2012 medicare compliance training - cigna

2012 Medicare Compliance Training – for External Parties

2012 Medicare Compliance Training.ulc – for External Parties © Copyright 2010 CIGNA. All rights reserved.

Rev 1 12/12/2011 1/55

2012 Medicare Compliance Training for External Parties

"Cigna Medicare Services" is a service mark, and the "Tree of Life" logo is a registered service mark, of Cigna Intellectual Property, Inc., licensed for use by Cigna Corporation and its operating subsidiaries. All products and services are provided exclusively by operating subsidiaries, including Connecticut General Life Insurance

Company and Cigna HealthCare of Arizona, Inc., both of which are Medicare Advantage Organizations with a federal Medicare contract, and not by Cigna Corporation.

Confidential property of Cigna. Do not duplicate or distribute. All examples and fact patterns used herein are fictitious.

© Copyright 2012 by Cigna



Rev 1 12/12/2011 2/55

I n t r o d u c t i o n

Cigna has contracted with the Centers for Medicare & Medicaid Services (CMS) to offer multiple benefits to Medicare enrollees. As part of those contracts, Cigna employees who have direct or indirect involvement with the Medicare programs are required to complete this Medicare Compliance training course.

Additionally, per the Federal Register Notice CMS-4124-FC, CMS clarifies that the training and communication requirements apply to all entities we partner with. Therefore, CIGNA is making this training available in the event you do not have your own Medicare Compliance Training program established. This training is an annual requirement.



Rev 1 12/12/2011 3/55

C o u r s e O b j e c t i v e s

After completing this course, you will be able to:

• Describe Cigna’s Medicare Programs. • Follow Medicare Rules. • Define Key Elements of a Compliance Program. • Discuss Policies and Procedures. • Describe Protected Health Information (PHI).



Rev 1 12/12/2011 4/55

T r a i n i n g R e q u i r e m e n t s C e r t i f i c a t i o n

At the end of this training a Certification is provided as evidence of compliance with Medicare requirements in audits conducted by the Federal government. Cigna requires employees, or anyone working on Cigna's behalf, who have direct or indirect involvement with the Medicare programs to complete this training, certify their completion, and acknowledge they have received, read, and will comply with all written Cigna policies.



Rev 1 12/12/2011 5/55

E m p l o y e e E t h i c s

Ethical principles are the foundation of Cigna’s unwavering commitment to integrity, ethical conduct, and legal and regulatory compliance. These principles are at the heart of our core value to Act with Integrity. For example, at Cigna we must:

• Behave ethically in a way that reflects Cigna’s commitment to do what is right, honest, fair, and trustworthy.

• Take all the right actions to ensure that we, and Cigna, comply with all laws, rules, and regulations that apply to our business.

• Conduct business in a way that avoids any conflict or even the appearance of a conflict between our own personal interests and Cigna’s interests.

• Take all the right steps to protect Cigna’s assets (for example, property, information, and financial records) from loss, damage, or misuse.

The Code of Ethics & Principles of Conduct and its related policies are the cornerstone of Cigna's Enterprise Compliance Program. Annual training on the Code of Ethics & Principles of Conduct and related policies is required with an affirmation at the end of the training. The Code of Ethics training only partially satisfies the Medicare Compliance training requirement.



Rev 1 12/12/2011 6/55

L e s s o n 1 : O v e r v i e w o f C i g n a ' s M e d i c a r e P r o g r a m s

Cigna offers two types of Medicare programs:

• Cigna Medicare Part D - Cigna’s PDP program contracts with the Centers for Medicare & Medicaid Services (CMS) to provide individual prescription drug benefits for Medicare beneficiaries and employer-sponsored prescription drug plans

• Cigna Medicare Select (HMO) - A Medicare Advantage Prescription Drug (MA-PD) Plan available in Arizona (Maricopa County and select zip codes in Pinal County).

Lesson 1 provides an overview of Cigna's Medicare programs.

The government offers four types of Medicare programs:

• Medicare Part A - covers Hospital Care • Medicare Part B - covers Medical Services • Medicare Part C - covers Medical Services for Medicare

Advantage plans like HMO, PPO, and Private Fee for Service

• Medicare Part D - covers Prescription Drug Plans



Rev 1 12/12/2011 7/55

C i g n a G o v e r n m e n t S e r v i c e s ( C G S )

Cigna currently no longer contracts with the Centers for Medicare & Medicaid Services (CMS) to administer the Medicare Part B workload.

The Medicare Part B business previously handled by Cigna Government Services (CGS) was sold to Blue Cross Blue Shield of South Carolina in early 2011.



Rev 1 12/12/2011 8/55

C i g n a H e a l t h C a r e o f A r i z o n a

Cigna HealthCare of Arizona offers three benefit plans:

• Cigna Medicare Select Plus Rx – Standard (HMO) • Cigna Medicare Select Plus Rx – Premium (HMO) • Cigna Medicare Select Plus Rx – Dual (HMO SNP)

Cigna HealthCare of Arizona (AZ), is located in Phoenix, AZ, and has contracted with the CMS to offer Medicare Advantage Prescription Drug (MA-PD) benefits to Medicare-eligible beneficiaries. Through this arrangement, Medicare pays Cigna a set amount of money every month to provide medical and prescription drug coverage to Medicare beneficiaries.



