Travis Sutphin Manager, Regulatory

1
Travis SutphinManager, Regulatory
Compliance

• COMPLIANCE TRAINING PROGRAM

2
Welcome to Compliance Training

• This training includes
• 7 Elements of an Effective Compliance Program
• Reporting compliance violations
• Non-Retaliation Policy
• Non-compliance or fraud violation
• Who to contact
• Fraud and Abuse Prevention
• HIPAA Compliance Training
• Principles of Professional Conduct

3
HIPAA
4
Health Insurance Portability and Accountability
Act (HIPAA)

• Health Insurance Portability and Accountability
  Act (HIPAA )
• Privacy Protection for the privacy of Protected
  Health Information (PHI) effective April 14, 2003
  (including Standardization of electronic data
  interchange in health care transactions,
  effective October 2003)
• Security Protection for the security of
  electronic Protected Health Information (e-PHI)
  effective April 20, 2005
• Health Information Technology for Economic and
  Clinical Health Act (HITECH)
• Extends Privacy and Security provisions of HIPAA
  to business associates of covered entities,
  including criminal and civil penalties
• Breach notification requirements for unsecured
  PHI

5
What is the difference between Privacy Security

• The Privacy Rule sets the standards for how
  covered entities and business associates are to
  maintain the privacy of Protected Health
  Information (PHI)
• The Security Rule defines the standards which
  require covered entities to implement basic
  safeguards to protect electronic Protected Health
  Information (e-PHI)

6
What is HIPAA?

• Protects the privacy and security of a patients
  health information
• Provides for electronic and physical security of
  a patients health information
• Prevents health care fraud and abuse
• Simplifies billing and other transactions,
  reducing health care administrative costs

7
Who must follow HIPAA

• The covered entity consists of CarePoint Health
  Plan and its employees, to the extent that such
  employees use and disclose individually
  identifiable health information
• Other covered entities include providers, billing
  clearing houses, FDRs and contractors
• Business Associates
• A person or entity which performs certain
  functions, activities, or services for CarePoint
  Health Plan involving the use and/or disclosure
  of PHI, but the person or entity is not a part of
  CarePoint Health Plan or its workforce.
• CarePoint Health Plan is required to have
  agreements/contracts with business associates
  that protect a members PHI

8
Covered Transactions Consist of

• Enrollment and disenrollment
• Premium payments
• Eligibility
• Referral certification and authorization
• Health claims
• Health care payment and remittance advice

9
What patient information must we Protect?

• Protected Health Information (PHI)
• Relates to past, present, or future physical or
  mental condition of an individual provisions of
  healthcare to an individual or for payment of
  care provided to an individual.
• Is transmitted or maintained in any form
  (electronic, paper, or oral representation)
• Identifies, or can be used to identify the
  individual.

10
Examples of PHI(Health Information with
Identifiers)

• Name
• Address (including street, city, parish, zip code
  and equivalent geo codes)
• Any date (birth, admit date, discharge date, date
  of death)
• Telephone and Fax numbers
• Electronic (email) addresses
• Social Security Number
• Medical Records
• Any other unique identifying number,
  characteristic or code

11
What is the most important thing to remember
about HIPAA
YOU may not use or disclose an individuals
protected health information, except as otherwise
permitted, or required, by law. If you have
questions, please see your Supervisor or the
Compliance Department.
12
Acceptable uses of PHI

• Treatment
• Includes direct patient care, care coordination,
  referrals
• Payment
• Includes any activities required to bill and
  collect for health care services provided to
  patients
• Health Care Operations
• Includes business management and administrative
  activities, quality improvement, compliance,
  competency, and training

13
Acceptable Uses of PHI

• Must use or share only the minimum amount of PHI
  necessary, except for requests made
• for treatment of the patient
• by the patient, or as requested by the patient to
  others
• by the Secretary of the Department of Health
  Human Services (DHHS)
• as required by law
• to complete standardized electronic transactions,
  as required by HIPAA
• Healthcare operations
• CarePoint Health Plan must get a signed
  authorization from the member for any other use
  or disclosure of PHI. The authorization must
• Identify who may use or release the PHI and
  identify who may receive the PHI
• Identify when the authorization expires
• Be signed by the member or someone making health
  care decisions (personal representative) for the
  member

