either be denied by ATA-FL or referred to the health plan with recommendation for denial.

How will we notify the treating provider of an authorization?

  • Via the Provider Web Portal at https://www.ataflorida.com/hs1portal
  • In addition, ATA-FL will fax the treating provider an authorization indicating the Level and the authorization period.
  • Expedited/Urgent Requests are completed within 24 hours for Medicaid members.
  • Authorization Requests Received without the 4 Critical Elements (Slide 7) will not be approved and will be referred to the health plan with recommendation for denial.

An expedited/urgent request is only warranted when applying the standard time (7 days) for making a determination could seriously jeopardize the enrollee’s health, life, or ability to regain maximum function.

Requesting a New Authorization After the Authorization Period Has Ended

If a member requires further therapy after the authorization period has expired, the provider may request another authorization, following the steps below:

  • Perform a re-evaluation of the patient to create a new POC with diagnosis signed/dated by the referring physician.
  • Request an authorization via the Provider Web Portal at https://www.ataflorida.com/hs1portal or via fax to ATA-FL at 1-855-410-0121 .
  • Submit the 4 Critical Elements as stated on Slide 7 including the re-evaluation and the following 5th item
  • Documented patient progress in metrics/quantitative data in the form of a progress Report, which demonstrates the patient’s progress to date. The Report must include comprehensive quantitative data regarding ALL goals targeted for the previous authorization period as established in the POC.

Requesting Authorizations for Multiple Therapy Disciplines

  • If a patient requires treatment for more than one type of therapy during the same treatment period, such as both Occupational and Speech Therapy, follow the steps outlined below:
    • Request two separate authorizations via the Provider Web Portal at https://www.ataflorida.com/hs1portal or via fax to ATA-FL at 1-855-410-0121.
    • All documentation requirements, including the 4 Critical Elements as outlined in Slide 7 must be included for both disciplines with each request.
    • All requests of this kind, for more than one therapy discipline, will be submitted to Clinicians for the review of medical necessity.
  • ATA-FL does not issue a separate episode level for symptoms or conditions associated with the main diagnosis. For example, for a therapy request for Status Post Total Knee Replacement, ATA-FL assigns a level according to date of surgery. Concurrent requests for pain, including back pain, gait, instability, muscle weakness, etc.; would be considered related to the main diagnosis, and ATA-FL will not issue a separate level.

Payment of Levels for Developmental Delay

Payment of Levels for Developmental Delay may result in a maximum of three (3) Level payments during the episode of care (180 days).

  • After receipt of the first claim encounter after issuance of the level by ATA-FL the first case rate will be paid to the rendering provider.
  • After receipt of the claims encounters during the initial sixty day period and after receipt of the first claim encounter following day 60 of the 180 day authorization period the second case rate will be paid. Payment of levels will be contingent upon the performance of services and receipt of encounters consistent with the Plan of Care.
  • After receipt of the claims encounters during the second sixty day period and after receipt of the first claim encounter following day 120 of the 180 day authorization period the third case rate will be paid. Payment of levels will be contingent upon the performance of services and receipt of encounters consistent with the Plan of Care.

Payment of Levels when Upgrade is Approved for Developmental Delay

  • If at any time during the 180 day treatment period the provider requests an Upgrade and ATA-FL increases the level assigned, the current level AND all subsequent levels will be paid at the higher level during the 180 day treatment period.
  • Upgrades may not be applied retrospectively (after the 180 day treatment period has ended).

Payment of Levels for Non-Developmental Delay

After receipt of the first claim encounter after issuance of the level by ATA-FL the case rate will be paid to the rendering provider.

Payment of Levels when Upgrade is Approved for Non-Developmental Delay

  • If ATA-FL approves an upgrade, the current level assigned will be increased.
  • The level increase will be paid after receipt of the next claim encounter within the 60 day treatment period.
  • Upgrades may not be applied retrospectively (after the 60 day treatment period has ended).

Provider Relations Territory Distribution

Rosanna Briggs
Provider Relations Representative
North Florida
T 386-898-1151
F 305-620-5973
BriggsR@healthnetworkone.com

Region 1: Escambia, Okaloosa, Santa Rosa, and Walton
Region 2 Bay, Calhoun, Franklin, Gadsden, Gulf, Holmes, Jackson, Jefferson, Leon, Liberty, Madison, Taylor, Wakulla, and Washington
Region 3: Alachua, Bradford, Citrus, Columbia, Dixie, Gilchrist, Hamilton, Hernando, Lafayette, Lake, Levy, Marion, Putnam, Sumter, Suwannee, and Union
Region 4: Baker, Clay, Duval, Flagler, Nassau, St. Johns, and Volusia


Luis Martinez
Provider Relations Representative
South Florida
Region 8: Charlotte, Collier, DeSoto, Glades, Hendry, Lee, and Sarasota
Region 9: Palm Beach
Region 10:Broward
Region 11: Miami-Dade and Monroe


April Jung
Provider Relations Representative
Central Florida
T 954-955-0738
F 305-620-5973
Region 5: Pasco and Pinellas
Region 6: Hardee, Highlands, Hillsborough, Manatee, and Polk
Region 7: Brevard, Orange, Osceola, and Seminole
Region 9: Indian River, Martin, Okeechobee, and St. Lucie

Important ATA-FL Contact Numbers

Jessica Quintana
Network Director
T 305-614-0100 Ext 4202
F 305-614-0369
QuintanaJ@healthnetworkone.com

Note: After reviewing the training material, please select the next training or if you have completed all trainings, please proceed to check the attestation checkbox below and then press SUBMIT.

To review the training material below, place your mouse over the training material to enable the scrolling feature (if you are on a mobile device, touch the training material to enable the scrolling feature).

2018 Supplemental Fraud, Waste, and Abuse and Compliance Training

(This is a text version of the presentation. Click Here for the print version)

Overview

This supplemental training is intended to provide you with the methods for reporting Compliance, Ethics, and Fraud Waste and Abuse violations (suspected or confirmed). You can report these violations to ATA of Florida directly, the Federal Government, or to the affected Health Plan(s). The methods for reporting to ATA of Florida and the affected Health Plan(s) are contained in the remaining slides of this presentation.

ATA of Florida Contact Information

Fraud, Waste, and Abuse Hotline

866-321-5550 (Toll-Free)
You can also file an anonymous report, if you want.

MAIL your report to:

Marjorie Henderson
Special Investigative Unit
2001 S. Andrews Avenue
Fort Lauderdale, Florida 33316

FAX your report to:

Attention: Marjorie Henderson
(866)276-3667
This is a dedicated Compliance line

E-MAIL your report to:

SIU@healthsystemone.com

To review the training material below, place your mouse over the training material to enable the scrolling feature (if you are on a mobile device, touch the training material to enable the scrolling feature).

Abuse, Neglect, Exploitation and Human Trafficking Provider Training

(This is a text version of the Training. Click Here for the print version)

Agenda

Page 2
  • Introduction
  • Physical abuse
  • Signs and symptoms of physical abuse
  • Sexual abuse
  • Signs and symptoms of sexual abuse
  • Emotional/psychological abuse
  • Signs and symptoms of emotional/psychological abuse
  • Neglect
  • Signs and symptoms of neglect
  • Abandonment
  • Signs and symptoms of abandonment
  • Financial or material exploitation
  • Signs of financial or material exploitation
  • Reporting abuse
  • Human sex trafficking
  • Signs of adult sex trafficking
  • Signs of child sex trafficking
  • Human labor trafficking
  • Signs of human labor trafficking
  • Reporting human trafficking

Introduction

Page 3

As part of our new Statewide Medicaid Managed Care Managed Medical Assistance contract, all direct-service providers are required to complete abuse, neglect and exploitation training to identify victims in human trafficking.

You, as a health care professional, can make a difference in the lives of thousands of victims by understanding the different forms of abuse, neglect, exploitation and human trafficking amongst our communities.

This training will provide guidance on what signs and symptoms to look for when interacting with members and how to report any concerns or findings that will help provide potential victims the resources they need.

Physical abuse

Page 4

Physical abuse is defined as the use of physical force that may result in bodily injury, physical pain or impairment.

Physical abuse may include but is not limited to such acts of violence as:

  • Striking (with or without an object)
  • Pushing
  • Slapping
  • Pinching
  • Shaking
  • Hitting
  • Shoving
  • Burning
  • Beating
  • Kicking

Inappropriate use of drugs and physical restraints, force-feeding and physical punishment of any kind also are examples of physical abuse.

Signs and symptoms of physical abuse

Page 5

Signs and symptoms of physical abuse include but are not limited to:

  • Bruises
  • Cuts
  • Signs of being restrained
  • Rope marks
  • Sprains
  • Skull fractures
  • Open wounds
  • Physical signs of being subjected to punishment
  • Lacerations
  • Open wounds
  • Sudden changes in behavior
  • Internal injuries/bleeding
  • Broken eyeglasses/frames
  • Welts
  • Untreated injuries in various stages of healing
  • Report of being hit, slapped, kicked or mistreated
  • Broken bones
  • The caregiver’s refusal to allow visitors to potential victim
  • Black eyes
  • Punctures
  • Laboratory findings of medication overdose or under utilization of prescribed drugs
  • Bone fractures
  • Dislocations

Sexual abuse

Page 6

Sexual abuse is defined as nonconsensual sexual contact of any kind. Sexual contact with any person incapable of giving consent is also considered sexual abuse.

It includes but is not limited to unwanted touching, all types of sexual assault or battery, such as rape, sodomy, coerced nudity and sexually explicit photographing.

Signs and symptoms of sexual abuse

Page 7

Signs and symptoms of sexual abuse include but are not limited to:

  • Bruises around the breasts or genital areas
  • Unexplained venereal disease or genital infections
  • Unexplained vaginal or anal bleeding
  • Torn, stained or bloody underclothing
  • A report of being sexually assaulted or raped

Emotional/psychological abuse

Page 8

Emotional or psychological abuse is defined as the infliction of anguish, pain or distress through verbal or nonverbal acts.

Emotional/psychological abuse includes but is not limited to verbal assaults, insults, threats, intimidation, humiliation and harassment.

In addition, isolating a person from his/her family, friends or regular activities; giving a person the silent treatment; and enforced social isolation are examples of emotional/psychological abuse.

Signs and symptoms of emotional/psychological abuse

Page 9

Signs and symptoms of emotional/psychological abuse include but are not limited to:

  • Being emotionally upset or agitated
  • Being extremely withdrawn and noncommunicative or nonresponsive
  • Unusual behavior usually attributed to dementia (for example, sucking, biting, rocking)
  • A report of being verbally or emotionally mistreated

Neglect

Page 10

Neglect is defined as the refusal or failure to fulfill any part of a person's obligations or duties. Neglect may also include failure of a person who has fiduciary responsibilities to provide care for a person (for example, pay for necessary home care services) or the failure on the part of an in-home service provider to provide necessary care.

Neglect typically means the refusal or failure to provide a person with such life necessities as food, water, clothing, shelter, personal hygiene, medicine, comfort, personal safety, and other essentials included in an implied or agreed-upon responsibility to a person.

Signs and symptoms of neglect

Page 11

Signs and symptoms of neglect include but are not limited to:

  • Dehydration, malnutrition, untreated bed sores and poor personal hygiene
  • Unattended or untreated health problems
  • Hazardous or unsafe living conditions/arrangements (for example, improper wiring, no heat or no running water)
  • Unsanitary and unclean living conditions (for example, dirt, fleas, lice on person, soiled bedding, fecal/urine smell, inadequate clothing)
  • A person’s report of being mistreated

Abandonment

Page 12

Abandonment is defined as the desertion of a person by an individual who has assumed responsibility for providing care or has custody.

Signs and symptoms of abandonment

Page 13

Signs and symptoms of abandonment include but are not limited to:

  • The desertion of a person in a hospital, nursing facility or other similar institution
  • The desertion of a person at a shopping center or other public location
  • Report of being abandoned

Financial or material exploitation

Page 14

Financial or material exploitation is defined as the illegal or improper use of a person’s funds, property or assets.

Examples include but are not limited to:

  • Cashing a person’s benefit check without authorization.
  • Forging a person’s signature.
  • Misusing or stealing a person’s money or possessions.
  • Deceiving a person into signing any document (for example, contracts or will).
  • Improper use of guardianship or power of attorney.

Signs of financial or material exploitation

Page 15

Signs and symptoms of financial or material exploitation include but are not limited to:

  • Sudden changes in bank account or banking practice, including an unexplained withdrawal of large sums of money by a person accompanying the victim
  • The inclusion of additional names on a person’s bank signature card
  • Unauthorized ATM card withdrawals
  • Abrupt changes in a will or other financial documents
  • Unexplained disappearance of funds or valuable possessions
  • Forged signature for financial transactions or for the titles of his/her possessions
  • Sudden appearance of previously uninvolved relatives claiming their rights to a person’s affairs and possessions
  • Unexplained sudden transfer of assets to a family member or someone outside the family
  • The provisions of services that are not necessary
  • A person’s report of financial exploitation

Please report abuse

Page 16

There are four ways to make a report:

Telephone
1-800-96ABUSE (22873)

Fax
1-800-914-0004

Florida Relay
711

TTY
1-800-955-8771

Web reporting
https://reportabuse.dcf.state.fl.us

Human sex trafficking

Page 17

Human sex trafficking: The recruitment, harboring, transportation, provision or obtaining of a person for a commercial sex act in which a commercial sex act is induced by force, fraud or coercion, or in which the person induced to perform such an act has not attained 18 years of age.

