Section 50.6 - Element VI

Report
CMS logo
Compliance Program Guidance
Overview of
Chapters 9 & 21
Marianne Bechtle, JD, CHC
CM/Program Compliance and Oversight Group,
Division of Compliance Enforcement
Phil Sherfey, JD, CHC
CM/Program Compliance and Oversight Group,
Division of Compliance Enforcement
Beth Brady, CFE, AHFI
Center for Program Integrity, Division of Plan
Oversight and Accountability
Image of blueprint
September 5, 2012
Agenda
• Background
• Overview of the Revised Compliance Program
Guidelines
2
Questions/Answers
The Division of Compliance Enforcement (DCE)
has a streamlined process for responding timely
to policy questions or inquiries:
[email protected]
3
Revised Guidance
Chapter 9 Medicare Prescription
Drug Benefit Manual* &
Chapter 21 Medicare Managed Care Manual**
• Based on regulations that were effective on January 1,
2011
• Content Identical
• Applicable to Medicare Part C and Part D programs
• Applicability to Cost Plans and PACE as stated in Section
10
• Released through HPMS on Friday, July 27, 2012
• Effective immediately
* Internet-Only Manual (IOM), Pub. 100-16
* * IOM, Pub. 100-18
4
The Journey: Draft to Final
• February 8, 2012 – Draft Compliance Program Guidelines issued for public
comment via HPMS
• March 16, 2012 – Comment period ended
• Robust review and comment process (900+ comments)
• DCE/CPI workgroup
• 68 entities (Medicare Advantage Organizations and Prescription Drug Plans,
Delegated Entities, Trade Associations, consultants, etc.)
• Topics of interest:
• FDR oversight
• Content requirements for Policies, Procedures, Standards of Conduct
• Role of governing body & executive management
• Compliance training of deemed providers
• Frequency requirements for checking OIG/GSA exclusion lists
• July 27, 2012 – Final Compliance Program Guidelines issued via HPMS
5
Section 10 - Introduction
• Must: Requirements created by statute or
regulation
vs.
• Should: Expectations identified in Guidelines
vs.
• Best Practices: Recommendations
6
Section 30 Overview of Mandatory Compliance Program
• Identifies 7 elements of an effective
compliance program
• In order to be effective, the Sponsor’s
compliance program must be fully
implemented
• Adequate resources are essential to an
effective compliance program
7
Section 40 Sponsor Accountability for and Oversight of
FDRs
• Who is an FDR?
• Sponsor determines whether its delegated entity is an
FDR subject to compliance requirements
• How to Determine Who is an FDR
• Consider functions that are related to Medicare Parts C
and D contracts
• If an entity is performing one of these functions, it is
very likely appropriate to categorize the entity as an
FDR
• If not performing one of the listed functions, analyze all
facts and circumstances, including factors listed in
chapter
8
Section 50.1 - Element I:
Written Policies, Procedures and Standards of
Conduct
Standards of Conduct (SOC)
• Also referred to as “Code of Conduct” or other
similar terms
• Provide the overarching principles by which the
Sponsor operates
• May be in a Medicare-specific document, or included
as part of the Sponsor’s commercial business Code of
Conduct
9
Section 50.1 - Element I:
Written Policies, Procedures and Standards of
Conduct
Policies and Procedures (Ps & Ps)
• Describe operation of compliance program
• Detailed and specific
• Implement the operation of compliance program
• Should be updated to reflect changes in laws,
regulations, other Medicare program requirements
10
Section 50.1 - Element I:
Written Policies, Procedures and Standards of
Conduct
Distribution of SOC and Ps & Ps
To Employees
To FDRs
When?
When?
• Within 90 days of hire
• When updated
• Annually
• Within 90 days of contracting
• When updated
• Annually
How?
How?
• Hard copy initially then
electronic
• Email electronic copy
• Posting on intranet
• Fax blast
• Placement on Sponsor’s FDR
Portal
• Contained as attachments to
the FDR Contract
11
Section 50.2 - Element II:
Compliance Officer, Compliance Committee
and High Level Oversight
Compliance Officer
• Compliance reports must reach senior-most leader
• Must have express authority to provide unfiltered, inperson reports to senior leader/governing body
• Reports should not be routed through operational
management (e.g. Chief Operating Officer, Chief
Financial Officer, General Counsel)
• Compliance Officer reports may be relayed through
divisional Presidents
• Compliance reports to governing body must be made
through a Sponsor’s compliance infrastructure
12
Section 50.2 - Element II:
Compliance Officer, Compliance Committee
and High Level Oversight
Compliance Committee
• No requirement for separate “Medicare” Compliance
Committee
• Accountable to senior leadership and governing body
• Must provide regular compliance reports to senior
leadership and governing body
13
Section 50.2 - Element II:
Compliance Officer, Compliance Committee
and High Level Oversight
Governing Body
• Sponsor’s or parent’s governing body (e.g. Board,
etc.) must oversee compliance
• May delegate oversight to committee, but governing
body as whole ultimately accountable
• Must be knowledgeable about compliance risks
14
Section 50.2 - Element II:
Compliance Officer, Compliance Committee
and High Level Oversight
Senior Management
• Senior-most leader of contract holder must be
engaged in compliance program oversight
• Must integrate Compliance Officer into organization
• Must be advised of all compliance enforcement
activity, etc.