Rev 1 12/12/2011 9/55

C i g n a M e d i c a r e S e l e c t P l u s R x – S t a n d a r d ( H M O )

Cigna Medicare Select Plus Rx – Standard is a MA-PD Health Maintenance Organization (HMO) plan that provides medical and prescription drug coverage.

Cigna Medicare Select Plus Rx – Standard members must receive services from network and/or contracted health care providers, except for emergent or urgent care, which may be obtained anywhere within the United States.

Medicare-eligible beneficiaries who reside in Maricopa County or the Cities of Apache Junction or Queen Creek in Pinal County, and who do not have end stage renal disease, and have Medicare Parts A and B coverage are eligible for this plan.



Rev 1 12/12/2011 10/55

C i g n a M e d i c a r e S e l e c t P l u s R x – P r e m i u m ( H M O )

New for 2012 is the Cigna Medicare Select Plus Rx – Premium plan, which has a low monthly premium of $25. As compared to the Standard plan, the Premium plan provides reduced co-payment amounts for some medical services, including hospitalization, Primary Care Physician (PCP), and specialty office visits, and outpatient facility services.

Cigna Medicare Select Plus Rx – Premium members must receive services from the Cigna Medicare Select network of providers. Emergent or urgent care may be obtained anywhere within the United States and worldwide.

Medicare-eligible beneficiaries who reside in Maricopa County or the Cities of Apache Junction or Queen Creek in Pinal County, do not have end stage renal disease, and have Medicare Parts A and B coverage are eligible for this plan.



Rev 1 12/12/2011 11/55

C i g n a M e d i c a r e S e l e c t P l u s R x – D u a l ( H M O S N P )

Cigna Medicare Select Plus Rx – Dual (HMO SNP) is an MA-PD Health Maintenance Organization (HMO) Special Needs Plan (SNP) which offers medical and prescription drug coverage to beneficiaries who have dual coverage, such as Medicaid and Medicare benefits.

Cigna Medicare Select Plus Rx – Dual members must receive services from the Cigna Medicare Select network of providers. Emergent or urgent care may be obtained anywhere within the United States.

Dual-eligible beneficiaries may join the Cigna Medicare Select Plus Rx – Dual (HMO SNP) plan at any time throughout the year if the beneficiary resides in Maricopa County or the Cities of Apache Junction or Queen Creek in Pinal County, does not have end stage renal disease, has Medicare Parts A and B and maintains their dual-eligible status.



Rev 1 12/12/2011 12/55

C i g n a M e d i c a r e P a r t D P r e s c r i p t i o n D r u g P r o g r a m ( P D P )

Employer-sponsored prescription drug plans include:

• Employer Retiree Drug Subsidy - Employers or unions with prescription drug coverage that is at least as good as Medicare’s can apply to the CMS to receive a tax-free retiree subsidy.

• Employer-Specific PDP - The employer makes special arrangements with entities offering Part D Medicare plans such as, Connecticut General Life Insurance Company (CGLIC). These entities provide a retiree prescription drug plan that integrates the basic Part D individual coverage with the supplemental coverage (i.e., coverage for classes of prescription drugs not covered under Part D, such as coverage for Barbiturates and Benzodiazepines).

Cigna’s PDP program encompasses many offices with the core staff located in Bloomfield, Connecticut. This program contracts with the CMS to provide individual prescription drug benefits for Medicare beneficiaries and employer-sponsored prescription drug plans.



Rev 1 12/12/2011 13/55

39999

L e s s o n 2 : M e d i c a r e R u l e s

Lesson 2 discusses the Medicare rules that Cigna must comply with and provides links to important guidelines and regulations.



Rev 1 12/12/2011 14/55

M e d i c a r e C o m p l i a n c e

Cigna and its contractors must comply with all applicable Medicare laws and regulations and any regulation deviations must be approved by Medicare. Through our contractual arrangements with the CMS, Cigna has agreed to adhere to all Medicare laws and regulations.

The CMS outlines their expectations and Cigna utilizes these regulations to develop our health plan operations, workflows, and internal processes to ensure we meet our contractual requirements. Cigna subcontractors must also ensure processes are in place to comply with regulations and develop applicable policies and procedures.



Rev 1 12/12/2011 15/55

M e d i c a r e C o m p l i a n c e , C o n t i n u e d

FDRs will be required to submit an annual Attestation to evidence compliance. The Attestation will cover, but is not limited to, the following areas:

• Code of Conduct - FDR must adopt and follow a code of conduct that reflects a commitment to detecting, preventing, and correcting fraud, waste, and abuse in the administration or delivery of Medicare benefits.

• Compliance Oversight - FDRs are required to respond to identified compliance deficiencies promptly. Upon the discovery of a compliance deficiency, the organization must promptly address and correct the deficiency in accordance with CMS regulations.

• Compliance Training - Annual compliance training is required for all persons involved in the administration or delivery of the Medicare Program. Cigna’s Medicare Compliance Training module is made available to FDRs who may not have appropriate training.

• Exclusion Review - FDRs must review the Office of Inspector General (OIG) and General Services Administration (GSA) exclusions lists to ensure that any FDR employee or manager responsible for administering or delivery Medicare benefits is not excluded from Federal programs. FDRs must conduct this review upon initial hire and annually thereafter. If an excluded employee is identified, the FDR must immediately remove the employee from any work related directly or indirectly to any Federal health care program and must take appropriate corrective actions.