14
Acceptable Uses of PHICopying, Downloading and
Faxing Information

• Employees should not download or copy any PHI,
  except as necessary to perform their jobs. As a
  general rule PHI should not be removed from the
  premises.
• Faxing is permitted. Always include, with the
  faxed information, a cover sheet containing a
  Confidentiality Statement
• The documents accompanying the transmission
  contain confidential privileged information. The
  information is the property of CarePoint Health
  Plan, Inc. and intended only for use by the
  individual or entity named above. The recipient
  of this information is prohibited from disclosing
  the contents of the information to another party.
• If you are neither the intended recipient, or the
  employee or agent responsible for delivery to the
  intended recipient, you are hereby notified that
  disclosure of contents in any manner is strictly
  prohibited. Please notify name of sender at
  facility name by calling phone immediately
  if you received this information in error.

15
Member Rights

• The right to request restriction of PHI uses
  disclosures
• The right to request alternative forms of
  communications (mail to P.O. Box, not street
  address no message on answering machine, etc.)
• The right to access and copy patients PHI
• The right to an accounting of the disclosures of
  PHI
• The right to request amendments to information

16
How does HIPAA Affect Your Job

• Only use, view and discuss PHI if you need it to
  do your job
• Only share PHI with those who need it to do their
  job
• Refrain from discussing PHI in public areas, such
  as elevators and reception areas
• Dont be careless or negligent with PHI in any
  form
• You must report to the Manager, Regulatory
  Compliance any breach in confidentiality

17
HIPAA Best Practices

• Secure PHI in locked offices and cabinets
• Dispose of PHI by shredding
• Remove PHI immediately from any commonly used
  copiers, printers and fax machines
• Lock your computer any time you leave your work
  area

18
HITECH

• HITECH is a part of the American Recovery and
  Reinvestment Act of 2009
• Amends certain sections of HIPAA creating new
  requirements for covered entities and their
  business associates regarding health records,
  Breach notifications, increased enforcement and
  penalties
• The law requires covered entities and business
  associates to notify individuals, the Secretary
  of Health and Human Services and, in some cases,
  the media in the event of a breach of unsecured
  protected health information
• Unsecured
• Information must be encrypted or destroyed in
  order to be considered secured
• Information that has not been rendered unusable,
  unreadable, or indecipherable to unauthorized
  individuals

19
HITECH and Breach Situations

• A Breach is an unauthorized acquisition, access,
  use or disclosure of PHI that compromises the
  security of the PHI
• Examples include
• Laptop containing PHI is stolen
• Receptionist who is not authorized to access PHI
  looks through member records
• Billing statements containing PHI mailed or faxed
  to the wrong individual/entity

20
Exceptions to Breach

• Unintentional acquisition, access, use or
  disclosure by a workforce member (employees,
  volunteers, trainees, and other persons whose
  conduct, in the performance of work for a covered
  entity, is under the direct control of such
  entity, whether or not they are paid by the
  covered entity) acting under the authority of a
  covered entity or business associate
• Example billing employee receives and opens an
  e-mail containing PHI about a member which a UM
  nurse mistakenly sent to the billing employee.
  The billing employee notices he is not the
  intended recipient, alerts the UM nurse of the
  e-mail and then deletes it. The billing employee
  unintentionally accessed PHI to which he was not
  authorized to have access. However, the billing
  employees use of the information was done in
  good faith and within the scope of authority, and
  therefore, would not constitute a breach and
  notification would not be required, provided the
  employee did not further use or disclose the
  information.

