Compliance Program 2022

Page 1 of 18

Cherry Health

Compliance Program

10/2/14; 10/1/15; 12/1/16; 10/4/18; 7/9/19; 3/10/20; 1/21/21; 5/13/21; 6/9/22

Table of Contents

Page 2 of 18

Glossary 3

Seven Elements of Compliance Program 4

I. Commitment to Compliance 5-7

II. Designation of Compliance Team 7-8

Quality Oversite Committee 8-9

III. Conducting Effective Training & Education 9-10

IV. Developing Effective Lines of Communication 10

V. Disciplinary Guidelines 10-11

VI. Auditing & Monitoring 11-12

VII. Responding to Detected Offenses & Developing

Corrective Action Initiatives 12-13

VIII. Compliance Policies and Procedures 14-17

Glossary

Page 3 of 18

Billing: The term billing as it is used throughout this document is intended to mean any

coding practices and documentation used to support coding. It is not intended to refer

to the setting of fees, charges or review of organizational pricing practices.

Compliance Program: A system of standards developed to assure compliance with the

conformity to all payer guidelines and regulatory requirements governing health and

behavioral health care practice.

Compliance Team: The individuals assigned to oversee the implementation and

operation of the Corporate Compliance Program. It reviews the results of internal

audits, makes recommendations for improvements to the Corporate Compliance

Program and reports its activities to the Board of Directors and through the Patient

Services Committee of the Board via the Quality Oversight Committee dashboard

reports.

HIPAA: The Health Insurance Portability and Accountability Act of 1996, including all

past or future amendments and all regulations now or in the future under its authority.

Non-Compliance: The failure to document or bill according to federal regulations

applicable to the services of Cherry Health, or a material failure to properly code the

service, or material failure to comply with HIPAA.

Provider: A provider of medical, dental, vision or behavioral services.

Page 4 of 18

Cherry Health

Corporate Compliance Program

Cherry Street Service, Inc., DBA Cherry Health, voluntarily implements a Corporate

Compliance Program aimed at the prevention of fraud, abuse and waste, compliance

with rules, regulations and laws while simultaneously improving quality patient care.

Our compliance efforts are aimed at preventing, detecting, and resolving variances, as

well as working in collaboration with other departments to assure new initiatives are

implemented within the organization to maximize quality and effectiveness of patient

care.

The seven elements of Cherry Health’s Corporate Compliance Program are:

I. Commitment to Compliance

A. Standards of Conduct

B. Reasonable and Necessary

C. Billing

D. Compliance with applicable HHS Fraud Alerts

E. Anti-Kick Back/Inducements

F. Retention of Records/Documentation

G. Implementation of Regulatory Initiatives

II. Designation of a Compliance Committee

III. Conducting Training and Education Programs

IV. Communication

V. Disciplinary Guidelines

VI. Auditing and Monitoring

VII. Corrective Action

Page 5 of 18

I. COMMITMENT TO COMPLIANCE

A. Standards of Conduct

Cherry Health promotes adherence to the Corporate Compliance Program as a major

element in the performance evaluation of all staff members, officers and agents.

Adherence to the program is woven through the organization’s policies and procedures.

Cherry Health staff members, officers and agents are bound to comply, in all official acts

and duties, with all applicable laws, rules, regulations, standards of conduct, including,

but not limited to, laws, rules, regulations, and directives of the federal government and

the state of Michigan, and rules, policies and procedures of Cherry Health. These

current and future standards of conduct are incorporated by reference in this Corporate

Compliance Program.

All candidates for employment will undergo a prudent background investigation

including: a reference check, exclusion check and criminal record. Due care will be used

in the recruitment and hiring process to prevent the appointment to positions with

substantial discretionary authority, persons whose record (professional licensure,

credentials, prior employment and any criminal record) gives reasonable cause to

believe the individual has a propensity to fail to adhere to applicable standards of

conduct. Once hired, monthly exclusion checks are done to ensure no employee,

contractor, board member or vendor is barred from participating in federal programs.