Any subcontracted vendor (also known as First tier, Downstream and Related Entities, or "FDRs") of Cigna must comply with all applicable Medicare laws and regulations and any regulation deviations must be submitted to the Medicare Services Compliance Officer and approved by CMS.



Rev 1 12/12/2011 16/55

L i n k s t o G u i d e l i n e s a n d R e g u l a t i o n s

As a Medicare contractor, we must comply with numerous regulations. Here are several important links to regulations and guidance issued by CMS.

• Annual Part C and Part D Application - http://www.cms.gov/PrescriptionDrugCovContra/04_RxContracting_ApplicationGuidance.asp

• Call Letter - http://www.cms.gov/MedicareAdvtgSpecRateStats/Downloads/Announcement2012.pdf • Medicare Part D Manuals - http://www.cms.gov/PrescriptionDrugCovContra/12_PartDManuals.asp • Medicare Part C Manuals - http://www.cms.gov/Manuals/IOM/ • Instructions issued by the CMS via the Health Plan Management System (HPMS) -

http://www.cms.gov/PrescriptionDrugCovContra/HPMSGH/list.asp • Code of Federal Regulations (CFR) applicable to Medicare - http://www.access.gpo.gov/nara/cfr/cfr-

table-search.html#page1 • Pharmacies contracted with Medicare Sponsors (such as Cigna), must comply with numerous

regulations, for example: o Pharmacy specific instructions can be found at:

http://www.cms.hhs.gov/center/pharmacist.asp

http://www.cms.gov/PrescriptionDrugCovContra/04_RxContracting_ApplicationGuidance.asp�

http://www.cms.gov/PrescriptionDrugCovContra/04_RxContracting_ApplicationGuidance.asp�

http://www.cms.gov/MedicareAdvtgSpecRateStats/Downloads/Announcement2012.pdf�

http://www.cms.gov/MedicareAdvtgSpecRateStats/Downloads/Announcement2012.pdf�

http://www.cms.gov/PrescriptionDrugCovContra/12_PartDManuals.asp�

http://www.cms.gov/PrescriptionDrugCovContra/12_PartDManuals.asp�

http://www.cms.gov/Manuals/IOM/itemdetail.asp?filterType=none&filterByDID=-99&sortByDID=1&sortOrder=ascending&itemID=CMS019326&intNumPerPage=10�

http://www.cms.gov/Manuals/IOM/�

http://www.cms.gov/PrescriptionDrugCovContra/HPMSGH/list.asp�

http://www.cms.gov/PrescriptionDrugCovContra/HPMSGH/list.asp�

http://www.access.gpo.gov/nara/cfr/cfr-table-search.html#page1�



http://www.cms.hhs.gov/center/pharmacist.asp�



Rev 1 12/12/2011 17/55

L e s s o n 3 : K e y E l e m e n t s o f a C o m p l i a n c e P r o g r a m

Lesson 3 discusses the Key Elements of a Medicare Compliance Program.

According to the Centers for Medicare & Medicaid Services (CMS), the key elements of an effective compliance program are:

• Requiring Written Policies and Procedures • Designating a Compliance Officer and a Compliance Committee • Conducting an Effective Training and Education Program • Developing Effective Lines of Communication • Enforcing the program through Publicized Disciplinary

Guidelines and Policies that deal with Ineligible Persons • Auditing and Monitoring • Responding to Detected Offenses, Developing Corrective

Action Initiatives, and Reporting to Government Authorities • Planning that can Detect, Correct, and Prevent Fraud, Waste,

and Abuse



Rev 1 12/12/2011 18/55

W r i t t e n P o l i c i e s a n d P r o c e d u r e s

CMS requires that plan sponsors have written Standards of Conduct. One way that Cigna satisfies this requirement is through our Code of Ethics & Principles of Conduct. We are responsible for knowing, understanding, and complying with Cigna's Code of Ethics & Principles of Conduct, as well as the policies and procedures that apply to the work we do. The Code of Ethics & Principles of Conduct and related policies reflect Cigna’s commitment to integrity, ethical conduct, and legal/regulatory compliance.

A few of the topics you can find covered in Cigna’s Code of Ethics & Principles of Conduct are:

• Conflict of Interest • Cigna Assets • False Claims • Control, Accounting, and Reporting • Information Protection and Privacy • Communications and Fair Disclosure

All entities contracted to perform work related to Medicare programs must review Cigna’s Code of Ethics policies and procedures or have appropriate policies and procedures to address Code of Conduct policies, as well as Fraud, Waste and Abuse.



Rev 1 12/12/2011 19/55

W r i t t e n P o l i c i e s a n d P r o c e d u r e s , C o n t i n u e d

Cigna’s Code of Ethics & Principles of Conduct can be accessed by external contracted entities and individuals working on Cigna’s behalf at this website address: http://cigna.com/about_us/governance/index.html. CMS requires entities not having their own Code of Ethics (Code of Conduct) policies to view Cigna’s Code of Ethics.

Here, the Code of Ethics & Principles of Conduct is available for clients, members, and other stakeholders who want to learn more about Cigna’s commitment to integrity, ethical conduct, and legal and regulatory compliance.