21
Exceptions to Breach (continued)

• Inadvertent disclosures of PHI from a person
  authorized to access PHI at a covered entity or
  business associate to another person authorized
  to access PHI at the same covered entity,
  business associate, or organized healthcare
  arrangement in which covered entity participates
• If a covered entity or business associate has a
  good faith belief that the unauthorized
  individual, to whom the impermissible disclosure
  was made, would not have been able to retain the
  information
• Example EOBs are sent to the wrong individuals.
  A few of them are returned by the post office,
  unopened as undeliverable. It could be concluded
  that the improper addresses could not have
  reasonably retained the information. The EOBs
  that were not returned as undeliverable, however,
  and that the covered entity knows were sent to
  the wrong individuals, should be treated as
  potential breaches.

22
Reporting Breaches

• All employees who suspect a Breach has occurred
  must report it immediately to the Compliance
  (Privacy) Officer and Manager, Regulatory
  Compliance
• Breaches must be reported to
• The affected individuals (without unreasonable
  delay and in no event later than 60 days from the
  date of discoverya breach is considered
  discovered when the incident becomes known to the
  Covered Entity or Business Associate not when the
  covered entity or Business Associate concludes
  the analysis of whether the facts constitute a
  Breach)
• Secretary of Health Human Services-HHS- (timing
  will depend on number of individuals affected by
  the breach)
• Media (only required if 500 or more individuals
  of any one state are affected)

23
Conflicts of Interest, Gifts and
Entertainment
24
Conflicts of Interest (COI)

• It is the policy of CarePoint Health Plan to
  prohibit employees and other associates from
  engaging in any activity that conflicts or
  appears to conflict with the interests of
  CarePoint Health Plan. Examples
• Individual has the opportunity to use his or her
  position for personal financial gain or to
  benefit a company in which the individual has a
  financial interest.
• Outside financial or other interests may
  inappropriately influence the way in which an
  individual carries out his or her
  responsibilities.
• When an individuals outside interests otherwise
  may cause harm to CarePoint Healths reputation,
  staff, or patients.
• Employees are required to disclose any conflict
  or potential conflict the employee or family
  member may have.

25
Conflicts of Commitment

• Exists when an outside relationship that may
  deter an individual from devoting an appropriate
  amount of time, energy, creativity, or other
  personal resources to his or her CarePoint Health
  Plan responsibilities.
• Examples
• Selling Mary Kay cosmetics during working hours
• Assuming multiple part-time positions not
  allowing to meet required commitment timeframe
• Assuming directorship position requiring
  significant time involvement and having
  conflicting schedule in private practice

26
Gifts and Entertainment

• You are prohibited from accepting any
  compensation (gifts, favors, money) from
  patients, patients family members or vendors
  except items such as candy, fruit, flowers, etc.
  absolutely no cash! (refer to CarePoint Health
  Plan Code of Conduct)

Outside Employment

• Outside employment must be reported on the
  Conflict of Interest questionnaire and you must
  notify HR and your supervisor
• You may not use CarePoint Health time or
  materials in connection with your outside job.

27
Medicare, Medicaid and other RegulationsComplian
ce Requirements
28
Centers for Medicare and Medicaid Services (CMS)

• Federal regulatory agency that provides oversight
  of Medicare, Medicaid and Childrens Health
  Insurance Program

29
State Agencies Division of Medical Assistance
and Health Services and Medicaid Fraud Division

• The Medicaid Fraud Division of the Office of the
  State Comptroller works to the efficiency and
  integrity of State Medicaid, FamilyCare, and
  Charity Care. They investigate, detect and
  prevent Medicaid fraud and abuse.
• The Division of Medical Assistance and Health
  Services (DMAHS) administers Medicaid and NJ
  FamilyCare programs.

