2012 fraud, waste and abuse downstream training preferred care partners confidential and proprietary

2012 Fraud, Waste and Abuse2012 Fraud, Waste and AbuseDownstream TrainingDownstream Training

Preferred Care PartnersConfidential and Proprietary

2

o First Tier Entity – means any party that enters into a written arrangement acceptable to CMS with a sponsor or applicant to provide administrative or healthcare services for a Medicare eligible individual under Part D (hospital, provider, PBM).

o Downstream Entity – means any party that enters into a written arrangement, acceptable to CMS, below the level of a First Tier arrangement (pharmacy, claim or billing company).

o Related Entity – means any entity that is related to the Sponsor by common ownership or control and performs some of the sponsor’s management functions under contract or delegation; Furnishes services to Medicare members under an oral or written agreement; or Leases real property or sells materials to the sponsor at a cost of more than $2,500 during a contract period. 42 CFR 422.2 & 423.4

Definition of First Tier, Downstream and Related Entities


Have You Been Trained?

Detecting and preventing fraud, waste and abuse (FWA) is the responsibility of everyone, including employees, members, physicians, vendors, subcontractors, hospitals, brokers, agents and other persons who may be subject to federal or state laws relating to FWA. The Centers for Medicare and Medicaid Services (CMS) requires that all employees who work or contract with Medicare Advantage Programs (MA) and or Medicare Prescription Drug Programs (PDP) meet annual compliance and education training requirements with respect to Fraud, Waste and Abuse.

Specifically, the compliance regulation states that these contractors mentioned above must have a compliance plan, which addresses measures to detect, correct, and prevent fraud, waste and abuse; and consist of training, education, and effective lines of communication between the compliance officer and the organization’s employees, managers, and directors in regards to Fraud, Waste and Abuse.


3

Preferred Care Partners’ Commitment

Preferred Care Partners and subsidiaries, must ensure that all delegated and external entities implement fraud, waste and abuse training for all personnel who deal directly with our Medicare members or who view Protected Health Information (PHI) in any capacity. To meet this obligation we have established training requirements and communicate this to our first tier, downstream and related entities for which we have a contractual relationship.

4Preferred Care PartnersConfidential and Proprietary

This Training Will Cover:o Obligations of first tier, downstream, and related entities to have appropriate

compliance program, policies and procedures in place to address FWAo Who Commits Fraud, Waste and Abuseo Definitions of Fraud, Waste and Abuseo Types of Fraud, Waste and Abuse that can occur in first tier, downstream and

related entitieso Healthcare Fraud Laws and Regulationso HIPAA Privacy and Security Laws and Regulationso Your Responsibilitieso Process/ Duty to report FWAo Protections for employees/entities who report suspected FWA o Training Documentation


Compliance ProgramPreferred Care Partners and their first tier, downstream and related entities are obligated to have a Compliance Program to guard against potential fraud, waste, and abuse. The plan must include:

(1) Written policies, procedures, and standards of conduct articulating the organization's commitment to comply with all applicable Federal and State standards

(2) The designation of a compliance officer and compliance committee (3) Effective training and education between the compliance officer and the MA/Part D plan sponsor's employees, managers

and directors, and the MA/Part D plan sponsor's first tier, downstream, and related entities(4) Effective lines of communication between the compliance officer, members of the compliance committee, the MA/Part

D plan sponsor's employees, managers and directors, and the MA/Part D plan sponsor's first tier, downstream, and related entities

(5) Enforcement of standards through well-publicized disciplinary guidelines(6) Procedures for internal monitoring and auditing(7) Procedures for ensuring prompt responses to detected offenses and development of corrective action initiatives relating

to the organization's contract as a MA/Part D plan sponsor

By the terms of your contract with Preferred Care Partners you must have and maintain an effective compliance program. Be aware and knowledgeable about laws applicable to fraud, waste and abuse. Effectively educate and train employees, downstream and related entities about fraud, waste and abuse, at least annually. Maintain effective lines of communication with Preferred Care Partners’ compliance officer about potential fraud, waste and abuse. Maintain records to effectively track completion of education and training regarding fraud, waste and abuse either through your organization’s own training or through the material provided here. Provide or make available fraud, waste and abuse training to your partners (first tier, downstream, and related entities) to ensure that Medicare business partners are aware of their obligation.


