Compliance Program Guidance Overview of Chapters 9 & 21 Marianne Bechtle, JD, CHC CM/Program Compliance and Oversight Group, Division of Compliance Enforcement Phil Sherfey, JD, CHC CM/Program Compliance and Oversight Group, Division of Compliance Enforcement Beth Brady, CFE, AHFI Center for Program Integrity, Division of Plan Oversight and Accountability September 5, 2012 I m a g e o f b l u e p r i n t CMS logo
37
Embed
Compliance Program Guidance Overview of Chapters 9 & 21 Marianne Bechtle, JD, CHC CM/Program Compliance and Oversight Group, Division of Compliance Enforcement.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Compliance Program GuidanceCompliance Program Guidance
Overview of Chapters 9 & 21
Marianne Bechtle, JD, CHCCM/Program Compliance and Oversight Group, Division of Compliance Enforcement
Phil Sherfey, JD, CHCCM/Program Compliance and Oversight Group, Division of Compliance Enforcement
Beth Brady, CFE, AHFICenter for Program Integrity, Division of Plan Oversight and Accountability
September 5, 2012
Image of blueprint
CMS logo
• Background
• Overview of the Revised Compliance Program Guidelines
AgendaAgenda
2
The Division of Compliance Enforcement (DCE) has a streamlined process for responding timely
Chapter 9 Medicare Prescription Drug Benefit Manual* &
Chapter 21 Medicare Managed Care Manual**
• Based on regulations that were effective on January 1, 2011• Content Identical• Applicable to Medicare Part C and Part D programs• Applicability to Cost Plans and PACE as stated in Section 10 • Released through HPMS on Friday, July 27, 2012 • Effective immediately* Internet-Only Manual (IOM), Pub. 100-16* * IOM, Pub. 100-18
Revised GuidanceRevised Guidance
4
• February 8, 2012 – Draft Compliance Program Guidelines issued for public comment via HPMS
• March 16, 2012 – Comment period ended
• Robust review and comment process (900+ comments)• DCE/CPI workgroup
• 68 entities (Medicare Advantage Organizations and Prescription Drug Plans, Delegated Entities, Trade Associations, consultants, etc.)
• Topics of interest:
• FDR oversight
• Content requirements for Policies, Procedures, Standards of Conduct
• Role of governing body & executive management
• Compliance training of deemed providers
• Frequency requirements for checking OIG/GSA exclusion lists
• July 27, 2012 – Final Compliance Program Guidelines issued via HPMS
The Journey: Draft to Final The Journey: Draft to Final
5
• Must: Requirements created by statute or regulation
vs. • Should: Expectations identified in Guidelines
• Identifies 7 elements of an effective compliance program
• In order to be effective, the Sponsor’s compliance program must be fully implemented
• Adequate resources are essential to an effective compliance program
Section 30 - Overview of Mandatory Compliance Program
Section 30 - Overview of Mandatory Compliance Program
7
• Who is an FDR?• Sponsor determines whether its delegated entity is an
FDR subject to compliance requirements• How to Determine Who is an FDR• Consider functions that are related to Medicare Parts C
and D contracts • If an entity is performing one of these functions, it is
very likely appropriate to categorize the entity as an FDR
• If not performing one of the listed functions, analyze all facts and circumstances, including factors listed in chapter
Section 40 - Sponsor Accountability for and Oversight of
FDRs
Section 40 - Sponsor Accountability for and Oversight of
FDRs
8
Standards of Conduct (SOC)• Also referred to as “Code of Conduct” or other
similar terms
• Provide the overarching principles by which the Sponsor operates
• May be in a Medicare-specific document, or included as part of the Sponsor’s commercial business Code of Conduct
Section 50.1 - Element I: Written Policies, Procedures and Standards of
Conduct
Section 50.1 - Element I: Written Policies, Procedures and Standards of
Conduct
9
Policies and Procedures (Ps & Ps)• Describe operation of compliance program
• Detailed and specific
• Implement the operation of compliance program
• Should be updated to reflect changes in laws, regulations, other Medicare program requirements
Section 50.1 - Element I: Written Policies, Procedures and Standards of
Conduct
Section 50.1 - Element I: Written Policies, Procedures and Standards of
Conduct
10
Section 50.1 - Element I: Written Policies, Procedures and Standards of
Conduct
Section 50.1 - Element I: Written Policies, Procedures and Standards of
Conduct
11
To Employees To FDRs
When? When?