30
Compliance Requirements

• Training upon hire, and annually thereafter and
  in response to any issues that may arise where
  education is beneficial
• Compliance incorporates measures to detect,
  prevent and correct fraud, waste and abuse
• Compliance is communicated, using training and
  educational materials, and through the ethical
  behavior of all staff
• CarePoint Health Plan FDRs (subcontractors) must
  also ensure processes are in place to comply with
  regulations, develop applicable policies and
  procedures, and have compliance programs that
  address the 7 elements of an effective compliance
  program in accordance with CMS Guidelines

31
Compliance is Your Responsibility

• All employees and contractors are held
  accountable for compliance
• Compliance is a part of our day-to-day
  responsibilities
• Managers must ensure that employees are fully
  trained in all standards, policies and procedures
• Employees should request additional training to
  ensure they are performing/behaving in compliant
  manner
• It is your responsibility to know when and where
  to report any concerns or issues you may
  encounter

32
7 Key Elements of an effective Compliance Program

• Written Compliance Policies Procedures
  Standards of Conduct
• Chief Compliance Officer with direct access to
  the CEO and Board
• Education And Training for all staff
• Effective Lines of Communication
• Consistent enforcement of well publicized
  disciplinary standards
• Effective system for Routine Monitoring, Auditing
  Identification of Compliance Risks
• Quick and appropriate response to any
  deficiencies identified by employees or during
  audits
• In addition, there is a Code of Business Conduct
  and Ethics

33
Compliance Officer Compliance Committee

• Compliance Officer you can reach the compliance
  officer at complianceofficer_at_carepointhealth.org
  or by calling 201-821-8705
• Manager of Regulatory Compliance at
  compliancemailbox_at_carepoint.org or by calling
  888-671-6191
• Compliance Committee made up of senior level
  staff and responsible for helping to identify
  compliance issues and supporting compliance
  efforts

34
Written Policies and Procedures

• CarePoint Health Plan has a Code of Business
  Conduct and Ethics
• CarePoint Health Plan is committed to integrity,
  ethical conduct and legal/regulatory compliance
  and has implemented policies to support this
  effort
• All entities contracted to perform work related
  to Medicare and Medicaid Services programs must
  review CarePoint Health Plans Code of Business
  Conduct and Ethics booklet as well as policies
  and procedures unless they can demonstrate that
  they have policies and procedures to address
  Ethical Conduct , as well as Fraud, Waste and
  Abuse

35
Disciplinary Actions

• Compliance violations are subject to disciplinary
  action
• Non-compliance with the Compliance Program
  Standards will be subject to disciplinary action.
• The Compliance Officer recommends discipline
  based on the nature, frequency and severity of
  the non-compliant act
• Working with the Director of Human Resources and
  the supervisor (and the CEO, if necessary), the
  Manager, Regulatory Compliance will determine
  the best course of disciplinary action including
• Verbal warning
• Written warning
• Suspension
• Termination
• Restitution.

36
Disciplinary Actions

• CarePoint Health Plan believes coaching and
  counseling are the best tools for correcting
  non-compliant performance
• Our goal is to have a culture of compliance where
  each employee performs well and succeeds in their
  role
• Managers should document all coaching/counseling
  sessions related to non-compliance
• If coaching is unsuccessful, repeated incidents
  of non-compliance will result in further
  corrective actions
• Serious non-compliant offenses may result in more
  advanced steps of corrective action up to and
  including immediate termination
• Disciplinary standards are applied fairly without
  regard to position

37
Auditing Monitoring

• Risk Assessment and Work Plan
• External Audits by government contractors or
  initiated by CarePoint Health Plan in response to
  issues or suspected non-compliance
• Internal Audits based on the annual work plan or
  in response to suspected non-compliance
• All employees and contractors are expected to
  fully cooperate with all auditing and monitoring
  activities.

