410 likes | 658 Views
CMS logo. Compliance Program Guidance. Overview of Chapters 9 & 21 . Marianne Bechtle, JD, CHC CM/Program Compliance and Oversight Group, Division of Compliance Enforcement Phil Sherfey, JD, CHC CM/Program Compliance and Oversight Group, Division of Compliance Enforcement
E N D
CMS logo Compliance Program Guidance Overview of Chapters 9 & 21 Marianne Bechtle, JD, CHC CM/Program Compliance and Oversight Group, Division of Compliance Enforcement Phil Sherfey, JD, CHC CM/Program Compliance and Oversight Group, Division of Compliance Enforcement Beth Brady, CFE, AHFI Center for Program Integrity, Division of Plan Oversight and Accountability September 5, 2012 Image of blueprint
Agenda • Background • Overview of the Revised Compliance Program Guidelines 2
Questions/Answers The Division of Compliance Enforcement (DCE) has a streamlined process for responding timely to policy questions or inquiries: Parts_C_and_D_CP_Guidelines@cms.hhs.gov 3
Revised Guidance Chapter 9 Medicare Prescription Drug Benefit Manual* & Chapter 21 Medicare Managed Care Manual** • Based on regulations that were effective on January 1, 2011 • Content Identical • Applicable to Medicare Part C and Part D programs • Applicability to Cost Plans and PACE as stated in Section 10 • Released through HPMS on Friday, July 27, 2012 • Effective immediately * Internet-Only Manual (IOM), Pub. 100-16 * * IOM, Pub. 100-18 4
The Journey: Draft to Final • February 8, 2012 – Draft Compliance Program Guidelines issued for public comment via HPMS • March 16, 2012 – Comment period ended • Robust review and comment process (900+ comments) • DCE/CPI workgroup • 68 entities (Medicare Advantage Organizations and Prescription Drug Plans, Delegated Entities, Trade Associations, consultants, etc.) • Topics of interest: • FDR oversight • Content requirements for Policies, Procedures, Standards of Conduct • Role of governing body & executive management • Compliance training of deemed providers • Frequency requirements for checking OIG/GSA exclusion lists • July 27, 2012 – Final Compliance Program Guidelines issued via HPMS 5
Section 10 - Introduction • Must: Requirements created by statute or regulation vs. • Should: Expectations identified in Guidelines vs. • Best Practices: Recommendations 6
Section 30 - Overview of Mandatory Compliance Program • Identifies 7 elements of an effective compliance program • In order to be effective, the Sponsor’s compliance program must be fully implemented • Adequate resources are essential to an effective compliance program 7
Section 40 - Sponsor Accountability for and Oversight of FDRs • Who is an FDR? • Sponsor determines whether its delegated entity is an FDR subject to compliance requirements • How to Determine Who is an FDR • Consider functions that are related to Medicare Parts C and D contracts • If an entity is performing one of these functions, it is very likely appropriate to categorize the entity as an FDR • If not performing one of the listed functions, analyze all facts and circumstances, including factors listed in chapter 8
Section 50.1 - Element I: Written Policies, Procedures and Standards of Conduct Standards of Conduct (SOC) • Also referred to as “Code of Conduct” or other similar terms • Provide the overarching principles by which the Sponsor operates • May be in a Medicare-specific document, or included as part of the Sponsor’s commercial business Code of Conduct 9
Section 50.1 - Element I: Written Policies, Procedures and Standards of Conduct Policies and Procedures (Ps & Ps) • Describe operation of compliance program • Detailed and specific • Implement the operation of compliance program • Should be updated to reflect changes in laws, regulations, other Medicare program requirements 10
Section 50.1 - Element I: Written Policies, Procedures and Standards of Conduct Distribution of SOC and Ps & Ps 11
Section 50.2 - Element II: Compliance Officer, Compliance Committee and High Level Oversight Compliance Officer • Compliance reports must reach senior-most leader • Must have express authority to provide unfiltered, in-person reports to senior leader/governing body • Reports should not be routed through operational management (e.g. Chief Operating Officer, Chief Financial Officer, General Counsel) • Compliance Officer reports may be relayed through divisional Presidents • Compliance reports to governing body must be made through a Sponsor’s compliance infrastructure 12
Section 50.2 - Element II: Compliance Officer, Compliance Committee and High Level Oversight Compliance Committee • No requirement for separate “Medicare” Compliance Committee • Accountable to senior leadership and governing body • Must provide regular compliance reports to senior leadership and governing body 13
Section 50.2 - Element II:Compliance Officer, Compliance Committee and High Level Oversight Governing Body • Sponsor’s or parent’s governing body (e.g. Board, etc.) must oversee compliance • May delegate oversight to committee, but governing body as whole ultimately accountable • Must be knowledgeable about compliance risks 14