•Within 90 days of hire •When updated •Annually
•Within 90 days of contracting •When updated •Annually
How? How?
• Hard copy initially then electronic
• Email electronic copy• Posting on intranet
• Fax blast• Placement on Sponsor’s FDR
Portal• Contained as attachments to
the FDR Contract
Distribution of SOC and Ps & Ps
Compliance Officer• Compliance reports must reach senior-most leader• Must have express authority to provide unfiltered, in-
person reports to senior leader/governing body• Reports should not be routed through operational
management (e.g. Chief Operating Officer, Chief Financial Officer, General Counsel)
• Compliance Officer reports may be relayed through divisional Presidents
• Compliance reports to governing body must be made through a Sponsor’s compliance infrastructure
Section 50.2 - Element II: Compliance Officer, Compliance Committee
and High Level Oversight
Section 50.2 - Element II: Compliance Officer, Compliance Committee
and High Level Oversight
12
Compliance Committee
• No requirement for separate “Medicare” Compliance Committee
• Accountable to senior leadership and governing body
• Must provide regular compliance reports to senior leadership and governing body
Section 50.2 - Element II: Compliance Officer, Compliance Committee
and High Level Oversight
Section 50.2 - Element II: Compliance Officer, Compliance Committee
and High Level Oversight
13
Governing Body
• Sponsor’s or parent’s governing body (e.g. Board, etc.) must oversee compliance
• May delegate oversight to committee, but governing body as whole ultimately accountable
• Must be knowledgeable about compliance risks
Section 50.2 - Element II:Compliance Officer, Compliance Committee
and High Level Oversight
Section 50.2 - Element II:Compliance Officer, Compliance Committee
and High Level Oversight
14
Senior Management
• Senior-most leader of contract holder must be engaged in compliance program oversight
• Must integrate Compliance Officer into organization
• Must be advised of all compliance enforcement activity, etc.
Section 50.2 - Element II: Compliance Officer, Compliance Committee
and High Level Oversight
Section 50.2 - Element II: Compliance Officer, Compliance Committee
and High Level Oversight
15
General Compliance Training for Employees• Who?
• All employees (including CEO, administrators and managers)• Governing body members
• When?• Within 90 days of hire and• Annually thereafter
• How?• Classroom training• Online training modules • Attestations that employees have read and received the Sponsor’s
Standards of Conduct and/or compliance policies and procedures Sponsors must be able to demonstrate that their employees have fulfilled these training requirements
Section 50.3 - Element III: Effective Training and Education
Section 50.3 - Element III: Effective Training and Education
16
General Compliance Training for FDRs• What?• Sponsors must communicate the following to FDRs:• General compliance information
and • Compliance expectations are communicated to FDRs
• How?• Distribution of Sponsor’s Standards of Conduct
and/or compliance policies and procedures to FDRs’ employees through Provider Guides, Business Associated Agreements, etc.
Section 50.3 - Element III: Effective Training and Education
Section 50.3 - Element III: Effective Training and Education
17
Fraud, Waste, and Abuse (FWA) Training• Who?
