Compliance Program Guidance Overview of Chapters 9 & 21 Marianne Bechtle, JD, CHC CM/Program Compliance and Oversight Group, Division of Compliance Enforcement

Compliance Program GuidanceCompliance Program Guidance

Overview of Chapters 9 & 21

Marianne Bechtle, JD, CHCCM/Program Compliance and Oversight Group, Division of Compliance Enforcement

Phil Sherfey, JD, CHCCM/Program Compliance and Oversight Group, Division of Compliance Enforcement

Beth Brady, CFE, AHFICenter for Program Integrity, Division of Plan Oversight and Accountability

September 5, 2012

Image of blueprint

CMS logo

• Background

• Overview of the Revised Compliance Program Guidelines

AgendaAgenda

2

The Division of Compliance Enforcement (DCE) has a streamlined process for responding timely

to policy questions or inquiries:

[email protected]

Questions/Answers Questions/Answers

3

Chapter 9 Medicare Prescription Drug Benefit Manual* &

Chapter 21 Medicare Managed Care Manual**

• Based on regulations that were effective on January 1, 2011• Content Identical• Applicable to Medicare Part C and Part D programs• Applicability to Cost Plans and PACE as stated in Section 10 • Released through HPMS on Friday, July 27, 2012 • Effective immediately* Internet-Only Manual (IOM), Pub. 100-16* * IOM, Pub. 100-18

Revised GuidanceRevised Guidance

4

• February 8, 2012 – Draft Compliance Program Guidelines issued for public comment via HPMS

• March 16, 2012 – Comment period ended

• Robust review and comment process (900+ comments)• DCE/CPI workgroup

• 68 entities (Medicare Advantage Organizations and Prescription Drug Plans, Delegated Entities, Trade Associations, consultants, etc.)

• Topics of interest:

• FDR oversight

• Content requirements for Policies, Procedures, Standards of Conduct

• Role of governing body & executive management

• Compliance training of deemed providers

• Frequency requirements for checking OIG/GSA exclusion lists

• July 27, 2012 – Final Compliance Program Guidelines issued via HPMS

The Journey: Draft to Final The Journey: Draft to Final

5

• Must: Requirements created by statute or regulation

vs. • Should: Expectations identified in Guidelines

vs.• Best Practices: Recommendations

Section 10 - IntroductionSection 10 - Introduction

6

• Identifies 7 elements of an effective compliance program

• In order to be effective, the Sponsor’s compliance program must be fully implemented

• Adequate resources are essential to an effective compliance program

Section 30 - Overview of Mandatory Compliance Program

Section 30 - Overview of Mandatory Compliance Program

7

• Who is an FDR?• Sponsor determines whether its delegated entity is an

FDR subject to compliance requirements• How to Determine Who is an FDR• Consider functions that are related to Medicare Parts C

and D contracts • If an entity is performing one of these functions, it is

very likely appropriate to categorize the entity as an FDR

• If not performing one of the listed functions, analyze all facts and circumstances, including factors listed in chapter

Section 40 - Sponsor Accountability for and Oversight of

FDRs

Section 40 - Sponsor Accountability for and Oversight of

FDRs

8

Standards of Conduct (SOC)• Also referred to as “Code of Conduct” or other

similar terms

• Provide the overarching principles by which the Sponsor operates

• May be in a Medicare-specific document, or included as part of the Sponsor’s commercial business Code of Conduct

Section 50.1 - Element I: Written Policies, Procedures and Standards of

Conduct


Conduct

9

Policies and Procedures (Ps & Ps)• Describe operation of compliance program

• Detailed and specific

• Implement the operation of compliance program

• Should be updated to reflect changes in laws, regulations, other Medicare program requirements


Conduct


Conduct

10


Conduct


Conduct

11

To Employees To FDRs

When? When?

•Within 90 days of hire •When updated •Annually

•Within 90 days of contracting •When updated •Annually

How? How?