Signs of adult sex trafficking

Page 18

Physical signs

  • Multiple or recurrent STIs
  • Abnormally high number of sexual partners
  • Trauma to vagina and/or rectum
  • Impacted tampon in vagina
  • Signs of physical trauma
  • Somatization symptoms (recurring headaches, abdominal pain, etc.)
  • Suspicious tattoos or branding

Behavioral signs

  • Depressed mood/flat affect
  • Anxiety/hypervigilance/panic attacks
  • Affect dysregulation/irritability
  • Frequent emergency care visits
  • Unexplained/conflicting stories
  • Using language from “the life”
  • Signs of drug or alcohol abuse

Signs of child sex trafficking

Page 19

Physical signs

  • Pregnancy at young age
  • Evidence of abortions at young age
  • Early sexual initiation
  • Trauma to vagina and/or rectum
  • Symptoms of STIs and/or UTIs
  • Abnormal number of sexual partners for young age
  • Suspicious tattoos or branding

Behavioral signs

  • History of running away from home
  • or foster care placements
  • Truancy/stops attending school
  • Highly sexualized behavior or dress
  • Angry/aggressive with staff
  • Depressed mood/flat affect
  • Signs of drug or alcohol abuse

Human labor trafficking

Page 20

Labor trafficking: The recruitment, harboring, transportation, provision or obtaining of a person for labor or services through the use of force, fraud or coercion for the purpose of subjection to involuntary servitude, peonage, debt bondage or slavery.

Signs of human labor trafficking

Page 21

Physical signs

  • Musculoskeletal and ergonomic injuries
  • Malnutrition/dehydration
  • Lack of routine screening and preventive care
  • Poor dental hygiene
  • Untreated skin infections/inflammations
  • Injuries or illness from exposure to harmful chemicals/unsafe water
  • Ophthalmology issues or vision complaints
  • Somatization

Behavioral signs

  • Anxiety/panic attacks (for example, shortness of breath, chest pain)
  • Unexplained/conflicting stories
  • Overly vigilant or paranoid behavior
  • Inability/aversion to make decisions independent of employer
  • Inability/aversion to speak with out an interpreter
  • Affect dysregulation/irritability

Reporting human trafficking

Page 22

Patient presents at clinic with one or more trafficking indicators

Primary health and safety needs are met

  • Mandated reporting warranted or the patient wishes to report
  • Report to designated contacts and/or contact the NHTRC Hotline (1-888-373-7888)

Primary health and safety needs are met

  • Reporting not warranted and the patient does not wish to report
  • Provide referrals and contact the NHTRC Hotline (1-888-373-7888)

References and resources

Page 23
  • http://www.ncoa.org/public-policy-action/elder-justice/faqs-on-elder- abuse.html
  • http://www.dcf.state.fl.us/programs/abuse/howtoreport.shtml
  • http://www.iue.edu/area9/Elder-Abuse-Fact-Sheet.pdf
  • http://www.helpguide.org/mental/elder_abuse_physical_emotional_sexual_neglect.htm
  • http://elderaffairs.state.fl.us/doea/docs/APS_Training_for_Professionals_2 013.pdf
  • http://www.ncea.aoa.gov/ncearoot/Main_Site/index.aspx
  • http://www.napsa-now.org/policy-advocacy/eja-implementation/
  • http://gerontology.usc.edu/news-resources/news/what-is-the-elder- justice-act/
  • https://humantraffickinghotline.org/resources/recognizing-and- responding-human-trafficking-healthcare-context

Provider attestation

Page 24

  • Provider attestation is required.
  • Please print the next slide of this presentation attesting that you have
  • reviewed this presentation and have an understanding of the content.
  • Don’t forget your attestation on the next page.

Abuse, Neglect, Exploitation and Human Trafficking Provider Training Attestation

Page 25

As the below provider, I attest that my practice has reviewed the Abuse, Neglect, Exploitation and Human Trafficking presentation.

I understand:

This presentation and attestation are yearly requirements.

  • Provider name
  • ID#
  • Address
  • Phone
  • Fax
  • Signature
  • Date

Please sign and fax to [PR fax number].

Thank you

Page 26

www.simplyhealthcareplans.com/provider

www.clearhealthalliance.com/provider

Simply Healthcare Plans, Inc. is a Managed Care Plan with a Florida Medicaid contract. Clear Health Alliance is a Managed Care Plan with a Florida Medicaid contract.

SFLPEC-0738-19 February 2019

To review the training material below, place your mouse over the training material to enable the scrolling feature (if you are on a mobile device, touch the training material to enable the scrolling feature).

MEDICARE PARTS C & D

General Compliance Training Web-Based Training Course

(This is a text version of the Training. Click here for the print version)

TABLE OF CONTENTS

  • ACRONYMS
  • TITLE
  • INTRODUCTION
  • LESSON: COMPLIANCE PROGRAM TRAINING
  • POST-ASSESSMENT
  • APPENDIX A: RESOURCES
  • APPENDIX B: JOB AIDS

ACRONYMS

The following acronyms are used throughout the course.

  • CFR - Code of Federal Regulations
  • CMS - Centers for Medicare & Medicaid Services
  • FDR - First-tier, Downstream, and Related Entity
  • FWA - Fraud, Waste, and Abuse
  • HHS - U.S. Department of Health & Human Services
  • MA - Medicare Advantage
  • MAO - Medicare Advantage Organization
  • MA-PD - MA Prescription Drug
  • MLN - Medicare Learning Network®
  • OIG - Office of Inspector General
  • PDP - Prescription Drug Plan

INTRODUCTION PAGE 2

The Medicare Learning Network® (MLN) offers free educational materials for health care professionals on the Centers for Medicare & Medicaid Services (CMS) programs, policies, and initiatives. Get quick access to the information you need.

INTRODUCTION PAGE 3

This training assists Medicare Parts C and D plan Sponsors’ employees, governing body members, and their first-tier, downstream, and related entities (FDRs) to satisfy their annual general compliance training requirements in the regulations and sub-regulatory guidance at:

Completing this training in and of itself does not ensure a Sponsor has an “effective Compliance Program.” Sponsors and their FDRs are responsible for establishing and executing an effective compliance program according to the CMS regulations and program guidelines.

INTRODUCTION PAGE 4

Why Do I Need Training?

Every year, billions of dollars are improperly spent because of fraud, waste, and abuse (FWA). It affects everyone—including you. This training helps you detect, correct, and prevent FWA. You are part of the solution.

Compliance is everyone’s responsibility! As an individual who provides health or administrative services for Medicare enrollees, every action you take potentially affects Medicare enrollees, the Medicare Program, or the Medicare Trust Fund.

INTRODUCTION PAGE 5

Training Requirements: Plan Employees, Governing Body Members, and First-Tier, Downstream, or Related Entity (FDR) Employees

Certain training requirements apply to people involved in Medicare Parts C and D. All employees of Medicare Advantage Organizations (MAOs) and Prescription Drug Plans (PDPs) (collectively referred to in this course as “Sponsors”) must receive training about compliance with CMS program rules.

You may need to complete FWA training within 90 days of your initial hire. More information on other Medicare Parts C and D compliance trainings and answers to common questions is available on the CMS website. Please contact your management team for more information.

Learn more about Medicare Part C

Medicare Part C, or Medicare Advantage (MA), is a health insurance option available to Medicare beneficiaries. Private, Medicare-approved insurance companies run MA programs. These companies arrange for, or directly provide, health care services to the beneficiaries who enroll in an MA plan.

MA plans must cover all services Medicare covers with the exception of hospice care. They provide Part A and Part B benefits and may also include prescription drug coverage and other supplemental benefits.

Learn more about Medicare Part D

Medicare Part D, the Prescription Drug Benefit, provides prescription drug coverage to Medicare beneficiaries enrolled in Part A and/or Part B who enroll in a Medicare Prescription Drug Plan (PDP) or an MA Prescription Drug (MA-PD) plan. Medicare-approved insurance and other companies provide prescription drug coverage to individuals living in a plan’s service area.

INTRODUCTION PAGE 6

Navigating and Completing This Course

Anyone who provides health or administrative services to Medicare enrollees must satisfy general compliance and FWA training requirements. You may use this course to satisfy the general compliance training requirements.

This course consists of one lesson and a Post-Assessment. Successfully completing the course requires completing the lesson and scoring 70 percent or higher on the Post-Assessment. After successfully completing the Post-Assessment, you’ll get instructions to print your certificate. If you do not successfully complete the course, you can review the course material and retake the Post-Assessment.

This course uses cues at various times to provide additional information and functionality. For more information on using these cues, adjusting your screen resolution, and suggested browser settings, select “HELP”.

You do not have to complete this course in one session; however, you must complete the lesson before exiting the course. You can complete the entire course in about 25 minutes. After you successfully complete this course, you receive instructions on how to print your certificate.

INTRODUCTION PAGE 7

Course Objectives

After completing this course, you should correctly:

  • Recognize how a compliance program operates
  • Recognize how compliance program violations should be reported

Select the “MAIN MENU” button to return to the Main Menu. Then, select “Lesson: Compliance Program Training.”

LESSON: COMPLIANCE PROGRAM TRAINING


LESSON PAGE 1

Introduction and Learning Objectives

This lesson outlines effective compliance programs. It should take about 15 minutes to complete.

After completing this lesson, you should correctly:

  • Recognize how a compliance program operates
  • Recognize how compliance program violations should be reported

LESSON PAGE 2

Compliance Program Requirement

The Centers for Medicare & Medicaid Services (CMS) requires Sponsors to implement and maintain an effective compliance program for its Medicare Parts C and D plans. An effective compliance program must:

  • Articulate and demonstrate an organization’s commitment to legal and ethical conduct
  • Provide guidance on how to handle compliance questions and concerns
  • Provide guidance on how to identify and report compliance violations

LESSON PAGE 3

What Is an Effective Compliance Program?

An effective compliance program fosters a culture of compliance within an organization and, at a minimum:

  • Prevents, detects, and corrects non-compliance
  • Is fully implemented and is tailored to an organization’s unique operations and circumstances
  • Has adequate resources
  • Promotes the organization’s Standards of Conduct
  • Establishes clear lines of communication for reporting non-compliance

An effective compliance program is essential to prevent, detect, and correct Medicare non-compliance as well as fraud, waste, and abuse (FWA). It must, at a minimum, include the seven core compliance program requirements.

LESSON PAGE 4

Seven Core Compliance Program Requirements

CMS requires an effective compliance program to include seven core requirements:

  1. Written Policies, Procedures, and Standards of Conduct
    These articulate the Sponsor’s commitment to comply with all applicable Federal and State standards and describe compliance expectations according to the Standards of Conduct.
  2. Compliance Officer, Compliance Committee, and High-Level Oversight
    The Sponsor must designate a compliance officer and a compliance committee accountable and responsible for the activities and status of the compliance program, including issues identified, investigated, and resolved by the compliance program. The Sponsor’s senior management and governing body must be engaged and exercise reasonable oversight of the Sponsor’s compliance program.
  3. Effective Training and Education
    This covers the elements of the compliance plan as well as preventing, detecting, and reporting FWA. Tailor this training and education to the different employees and their responsibilities and job functions.
  4. Effective Lines of Communication
    Make effective lines of communication accessible to all, ensure confidentiality, and provide methods for anonymous and good-faith compliance issues reporting at Sponsor and first-tier, downstream, or related entity (FDR) levels.
  5. Well-Publicized Disciplinary Standards
    Sponsor must enforce standards through well-publicized disciplinary guidelines.
  6. Effective System for Routine Monitoring, Auditing, and Identifying Compliance Risks
    Conduct routine monitoring and auditing of Sponsor’s and FDR’s operations to evaluate compliance with CMS requirements as well as the overall effectiveness of the compliance program.
    NOTE: Sponsors must ensure FDRs performing delegated administrative or health care service functions concerning the Sponsor’s Medicare Parts C and D program comply with Medicare Program requirements.
  7. Procedures and System for Prompt Response to Compliance Issues
    The Sponsor must use effective measures to respond promptly to non-compliance and undertake appropriate corrective action.

LESSON PAGE 6

Compliance Training: Sponsors and Their FDRs

CMS expects all Sponsors will apply their training requirements and “effective lines of communication” to their FDRs. Having “effective lines of communication” means employees of the Sponsor and the Sponsor’s FDRs have several avenues to report compliance concerns.

LESSON PAGE 7

Ethics: Do the Right Thing!

As part of the Medicare Program, you must conduct yourself in an ethical and legal manner. It’s about doing the right thing!

  • Act fairly and honestly
  • Adhere to high ethical standards in all you do
  • Comply with all applicable laws, regulations, and CMS requirements
  • Report suspected violations

LESSON PAGE 8

How Do You Know What Is Expected of You?

Now that you’ve read the general ethical guidelines on the previous page, how do you know what is expected of you in a specific situation?

Standards of Conduct (or Code of Conduct) state the organization’s compliance expectations and their operational principles and values. Organizational Standards of Conduct vary. The organization should tailor the Standards of Conduct content to their individual organization’s culture and business operations. Ask management where to locate your organization’s Standards of Conduct.

Reporting Standards of Conduct violations and suspected non-compliance is everyone’s responsibility.

An organization’s Standards of Conduct and Policies and Procedures should identify this obligation and tell you how to report suspected non-compliance.

LESSON PAGE 9

What Is Non-Compliance?

