Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 1/62
Medicare Compliance
Training
for External Parties
“Cigna,” “HealthSpring” and “Bravo Health” are registered service marks, and the “Tree of Life” logo is a service mark, of Cigna Intellectual Property, Inc., licensed
for use by Cigna Corporation and its operating subsidiaries. All products and services are provided by or through such operating subsidiaries and not by Cigna
Corporation. Such operating subsidiaries include Connecticut General Life Insurance Company (CGLIC), HealthSpring Life & Health Insurance Company, Inc.
(HSLH), HealthSpring of Tennessee, Inc. (HSTN), HealthSpring of Alabama, Inc. (HSAL), HealthSpring of Florida, Inc. (HSFL), Bravo Health Mid-Atlantic, Inc.
(BHMA), and Bravo Health Pennsylvania, Inc. (BHPA). CGLIC is a Medicare approved Part D sponsor. HSLH, HSTN, HSAL, HSFL, BHMA and BHPA are
Medicare approved Medicare Advantage Organizations.
Confidential property of Cigna. Do not duplicate or distribute. All examples and fact patterns used herein are fictitious. © C2014 Cigna
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 2/62
I n t r o d u c t i o n
Cigna-HealthSpring has contracted with the Centers for Medicare & Medicaid Services (CMS) to offer multiple benefits to
Medicare enrollees. As part of those contracts, Cigna-HealthSpring employees who have direct or indirect involvement with the
Medicare and/or Medicaid programs are required to complete this Medicare Compliance training course.
Additionally, per the Federal Register Notice CMS-4124-FC, CMS clarifies that the training and communication requirements apply to all entities
we partner with. Therefore, Cigna-HealthSpring is making this training available in the event you do not have your own Medicare Compliance
Training program established.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 3/62
T r a i n i n g R e q u i r e m e n t s C e r t i f i c a t i o n
At the end of this training a Certification is provided as evidence of compliance
with Medicare requirements in audits conducted by the Federal government.
Cigna-HealthSpring requires employees, or anyone working on Cigna's behalf,
who have direct or indirect involvement with the Medicare or Medicaid programs to
complete this training, certify their completion, and acknowledge they have
received, read, and will comply with all written Cigna-HealthSpring policies.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 4/62
O v e r v i e w o f M e d i c a r e P r o g r a m s
This section provides an overview of Cigna-HealthSpring's Medicare &
Medicaid programs.
The government offers four types of Medicare programs:
Medicare Part A - covers Hospital Care
Medicare Part B - covers Medical Services
Medicare Part C - covers Medical Services for Medicare
Advantage plans like HMO, PPO, and Private Fee for Service
Medicare Part D - covers Prescription Drug Plans
Cigna offers two types of Medicare programs:
Cigna-HealthSpring Medicare Part D
Cigna-HealthSpring Medicare Part C
Cigna-HealthSpring offers a Medicaid program: Medicaid – STAR+PLUS.
HealthSpring offers a Medicaid program: Medicaid – StarPlus.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 5/62
C i g n a M e d i c a r e P a r t D P r e s c r i p t i o n D r u g P r o g r a m ( P a r t D - P D P )
Cigna-HealthSpring’s PDP program encompasses many
offices with the core staff located in Bloomfield, Connecticut
and Nashville, TN. This program contracts with CMS to provide
individual prescription drug benefits for Medicare beneficiaries
and employer-sponsored prescription drug plans.
Employer-sponsored prescription drug plans include:
Employer Retiree Drug Subsidy - Employers or unions with
prescription drug coverage that is at least as good as
Medicare’s can apply to CMS to receive a retiree subsidy.
Employer-Specific PDP - employer makes special
arrangements with entities offering Part D Medicare plans
such as, Connecticut General Life Insurance Company
(CGLIC). These entities provide a retiree prescription drug
plan that integrates the basic Part D individual coverage with
the supplemental coverage (i.e., coverage for classes of
prescription drugs not covered under Part D, such as
coverage for Barbiturates and Benzodiazepines).
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 6/62
M e d i c a r e A d v a n t a g e P l a n s ( P a r t C )
Medicare Advantage Plans – also known as Medicare Part C plans –
provide Part A (hospital, SNF, in-patient coverage and Hospice) and Part B
(medically necessary and preventive care, outpatient services) coverage
and must cover all medically necessary services. Participants must be
enrolled in Medicare Part A and Part B to join a Part C plan.
These plans are part of the government’s Medicare program but they are
offered and managed through approved private insurers, and may offer plan
extras not found in “Original Medicare.”
There are various types of Medicare Advantage plans available – many of
which you may find familiar such as HMO, PPO, and Private Fee-for-
Service plans. Cigna-HealthSpring offers a Medicare Advantage plan in
certain counties in Arizona. Cigna-HealthSpring, Leon Medical Centers, and
Bravo Health offer Medicare Advantage plans in a number of states.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 7/62
C i g n a - H e a l t h S p r i n g M e d i c a i d
Medicaid is a federal health insurance program for individuals who can't afford medical care for some or all of their medical bills.
It covers children, the aged, blind and/or disabled and is available to people with limited incomes.
There are certain requirements that an individual must meet in order to be eligible for Medicaid. If their income is low and they
need medical care, they should apply for Medicaid and ask for a qualified caseworker to take a look at their circumstances.
STAR+PLUS is a Texas Medicaid managed care program designed to provide health care, acute and long-term services and
support through a managed care system. If an individual is eligible for the STAR+PLUS program, Cigna HealthSpring will send
payments directly to their health care providers.
The program provides a range of options to meet individual needs.
Primary and specialty provider care
Medical supplies
Mental health care and substance use disorder treatment
Hospital care
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 8/62
C i g n a - H e a l t h S p r i n g M e d i c a i d
Cigna-HealthSpring Illinois Medicare Medicaid Alignment Initiative (MMAI)
To help implement Medicaid reform law (Public Act 96-1501) the State of Illinois is requiring 50% of Medicaid recipients to be in
“Risk-Based Care Coordination” by 2015. The MMAI program is a new partnership model between the State of Illinois, CMS,
and participating managed care plans designed to help achieve the State of Illinois’ goal to move Medicaid recipients to Risk-
Based Care Coordination programs. Cigna-HealthSpring is a participating MCO in the MMAI program, and was awarded a 3
year contract in November of 2012.
