The following topics will be covered in this course:1) Don’t let pressure influence ethics and reasoning2) Be careful about rationalizations3) Enforcement matters4) Create a flatter organization and encourage people to speak up5) Think clearly and simply about ethical issues6) Be strategic about compliance 7) Corporate Integrity Agreement (CIA)8) Board Compliance Committee9) CIA First Amendment10)What Should Navicent Health Managers & Leaders Do?

Why should Compliance matter to you as a leader?

Congress mandated the implementation of effective compliance programs in 2010.

There is increased focus on individual accountability in government enforcement. Prosecutors are required by the Department of Justice to pursue leaders who fail to support an effective compliance infrastructure and who fail to effectively oversee risky patterns and practices.

Lack of knowledge of the risky practice is not the standard DOJ has to meet – all they have to show is reckless disregard.

Leaders have an impact on strong compliant practices and model compliant behavior. The tone starts at the top!

1. Don’t let pressure influence ethics and reasoning Do you feel pressure to meet obligations? Financial? Clinical? In what ways do your staff share this pressure? Do policies, procedures, and protocols have a role in moderating pressure? Do you have the policies, procedures, and protocols you need in your area of

responsibility? How is your staff doing at maintaining compliance with policies & protocols? How do you get your staff to understand and adhere to important

requirements of Navicent Policies and Work Instructions?

This is what you can do: Remind people of the rules. Balance the pressure to perform with a long term outlook:

• “Do it right the first time.”• “Remember, we’re about long term success.”

Story telling. • Every rule you have has a reason. Think of the reason and the pressure does

not control.

Pressure

2. Be careful about rationalizations Avoid these common and inaccurate rationalizations:

•“We’re here to take care of patients”. o Do patients care about their safety and well-being?o Do they care about what they are billed for procedures?o Do they care about when we inappropriately disclose their PHI?o Do they care about whether financial interests impact the treatment

decisions we make for them?•“Everybody does it this way.”

o The DOJ/OIG does not give you credit in an investigation for what others do.•“We’ve always done it this way.”

Rationalization is also known as making excuses. People often use rationalization as a defense mechanism. This occurs when

someone tries to explain or justify behaviors while avoiding the real reason behind the behaviors.

Lack of compliance cannot be rationalized for any reason.

3. Enforcement matters

The Yates memo is a memorandum written by Sally Quillian Yates, Deputy Attorney General for the U.S. Dept. of Justice. It broadly outlines how federal investigations for corporate fraud or misconduct should be conducted and what will be expected

from the corporation being investigated.

“Good organizations show their ethics when somebody they value has crossed

a line but they take the appropriate disciplinary action.”

The Yates Memo, 09/09/2015

3. Enforcement matters Permissive Exclusion:

• Section 1128(b)(15) of the Act authorizes the Secretary, and by delegation the Inspector General, to exclude an individual owner, officer, or managing employee of a sanctioned entity, as defined in section 1128(b)(15)(B) (i.e., an entity that has been convicted of certain offenses or excluded from participation in the Federal health care programs).

• Exclusions under section 1128(b)(15) of the Act are derivative in nature and are based upon the individual’s role or interest in a company that is excluded or is convicted of certain offenses. Exclusions under section 1128(b)(15) are permissive, that is, the Secretary has the discretion whether to exclude or not to exclude. OIG’s exercise of this discretion is not subject to administrative or judicial review.

• With respect to officers and managing employees, the statute includes no knowledge element. Therefore, OIG has the authority to exclude every officer and managing employee of a sanctioned entity. A “managing employee” is defined as an individual (including a general manager, a business manager, an administrator, or a director) who exercises operational or managerial control over the entity or who directly or indirectly conducts the day-to-day operations of the entity.

• Section 1128(b)(15) of the Act provides two different bases for exclusion. Individuals who have an ownership or a control interest in a sanctioned entity may be excluded under section 1128(b)(15)(A)(i) if they knew or should have known of the conduct that led to the sanction. Officers and managing employees, as defined in section 1126(b) of the Act, may be excluded under section 1128(b)(15)(A)(ii) based solely on their position within the entity.

3. Enforcement mattersWhat is the Impact of “Exclusion”?When the Inspector General excludes an individual or entity from participation in the Medicare program, the individual or entity cannot provide services that are billed under a Federal program. Excluded persons are prohibited from furnishing administrative and management services that are payable by the Federal health care programs. This prohibition applies even if the administrative and management services are not separately billable.

For example, an excluded individual may not serve in an executive or in a leadership role (e.g., chief executive officer, chief financial officer, general counsel, director of health information management, director of human resources, physician practice office manager, etc.) at a provider that furnishes items or services payable by Federal health care programs.

3. Enforcement mattersWhat is the Impact of “Exclusion”?Also, an excluded individual may not provide other types of administrative and management services, such as: health information technology services and support, strategic planning, billing and accounting, staff training, and human resources, unless wholly unrelated to Federal health care programs.

This is what you can do:Take your obligation as a leader seriously.Proactively take steps to educate yourself on compliance matters related to

your department including Medicare guidelines, OIG advisory opinions, etc.Get guidance from Compliance & Legal before, not after decisions are made.Lead by example.Mentor.Discipline.Document!