Non-compliance is conduct that does not conform to the law, Federal health care program requirements, or an organization’s ethical and business policies. CMS identified the following Medicare Parts C and D high risk areas:

  • Agent/broker misrepresentation
  • Appeals and grievance review (for example, coverage and organization determinations)
  • Beneficiary notices
  • Conflicts of interest
  • Claims processing
  • Credentialing and provider networks
  • Documentation and Timeliness requirements
  • Ethics
  • FDR oversight and monitoring
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Marketing and enrollment
  • Pharmacy, formulary, and benefit administration
  • Quality of care

For more information, refer to the Compliance Program Guidelines in the Medicare Prescription Drug Benefit Manual and Medicare Managed Care Manual.

Know the Consequences of Non-Compliance

Failure to follow Medicare Program requirements and CMS guidance can lead to serious consequences, including:

  • Contract termination
  • Criminal penalties
  • Exclusion from participating in all Federal health care programs
  • Civil monetary penalties

Additionally, your organization must have disciplinary standards for non-compliant behavior. Those who engage in non-compliant behavior may be subject to any of the following:

  • Mandatory training or re-training
  • Disciplinary action
  • Termination

LESSON PAGE 10

NON-COMPLIANCE AFFECTS EVERYBODY

Without programs to prevent, detect, and correct non-compliance, we all risk:

Harm to beneficiaries, such as:

  • Delayed services
  • Denial of benefits
  • Difficulty in using providers of choice
  • Other hurdles to care

Less money for everyone, due to:

  • High insurance copayments
  • Higher premiums
  • Lower benefits for individuals and employers
  • Lower Star ratings
  • Lower profits

LESSON PAGE 11

How to Report Potential Non-Compliance

Employees of a Sponsor

  • Call the Medicare Compliance Officer
  • Make a report through your organization’s website
  • Call the Compliance Hotline

First-Tier, Downstream, or Related Entity (FDR) Employees

  • Talk to a Manager or Supervisor
  • Call your Ethics/Compliance Help Line
  • Report to the Sponsor

Beneficiaries

  • Call the Sponsor’s Compliance Hotline or Customer Service
  • Make a report through the Sponsor’s website
  • Call 1-800-Medicare

Don’t Hesitate to Report Non-Compliance

When you report suspected non-compliance in good faith, the Sponsor can’t retaliate against you.

Each Sponsor must offer reporting methods that are:

  • Anonymous
  • Confidential
  • Non-retaliatory

LESSON PAGE 12

What Happens After Non-Compliance Is Detected?

Non-compliance must be investigated immediately and corrected promptly.

Internal monitoring should ensure:

  • No recurrence of the same non-compliance
  • Ongoing CMS requirements compliance
  • Efficient and effective internal controls
  • Protected enrollees

LESSON PAGE 13

What Are Internal Monitoring and Audits?

Internal monitoring activities include regular reviews confirming ongoing compliance and taking effective corrective actions.

Internal auditing is a formal review of compliance with a particular set of standards (for example, policies, procedures, laws, and regulations) used as base measures.

LESSON PAGE 14

Lesson Summary

Organizations must create and maintain compliance programs that, at a minimum, meet the seven core requirements. An effective compliance program fosters a culture of compliance.

To help ensure compliance, behave ethically and follow your organization’s Standards of Conduct. Watch for common instances of non-compliance, and report suspected non-compliance.

Know the consequences of non-compliance, and help correct any non-compliance with a corrective action plan that includes ongoing monitoring and auditing.

Prevent: Operate within your organization’s ethical expectations to prevent non-compliance!

Detect & Report: Report detected potential non-compliance!

Correct:Correct non-compliance to protect beneficiaries and save money!

LESSON PAGE 15

Lesson Review

Now that you completed the lesson, let’s do a quick knowledge check. The Post-Assessment course score is unaffected by answering the following questions.

LESSON PAGE 16

Knowledge Check

Select the correct answer.

You discover an unattended email address or fax machine in your office receiving beneficiary appeals requests. You suspect no one is processing the appeals. What should you do?

  1. Contact law enforcement
  2. Nothing
  3. Contact your compliance department (via compliance hotline or other mechanism)
  4. Wait to confirm someone is processing the appeals before taking further action
  5. Contact your supervisor

CORRECT ANSWER - C

LESSON PAGE 17

Knowledge Check

Select the correct answer.

A sales agent, employed by the Sponsor’s first-tier, downstream, or related entity (FDR), submitted an application for processing and requested two things: 1) to back-date the enrollment date by one month, and 2) to waive all monthly premiums for the beneficiary. What should you do?

  1. Refuse to change the date or waive the premiums but decide not to mention the request to a supervisor or the compliance department
  2. Make the requested changes because the sales agent determines the beneficiary’s start date and monthly premiums
  3. Tell the sales agent you will take care of it but then process the application properly (without the requested revisions)—you will not file a report because you don’t want the sales agent to retaliate against you
  4. Process the application properly (without the requested revisions)—inform your supervisor and the compliance officer about the sales agent’s request
  5. Contact law enforcement and the Centers for Medicare & Medicaid Services (CMS) to report the sales agent’s behavior

CORRECT ANSWER - D

LESSON PAGE 18

Knowledge Check

Select the correct answer.

You work for a Sponsor. Last month, while reviewing a Centers for Medicare & Medicaid Services (CMS) monthly report, you identified multiple individuals not enrolled in the plan but for whom the Sponsor is paid. You spoke to your supervisor who said don’t worry about it. This month, you identify the same enrollees on the report again. What should you do?

  1. Decide not to worry about it as your supervisor instructed—you notified your supervisor last month and now it’s his responsibility
  2. Although you know about the Sponsor’s non-retaliation policy, you are still nervous about reporting—to be safe, you submit a report through your compliance department’s anonymous tip line to avoid identification
  3. Wait until the next month to see if the same enrollees appear on the report again, figuring it may take a few months for CMS to reconcile its records—if they are, then you will say something to your supervisor again
  4. Contact law enforcement and CMS to report the discrepancy
  5. Ask your supervisor about the discrepancy again

CORRECT ANSWER - B

LESSON PAGE 19

Knowledge Check

Select the correct answer.

You are performing a regular inventory of the controlled substances in the pharmacy. You discover a minor inventory discrepancy. What should you do?

  1. Call local law enforcement
  2. Perform another review
  3. Contact your compliance department (via compliance hotline or other mechanism)
  4. Discuss your concerns with your supervisor
  5. Follow your pharmacy’s procedures

CORRECT ANSWER - E

LESSON PAGE 20

You’ve completed the lesson!

Now that you have learned about compliance programs, it’s time to assess your knowledge. Select the “MAIN MENU” button to return to the course Main Menu. Then, select “Post-Assessment” to begin and complete the course.

POST-ASSESSMENT


POST-ASSESSMENT PAGE 1

Post-Assessment

This brief Post-Assessment asks 10 questions and should take about 10 minutes.

Choose an answer for each question by selecting the button next to your answer. You must select an answer before advancing to the next question. You can only move forward in the Post-Assessment, and you can only try each question once. You may change your answer for a question until you select the “SUBMIT ANSWER” button. After you submit your answer, feedback for the question and the “NEXT” button will appear. Select the “NEXT” button to continue. Do not select the “X” button in the right-hand corner of the window as this will cause you to exit the course without recording your progress.

You may print your score when you finish the Post-Assessment. After successfully completing the course, you can print a certificate. Successfully completing the course includes finishing all lessons, scoring 70 percent or higher on the Post-Assessment, and completing the course evaluation. Instructions on printing your certificate are available after you pass the Post-Assessment.

Select the “NEXT” button to begin the Post-Assessment.

POST-ASSESSMENT PAGE 2

Question 1 of 10

Select the correct answer.

Compliance is the responsibility of the Compliance Officer, Compliance Committee, and Upper Management only.

  1. True
  2. False

POST-ASSESSMENT PAGE 3

Question 2 of 10

Select the correct answer.

Ways to report a compliance issue include:

  1. Telephone hotlines
  2. Report on the Sponsor’s website
  3. In-person reporting to the compliance department/supervisor
  4. All of the above

POST-ASSESSMENT PAGE 4

Question 3 of 10

Select the correct answer.

What is the policy of non-retaliation?

  1. Allows the Sponsor to discipline employees who violate the Code of Conduct
  2. Prohibits management and supervisor from harassing employees for misconduct
  3. Protects employees who, in good faith, report suspected non-compliance
  4. Prevents fights between employees

POST-ASSESSMENT PAGE 5

Question 4 of 10

Select the correct answer.

These are examples of issues that can be reported to a Compliance Department: suspected fraud, waste, and abuse (FWA); potential health privacy violation, and unethical behavior/employee misconduct.

  1. True
  2. False

POST-ASSESSMENT PAGE 6

Question 5 of 10

Select the correct answer.

Once a corrective action plan begins addressing non-compliance or fraud, waste, and abuse (FWA) committed by a Sponsor’s employee or first-tier, downstream, or related entity’s (FDR’s) employee, ongoing monitoring of the corrective actions is not necessary.

  1. True
  2. False

POST-ASSESSMENT PAGE 7

Question 6 of 10

Select the correct answer.

Medicare Parts C and D plan Sponsors are not required to have a compliance program.

  1. True
  2. False

POST-ASSESSMENT PAGE 8

Question 7 of 10

Select the correct answer.

At a minimum, an effective compliance program includes four core requirements.

  1. True
  2. False

POST-ASSESSMENT PAGE 9

Question 8 of 10

Select the correct answer.

Standards of Conduct are the same for every Medicare Parts C and D Sponsor.

  1. True
  2. False

POST-ASSESSMENT PAGE 10

Question 9 of 10

Select the correct answer.

Correcting non-compliance ______________.

  1. Protects enrollees, avoids recurrence of the same non-compliance, and promotes efficiency
  2. Ensures bonuses for all employees
  3. Both A. and B.

POST-ASSESSMENT PAGE 11

Question 10 of 10

Select the correct answer.

What are some of the consequences for non-compliance, fraudulent, or unethical behavior?

  1. Disciplinary action
  2. Termination of employment
  3. Exclusion from participating in all Federal health care programs
  4. All of the above

APPENDIX A: RESOURCES


RESOURCES PAGE 1 OF 1

Disclaimers

This Web-Based Training (WBT) course was current at the time it was published or uploaded onto the web. Medicare policy changes frequently so links to the source documents have been provided within the course for your reference.

This course was prepared as a service to the public and is not intended to grant rights or impose obligations. This course may contain references or links to statutes, regulations, or other policy materials. The information provided is only intended to be a general summary. It is not intended to take the place of either the written law or regulations. We encourage readers to review the specific statutes, regulations, and other interpretive materials for a full and accurate statement of their contents.

The Medicare Learning Network® (MLN)

The Medicare Learning Network®, MLN Connects®, and MLN Matters® are registered trademarks of the U.S. Department of Health & Human Services (HHS).

Glossary

For glossary terms, visit the Centers for Medicare & Medicaid Services Glossary.

https://www.cms.gov/apps/glossary

APPENDIX B: JOB AIDS

Job Aid A: Seven Core Compliance Program Requirements

The Centers for Medicare & Medicaid Services (CMS) requires that an effective compliance program must include seven core requirements:

  1. Written Policies, Procedures, and Standards of Conduct
    These articulate the Sponsor’s commitment to comply with all applicable Federal and State standards and describe compliance expectations according to the Standards of Conduct.
  2. Compliance Officer, Compliance Committee, and High-Level Oversight
    The Sponsor must designate a compliance officer and a compliance committee to be accountable and responsible for the activities and status of the compliance program, including issues identified, investigated, and resolved by the compliance program. The Sponsor’s senior management and governing body must be engaged and exercise reasonable oversight of the Sponsor’s compliance program.
  3. Effective Training and Education
    This covers the elements of the compliance plan as well as prevention, detection, and reporting of fraud, waste, and abuse (FWA). This training and education should be tailored to the different responsibilities and job functions of employees.
  4. Effective Lines of Communication
    Effective lines of communication must be accessible to all, ensure confidentiality, and provide methods for anonymous and good-faith reporting of compliance issues at Sponsor and first-tier, downstream, or related entity (FDR) levels.
  5. Well-Publicized Disciplinary Standards
    Sponsor must enforce standards through well-publicized disciplinary guidelines.
  6. Effective System for Routine Monitoring, Auditing, and Identifying Compliance Risks
    Conduct routine monitoring and auditing of Sponsor’s and FDR’s operations to evaluate compliance with CMS requirements as well as the overall effectiveness of the compliance program.
    NOTE: Sponsors must ensure FDRs performing delegated administrative or health care service functions concerning the Sponsor’s Medicare Parts C and D program comply with Medicare Program requirements.
  7. Procedures and System for Prompt Response to Compliance Issues
    The Sponsor must use effective measures to respond promptly to non-compliance and undertake appropriate corrective action.

Job Aid B: Resources

Compliance Education Materials: Compliance 101

Health Care Fraud Prevention and Enforcement Action Team Provider Compliance Training

Office of Inspector General’s (OIG’s) Provider Self-Disclosure Protocol

Part C and Part D Compliance and Audits - Overview

Physician Self-Referral

Avoiding Medicare Fraud & Abuse: A Roadmap for Physicians

Safe Harbor Regulations

To review the training material below, place your mouse over the training material to enable the scrolling feature (if you are on a mobile device, touch the training material to enable the scrolling feature).