The Goal: A redesigned, cost effective health care delivery system, more patient-centered care with a focus on improved health
outcomes, and enhanced patient access and safety. Also, to provide Medicare-Medicaid patients with a better care experience
by testing a person-centered, integrated care program that provides a more easily navigable and seamless path to all covered
Medicare and Medicaid services.
Contracted Service Area: Cook, Kane, DuPage, Will, and Lake counties.
Who: Persons who are elderly; persons with disabilities; persons with HIV/AIDS; persons with brain injury; persons residing in
supportive living facilities. Also, patients eligible for both Medicare and Medicaid Services (called "dual eligibles").
Voluntary Enrollment began March 1, 2014. Estimated Annual Enrollment for 2014 is approximately 15,000 new members.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 9/62
E m p l o y e e E t h i c s
Ethical principles are the foundation of Cigna-HealthSpring's unwavering commitment to integrity, ethical conduct, and legal and
regulatory compliance. These principles are at the heart of our core value to Act with Integrity. For example, at Cigna-
HealthSpring we must:
Behave ethically in a way that reflects Cigna-HealthSpring's commitment to do what is right, honest, fair, and
trustworthy.
Take actions to ensure that we, and Cigna-HealthSpring, comply with all laws, rules, and regulations that apply to our
business.
Conduct business in a way that avoids any conflict or even the appearance of a conflict between our own personal
interests and Cigna-HealthSpring's interests.
Take all the right steps to protect Cigna-HealthSpring's assets (for example, property, information, and financial
records) from loss, damage, or misuse.
The Code of Ethics & Principles of Conduct and its related policies are the cornerstone of Cigna's Enterprise Compliance Program.
Annual training on the Code of Ethics & Principles of Conduct and related policies is required with an affirmation at the end of the
training. The Code of Ethics training only partially satisfies the Medicare Compliance training requirement.
http://www.cigna.com/aboutus/corporate-governance
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 10/62
E m p l o y e e E t h i c s , C o n t i n u e d
Cigna-HealthSpring leadership demonstrates its continued
commitment to maintaining the highest legal and ethical
standards in the conduct of its business by all Cigna-
HealthSpring employees and individuals working on behalf of
Cigna-HealthSpring.
Cigna-HealthSpring employees annually reaffirm their
commitment to and understanding of Cigna's Code of Ethics &
Principles of Conduct by completing an annual ethics
affirmation statement.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 11/62
K e y E l e m e n t s o f a C o m p l i a n c e P r o g r a m
This section discusses the Key Elements of a Medicare Compliance Program and
Medicare Compliance.
According to the Centers for Medicare & Medicaid Services (CMS), the key
elements of an effective compliance program are:
Requiring Written Policies/Procedures and Standards of Conduct
Designating a Compliance Officer, a Compliance Committee, and high
level oversight
Conducting an Effective Training and Education Program
Developing Effective Lines of Communication
Enforcing the program through well Publicized Disciplinary Guidelines
Developing program for routine monitoring and identification of
Compliance Risks
Developing procedures and system for prompt response to Compliance
issues
Developing a plan to Detect, Correct, and Prevent Fraud, Waste, and
Abuse
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 12/62
W r i t t e n P o l i c i e s a n d P r o c e d u r e s
CMS requires that plan sponsors have written Policies/Procedures and
Standards of Conduct. One way that Cigna-HealthSpring satisfies this
requirement is through our Code of Ethics & Principles of Conduct. We are
responsible for knowing, understanding, and complying with Cigna's Code
of Ethics & Principles of Conduct, as well as the policies and procedures
that apply to the work we do. The Code of Ethics & Principles of Conduct
and related policies reflect Cigna-HealthSpring's commitment to integrity,
ethical conduct, as well as, legal and regulatory compliance
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 13/62
W r i t t e n P o l i c i e s a n d P r o c e d u r e s , C o n t i n u e d
A few of the topics you can find covered in Cigna’s Code of Ethics &
Principles of Conduct are:
Conflict of Interest
Cigna Assets
False Claims
Control, Accounting, and Reporting
Information Protection and Privacy
Communications and Social Media
All entities contracted to perform work related to Medicare
programs must review Cigna’s Code of Ethics policies and
procedures or have appropriate policies and procedures to
address Code of Conduct policies, as well as Fraud, Waste and
Abuse.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 14/62
W r i t t e n P o l i c i e s a n d P r o c e d u r e s , C o n t i n u e d
The Code of Ethics & Principles of Conduct is available for clients, members, and other stakeholders who want to learn more about Cigna-HealthSpring's commitment to integrity, ethical conduct, and legal and regulatory compliance.
The Code of Ethics & Principles of Conduct is also located at http://www.Cigna.com/ on the Corporate Governance page found under the Corporate Responsibility link
If you do not have access to the Internet or to Your Cigna Life, you should contact a Cigna-HealthSpring manager or Medicare/Medicaid Compliance Officer.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 15/62
C o m p l i a n c e O f f i c e r a n d C o m p l i a n c e C o m m i t t e e
The Medicare Compliance Committee is led by the Medicare/Medicaid Compliance Officer, Rich Appel. Members of the Committee are comprised of: • President, Cigna-HealthSpring • Senior Vice President, Government Affairs • Senior Vice President & Chief Medical Officer • Senior Vice President Human Resources • Vice President of Operations • Vice President Sales • Medicare/Medicaid Compliance Officer • Associate Chief Counsel • General Counsel • Chief Information Officer • Director Special Investigations • Operations Senior Director • Operations Director (2) • Segment Lead General Manager (2) Compliance Manager (Arizona)
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 16/62
C o n d u c t i n g a n E f f e c t i v e T r a i n i n g a n d E d u c a t i o n P r o g r a m
Organizations must have effective training and education to
ensure the appropriate information is being disseminated to the
correct individuals.