15
Section 50.3 - Element III:
Effective Training and Education
General Compliance Training for Employees
• Who?
• All employees (including CEO, administrators and managers)
• Governing body members
• When?
• Within 90 days of hire
and
• Annually thereafter
• How?
• Classroom training
• Online training modules
• Attestations that employees have read and received the Sponsor’s
Standards of Conduct and/or compliance policies and procedures
Sponsors must be able to demonstrate that their employees have
fulfilled these training requirements
16
Section 50.3 - Element III:
Effective Training and Education
General Compliance Training for FDRs
• What?
• Sponsors must communicate the following to FDRs:
• General compliance information
and
• Compliance expectations are communicated to FDRs
• How?
• Distribution of Sponsor’s Standards of Conduct
and/or compliance policies and procedures to FDRs’
employees through Provider Guides, Business
Associated Agreements, etc.
17
Section 50.3 - Element III:
Effective Training and Education
Fraud, Waste, and Abuse (FWA) Training
• Who?
• All employees (including CEO, administrators and managers)
• Governing body members
• FDRs
• When?
• Within 90 days of hire
and
• Annually thereafter
• FDRs?
• Sponsors must provide FWA training directly to FDRs
or
• Sponsors must provide training materials
or
• Sponsors must ensure FDRs complete the CMS FWA Training Module
Specialized training may be provided based on FWA risks specific to an
18
individual’s job function
Section 50.3 - Element III:
Effective Training and Education
FWA Training (Deemed FDRs)
• FDRs meeting FWA certification through Parts A/B
enrollment or accreditation as DMEPOS* supplier are
“deemed” to have met FWA training requirement
• If a chain pharmacy, each individual location must be
enrolled to be deemed
*DMEPOS = Durable Medical Equipment, Prosthetics, Orthotics, and Supplies
19
Section 50.4 - Element IV:
Effective Lines of Communication
Compliance Officer: Communicating with Others
• Compliance Officer’s name, location, and contact information
must be shared with employees and FDRs
• Implement a system to communicate changes in law,
regulations, sub-regulatory guidance, and P&Ps
• Information must be disseminated timely
• Numerous examples of methods to communicate both
internally and to FDRs
• Sponsor must educate enrollees about identification and
reporting of potential FWA
20
Section 50.5 - Element V:
Well-Publicized Disciplinary Standards
Disciplinary Standards (Policies & Procedures)
• Must be clear and specific
• Must describe the Sponsor’s expectations for reporting
compliance issues and assisting in the resolution of
reported compliance issues
• Must identify noncompliant, unethical, or illegal
behavior through examples of violative conduct
21
Section 50.5 - Element V:
Well-Publicized Disciplinary Standards
Disciplinary Standards (Publicize & Enforce)
• Provide timely, consistent and effective enforcement
of standards
• Numerous examples provided of how to publicize
disciplinary standards
• Records must be maintained for 10 years for all
compliance violation disciplinary actions
22
Section 50.6 - Element VI:
Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
Routine Monitoring and Auditing
• Must conduct monitoring and auditing to test and confirm
compliance with Medicare requirements
• Monitoring: regular reviews of operations to ensure ongoing
compliance
• Auditing: formal review of compliance with a set of standards
• Must develop an annual monitoring and auditing work plan
• Compliance Officer must receive regular reports from the
audit department regarding results and corrective actions
taken
23
Section 50.6 - Element VI:
Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
System to Identify Compliance Risks
• Must conduct a formal baseline assessment of major
compliance and FWA risk areas (e.g., risk assessment)
• Must take into account all Medicare business operational
areas
• Examples provided of high risk areas for Medicare Parts C
and D Sponsors
• Must audit the effectiveness of the compliance program
(annually)
• Transfer results into a monitoring and auditing work plan
24
Section 50.6 - Element VI:
Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
Audits: Sponsor’s Operations and Compliance
Program
• Audit function may be a separate department or
performed by the Compliance department
• Must designate adequate resources to meet the work
plan goals
• No self-policing by operational areas; must be
independent auditors, internal audit or compliance
• Must audit the effectiveness of the compliance program
and share results with governing body
25
Section 50.6 - Element VI:
Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
Monitoring and Auditing FDRs
• Sponsors are responsible for compliance with CMS
requirements, including work performed by their FDRs
• Must develop a strategy to monitor and audit first-tier
entities for compliance program requirements
• Must ensure first-tier entities fulfill compliance program
requirements
• Must ensure first-tier entities monitor compliance of
downstream entities