All new staff members receive orientation and training in compliance policies and

procedures including CMS Fraud, Waste and Abuse and ethics as part of new staff

orientation. Participation is required as a condition of employment. All staff receive

training in compliance policies, procedures and CMS Fraud, Waste and Abuse on an

annual basis. Failure to participate in required training may result in disciplinary actions,

up to and including termination of employment.

Every employee receives periodic training updates regarding compliance protocols as

they relate to the employee’s individual duties. This is done through articles in the

organization newsletter, presentations at staff meetings and general consultations.

Board members receive compliance training annually.

Non-compliance with the program or violations will result in progressive discipline of the

employee(s) involved, up to, and including, termination of employment.

B. Reasonable and Necessary Services

Cherry Health will take reasonable measures to ensure that only claims for services that

are reasonable and necessary, given the patient’s condition, are billed.

Page 6 of 18

Documentation will support the determinations of reasonable and necessary when

providing services.

Cherry Health is aware that Medicare will only pay for services that meet the Medicare

coverage criteria and are reasonable and necessary to treat or diagnose a patient.

Therefore, Cherry Health’s clinical staff will use prudent ordering practices.

In requesting diagnostic procedures or tests, Cherry Health’s clinical staff will determine

that the tests or procedures are within the guidelines of reasonable and necessary

services, and documentation will support the findings and diagnoses with regard to the

tests or procedures ordered. A diagnosis will be submitted for all tests ordered.

C. Billing

All claims for services submitted to Medicare or other health benefits programs will

correctly identify the services provided. Only those services provided by authorized

clinicians that are performed and that meet Medicare’s or the health benefits program’s

criteria will be billed.

Intentionally or knowingly upcoding (the selection of a code to maximize

reimbursement when such code is not the most appropriate descriptor of the service

provided) will result in disciplinary action which may include immediate termination of

employment. The clinical staff must provide documentation to support the CPT, DSM V,

and/or ICD-10 codes used based on medical findings and diagnoses.

D. Compliance with Applicable HHS Fraud Alerts

The Corporate Compliance Team or designee will review the Medicare Fraud Alerts. The

Corporate Compliance Team or designee will immediately terminate any conduct

deemed inappropriate by the Fraud Alert by implementing corrective actions and taking

reasonable actions to ensure that future violations do not occur. Documentation will be

kept regarding review of the alerts and action taken.

E. Anti-Kickback/Inducements

Cherry Health will not participate in nor condone the provision of inducements or

receipt of kickbacks to gain business or influence referrals. All of Cherry Health’s clinical

staff will consider the patient’s interests in offering referral for treatment, diagnostic, or

service options.

Any employee involved in promoting or accepting kickbacks or offering inducements will

be subject to disciplinary action which may include immediate termination of

employment.

Page 7 of 18

F. Retention of Records/Documentation

Cherry Health will ensure that all records required by funding source, federal and/or

state law are created and maintained. All records will be maintained for the period

specified by federal and state law and by the funding source.

Documentation of compliance efforts will include staff meeting minutes, memoranda

concerning compliance protocols, problems identified, and corrective actions taken, the

results of any investigations and documentation supportive of assessment findings,

diagnoses, treatments and program of care.

G. Implementation of Regularity Initiatives

The Corporate Compliance Team will work collaboratively with other departments in the

understanding and implementation of regulatory initiatives with the goal of improved

care for patients.

DESIGNATION OF A CORPORATE COMPLIANCE TEAM AND COMPLIANCE

COMMITTEE

While compliance is the responsibility of all Board members, staff, volunteers, students,

interns, contractors, patients, vendors and business associates, the Corporate

Compliance Team is the focal point of the Corporate Compliance Program and should be

accountable for all compliance responsibilities.

