|
HCSC INSURANCE SERVICES COMPANY
MEDICARE AND GOVERNMENT CONTRACTS
COMPLIANCE PROGRAM
I. POLICY STATEMENT
A. Standard of Conduct
As a subsidiary of Health Care Service Corporation, a Mutual Legal Reserve Company (“HCSC”), HCSC Insurance Services Company, (“HISC”) is subject to HCSC’s Corporate Integrity and Compliance Program (the “HCSC Compliance Program”) which includes the Code of Business Ethics and Conduct (the “Code”). This Medicare and Government Contracts Compliance Program (the “HISC Compliance Program”) is in addition to the obligations and responsibilities placed on the HISC’s Board of Directors, employees, agents and independent contractors by the HCSC Compliance Program. It applies to all entities and individuals, whether employed by HISC, HCSC or any other subsidiary, agent and independent contractor that perform services under any of HISC’s Government Contracts whether as a prime contractor or subcontractor.
Like HCSC, HISC is founded on basic principles of good business behavior. Among these principles are a commitment to the highest standard of business ethics and integrity, and strict observance of and compliance with the laws and regulations governing the business operations of HISC, and in particular the services that it performs or has delegated to others to perform pursuant to Medicare or other government contracts. HISC demands that all members of HISC’s Board of Directors (the “Directors”), its employees, its agents and independent contractors adhere to the highest legal and ethical standards to ensure that HISC complies with all applicable laws and regulations, and all terms and conditions of its Government Contracts, and the HISC Compliance Program. HISC and its subcontractors will fulfill their obligations under the Government Contracts with special emphasis on preventing fraud and abuse and with respect for the rights of all enrollees.
B. Detailed Policies and Procedures
General. As a Government contractor or sub-contractor, HISC and its subcontractors are committed to comply with all applicable statutory, regulatory and contractual requirements. HISC shall adopt and adhere to detailed policies and procedures regarding the operations and the services performed under its Government Contracts.
Medicare Advantage. HISC and its subcontractors will establish and maintain current policies and procedures regarding all areas identified by the Office of Inspector General (“OIG”) or the Centers for Medicare and Medicaid Services (“CMS”) as high risk areas, including but not limited to, marketing materials and personnel, selective marketing and enrollment, disenrollment, underutilization and quality of care, data collection and submission processes, anti-kickback and other inducements and emergency services. These policies and procedures are incorporated herein as Appendix A.
When establishing or modifying such policies, if advice is requested from CMS, such request will be documented along with any response from CMS whether written or oral. In addition, records relevant to the issue; such as whether HISC or its subcontractors exercised due diligence in developing procedures to implement the advice and whether reliance on such advice was reasonable will be retained.
Policies and procedures will be made available to all individuals who are affected by the particular risk or policy issue including those individuals whose duties touch upon a particular risk or policy area, as well as agents and independent contractors with whom HISC has contracted to perform delegated activities.
Retention of Records and Information Systems. HISC and its subcontractors will adopt detailed policies and procedures that pertain to its documents and the documents of its subcontractors regarding the retention of documents that at a minimum will: (i) document the creation, distribution, retention, storage, retrieval and destruction of documents required by applicable Federal or State law and the program requirements of applicable Federal or State health plans; (ii) list the persons responsible for implementing each part of the HISC Compliance Program; (iii) and maintain all records necessary to protect the integrity of the compliance process and confirm the effectiveness of the HISC Compliance Program which, includes but is not limited to, evidence of employee training, HOTLINE reports, HOTLINE investigation results, modifications to the HISC Compliance Program, all written notification to providers regarding compliance activities, and HISC’s auditing and monitoring activities. HISC and its subcontractor shall also establish detailed policies and procedures for maintaining the integrity of the data collections systems used in the performance of its Government Contracts.
II. DESIGNATION AND ADMINISTRATION OF THE COMPLIANCE PROGRAM
A. HISC Board of Directors
The HISC Board of Directors has adopted and will support and monitor the implementation of the HISC Compliance Program, to demonstrate HISC’s commitment to full and comprehensive compliance with all applicable laws and regulations, and contract terms and conditions, including, without limitation, HISC’s obligation under any and all Medicare, Medicaid, FEP, IHS, CHAMPUS or other government contracts (hereinafter referred to as the “Government Contracts”). At least annually, the HISC Board of Directors shall review the HISC Compliance Program and shall ratify or amend the Compliance Program and Code as appropriate.
B. Audit, Corporate Responsibility & Compliance Committee of the HCSC Board
The Audit, Corporate Responsibility & Compliance Committee of the HCSC Board (the “HCSC Board Audit & Compliance Committee”) is responsible for ensuring that HISC has fully implemented the HISC Compliance Program. At least annually, the Committee shall review the HISC Compliance Program and recommend such changes and amendments as the Committee considers appropriate. The Committee, the Corporate Compliance Officer and the HISC Compliance Officer shall maintain close communications among themselves and with the HISC Board of Directors as a whole, and shall address and review matters concerning or relating to the HISC Compliance Program so the Committee can take appropriate action or make appropriate recommendations.