2019 Supplemental Fraud, Waste & Abuse Training

(This is a text version of the Training. Click Here for the print version)



OVERVIEW

  • This Supplemental FWA Training is being provided in conjunction with the following CMS training presentations:
    • Combating Medicare Parts C and D Fraud, Waste, and Abuse Web-Based Training Course
    • Medicare Parts C and D General Compliance Training Web-Based Training Course
  • This supplemental training is intended to provide you with the methods for reporting Compliance, Ethics, and Fraud Waste and Abuse violations (suspected or confirmed).
  • You can report these violations to directly, the State or Federal Government, or to the affected Health Plan(s).
  • The methods for reporting to , the State Government, and the affected Health Plan(s) are contained in the remaining slides.
    • The methods for reporting to the Federal Government are contained in the CMS training presentations.

Contact Information

Fraud, Waste, and Abuse Hotline:
866-321-5550 (Toll-Free)
You can also file an anonymous report, if you want.

You can MAIL your report to:
Marjorie Henderson
Special Investigative Unit (SIU)
2001 S. Andrews Avenue
Fort Lauderdale, Florida 33316

You can FAX your report to:
(866)276-3667
Attention: Marjorie Henderson
This is a dedicated Compliance line

You can EMAIL your report to:
SIU@healthsystemone.com


MMM of Florida Contact Information

Report ethical, compliance, fraud, waste and abuse violations in a confidential manner by accessing here:
https://mmm-fl.ethicspoint.com
844-481-4937 (Toll-Free)

You can MAIL your report to:
MMM of Florida
Special Investigative Unit (SIU)
5775 Blue Lagoon Drive, Suite 450
Miami, FL 33126-2591

Compliance Officer: Angel Tirado
Email: Angel.Tirado@mmm-fl.com
Phone: (786) 620-9391


State of Florida Contact Information

Medicaid Billing Fraud Office of Medicaid Program Integrity of the Inspector General
888-419-3456 (Toll-Free)

For provider fraud:
Office of Attorney General
866-966-7226 (Toll-Free)

For member fraud:
FL Dept of Financial Services
866-762-2237(Toll-Free)


MEDICARE PARTS C & D

Fraud, Waste, and Abuse Web-Based Training Course



TABLE OF CONTENTS

  • ACRONYMS - 3
  • TITLE - 4
  • INTRODUCTION - 5
  • LESSON 1: WHAT IS FWA? - 12
  • LESSON 2: YOUR ROLE IN THE FIGHT AGAINST FWA - 32
  • POST-ASSESSMENT - 55
  • APPENDIX A: RESOURCES - 66
  • APPENDIX B: JOB AIDS - 68

ACRONYMS

The following acronyms are used throughout the course.

ACRONYM DEFINITION
CFR Code of Federal Regulations
CMS Centers for Medicare & Medicaid Services
EPLS Excluded Parties List System
FCA False Claims Act
FDRs First-tier, Downstream, and Related Entities
FWA Fraud, Waste, and Abuse
HIPAA Health Insurance Portability and Accountability Act
LEIE List of Excluded Individuals and Entities
MA Medicare Advantage
MAC Medicare Administrative Contractor
MLN Medicare Learning Network®
NPI National Provider Identifier
OIG Office of Inspector General
PBM Pharmacy Benefits Manager
WBT Web-Based Training

INTRODUCTION

INTRODUCTION PAGE 1

The Combating Medicare Parts C and D Fraud, Waste, and Abuse course is brought to you by the Medicare Learning Network®

INTRODUCTION PAGE 2

The Medicare Learning Network® (MLN) offers free educational materials for health care professionals on the Centers for Medicare & Medicaid Services (CMS) programs, policies, and initiatives. Get quick access to the information you need.

INTRODUCTION PAGE 3

This training assists Medicare Parts C and D plan Sponsors' employees, governing body members, and their first-tier, downstream, and related entities (FDRs) to satisfy their annual fraud, waste, and abuse (FWA) training requirements in the regulations and sub- regulatory guidance at:

Sponsors and their FDRs are responsible for providing additional specialized or refresher training on issues posing FWA risks based on the employee's job function or business setting.

INTRODUCTION PAGE 4

Why Do I Need Training?

Every year billions of dollars are improperly spent because of FWA. It affects everyone—including you. This training will help you detect, correct, and prevent FWA. You are part of the solution.

Combating FWA is everyone's responsibility! As an individual who provides health or administrative services for Medicare enrollees, every action you take potentially affects Medicare enrollees, the Medicare Program, or the Medicare Trust Fund.

INTRODUCTION PAGE 5

Training Requirements: Plan Employees, Governing Body Members, and First-Tier, Downstream, or Related Entity (FDR) Employees

Certain training requirements apply to people involved in Medicare Parts C and D. All employees of Medicare Advantage Organizations (MAOs) and Prescription Drug Plans (PDPs) (collectively referred to in this course as “Sponsors”) must receive training for preventing, detecting, and correcting FWA.

FWA training must occur within 90 days of initial hire and at least annually thereafter.

More information on other Medicare Parts C and D compliance trainings and answers to common questions is available on the CMS website.

Learn more about Medicare Part C

Medicare Part C, or Medicare Advantage (MA), is a health insurance option available to Medicare beneficiaries. Private, Medicare-approved insurance companies run MA programs. These companies arrange for, or directly provide, health careservices to the beneficiaries who enroll in an MA plan.

Learn more about Medicare Part D

Medicare Part D, the Prescription Drug Benefit, provides prescription drug coverage to Medicare beneficiaries enrolled in Part A and/or Part B who enroll in a Medicare Prescription Drug Plan (PDP) or an MA Prescription Drug (MA-PD) plan. Medicare approved insurance and other companies provide prescription drug coverage to individuals living in a plan’s service area.

INTRODUCTION PAGE 6

Navigating and Completing This Course

Anyone providing health or administrative services to Medicare enrollees must satisfy general compliance and FWA training requirements. You may use this WBT course to satisfy the FWA requirements.

Visit the Resources page for disclaimers, a glossary, and frequently asked questions (FAQs). You may find this information useful as you proceed through this course.

INTRODUCTION PAGE 8

Course Objectives

When you complete this course, you should correctly:

  • Recognize FWA in the Medicare Program
  • Identify the major laws and regulations pertaining to FWA
  • Recognize potential consequences and penalties associated with violations
  • Identify methods of preventing FWA
  • Identify how to report FWA
  • Recognize how to correct FWA

Select the “MAIN MENU” button to return to the Main Menu. Then, select “Lesson 1: What Is FWA?”

LESSON 1: WHAT IS FWA?

LESSON 1 PAGE 1

Lesson 1: Introduction and Learning Objectives

This lesson describes fraud, waste, and abuse (FWA) and the laws that prohibit it. It should take about 10 minutes to complete. Upon completing the lesson, you should be able to correctly:

  • Recognize FWA in the Medicare Program
  • Identify the major laws and regulations pertaining to FWA
  • Recognize potential consequences and penalties associated with violations
LESSON 1 PAGE 2

Fraud

Fraud is knowingly and willfully executing, or attempting to execute, a scheme or artifice to defraud any health care benefit program or to obtain, by means of false or fraudulent pretenses, representations, or promises, any of the money or property owned by, or under the custody or control of, any health care benefit program.

The Health Care Fraud Statute makes it a criminal offense to knowingly and willfully execute a scheme to defraud a health care benefit program. Health care fraud is punishable by imprisonment up to 10 years. It is also subject to criminal fines up to $250,000.

In other words, fraud is intentionally submitting false information to the Government or a Government contractor to get money or a benefit.

LESSON 1 PAGE 3

Waste and Abuse

For the definitions of fraud, waste, and abuse, refer to Section 20, Chapter 21 of the Medicare Managed Care Manual and Chapter 9 of the Prescription Drug Benefit Manual on the Centers for Medicare & Medicaid Services (CMS) website.

Waste includes practices that, directly or indirectly, result in unnecessary costs to the Medicare Program, such as overusing services. Waste is generally not considered to be caused by criminally negligent actions but rather by the misuse of resources.

Abuse includes actions that may, directly or indirectly, result in unnecessary costs to the Medicare Program. Abuse involves paying for items or services when there is no legal entitlement to that payment, and the provider has not knowingly or intentionally misrepresented facts to obtain payment.

LESSON 1 PAGE 4

Examples of FWA

Examples of actions that may constitute Medicare fraud include:

  • Knowingly billing for services not furnished or supplies not provided, including billing Medicare for appointments the patient failed to keep
  • Billing for nonexistent prescriptions
  • Knowingly altering claim forms, medical records, or receipts to receive a higher payment

Examples of actions that may constitute Medicare waste include:

  • Conducting excessive office visits or writing excessive prescriptions
  • Prescribing more medications than necessary for treating a specific condition
  • Ordering excessive laboratory tests

Examples of actions that may constitute Medicare abuse include:

  • Unknowingly billing for unnecessary medical services
  • Unknowingly billing for brand name drugs when generics are dispensed
  • Unknowingly excessively charging for services or supplies
  • Unknowingly misusing codes on a claim, such as upcoding or unbundling codes
LESSON 1 PAGE 5

Differences Among Fraud, Waste, and Abuse

There are differences among fraud, waste, and abuse. One of the primary differences is intent and knowledge. Fraud requires intent to obtain payment and the knowledge the actions are wrong. Waste and abuse may involve obtaining an improper payment or creating an unnecessary cost to the Medicare Program but do not require the same intent and knowledge.

LESSON 1 PAGE 6

Understanding FWA

To detect FWA, you need to know the law.

The following pages provide high-level information about the following laws:

  • Civil False Claims Act, Health Care Fraud Statute, and Criminal Fraud
  • Anti-Kickback Statute
  • Stark Statute (Physician Self-Referral Law)
  • Exclusion from all Federal health care programs
  • Health Insurance Portability and Accountability Act (HIPAA)

For details about specific laws, such as safe harbor provisions, consult the applicable statute and regulations.

LESSON 1 PAGE 7

Civil False Claims Act (FCA)

The civil provisions of the FCA make a person liable to pay damages to the Government if he or she knowingly:

  • Conspires to violate the FCA
  • Carries out other acts to obtain property from the Government by misrepresentation
  • Conceals or improperly avoids or decreases an obligation to pay the Government
  • Makes or uses a false record or statement supporting a false claim
  • Presents a false claim for payment or approval

For more information, refer to 31 United States Code (USC) Sections 3729–3733.

Damages and Penalties

Any person who knowingly submits false claims to the Government is liable for three times the Government's damages caused by the violator plus a penalty.

A Medicare Part C plan in Florida:

  • Hired an outside company to review medical records to find additional diagnosis codes it could submit to increase risk capitation payments from CMS
  • Was informed by the outside company that certain diagnosis codes previously submitted to Medicare were
  • undocumented or unsupported
  • Failed to report the unsupported diagnosis codes to Medicare
  • Agreed to pay $22.6 million to settle FCA allegations

The owner-operator of a medical clinic in California:

  • Used marketers to recruit individuals for medically unnecessary office visits
  • Promised free, medically unnecessary equipment or free food to entice individuals
  • Charged Medicare more than $1.7 million for the scheme
  • Was sentenced to 37 months in prison
LESSON 1 PAGE 8

Civil FCA (continued)

Whistleblowers

A whistleblower is a person who exposes information or activity that is deemed illegal, dishonest, or violates professional or clinical standards.

Protected: Persons who report false claims or bring legal actions to recover money paid on false claims are protected from retaliation.

Rewarded: Persons who bring a successful whistleblower lawsuit receive at least 15 percent, but not more than 30 percent, of the money collected.

LESSON 1 PAGE 9

Health Care Fraud Statute

The Health Care Fraud Statute states, “Whoever knowingly and willfully executes, or attempts to execute, a scheme or artifice to defraud any health care benefit program … shall be fined under this title or imprisoned not more than 10 years, or both.”

Conviction under the statute does not require proof the violator had knowledge of the law or specific intent to violate the law. For more information, refer to 18 USC Sections 1346–1347.

A Pennsylvania pharmacist:

  • Submitted claims to a Medicare Part D plan for non-existent prescriptions and drugs not dispensed
  • Pleaded guilty to health care fraud
  • Received a 15-month prison sentence and was ordered to pay more than $166,000 in restitution to the plan

The owner of multiple Durable Medical Equipment (DME) companies in New York:

  • Falsely represented themselves as one of a nonprofit health maintenance organization’s (that administered a
  • Medicare Advantage plan) authorized vendors
  • Provided no DME to any beneficiaries as claimed
  • Submitted almost $1 million in false claims to the nonprofit; $300,000 was paid
  • Pleaded guilty to one count of conspiracy to commit health care fraud
LESSON 1 PAGE 10

Criminal Health Care Fraud

Persons who knowingly make a false claim may be subject to:

  • Criminal fines up to $250,000
  • Imprisonment for up to 20 years

If the violations resulted in death, the individual may be imprisoned for any term of years or for life. For more information, refer to 18 USC Section 1347

LESSON 1 PAGE 11

Anti-Kickback Statute

The Anti-Kickback Statute prohibits knowingly and willfully soliciting, receiving, offering, or paying remuneration (including any kickback, bribe, or rebate) for referrals for services that are paid, in whole or in part, under a Federal health care program (including the Medicare Program).

For more information, refer to 42 USC Section 1320a-7b(b).

Damages and Penalties

Violations are punishable by:

  • A fine up to $25,000
  • Imprisonment up to 5 years

For more information, refer to the Social Security Act (the Act), Section 1128B(b).

EXAMPLE

From 2012 through 2015, a physician operating a pain management practice in Rhode Island:

  • Conspired to solicit and receive kickbacks for prescribing a highly addictive version of the opioid Fentanyl
  • Reported patients had breakthrough cancer pain to secure insurance payments
  • Received $188,000 in speaker fee kickbacks from the drug manufacturer
  • Admitted the kickback scheme cost Medicare and other payers more than $750,000

The physician must pay more than $750,000 restitution and is awaiting sentencing.