Section 50.2 - Element II: Compliance Officer, Compliance Committee and High Level Oversight Senior Management • Senior-most leader of contract holder must be engaged in compliance program oversight • Must integrate Compliance Officer into organization • Must be advised of all compliance enforcement activity, etc. 15
Section 50.3 - Element III: Effective Training and Education General Compliance Training for Employees • Who? • All employees (including CEO, administrators and managers) • Governing body members • When? • Within 90 days of hire and • Annually thereafter • How? • Classroom training • Online training modules • Attestations that employees have read and received the Sponsor’s Standards of Conduct and/or compliance policies and procedures Sponsors must be able to demonstrate that their employees have fulfilled these training requirements 16
Section 50.3 - Element III: Effective Training and Education General Compliance Training for FDRs • What? • Sponsors must communicate the following to FDRs: • General compliance information and • Compliance expectations are communicated to FDRs • How? • Distribution of Sponsor’s Standards of Conduct and/or compliance policies and procedures to FDRs’ employees through Provider Guides, Business Associated Agreements, etc. 17
Section 50.3 - Element III: Effective Training and Education Fraud, Waste, and Abuse (FWA) Training • Who? • All employees (including CEO, administrators and managers) • Governing body members • FDRs • When? • Within 90 days of hire and • Annually thereafter • FDRs? • Sponsors must provide FWA training directly to FDRs or • Sponsors must provide training materials or • Sponsors must ensure FDRs complete the CMS FWA Training Module Specialized training may be provided based on FWA risks specific to an individual’s job function 18
Section 50.3 - Element III:Effective Training and Education FWA Training (Deemed FDRs) • FDRs meeting FWA certification through Parts A/B enrollment or accreditation as DMEPOS* supplier are “deemed” to have met FWA training requirement • If a chain pharmacy, each individual location must be enrolled to be deemed *DMEPOS = Durable Medical Equipment, Prosthetics, Orthotics, and Supplies 19
Section 50.4 - Element IV: Effective Lines of Communication Compliance Officer: Communicating with Others • Compliance Officer’s name, location, and contact information must be shared with employees and FDRs • Implement a system to communicate changes in law, regulations, sub-regulatory guidance, and P&Ps • Information must be disseminated timely • Numerous examples of methods to communicate both internally and to FDRs • Sponsor must educate enrollees about identification and reporting of potential FWA 20
Section 50.5 - Element V: Well-Publicized Disciplinary Standards Disciplinary Standards (Policies & Procedures) • Must be clear and specific • Must describe the Sponsor’s expectations for reporting compliance issues and assisting in the resolution of reported compliance issues • Must identify noncompliant, unethical, or illegal behavior through examples of violative conduct 21
Section 50.5 - Element V: Well-Publicized Disciplinary Standards Disciplinary Standards (Publicize & Enforce) • Provide timely, consistent and effective enforcement of standards • Numerous examples provided of how to publicize disciplinary standards • Records must be maintained for 10 years for all compliance violation disciplinary actions 22
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks Routine Monitoring and Auditing • Must conduct monitoring and auditing to test and confirm compliance with Medicare requirements • Monitoring: regular reviews of operations to ensure ongoing compliance • Auditing: formal review of compliance with a set of standards • Must develop an annual monitoring and auditing work plan • Compliance Officer must receive regular reports from the audit department regarding results and corrective actions taken 23
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks System to Identify Compliance Risks • Must conduct a formal baseline assessment of major compliance and FWA risk areas (e.g., risk assessment) • Must take into account all Medicare business operational areas • Examples provided of high risk areas for Medicare Parts C and D Sponsors • Must audit the effectiveness of the compliance program (annually) • Transfer results into a monitoring and auditing work plan 24
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks Audits: Sponsor’s Operations and Compliance Program • Audit function may be a separate department or performed by the Compliance department • Must designate adequate resources to meet the work plan goals • No self-policing by operational areas; must be independent auditors, internal audit or compliance • Must audit the effectiveness of the compliance program and share results with governing body 25
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks Monitoring and Auditing FDRs • Sponsors are responsible for compliance with CMS requirements, including work performed by their FDRs • Must develop a strategy to monitor and audit first-tier entitiesfor compliance program requirements • Must ensure first-tier entities fulfill compliance program requirements • Must ensure first-tier entities monitor compliance of downstream entities • Examples provided of how to conduct monitoring and auditing activities of FDRs (e.g., risk assessments, utilization reports) 26