Who Commits Fraud, Waste and Abuse?

Many individuals and organizations can potentially commit fraud including:

o Beneficiarieso Physicians, nurses and other healthcare providerso Pharmacieso Laboratorieso Pharmaceutical manufacturerso Durable Medical Equipment (DME) Providerso Hospitalso Pharmacy Benefit Managers (PBMs)o Employees of health planso Home Health Agencies


Definitions of Definitions of Fraud, Waste and Abuse Fraud, Waste and Abuse


What is Fraud?

Fraud is an intentional deception or misrepresentation that the individual knows to be false or does not believe to be true, and makes knowing that the deception could result in some unauthorized benefit to himself/herself or some other person.


What is Waste?

Waste is the extravagant, careless, or needless expenditure of funds or consumption of property that results from deficient practices, system controls, and wrong decisions.


What is Abuse?

Abuse describes provider practices that are inconsistent with generally accepted business or medical practices and that result in an unnecessary cost to the Medicare program or in the reimbursement for goods or services that are not medically necessary or that fail to meet professionally recognized standards for health care/ or recipient practices that result in unnecessary cost to the Medicare program.

Many times abuse appears quite similar to fraud except that it is not possible to establish that abusive acts were committed knowingly, willfully, and intentionally. Although these types of practices may initially be categorized as abusive in nature, under certain circumstances they may develop into fraud if there is evidence that the subject was knowingly and willfully conducting an abusive practice.


Fraud, Waste, and Abuse in our Healthcare System

The National Healthcare Anti-fraud Association (NHCAA) cites an average of 3 percent (at the low end) and 10 percent (at the high end) of healthcare spending is lost due to fraud. That’s between $67 Billion and $230 Billion lost each year to fraud, waste or abuse. That estimates to between $184 million and $630 million dollar loss per day, and this number is expected to increase every year as healthcare costs rise.*

Healthcare fraud is believed to be the second largest white-collar crime in the United States. It is often mistaken for a victimless crime, but it affects everyone. Fraud causes insurance premiums to rise, and victims may be put through unnecessary or unsafe procedures. Victims of identity theft may find their insurance information used to submit false claims. This is a staggering cost, and we are committed to battling these unnecessary expenditures every step of the way.

*The National Healthcare Anti-fraud Association (NHCAA). “Anti-Fraud Resource, Consumer Info & Action”; available at:http://www.nhcaa.org/eweb/DynamicPage.aspx?webcode=anti_fraud_resource_centr&wpscode=ConsumerAndActionInfo


Types of Types of Fraud, Waste and AbuseFraud, Waste and Abuse


Beneficiary Fraud

Examples of fraud committed by beneficiaries may include:

oIdentify theftoResale of drugs on the black marketoFalsely reporting loss or theft of drugs to receive replacementsoDoctor shoppingoFalse and inaccurate information to Medicare/Medicaid


Provider Fraud

Fraud can be found in some day-to-day operations within any medical practice. Some forms of fraud may include:

o Billing for items or services not rendered or not provided o Submitting claims for equipment or supplies and services that are

not reasonable and necessaryo Double billing resulting in duplicate paymentso Unbundlingo Failure to properly code using coding modifiers or up-coding the

level of service provided, inappropriate use of place of service codes

o Altering medical recordso Kickbacks


Pharmacy Benefit Manager (PBM) Fraud

Fraud committed by a PBM may include:

o Unlawful remuneration in order to steer a beneficiary toward a certain plan or drug, or for formulary placement.

o Not offering a beneficiary the negotiated price of a drug.