4. Create a flatter organization

The “Flat Organization” concept embraces a structure with few levels of management between staff and executives. This minimizes the resistance to clear and effective communication.

We want to emulate that concept in our communication style so that people speak up and we, as leaders, encourage everyone to do so.

In flatter companies there is a strong focus on communication and collaboration, improving the employee experience, challenging the status quo around traditional management models, and the like. The idea behind flat organizations is that well-trained workers will be more productive when they are more directly involved in the decision making process, rather than closely supervised by many layers of management. An important idea that is required is an understanding that managers exist to support the employees and not vice versa.

4. Create a flatter organization

In a flat organization, employees know more. Ethical Issues, when brought to light, are usually not a surprise.

What have you already heard about?What has your staff been discussing that may be an ethical or compliance

problem?Most important – how did you handle ethics or compliance issues? What

actions were taken with the individual who failed to meet requirements?

Tall Organizational Structure Flat Organizational Structure

4. Create a flatter organizationPreventing Retaliation What is retaliation? Discriminating or taking adverse actions against anyone

who reports improper or illegal activity, or refuses to participate in such activity.

What would it feel like if it were directed against you? Preventing retaliation requires active management.

Navicent Health Code of Conduct: “Navicent Health policies strictly prohibit any form of retaliation against an Employee or Associate who in good faith reports a concern about possible or actual noncompliance. Federal and State laws also prohibit retaliation. The Board of Directors of Navicent Health assures protection to all employees against any type of retaliation for good‐faith reports of suspected or actual violations of the Code of Conduct. This protection applies whether reports are made to anyone in management, to Human Resources, to the Chief Compliance Officer, to the NH Helpline, or to an appropriate government agency. No Navicent Health supervisor, manager, Employee or Associate is permitted to engage in retaliation, retribution, or any form of harassment directed against an Employee or Associate who in good faith reports a concern.”

4. Create a flatter organization

What every leader should do:• Read and fully familiarize yourself with this policy.• Contact Corporate Compliance with questions about the policy at 633-1223.• Discuss this policy’s requirements with your staff.• Make certain your staff is aware of the Navicent Health Compliance Hotline.

• 888-380-9008, available 24/7, anonymous if you choose.

What you are required to do:• Report compliance concerns to Corporate Compliance at 633-1223.

Click the link below to access the Navicent Health Work Instruction: Click this link Internal Reporting of Possible Compliance Issues

4. Create a flatter organization

Report and handle compliance failures appropriately: If there are no repercussions, employees learn that

compliance failures are not taken seriously. What are the repercussions to your employees for

compliance failures? It is important for leaders to ensure compliance failures are

handled through appropriate Compliance/Legal/HR channels.

5. Think clearly and simply about ethical issues

What is our response when we…• discover an error in how we billed for services?• discover that we’ve inadvertently disclosed a patient’s PHI?• have harmed a patient?• learn that a physician has a financial interest in a product that

he is prescribing to our patients?• are struggling to comply with a complex legal or regulatory

requirement?

"Mistakes are a fact of life. It is the response to the error that counts." ~NIKKI GIOVANNI, American poet

Corporate Compliance is responsible for managing the Compliance ProgramManagers, Supervisors, and Leaders are responsible in their area for

Compliance with the Legal and Regulatory Requirements facing Navicent Health. This requires all leaders to take proactive measures to educate yourself about the compliance issues facing your department.The OIG/DOJ enforcement areas each year are fluid.

• Review the OIG Work Plan for areas impacting your area of responsibility.• Ask for assistance from Compliance/Legal.

Current Enforcement Areas:• Vendor management• Opioid Controls• Clinical Trials• Insurance coverage• Overlapping Surgeries• HIPAA and Cybersecurity• Billing and Coding• Quality• Joint Ventures

6. Be strategic about compliance

The most significant compliance risks:

Stark & Anti-Kickback

Billing & Coding

Privacy & Security

7. Corporate Integrity Agreement (CIA) Applies to all CORP 200 business units Effective Date: 4/23/2015 Term of Five Years Basic Requirement: Maintain a Compliance Program Board Oversight Obligations Leadership Obligations

•CCO, Compliance Committee, Management Certifications Code of Conduct & Compliance Policy Requirements Training Plan and Obligations Risk Assessment Auditing & Monitoring

• Independent Review Organization Screening “Covered Persons” Investigations & Response

•Reportable Events Annual Reporting Requirements

7. Corporate Integrity AgreementNotice Requirements:• Changes to compliance officer• Changes to compliance committee, Board Members• Change or closure of a business• Opening a new business

Reportable Events Requirements:Written notification to the OIG within 30 days of determination of:• Substantial Overpayments• Probable Violations of Law• Employing/Contracting with an Excluded Individual• Filing Bankruptcy

Overpayments:• Must be reported and returned to payor (e.g., Medicare) within 60 days of being

identified.• “Substantial Overpayments” must be reported to the OIG within 30 days of

determination.• Annual Report: Report of the aggregate overpayments by payor (Medicare, Medicaid,

etc.) returned to Federal healthcare programs.