Responsibilities and Duties. In carrying out its responsibilities under the HISC Compliance Program, the HCSC Board Audit & Compliance Committee shall:
1. Provide oversight and support the implementation, administration
and continuing operations of the HISC Compliance Program;
2. Review matters relating to education, training and communication in
connection with the HISC Compliance Program to ensure that HISC policies
and procedures on compliance are properly disseminated, understood
and followed; and
3. Recommend to the HISC Board of Directors such
measures and actions as may be appropriate to assist HISC in conducting
its business activities in full compliance with all applicable laws
and regulations, terms and conditions of its Government Contracts, and the
HISC Compliance Program.
C. HISC Compliance Officer
General. HISC shall appoint a senior member of management with significant government contracts experience to be the HISC’s Compliance Officer (the “HISC Compliance Officer”). The HISC Compliance Officer is responsible for administration of the HISC Compliance Program. The HISC Compliance Officer reports to HISC’s Board of Directors, the HISC Chief Executive Officer, and the HCSC Corporate Compliance Officer.
Authority. The HISC Compliance Officer shall have full authority to stop the submission of data that he or she believes is problematic until such time as the issue in question has been resolved to the satisfaction of the HISC Compliance Officer with agreement from the Corporate Compliance Officer. The HISC Compliance Officer shall be copied on the results of all internal audit reports and work closely with key individuals to identify aberrant trends in all areas that require certification. The HISC Compliance Officer shall have the authority to review all documents and other information that the HISC Compliance Officer deems to be relevant to HISC compliance activities and Government Contracts.
Responsibilities and Duties. The responsibilities and duties of the HISC Compliance Officer include the following:
1. Implementation and Administration of the HISC Compliance Program.
The HISC Compliance Officer shall:
a. Design and direct the implementation, administration
and operation of the HISC Compliance Program to ensure compliance
with the laws and regulations, terms and conditions of Government
Contracts, and the HISC Compliance Program;
b. Ensure that all agents, consultants, independent contractors,
vendors and producers are aware of the HISC Compliance
Program and with HISC’s expectation that they will comply with the
Program’s requirements when performing contractual
functions. Further coordinate with management to determine
whether and to what extent a consultant, contractor,
vendor or producer is subject to the training requirements
of the Compliance Program;
c. Periodically review the HISC Compliance Program to
ensure its relevance and recommend to the HISC Chief Executive
Officer and the Corporate Compliance Committee modifications to
account for changes in applicable laws or regulations,
changes in the nature of HISC’s business, HISC’s experience in the
operation of the Program, and to incorporate and follow applicable
industry practices and standards;
d. Report directly on a regular basis to the HISC Chief Executive
Officer, HISC Board, and the Corporate Compliance
Committee regarding the operation of the HISC Compliance
Program and all significant issues relating to compliance with
applicable laws and regulations, terms and conditions of
Government Contracts, and the HISC Compliance Program;
e. Develop a general training and education program regarding the
Government Contracts which also addresses fraud and abuse and
ethical concerns. The HISC Compliance Officer will also develop
specialized training for specific risk areas that will be provided to
those individuals who have duties and responsibilities
for such risk areas. Attendance at such training will be a required
in order for such individuals to continue to perform services under
the Government Contracts;
f. Ensure that mechanisms exist for testing the efficacy of the
education program and for updating the training program to
account for developments in laws and regulations and the terms
and conditions of the Government Contracts;
g. Ensure that every individual that performs services under the
Government Contracts shall either receive a copy, electronically
or otherwise, of the HISC Compliance Program and will be required
to sign a certification acknowledging that he or she has read and
will comply with the HISC Compliance Program. Each year hereafter,
each individual that performs services under the Government
Contracts must complete a certification acknowledging
that he or she has read, will comply with and is unaware of any
violations of the HISC Compliance Program;
h. Work with the HCSC Vice President - Governance & Regulatory
Oversight to ensure the design, development, implementation
and ongoing compliance requirements for the Standards for
Privacy and Security of Individually Identifiable Health Information,
and other Federal and State regulations & legislation, as
appropriate, including, but not limited to requirements
concerning policies and procedures, training, and safeguards to
protect and secure protected health information;
i. Be responsible for oversight of all certifications filed by Directors
and others relating to the HISC Compliance Program and
training there under; and
j. Serve as a member of the HCSC Corporate Compliance
Committee.