Pharmacy Fraud

o Overstating cost or billing for a

commercially available product when compounding the product (e.g., inhalation drugs)

o Dispensing samples or expired drugs

o Using a single dose vial for multiple prescriptions and billings

o Returns to stock not credited

o Authorized refills billed but not dispensed

o Ignoring payer of last resort policy

o Forgery: bogus prescriptions, bogus invoices

o No prescription - phantom billings

o Altering prescriptions (+ Drugs, Quantity, Refills)

o Shorting quantity dispensed with full billings

o IOU - partial fills for full billings

o Over billed quantities

o Billing one drug and dispensing another


Healthcare Fraud Healthcare Fraud Laws and RegulationsLaws and Regulations


The False Claims Act

The False Claims Act (FCA) prohibits knowingly filing a false or fraudulent claim for payment to the government, knowingly using a false record or statement to obtain payment on a false or fraudulent claim paid by the government, or conspiring to defraud the government by getting a false or fraudulent claim allowed or paid. See 31 U.S.C. 3729(a) of the Act for additional details, exclusions, and statutory exceptions.


False Claims Act Examples & Fines

A person is in violation of the False Claims Act if they have:o Purposefully supplied false information on an application for a Medicare

benefit or payment or for use in determining the right to any such benefit or payment;

o Known about, but did not disclose, any event affecting the right to receive a benefit;

o Knowingly submitting a claim for a physician service that was not rendered by a physician or

o Supplied items or services and asked for, offered, or received a kickback, bribe or rebate.

Under the 42 U.S.C section 1320a-7b(a), if an individual participates in an activity above, they will be found guilty of a felony and upon conviction shall be fined a maximum of $50,000 per violation or imprisoned for up to five years per violation or both.


Civil and Criminal False Claims Act (42 U.S.C. §1320a-7b(a))

It is a crime for any person or organization to:o Knowingly present, or cause to be presented, a false or fraudulent claim for payment or approval by the federal government; oro Knowingly make, use, or cause to be made or used a false record or statement to influence the payment of a false or fraudulent claim.

NOTE:

Unlike the Anti-Kickback Statute, no proof of specific intent to defraud is required by the False Claims Act. The person submitting a claim does not need to have actual knowledge that the claim is false. Anyone who acts in reckless disregard or in deliberate ignorance of the truth or falsity of the information can also be found liable under the False Claims Act.


Fraud Enforcement & Recovery Act of 2009 (“FERA”)

Signed into law May 20, 2009.

o Amends the False Claims Act.

o Makes it illegal to “knowingly conceal or knowingly and improperly avoid” an obligation to repay federal funds that have been paid in error, even if the erroneous payment was not caused by the submission of a false record or statement.

Expands the definition of “claim” to include:

o Demands for payments made by subcontractors to companies receiving federal funds.

o Any request for money made to any “recipient” of funds provided, in whole or in part, by the government, “to advance a Government program or interest.”


Anti-Kickback Statute The Anti-Kickback Statute, 42 U.S.C. §1320a-7b(b), prohibits the following actions:

Soliciting or receiving, offering, paying remuneration for referrals of Medicare or Medicaid patients, or referrals for services or items which are paid for, in whole or in part, by Medicare or Medicaid. Soliciting or receiving, offering or paying remuneration in return for purchasing, leasing, ordering, or arranging for, or recommending purchasing, leasing, or ordering any goods, facility, service, or item for which payment may be made in whole or in part, by Medicare or Medicaid. Discounts, rebates, or other reductions in price may violate the anti-kickback statute because such arrangements induce the purchase of items or services payable by Medicare or Medicaid.

The statute ascribes criminal liability to parties on both sides of an impermissible “kickback” transaction.

However, certain arrangements are clearly permissible if they fall within a “safe harbor.”


What is Remuneration?

The transfer of anything of value, directly or indirectly, overtly or covertly in cash.

When this happens, both parties are held in criminal liability of the impermissible “kickback” transaction.


Physician Self-Referral“Stark” Prohibition

Physician Self-Referral Prohibition Statute

o Commonly referred to as the “Stark Law.”o Prohibits physicians from referring Medicare patients for certain designated

health services to an entity with which the physician or a member of the physician’s immediate family has a financial relationship – unless an exception applies.

o Prohibits an entity from presenting or causing to be presented a bill or claim to anyone for a designated health service furnished as a result of a prohibited referral.