If you do not have access to the Internet, you should contact your manager or business unit Compliance Officer.

http://cigna.com/about_us/governance/index.html�



Rev 1 12/12/2011 20/55

C o m p l i a n c e O f f i c e r a n d C o m p l i a n c e C o m m i t t e e

The Medicare Services Compliance Committee is led by the Cigna Medicare Services Compliance Officers, Rich Appel and David Hu. Members of the Committee are comprised of:

• Cigna Senior Care President • Cigna Senior Care Vice President, Operations • Cigna Senior Care Vice President Medicare Administration • Cigna Senior Care Vice President Sales • Cigna Medicare Services Compliance Officer – National • Cigna Medicare Services Compliance Officer – Arizona • Cigna Product Manager • Cigna Legal Counsel • Cigna Provider Contracting Director • Cigna Vice President Clinical Programs • Cigna SIU Director • Cigna Medical Group Compliance Officer



Rev 1 12/12/2011 21/55

P u b l i c i z e d D i s c i p l i n a r y G u i d e l i n e s

Compliance with Cigna’s Code of Ethics & Principles of Conduct and related policies, as well as applicable Medicare Policies and Procedures Manuals (which incorporate legal and contractual requirements), is an ongoing performance objective for all Cigna Medicare Services contractors.

On a case-by-case basis, the severity of the disciplinary action is determined by the Cigna Medicare Services Compliance Officer, Human Resources, and the employee’s supervisor.

Violation of Cigna’s Code of Ethics & Principles of Conduct and related policies and/or Cigna’s operational policies and procedures may result in disciplinary action, up to and including, termination.

Disciplinary actions are discussed in Cigna's Code of Ethics & Principles of Conduct (Note: external contracted entities and individuals working on Cigna’s behalf without Cigna network access must use this website address: http://cigna.com/about_us/governance/index.html.)

http://home.cigna.com/CignaPage.aspx?page=5029�


http://cigna.com/about_us/governance/index.html�



Rev 1 12/12/2011 22/55

A u d i t i n g a n d M o n i t o r i n g

Auditing and monitoring at Cigna is performed through Risk Assessment, Internal Audits, External Entity Oversight, and Subcontractor First Tier, Downstream, and Related Entity (FDR) Oversight:

• Risk Assessment - Cigna conducts an annual risk assessment, supplemented by a quarterly enterprise risk assessment, to evaluate functional areas of the organization to assess potential business or control risk. Results of the assessment are scored and those areas identified as the highest risk are considered when developing the internal audit plan. Other factors are considered in the risk assessment, such as areas at risk of not meeting the CMS standards.

• Internal Audits - The Cigna Medicare Services Compliance Officer coordinates with management to implement the internal audit plan. Audits are performed to ensure adherence to the

CMS requirements and Cigna’s internal policies and procedures. Corrective action plans will be developed and implemented in areas where processes do not meet the requirements.

• External Entity Oversight - Cigna Medicare Services is also subject to audits from external parties such as the CMS and the Office of Inspector General (OIG). Corrective action plans for any deficiencies or findings reported during external audits will be developed and implementation will be monitored to ensure processes are strengthened and regulations are followed.

• Subcontractor FDR Oversight Internal Audits - Cigna conducts annual FDR Oversight audits focused on five areas: Client Satisfaction, Quality Assurance, Operations, Compliance/Finance, Data Management Systems o Corrective action plans will be developed and implemented by FDRs where processes do not meet the

requirements. The Cigna Medicare Services Compliance Officer will monitor corrective action



Rev 1 12/12/2011 23/55

R e s p o n d i n g t o D e t e c t e d O f f e n s e s

Violations of the Compliance Program, Federal and State statutes, rules and regulations, or any other types of misconduct will be investigated by the Cigna Medicare Services Compliance Officer or designee.



Rev 1 12/12/2011 24/55

R e s p o n d i n g t o D e t e c t e d O f f e n s e s , C o n t i n u e d

Reporting Detected Criminal Violations: If you know of, or reasonably suspect, a misappropriation of Cigna assets, or any other violation of law, ethical, or business policies, you must report the matter.

Reporting Obligation: It is the obligation of every employee, and individual working on Cigna’s behalf, who knows of, or reasonably suspects, a violation of Cigna's Code of Ethics & Principles of Conduct to promptly report it.

Unless a specific policy states otherwise, the report may be oral or written, and made at https://Cignaethicshelpline.alertline.com, or by calling 1.800.472.8348. You may also report issues to the Cigna Medicare Services Compliance Officer or Arizona Medicare Compliance Officer, as applicable.

https://cignaethicshelpline.alertline.com/�



Rev 1 12/12/2011 25/55


Non-Retaliation: Cigna will not discriminate or retaliate against anyone who, in good faith, reports violations of laws or regulations, the Code of Ethics & Principles of Conduct, or other company policies; whether those violations are by a Cigna company, another employee, or agent. In addition, employees are protected by Federal law against any retaliation for taking action under the Federal False Claims Act.

Compliance is Everyone’s Business…and it begins with you!



Rev 1 12/12/2011 26/55


Cigna’s Ethics Help Line: Cigna has a toll-free, 24-hour Ethics Help Line (1.800.472.8348) to facilitate confidential and retribution-free reporting of violations, and to handle requests for information about Cigna's Code of Ethics & Principles of Conduct. You can also report issues by going to the Cigna Ethics Help Line webpage.