LESSON 1 PAGE 12

Stark Statute (Physician Self-Referral Law)

The Stark Statute prohibits a physician from making referrals for certain designated health services to an entity when the physician (or a member of his or her family) has:

  • An ownership/investment interest or
  • A compensation arrangement

Exceptions may apply. For more information, refer to 42 USC Section 1395nn.

Damages and Penalties

Medicare claims tainted by an arrangement that does not comply with the Stark Statute are not payable. A penalty of around $24,250 can be imposed for each service provided. There may also be around a $161,000 fine for entering into an unlawful arrangement or scheme.

For more information, visit the Physician Self-Referral webpage and refer to the Act, Section 1877.

EXAMPLE

A California hospital was ordered to pay more than $3.2 million to settle Stark Law violations for maintaining 97 financial relationships with physicians and physician groups outside the fair market value standards or that were improperly documented as exceptions.

LESSON 1 PAGE 13

Civil Monetary Penalties (CMP) Law

The Office of Inspector General (OIG) may impose civil penalties for several reasons, including:

  • Arranging for services or items from an excluded individual or entity
  • Providing services or items while excluded
  • Failing to grant OIG timely access to records
  • Knowing of and failing to report and return an overpayment
  • Making false claims
  • Paying to influence referrals

For more information, refer to 42 USC 1320a-7a and the Act, Section 1128A(a).

Damages and Penalties

The penalties can be around $15,000 to $70,000 depending on the specific violation. Violators are also subject to three times the amount:

  • Claimed for each service or item or
  • Of remuneration offered, paid, solicited, or received

EXAMPLE

A California pharmacy and its owner agreed to pay over $1.3 million to settle allegations they submitted unsubstantiated claims to Medicare Part D for brand name prescription drugs the pharmacy could not have dispensed based on inventory records.

LESSON 1 PAGE 14

Exclusion

No Federal health care program payment may be made for any item or service furnished, ordered, or prescribed by an individual or entity excluded by the OIG. The OIG has authority to exclude individuals and entities from federally funded health care programs and maintains the List of Excluded Individuals and Entities (LEIE).

The U.S. General Services Administration (GSA) administers the Excluded Parties List System (EPLS), which contains debarment actions taken by various Federal agencies, including the OIG. You may access the EPLS on the System for Award Management (SAM) website.

When looking for excluded individuals or entities, check both the LEIE and the EPLS since the lists are not the same. For more information, refer to 42 USC Section 1320a-7 and 42 Code of Federal Regulations (CFR) Section 1001.1901

EXAMPLE

A pharmaceutical company pleaded guilty to two felony counts of criminal fraud related to failure to file required reports with the U.S. Food and Drug Administration concerning oversized morphine sulfate tablets. The pharmaceutical firm executive was excluded based on the company’s guilty plea. At the time the unconvicted executive was excluded, there was evidence he was involved in misconduct leading to the company’s conviction.

LESSON 1 PAGE 15

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA created greater access to health care insurance, strengthened the protection of privacy of health care data, and promoted standardization and efficiency in the health care industry.

HIPAA safeguards deter unauthorized access to protected health care information. As an individual with access to protected health care information, you must comply with HIPAA.

For more information, visit the HIPAA webpage.

Damages and Penalties

Violations may result in Civil Monetary Penalties. In some cases, criminal penalties may apply.

EXAMPLE

A former hospital employee pleaded guilty to criminal HIPAA charges after obtaining protected health information with the intent to use it for personal gain. He was sentenced to 12 months and 1 day in prison.

LESSON 1 PAGE 16

Lesson 1 Summary

There are differences among fraud, waste, and abuse (FWA). One of the primary differences is intent and knowledge. Fraud requires the person have intent to obtain payment and the knowledge his or her actions are wrong. Waste and abuse may involve obtaining an improper payment but not the same intent and knowledge.

Laws and regulations exist that prohibit FWA. Penalties for violating these laws may include:

  • Civil Monetary Penalties
  • Civil prosecution
  • Criminal conviction, fines, or both
  • Exclusion from all Federal health care program participation
  • Imprisonment
  • Loss of professional license
LESSON 1 PAGE 17

Lesson 1 Review

Now that you completed Lesson 1, let's do a quick knowledge check. Your Post-Assessment score is unaffected by the following questions.

LESSON 1 PAGE 18

Knowledge Check

Select the correct answer.

Which of the following requires intent to obtain payment and the knowledge the actions are wrong?

  1. Fraud
  2. Abuse
  3. Waste

Correct Answer (A)

LESSON 1 PAGE 19

Knowledge Check

Select the correct answer.

Which of the following is NOT potentially a penalty for violation of a law or regulation prohibiting fraud, waste, and abuse (FWA)?

  1. Civil Monetary Penalties
  2. Deportation
  3. Exclusion from participation in all Federal health care programs

Correct Answer (B)

LESSON 1 PAGE 20

You completed Lesson 1: What Is FWA?

Now that you have learned about FWA and the laws and regulations prohibiting it, let's look closer at your role in the fight against FWA.

LESSON 2: YOUR ROLE IN THE FIGHT AGAINST FWA

LESSON 2 PAGE 1

Lesson 2: Introduction and Learning Objectives

This lesson explains the role you can play in fighting against fraud, waste, and abuse (FWA), including your responsibilities for preventing, reporting, and correcting FWA. It should take about 10 minutes to complete. Upon completing the lesson, you should correctly:

  • Identify methods of preventing FWA
  • Identify how to report FWA
  • Recognize how to correct FWA
LESSON 2 PAGE 2

Where Do I Fit In?

As a person providing health or administrative services to a Medicare Part C or Part D enrollee, you are likely an employee of a:

  • Sponsor (Medicare Advantage Organization [MAO] or a Prescription Drug Plan [PDP])
  • First-tier entity (Examples: Pharmacy Benefit Management [PBM]; hospital or health care facility; provider group; doctor's office; clinical laboratory; customer service provider; claims processing and adjudication company; a company that handles enrollment, disenrollment, and membership functions; and contracted sales agents)
  • Downstream entity (Examples: pharmacies, doctor's office, firms providing agent/broker services, marketing firms, and call centers)
  • Related entity (Examples: Entity with common ownership or control of a Sponsor, health promotion provider, or SilverSneakers®)
LESSON 2 PAGE 3

Where Do I Fit In? (continued)

I am an employee of a Part C Plan Sponsor or an employee of a Part C Plan Sponsor's first-tier or downstream entity.

The Part C Plan Sponsor is a CMS Contractor. Part C Plan Sponsors may enter into contracts with FDRs. This stakeholder relationship flow chart shows examples of functions relating to the Sponsor's Medicare Part C contracts. First-tier and related entities of the Medicare Part C Plan Sponsor may contract with downstream entities to fulfill their contractual obligations to the Sponsor.

Examples of first-tier entities may be independent practices, call centers, health services/hospital groups, fulfillment vendors, field marketing organizations, and credentialing organizations. If the first-tier entity is an independent practice, then a provider could be a downstream entity. If the first-tier entity is a health service/hospital group, then radiology, hospital, or mental health facilities may be the downstream entity. If the first-tier entity is a field marketing organization, then agents may be the downstream entity. Downstream entities may contract with other downstream entities. Hospitals and mental health facilities may contract with providers.

I am an employee of a Part D Plan Sponsor or an employee of a Part D Plan Sponsor's first-tier or downstream entity.

The Part D Plan Sponsor is a CMS Contractor. Part D Plan Sponsors may enter into contracts with FDRs. This stakeholder relationship flow chart shows examples of functions that relate to the Sponsor's Medicare Part D contracts. First-tier and related entities of the Part D Plan Sponsor may contract with downstream entities to fulfill their contractual obligations to the Sponsor.

Examples of first-tier entities include call centers, PBMs, and field marketing organizations. If the first-tier entity is a PBM, then the pharmacy, marketing firm, quality assurance firm, and claims processing firm could be downstream entities. If the first-tier entity is a field marketing organization, then agents could be a downstream entity.

LESSON 2 PAGE 4

What Are Your Responsibilities?

You play a vital part in preventing, detecting, and reporting potential FWA, as well as Medicare noncompliance.

  • FIRST, you must comply with all applicable statutory, regulatory, and other Medicare Part C or Part D requirements, including adopting and using an effective compliance
  • SECOND, you have a duty to the Medicare Program to report any compliance concerns and suspected or actual violations of which you may be
  • THIRD, you have a duty to follow your organization's Code of Conduct that articulates your and your organization's commitment to standards of conduct and ethical rules of
LESSON 2 PAGE 5

How Do You Prevent FWA?

  • Look for suspicious activity
  • Conduct yourself in an ethical manner
  • Ensure accurate and timely data and billing
  • Ensure coordination with other payers
  • Know FWA policies and procedures, standards of conduct, laws, regulations, and CMS' guidance
  • Verify all received information
LESSON 2 PAGE 6

Stay Informed About Policies and Procedures

Know your entity's policies and procedures.

Every Sponsor and First-Tier, Downstream, and Related Entity (FDR) must have policies and procedures that address FWA. These procedures should help you detect, prevent, report, and correct FWA.

Standards of Conduct should describe the Sponsor's expectations that:

  • All employees conduct themselves in an ethical manner
  • Appropriate mechanisms are in place for anyone to report noncompliance and potential FWA
  • Reported issues will be addressed and corrected

Standards of Conduct communicate to employees and FDRs compliance is everyone's responsibility, from the top of the organization to the bottom.

LESSON 2 PAGE 7

Report FWA

Everyone must report suspected instances of FWA. Your Sponsor's Code of Conduct should clearly state this obligation. Sponsors may not retaliate against you for making a good faith effort in reporting.

Report any potential FWA concerns you have to your compliance department or your Sponsor's compliance department. Your Sponsor's compliance department will investigate and make the proper determination. Often, Sponsors have a Special Investigations Unit (SIU) dedicated to investigating FWA. They may also maintain an FWA Hotline.

Every Sponsor must have a mechanism for reporting potential FWA by employees and FDRs. Each Sponsor must accept anonymous reports and cannot retaliate against you for reporting.

Review your organization's materials for the ways to report FWA.

When in doubt, call your Compliance Department or FWA Hotline.

LESSON 2 PAGE 8

Reporting FWA Outside Your Organization

If warranted, Sponsors and FDRs must report potentially fraudulent conduct to Government authorities, such as the Office of Inspector General (OIG), the U.S. Department of Justice (DOJ), or CMS.

Individuals or entities who wish to voluntarily disclose self-discovered potential fraud to OIG may do so under the Self-Disclosure Protocol (SDP). Self-disclosure gives providers the opportunity to avoid the costs and disruptions associated with a Government- directed investigation and civil or administrative litigation.

Details to Include When Reporting FWA

When reporting suspected FWA, include:

  • Contact information for the information source, suspects, and witnesses
  • Alleged FWA details
  • Alleged Medicare rules violated
  • The suspect's history of compliance, education, training, and communication with your organization or other entities

WHERE TO REPORT FWA

HHS Office of Inspector General:

  • Phone: 1-800-HHS-TIPS (1-800-447-8477) or TTY 1-800-377-4950
  • Fax: 1-800-223-8164
  • Email: HHSTips@oig.hhs.gov
  • Online: Forms.OIG.hhs.gov/hotlineoperations/index.aspx

For Medicare Parts C and D:

  • Investigations Medicare Drug Integrity Contractor (I MEDIC) at 1-877-7SafeRx (1-877-772-3379)

For all other Federal health care programs:

  • CMS Hotline at 1-800-MEDICARE (1-800-633-4227) or TTY 1-877-486-2048

Medicare beneficiary website

LESSON 2 PAGE 9

Correction

Once fraud, waste, or abuse is detected, promptly correct it. Correcting the problem saves the Government money and ensures your compliance with CMS requirements.

Develop a plan to correct the issue. Ask your organization's compliance officer about the development process for the corrective action plan. The actual plan is going to vary, depending on the specific circumstances. In general:

  • Design the corrective action to correct the underlying problem that results in FWA program violations and to prevent future noncompliance.
  • Tailor the corrective action to address the particular FWA, problem, or deficiency identified. Include timeframes for specific actions.
  • Document corrective actions addressing noncompliance or FWA committed by a Sponsor's employee or FDR's employee, and include consequences for failure to satisfactorily complete the corrective
  • Monitor corrective actions continuously to ensure

Corrective Action Examples

Corrective actions may include:

  • Adopting new prepayment edits or document review requirements
  • Conducting mandated training
  • Providing educational materials
  • Revising policies or procedures
  • Sending warning letters
  • Taking disciplinary action, such as suspension of marketing, enrollment, or payment
  • Terminating an employee or provider
LESSON 2 PAGE 10

Indicators of Potential FWA

Now that you know about your role in preventing, reporting, and correcting FWA, let's review some key indicators to help you recognize the signs of someone committing FWA.

The following pages present potential FWA issues. Each page provides questions to ask yourself about different areas, depending on your role as an employee of a Sponsor, pharmacy, or other entity involved in delivering Medicare Parts C and D benefits to enrollees.

