FY 2014 Corporate

Compliance& Rights

Protection Training

GAO: 3 PRIMARY CATEGORIES OF FRAUD

AND ABUSE

Improper billing practices: upcoding, phantom treatment, delivering more treatment than necessary.

Misrepresenting qualifications: lapsed, expired or false credentials; performing outside the bounds of one’s license.

Improper business practices: kickbacks for referrals to a provider, cost report issues, enhancement of profits by limiting care.

2

LAWS TO BE AWARE OF

The Federal Anti-kickback Statute

The Stark Law The Texas Illegal

Remuneration Statute Civil Money Penalties

Statute The Federal False

Claims Act The Medicaid Fraud

Prevention Act3

THE ANTI-KICKBACK STATUTE

Applies to everyone not just licensed staff

“Knowingly & willfully” - There must be intent to engage in wrongful act

“Solicits or receives/offers or pays” – the prohibition applies both to the offer and acceptance of a kickback.

“Remuneration, directly or indirectly…” – does not require exchanges of money just anything of value.

4

THE FEDERAL FALSE CLAIMS ACT

Submitting or causing to be submitted a claim for payment using a false record.

Knowingly or with reckless disregard or deliberate ignorance of the falsity of the claim.

Fines can be enormous. Fraud Enforcement and

Recovery Act expanded FCA to include claims to non government payors. Creates liability for knowingly concealing the retention of an overpayment.

5

MEDICAID FRAUD PREVENTION ACT

Applies to everyone not just licensed staff

Knowledge or acts with conscious indifference or reckless disregard

Provides a multitude of actions that constitute fraud, including actions by managed care organizations.

Penalties: Revocation of provider agreement, Medicaid Exclusion list for no less than 10 yrs., state license discipline, and monetary restitution.

6

PROVIDER EXCLUSIONS DATABASE

Any individual or entity that provides or is involved in the provision of, or billing for services or items reimbursable by federal health care programs may be excluded (MDs, nurses, aides, PTs, billing companies, non-licensed persons involved in some aspect of health care industry).

Most common exclusions include: license revocation/suspension, program-related convictions, patient abuse and neglect and default on health education loans.

Exclusion does not expire or end on its own terms; an individual or entity must apply to the OIG for reinstatement.

Liability for using an excluded individual or entity include:o Civil money penalty of $10K for each

item or service claimedo Assessment of up to three times the

amount claimedo The violating entity could be added

to the exclusion database 7

REPORTING COMPLIANCE ISSUES

(CODE OF CONDUCT, # 14)

As a general rule, report to your supervisor

As another option you may report directly to the Compliance Officer, Cindy Keggo In person at the League City officeo Phone / voice mail: 1-888-839-

3229o Interoffice mail (send to GCC-

League City)o U.S. Mail: 4444 W. Main League

City 77573 o E-mail:

cindyk@gulfcoastcenter.orgo FAX: (281) 338-2460

DO NOT MAKE THE EASY

MISTAKE OF FAXING TO 388-2460 (this is a CPA Office in Alvin!)

8

ACTION TAKEN IN DETECTED COMPLIANCE OFFENSES AND OTHER CONFIRMED CASES OF

MISCONDUCT (INCLUDING ABUSE NEGLECT AND

EXPLOITATION)

Considerations: Seriousness, Circumstances, Work Record, Length between Violations

Possible Actions: Required Training, Written Reprimand, Probation, Demotion,

Reassignment, Termination, Disclosures as required by Law

Confirmed Cases of Abuse, Neglect or Exploitation:

Reported in CANRS May be reported to the Employee Misconduct Registry, effective September 1, 2010. (Senate Bill 806, 81st Legislature)

Compliance Offenses: May Include a Corrective Action Plan for both the targeted staff and the supervisor

Reassignment may occur during an investigation

9

PROTECTING CONFIDENTIALITY

(CODE OF CONDUCT, # 10) You have breached confidentiality if you

disclose information to a third party who is not involved in furthering care or does not have a legitimate need to know.

People included in furthering care are doctors, nurses, social workers, service coordinators & others directly involved in the care of the individual.

People not included in furthering care are those in environmental services, personnel, patient friend’s and family, your friends, and colleagues not involved in the care of the individual.

The Mental Health Code (MHC) does allow the release of information to law enforcement if there is a threat of harm to self or others, or to assist in medical evaluation or treatment.

If your employment ends, you are still bound to maintain confidentiality of all records and information accessed during your employment.

Information is not given to: family members or friends without a release, law enforcement who do not meet the MHC exceptions, legislature, or Center personnel not involved in care.

10

THE HITECH ACT & BREACH

NOTIFICATION

The act defines a breach as the “unauthorized acquisition, access, use or disclosure of protected health information which compromises the security or privacy of the protected health info, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information .

