jasa.org Board of Directors Presentation & Training February 24 th, 2016 Corporate Compliance Program

jasa.org Compliance Obligations  Required by the Federal Deficit Reduction Act (DRA) of 2005 and the Federal and NY State False Claims Act (FCA).  Monitored by the Federal Office of the Inspector General (OIG) and NYS Office of the Medicaid Inspector General (OMIG).

jasa.org The Mandatory Compliance Law OMIG directs providers to: Develop, Adopt and Implement effective compliance programs aimed at detecting Fraud, Waste, and Abuse in the Medicaid program

jasa.org What Is The Purpose and Intent of the Mandatory Compliance Law? Detect and Prevent: 1. Inaccurate billing 2. Inappropriate practices Most importantly: 1. Refund overpayments

jasa.org Prevent and Detect fraudulent, abusive and wasteful practices Recover improperly expended Medicaid funds. OMIG’s Mission

jasa.org Abuse & Improper Payments  Abuse means practices that are inconsistent with sound... medical or professional practices and which result in unnecessary costs..., payment for services which were not medically necessary or payments for services which fail to meet recognized standards for health care.”  An improper payment is “any payment that should not have been made or that was made in an incorrect amount (including overpayments and underpayments) under... legally applicable requirements.

jasa.org The False Claims Act (FCA) FCA violation: Knowingly make, use, or cause to be made or used, a false record or statement to get a false or fraudulent claim paid or approved by the federal government.

jasa.org Who Must Have a Compliance Program? Medicaid providers operating under Articles 28 or 36 of the Public Health Law, Articles 16 or 31 of the Mental Hygiene Law and those providers of care ordering, providing, billing or claiming $500,000 or more from Medicaid in a 12-month period.

jasa.org What Must a Compliance Program Contain? Element 1, 2, 3, 4  Write policies and procedures that describe compliance expectations as embodied in a code of conduct or code of ethics.  Designate an employee vested with responsibility for the day-to-day operation of the compliance program.  Train and educate all affected employees and persons associated with the provider.  Establish communication lines to the designated compliance person.

jasa.org What Must a Compliance Plan Contain? Cont. Element 5, 6, 7, 8  Establish disciplinary policies to encourage good faith participation in the compliance program.  Create a system for routine identification of compliance risk areas.  Establish systems for responding to compliance issues as they are raised.  Establish a policy of non-intimidation and non- retaliation for good-faith participation in the compliance program.

jasa.org Responsibility of the Board Duty of Care – requires that you exercise fiduciary responsibility to JASA in two areas: 1. Decision Making 2. Oversight Duty of Loyalty- requires that you exercise your powers in good faith and in the best interests of JASA Entities, rather than in your own interests or the interests of another person or entity.

jasa.org Oversight Responsibility A Board Member has a responsibility to in good faith assure: 1. A corporate information and reporting system exists. 2. This system is adequate to assure that appropriate information as to compliance with applicable laws will come to the Board’s attention in a timely manner as a matter of ordinary operations.

jasa.org Oversight Responsibility Cont.  Oversight Responsibility includes: Duty to make a reasonable inquiry when suspicions are aroused.  Oversight responsibility DOES NOT include: An expectation that the Board Member exercise “Proactive vigilance” or to investigate wrongdoing absent a “Red Flag”.

jasa.org Compliance Program Activities  Implemented the use of Kchecks (exclusion check vendor) for all JASA Employees and Vendors as required by OIG and OMIG.  Developed and disseminated JASA’s Code of Conduct as required by OMIG.  Provided Medicaid Compliance and HIPAA training to Home Care Staff, GMHOS Staff, SADC Staff and several sessions that were open to JASA staff from all across the agency as required by OMIG, OIG and OCR.  Updated the Notice of Privacy Practices (NPP) as required by OCR.

jasa.org Compliance Program Activities Cont.  Coordinated and worked with Senior Leadership to complete the agency wide Risk Assessment.  Investigated and worked to resolve 11 client complaints received through the Ombudsperson call line.  Completed the HIPAA Security Risk Analysis (SRA) as required by OCR.  Began updating the HIPAA policy and Procedure Manual as required by OCR.

jasa.org Important Compliance Contact Information Compliance Officer: Carly Borenkind, LCSW Office Telephone: (212) (Monday- Friday) Fax: (212) JASA’s Anonymous Compliance Hotline: can also be sent to:

jasa.org Compliance Resources  NYS OMIG:  OIG:  OCR/ HHS: professionals/covered-entities/index.htmlhttp:// professionals/covered-entities/index.html  JASA’s Code of Conduct can be found at: conduct.pdf conduct.pdf