• Hard copy initially then electronic

• Email electronic copy• Posting on intranet

• Fax blast• Placement on Sponsor’s FDR

Portal• Contained as attachments to

the FDR Contract

Distribution of SOC and Ps & Ps

Compliance Officer• Compliance reports must reach senior-most leader• Must have express authority to provide unfiltered, in-

person reports to senior leader/governing body• Reports should not be routed through operational

management (e.g. Chief Operating Officer, Chief Financial Officer, General Counsel)

• Compliance Officer reports may be relayed through divisional Presidents

• Compliance reports to governing body must be made through a Sponsor’s compliance infrastructure

Section 50.2 - Element II: Compliance Officer, Compliance Committee

and High Level Oversight



12

Compliance Committee

• No requirement for separate “Medicare” Compliance Committee

• Accountable to senior leadership and governing body

• Must provide regular compliance reports to senior leadership and governing body





13

Governing Body

• Sponsor’s or parent’s governing body (e.g. Board, etc.) must oversee compliance

• May delegate oversight to committee, but governing body as whole ultimately accountable

• Must be knowledgeable about compliance risks

Section 50.2 - Element II:Compliance Officer, Compliance Committee


Section 50.2 - Element II:Compliance Officer, Compliance Committee


14

Senior Management

• Senior-most leader of contract holder must be engaged in compliance program oversight

• Must integrate Compliance Officer into organization

• Must be advised of all compliance enforcement activity, etc.





15

General Compliance Training for Employees• Who?

• All employees (including CEO, administrators and managers)• Governing body members

• When?• Within 90 days of hire and• Annually thereafter

• How?• Classroom training• Online training modules • Attestations that employees have read and received the Sponsor’s

Standards of Conduct and/or compliance policies and procedures Sponsors must be able to demonstrate that their employees have fulfilled these training requirements

Section 50.3 - Element III: Effective Training and Education


16

General Compliance Training for FDRs• What?• Sponsors must communicate the following to FDRs:• General compliance information

and • Compliance expectations are communicated to FDRs

• How?• Distribution of Sponsor’s Standards of Conduct

and/or compliance policies and procedures to FDRs’ employees through Provider Guides, Business Associated Agreements, etc.



17

Fraud, Waste, and Abuse (FWA) Training• Who?

• All employees (including CEO, administrators and managers)• Governing body members• FDRs

• When?• Within 90 days of hire

and• Annually thereafter

• FDRs?• Sponsors must provide FWA training directly to FDRs

or • Sponsors must provide training materials

or• Sponsors must ensure FDRs complete the CMS FWA Training Module

Specialized training may be provided based on FWA risks specific to an individual’s job function



18

FWA Training (Deemed FDRs)

• FDRs meeting FWA certification through Parts A/B enrollment or accreditation as DMEPOS* supplier are “deemed” to have met FWA training requirement

• If a chain pharmacy, each individual location must be enrolled to be deemed

*DMEPOS = Durable Medical Equipment, Prosthetics, Orthotics, and Supplies

Section 50.3 - Element III:Effective Training and Education

Section 50.3 - Element III:Effective Training and Education

19

Compliance Officer: Communicating with Others• Compliance Officer’s name, location, and contact information

must be shared with employees and FDRs

• Implement a system to communicate changes in law, regulations, sub-regulatory guidance, and P&Ps

• Information must be disseminated timely

• Numerous examples of methods to communicate both internally and to FDRs

• Sponsor must educate enrollees about identification and reporting of potential FWA

Section 50.4 - Element IV: Effective Lines of Communication

Section 50.4 - Element IV: Effective Lines of Communication

20

Section 50.5 - Element V: Well-Publicized Disciplinary Standards


Disciplinary Standards (Policies & Procedures)

• Must be clear and specific

• Must describe the Sponsor’s expectations for reporting compliance issues and assisting in the resolution of reported compliance issues

• Must identify noncompliant, unethical, or illegal behavior through examples of violative conduct

21

Disciplinary Standards (Publicize & Enforce)

• Provide timely, consistent and effective enforcement of standards

• Numerous examples provided of how to publicize disciplinary standards

• Records must be maintained for 10 years for all compliance violation disciplinary actions



22

Routine Monitoring and Auditing• Must conduct monitoring and auditing to test and confirm

compliance with Medicare requirements

• Monitoring: regular reviews of operations to ensure ongoing compliance

• Auditing: formal review of compliance with a set of standards

• Must develop an annual monitoring and auditing work plan

• Compliance Officer must receive regular reports from the audit department regarding results and corrective actions taken

Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing,

and Identification of Compliance Risks



23

System to Identify Compliance Risks

• Must conduct a formal baseline assessment of major compliance and FWA risk areas (e.g., risk assessment)

• Must take into account all Medicare business operational areas

• Examples provided of high risk areas for Medicare Parts C and D Sponsors

• Must audit the effectiveness of the compliance program (annually)

• Transfer results into a monitoring and auditing work plan





24

Audits: Sponsor’s Operations and Compliance Program

• Audit function may be a separate department or performed by the Compliance department

• Must designate adequate resources to meet the work plan goals

• No self-policing by operational areas; must be independent auditors, internal audit or compliance