Cigna's Fraud Hot Line: Cigna has a toll-free, 24-hour Fraud Hotline (1.800.667.7145) and email address ([email protected]) to facilitate confidential and retribution-free reporting of suspected fraud, and to handle requests for information about Cigna's FWA policies.

https://cignaethicshelpline.alertline.com/�

mailto:[email protected]�



Rev 1 12/12/2011 27/55


Cigna’s Privacy Office: All information reported by Cigna employees, enrollees, individuals working on Cigna’s behalf, or others, is kept confidential by Cigna to the extent reasonably possible during any resulting investigation. It is possible that an individual’s name may become known or revealed in certain instances when governmental authorities intercede, or as otherwise required by law. If you have questions related to Cigna’s Privacy Policy, contact the Cigna’s Privacy Office at [email protected].

Information and Data Security: Cigna’s Information Protection Policy outlines safeguards and activities needed to protect proprietary information and avoid unintended disclosures. If you witness an act that looks like a policy violation or puts Cigna information at risk, tell your manager, HR representative, contact the Cigna Medicare Services Compliance Officer, or call 1.800.4SAFEPC.




Rev 1 12/12/2011 28/55


Developing Corrective Action Initiatives: Reports of suspected misconduct will be investigated. If a violation of applicable law or regulation is found to exist, Cigna will take steps to correct the problem. These steps may include developing a corrective action initiative; or, if material, immediate referral to criminal and/or civil law enforcement authorities, disclosure to Cigna senior management, and the appropriate governmental authority, where appropriate.

Reporting to the Government:: Cigna shall report to appropriate governmental authorities, such as the CMS and OIG, credible information of material violations of the law by Cigna, subcontractors, health care providers, or enrollees for a determination as to whether any criminal, civil, or administrative action may be appropriate.



Rev 1 12/12/2011 29/55

P l a n t o D e t e c t , C o r r e c t , a n d P r e v e n t

The CMS requires all Medicare sponsors to develop a comprehensive program to detect, correct, and prevent FWA.

Entities contracted with Cigna should also have appropriate policies and procedures to address fraud, waste, and abuse.

To reflect Cigna’s commitment to the Medicare program, Cigna’s Special Investigations Unit (SIU):

• Administers required annual anti-fraud training for key employees • Detects, deters, and investigates suspicious claims • Provides methods to report suspicious activity • Maintains a process for receiving and documenting complaints of

internal and external fraudulent activity • Files reports and quarterly documentation regarding FWA to CMS • Assists CMS and State and Federal law enforcement in

investigational activity



Rev 1 12/12/2011 30/55

S p e c i a l I n v e s t i g a t i o n s U n i t

The SIU uses a variety of means to help employees detect suspicious claims, including: delivering annual anti-fraud training for key employees, "Red Flags" job aids (Medical – Medicare Part C, Pharmacy – Medicare Part D); maintaining a dedicated phone line and an email box for questions and reporting suspected FWA, and conducting data mining.

The SIU investigators are responsible for identifying schemes specifically related to Medicare Part C and Medicare Part D.

Cigna’s SIU communicates with other SIUs, law enforcement, regulatory agencies, the CMS, Medicare Drug Integrity Contractors (MEDIC), and associations to identify schemes and/or suspect pharmacies.



Rev 1 12/12/2011 31/55

F W A I n v e s t i g a t i o n

The SIU gathers information and evidence by auditing claims, interviewing members and health care providers, reviewing medical records and prescriptions, data mining, and then documenting findings.

The CMS has contracted with certain companies to be Medicare Drug Integrity Contractors (MEDIC). The SIU refers cases of suspected FWA to MEDIC for investigation.

MEDIC’s activities include:

• Data analysis to identify potential Part C and Part D fraud

• Investigation of potential Part C and Part D fraud for referral to law enforcement

• Liaison with law enforcement/sponsors for Part C and Part D issues, and audits of sponsor and subcontractor Part C and Part D operations



Rev 1 12/12/2011 32/55

F W A P r o s e c u t i o n a n d R e s t i t u t i o n

Cigna takes appropriate action against fraud offenders by stopping payments to health care providers and referring cases to State and Federal law enforcement for legal action. They partner with State insurance departments, fraud bureaus, and professional organizations and pursue sanctions through State licensing boards. Within 30 days of identifying a suspicion of fraud or the documentation of fraud, the SIU makes a referral to MEDIC and the appropriate State Department of Insurance.

Cigna’s SIU tries to recover losses incurred due to fraud by:

• Pursuing and recovering damages • Pursuing civil remedies • Pursuing criminal charges



Rev 1 12/12/2011 33/55

F W A P r e v e n t i o n

Increased fraud awareness is created by requiring anti-fraud training programs for key Cigna employees, vendors, and partners; maintaining anti-fraud policies and procedures; and communicating new fraud schemes to Cigna employees.

Employees should refer all suspicious claims to [email protected]. Calls pertaining to Medicare FWA should be placed to the Fraud Hot Line at 1.800.667.7145.




Rev 1 12/12/2011 34/55

L e s s o n 4 : P o l i c i e s a n d P r o c e d u r e s

Lesson 4 describes policies with provisions of special relevance to Medicare. These policies include but are not limited to:

• External Review and Studies • Conflict of Interest • Office of Inspector General (OIG)/General

Services Administration (GSA) Exclusion Review • Record Retention • Anti-Kickback • False Claims • Gifts



Rev 1 12/12/2011 35/55

E x t e r n a l R e v i e w s a n d S t u d i e s P o l i c y

As a Medicare contractor, we will at times be requested to participate in external audits, studies, or reviews that are beyond normal day-to-day requests. These requests may come from the CMS, the OIG, the General Accounting Office (GAO), the Department of Justice (DOJ), or from an entity contracted with these organizations.