• Examples provided of how to conduct monitoring and
auditing activities of FDRs (e.g., risk assessments,
utilization reports)
26
Section 50.6 - Element VI:
Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
Tracking and Documenting Compliance and
Compliance Program Effectiveness
• Sponsors should track and document compliance
efforts
• Dashboards, scorecards, self-assessments tools and
other mechanisms help demonstrate compliance
goals and achievements
• Issues of noncompliance and FWA identified in the
assessment tools should be shared with senior
management
27
Section 50.6 - Element VI:
Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
OIG/GSA Exclusion
• Sponsors must review the DHHS OIG LEIE list and GSA
EPLS prior to hiring or contracting, and monthly to
ensure none of the persons or entities are excluded
• New and Temporary Employees
• Volunteers
• Consultants
• Governing Body members
• FDRs
28
Section 50.6 - Element VI:
Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
Use of Data Analysis for FWA Prevention and
Detection
• Establish baseline data to recognize unusual trends
or changes in utilization or patterns over time
• Identify internal problem areas such as enrollment,
finance, or data submission, and problem areas with
the FDRs
• Use findings to determine where there is a need for
policy changes
29
Section 50.6 - Element VI:
Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
Special Investigation Units (SIUs)
SIU - An internal unit, often separate from the compliance
department, responsible for investigation of potential FWA
• Sponsors are not expected to perform law enforcement duties
and may refer FWA matters to the NBI MEDIC or to law
enforcement
• SIUs must be accessible via phone, email, Internet and mail,
and Sponsors must ensure FWA can be reported anonymously
• Communication and coordination between the SIU and
compliance department is key in ensuring that all Medicare
Parts C and D benefits are protected from FWA schemes
30
Section 50.7 - Element VII:
Procedures and System for Prompt Response
to Compliance Issues
If Potential FWA is Detected . . .
• Sponsors must initiate a reasonable inquiry as soon as
possible, but not later than 2 weeks after the date the
incident is identified
• After a preliminary investigation, Sponsors may refer
potential FWA to the NBI MEDIC if they do not have the
time or resources to investigate fully
• Referrals should be made to the NBI MEDIC within 30
days so that the fraudulent or abusive activity does not
continue
• Sponsors are responsible for monitoring for FWA and
noncompliance within their organizations
31
Section 50.7 - Element VII:
Procedures and System for Prompt Response
to Compliance Issues
Corrective Actions
• Must be designed to correct the underlying problem
• Must be implemented in response to FWA or
noncompliance
• Must prevent future noncompliance (root cause analysis)
• Must include timeframes for achievements
• Must be documented and include ramifications if the
corrective action was not implemented satisfactorily
• Sponsors must ensure FDRs have corrected their
deficiencies
• Thorough documentation must be maintained of all
deficiencies identified and corrective actions taken
32
Section 50.7 - Element VII:
Procedures and System for Prompt Response
to Compliance Issues
Medicare Drug Integrity Contractors (MEDICs)
• Perform specific program integrity functions for
Medicare Parts C and D
The National Benefit Integrity (NBI) MEDICs
• Identify potential FWA
• Investigate referrals from sponsors and keep sponsors
informed
• Refer to law enforcement or other entities when
necessary
• May request additional information from the sponsors
which should be provided within 30 days unless
otherwise specified
33
Section 50.7 - Element VII:
Procedures and System for Prompt Response
to Compliance Issues
CMS issues alerts about fraud schemes identified by
law enforcement officials. In response, Sponsors
should . . .
• Review contractual agreements with identified parties
• Consider terminating contracts if law enforcement has
issued indictments and the terms of the contract
authorizes termination in such instances
• Review past paid claims from entities identified in the
fraud alert
• Identify claims that may have been part of an alleged
fraud scheme and remove them from PDE submissions
34
Section 50.7 - Element VII:
Procedures and System for Prompt Response
to Compliance Issues
To Identify Providers with a History of Complaints,
Sponsors . . .
• Should maintain files for 10 years on providers who have
been the subject of complaints, investigations and
prosecutions
• Should maintain files that contain documented warnings,
educational contacts, copies of complaints, and results of
investigations
• Must comply with requests from law enforcement, CMS
or CMS’s designee regarding monitoring of potentially
abusive or fraudulent providers
35
Questions/Answers
The Division of Compliance Enforcement (DCE)
has a streamlined process for responding timely
to policy questions or inquiries:
[email protected]
36
COMING SOON
WEBSITE FOR
PROGRAM COMPLIANCE & OVERSIGHT
GROUP
(PCOG)
37

similar documents