38
Responding to Compliance Issues

• The Manager, Regulatory Compliance, or
  designee, thoroughly investigates each report of
  an alleged violation
• Confirmed cases of violations will be handled as
  follows
• Corrective actions will be implemented ASAP
• Self-reporting to government agencies,
  involvement of legal counsel when overpayment is
  identified (see policy). Self reporting helps
  with mitigating FWA, saving money for the State
  and Federal Governments. NJ Law provides for a
  fair and reasonable process.
• To prevent future violations, there will be
  immediate training and potentially a review of
  policies and procedures to determine any needed
  revisions
• Follow-up auditing and monitoring

39
Non-Intimidation, Non-Retaliation

• CarePoint Health Plan will not discriminate or
  retaliate against anyone who, in good faith,
  reports violations of laws or regulations, the
  Principles of Professional Conduct, or CarePoint
  Health Plan policies, whether those violations
  are by an employee or contractor
• In addition, employees are protected by federal
  law against any retaliation for taking action
  under the federal False Claims Act
• Retaliation should be reported to the Director of
  HR or the Manager, Regulatory Compliance
• Please remember to report non-compliance in
  good-faith. False reports may lead to
  disciplinary action
• You can report directly to the Manager,
  Regulatory Compliance by emailing
  compliancemailbox_at_carepoint.org or by calling
  XXX-XXX-XXXX
• You can report confidentially by calling the
  hotline number at 888-671-6191

40
Fraud, Waste and Abuse (FWA)

• HealthCare Fraud is defined in Title 18, United
  States Code (U.S.C.) 1347(a)(1) and (2) as
• Knowingly and willfully executing, or attempting
  to execute, a scheme or Artifice to defraud any
  healthcare benefit program or to obtain (by means
  of false or fraudulent pretenses,
  representations, or promises) any of the money or
  property owned by, or under the custody or
  control of, any healthcare benefit program.
• Abuse is defined as excessive or improper use of
  services or actions that are inconsistent with
  acceptable business or medical practice. It
  refers to incidents that, although not
  fraudulent, may directly or indirectly cause
  financial loss such as charging in excess for
  services or supplies, providing medically
  unnecessary services and billing for items or
  services that are not covered.
• Waste is the overutilization of services, or
  other practices that, directly or indirectly,
  result in unnecessary costs to the Medicare and
  Medicaid program. Waste is generally not
  considered to be caused by criminally negligent
  actions but rather the misuse of resources.

41
Why is this important and what can we do?

• Scams alone cost the health care industry more
  than 100 billion annually
• Saves dollars for the health plan
• Detecting, correcting and preventing fraud,
  waste, and abuse requires collaboration between
• CarePoint Health Plan Employees
• Providers of services, such as physicians, nurses
  and pharmacies
• FDRs
• State and Federal Agencies
• Members

42
Where can we find examples of FWA?

• A physician, nurse, pharmacist or other
  practitioner
• A pharmacy, hospital , home health agency or
  other institutional provider
• A clinical laboratory, DME provider or other
  supplier
• An employee of any provider or vendor
• A billing service
• A Pharmacy Benefits Manager (PBM)
• A beneficiary
• Any individual in a position to file a claim for
  a Medicare or Medicaid benefits

43
Some Examples

• Billing for missed appointments or services never
  rendered,
• Equipment a member never received or continuing
  to bill for equipment which was returned
• Billing that appears to be a deliberate
  application for duplicate payment, altering claim
  forms, electronic claim records, medical
  documentation to obtain a higher payment amount
• Incorrect reporting of diagnosis or procedures to
  maximize payments
• Unbundling or exploding charges,
  misrepresentations of dates and descriptions of
  services furnished or the identity of the
  beneficiary or the individual who furnished the
  services, billing non-covered or non-chargeable
  services as covered items or failing to return an
  overpayment

44
Examples of Potential Provider Fraud

• Submitting photocopies instead of original
  documents, submitting several medical bills on
  different dates, with the same or overlapping
  dates of service for the same patient
• White-out and varying ink color on claims, which
  may indicate altered or fabricated claims,
  threats to go to legal action or government
  agencies if payments arent settled quickly,
  excessively large claims or absence of
  documentation or medical records

45
Examples of Potential Member Fraud

• A member who allows someone else to use their
  insurance card (e.g. ineligible member using
  eligible members services)
• Members who intentionally misrepresent
  information in order to enroll in a plan or to
  have specific benefits covered once enrolled in
  the plan (e.g. misrepresentation of medical
  condition)
• Failure to report other health insurance and
  intentionally causing a payor to be primary when
  it should be secondary
• Pharmacy-related Fraud
• Prescription forging or altering
• Theft of DEA number or prescribing pad
• Submitting false claims