• All employees (including CEO, administrators and managers)• Governing body members• FDRs
• When?• Within 90 days of hire
and• Annually thereafter
• FDRs?• Sponsors must provide FWA training directly to FDRs
or • Sponsors must provide training materials
or• Sponsors must ensure FDRs complete the CMS FWA Training Module
Specialized training may be provided based on FWA risks specific to an individual’s job function
Section 50.3 - Element III: Effective Training and Education
Section 50.3 - Element III: Effective Training and Education
18
FWA Training (Deemed FDRs)
• FDRs meeting FWA certification through Parts A/B enrollment or accreditation as DMEPOS* supplier are “deemed” to have met FWA training requirement
• If a chain pharmacy, each individual location must be enrolled to be deemed
*DMEPOS = Durable Medical Equipment, Prosthetics, Orthotics, and Supplies
Section 50.3 - Element III:Effective Training and Education
Section 50.3 - Element III:Effective Training and Education
19
Compliance Officer: Communicating with Others• Compliance Officer’s name, location, and contact information
must be shared with employees and FDRs
• Implement a system to communicate changes in law, regulations, sub-regulatory guidance, and P&Ps
• Information must be disseminated timely
• Numerous examples of methods to communicate both internally and to FDRs
• Sponsor must educate enrollees about identification and reporting of potential FWA
Section 50.4 - Element IV: Effective Lines of Communication
Section 50.4 - Element IV: Effective Lines of Communication
20
Section 50.5 - Element V: Well-Publicized Disciplinary Standards
Section 50.5 - Element V: Well-Publicized Disciplinary Standards
Disciplinary Standards (Policies & Procedures)
• Must be clear and specific
• Must describe the Sponsor’s expectations for reporting compliance issues and assisting in the resolution of reported compliance issues
• Must identify noncompliant, unethical, or illegal behavior through examples of violative conduct
21
Disciplinary Standards (Publicize & Enforce)
• Provide timely, consistent and effective enforcement of standards
• Numerous examples provided of how to publicize disciplinary standards
• Records must be maintained for 10 years for all compliance violation disciplinary actions
Section 50.5 - Element V: Well-Publicized Disciplinary Standards
Section 50.5 - Element V: Well-Publicized Disciplinary Standards
22
Routine Monitoring and Auditing• Must conduct monitoring and auditing to test and confirm
compliance with Medicare requirements
• Monitoring: regular reviews of operations to ensure ongoing compliance
• Auditing: formal review of compliance with a set of standards
• Must develop an annual monitoring and auditing work plan
• Compliance Officer must receive regular reports from the audit department regarding results and corrective actions taken
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
23
System to Identify Compliance Risks
• Must conduct a formal baseline assessment of major compliance and FWA risk areas (e.g., risk assessment)
• Must take into account all Medicare business operational areas
• Examples provided of high risk areas for Medicare Parts C and D Sponsors
• Must audit the effectiveness of the compliance program (annually)
• Transfer results into a monitoring and auditing work plan
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
24
Audits: Sponsor’s Operations and Compliance Program
• Audit function may be a separate department or performed by the Compliance department
• Must designate adequate resources to meet the work plan goals
• No self-policing by operational areas; must be independent auditors, internal audit or compliance
• Must audit the effectiveness of the compliance program and share results with governing body
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
25
Monitoring and Auditing FDRs• Sponsors are responsible for compliance with CMS
requirements, including work performed by their FDRs• Must develop a strategy to monitor and audit first-tier
entities for compliance program requirements• Must ensure first-tier entities fulfill compliance program
requirements• Must ensure first-tier entities monitor compliance of
downstream entities• Examples provided of how to conduct monitoring and
auditing activities of FDRs (e.g., risk assessments, utilization reports)
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
26
Tracking and Documenting Compliance and Compliance Program Effectiveness• Sponsors should track and document compliance
efforts• Dashboards, scorecards, self-assessments tools and
other mechanisms help demonstrate compliance goals and achievements
• Issues of noncompliance and FWA identified in the assessment tools should be shared with senior management
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