Everyone at Cigna-HealthSpring that contributes
directly or indirectly to Medicare is required to
complete compliance training upon hire and annually
thereafter
Training must address the prevention and detection
of fraud, waste and abuse
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 17/62
E f f e c t i v e L i n e s o f C o m m u n i c a t i o n
The Medicare/Medicaid Compliance Officer, Compliance Office, and
the Privacy and Security Officer have an Open Door Policy.
This allows employees to freely seek compliance and Health
Insurance Portability and Accountability Act (HIPAA)-related guidance
and encourages employees to openly discuss any compliance
questions, concerns, or issues they may have.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 18/62
P u b l i c i z e d D i s c i p l i n a r y G u i d e l i n e s
Compliance with Cigna’s Code of Ethics & Principles of Conduct and
related policies, as well as applicable Medicare Policies and Procedures
Manuals (which incorporate legal and contractual requirements), is an
ongoing performance objective for all Cigna-HealthSpring employees AND
contractors.
On a case-by-case basis, the severity of the disciplinary action is
determined by the Medicare/Medicaid Compliance Officer, Human
Resources, and the employee’s supervisor.
Violation of Cigna’s Code of Ethics & Principles of Conduct and related
policies and/or operational policies and procedures may result in
disciplinary action, up to and including, termination.
Disciplinary actions related to violations of Cigna's Code of Ethics &
Principles of Conduct are discussed in Cigna's Code of Ethics & Principles
of Conduct. (Note: external contracted entities and individuals working on Cigna’s behalf without Cigna network access must use this website address: http://www.cigna.com/aboutus/corporate-governance).
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 19/62
A u d i t i n g a n d M o n i t o r i n g
Auditing and monitoring at Cigna-HealthSpring is performed
through Risk Assessment, Internal Audits, External Audits, and
Subcontractor/Delegated Entity Oversight:
Risk Assessment - Cigna-HealthSpring conducts periodic risk assessments; as well
as, an annual risk assessment. These tools are supplemented by a quarterly
enterprise risk assessment, to evaluate functional areas of the organization to
assess potential business risk. Results of the assessment are scored and those
areas identified as the highest risk are considered when developing the internal
audit plan. Other factors are considered in the risk assessment, such as areas at
risk of not meeting CMS standards.
Internal Audits - The Medicare/Medicaid Compliance Officer coordinates with
management to implement the internal audit plan. Audits are performed to ensure
adherence to CMS requirements and internal policies and procedures. Corrective
action plans will be developed and implemented in areas where processes do not
meet the requirements.
External Audits - Cigna-HealthSpring is also subject to audits from external parties
such as CMS and the Office of Inspector General (OIG). Corrective action plans for
any deficiencies or findings reported during external audits will be developed and
implementation will be monitored to ensure processes are strengthened and
regulations are followed.
Subcontractor/Delegated Entity Oversight Audits - Cigna-HealthSpring conducts
periodic, risk based Subcontractor/Delegated Entity Oversight audits to ensure
adherence to CMS/State requirements.
*Data Management Systems
Q
Corrective action plans will be developed and implemented by
Subcontractor/Delegated Entity where processes do not meet
CMS/State requirements. The Medicare/Medicaid Compliance Officer
will monitor corrective action implementation to ensure issues are
resolved.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 20/62
R e s p o n d i n g t o C o m p l i a n c e I s s u e s
Violations of the Compliance Program, Federal and State statutes, rules
and regulations, or any other types of misconduct will be investigated by the
Medicare/Medicaid Compliance Officer or designee.
Reporting Detected Criminal Violations: If you know of, or reasonably
suspect, a misappropriation of Cigna-HealthSpring assets, or any other
violation of law, ethical, or business policies, you must report the matter.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 21/62
R e s p o n d i n g t o C o m p l i a n c e I s s u e s , C o n t i n u e d
Reporting Obligation: It is the obligation of every employee, and individual
working on Cigna-HealthSpring's behalf, who knows of, or reasonably
suspects, a violation of Cigna's Code of Ethics & Principles of Conduct to
promptly report it.
Unless a specific policy states otherwise, the report may be oral or written,
and made at https://Cignaethicshelpline.alertline.com, or by calling
1.800.472.8348. You may also report issues to the Medicare/Medicaid
Compliance Officer.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 22/62
R e s p o n d i n g t o C o m p l i a n c e I s s u e s , C o n t i n u e d
Policy of No-Retaliation: Cigna-HealthSpring will not discriminate or
retaliate against anyone who, in good faith, reports violations of laws or
regulations, the Code of Ethics & Principles of Conduct, or other
company policies; whether those violations are by a Cigna-HealthSpring
company, another employee, or agent. In addition, employees are
protected by Federal law against any retaliation for taking action under
the Federal False Claims Act.
Any employee or non-employee worker working on Cigna-
HealthSpring’s behalf who engages in retaliation is subject to
disciplinary action up to, and including, termination.
Cigna’s Ethics Help Line: Cigna-HealthSpring has a toll-free, 24-hour
Ethics Help Line (1.800.472.8348) to facilitate confidential and
retribution-free reporting of violations, and to handle requests for
information about Cigna's Code of Ethics & Principles of Conduct. You
can also report issues by going to the Cigna Ethics Help Line webpage
at https://cignaethicshelpline.alertline.com.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 23/62
R e s p o n d i n g t o C o m p l i a n c e I s s u e s , C o n t i n u e d
Cigna's Fraud Hot Line: Cigna has a toll-free, 24-hour Fraud
Hotline (1.800.667.7145) and email address
([email protected]) to facilitate confidential and
retribution-free reporting of suspected fraud, and to handle
requests for information about Cigna's FWA policies.
Cigna-HealthSpring: To submit a referral regarding FWA to the
Cigna-HealthSpring Benefit Integrity Unit (BIU), Cigna-
HealthSpring employees can do so by calling 1.800.668.3813.
Compliance is Everyone’s Business…and it begins with you!