46
Examples of FWA Related to Agents Brokers

• Unlawful marketing
• Offering cash inducements
• Unsolicited door-to-door sales
• Use of unlicensed agents
• Embezzlement
• Identity theft
• Requiring premium upfront

47
Examples of Fraud related to Finance

• Receiving Medicare or Medicaid premiums for
  members who are not enrolled or should not be
  enrolled
• Diverting funds
• Publishing false financial statements
• Paying claims to a tax ID that does not belong to
  the billing provider
• Colluding with vendors during the bid process so
  the vendor is guaranteed award of the bid

48
Examples of Fraud by Utilization Management

• Directing members to a healthcare provider who is
  a friend or family member
• Denying services as not medically necessary in
  order to save CarePoint Health Plan money
• Authorizing services which are medically
  unnecessary services
• Coaching a member on how to present a medical
  condition to a provider or to the health plan so
  it is covered

49
Examples of Fraud by Provider Relations

• Credentialing providers who do not meet CarePoint
  Health Plans credentialing standards
• Limiting providers in a specialty in order to
  increase referrals to a specific provider
• Incentivizing a provider to not provide medically
  necessary services

50
Examples of Fraud by Senior Management

• Failing to notify the board of compliance risks
  and acts of non-compliance, especially which
  would make the health plan liable for sanctions,
  legal and/or regulatory actions, civil penalties,
  and other liabilities
• Neglecting to address and appropriately respond
  to confirmed cases of fraud and abuse
• Neglecting to self-report and/or return
  overpayments to CMS

51
When Fraud is Detected

• Improper payments must be paid back
• Providers/companies maybe barred from
  participation in government-sponsored health
  insurance programs
• Fines can be levied
• Law enforcement may be contacted
• Arrests and convictions may occur
• Employees will be disciplined, which may include
  termination
• Contractors will be sanctioned, which may include
  requests for corrective action plans and
  termination of the agreement

52
When Member Fraud is Detected

• Members
• Could lose their benefits
• Their medical records could be wrong
• May be limited to certain doctors, drug stores,
  and hospitals
• This is called a lock-in program
• May have to pay money back
• With government programs, such as Medicare and
  Medicaid , members may be fined or arrested for
  fraud

53
What Federal Laws Regulate Fraud Abuse

• False Claims Act (FCA)
• Stark Law
• Anti-Kickback Statute
• HIPAA
• Deficit Reduction Act
• Criminal Penalties for Acts involving Federal
  Health Care Programs
• The False Claims Whistleblower Employee
  Protection Act
• Administrative Remedies for False Claims and
  Statements

54
Required Sanctions Check

• It is the responsibility of CarePoint Health Plan
  to ensure that NO employee is excluded from
  participating in the Medicare and Medicaid
  Program.
• Sanctions checks (OIG, SAM, NJ, NY and PA State
  Debarment) are done upon hire and now monthly to
  ensure employees have not been excluded.
• Examples include fraud, abuse, defaulting on
  government loans, violations of any practice act,
  etc.

55
False Claims Act

• 31 U.S.C. 3729-3733
• Also, N.J. False Claims Act, 2A32C-1, et seq.
• Forbids submitting a claim known to be false
  making or using a false record or statement
  material to a false claim or obligation
  conspiring to defraud by improper submission of
  false claims or concealing, improperly avoiding,
  or decreasing an obligation to pay money to the
  government
• Potential penalties for violation
• Violators of the False Claims Act are liable for
  three times the dollar amount that the government
  is defrauded and civil penalties of 5,500 for
  each false claim.
• Exclusion from participation in federal health
  programs