Stark Joint Venture Agreement -Changes effective October 1, 2009

Under Arrangement Agreements. CMS finalized changes to the definition of "entity" that will prohibit physician ownership of entities that provide services to hospitals "under arrangements." Under the revised definition of "entity", a person or entity is considered to be furnishing DHS if the person or entity either "performs" the DHS or presents a claim or causes a claim to be presented to Medicare for the DHS.

Per Click leases CMS revised the space and equipment lease exceptions, the fair market value exception, and the indirect compensation arrangements exception under Stark to prohibit per-unit of service rental charges for space and equipment to the extent that such charges reflect services provided to patients referred between the parties. This change will effectively prohibit physician-owned leasing companies from entering into per-click leases with hospitals and other designated health services entities. CMS stated that the new prohibition also applies when the physician is the lessee. However, CMS is not prohibiting per-click arrangements involving non-physician-owned lessors to the extent that these lessors do not refer patients for DHS. CMS also clarifies that it is not prohibiting per-click payments to physician lessors for services rendered to patients who were not referred to the lessee by the physician lessors. The Rule also prohibits the use of compensation arrangements for the rental of space or equipment that are based on a percentage of revenue attributable to the services performed or business generated in the leased office space or in the use of leased equipment, whether the arrangement is a direct or indirect financial arrangement.


Stand in Shoes Doctrine Affectso Ancillary Services Joint Ventures (e.g. ambulatory surgery centers, diagnostic imaging

facilities, specialty hospitals, etc.)o Physician Medical Director Management relationships o Exclusive Specialty Services contracts Phase III "stand in the shoes" rules, effective January 1, 2008, required physicians to

stand in the shoes of "physician organizations" ("POs") with which they had a financial relationship. As defined, a PO is generally considered as any organization primarily engaged in providing physician services. Financial relationships between the PO and DHS entities are analyzed if such relationships are direct between a physician and the DHS entity. These relationships must therefore meet a direct compensation exception under the Stark. In 2009 the stand in the shoes doctrine changed in three ways: (i) modifies types of financial relationships between physicians and POs subject to the rule; (ii) alters the application of the physician "stand in the shoes" rules to academic medical centers; and (iii) declines to implement to the so-called “entity stand in the shoes” doctrine that had previously appeared in the 2008 Medicare Physician Fee Schedule.


Intermediate Sanctions

It is important that to understand these regulations since violations can result in civil and federal penalties. CMS can impose intermediate sanctions on our Plan Sponsors for:

o Engaging in discriminatory practices o Providing false information to CMS o Imposing excessive premiums on members o Inappropriately disenrolling or refusing to re-enroll an individual o Failing to provide a beneficiary with medically necessary items or services that

are required under law or contract o Employing or contracting with any health care provider that is excluded from

participation in the Medicare program


The OIG Exclusion The Department of Health and Human Services Office of Inspector General (OIG) is legally required to exclude from participation in all Federal Health Care programs individuals and entities convicted of the following types of criminal offenses:

o Medicare or Medicaid fraudo Patient abuse or neglect o Felony convictions for other health related fraud, theft, or other

financial misconducto Felony convictions for unlawful manufacture, distribution,

prescription or dispensing of controlled substances

The OIG has discretion to exclude on several other grounds, including misdemeanor convictions related to the list above.


The OIG Exclusion (cont.)

• If a Provider is excluded by OIG from participation in Federal Health Care programs, then Medicare, Medicaid, TRICARE and/or VA will not pay for items or services furnished, ordered or prescribed by the excluded provider.

• Excluded providers may not bill directly for treating Medicare and Medicaid patients, nor may their services be billed indirectly through an employer or a group practice.

• The online database may be accessed at: http://oig.hhs.gov/fraud/exclusions.asp

• The List of Excluded Individuals/Entities (OIG) contains just the exclusion actions taken by the OIG.


.

HIPAA HIPAA Privacy & SecurityPrivacy & Security


The Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), addresses the right to privacy for an individual patient’s medical records.