2. HOTLINE & Investigations. The HISC Compliance Officer shall:
a. Utilize existing systems to allow and encourage individuals to
raise questions, whether anonymously or otherwise, about the
application or meaning of the HISC Compliance Program and
to disclose possible violations. HISC shall ensure that employees
who raise these matters are treated with respect and are not
subject to retaliation.
b. Maintain a log of all calls received by the HOTLINE relating to
Government Contracts and maintain a record of all allegations
which may constitute a violation of applicable laws or regulations,
terms and conditions of Government Contracts, and the HISC
Compliance Program. The operation of this HOTLINE
shall be the responsibility of the HCSC Vice President –
Compliance Operations;
c. Maintain a confidential, written record reflecting each
communication concerning all possible violations of the HISC
Compliance Program;
d. Ensure a prompt and thorough investigation appropriate
to the circumstances. When an investigation is initiated,
steps shall be taken to ensure the retention of relevant
documents. Routine document destruction procedures
shall be suspended insofar as they may affect documents
relevant to the potential violation. Individuals who may possess
relevant documents shall be instructed to retain them or to turn
them over to the investigative team. A record shall be maintained
of all employees to whom such a request is made and of all
documents retained for purposes of the investigation;
e. Evaluate, as appropriate, any calls received on a separate fraud
and abuse HOTLINE established for vendors, providers,
consultants, contractors, producers and beneficiaries to
report suspected health care fraud and abuse or other misconduct
to HISC. The operation of this HOTLINE shall be the responsibility
of the HCSC Vice President - Special Investigations
and Security. Any calls received on this HOTLINE that credibly
allege a material violation of criminal or civil law by HISC shall be
referred to the HISC Compliance Officer, including, without limitation,
those calls relating to its government contracts, dealing with
health care fraud and abuse;
f. Work with the Vice President –Special Investigations
and Security to ensure effective coordination of programs and
issues involving corporate security of HISC personnel and
assets and related investigations. Any reports received or
information developed by Corporate Security that credibly alleges
or may indicate a material violation of criminal or civil law by
HISC shall be referred to the HISC Compliance Officer, including,
without limitation, those matters related to its government
contracts, dealing with health care fraud and abuse; and
g. Work with the Senior Vice President – Chief Human Resources
Officer to ensure effective coordination of Workforce Relations related
issues that are brought to the attention of the HISC Compliance
Officer and that discipline is utilized in a manner that is appropriate
and consistent.
3. Review and Monitoring.
The HISC Compliance Officer shall:
a. Ensure that the compliance risks to which HISC is exposed, both
internal and external, are assessed on a regular basis and direct
the implementation of internal systems and controls to reinforce
compliance and other activities (the HISC compliance
audit plan), as appropriate, to ensure the HISC Compliance
Program is responsive to those risks; and
b. Work with the HCSC Vice President – Audit and Performance
Review and external auditors, as necessary, to ensure effective
communication and implementation of programs to audit, monitor
and validate adherence with all applicable laws and regulations,
terms and conditions of Government Contracts and the HISC
Compliance Program.
HISC shall appoint a senior member of management to be the “designated privacy official” for HISC to ensure the design, development, implementation and administration of the requirements set forth in the Department of Health and Human Services Rule entitled Standards for Privacy of Individually Identifiable Health Information (45 CFR Parts 160-164, as finalized), including, but not limited to requirements concerning privacy policies and procedures, workforce training and safeguards to protect the privacy of protected health information.
D. Corporate Compliance Committee
General. The Corporate Compliance Committee shall provide oversight, advice, support and general guidance, as appropriate, to the HISC Compliance Officer in the discharge of his or her responsibilities. The HISC Compliance Officer shall keep the Corporate Compliance Committee informed of any significant actions taken with respect to the implementation, administration and operation of the Compliance Program and shall prepare recommendations on compliance-related policies and procedures for review by the Committee.
Responsibilities and Duties. In regards to the HISC Compliance Program the Corporate Compliance Committee shall:
1. Build an appropriate infrastructure for the administration of the
HISC Compliance Program, including mechanisms and systems for
long-term support;
2. Analyze HISC’s regulatory environment, the legal requirements
with which it must comply and the specific risk areas and make
recommendations regarding the HISC Compliance Program
regarding such environment, requirements and risks; and
3. Monitor internal and external audits for the purpose of identifying
issues and deficient areas and implementing corrective and preventive
action.
E. Management Responsibility and Disciplinary Standards
It is the responsibility of all management and supervisory personnel to ensure that HISC and all persons performing under the Government Contracts comply with the provisions of applicable laws and regulations, terms and conditions of Government Contracts, and the HISC Compliance Program. Individuals in management and supervisory capacities will be appropriately disciplined up to and including termination of employment or contractual relationship for failure to instruct others or for failure to detect non-compliance with applicable policies and legal requirements, where reasonable due diligence on the part of the manager or supervisor should have led to the discovery of any problems or violations. Promotion and adherence to HISC compliance initiatives shall be part of the performance standards and evaluation for each individual that performs services under the Government Contracts.
Each individual that functions in a management capacity in regards to an HISC Government Contract is required to provide HISC annually with a completed certification attesting that he or she has: (i) discussed the HISC Compliance Program with all relevant personnel including all policies and requirements applicable to their function; (ii) informed all relevant personnel that strict compliance with the HISC Compliance Program is a condition of employment; and (iii) informed relevant personnel that HISC shall take disciplinary action, up to and including termination of employment, for violation of any applicable law, regulation, term or condition of a Government Contract, or the HISC Compliance Program. This certification may be part of or in addition to other certifications required by HCSC or other subsidiaries.
|
BlueService is the difference that makes the difference.