Cherry Health designates The Director of Quality and Informatics, The Risk

Management Specialist and the Compliance Analyst to coordinate compliance activities.

Director of Quality and Informatics will oversee and monitor the implementation of the

Corporate Compliance Program.

• Report in a timely manner either directly or via the Quality Oversight Committee

to the organization’s Chief Officers on the progress of implementation and

assisting the practice in establishing methods to improve efficiency and quality

of services and to reduce the vulnerability to allegations of fraud, abuse and

waste.

• Develop and distribute all written compliance policies and procedures to all

affected staff members.

• Periodically revise the program considering changes in the needs of the

organization and in the law including changes in policies and procedures of

government and private payer health programs.

• In coordination with The Workforce Development manager will Develop,

coordinate, and participate in a multifaceted educational and training program

that focuses on the elements of the Corporate Compliance Program and seeks to

Page 8 of 18

ensure that all staff members are knowledgeable of, and comply with, pertinent

federal, state, and private payer standards.

• Ensure that all service providers are informed of Corporate Compliance Program

standards with respect to coding, billing and documentation, etc.

• Assist in coordinating internal compliance review and monitoring activities

including annual reviews of policies.

• Independently coordinate investigation and action on matters related to

compliance including the flexibility to design and coordinate internal

investigations.

• Develop policies and programs that encourage managers and staff members to

report suspected fraud and other improprieties without fear of retaliation.

• Assist the organization in understanding the impact of complying with new,

updated and changed regulatory initiatives.

The Corporate Compliance Officer has the authority to review all documents and other

information relative to compliance activities, including, but not limited to, requisition

forms, billing information, claims information and records concerning arrangements

with patients.

Quality Oversight Committee:

Cherry Health recognizes and supports the very close working relationship between

quality and compliance. In order to foster the most efficient manner for these two to

maintain that close working relationship, Cherry Health designates a team consisting of

staff with decision making authority representing areas of the organization that are

most directly impacted by the regulatory environment, (for example, CFO, COO, CMO,

CHRDO, Director of Reimbursement, Director of Quality and Informatics, Compliance

Officer, Director of Pharmacy or their designees) called the Quality Management

Oversight Committee to advise the Compliance Officer, assist in the implementation of

the Corporate Compliance Program as needed and address the quality issues that arise

from the operations of the organization.

The functions of the Quality Oversight Committee include:

• Analyze the organization’s regulatory environment, the legal requirements with

which it must comply and specific risk areas resulting in an annual risk

assessment.

• Assess existing policies and procedures and standards that address risk areas for

possible incorporation into the Corporate Compliance Program.

Page 9 of 18

• Work with the organization’s standards of conduct, policies and procedures to

promote compliance.

• Recommend and monitor the development of internal systems and controls to

implement standards, policies and procedures as part of the daily operations.

• Determine the appropriate strategy/approach to promote compliance with the

program and detection of any potential problems or violations.

• Monitor new and ongoing quality improvement efforts to determine

effectiveness.

III. CONDUCTING EFFECTIVE TRAINING AND EDUCATION

Cherry Health requires all staff members, students and interns to attend specific training

in the areas of confidentiality, HIPAA (and all associated regulations), Fraud, Waste and

Abuse (the CMS version), Ethics and Corporate Compliance policies and procedures

upon hire, and on an annual and as-needed basis thereafter. This includes training in

federal and state statutes, regulations, program requirements, policies, and ethics. The

trainings emphasize the organization’s commitment to compliance with these legal

requirements and policies.

The training programs include sessions highlighting the organization’s Corporate

Compliance Program, summaries of fraud and abuse laws, discussions of coding

requirements, claim development, claim submission processes and how to report

compliance issues.

The Workforce Development Manager provides this training at new staff orientation

and annually thereafter via the automated educational system. Documentation of

attendees, the subjects covered, and any materials distributed at the training sessions

are maintained.

Basic trainings include:

• Government and payer reimbursement principles.