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 24/62
R e s p o n d i n g t o C o m p l i a n c e I s s u e s , C o n t i n u e d
Cigna’s Privacy Office: All information reported by Cigna-HealthSpring employees,
enrollees, individuals working on Cigna-HealthSpring's behalf, or others, is kept
confidential to the extent reasonably possible during any resulting investigation. It
is possible that an individual’s name may become known or revealed in certain
instances when governmental authorities intercede, or as otherwise required by
law.
If you have questions related to Cigna’s Privacy Policy, contact Cigna’s Privacy
Office at [email protected]
Medicare Privacy Office Contacts:
Patti Hoffman: 615-236-6157, or email at: [email protected]
Jenn Duncan: 615-236-6232, or email at: [email protected]
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 25/62
R e s p o n d i n g t o C o m p l i a n c e I s s u e s , C o n t i n u e d
Information and Data Security: Cigna’s Information Protection Policy outlines
safeguards and activities needed to protect proprietary information and avoid
unintended disclosures. If you witness an act that looks like a policy violation or
puts Cigna-HealthSpring information at risk, tell your manager, HR representative,
contact the Medicare/Medicaid Compliance Officer, or send e-mail to Cigna
Information Protection e-mail box [email protected] if
outside the network.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 26/62
R e s p o n d i n g t o C o m p l i a n c e I s s u e s , C o n t i n u e d
Developing Corrective Action Initiatives: Reports of suspected misconduct will be
investigated. If a violation of applicable law or regulation is found to exist, Cigna-
HealthSpring will take steps to correct the problem. These steps may include
developing a corrective action initiative; or, if material, immediate referral to
criminal and/or civil law enforcement authorities, disclosure to senior
management, and the appropriate governmental authority, where appropriate.
Reporting to the Government: Cigna-HealthSpring shall report to appropriate
governmental authorities, such as CMS and OIG, credible information of material
violations of the law by Cigna-HealthSpring, subcontractors, health care providers,
or enrollees for a determination as to whether any criminal, civil, or administrative
action may be appropriate.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 27/62
P l a n t o D e t e c t , C o r r e c t , a n d P r e v e n t
CMS requires all Medicare sponsors to develop a comprehensive program to detect, correct, and prevent FWA.
Entities contracted with Cigna-HealthSpring should also have appropriate policies and procedures to address fraud, waste, and
abuse.
To reflect Cigna-HealthSpring's commitment to the Medicare program, Cigna’s Special Investigations Unit (SIU), along with
Cigna-HealthSpring's Benefit Integrity Unit (BIU):
Administers required annual anti-fraud training for key employees
Detects, deters, and investigates suspicious claims
Provides methods to report suspicious activity
Maintains a process for receiving and documenting complaints of internal and external fraudulent activity
Files reports and quarterly documentation regarding FWA to CMS
Assists CMS and State and Federal law enforcement in investigational activity
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 28/62
M e d i c a r e P o l i c i e s a n d P r o c e d u r e s
This section also describes policies with provisions of special
relevance to Medicare. These policies include but are not
limited to:
External Review and Studies
Conflict of Interest
Office of Inspector General (OIG)/General Services
Administration (GSA) Exclusion Review
Records Management
Government Contracts/Anti-Kickback
False Claims
Gifts
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 29/62
E x t e r n a l R e v i e w s a n d S t u d i e s P o l i c y
As a Medicare contractor, we will at times be requested to participate in external audits, studies, or reviews that are beyond
normal day-to-day requests. These requests may come from CMS, the OIG, the General Accounting Office (GAO), the
Department of Justice (DOJ), or from an entity contracted with these organizations.
The requests may be made via telephone or received in writing. We may also be issued subpoenas for the production of
information.
If you receive a subpoena related to Medicare data, records, or information (or any other information), you should immediately
contact Medicare Compliance and Cigna-HealthSpring business legal counsel for assistance. If you receive a request for
Medicare records, or any information from an external party, immediately contact Medicare Compliance for assistance.
Medicare Compliance will work with you to ensure we respond appropriately and in accordance with applicable law. Cigna-
HealthSpring will cooperate with CMS and other governmental agencies and their authorized representatives to provide access
to information and records.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 30/62
C o n f l i c t s o f I n t e r e s t
Conflicts of interest can arise if you have a direct or indirect financial, business or personal involvement with a current or
potential supplier, competitor, member, or employee of Cigna-HealthSpring. In addition, outside financial or business
involvement by members of your immediate family, or by persons with whom you have a close personal relationship, may
create a possible conflict of interest for you. As an individual working on Cigna-HealthSpring's behalf:
You must not take part in any transaction in which you have a personal interest if there is, or might appear to be, a
conflict between your interest and the interests of Cigna-HealthSpring.
You must not take part in any business transaction in which you have a personal interest if your participation is in any
way related to information you received, or a relationship you developed, as an employee or director.
You should not show preferential treatment to any health care provider or supplier regardless of their relationship with
Cigna-HealthSpring. If you become aware of a situation involving preferential treatment to health care providers or
suppliers, you should notify the Medicare/Medicaid Compliance Officer immediately.
Each provider or entity that contracts with Cigna-HealthSpring will require its managers, officers, and directors responsible for the administration
or delivery of Medicare/Medicaid benefits to sign a conflict of interest statement, attestation, or certification at the time of hire and annually
thereafter certifying that the manager, officer, or director is free from any conflict of interest in administering or delivering Medicare/Medicaid
benefits.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 31/62
E x c l u s i o n R e v i e w
Cigna-HealthSpring will not knowingly hire any individual, or contract
with any person or entity for its Medicare or Medicaid program, who
has been convicted of a criminal offense related to health care or who
is listed by a Federal agency as debarred, excluded, or otherwise
ineligible for participation in a Federal health care program.
Cigna-HealthSpring will review the Department of Health & Human
Services OIG and System for Award Management (SAM) (formerly
EPLS) exclusion lists to ensure that its Medicare employees and
subcontractors are not included on such lists.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 32/62
E x c l u s i o n R e v i e w , C o n t i n u e d
If Cigna-HealthSpring learns that an individual has been charged with a criminal offense
related to health care or proposed for exclusion or debarment, the individual will be removed
from direct responsibility for or involvement in all such Medicare activities until resolution of
such charges or proposed debarment or exclusion.