The requests may be made via telephone or received in writing. We may also be issued subpoenas for the production of information.

If you receive a subpoena related to Medicare data, records, or information (or any other information), you should immediately contact Medicare Compliance and Cigna business legal counsel for assistance. If you receive a request for Medicare records, or any information from an external party, immediately contact Medicare Compliance for assistance.

Medicare Compliance will work with you to ensure we respond appropriately and in accordance with applicable law. Cigna will cooperate with the CMS and other governmental agencies and their authorized representatives to provide access to information and records.



Rev 1 12/12/2011 36/55

C o n f l i c t s o f I n t e r e s t

Conflicts of interest can arise if you have a direct or indirect financial, business or personal involvement with a current or potential supplier, competitor, member, or employee of Cigna. In addition, outside financial or business involvement by members of your immediate family, or by persons with whom you have a close personal relationship, may create a possible conflict of interest for you. As an individual working on Cigna’s behalf:

o You must not take part in any transaction in which you have a personal interest if there is, or might appear to be, a conflict between your interest and the interests of Cigna.

o You must not take part in any business transaction in which you have a personal interest if your participation is in any way related to information you received, or a relationship you developed, as an employee or director.

o You should not show preferential treatment to any health care provider or supplier regardless of their relationship with Cigna. If you become aware of a situation involving preferential treatment to health care providers or suppliers, you should notify the Cigna Medicare Services Compliance Officer immediately.

Each provider or entity that contracts with Cigna will require its managers, officers, and directors responsible for the administration or delivery of Part D benefits to sign a conflict of interest statement, attestation, or certification at the time of hire and annually thereafter certifying that the manager, officer, or director is free from any conflict of interest in administering or delivering Part D benefits.



Rev 1 12/12/2011 37/55

O I G / G S A E x c l u s i o n R e v i e w

(i) have policies and procedu res which ensure that any employee or manager respons ible for adminis ter ing or del ivering Medicare services or benefi ts , is not excluded fro m Federal health care programs and ( ii) review the OIG and G SA exclus ions lis ts . The OIG and GSA lis ts will be checked upon initiall y hirin g and annually therea fter. Addi tionally, i f an employee is identified to be on s uch lis ts , that emp loyee will im mediately be remo ved fro m any work related directly or i ndirectly t o all Federal health care prog rams and the entity wil l take appropr iate corrective actions.

Cigna will not knowingly hire any individual, or contract with any person or entity for its Medicare program, who has been convicted of a criminal offense related to health care or who is listed by a Federal agency as debarred, excluded, or otherwise ineligible for participation in a Federal health care program.

Cigna will review the Department of Health & Human Services OIG and GSA exclusion lists to ensure that its Medicare employees and subcontractors are not included on such lists.

If Cigna learns that an individual has been charged with a criminal offense related to health care or proposed for exclusion or debarment, the individual will be removed from direct responsibility for or involvement in all such Medicare activities until resolution of such charges or proposed debarment or exclusion.

During the contracting process, Cigna requires all contracted entities to attest that they:

(i) Have policies and procedures which ensure that any employee or manager responsible for administering or delivering Medicare services or benefits, is not excluded from Federal health care programs

(ii) Review the OIG and GSA exclusions lists. The OIG and GSA lists will be checked upon initially hiring and annually thereafter. Additionally, if an employee is identified to be on such lists, that employee will immediately be removed from any work related directly or indirectly to all Federal health care programs and the entity will take appropriate corrective actions.



Rev 1 12/12/2011 38/55

R e c o r d R e t e n t i o n

Unless specific conditions apply, all relevant Medicare Part C & D records will be maintained for10 years from the end of the final contract period or completion of an audit, whichever is later.

CMS has authority under section 1860D–12(b)(3)(c) of the Act and §422.504(e)(2) and §423.505(e)(2) to inspect and audit any books, contracts, and records of a Part D sponsor or MA organization and its first tier, downstream, and related entities that pertain to any aspect of services performed, reconciliation of benefit liabilities, and determination of accounts payable under the contract or as the Secretary may deem necessary to enforce the contract.

All records created in the course of business are the property of Cigna, and will be maintained in compliance with all legal, regulatory, and/or government contract requirements. Unauthorized disposal or removal of records from Cigna is prohibited.



Rev 1 12/12/2011 39/55

A n t i - K i c k b a c k

It is Cigna’s policy to strictly comply with all laws that regulate government contracting.

You must not offer, give, request, or receive anything of value for free or below fair market price in connection with the sale or recommendation of, or referral to, any benefit plan, product, or service paid partly or fully by any government program.

To ensure compliance with this policy, contracts or other business arrangements between Cigna and any health care provider or supplier (including pharmaceutical companies), and between Cigna and any government agency or program, must be in writing and must be reviewed and approved by the member of Cigna's legal department assigned to the relevant business division.



Rev 1 12/12/2011 40/55

A n t i - K i c k b a c k E x a m p l e s

The following scenarios are examples of potential kickback violations.

• A medical provider group compensates a referral coordinator for channeling members to their practice.

• A pharmacy’s waiving of Medicare co-payments in order to encourage enrollees to fill their prescriptions there.

• A Medicare Part D plan sponsor’s acceptance of a pharmaceutical manufacturer’s offer of a free disease management program in return for encouraging Medicare enrollees to use the manufacturer’s products.

• A drug manufacturer’s provision of a free trip to an employee of a Medicare Part D plan sponsor in return for the plan sponsor’s decision to place the manufacturer’s drug in the preferred tier of the plan’s Medicare formulary.