27
OIG/GSA Exclusion• Sponsors must review the DHHS OIG LEIE list and GSA
EPLS prior to hiring or contracting, and monthly to ensure none of the persons or entities are excluded
• New and Temporary Employees
• Volunteers
• Consultants
• Governing Body members
• FDRs
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
28
Use of Data Analysis for FWA Prevention and Detection
• Establish baseline data to recognize unusual trends or changes in utilization or patterns over time
• Identify internal problem areas such as enrollment, finance, or data submission, and problem areas with the FDRs
• Use findings to determine where there is a need for policy changes
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
29
Special Investigation Units (SIUs)
SIU - An internal unit, often separate from the compliance department, responsible for investigation of potential FWA
• Sponsors are not expected to perform law enforcement duties and may refer FWA matters to the NBI MEDIC or to law enforcement
• SIUs must be accessible via phone, email, Internet and mail, and Sponsors must ensure FWA can be reported anonymously
• Communication and coordination between the SIU and compliance department is key in ensuring that all Medicare Parts C and D benefits are protected from FWA schemes
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing,
and Identification of Compliance Risks
30
If Potential FWA is Detected . . .• Sponsors must initiate a reasonable inquiry as soon as
possible, but not later than 2 weeks after the date the incident is identified
• After a preliminary investigation, Sponsors may refer potential FWA to the NBI MEDIC if they do not have the time or resources to investigate fully
• Referrals should be made to the NBI MEDIC within 30 days so that the fraudulent or abusive activity does not continue
• Sponsors are responsible for monitoring for FWA and noncompliance within their organizations
Section 50.7 - Element VII: Procedures and System for Prompt Response
to Compliance Issues
Section 50.7 - Element VII: Procedures and System for Prompt Response
to Compliance Issues
31
Corrective Actions • Must be designed to correct the underlying problem• Must be implemented in response to FWA or
noncompliance• Must prevent future noncompliance (root cause analysis)• Must include timeframes for achievements• Must be documented and include ramifications if the
corrective action was not implemented satisfactorily• Sponsors must ensure FDRs have corrected their
deficiencies• Thorough documentation must be maintained of all
deficiencies identified and corrective actions taken
Section 50.7 - Element VII: Procedures and System for Prompt Response
to Compliance Issues
Section 50.7 - Element VII: Procedures and System for Prompt Response
to Compliance Issues
32
Medicare Drug Integrity Contractors (MEDICs)• Perform specific program integrity functions for
Medicare Parts C and DThe National Benefit Integrity (NBI) MEDICs• Identify potential FWA• Investigate referrals from sponsors and keep sponsors
informed• Refer to law enforcement or other entities when
necessary• May request additional information from the sponsors
which should be provided within 30 days unless otherwise specified
Section 50.7 - Element VII: Procedures and System for Prompt Response
to Compliance Issues
Section 50.7 - Element VII: Procedures and System for Prompt Response
to Compliance Issues
33
CMS issues alerts about fraud schemes identified by law enforcement officials. In response, Sponsors should . . .• Review contractual agreements with identified parties• Consider terminating contracts if law enforcement has
issued indictments and the terms of the contract authorizes termination in such instances
• Review past paid claims from entities identified in the fraud alert
• Identify claims that may have been part of an alleged fraud scheme and remove them from PDE submissions
Section 50.7 - Element VII: Procedures and System for Prompt Response
to Compliance Issues
Section 50.7 - Element VII: Procedures and System for Prompt Response
to Compliance Issues
34
To Identify Providers with a History of Complaints, Sponsors . . . • Should maintain files for 10 years on providers who have
been the subject of complaints, investigations and prosecutions
• Should maintain files that contain documented warnings, educational contacts, copies of complaints, and results of investigations
• Must comply with requests from law enforcement, CMS or CMS’s designee regarding monitoring of potentially abusive or fraudulent providers
Section 50.7 - Element VII: Procedures and System for Prompt Response
to Compliance Issues
Section 50.7 - Element VII: Procedures and System for Prompt Response
to Compliance Issues
35
The Division of Compliance Enforcement (DCE) has a streamlined process for responding timely