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks Tracking and Documenting Compliance and Compliance Program Effectiveness • Sponsors should track and document compliance efforts • Dashboards, scorecards, self-assessments tools and other mechanisms help demonstrate compliance goals and achievements • Issues of noncompliance and FWA identified in the assessment tools should be shared with senior management 27
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks OIG/GSA Exclusion • Sponsors must review the DHHS OIG LEIE list and GSA EPLS prior to hiring or contracting, and monthly to ensure none of the persons or entities are excluded • New and Temporary Employees • Volunteers • Consultants • Governing Body members • FDRs 28
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks Use of Data Analysis for FWA Prevention and Detection • Establish baseline data to recognize unusual trends or changes in utilization or patterns over time • Identify internal problem areas such as enrollment, finance, or data submission, and problem areas with the FDRs • Use findings to determine where there is a need for policy changes 29
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks Special Investigation Units (SIUs) SIU - An internal unit, often separate from the compliance department, responsible for investigation of potential FWA • Sponsors are not expected to perform law enforcement duties and may refer FWA matters to the NBI MEDIC or to law enforcement • SIUs must be accessible via phone, email, Internet and mail, and Sponsors must ensure FWA can be reported anonymously • Communication and coordination between the SIU and compliance department is key in ensuring that all Medicare Parts C and D benefits are protected from FWA schemes 30
Section 50.7 - Element VII: Procedures and System for Prompt Response to Compliance Issues If Potential FWA is Detected . . . • Sponsors must initiate a reasonable inquiry as soon as possible, but not later than 2 weeks after the date the incident is identified • After a preliminary investigation, Sponsors may refer potential FWA to the NBI MEDIC if they do not have the time or resources to investigate fully • Referrals should be made to the NBI MEDIC within 30 days so that the fraudulent or abusive activity does not continue • Sponsors are responsible for monitoring for FWA and noncompliance within their organizations 31
Section 50.7 - Element VII: Procedures and System for Prompt Response to Compliance Issues Corrective Actions • Must be designed to correct the underlying problem • Must be implemented in response to FWA or noncompliance • Must prevent future noncompliance (root cause analysis) • Must include timeframes for achievements • Must be documented and include ramifications if the corrective action was not implemented satisfactorily • Sponsors must ensure FDRs have corrected their deficiencies • Thorough documentation must be maintained of all deficiencies identified and corrective actions taken 32
Section 50.7 - Element VII: Procedures and System for Prompt Response to Compliance Issues Medicare Drug Integrity Contractors (MEDICs) • Perform specific program integrity functions for Medicare Parts C and D The National Benefit Integrity (NBI) MEDICs • Identify potential FWA • Investigate referrals from sponsors and keep sponsors informed • Refer to law enforcement or other entities when necessary • May request additional information from the sponsors which should be provided within 30 days unless otherwise specified 33
Section 50.7 - Element VII: Procedures and System for Prompt Response to Compliance Issues CMS issues alerts about fraud schemes identified by law enforcement officials. In response, Sponsors should . . . • Review contractual agreements with identified parties • Consider terminating contracts if law enforcement has issued indictments and the terms of the contract authorizes termination in such instances • Review past paid claims from entities identified in the fraud alert • Identify claims that may have been part of an alleged fraud scheme and remove them from PDE submissions 34
Section 50.7 - Element VII: Procedures and System for Prompt Response to Compliance Issues To Identify Providers with a History of Complaints, Sponsors . . . • Should maintain files for 10 years on providers who have been the subject of complaints, investigations and prosecutions • Should maintain files that contain documented warnings, educational contacts, copies of complaints, and results of investigations • Must comply with requests from law enforcement, CMS or CMS’s designee regarding monitoring of potentially abusive or fraudulent providers 35
Questions/Answers The Division of Compliance Enforcement (DCE) has a streamlined process for responding timely to policy questions or inquiries: Parts_C_and_D_CP_Guidelines@cms.hhs.gov 36
COMING SOON WEBSITE FOR PROGRAM COMPLIANCE & OVERSIGHT GROUP (PCOG) 37