LESSON 2 PAGE 11

Key Indicators: Potential Beneficiary Issues

  • Does the prescription, medical record, or laboratory test look altered or possibly forged?
  • Does the beneficiary's medical history support the services requested?
  • Have you filled numerous identical prescriptions for this beneficiary, possibly from different doctors?
  • Is the person receiving the medical service the beneficiary (identity theft)?
  • Is the prescription appropriate based on the beneficiary's other prescriptions?
LESSON 2 PAGE 12

Key Indicators: Potential Provider Issues

  • Are the provider's prescriptions appropriate for the member's health condition (medically necessary)?
  • Does the provider bill the Sponsor for services not provided?
  • Does the provider write prescriptions for diverse drugs or primarily for controlled substances?
  • Is the provider performing medically unnecessary services for the member?
  • Is the provider prescribing a higher quantity than medically necessary for the condition?
  • Does the provider's prescription have their active and valid National Provider Identifier on it?
  • Is the provider's diagnosis for the member supported in the medical record?
LESSON 2 PAGE 13

Key Indicators: Potential Pharmacy Issues

  • Are drugs being diverted (drugs meant for nursing homes, hospice, and other entities being sent elsewhere)?
  • Are the dispensed drugs expired, fake, diluted, or illegal?
  • Are generic drugs provided when the prescription requires dispensing brand drugs?
  • Are PBMs billed for unfilled or never picked up prescriptions?
  • Are proper provisions made if the entire prescription is not filled (no additional dispensing fees for split prescriptions)?
  • Do you see prescriptions being altered (changing quantities or Dispense As Written)?
LESSON 2 PAGE 14

Key Indicators: Potential Wholesaler Issues

  • Is the wholesaler distributing fake, diluted, expired, or illegally imported drugs?
  • Is the wholesaler diverting drugs meant for nursing homes, hospices, and Acquired Immune Deficiency Syndrome (AIDS) clinics, marking up the prices, and sending to other smaller wholesalers or pharmacies?
LESSON 2 PAGE 15

Key Indicators: Potential Manufacturer Issues

  • Does the manufacturer promote off-label drug usage?
  • Does the manufacturer knowingly provide samples to entities that bill Federal health care programs for them?
LESSON 2 PAGE 16

Key Indicators: Potential Sponsor Issues

  • Does the Sponsor encourage or support inappropriate risk adjustment submissions?
  • Does the Sponsor lead the beneficiary to believe the cost of benefits is one price, when the actual cost is higher?
  • Does the Sponsor offer beneficiaries cash inducements to join the plan?
  • Does the Sponsor use unlicensed agents?
LESSON 2 PAGE 17

Lesson 2 Summary

  • As a person providing health or administrative services to a Medicare Part C or D enrollee, you play a vital role in preventing fraud, waste, and abuse (FWA). Conduct yourself ethically, stay informed of your organization's policies and procedures, and keep an eye out for key indicators of potential
  • Report potential FWA. Every Sponsor must have a mechanism for reporting potential FWA. Each Sponsor must accept anonymous reports and cannot retaliate against you for
  • Promptly correct identified FWA with an effective corrective action
LESSON 2 PAGE 18

Lesson 2 Review

Now that you completed Lesson 2, let's do a quick knowledge check. Your Post-Assessment score is unaffected by the following questions.

LESSON 2 PAGE 19

Knowledge Check

Select the correct answer.

A person drops off a prescription for a beneficiary who is a “regular” customer. The prescription is for a controlled substance with a quantity of 160. This beneficiary normally receives a quantity of 60, not 160. You review the prescription and have concerns about possible forgery. What is your next step?

  1. Fill the prescription for 160
  2. Fill the prescription for 60
  3. Call the prescriber to verify the quantity
  4. Call the Sponsor's compliance department
  5. Call law enforcement

Correct Answer (C)

LESSON 2 PAGE 20

Knowledge Check

Select the correct answer.

Your job is to submit a risk diagnosis to the Centers for Medicare & Medicaid Services (CMS) for the purpose of payment. As part of this job, you use a process to verify the data is accurate. Your immediate supervisor tells you to ignore the Sponsor's process and to adjust or add risk diagnosis codes for certain individuals. What should you do?

  1. Do what your immediate supervisor asked you to do and adjust or add risk diagnosis codes
  2. Report the incident to the compliance department (via compliance hotline or other mechanism)
  3. Discuss your concerns with your immediate supervisor
  4. Call law enforcement

Correct Answer (B)

LESSON 2 PAGE 21

Knowledge Check

Select the correct answer.

You are in charge of paying claims submitted by providers. You notice a certain diagnostic provider (“Doe Diagnostics”) requested a substantial payment for a large number of members. Many of these claims are for a certain procedure. You review the same type of procedure for other diagnostic providers and realize Doe Diagnostics' claims far exceed any other provider you reviewed. What should you do?

  1. Call Doe Diagnostics and request additional information for the claims
  2. Consult with your immediate supervisor for next steps or contact the compliance department (via compliance hotline, Special Investigations Unit [SIU], or other mechanism)
  3. Reject the claims
  4. Pay the claims

Correct Answer (B)

LESSON 2 PAGE 22

Knowledge Check

Select the correct answer.

You are performing a regular inventory of the controlled substances in the pharmacy. You discover a minor inventory discrepancy. What should you do?

  1. Call local law enforcement
  2. Perform another review
  3. Contact your compliance department (via compliance hotline or other mechanism)
  4. Discuss your concerns with your supervisor
  5. Follow your pharmacy's procedures

Correct Answer (E)

LESSON 2 PAGE 23

You completed Lesson 2: Your Role in the Fight Against FWA

Now that you have learned how to fight FWA, it's time to assess your knowledge.

POST-ASSESSMENT

POST-ASSESSMENT PAGE 1

Post-Assessment

This brief Post-Assessment asks 10 questions and should take about 10 minutes. Select the "NEXT" button to begin the Post-Assessment.

POST-ASSESSMENT PAGE 2

Question 1 of 10

Select the correct answer.

Once a corrective action plan is started, the corrective actions must be monitored annually to ensure they are effective.

  1. True
  2. False
POST-ASSESSMENT PAGE 3

Question 2 of 10

Select the best answer.

Ways to report potential fraud, waste, and abuse (FWA) include:

  1. Telephone hotlines
  2. Mail drops
  3. In-person reporting to the compliance department/supervisor
  4. Special Investigations Units (SIUs)
  5. All of the above
POST-ASSESSMENT PAGE 4

Question 3 of 10

Select the correct answer.

Any person who knowingly submits false claims to the Government is liable for five times the Government's damages caused by the violator plus a penalty.

  1. True
  2. False
POST-ASSESSMENT PAGE 5

Question 4 of 10

Select the correct answer.

These are examples of issues that should be reported to a Compliance Department: suspected fraud, waste, and abuse (FWA); potential health privacy violation; unethical behavior; and employee misconduct.

  1. True
  2. False
POST-ASSESSMENT PAGE 6

Question 5 of 10

Select the correct answer.

Bribes or kickbacks of any kind for services that are paid under a Federal health care program (which includes Medicare) constitute fraud by the person making as well as the person receiving them.

  1. True
  2. False
POST-ASSESSMENT PAGE 7

Question 6 of 10

Select the correct answer.

Waste includes any misuse of resources, such as the overuse of services or other practices that, directly or indirectly, result in unnecessary costs to the Medicare Program.

  1. True
  2. False
POST-ASSESSMENT PAGE 8

Question 7 of 10

Select the correct answer.

Abuse involves payment for items or services when there is no legal entitlement to that payment and the provider has not knowingly or intentionally misrepresented facts to obtain payment.

  1. True
  2. False
POST-ASSESSMENT PAGE 9

Question 8 of 10

Select the correct answer.

Some of the laws governing Medicare Parts C and D fraud, waste, and abuse (FWA) include the Health Insurance Portability and Accountability Act (HIPAA), the False Claims Act, the Anti-Kickback Statute, and the Health Care Fraud Statute.

  1. True
  2. False
POST-ASSESSMENT PAGE 10

Question 9 of 10

Select the correct answer.

You can help prevent fraud, waste, and abuse (FWA) by doing all of the following:

  • Look for suspicious activity
  • Conduct yourself in an ethical manner
  • Ensure accurate and timely data and billing
  • Ensure you coordinate with other payers
  • Keep up to date with FWA policies and procedures, standards of conduct, laws, regulations, and the Centers for Medicare & Medicaid Services (CMS) guidance
  • Verify all information provided to you
  1. True
  2. False
POST-ASSESSMENT PAGE 11

Question 10 of 10

Select the best answer.

What are some of the penalties for violating fraud, waste, and abuse (FWA) laws?

  1. Civil Monetary Penalties
  2. Imprisonment
  3. Exclusion from participation in all Federal health care programs
  4. All of the above

APPENDIX A: RESOURCES

RESOURCES PAGE 1 OF 1

Disclaimers

This Web-Based Training (WBT) course was current at the time it was published or uploaded onto the web. Medicare policy changes frequently so links to the source documents have been provided within the course for your reference.

This course was prepared as a service to the public and is not intended to grant rights or impose obligations. This course may contain references or links to statutes, regulations, or other policy materials. The information provided is only intended to be a general summary. It is not intended to take the place of either the written law or regulations. We encourage readers to review the specific statutes, regulations, and other interpretive materials for a full and accurate statement of their contents.

The Medicare Learning Network® (MLN)

The Medicare Learning Network®, MLN Connects®, and MLN Matters® are registered trademarks of the U.S. Department of Health & Human Services (HHS).

Glossary

For glossary terms, visit the Centers for Medicare & Medicaid Services Glossary.

Centers for Medicare & Medicaid Services Glossary

APPENDIX B: JOB AIDS

Job Aid A: Applicable Laws for Reference


Job Aid B: Resources


Job Aid C: Where to Report Fraud, Waste, and Abuse (FWA)

HHS Office of Inspector General:

  • Phone: 1-800-HHS-TIPS (1-800-447-8477) or TTY 1-800-377-4950
  • Fax: 1-800-223-8164
  • Email: HHSTips@oig.hhs.gov
  • Online: Forms.OIG.hhs.gov/hotlineoperations/index.aspx

For Medicare Parts C and D:

  • Investigations Medicare Drug Integrity Contractor (I MEDIC) at 1-877-7SafeRx (1-877-772-3379)

For all other Federal health care programs:

  • CMS Hotline at 1-800-MEDICARE (1-800-633-4227) or TTY 1-877-486-2048

HHS and U.S. Department of Justice (DOJ): Medicare.gov/forms-help-and-resources/help-fight-medicare-fraud



Medicare Parts C and D General Compliance Training Web-Based Training Course

TABLE OF CONTENTS

  • ACRONYMS - 3
  • TITLE - 4
  • INTRODUCTION - 5
  • LESSON: COMPLIANCE PROGRAM TRAINING - 12
  • APPENDIX A: RESOURCES - 44
  • APPENDIX B: JOB AIDS - 46

ACRONYMS

The following acronyms are used throughout the course.

  • CFR — Code of Federal Regulations
  • CMS — Centers for Medicare & Medicaid Services
  • FDR — First-tier, Downstream, and Related Entity
  • FWA — Fraud, Waste, and Abuse
  • HHS — U.S. Department of Health & Human Services
  • MA — Medicare Advantage
  • MAO — Medicare Advantage Organization
  • MA-PD — MA Prescription Drug
  • MLN — Medicare Learning Network®
  • OIG — Office of Inspector General
  • PDP — Prescription Drug Plan

TITLE

Medicare Parts C and D General Compliance Training

INTRODUCTION PAGE 1

INTRODUCTION

The Medicare Parts C and D General Compliance Training course is brought to you by the Medicare Learning Network®

INTRODUCTION PAGE 2

The Medicare Learning Network® (MLN) offers free educational materials for health care professionals on the Centers for Medicare & Medicaid Services (CMS) programs, policies, and initiatives. Get quick access to the information you need.

INTRODUCTION PAGE 3

This training assists Medicare Parts C and D plan Sponsors' employees, governing body members, and their first-tier, downstream, and related entities (FDRs) to satisfy their annual general compliance training requirements in the regulations and sub-regulatory guidance at:

Completing this training in and of itself does not ensure a Sponsor has an “effective Compliance Program.” Sponsors and their FDRs are responsible for establishing and executing an effective compliance program according to the CMS regulations and program guidelines.

INTRODUCTION PAGE 4

Why Do I Need Training?

Every year, billions of dollars are improperly spent because of fraud, waste, and abuse (FWA). It affects everyone—including you. This training helps you detect, correct, and prevent FWA. You are part of the solution.

Compliance is everyone's responsibility! As an individual who provides health or administrative services for Medicare enrollees, every action you take potentially affects Medicare enrollees, the Medicare Program, or the Medicare Trust Fund.

INTRODUCTION PAGE 5

Training Requirements: Plan Employees, Governing Body Members, and First-Tier, Downstream, or Related Entity (FDR) Employees

Certain training requirements apply to people involved in Medicare Parts C and D. All employees of Medicare Advantage Organizations (MAOs) and Prescription Drug Plans (PDPs) (collectively referred to in this course as “Sponsors”) must receive training about compliance with CMS program rules.

You may need to complete FWA training within 90 days of your initial hire. More information on other Medicare Parts C and D compliance trainings and answers to common questions is available on the CMS website. Please contact your management team for more information.

Learn more about Medicare Part C

Medicare Part C, or Medicare Advantage (MA), is a health insurance option available to Medicare beneficiaries. Private, Medicare-approved insurance companies run MA programs. These companies arrange for, or directly provide, health care services to the beneficiaries who enroll in an MA plan.

MA plans must cover all services Medicare covers with the exception of hospice care. They provide Part A and Part B benefits and may also include prescription drug coverage and other supplemental benefits.

