1 / 37

Compliance Program Guidance

CMS logo. Compliance Program Guidance. Overview of Chapters 9 & 21 . Marianne Bechtle, JD, CHC CM/Program Compliance and Oversight Group, Division of Compliance Enforcement Phil Sherfey, JD, CHC CM/Program Compliance and Oversight Group, Division of Compliance Enforcement

jadon
Download Presentation

Compliance Program Guidance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CMS logo Compliance Program Guidance Overview of Chapters 9 & 21 Marianne Bechtle, JD, CHC CM/Program Compliance and Oversight Group, Division of Compliance Enforcement Phil Sherfey, JD, CHC CM/Program Compliance and Oversight Group, Division of Compliance Enforcement Beth Brady, CFE, AHFI Center for Program Integrity, Division of Plan Oversight and Accountability September 5, 2012 Image of blueprint

  2. Agenda • Background • Overview of the Revised Compliance Program Guidelines 2

  3. Questions/Answers The Division of Compliance Enforcement (DCE) has a streamlined process for responding timely to policy questions or inquiries: Parts_C_and_D_CP_Guidelines@cms.hhs.gov 3

  4. Revised Guidance Chapter 9 Medicare Prescription Drug Benefit Manual* & Chapter 21 Medicare Managed Care Manual** • Based on regulations that were effective on January 1, 2011 • Content Identical • Applicable to Medicare Part C and Part D programs • Applicability to Cost Plans and PACE as stated in Section 10 • Released through HPMS on Friday, July 27, 2012 • Effective immediately * Internet-Only Manual (IOM), Pub. 100-16 * * IOM, Pub. 100-18 4

  5. The Journey: Draft to Final • February 8, 2012 – Draft Compliance Program Guidelines issued for public comment via HPMS • March 16, 2012 – Comment period ended • Robust review and comment process (900+ comments) • DCE/CPI workgroup • 68 entities (Medicare Advantage Organizations and Prescription Drug Plans, Delegated Entities, Trade Associations, consultants, etc.) • Topics of interest: • FDR oversight • Content requirements for Policies, Procedures, Standards of Conduct • Role of governing body & executive management • Compliance training of deemed providers • Frequency requirements for checking OIG/GSA exclusion lists • July 27, 2012 – Final Compliance Program Guidelines issued via HPMS 5

  6. Section 10 - Introduction • Must: Requirements created by statute or regulation vs. • Should: Expectations identified in Guidelines vs. • Best Practices: Recommendations 6

  7. Section 30 - Overview of Mandatory Compliance Program • Identifies 7 elements of an effective compliance program • In order to be effective, the Sponsor’s compliance program must be fully implemented • Adequate resources are essential to an effective compliance program 7

  8. Section 40 - Sponsor Accountability for and Oversight of FDRs • Who is an FDR? • Sponsor determines whether its delegated entity is an FDR subject to compliance requirements • How to Determine Who is an FDR • Consider functions that are related to Medicare Parts C and D contracts • If an entity is performing one of these functions, it is very likely appropriate to categorize the entity as an FDR • If not performing one of the listed functions, analyze all facts and circumstances, including factors listed in chapter 8

  9. Section 50.1 - Element I: Written Policies, Procedures and Standards of Conduct Standards of Conduct (SOC) • Also referred to as “Code of Conduct” or other similar terms • Provide the overarching principles by which the Sponsor operates • May be in a Medicare-specific document, or included as part of the Sponsor’s commercial business Code of Conduct 9

  10. Section 50.1 - Element I: Written Policies, Procedures and Standards of Conduct Policies and Procedures (Ps & Ps) • Describe operation of compliance program • Detailed and specific • Implement the operation of compliance program • Should be updated to reflect changes in laws, regulations, other Medicare program requirements 10

  11. Section 50.1 - Element I: Written Policies, Procedures and Standards of Conduct Distribution of SOC and Ps & Ps 11

  12. Section 50.2 - Element II: Compliance Officer, Compliance Committee and High Level Oversight Compliance Officer • Compliance reports must reach senior-most leader • Must have express authority to provide unfiltered, in-person reports to senior leader/governing body • Reports should not be routed through operational management (e.g. Chief Operating Officer, Chief Financial Officer, General Counsel) • Compliance Officer reports may be relayed through divisional Presidents • Compliance reports to governing body must be made through a Sponsor’s compliance infrastructure 12

  13. Section 50.2 - Element II: Compliance Officer, Compliance Committee and High Level Oversight Compliance Committee • No requirement for separate “Medicare” Compliance Committee • Accountable to senior leadership and governing body • Must provide regular compliance reports to senior leadership and governing body 13