Must notify the consumer/client within 60 days of discovery of the breach

Notification shall include: description of what happened, what info was involved, steps they should take, and steps we have taken, and contact procedures for if they have questions.

If more than 500 people involved …must notify the media

Requires encryption of data [safetosend] Red Flags for Identity Theft:

o Appointment scheduling and patient registration: info looks forged, doesn’t know DOB, physical description does not match identifying info.

o Delivery of services: records indicate treatment inconsistent with exam, info in record contradicts what is already known of client,

o Consumer/client billing and questions: address discrepancies, consumer disputes bill claiming identity theft, consumer receives a bill for services not received, address change that doesn’t seem legitimate.

o Inquiries from Third Party: law enforcement, SSA notifies us the consumer is dead, USPS informs us not an accurate

address, contact from an insurance fraud investigator

11

HIPAA...STAFF ACTIONS

Employees access PHI only to the degree necessary to perform their jobs. Staff should only have access to

PHI regarding the consumers that they are working with, not other persons receiving services

Any staff persons outside the interdisciplinary team working with a consumer probably do not have a need to know PHI about the individual

If you are unsure of who to release information to, DON’T RELEASE IT!!! Check with your Supervisor, or Linda Bell, Director of Legal Affairs.

12

Staff Actions

Employees have a duty to safeguard PHI from intentional or unintentional use of disclosure that is in violation of the HIPAA Privacy Rule by…

Keeping records locked up when not in use.

Users should log off their computers while

away from their desks.Computer screens should not be in plain

sight of publicWritten information in nurse stations,

desks, etc., should be covered from public view.

Discussions about consumers should be made

in private, away from public areas. Electronic records should be kept secure.

Facilities should monitor who accesses PHI.

Paper records should be shredded and never left in the garbage for disposal with regular trash.

Do not share your computer password with anyone. Create a password that is unique and difficult for someone else to guess.

Do not write it down where someone else can see it or find it.

13

Staff Actions

Employees refer requests for PHI, requests from persons served to amend records, and related requests to the appropriate office.

All requests made by consumers should be reported to Liz Bennett, Technical Assistant Medical Records Administration, located at Southern Brazoria County CSC: 

o Direct line: (281) 585-7389 or;

o SBCSC (979) 848-0933 x11313

o Fax: (979) 848-0937 (call to confirm receipt of fax)

If you receive a subpoena, court

order, or a request for an affidavit,

notify Liz Bennett immediately.

14

Staff Actions

Employees report or assist others in reporting suspected privacy rights / HIPAA violations If an employee or consumer wishes to

make a complaint about The Gulf Coast Center, call or refer them to:o Cindy Kegg, The Gulf Coast

Center’s Rights Protection Officer/Corporate Compliance Officer

o TDSHS or TDADS Office of Consumer Services and Rights Protection

o U.S. Department of Health and Human Services

o Texas Attorney General’s Office 15

CONSUMER / CLIENT RELATIONS

(CODE OF CONDUCT # 12)

All consumers/clients deserve to be treated with dignity and respect and have the right to be involved in their care. Dignity and respect includes the elimination of prejudicial language.

It is the responsibility of each employee to ensure that the rights of clients are protected.

Each employee must familiarize themselves with rights set forth in policy, procedures and in the rights protection handbook. 16

Dating Implied Sexual and Sexual in Nature Contacts (i.e., physical act, telephonic and electronic)No Living Arrangement AgreementsNo loans or storing/holding of Consumer Funds/MoneyStaff may accept no monetary gifts. Policy does allow acceptance of gifts of <$50.00. Recovery programs can not accepts gifts, monetary or otherwiseConsumers can not do chores (i.e. picking up trash or cleaning restrooms) for cigarettes or other privileges; this is a violation of the Department of LaborCaution: Telephone communications should be limited to Center Business due to misinterpretations of others.Caution: If a consumer/client has a business and you would like to bid for his services or have him do some work for you do realize that there may be some ramifications for such action. The relationship may appear to have some form of exploitation.Caution: Avoid the appearance of inappropriate behavior.

FORBIDDEN CONSUMER -EMPLOYEE

RELATIONSHIPS (CODE OF CONDUCT # 12)

17

PREVENTING ABUSE, NEGLECT AND EXPLOITATION

Learn your Job Understand expectations

and focus on doing your job well.

Communication Don’t take your anger or

frustration out on persons served or their

families. Do your part to help foster positive relationships with co-workers

and keep morale high.

Stress Management Manage your stress levels.

Personal Problem Management Leave personal problems outside of the workplace. If you are having difficulty

with this, speak to your supervisor. Seek

help if you need it!