Rev 1 12/12/2011 41/55

F a l s e C l a i m s

Making a false statement, or the submission of false claims, is among the government’s highest fraud and abuse concerns. Such actions can result in criminal prosecution, up to five years imprisonment and/or a fine of up to $500,000.

Anyone who participates in submitting a false or fraudulent claim to the United States government for payment, including Medicare or Medicaid claims, can be held personally liable. Examples of prohibited conduct include, but are not limited to:

• Filing a claim for services that were never provided, were medically unnecessary, or were described inaccurately.

• Inflating the number of claims processed or failing to process any claims.

• Falsifying data entered into a reimbursement-related database, cost reports, Medicare enrollee satisfaction data, or audit-related documents.



Rev 1 12/12/2011 42/55

F a l s e C l a i m s , C o n t i n u e d

As an individual working on behalf of Cigna, you must ensure the integrity of the product or service provided, and of the related submissions made to the government.

Never falsify a document or knowingly submit misleading information and exercise due care and due diligence by verifying the accuracy of all data on which the certification is to be made. Take every submission of information to the government seriously and review the underlying requirements associated with certifications.

You must also report any false, inaccurate, or altered requests for payment or claims to a Cigna Medicare Services Compliance Officer, Cigna’s Chief Compliance & Ethics Officer, Ethics & Privacy Officer, Cigna Legal Counsel, or contact Cigna’s Ethics Help Line (1.800.472.8348). Employees and subcontractors are protected from retaliation for False Claims Act complaints under 31 U.S.C. § 3730(h), and other applicable anti-retaliation protections.



Rev 1 12/12/2011 43/55

G i f t s

Employees and directors must not offer or give gifts, entertainment, or anything of value that would, or might appear to, improperly influence the business decisions of others. Gifts, entertainment, or other benefits of value must not be given if doing so is prohibited by law or otherwise prohibited by company policy.

Employees and directors must not accept gifts or entertainment that would, or might appear to, improperly influence the employee's or director's decisions regarding Cigna business. Employees and directors must not give or accept money or gift certificates to or from subcontractors or anyone doing business with Cigna, or contemplating doing business with Cigna, under any circumstances.

As a Medicare contractor, we must take special care to never provide or offer to provide gifts or entertainment to government officials and employees.



Rev 1 12/12/2011 44/55

C o m m i t m e n t t o E t h i c a l S t a n d a r d s

Cigna leadership demonstrates its continued commitment and expectation to maintaining the highest legal and ethical standards in the conduct of its business by all Cigna employees and individuals working on behalf of Cigna.

Cigna annually reaffirms such commitment and expectation through annual ethics training.



Rev 1 12/12/2011 45/55

L e s s o n 5 : P r o t e c t e d H e a l t h I n f o r m a t i o n ( P H I )

Lesson 5 provides information about protecting individually identifiable health information, referred to as Protected Health Information (PHI).



Rev 1 12/12/2011 46/55

O v e r v i e w o f H I P A A P r i v a c y a n d S e c u r i t y R u l e s

The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules protect Individually Identifiable Health Information, a subset of which is referred to as Protected Health Information (PHI), held or transmitted by a Covered Entity, such as, Health Care Providers, Health Plans, and Health Care Clearinghouses and their Business Associates, including entities that complete functions on the Covered Entity’s behalf, such as Medicare subcontractors.

PHI includes information that identifies the individual or could reasonably be used to identify the individual. PHI is information, including demographic data, which relates to the individual’s past, present or future physical or mental health or condition, health care provided to the individual, or past, present, or future payment for health care provided to the individual.

The HIPAA Privacy Rule protects all PHI in any form or media, whether electronic, paper, or oral. The HIPAA Security Rule applies only to electronic PHI (e-PHI). In general, this rule requires a Covered Entity to adopt additional safeguards for e-PHI ensuring the confidentiality and availability of all it creates, receives, uses, maintains, or transmits. The Health Information Technology for Economic and Clinical Health (HITECH) Act expands certain HIPAA Privacy and Security requirements to cover Business Associates, and to provide individuals with additional rights to access and control the use of their PHI, among other things.



Rev 1 12/12/2011 47/55

P H I

All of the elements in this chart could be PHI, either alone, or if combined in a way that would allow for an individual to be identified. Let’s look at a couple of examples of information Cigna holds as a Medicare subcontractor.

• Zip code alone is not PHI, but zip code combined with address and phone number is PHI. This is because the combination of these data elements could be used to identify an individual.

• Birth date alone is not PHI, but coupled with Social Security Numbers (SSNs) and claim numbers, could result in identification of an individual and is considered PHI.

• SSN alone is PHI, as this data element can be used to identify an individual.

It is important to remember that the context and combination of information determines whether information is PHI. If you have any questions about what is, or is not PHI, always check with the Cigna Privacy Office.



Rev 1 12/12/2011 48/55

P H I R e q u i r e m e n t s

All Cigna Medicare employees must follow the Privacy Policy regarding the additional requirements list below. Click on each requirement for additional policy information.

• Safeguarding Protected Health Information: Members of the workforce must employ the appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information.

• Use and Disclosure of Information: PHI is confidential information that cannot be disclosed to others without the individual’s written authorization except for the purposes outlined in the law such as treatment (providing care), payment (claim payment), or health plan operations (examples include, but are not limited to: audits and fraud and abuse detection).