Privacy Rule: Defines protected health information and provides individuals more control over how their health information is used and disclosed.

Security Rule: Establishes controls for safeguarding the integrity, availability and confidentiality of private information. The Office for Civil Rights is responsible for implementation and enforcement of the privacy and security regulations.


WHAT DOES HIPAA PROTECT?

Patient information such as medical office patient charts, hospital records, radiographs, lab work and testing procedures are considered Protected Health Information (PHI). It also protects information that is maintained by a health care provider or health plan. HIPAA protects a patient’s right to access and make changes to their PHI.

WHAT INFORMATION IS PROTECTED?

Protected information includes identification of a patient by name, social security number, birth date or address. It includes all data in a patient’s medical record such as health status, diagnosis, treatment information and test results. Information relative to provisions for or payment of health care is also protected.


34

o Names, Addresses o All elements of dates directly related to an individual, including birth date,

admission date discharge date, date of death o Telephone or Fax number o E-Mail Address o Medical Record Number o Health Plan Beneficiary Number o Account Numbers o Certificate/License Number Vehicle Identifier and Serial Numbers (License

plates) o Device Identifiers & Serial Numbers o URL, IP Addresses o Biometric Identifiers (finger and voice prints) o Full-Face Photos and Comparable Images o Any other unique identifying number, characteristic or code

What Is Considered PHI?


SECURITY OF DATA

SAFEGUARDING PROTECTED HEALTH INFORMATION (PHI) - A covered

entity must have administrative, technical and physical safeguards in

place to protect the privacy of Protected Health Information from the

intentional or unintentional use or disclosure.


HIPAA’s 2009 HITECH ACTHealth Information Technology for Economic and

Clinical Health

HITECH Act introduced several new security provisions including:

o time frame requirement to notify members and Health and Human Services (HHS) of Protected Health Information (PHI) security breaches;

o new stricter HIPAA regulations regarding business associates and enforcement of penalties;

o restrictions on the sale and marketing of PHI;

When a breach occurs, a covered entity must notify each individual whose unsecured PHI has been, or is reasonably believed by the covered entity to have been breached, accessed, acquired, used or disclosed as a result of such breach. A covered entity must notify HHS and the media in the event of a breach of unsecured PHI involving 500 or more individuals. A business associate must notify the covered entity of any breach of unsecured PHI.


Violation of PHI & PHI Breach Disclosures

For knowingly obtaining or disclosing identifiable health information relating to an

individual in violation of the Rule:

o Up to $50,000 & 1 year imprisonment

o Up to $100,000 & 5 years if done under false pretenses

o Up to $250,000 & 10 years if intent to sell, transfer, or use for

commercial advantage, personal gain or malicious harm

Preferred Care Partners must notify the Secretary of Health and Human Services of all

unauthorized disclosures of PHI; and follow the required process of notification to the

individual, client, business associate and when indicated, the media.


The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is responsible for privacy and security enforcement under Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act provisions. OCR has announced that it is initiating compliance audits beginning November, 2011, as authorized by the HITECH Act. This action precedes the imminent release of the Final HIPAA/HITECH Act Privacy, Security, Breach Notification, and Enforcement Rules, expected before the end of 2011, and will strengthen enforcement and accountability for compliance with existing and forthcoming Rule modifications. To avoid the consequences of potential penalties for non-compliance, covered entities and business associates must now pay immediate attention to conducting a new or reviewing an existing risk assessment of threat and vulnerability to protected health information (PHI), mitigating identified risks through privacy and security safeguard policies and procedures, training their workforce members to safeguard privacy and security of PHI, and documenting those actions in writing.

HIPAA AUDITS


Record Retention

Documentation such as medical, professional, financial and

business records must be maintained for at least 10 years from

the date of service.


Your Your

ResponsibilitiesResponsibilities


Duty to Report

Everyone within your organization, including owners, directors, vendors and contractors have a duty to comply with all laws and regulations and to report violations.

o You do not have to be certain that a violation has occurred in order to report suspected wrongdoing.

o Retaliating against anyone who reports a suspected violation is prohibited by Company policy.