  14. Section 50.2 - Element II:Compliance Officer, Compliance Committee and High Level Oversight Governing Body • Sponsor’s or parent’s governing body (e.g. Board, etc.) must oversee compliance • May delegate oversight to committee, but governing body as whole ultimately accountable • Must be knowledgeable about compliance risks 14

  15. Section 50.2 - Element II: Compliance Officer, Compliance Committee and High Level Oversight Senior Management • Senior-most leader of contract holder must be engaged in compliance program oversight • Must integrate Compliance Officer into organization • Must be advised of all compliance enforcement activity, etc. 15

  16. Section 50.3 - Element III: Effective Training and Education General Compliance Training for Employees • Who? • All employees (including CEO, administrators and managers) • Governing body members • When? • Within 90 days of hire and • Annually thereafter • How? • Classroom training • Online training modules • Attestations that employees have read and received the Sponsor’s Standards of Conduct and/or compliance policies and procedures Sponsors must be able to demonstrate that their employees have fulfilled these training requirements 16

  17. Section 50.3 - Element III: Effective Training and Education General Compliance Training for FDRs • What? • Sponsors must communicate the following to FDRs: • General compliance information and • Compliance expectations are communicated to FDRs • How? • Distribution of Sponsor’s Standards of Conduct and/or compliance policies and procedures to FDRs’ employees through Provider Guides, Business Associated Agreements, etc. 17

  18. Section 50.3 - Element III: Effective Training and Education Fraud, Waste, and Abuse (FWA) Training • Who? • All employees (including CEO, administrators and managers) • Governing body members • FDRs • When? • Within 90 days of hire and • Annually thereafter • FDRs? • Sponsors must provide FWA training directly to FDRs or • Sponsors must provide training materials or • Sponsors must ensure FDRs complete the CMS FWA Training Module Specialized training may be provided based on FWA risks specific to an individual’s job function 18

  19. Section 50.3 - Element III:Effective Training and Education FWA Training (Deemed FDRs) • FDRs meeting FWA certification through Parts A/B enrollment or accreditation as DMEPOS* supplier are “deemed” to have met FWA training requirement • If a chain pharmacy, each individual location must be enrolled to be deemed *DMEPOS = Durable Medical Equipment, Prosthetics, Orthotics, and Supplies 19

  20. Section 50.4 - Element IV: Effective Lines of Communication Compliance Officer: Communicating with Others • Compliance Officer’s name, location, and contact information must be shared with employees and FDRs • Implement a system to communicate changes in law, regulations, sub-regulatory guidance, and P&Ps • Information must be disseminated timely • Numerous examples of methods to communicate both internally and to FDRs • Sponsor must educate enrollees about identification and reporting of potential FWA 20

  21. Section 50.5 - Element V: Well-Publicized Disciplinary Standards Disciplinary Standards (Policies & Procedures) • Must be clear and specific • Must describe the Sponsor’s expectations for reporting compliance issues and assisting in the resolution of reported compliance issues • Must identify noncompliant, unethical, or illegal behavior through examples of violative conduct 21

  22. Section 50.5 - Element V: Well-Publicized Disciplinary Standards Disciplinary Standards (Publicize & Enforce) • Provide timely, consistent and effective enforcement of standards • Numerous examples provided of how to publicize disciplinary standards • Records must be maintained for 10 years for all compliance violation disciplinary actions 22

  23. Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks Routine Monitoring and Auditing • Must conduct monitoring and auditing to test and confirm compliance with Medicare requirements • Monitoring: regular reviews of operations to ensure ongoing compliance • Auditing: formal review of compliance with a set of standards • Must develop an annual monitoring and auditing work plan • Compliance Officer must receive regular reports from the audit department regarding results and corrective actions taken 23

  24. Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks System to Identify Compliance Risks • Must conduct a formal baseline assessment of major compliance and FWA risk areas (e.g., risk assessment) • Must take into account all Medicare business operational areas • Examples provided of high risk areas for Medicare Parts C and D Sponsors • Must audit the effectiveness of the compliance program (annually) • Transfer results into a monitoring and auditing work plan 24

  25. Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks Audits: Sponsor’s Operations and Compliance Program • Audit function may be a separate department or performed by the Compliance department • Must designate adequate resources to meet the work plan goals • No self-policing by operational areas; must be independent auditors, internal audit or compliance • Must audit the effectiveness of the compliance program and share results with governing body 25