• Minimum Necessary: When collecting, accessing, using or disclosing PHI, or when requesting PHI to perform job functions, members of the workforce must make reasonable efforts to limit the use and disclosure to the minimum necessary to accomplish the intended purposes of the use or request.

• Verification: Members of the workforce must follow Cigna's procedures to verify the identity of a person requesting PHI, and the authority of any such person to have access to PHI.

• Notice of Privacy Practices: Individuals must receive and have access to a “Notice of Privacy Practices” which describes how their health information may be used or disclosed by Cigna, and what individual rights they have in relation to this information.

• Individual Privacy Rights: The HIPAA Privacy Rule provides individuals with certain rights related to their PHI. These rights include: access to their PHI; amendment of their PHI; an accounting of disclosures of their PHI; restrictions on the use and disclosure of their PHI; and alternate means of communicating with them, such as sending materials to an alternative address or location; and the ability to lodge a complaint if they believe there has been a violation of their privacy rights.

For more information on any of these Privacy Policy requirements click Cigna’s HIPAA policies




Rev 1 12/12/2011 49/55

T r a n s m i t t i n g P H I

Important facts regarding transmitting PHI:

PHI via the “Internet” – Even when transmitting PHI for permitted or required purposes (e.g., based on an individual’s authorization), it is NEVER acceptable to transmit PHI via email over the Internet unless the email is encrypted through the use of Cigna’s SecureMessage process. Cigna employees can utilize the established "SecureMessage" process.

Additionally, Cigna's IT department has provided a secure electronic transmission solution for Medicare Part D and PFFS business with our subcontractors NationsHealth and Accenture. As a result, email sent to the following email extensions is secure:

• NationsHealth (email addresses ending with @uspgi.com, @nationshealth.com and @nhrx.com)

• Accenture (email addresses ending with @accenture.com).

We DO NOT have a secure connection with the CMS. These are email addresses ending with @cms.hhs.gov.

Important Note: Even if CMS inadvertently transmits PHI to Cigna, you should never reply or forward the email without removing the PHI or securing the message appropriately by using the SecureMessage solution.



Rev 1 12/12/2011 50/55

T r a n s m i t t i n g P H I , C o n t i n u e d

PHI via fax – Prior to faxing PHI, ensure the receiving fax machine is attended and an authorized person is waiting to receive the fax.

Click on Cigna's Privacy Practices for information on any of Cigna's privacy policies.

http://www.cigna.com/privacy/privacy_healthcare.html�



Rev 1 12/12/2011 51/55

R e p o r t i n g P r i v a c y I n c i d e n t s

If a member of the workforce, including a contractor or a subcontractor, becomes aware of any potential violation of the HIPAA Privacy or Security Rules, Health Information Technology for Economic and Clinical Health Act (HITECH) Act, or Cigna's Privacy Policies and Procedures, they should report the issue either orally or in writing to any manager, the Cigna Medicare Services Compliance Officer, or to Cigna’s Privacy Office.

• Cigna Medicare Services Compliance Officer – Rich Appel – 860.226.7696

• Cigna Arizona Medicare Compliance Officer – David Hu – 623.277.1476

• Cigna Privacy Office – via email to - [email protected]

Instances of potential non-compliance with the Privacy & Security Rules, HITECH Act, and Cigna's Privacy Policies and Procedures will be investigated and appropriate disciplinary action will be taken as needed.




Rev 1 12/12/2011 52/55

R e p o r t i n g P r i v a c y I n c i d e n t s , C o n t i n u e d

Report privacy complaints and incidents promptly so that appropriate action can be taken.

All employees, managers, contractors, and subcontractors will immediately notify the Cigna Medicare Services Compliance Officer or the Cigna Privacy Office of any incident involving a potential violation of the HIPAA Privacy or Security Rules, HITECH Act or Cigna's Privacy Policies and Procedures.



Rev 1 12/12/2011 53/55

H I T E C H

HITECH enhanced the existing HIPAA Privacy & Security Rules and established new rules for the use and protection of PHI, and defined requirements for the identification, notification, and reporting of a breach. Under HITECH, a breach is the unauthorized acquisition, access, use, or disclosure of PHI which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information.

HITECH imposes more severe civil and criminal penalties on Covered Entities, Business Associates, and individuals for violations of HIPAA.

Now more than ever, it is important for you to notify the appropriate area within Cigna (Cigna Medicare Services Compliance, Cigna Privacy Office, or Cigna Business Lead) of any inappropriate access, acquisition, misuse, or loss of PHI.



Rev 1 12/12/2011 54/55

C o n c l u s i o n

This concludes the 2012 Medicare Compliance training.

Thank You for your time and attention.

Please carefully read the certification on the following page.

Contracted entities should print, sign, and date the certification and retain to support completion of the annual Medicare Compliance Training requirement. You may be asked to present this certification page, if requested for audit documentation.



Rev 1 12/12/2011 55/55

L e a r n i n g A s s e s s m e n t

Completion of Cigna’s 2012 Medicare Compliance Training Certification

I hereby certify that I have received, read and understand Cigna’s written standards of conduct for Medicare Compliance, including standards of conduct on Fraud, Waste and Abuse, that I have been trained on such standards, and that I understand my responsibility to comply with the requirements of such standards.

Signature: _________________________________________________ Date: ___________________________

Retain for your records.

2012 medicare compliance training - cigna

Documents