Learn more about Medicare Part D

Medicare Part D, the Prescription Drug Benefit, provides prescription drug coverage to Medicare beneficiaries enrolled in Part A and/or Part B who enroll in a Medicare Prescription Drug Plan (PDP) or an MA Prescription Drug (MA-PD) plan. Medicareapproved insurance and other companies provide prescription drug coverage to individuals living in a plan’s service area.

INTRODUCTION PAGE 6

Navigating and Completing This Course

Anyone who provides health or administrative services to Medicare enrollees must satisfy general compliance and FWA training requirements. You may use this course to satisfy the general compliance training requirements.

This course consists of one lesson and a Post-Assessment. Successfully completing the course requires completing the lesson and scoring 70 percent or higher on the Post-Assessment. After successfully completing the Post-Assessment, you'll get instructions to print your certificate. If you

do not successfully complete the course, you can review the course material and retake the Post-Assessment.

This course uses cues at various times to provide additional information and functionality. For more information on using these cues, adjusting your screen resolution, and suggested browser settings, select “HELP”.

You do not have to complete this course in one session; however, you must complete the lesson before exiting the course. You can complete the entire course in about 25 minutes. After you successfully complete this course, you receive instructions on how to print your certificate.

Visit the Resources page for disclaimers, a glossary, and frequently asked questions (FAQs). You may find this information useful as you proceed through this course.

INTRODUCTION PAGE 7

Course Objectives

After completing this course, you should correctly:

  • Recognize how a compliance program operates
  • Recognize how compliance program violations should be reported

LESSON: COMPLIANCE PROGRAM TRAINING

LESSON PAGE 1

Introduction and Learning Objectives

This lesson outlines effective compliance programs. It should take about 15 minutes to complete. After completing this lesson, you should correctly:

  • Recognize how a compliance program operates
  • Recognize how compliance program violations should be reported
LESSON PAGE 2

Compliance Program Requirement

The Centers for Medicare & Medicaid Services (CMS) requires Sponsors to implement and maintain an effective compliance program for its Medicare Parts C and D plans. An effective compliance program must:

  • Articulate and demonstrate an organization's commitment to legal and ethical conduct
  • Provide guidance on how to handle compliance questions and concerns
  • Provide guidance on how to identify and report compliance violations
LESSON PAGE 3

What Is an Effective Compliance Program?

An effective compliance program fosters a culture of compliance within an organization and, at a minimum:

  • Prevents, detects, and corrects non-compliance
  • Is fully implemented and is tailored to an organization's unique operations and circumstances
  • Has adequate resources
  • Promotes the organization's Standards of Conduct
  • Establishes clear lines of communication for reporting non-compliance

An effective compliance program is essential to prevent, detect, and correct Medicare non-compliance as well as fraud, waste, and abuse (FWA). It must, at a minimum, include the seven core compliance program requirements.

LESSON PAGE 4

Seven Core Compliance Program Requirements

CMS requires an effective compliance program to include seven core requirements:

  1. Written Policies, Procedures, and Standards of Conduct

    These articulate the Sponsor’s commitment to comply with all applicable Federal and State standards and describe compliance expectations according to the Standards of Conduct.

  2. Compliance Officer, Compliance Committee, and High-Level Oversight

    The Sponsor must designate a compliance officer and a compliance committee accountable and responsible for the activities and status of the compliance program, including issues identified, investigated, and resolved by the compliance program.

    The Sponsor's senior management and governing body must be engaged and exercise reasonable oversight of the Sponsor's compliance program.

  3. Effective Training and Education

    This covers the elements of the compliance plan as well as preventing, detecting, and reporting FWA. Tailor this training and education to the different employees and their responsibilities and job functions.
LESSON PAGE 5

Seven Core Compliance Program Requirements (continued)

  1. Effective Lines of Communication

    Make effective lines of communication accessible to all, ensure confidentiality, and provide methods for anonymous and good- faith compliance issues reporting at Sponsor and first-tier, downstream, or related entity (FDR) levels.

  2. Well-Publicized Disciplinary Standards

    Sponsor must enforce standards through well-publicized disciplinary guidelines.

  3. Effective System for Routine Monitoring, Auditing, and Identifying Compliance Risks

    Conduct routine monitoring and auditing of Sponsor's and FDR's operations to evaluate compliance with CMS requirements as well as the overall effectiveness of the compliance program.

    NOTE: Sponsors must ensure FDRs performing delegated administrative or health care service functions concerning the Sponsor's Medicare Parts C and D program comply with Medicare Program requirements.

  4. Procedures and System for Prompt Response to Compliance Issues

    The Sponsor must use effective measures to respond promptly to non-compliance and undertake appropriate corrective action.

LESSON PAGE 6

Compliance Training: Sponsors and Their FDRs

CMS expects all Sponsors will apply their training requirements and “effective lines of communication” to their FDRs. Having “effective lines of communication” means employees of the Sponsor and the Sponsor's FDRs have several avenues to report compliance concerns.

LESSON PAGE 7

Ethics: Do the Right Thing!

As part of the Medicare Program, you must conduct yourself in an ethical and legal manner. It's about doing the right thing!

  • Act fairly and honestly
  • Adhere to high ethical standards in all you do
  • Comply with all applicable laws, regulations, and CMS requirements
  • Report suspected violations
LESSON PAGE 8

How Do You Know What Is Expected of You?

Now that you've read the general ethical guidelines on the previous page, how do you know what is expected of you in a specific situation?

Standards of Conduct (or Code of Conduct) state the organization's compliance expectations and their operational principles and values. Organizational Standards of Conduct vary. The organization should tailor the Standards of Conduct content to their individual organization's culture and business operations. Ask management where to locate your organization's Standards of Conduct.

Reporting Standards of Conduct violations and suspected non-compliance is everyone's responsibility.

An organization's Standards of Conduct and Policies and Procedures should identify this obligation and tell you how to report suspected non-compliance.

LESSON PAGE 9

What Is Non-Compliance?

Non-compliance is conduct that does not conform to the law, Federal health care program requirements, or an organization's ethical and business policies. CMS identified the following Medicare Parts C and D high risk areas:

  • Agent/broker misrepresentation
  • Appeals and grievance review (for example, coverage and organization determinations)
  • Beneficiary notices
  • Conflicts of interest
  • Claims processing
  • Credentialing and provider networks
  • Documentation and Timeliness requirements
  • Ethics
  • FDR oversight and monitoring
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Marketing and enrollment
  • Pharmacy, formulary, and benefit administration
  • Quality of care

For more information, refer to the Compliance Program Guidelines in the Medicare Prescription Drug Benefit Manual and Medicare Managed Care Manual.

Know the Consequences of Non-Compliance

Failure to follow Medicare Program requirements and CMS guidance can lead to serious consequences, including:

  • Contract termination
  • Criminal penalties
  • Exclusion from participating in all Federal health care programs
  • Civil monetary penalties

Additionally, your organization must have disciplinary standards for non-compliant behavior. Those who engage in noncompliant behavior may be subject to any of the following:

  • Mandatory training or re-training
  • Disciplinary action
  • Termination
LESSON PAGE 10

NON-COMPLIANCE AFFECTS EVERYBODY

Without programs to prevent, detect, and correct non-compliance, we all risk:

Harm to beneficiaries, such as:

  • Delayed services
  • Denial of benefits
  • Difficulty in using providers of choice
  • Other hurdles to care

Less money for everyone, due to:

  • High insurance copayments
  • Higher premiums
  • Lower benefits for individuals and employers
  • Lower Star ratings
  • Lower profits
LESSON PAGE 11

How to Report Potential Non-Compliance

Employees of a Sponsor

  • Call the Medicare Compliance Officer
  • Make a report through your organization’s website
  • Call the Compliance Hotline

First-Tier, Downstream, or Related Entity (FDR) Employees

  • Talk to a Manager or Supervisor
  • Call your Ethics/Compliance Help Line
  • Report to the Sponsor

Beneficiaries

  • Call the Sponsor’s Compliance Hotline or Customer Service
  • Make a report through the Sponsor’s website
  • Call 1-800-Medicare

Don't Hesitate to Report Non-Compliance

When you report suspected non-compliance in good faith, the Sponsor can't retaliate against you.

Each Sponsor must offer reporting methods that are:

  • Anonymous
  • Confidential
  • Non-retaliatory
LESSON PAGE 12

What Happens After Non-Compliance Is Detected?

Non-compliance must be investigated immediately and corrected promptly. Internal monitoring should ensure:

  • No recurrence of the same non-compliance
  • Ongoing CMS requirements compliance
  • Efficient and effective internal controls
  • Protected enrollees
LESSON PAGE 13

What Are Internal Monitoring and Audits?

Internal monitoring activities include regular reviews confirming ongoing compliance and taking effective corrective actions.

Internal auditing is a formal review of compliance with a particular set of standards (for example, policies, procedures, laws, and regulations) used as base measures.

LESSON PAGE 14

Lesson Summary

Organizations must create and maintain compliance programs that, at a minimum, meet the seven core requirements. An effective compliance program fosters a culture of compliance.

To help ensure compliance, behave ethically and follow your organization's Standards of Conduct. Watch for common instances of non-compliance, and report suspected non-compliance.

Know the consequences of non-compliance, and help correct any non- compliance with a corrective action plan that includes ongoing monitoring and auditing.

Compliance Is Everyone's Responsibility!

  • Prevent: Operate within your organization’s ethical expectations to prevent non-compliance!
  • Detect & Report: Report detected potential noncompliance!
  • Correct: Correct non-compliance to protect beneficiaries and save money
LESSON PAGE 15

Lesson Review

Now that you completed the lesson, let's do a quick knowledge check. The Post-Assessment course score is unaffected by answering the following questions.

LESSON PAGE 16

Knowledge Check

Select the correct answer.

You discover an unattended email address or fax machine in your office receiving beneficiary appeals requests. You suspect no one is processing the appeals. What should you do?

  1. Contact law enforcement
  2. Nothing
  3. Contact your compliance department (via compliance hotline or other mechanism)
  4. Wait to confirm someone is processing the appeals before taking further action
  5. Contact your supervisor

Answer (C)

LESSON PAGE 17

Knowledge Check

Select the correct answer.

A sales agent, employed by the Sponsor's first-tier, downstream, or related entity (FDR), submitted an application for processing and requested two things: 1) to back-date the enrollment date by one month, and 2) to waive all monthly premiums for the beneficiary.

What should you do?

  1. Refuse to change the date or waive the premiums but decide not to mention the request to a supervisor or the compliance department
  2. Make the requested changes because the sales agent determines the beneficiary's start date and monthly premiums
  3. Tell the sales agent you will take care of it but then process the application properly (without the requested revisions)—you will not file a report because you don't want the sales agent to retaliate against you
  4. Process the application properly (without the requested revisions)—inform your supervisor and the compliance officer about the sales agent's request
  5. Contact law enforcement and the Centers for Medicare & Medicaid Services (CMS) to report the sales agent's behavior

Answer (D)

LESSON PAGE 18

Knowledge Check

Select the correct answer.

You work for a Sponsor. Last month, while reviewing a Centers for Medicare & Medicaid Services (CMS) monthly report, you identified multiple individuals not enrolled in the plan but for whom the Sponsor is paid. You spoke to your supervisor who said don't worry about it. This month, you identify the same enrollees on the report again. What should you do?

  1. Decide not to worry about it as your supervisor instructed—you notified your supervisor last month and now it's his responsibility
  2. Although you know about the Sponsor's non-retaliation policy, you are still nervous about reporting—to be safe, you submit a report through your compliance department's anonymous tip line to avoid identification
  3. Wait until the next month to see if the same enrollees appear on the report again, figuring it may take a few months for CMS to reconcile its records—if they are, then you will say something to your supervisor again
  4. Contact law enforcement and CMS to report the discrepancy
  5. Ask your supervisor about the discrepancy again

Answer (B)

LESSON PAGE 19

Knowledge Check

Select the correct answer.

You are performing a regular inventory of the controlled substances in the pharmacy. You discover a minor inventory discrepancy. What should you do?

  1. Call local law enforcement
  2. Perform another review
  3. Contact your compliance department (via compliance hotline or other mechanism)
  4. Discuss your concerns with your supervisor
  5. Follow your pharmacy's procedures

Answer (E)

LESSON PAGE 20

You've completed the lesson!

Now that you have learned about compliance programs, it's time to assess your knowledge.

POST-ASSESSMENT

POST-ASSESSMENT PAGE 1

Post-Assessment

This brief Post-Assessment asks 10 questions and should take about 10 minutes.

Choose an answer for each question by selecting the button next to your answer. You must select an answer before advancing to the next question. You can only move forward in the Post-Assessment, and you can only try each question once. You may change your answer for a question until you select the “SUBMIT ANSWER” button. After you submit your answer, feedback for the question and the “NEXT” button will appear. Select the “NEXT” button to continue. Do not select the “X” button in the right-hand corner of the window as this will cause you to exit the course without recording your progress.

You may print your score when you finish the Post-Assessment. After successfully completing the course, you can print a certificate. Successfully completing the course includes finishing all lessons, scoring 70 percent or higher on the Post-Assessment, and completing the course evaluation. Instructions on printing your certificate are available after you pass the Post-Assessment.

Select the “NEXT” button to begin the Post-Assessment.

POST-ASSESSMENT PAGE 2

Question 1 of 10

Select the correct answer.

Compliance is the responsibility of the Compliance Officer, Compliance Committee, and Upper Management only.

  1. True
  2. False
POST-ASSESSMENT PAGE 3

Question 2 of 10

Select the correct answer.