56
Stark Statute

• 42 U.S.C. 1395nn
• Also known as Physician Self-Referral Statute
• Prohibits a physician from making a referral for
  certain designated health services to an entity
  in which the physician (or a member of his/her
  family) has an financial ownership/investment
  interest or with which he/she has a compensation
  arrangement unless an exception applies

57
Anti-Kickback Statute

• 42 U.S.C. 1320a-7b(b)
• Prohibits offering, soliciting, paying or
  receiving remuneration for referrals for services
  that are paid in whole or in part by the Medicare
  and Medicaid program
• In addition, the statute prohibits offering,
  soliciting, paying or receiving remuneration in
  return for purchasing, leasing, ordering,
  arranging for, or recommending the purchase,
  lease or order of any goods, facility, item or
  service for which payment may be made in whole or
  part by the Medicare and Medicaid program

58
Deficit Reduction Act

• Public Law No. 109-171, 6032, passed in 2005
• Designed to restrain Federal spending while
  maintaining the commitment to the federal program
  beneficiaries
• The Act requires compliance for continued
  participation in the programs
• The development of policies and education
  relating to false claims, whistleblower
  protections and procedures for detecting and
  preventing fraud abuse must be implemented

59
False Claims Act (FCA) DRAFT 11.12.13

• Federal FCA was written to address issues that
  arose out of the Civil War. (a.k.a. Lincolns
  Law)
• President Lincoln asked Congress to write a law
  so that the Government could go after companies
  that sold faulty equipment like rifles to the
  United States. The law was written and passed
• The False Claims Act provides both criminal and
  civil penalties, contains a qui tam provision,
  and permits a the whistleblower to collect a
  portion of the damage

60
Additional Federal and State Regulations

• Program Fraud Civil Remedies Act
• This final rule implements the Program Fraud
  Civil Remedies Act of 1986 (PFCRA), which
  authorizes NSF (Nat Science Foundation) to
  impose, through administrative adjudication,
  civil penalties and assessments against any
  person who makes, submits, or presents, or causes
  to be made, submitted, or presented, a false,
  fictitious, or fraudulent claim or written
  statement to the agency.
• NJ Health Care Claims Fraud Act
• This law makes health care claims fraud a
  criminal offense and provides for the forfeiture
  of professional licenses (i.e. medical, dental,
  chiropractic, nursing) in certain instances in
  which a practitioner commits health care claims
  fraud. The law also extends to non-practitioners
  who commit health care claims fraud (i.e.
  hospital billing personnel).

61
Additional Federal and State Regulations DRAFT
11.12.13

• NJ Medical Assistance and Health Services Act-
  This law provides for criminal penalties for
  fraud committed in connection with the New Jersey
  Medical Assistance (Medicaid) Program. A criminal
  penalty of up to 10,000 or imprisonment for not
  more than 3 years or both shall apply as follows
• Any person who willfully obtains medical
  assistance benefits to who he/she is not entitled
  to and on any provider who willfully receives
  medical assistance payments to which it is not
  entitled
• Any person or entity who, with an intent to
  fraudulently secure benefits not authorized or in
  greater amount than authorized
• Knowingly and willfully makes or causes to be
  made any statement or representation of a
  material fact in any cost study, claim form, or
  any document necessary to apply for or receive
  any benefit or payment under the Act
• Conceals or fails to disclose the occurrence of
  an event which affects an initial or continued
  right to benefit payment
• Any provider, person or entity who solicits,
  offers, or receives any kickback, rebate, or
  bribe in connection with the furnishing of
  services for which payment is made under the Act
  or whose cost is reported to obtain benefits or
  payments under the Act, or the receipt of any
  benefit or payment under the Act.
• This statute also allows for civil penalties in
  addition to the criminal penalties for violations
  of the Act.