  26. Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks Monitoring and Auditing FDRs • Sponsors are responsible for compliance with CMS requirements, including work performed by their FDRs • Must develop a strategy to monitor and audit first-tier entitiesfor compliance program requirements • Must ensure first-tier entities fulfill compliance program requirements • Must ensure first-tier entities monitor compliance of downstream entities • Examples provided of how to conduct monitoring and auditing activities of FDRs (e.g., risk assessments, utilization reports) 26

  27. Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks Tracking and Documenting Compliance and Compliance Program Effectiveness • Sponsors should track and document compliance efforts • Dashboards, scorecards, self-assessments tools and other mechanisms help demonstrate compliance goals and achievements • Issues of noncompliance and FWA identified in the assessment tools should be shared with senior management 27

  28. Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks OIG/GSA Exclusion • Sponsors must review the DHHS OIG LEIE list and GSA EPLS prior to hiring or contracting, and monthly to ensure none of the persons or entities are excluded • New and Temporary Employees • Volunteers • Consultants • Governing Body members • FDRs 28

  29. Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks Use of Data Analysis for FWA Prevention and Detection • Establish baseline data to recognize unusual trends or changes in utilization or patterns over time • Identify internal problem areas such as enrollment, finance, or data submission, and problem areas with the FDRs • Use findings to determine where there is a need for policy changes 29

  30. Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks Special Investigation Units (SIUs) SIU - An internal unit, often separate from the compliance department, responsible for investigation of potential FWA • Sponsors are not expected to perform law enforcement duties and may refer FWA matters to the NBI MEDIC or to law enforcement • SIUs must be accessible via phone, email, Internet and mail, and Sponsors must ensure FWA can be reported anonymously • Communication and coordination between the SIU and compliance department is key in ensuring that all Medicare Parts C and D benefits are protected from FWA schemes 30

  31. Section 50.7 - Element VII: Procedures and System for Prompt Response to Compliance Issues If Potential FWA is Detected . . . • Sponsors must initiate a reasonable inquiry as soon as possible, but not later than 2 weeks after the date the incident is identified • After a preliminary investigation, Sponsors may refer potential FWA to the NBI MEDIC if they do not have the time or resources to investigate fully • Referrals should be made to the NBI MEDIC within 30 days so that the fraudulent or abusive activity does not continue • Sponsors are responsible for monitoring for FWA and noncompliance within their organizations 31

  32. Section 50.7 - Element VII: Procedures and System for Prompt Response to Compliance Issues Corrective Actions • Must be designed to correct the underlying problem • Must be implemented in response to FWA or noncompliance • Must prevent future noncompliance (root cause analysis) • Must include timeframes for achievements • Must be documented and include ramifications if the corrective action was not implemented satisfactorily • Sponsors must ensure FDRs have corrected their deficiencies • Thorough documentation must be maintained of all deficiencies identified and corrective actions taken 32

  33. Section 50.7 - Element VII: Procedures and System for Prompt Response to Compliance Issues Medicare Drug Integrity Contractors (MEDICs) • Perform specific program integrity functions for Medicare Parts C and D The National Benefit Integrity (NBI) MEDICs • Identify potential FWA • Investigate referrals from sponsors and keep sponsors informed • Refer to law enforcement or other entities when necessary • May request additional information from the sponsors which should be provided within 30 days unless otherwise specified 33

  34. Section 50.7 - Element VII: Procedures and System for Prompt Response to Compliance Issues CMS issues alerts about fraud schemes identified by law enforcement officials. In response, Sponsors should . . . • Review contractual agreements with identified parties • Consider terminating contracts if law enforcement has issued indictments and the terms of the contract authorizes termination in such instances • Review past paid claims from entities identified in the fraud alert • Identify claims that may have been part of an alleged fraud scheme and remove them from PDE submissions 34

  35. Section 50.7 - Element VII: Procedures and System for Prompt Response to Compliance Issues To Identify Providers with a History of Complaints, Sponsors . . . • Should maintain files for 10 years on providers who have been the subject of complaints, investigations and prosecutions • Should maintain files that contain documented warnings, educational contacts, copies of complaints, and results of investigations • Must comply with requests from law enforcement, CMS or CMS’s designee regarding monitoring of potentially abusive or fraudulent providers 35

  36. Questions/Answers The Division of Compliance Enforcement (DCE) has a streamlined process for responding timely to policy questions or inquiries: Parts_C_and_D_CP_Guidelines@cms.hhs.gov 36

  37. COMING SOON WEBSITE FOR PROGRAM COMPLIANCE & OVERSIGHT GROUP (PCOG) 37

More Related