FraudIf you suspect any potential case of fraud, waste or abuse related to Medicare you may report it to our Fraud Hotline number 1- 866- 678- 8822. All reports are confidential and may be anonymous.

Our website address is: http://www.mypreferredcare.com/english/aboutus/fraud.aspx

You may also report fraud via email: [email protected]://www.mypreferredprovider.com/medicare/en/provider-resources/report-fraud.aspx Suspected cases of Medicare fraud may also be reported directly to the Health and Human Services Office of the Inspector General in writing or by phone:

1-800-HHS-TIPS (1-800-447-8477) CMS: 1-800-MEDICARETTY: 1-800-377-4950Mail:Office of the Inspector GeneralDepartment of Health and Human ServicesAttention: HOTLINEPO Box 23489Washington, DC 20026


Whistle Blower Protections

Qui Tam Actions: The FCA contains whistleblower or qui tam provisions that allow individuals who become aware of fraud against the government to sue on behalf of the government. A person who brings a qui tam action that a court later finds was frivolous may be liable for fines, attorney fees and other expenses.

Non retaliation Policy: Preferred Care Partners does not retaliate against any employee or entity that reports suspected fraudulent insurance activities.

o Preferred Care Partners ensures that identities are protected for individuals reporting in good faith alleged acts of fraud and abuse.


Penalties for Violating Medicare Civil Monetary Penalties (CMPs) (42 U.S.C. §1320a-7a)

Penalties range from $10,000 to $50,000 per violation and includes exclusion from the Medicare program for a minimum of five years or more, these are: oPresenting a claim that the person knows or should know is for an item or service that was not provided or is false or fraudulent or for which payment may not be made. oMaking false statements or misrepresentations on application or contracts to participate in Federal Health Care programs. oViolation of the Medicare assignment provisions oViolation of a Medicare physician or supplier agreement oViolation of assignment requirement for certain diagnostic clinical laboratory tests oViolation of requirement of assignment for nurse-anesthetist services oRefusal of any supplier to provide rental Durable Medical Equipment (DME) supplies without charge after rental payments may no longer be madeoPhysician billing for assistants at a cataract surgery without prior approval of the Quality Improvement Organization (QIO) oHospital unbundling of outpatient surgery costs oHospital and responsible physician “dumping of patients” based upon their inability to pay, or lack of resources.oFalse or misleading information expected to influence a discharge decisionoViolations of the Anti-Kickback statute and/or Stark Law.


RESOURCES• Centers for Medicare and Medicaid Services (CMS)

www.cms.hhs.gov

• Medicare Managed Care Manual and Medicare Prescription Drug Benefit Manual www.cms.hhs.gov/Manuals/IOM

• CMS Prescription Drug Manual – Chapter 9: http://www.cms.gov/manuals/downloads/Pub100_18.pdf

• Fraud & Abuse General Information www.cms.hhs.gov/MDFraudAbuseGenInfo

• Office of Inspector General (OIG) www.oig

• Physician Self Referral Law www.cms.hhs.gov/PhysicianSelfReferral

• Social Security Administration www.ssa.gov/oig/guidelin.htm

• Office of Inspector General Department of Health and Human Serviceshttp://oig.hhs.gov

• HIPAA http://www.hhs.gov/ocr/privacy hhs.gov


Training Documentation

You are accountable and responsible for ensuring Compliance

o Companies like Preferred Care Partners that have contracts with the federal government must ensure that their employees, owners, directors, vendors and contractors are knowledgeable about all laws and regulations that apply to their business in order to ensure that no documentation or certification prepared by those employees and provided to the government is considered to be knowingly false.

o Please note that you must be able to submit records of training logs documenting employee participation in the training upon request.

Thank you for completing Preferred Care Partners Fraud, Waste and Abuse Training.


2012 fraud, waste and abuse downstream training preferred care partners confidential and proprietary

Documents

abuse o definitions

abuse o types of fraud

abuse training

o related entity

o downstream entity

o obligations

abuse fwa

fwa o protections