FDRs must review the Department of Health & Human Services OIG and
System for Award Management (SAM) (formerly EPLS) exclusion lists to
ensure that no FDR new employee, temporary employee, volunteer,
consultant, governing body member responsible for administering or delivering
Medicare benefits is excluded from Federal health care programs. The FDR
must conduct this review upon initial hire or contract execution and monthly
thereafter. Additionally, if an employee responsible for the administration or
delivery of any Medicare or Medicaid benefits is included on one or both of
these lists, the FDR must immediately remove the employee from any work
related directly or indirectly to any Federal health care program and must take
appropriate corrective actions. Your organization must retain documentation to
show that your organization conducted the required review of the lists (screen
prints of negative results is acceptable), and took corrective action if and when
an employee was identified on the list(s). This information must be available
upon request by Cigna-HealthSpring or CMS and records should be
maintained for 10 years.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 33/62
R e c o r d s M a n a g e m e n t
Unless specific conditions apply, all relevant Medicare records will be
maintained for10 years from the end of the final contract period or
completion of an audit, whichever is later.
CMS has authority under section 1860D–12(b)(3)(c) of the Act and
§422.504(e)(2) and §423.505(e)(2) to inspect and audit any books, contracts,
and records of a Part D sponsor or MA organization and its first tier,
downstream, and related entities that pertain to any aspect of services
performed, reconciliation of benefit liabilities, and determination of accounts
payable under the contract or as the Secretary may deem necessary to enforce
the contract.
All records created in the course of business are the property of
Cigna-HealthSpring, and will be maintained in compliance with all
legal, regulatory, and/or government contract requirements.
Unauthorized disposal or removal of records from Cigna-
HealthSpring is prohibited.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 34/62
A n t i - K i c k b a c k
It is Cigna-HealthSpring's policy to strictly comply with all laws
that regulate government contracting.
You must not offer, give, request, or receive anything of value
for free or below fair market price in connection with the sale or
recommendation of, or referral to, any benefit plan, product or
service paid partly or fully by any government program.
To ensure compliance with this policy, contracts or other
business arrangements between Cigna-HealthSpring and any
health care provider or supplier (including pharmaceutical
companies), and between Cigna-HealthSpring and any
government agency or program, must be in writing and must
be reviewed and approved by the member of Cigna-
HealthSpring's legal department assigned to the relevant
business division.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 35/62
A n t i - K i c k b a c k E x a m p l e s
The following scenarios are examples of potential kickback violations.
A medical provider group compensates a referral
coordinator for channeling members to their practice.
A pharmacy’s waiving of Medicare co-payments in order to
encourage enrollees to fill their prescriptions there.
A Medicare Part D plan sponsor’s acceptance of a
pharmaceutical manufacturer’s offer of a free disease
management program in return for encouraging Medicare
enrollees to use the manufacturer’s products.
A drug manufacturer’s provision of a free trip to an
employee of a Medicare Part D plan sponsor in return for
the plan sponsor’s decision to place the manufacturer’s
drug in the preferred tier of the plan’s Medicare formulary.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 36/62
A n t i - K i c k b a c k - T h e S t a r k L a w
The Stark Law prohibits physicians from referring Medicare patients for
health services in which the physician or member of the physician’s
immediate family has a financial interest or other arrangement, unless
an exception applies.
There are specific exceptions for certain referral services and
management contracts that meet certain specified requirements without
being in violation of the law.
The Stark Law was passed to prevent over-utilization of services (due to
the physician benefiting from the referral), reduce healthcare costs and
promote competition.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 37/62
A n t i - K i c k b a c k P e n a l t i e s
Anti-Kickback Statute
o Criminal penalties of up to 5 years in
prison and/or $25,000 in fines
o Civil money penalties of $50,000 per act
plus three times the remuneration offered
o Exclusion from participation in federal and
state health care programs
Stark Law
o Civil money penalties of up to $15,000 for
each claim submitted, plus three times the
amount claimed
o Civil money penalties of up to $100,000 for
each arrangement or “scheme” that
violates the law
o Exclusion from participation in federal and
state health care programs
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 38/62
F a l s e C l a i m s
It is Cigna-HealthSpring’s policy to comply with all applicable laws
regulating claims and information submitted in connection with goods
and services reimbursable by any United States federal or state
governmental agency or program.
As an employee, director, or agent of Cigna-HealthSpring you must
not participate in submitting a claim for payment or reporting any
information that is false, fictitious, fraudulent, or misleading (by falsely
stating or leaving out any information).
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 39/62
F a l s e C l a i m s , C o n t i n u e d
Anyone who participates in submitting a false or fraudulent claim to
the United States government for payment, including Medicare or
Medicaid claims, can be held personally liable. Examples of
prohibited conduct include, but are not limited to:
Filing a claim for services that were never provided, were
medically unnecessary, or were described inaccurately.
Inflating the number of claims processed or failing to
process any claims.
Falsifying data entered into a reimbursement-related
database, cost reports, Medicare enrollee satisfaction data,
or audit-related documents.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 40/62
F a l s e C l a i m s , C o n t i n u e d
As an individual working on behalf of a Cigna-HealthSpring Company, you must ensure the integrity of the product or service provided, and of the
related submissions made to the government.
Never falsify a document or knowingly submit misleading information and exercise due care and due diligence by verifying the accuracy of all data
on which the certification is to be made. Take every submission of information to the government seriously and review the underlying
requirements associated with certifications.
You are responsible for complying with this policy, including all related policies, and for promptly reporting any possible violations when you know
or suspect that a fraud, waste, abuse, or other illegal act relating to a false claim or statement has been committed. By doing so, you are helping
to protect business, clients, customers, partners, and your co-workers. When you report Code of Ethics and Principles of Conduct or other
compliance concerns, or participate in an investigation of these matters, you will not be subject to retaliation. Any individual working on Cigna's
behalf who engages in retaliation is subject to disciplinary action up to and including termination.