7. Corporate Integrity AgreementManagement Certifications:Certification process

• (Sub-certifications, reports that must be reviewed, etc.).Nine named executives (at minimum)What must be certified?

• I have been trained on/understand compliance requirements in my areas of responsibility.• My job responsibilities include ensuring compliance in my areas of responsibility.• I have taken steps to promote compliance.• My area of responsibility is compliant.

“I have been trained on and understand the compliance requirements and responsibilities as they relate to [insert name of department], an area under my supervision. My responsibilities include ensuring compliance with regard to the [insert name of department] with all applicable Federal health care program requirements, obligations of the Corporate Integrity Agreement, and MCNH policies, and I have taken steps to promote such compliance. To the best of my knowledge, except as otherwise described herein, the [insert name of department] of MCNH is in compliance with all applicable Federal health care program requirements and the obligations of the Corporate Integrity Agreement. I understand that this certification is being provided to and relied upon by the United States.”

7. Corporate Integrity Agreement:Fines

Stipulated Penalties:

$2,500/dayFailure to establish/implement any of 15 enumerated elements (e.g., compliance officer, compliance committee, policies, etc.)

$2,500/day Failure to engage and use an Independent Review Organization

$2,500/day Failure to submit an Implementation or Annual Report

$2,500/day Failure to submit a Claims Review or Medical Necessity Review Report

$1,500/day Failure to grant OIG access to records and Covered Persons$50,000 For each false certification$1,000/day Failure to comply adequately with any obligation of the CIA

7. Corporate Integrity Agreement:Exclusion for Material Breach

OIG may initiate exclusion of MCNH for Material Breach including any of the following:• repeated and flagrant violations• failure to report a Reportable Event• failure to respond to a Demand Letter regarding

Stipulated Penalties• failure to engage an IRO

Material Breach is a contract law term which refers to a significant failure of performance under the contracted terms.

Remember, Compliance is not equal to the CIA

The CIA is the floor, not the ceiling. Compliance is mandatory for all healthcare

programs enrolled in Medicare/Medicaid. Also, the management attestations you sign

should not be a rubber stamp – proactive steps are required.

• The management certifications you signed are your attestation to the government that youhave fully reviewed the compliance in yourdepartment and you are attesting that yourdepartment is in compliance with the CIA.

• Your attestations will be used by senior management and the Board when they make their same attestations.

8. Board Compliance Committee

Compliance Oversight Obligations “at a minimum”: Meet at least quarterly to review and oversee MCNH’s Compliance

Program, including but not limited to the performance of the Compliance Officer and Compliance Committee

Submit to the OIG a description of the documents and other materials it reviewed, as well as any additional steps taken, in its oversight of the compliance program and in support of making the [Board] resolution . . . during each Reporting Period.

For each Reporting Period of the CIA, adopt a resolution, signed by each member of the Board (or a committee of the Board) summarizing its review and oversight of MCNH’s compliance with Federal health care program requirements and the obligations of this CIA.

8. Board Compliance Committee

“At a minimum”, the resolution shall include the following language:

“The Board of Directors (or name of applicable committee of the Board) has made a reasonable inquiry into the operations of MCNH’s Compliance Program including the performance of the Compliance Officer and Compliance Committee. Based on its inquiry and review, the Board (or a committee of the Board) has concluded that, to the best of its knowledge, MCNH has implemented an effective Compliance Program to meet Federal health care program requirements and the obligations of the CIA.”

9. CIA First Amendment

Applies to all CORP 200 business units

Effective Date: 8/2/2017

Term of Five Years

Basic Requirement: Ambulance Claims Reviews

IRO Review

CCO Certification

Training on Ambulance coding and billing

10.What Should Navicent HealthManagers & Leaders Do?

Be proactive and actively seek out the compliance obligations in your area of responsibility. Ask questions as needed to assure understanding.

Lead staff in your area of responsibility to assure that they also understand. Monitor your operations to assure compliance. Maintain a workplace where people feel comfortable reporting concerns. Manage to prevent retaliation. Report compliance concerns to Corporate Compliance as required by

Navicent Health policy. Help your leadership prepare for management certification. Assure that training and other CIA obligations are completed. Get familiar with Work Instruction 156.5441 Internal Reporting of Possible

Compliance Issues.

If you have questions about the content covered in this course,

please call the Compliance Office633-1223

Education Attestation

“I certify that I have completed the training session titled, Leadership Compliance Training. I understand that I am obligated to follow compliance requirements that apply to my work, and to ask questions as needed to assure my understanding.”

“I also understand that it is my obligation to report concerns about possible non-compliance, and that I may meet that obligation by discussing my concerns with my manager, another manager or supervisor, a member of the Audit Services and Corporate Compliance Leadership team, or by calling the Navicent Health Helpline at888-380-9008.”

Click here to document that you have reviewed this module.

You’ll be prompted to supply your name, API# and the last four digits of your social security number and to

PRINT a completion document for your records and to provide to your supervisor.