18

RECOGNIZING SIGNS / SYMPTOMS OF

POSSIBLE ABUSE(CODE OF CONDUCT # 12)

Multiple scratches, cuts, bruises, burns

Unusual patterns of injuries

Inadequate or illogical explanation of injury

Serious injuries: sprains, breaks, bedsores

Reports of confinement

Reluctance to participate in physical

exams

Passive, withdrawn behavior with certain people

19

RECOGNIZING SIGNS / SYMPTOMS OF

POSSIBLE NEGLECT(CODE OF CONDUCT # 12)

Lack of food or malnourishment

Lack of water or dehydration

Withholding meds/overmedicating

Inadequate shelter

Unsanitary living conditions

Untreated health problems

Lack of personal hygiene / clothes

20

EXAMPLES OF EXPLOITATION

(CODE OF CONDUCT # 12)

Taking, holding, borrowing money (even if the money was paid back)

Taking Social Security /SSI checks

Taking property

Exchanging items of unequal value

Requesting items to be purchased for staff

Using consumers as free labor     

  

  

21

REPORTING ALLEGATIONS OF SUSPECTED ABUSE,

NEGLECT OR EXPLOITATION (MH & IDD SERVICES)

ALL staff have the responsibility to report

the staff in receipt of the information should

make the report

DO NOT contact co-workers, your

supervisor, or the Rights Protection Officer

and ask his/her opinion on whether or not to

report. THE DECISION IS YOURS! refer to the definitions of abuse, neglect

and

exploitation provided in this training (CANRS)

Immediately (within 1 hour) make a report to DFPS via the website or statewide intake phone number:

o www.txabusehotline.orgo 1-800-647-7418

If the alleged perpetrator is a Center staff or contract staff, complete an Incident Report within 24 hours and fax/scan to RPO

NOTE: Employees and Consumers are protected from retaliation when reporting

22

REPORTING…CONTINUED

DO NOT notify the alleged perpetrator of the impending investigation.DO NOT conduct a mini-investigation.DO NOT discuss the incident

with others.

DO preserve the safety of the

person and arrange for emotional support or

medical care as appropriate DO protect any evidence (i.e. take pictures, secure the record, etc.) DO cooperate with DFPS investigators

23

WHEN YOU MAY NOT RELEASE INFORMATION

ON A CENTER CLIENTThe “Interpretive Guidance on Laws

Pertaining to Privacy of Mental Health and Mental Retardation Records for the MHMR Service Delivery System” pursuant to the TAC Protected Health Information, Chapter 414, Subchapter A, states:

  § When Authorization is not

Required to Use or Disclose Protected Health Information that Relates to MHMR Services (b) When required or authorized by law

            (3) A component may disclose PHI to the Department of Family and Protective Services) when necessary to report or cooperate in the investigation of suspected child abuse or neglect. 

However, the PHI of a parent or other person responsible for the care of the child who is the subject of the report or investigation may only be disclosed pursuant to a court order.

24

Notifies RPO

DFPS receives a report (website or

1-800 number)

APS initiates an investigation

Case Close

d

APS mails completed investigative report to RPO

upon completion

Copy of report given to ED, Review Committee and if confirmed, to

staff; Case reviewed

What Happens When a DFPS Investigation

Occurs?

RPO notifies ED, Review Committee, Supervisor

Disagree with

findings

Agree with

findings

Request for

Review forwarde

d to Assistant Commis-sioner of

APS 25

INCIDENT REPORTS…WHEN TO REPORT

(CODE OF CONDUCT #15)

• Actual or suspected abuse, neglect or exploitation /other rights violations when a staff person is the alleged perpetrator

• Vehicle Accidents &

Injuries(client or staff) Report immediately to

• James Rollens III• at 713-545-7595• Violent behavior• (client or staff)• Threats or acts of

aggression (client or staff)• Destruction /loss • of property (client

or staff)• Illegal behavior

(client or staff)

Medical emergencies

Psychiatric emergencies

Serious infraction of program rules (client or staff)

Loss of consumer record

Use of personal restraint(if not part of approved Behavior Plan)

Missing consumer Death of consumer Fire Violations of the

Business Code of Conduct, as appropriate.

EMAILS W PHI SENT

W/O ENCRYPTION

26

INCIDENT REPORTS …PROCEDURES

The following reports must be submitted to

the RPO within 24 hours:

1) abuse/ neglect/ exploitation/ other

rights issues (when staff is

the alleged perpetrator)

2) deaths (active clients)

3) incidents involving workman’s comp (also fax to Ricki at

Admin!) All other reports must be submitted to the RPO within 48

hours

Write legibly Fill in all appropriate blanks Include your

response / follow-up to

incident then…

1) Fax to RPO in League City: 281-338-

2460 / Send original to

RPO immediately, OR

2) Submit electronically

REMEMBER, Do not keep a copy or put a copy in the record

27