Keep in mind that, for purposes of payments made under the Medicare and Medicaid programs, an overpayment must be reported and returned
to the government within 60 days after the date on which the overpayment was identified. If the overpayment is retained beyond the 60-day
period, it can trigger false claim liability if the retention is knowing and improper.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 41/62
F a l s e C l a i m s , C o n t i n u e d
You must also report any false, inaccurate, or altered requests for
payment or claims to the Medicare/Medicaid Compliance Officer,
Cigna’s Chief Compliance & Ethics Officer, Cigna Legal Counsel, or
contact Cigna’s Ethics Help Line (1.800.472.8348).
Employees and subcontractors are protected from retaliation for
False Claims Act complaints under 31 U.S.C. § 3730(h), and other
applicable anti-retaliation protections.
Violations of Cigna's False Claims policy may result in disciplinary
action, including termination of employment and, depending on the
jurisdiction, criminal and/or civil penalties.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 42/62
G i f t s
Employees and directors must not offer or give gifts, entertainment, or
anything of value that would, or might appear to, improperly influence the
business decisions of others. Gifts, entertainment, or other benefits of value
greater than $50 must not be given - doing so is prohibited by company
policy.
Employees and directors must not accept gifts or entertainment that would,
or might appear to, improperly influence the employee's or director's
decisions regarding Cigna-HealthSpring business. Employees and directors
must not give or accept money or gift certificates to or from subcontractors
or anyone doing business with Cigna-HealthSpring, or contemplating doing
business with Cigna-HealthSpring, under any circumstances.
As a Medicare contractor, we must take special care to never provide or
offer to provide gifts or entertainment to government officials and
employees.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 43/62
M e d i c a r e C o m p l i a n c e
Cigna-HealthSpring and its contractors must comply with all applicable Medicare
laws and regulations and any regulation deviations must be approved by
Medicare. Through our contractual arrangements with CMS, Cigna-HealthSpring
has agreed to adhere to all Medicare laws and regulations.
CMS outlines their expectations and Cigna-HealthSpring utilizes these regulations
to develop our health plan operations, workflows, and internal processes to ensure
we meet our contractual requirements. Cigna-HealthSpring subcontractors must
also ensure processes are in place to comply with regulations and develop
applicable policies and procedures.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 44/62
M e d i c a r e C o m p l i a n c e , C o n t i n u e d
Updates and revisions to CMS directives are communicated to
Cigna-HealthSpring business areas internally through the
Medicare Compliance Department.
When Medicare Compliance issues a CMS directive that result
in a process change, the process owner must update the
applicable departmental policies and procedures. When a
policy or procedure is updated, it must be submitted through
the established organizational process for review and approval.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 45/62
M e d i c a r e C o m p l i a n c e , C o n t i n u e d
Any Subcontractor/Delegated Entity of Cigna-HealthSpring must comply
with all applicable Medicare laws and regulations and any regulation
deviations must be submitted to the Medicare/Medicaid Compliance
Officer and approved by CMS. Subcontractors/Delegated Entities are
required to submit an annual Attestation to evidence compliance. The
Attestation will cover, but is not limited to, the following areas:
Code of Conduct - Subcontractor/Delegated Entity must adopt and follow a code
of conduct that reflects a commitment to detecting, preventing, and correcting fraud,
waste and abuse in the administration or delivery of Medicare benefits. Code of
conduct should include provisions to ensure employees, managers, officers and
directors responsible for the administration or delivery of the Medicare benefits are
free from any conflict of interest in administering or delivering Medicare benefits.
Compliance Oversight - Subcontractor/Delegated Entity are required to respond
to identified compliance deficiencies promptly. Upon the discovery of a compliance
deficiency, the organization must promptly address and correct the deficiency and
report to Cigna-HealthSpring, in accordance with CMS regulations.
Compliance Training – Annual compliance training is required for all persons
involved in the administration or delivery of the Medicare or Medicaid Program. Cigna
HealthSpring’s Medicare Compliance Training module is made available to
Subcontractor/Delegated Entities who may not have appropriate training. New hires
should receive training within 90 days of hire.
Fraud Waste and Abuse (FWA) Training – All persons involved in the
administration or delivery of the Medicare Program must receive Fraud Waste, and
Abuse (FWA) Training upon hire and annually thereafter. CMS’ FWA Training module
is made available to Subcontractors/Delegated Entities who may not have
appropriate training.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 46/62
M e d i c a r e C o m p l i a n c e , C o n t i n u e d
…continue
Subcontractors/Delegated Entities are required to submit an annual
Attestation to evidence compliance. The Attestation will cover, but is not
limited to, the following areas:
Exclusion Review - - Subcontractors/Delegated Entities must review the Office of
Inspector General (OIG) and System for Award Management (SAM) (formerly EPLS)
exclusions lists to ensure that any Subcontractor/Delegated Entity employee or
manager responsible for administering or delivery Medicare benefits is not excluded
from Federal programs. Subcontractors/Delegated Entities must conduct this review
upon initial hire and monthly thereafter. If an excluded employee is identified, the
Subcontractor/Delegated Entity must immediately remove the employee from any work
related directly or indirectly to any Federal health care program and must take
appropriate corrective actions.
2012 Audit Protocols – Upon selection by CMS for audit, Subcontractors/Delegated
Entities must be able to show data requested by CMS live in their system and have a
plan representative available to address questions as requested.
Compliance Program Guidelines – CMS released the Compliance Program
Requirements for Part C and Part D respectively. Subcontractors/Delegated Entities
who have delegated administrative or health care service functions relating to Cigna-
HealthSpring’s Medicare contracts must review and have processes in place to ensure
compliance with program requirements.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 47/62
L i n k s t o G u i d e l i n e s a n d R e g u l a t i o n s
As a Medicare contractor, we must comply with numerous regulations. Here are several important links to regulations and
guidance issued by CMS.