• Must audit the effectiveness of the compliance program and share results with governing body





25

Monitoring and Auditing FDRs• Sponsors are responsible for compliance with CMS

requirements, including work performed by their FDRs• Must develop a strategy to monitor and audit first-tier

entities for compliance program requirements• Must ensure first-tier entities fulfill compliance program

requirements• Must ensure first-tier entities monitor compliance of

downstream entities• Examples provided of how to conduct monitoring and

auditing activities of FDRs (e.g., risk assessments, utilization reports)





26

Tracking and Documenting Compliance and Compliance Program Effectiveness• Sponsors should track and document compliance

efforts• Dashboards, scorecards, self-assessments tools and

other mechanisms help demonstrate compliance goals and achievements

• Issues of noncompliance and FWA identified in the assessment tools should be shared with senior management





27

OIG/GSA Exclusion• Sponsors must review the DHHS OIG LEIE list and GSA

EPLS prior to hiring or contracting, and monthly to ensure none of the persons or entities are excluded

• New and Temporary Employees

• Volunteers

• Consultants

• Governing Body members

• FDRs





28

Use of Data Analysis for FWA Prevention and Detection

• Establish baseline data to recognize unusual trends or changes in utilization or patterns over time

• Identify internal problem areas such as enrollment, finance, or data submission, and problem areas with the FDRs

• Use findings to determine where there is a need for policy changes





29

Special Investigation Units (SIUs)

SIU - An internal unit, often separate from the compliance department, responsible for investigation of potential FWA

• Sponsors are not expected to perform law enforcement duties and may refer FWA matters to the NBI MEDIC or to law enforcement

• SIUs must be accessible via phone, email, Internet and mail, and Sponsors must ensure FWA can be reported anonymously

• Communication and coordination between the SIU and compliance department is key in ensuring that all Medicare Parts C and D benefits are protected from FWA schemes





30

If Potential FWA is Detected . . .• Sponsors must initiate a reasonable inquiry as soon as

possible, but not later than 2 weeks after the date the incident is identified

• After a preliminary investigation, Sponsors may refer potential FWA to the NBI MEDIC if they do not have the time or resources to investigate fully

• Referrals should be made to the NBI MEDIC within 30 days so that the fraudulent or abusive activity does not continue

• Sponsors are responsible for monitoring for FWA and noncompliance within their organizations

Section 50.7 - Element VII: Procedures and System for Prompt Response

to Compliance Issues



31

Corrective Actions • Must be designed to correct the underlying problem• Must be implemented in response to FWA or

noncompliance• Must prevent future noncompliance (root cause analysis)• Must include timeframes for achievements• Must be documented and include ramifications if the

corrective action was not implemented satisfactorily• Sponsors must ensure FDRs have corrected their

deficiencies• Thorough documentation must be maintained of all

deficiencies identified and corrective actions taken





32

Medicare Drug Integrity Contractors (MEDICs)• Perform specific program integrity functions for

Medicare Parts C and DThe National Benefit Integrity (NBI) MEDICs• Identify potential FWA• Investigate referrals from sponsors and keep sponsors

informed• Refer to law enforcement or other entities when

necessary• May request additional information from the sponsors

which should be provided within 30 days unless otherwise specified





33

CMS issues alerts about fraud schemes identified by law enforcement officials. In response, Sponsors should . . .• Review contractual agreements with identified parties• Consider terminating contracts if law enforcement has

issued indictments and the terms of the contract authorizes termination in such instances

• Review past paid claims from entities identified in the fraud alert

• Identify claims that may have been part of an alleged fraud scheme and remove them from PDE submissions





34

To Identify Providers with a History of Complaints, Sponsors . . . • Should maintain files for 10 years on providers who have

been the subject of complaints, investigations and prosecutions

• Should maintain files that contain documented warnings, educational contacts, copies of complaints, and results of investigations

• Must comply with requests from law enforcement, CMS or CMS’s designee regarding monitoring of potentially abusive or fraudulent providers





35

The Division of Compliance Enforcement (DCE) has a streamlined process for responding timely

to policy questions or inquiries:

[email protected]

Questions/Answers Questions/Answers

36

WEBSITE FOR PROGRAM COMPLIANCE & OVERSIGHT

GROUP(PCOG)

COMING SOONCOMING SOON

37

Documents

Compliance Program Guidance Overview of Chapters 9 & 21 Marianne Bechtle, JD, CHC CM/Program Compliance and Oversight Group, Division of Compliance Enforcement