Ways to report a compliance issue include:

  1. Telephone hotlines
  2. Report on the Sponsor's website
  3. In-person reporting to the compliance department/supervisor
  4. All of the above
POST-ASSESSMENT PAGE 4

Question 3 of 10

Select the correct answer.

What is the policy of non-retaliation?

  1. Allows the Sponsor to discipline employees who violate the Code of Conduct
  2. Prohibits management and supervisor from harassing employees for misconduct
  3. Protects employees who, in good faith, report suspected non-compliance
  4. Prevents fights between employees
POST-ASSESSMENT PAGE 5

Question 4 of 10

Select the correct answer.

These are examples of issues that can be reported to a Compliance Department: suspected fraud, waste, and abuse (FWA); potential health privacy violation, and unethical behavior/employee misconduct.

  1. True
  2. False
POST-ASSESSMENT PAGE 6

Question 5 of 10

Select the correct answer.

Once a corrective action plan begins addressing non-compliance or fraud, waste, and abuse (FWA) committed by a Sponsor's employee or first-tier, downstream, or related entity's (FDR's) employee, ongoing monitoring of the corrective actions is not necessary.

  1. True
  2. False
POST-ASSESSMENT PAGE 7

Question 6 of 10

Select the correct answer.

Medicare Parts C and D plan Sponsors are not required to have a compliance program.

  1. True
  2. False
POST-ASSESSMENT PAGE 8

Question 7 of 10

Select the correct answer.

At a minimum, an effective compliance program includes four core requirements.

  1. True
  2. False
POST-ASSESSMENT PAGE 9

Question 8 of 10

Select the correct answer.

Standards of Conduct are the same for every Medicare Parts C and D Sponsor.

  1. True
  2. False
POST-ASSESSMENT PAGE 10

Question 9 of 10

Select the correct answer.

Correcting non-compliance _____.

  1. Protects enrollees, avoids recurrence of the same non-compliance, and promotes efficiency
  2. Ensures bonuses for all employees
  3. Both A. and B.
POST-ASSESSMENT PAGE 11

Question 10 of 10

Select the correct answer.

What are some of the consequences for non-compliance, fraudulent, or unethical behavior?

  1. Disciplinary action
  2. Termination of employment
  3. Exclusion from participating in all Federal health care programs
  4. All of the above

APPENDIX A: RESOURCES

RESOURCES PAGE 1 OF 1

Disclaimers

This Web-Based Training (WBT) course was current at the time it was published or uploaded onto the web. Medicare policy changes frequently so links to the source documents have been provided within the course for your reference.

This course was prepared as a service to the public and is not intended to grant rights or impose obligations. This course may contain references or links to statutes, regulations, or other policy materials. The information provided is only intended to be a general summary. It is not intended to take the place of either the written law or regulations. We encourage readers to review the specific statutes, regulations, and other interpretive materials for a full and accurate statement of their contents.

The Medicare Learning Network® (MLN)

The Medicare Learning Network®, MLN Connects®, and MLN Matters® are registered trademarks of the U.S. Department of Health & Human Services (HHS).

Glossary

For glossary terms, visit the Centers for Medicare & Medicaid Services Glossary.

APPENDIX B: JOB AIDS

Job Aid A: Seven Core Compliance Program Requirements

The Centers for Medicare & Medicaid Services (CMS) requires that an effective compliance program must include seven core requirements:

  1. Written Policies, Procedures, and Standards of Conduct

    These articulate the Sponsor's commitment to comply with all applicable Federal and State standards and describe compliance expectations according to the Standards of Conduct.

  2. Compliance Officer, Compliance Committee, and High-Level Oversight

    The Sponsor must designate a compliance officer and a compliance committee to be accountable and responsible for the activities and status of the compliance program, including issues identified, investigated, and resolved by the compliance program.

    The Sponsor's senior management and governing body must be engaged and exercise reasonable oversight of the Sponsor's compliance program.

  3. Effective Training and Education

    This covers the elements of the compliance plan as well as prevention, detection, and reporting of fraud, waste, and abuse (FWA). This training and education should be tailored to the different responsibilities and job functions of employees.

  4. Effective Lines of Communication

    Effective lines of communication must be accessible to all, ensure confidentiality, and provide methods for anonymous and good- faith reporting of compliance issues at Sponsor and first-tier, downstream, or related entity (FDR) levels.

  5. Well-Publicized Disciplinary Standards

    Sponsor must enforce standards through well-publicized disciplinary guidelines.

  6. Effective System for Routine Monitoring, Auditing, and Identifying Compliance Risks

    Conduct routine monitoring and auditing of Sponsor's and FDR's operations to evaluate compliance with CMS requirements as well as the overall effectiveness of the compliance program.

    NOTE: Sponsors must ensure FDRs performing delegated administrative or health care service functions concerning the Sponsor's Medicare Parts C and D program comply with Medicare Program requirements.

  7. Procedures and System for Prompt Response to Compliance Issues

    The Sponsor must use effective measures to respond promptly to non-compliance and undertake appropriate corrective action.

Job Aid B: Resources

To review the training material below, place your mouse over the training material to enable the scrolling feature (if you are on a mobile device, touch the training material to enable the scrolling feature).

HIPAA Basics for Provider: Privacy, Security, and Breach Notification Rules

(This is a text version of the Training. Click here for the print version)


The Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules protect the privacy and security of health information and provide individuals with certain rights to their health information. You play a vital role in protecting the privacy and security of patient information. This fact sheet discusses:

  • The Privacy Rule, which sets national standards for when protected health information (PHI) may be used and disclosed
  • The Security Rule, which specifies safeguards that covered entities and their business associates must implement to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI)
  • The Breach Notification Rule, which requires covered entities to notify affected individuals; U.S. Department of Health & Human Services (HHS); and, in some cases, the media of a breach of unsecured PHI

HIPAA PRIVACY RULE

The HIPAA Privacy Rule establishes standards to protect PHI held by these entities and their business associates:

  • Health plans
  • Health care clearinghouses
  • Health care providers that conduct certain health care transactions electronically

When "you" is used in this fact sheet, we are referring to these entities and persons.

The Privacy Rule gives individuals important rights with respect to their protected PHI, including rights to examine and obtain a copy of their health records in the form and manner they request, and to ask for corrections to their information. Also, the Privacy Rule permits the use and disclosure of health information needed for patient care and other important purposes.

PHI

The Privacy Rule protects PHI held or transmitted by a covered entity or its business associate, in any form, whether electronic, paper, or verbal. PHI includes information that relates to all of the following:

  • The individual’s past, present, or future physical or mental health or condition
  • The provision of health care to the individual
  • The past, present, or future payment for the provision of health care to the individual

PHI includes many common identifiers, such as name, address, birth date, and Social Security number.

Visit the HHS HIPAA Guidance webpage for guidance on:

  • De-identifying PHI to meet HIPAA Privacy Rule requirements
  • Individuals’ right to access health information
  • Permitted uses and disclosures of PHI

HIPAA SECURITY RULE

The HIPAA Security Rule specifies safeguards that covered entities and their business associates must implement to protect ePHI confidentiality, integrity, and availability.

Covered entities and business associates must develop and implement reasonable and appropriate security measures through policies and procedures to protect the security of ePHI they create, receive, maintain, or transmit. Each entity must analyze the risks to ePHI in its environment and create solutions appropriate for its own situation. What is reasonable and appropriate depends on the nature of the entity’s business as well as its size, complexity, and resources. Specifically, covered entities must:

  • Ensure the confidentiality, integrity, and availability of
  • all ePHI they create, receive, maintain, or transmit
  • Identify and protect against reasonably anticipated threats to the security or integrity of the ePHI
  • Protect against reasonably anticipated, impermissible uses or disclosures
  • Ensure compliance by their workforce
Confidentiality: ePHI is not available or disclosed to unauthorized persons or processes
Integrity: ePHI is not altered or destroyed in an unauthorized manner
Availability: ePHI is accessible and usable on demand by authorized persons

When developing and implementing Security Rule compliant safeguards, covered entities and their business associates may consider all of the following:

  • Size, complexity, and capabilities
  • Technical, hardware, and software infrastructure
  • The costs of security measures
  • The likelihood and possible impact of risks to ePHI

Covered entities must review and modify security measures to continue protecting ePHI in a changing environment.

Visit the HHS HIPAA Guidance webpage for guidance on:

  • Administrative, physical, and technical safeguards
  • Cybersecurity
  • Remote and mobile use of ePHI

HIPAA BREACH NOTIFICATION RULE

The HIPAA Breach Notification Rule requires covered entities to notify affected individuals; HHS; and, in some cases, the media of a breach of unsecured PHI. Generally, a breach is an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of PHI. The impermissible use or disclosure of PHI is presumed to be a breach unless you demonstrate there is a low probability the PHI has been compromised based on a risk assessment of at least the following factors:

  • The nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification
  • The unauthorized person who used the PHI or to whom the disclosure was made
  • Whether the PHI was actually acquired or viewed
  • The extent to which the risk to the PHI has been mitigated.

Most notifications must be provided without unreasonable delay and no later than 60 days following the breach discovery. Notifications of smaller breaches affecting fewer than 500 individuals may be submitted to HHS annually. The Breach Notification Rule also requires business associates of covered entities to notify the covered entity of breaches at or by the business associate.

Visit the HHS HIPAA Breach Notification Rule webpage for guidance on:

  • Administrative requirements and burden of proof
  • How to make unsecured PHI unusable, unreadable, or indecipherable to unauthorized individuals
  • Reporting requirements

WHO MUST COMPLY WITH HIPAA RULES?

Covered entities and business associates, as applicable, must follow HIPAA rules. If an entity does not meet the definition of a covered entity or business associate, it does not have to comply with the HIPAA rules. For the definitions of “covered entity” and “business associate,” see the Code of Federal Regulations (CFR) Title 45, Section 160.103.

Covered Entities

The following covered entities must follow HIPAA standards and requirements:

  • Covered Health Care Provider: Any provider of medical or other health care services or supplies who transmits any health information in electronic form in connection with a transaction for which HHS has adopted a standard, such as:
    • Chiropractors
    • Clinics
    • Dentists
    • Doctors
    • Nursing homes
    • Pharmacies
    • Psychologists
  • Health Plan: Any individual or group plan that provides or pays the cost of health care, such as:
    • Company health plans
    • Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans’ health care programs
    • Health insurance companies
    • Health maintenance organizations (HMOs)
  • Health Care Clearinghouse: A public or private entity that processes another entity’s health care transactions from a standard format to a non-standard format, or vice versa, such as:
    • Billing services
    • Community health management information systems
    • Repricing companies
    • Value-added networks

Business Associates

A business associate is a person or organization, other than a workforce member of a covered entity, that performs certain functions on behalf of, or provides certain services to, a covered entity that involve access to PHI. A business associate can also be a subcontractor responsible for creating, receiving, maintaining, or transmitting PHI on behalf of another business associate. Business associates provide services to covered entities that include:

  • Accreditation
  • Billing
  • Claims processing
  • Consulting
  • Data analysis
  • Financial services
  • Legal services
  • Management administration
  • Utilization review

NOTE: A covered entity can be a business associate of another covered entity.

If a covered entity enlists the help of a business associate, then a written contract or other arrangement between the two must:

  • Detail the uses and disclosures of PHI the business associate may make
  • Require the business associate safeguard the PHI

Visit the HHS HIPAA Covered Entities and Business Associates webpage for more information.

Enforcement

The HHS Office for Civil Rights enforces the HIPAA Privacy, Security, and Breach Notification Rules. Violations may result in civil monetary penalties. In some cases, criminal penalties enforced by the U.S. Department of Justice may apply.

Common violations include:

  • Impermissible PHI use and disclosure
  • Use or disclosure of more than the minimum necessary PHI
  • Lack of PHI safeguards
  • Lack of administrative, technical, or physical
  • ePHI safeguards
  • Lack of individuals’ access to their PHI

The following are actual case examples:

  • HIPAA Privacy and Security Rule: A wireless health service provider (remote mobile monitoring) agreed to pay $2.5 million and implement a corrective action plan to settle potential violations of the HIPAA Privacy and Security Rules. A laptop with 1,391 individuals’ ePHI was stolen from an employee’s vehicle. The investigation revealed insufficient risk analysis and risk management processes in place at the time of the theft. Additionally, the organization’s policies and procedures implementing HIPAA Security Rule standards were in draft form and had not been implemented. Further, the organization was unable to produce any final policies or procedures regarding the implementation of safeguards for ePHI, including those for mobile devices.
  • HIPAA Breach Notification Rule: A specialty clinic agreed to pay $150,000 to settle potential violations of the HIPAA rules. An unencrypted thumb drive with the ePHI of about 2,200 individuals was stolen from a clinic employee’s vehicle. The investigation revealed the clinic had not accurately or thoroughly analyzed the potential risks and vulnerabilities to the confidentiality of ePHI as part of its security management process. Further, the clinic did not fully comply with requirements of the Breach Notification Rule to have written policies and procedures in place and train workforce members. This case was the first settlement with a covered entity for not having policies and procedures to address the HIPAA Breach Notification Rule.
  • Criminal prosecution: A former hospital employee pleaded guilty to criminal HIPAA charges after obtaining PHI with the intent to use it for personal gain. He was sentenced to 18 months in Federal prison.

Visit the HHS HIPAA Compliance and Enforcement webpage for more information.

Resources

Refer to the HHS Special Topics in Health Information Privacy webpage for information on:

  • Cloud computing
  • Mobile apps
  • HIPAA regulation history
?

Technical difficulties?

If you are experiencing any technical difficulties submitting your training, please contact our technical support team at: websupport@healthsystemone.com