Annual Part C and Part D Application - http://www.cms.gov/Medicare/Prescription-Drug-
Coverage/PrescriptionDrugCovContra/RxContracting_ApplicationGuidance.html
Call Letter - http://www.cms.gov/Medicare/Health-Plans/MedicareAdvtgSpecRateStats/downloads/Announcement2014.pdf
Medicare Part D Manuals - http://www.cms.gov/Medicare/Prescription-Drug-Coverage/PrescriptionDrugCovContra/PartDManuals.html
Medicare Part C Manuals - http://www.cms.gov/Regulations-and-Guidance/Guidance/Manuals/
Internet-Only-Manuals-IOMs.html
Instructions issued by CMS via the Health Plan Management System (HPMS) - http://www.cms.gov/Regulations-and-
Guidance/Guidance/Transmittals/2014-Transmittals.html
Code of Federal Regulations (CFR) applicable to Medicare - http://www.access.gpo.gov/nara/cfr/cfr-table-search.html#page1
Pharmacies contracted with Medicare Sponsors (such as Cigna-HealthSpring), must comply with numerous regulations, for example:
Pharmacy specific instructions can be found at: http://www.cms.hhs.gov/center/pharmacist.asp
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 48/62
M e d i c a r e R u l e s a n d F r a u d , W a s t e , a n d A b u s e ( F W A )
This section discusses Medicare rules that Cigna-HealthSpring
must comply with and Fraud Waste and Abuse (FWA)
activities.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 49/62
S p e c i a l I n v e s t i g a t i o n s U n i t
Cigna's Special Investigation Unit (SIU) uses a variety of means to help
employees detect suspicious claims, including: delivering annual anti-fraud
training for key employees, "Red Flags" job aids (Medical – Medicare Part C,
Pharmacy – Medicare Part D); maintaining a dedicated phone line and an email
box for questions and reporting suspected FWA, and conducting data mining.
The SIU investigators are responsible for identifying schemes specifically related
to Medicare Part C and Medicare Part D.
Cigna’s SIU communicates with other SIUs, law enforcement, regulatory agencies,
CMS, Medicare Drug Integrity Contractors (MEDIC), and associations to identify
schemes and/or suspect pharmacies.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 50/62
C i g n a - H e a l t h S p r i n g ' s B e n e f i t I n t e g r i t y U n i t ( B I U )
Cigna-HealthSpring's Benefit Integrity Unit (BIU) uses an online referral form, so that suspected fraud, waste and/or abuse
(FWA) activity concerning Cigna-HealthSpring members or providers may be reported. Annual FWA training is also provided to
Cigna-HealthSpring employees so they may sharpen their skills at FWA detection.
The BIU investigators are responsible for proactively identifying schemes specifically related to Medicare and Medicaid, along
with responding to member complaints regarding FWA issues.
Cigna-HealthSpring’s BIU not only supports law enforcement, CMS, Medicare Drug Integrity Contractors (MEDIC), and
associations to identify schemes, but also participates in local law enforcement task force meetings as part of our commitment
to fighting healthcare FWA.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 51/62
F W A I n v e s t i g a t i o n
The SIU/BIU gathers information and evidence by auditing claims,
interviewing customers and health care professionals, reviewing
medical records and prescriptions, data mining, and then
documenting findings.
CMS has contracted with certain companies to be Medicare Drug
Integrity Contractors (MEDIC). The SIU/BIU refers cases of
suspected FWA to MEDIC for investigation.
MEDIC's activities include:
Data analysis to identify potential Part C and Part D fraud
Investigation of potential Part C and Part D fraud for
referral to law enforcement
Liaison with law enforcement/sponsors for Part C and Part
D issues, and audits of sponsor and subcontractor Part C
and Part D operations
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 52/62
F W A P r o s e c u t i o n a n d R e s t i t u t i o n
Cigna-HealthSpring takes appropriate action against fraud offenders by
stopping payments to health care providers and referring cases to State and
Federal law enforcement for legal action. They partner with State insurance
departments, fraud bureaus and professional organizations and pursue
sanctions through State licensing boards.
Within 30 days of identifying a suspicion of fraud or the documentation of
fraud, the SIU/BIU makes a referral to MEDIC and the appropriate State
Department of Insurance.
Cigna’s SIU/Cigna-HealthSpring's BIU tries to recover losses incurred due
to fraud by:
Pursuing and recovering damages
Pursuing civil remedies
Pursuing criminal charges
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 53/62
F W A P r e v e n t i o n
Increased fraud awareness is created by requiring anti-fraud training programs for key
Cigna-HealthSpring employees, vendors, and partners; maintaining anti-fraud policies
and procedures; and communicating new fraud schemes to Cigna-HealthSpring
employees.
Cigna employees should refer all suspicious claims to [email protected]
Calls pertaining to Medicare FWA should be placed to the Fraud Hot Line at
1.800.667.7145.
Cigna-HealthSpring employees can refer Medicare FWA activity to the BIU using the
online referral form or by calling 1.800.668.3813.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 54/62
P r o t e c t e d H e a l t h I n f o r m a t i o n ( P H I )
This section provides information about protecting individually
identifiable health information, referred to as Protected Health
Information (PHI).
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 55/62
O v e r v i e w o f H I P A A P r i v a c y a n d S e c u r i t y R u l e s
The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules protect Individually Identifiable
Health Information, a subset of which is referred to as Protected Health Information (PHI), held or transmitted by a Covered
Entity, such as, Health Care Providers, Health Plans, and Health Care Clearinghouses and their Business Associates, including
entities that complete functions on the Covered Entity’s behalf, such as Medicare subcontractors.
PHI includes information that identifies the individual or could reasonably be used to identify the individual. PHI is information,
including demographic data, which relates to the individual’s past, present or future physical or mental health or condition,
health care provided to the individual, or past, present, or future payment for health care provided to the individual.