62
Additional Federal and State Regulations DRAFT
11.12.13

• NJ False Claims Act
• The New Jersey False Claims Act is a statute that
  imposes civil liability equal to that of the
  federal False Claims Act on any person or entity
  who knowingly submits a false claim, uses a false
  record or uses a false statement to an employee,
  officer or agent of the State, or to any
  contractor, grantee or other recipient of State
  funds, for payment or approval

63
NJ Conscientious Employee Protection Act

• New Jersey law prohibits an employer from taking
  any retaliatory action against an employee
  because the employee does any of the following
• Discloses, or threatens to disclose, to a
  supervisor or to a public body an activity,
  policy or practice of the employer or another
  employer, with whom there is a business
  relationship, that the employee reasonably
  believes is in violation of a law
• Provides information to, or testifies before, any
  public body conducting an investigation, hearing
  or inquiry into any violation of law, or a rule
  or regulation issued under the law by the
  employer or another employer, with whom there is
  a business relationship
• Provides information involving deception of, or
  misrepresentation to, any shareholder, investor,
  client, patient, customer, employee, former
  employee, retiree or pensioner of the employer or
  any governmental entity
• Provides information regarding any perceived
  criminal or fraudulent activity, policy or
  practice of deception or misrepresentation which
  the employee reasonably believes may defraud any
  shareholder, investor, client, patient, customer,
  employee, former employee, retiree or pensioner
  of the employer or any governmental entity
• Objects to, or refuses to participate in, any
  activity, policy or practice which the employee
  reasonably believes
• is in violation of a law, or a rule or regulation
  issued under the law or, if the employee is a
  licensed or certified health care professional,
  constitutes improper quality of patient care
• is fraudulent or criminal
• is incompatible with a clear mandate of public
  policy concerning the public health, safety or
  welfare or protection of the environment.
  N.J.S.A. 3419-3.

64
NJ Conscientious Employee Protection Act

• The protection against retaliation, when a
  disclosure is made to a public body, does not
  apply unless the employee has brought the
  activity, policy or practice to the attention of
  a supervisor of the employee by written notice
  and given the employer a reasonable opportunity
  to correct the activity, policy or practice.
  However, disclosure is not required where the
  employee reasonably believes that the activity,
  policy or practice is known to one or more
  supervisors of the employer or where the employee
  fears physical harm as a result of the
  disclosure, provided that the situation is
  emergency in nature.

65
Fraud Abuse Prevention Strategies

• Prevention - Engage beneficiaries and providers,
  educate providers on billing mistakes, stop and
  prevent future improper payments and deny or
  revoke an individuals or organizations
  application for participation in the network if
  there is evidence of impropriety such as previous
  convictions or false information on the
  application, or if the provider does not meet
  state/federal licensure or certification
  requirements
• Detection - Identify and report potential fraud,
  identify trends that indicate fraud, quickly
  identify new fraud schemes
• Recovery - Recover improper payments, work to
  suspend payments to providers subject to credible
  fraud allegations
• Reporting - Everyone has a responsibility to
  report instances of suspected or potential fraud
  and abuse and you can do so without fear of
  retaliation. You can also report confidentially.

66
Reporting Suspected or Potential Violations

• Internal options for reporting compliance
  violations
• Manager, Regulatory Compliance
  compliancemailbox_at_carepoint.org or by calling
• Compliance Hotline (888) 671-6191
• Compliance Fax (908) 378-7846

67
Reporting Suspected or Potential Violations

• External options for reporting compliance
  violations
• New Jersey Office of the Attorney General
  1-609-292-4925
• New Jersey Department of Health, Office of
  Professional Misconduct
• New Jersey Department of Banking and Insurance,
  Frauds Bureau 1-800-446-7467
• Call 1-800-MEDICARE or Call 1-800-HHS-TIPS
• Medicaid Fraud Division 888-937-2835

68
CarePoint Health Plans FDR Employee Attestation

• I have reviewed and understand the information
  contained within the attached slides (Compliance
  Training Program) and agree to comply with all
  the stated regulations. As an employee of an
  CarePoint Health Plan FDR, I understand that
  failure to comply with the stated regulations
  could lead to disciplinary action(s).
• Employee Name_____________________________
• Employee Signature__________________________
• Employer Name_____________________________
• Date______________________________________