The HIPAA Privacy Rule protects all PHI in any form or media, whether electronic, paper or oral. The HIPAA Security Rule
applies only to electronic PHI (e-PHI). In general, this rule requires a Covered Entity to adopt additional safeguards for e-PHI
ensuring the confidentiality, integrity, and availability of all it creates, receives, uses, maintains, or transmits. The Health
Information Technology for Economic and Clinical Health (HITECH) Act expands certain HIPAA Privacy and Security
requirements, including requiring HIPAA covered entities and their Business Associates to provide notification following a
breach of unsecured PHI.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 56/62
P H I
All of the elements in this chart could be PHI, either alone, or if combined in a way that would allow for an individual to be
identified. Let’s look at a couple of examples of information Cigna-HealthSpring holds as a Medicare subcontractor.
Zip code alone is not PHI, but zip code combined with address and phone number is PHI. This is because the
combination of these data elements could be used to identify an individual.
Birth date alone is not PHI, but coupled with Social Security Numbers (SSNs) and claim numbers, could result in
identification of an individual and is considered PHI.
SSN alone is PHI, as this data element can be used to identify an individual.
It is important to remember that the context and combination of information determines whether information is PHI. If you have
any questions about what is, or is not PHI, always check with the Cigna or Medicare Privacy Office.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 57/62
P H I R e q u i r e m e n t s
Employees must follow the Privacy Policy regarding the additional requirements list below.
Safeguarding Protected Health Information - Members of the workforce must employ the appropriate administrative, technical, and physical safeguards
to protect the privacy of protected health information.
Use and Disclosure of PHI - PHI is confidential information that cannot be disclosed to others without the individual’s written authorization except as
permitted or required by the HIPAA Privacy Rule such as treatment (providing care), payment (claim payment), or health plan operations (examples
include, but are not limited to: audits and fraud and abuse detection).
Minimum Necessary - When collecting, accessing, using or disclosing PHI, or when requesting PHI to perform job functions, members of the workforce
must make reasonable efforts to limit the use and disclosure to the minimum necessary to accomplish the intended purposes of the use or request.
Verification - Members of the workforce must follow business unit procedures to verify the identity of a person
requesting PHI, and the authority of any such person to have access to PHI.
Notice of Privacy Practices – Individuals must receive and have access to a “Notice of Privacy Practices” which
describes how their health information may be used or disclosed, and what individual rights they have in relation to
this information.
Individual Privacy Rights - The HIPAA Privacy Rule provides individuals with certain rights related to their PHI. These
rights include: accessing or receiving a copy of their PHI, requesting an amendment or restriction of their PHI, and the
ability to receive an accounting of certain disclosures of their PHI. They can also request that a covered entity
communicate with them by alternate means, such as sending materials to an alternative address or location. Individuals
also have the right to lodge a complaint if they believe there has been a violation of their privacy rights.
For more information on any of these Privacy Policy requirements click Cigna’s HIPAA policies.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 58/62
T r a n s m i t t i n g P H I
Important facts regarding transmitting PHI:
PHI via the “Internet” – Even when transmitting PHI for permitted or required purposes (e.g., based on an individual’s authorization),
it is NEVER acceptable to transmit PHI via email over the Internet unless the email is encrypted through the use of Cigna’s
SecureMessage process. Cigna-HealthSpring employees can utilize the established "SecureMessage" process.
Cigna ONLY - Cigna's IT department has provided a secure electronic transmission solution for business with several of our
external business partners. As a result, email sent to the following email extensions is secure:
Convey Health Solutions (formerly NationsHealth) (email addresses ending with @conveyhs.com, @uspgi.com,
@nationshealth.com, and @nhrx.com)
e-mail address ending within @HealthSpring.com, @Bravo.com, @GulfQuest.com
Cigna-HealthSpring ONLY – HealthSpring’s IT department has provided a secure electronic transmission solution for business with
several of our external business partners.
We DO NOT have a secure connection with CMS. These are email addresses ending with @cms.hhs.gov.
Important Note: Even if CMS inadvertently transmits PHI, you should never reply or forward the email without removing the PHI or
securing the message appropriately by using the SecureMessage solution.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 59/62
T r a n s m i t t i n g P H I , C o n t i n u e d
PHI via fax – Prior to faxing PHI, ensure the receiving fax machine is
attended and an authorized person is waiting to receive the fax.
Click Cigna's Privacy Practices for information on any of Cigna's privacy
policies.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 60/62
R e p o r t i n g P r i v a c y I n c i d e n t s
If a member of the workforce, including a contractor or a subcontractor,
becomes aware of any potential violation of the HIPAA Privacy or
Security Rules, Health Information Technology for Economic and
Clinical Health Act (HITECH) Act, or Cigna's Privacy Policies and
Procedures, they should report the issue either orally or in writing to any
manager, the Medicare/Medicaid Compliance Officer, the Medicare
Privacy Officer, or Cigna's Privacy Office.
Medicare/Medicaid Compliance Officer – Rich Appel –
615.236.6150
Medicare Privacy Officer – Patti Hoffman – 615.236.6157 or
Cigna HealthCare Privacy Office – via email to -
Instances of potential non-compliance with the Privacy & Security
Rules, HITECH Act, and Cigna's Privacy Policies and Procedures will
be investigated and appropriate disciplinary action will be taken.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 61/62
R e p o r t i n g P r i v a c y I n c i d e n t s , C o n t i n u e d
Report privacy complaints and incidents promptly so that
appropriate action can be taken.
All employees, managers, contractors, and subcontractors will
immediately notify the Medicare/Medicaid Compliance Officer,
the Medicare Privacy Officer, or the Cigna Privacy Office of
any incident involving a potential violation of the HIPAA Privacy
or Security Rules, HITECH Act or Cigna's Privacy Policies and
Procedures.
Medicare Compliance Training –
for External Parties
Medicare Compliance Training – for
External Parties © Copyright 2014 Cigna. All rights reserved.
External Medicare Compliance Training 62/62
C e r t i f i c a t i o n
Completion of Cigna-HealthSpring’s
Medicare Compliance Training Certification
I hereby certify that I have received, read and understand Cigna’s written standards of conduct for Medicare Compliance,
including standards of conduct on Fraud, Waste and Abuse, that I have been trained on such standards, and that I understand
my responsibility to comply with the requirements of such standards
S i g n a t u r e : _____________________
Date: ________
Retain for your records