• General prohibitions on paying or receiving remuneration to induce referrals.

• CMS Fraud, Waste and Abuse, Office of Inspector General exclusions, Michigan

Mental Health Code and Substance Abuse Treatment confidentiality rules.

• Only billing for services ordered, performed and reported.

• Duty to and how to report misconduct.

Page 10 of 18

Training may also occur at departmental staff meetings, either as a topic presented by

the supervisor or through a visit from the compliance team. This type of training will be

documented in the minutes of the meeting along with participants in attendance.

Staff receive reminders and updates about the topics they have been trained on or

information about new or changing topics through entries in the agency newsletter, the

Heartbeat. These reminders come from both the IT and compliance departments. The

reimbursements department assists in training staff in the areas of documentation

through presentation at provider staff meetings and through provision of helpful tools

keeping staff abreast of the required elements of documentation.

IV. DEVELOPING EFFECTIVE LINES OF COMMUNICATION

Cherry Health protects whistle blowers from retaliation.

Cherry Health has established a procedure so that staff members may seek clarification

from the Corporate Compliance Team in the event of any confusion or questions

regarding a policy or procedure.

A hot line (844.305.1504) has been established so that staff members, patients or others

may anonymously consult with the Corporate Compliance Officer or designee with

questions, or report violations. A compliance email box,

(compliance@cherryhealth.com) was established and may be used to communicate

information regarding compliance and compliance activities. A staff feedback portal has

been established via Google so that staff may communicate with Compliance

anonymously. Any staff member may collect information of a compliance nature from

patients or others and share that with the Compliance team.

Any potential problem or questionable practice which is, or is reasonably likely to be, in

violation of, or inconsistent with, federal or state laws, rules, regulations, directives or

Cherry Health rules, procedures or policies relative to the delivery of healthcare

services, or the billing and collection of revenue derived from such services, and any

associated requirements regarding documentation, coding, supervision, and other

professional or business practices must be reported to the Compliance Team.

Any person who has reason to believe that a potential problem or questionable practice

is or may be in existence should report the circumstance to the Compliance Team. Such

reports may be made verbally or in writing and on an anonymous basis.

The Corporate Compliance Team promptly documents and investigates reported

matters that suggest violations of policies, regulations, statutes or program

requirements to determine their veracity. The Corporate Compliance Team will

maintain a log of such reports including the nature of the investigation and its results.

The Corporate Compliance Team works closely with legal counsel who can provide

guidance regarding complex legal and management issues.

Page 11 of 18

V. DISCIPLINARY GUIDELINES

All Cherry Health staff, volunteers and students are held accountable for failing to

comply with applicable standards, laws, policies and procedures. Supervisors and/or

managers are held accountable for the foreseeable compliance failures of their

subordinates.

The supervisor or manager is responsible for taking appropriate disciplinary actions in

the event an employee fails to comply with applicable regulations, procedures or

policies. The disciplinary process for violations of the Corporate Compliance Program is

administered according to organization policies and procedures depending upon the

seriousness of the violation. The Compliance Officer, as well as legal counsel, may be

consulted in determining the seriousness of the violation.

If the deviation occurred due to legitimate, explainable reasons, the Corporate

Compliance Officer and supervisor or manager may limit disciplinary action or take no

action. If the deviation occurred because of improper procedures, misunderstanding of

rules, including systemic problems, the organization will take immediate actions to

correct the problem.

When disciplinary action is warranted, it should be prompt and imposed according to

organization policies and procedures.

Within 30 working days after receipt of an investigative report, the supervisor and/or

the Chief Medical or Oral Health Officer and/or CEO (or designee) of the organization

shall determine the action to be taken upon the matter. The action may include,

without limitation, one or more of the following:

1. Dismissal of the matter.

2. Coaching conversation.

3. Documented discussion, written reminder, a letter of admonition or a letter of

reprimand.

4. Entering and monitoring a corrective action program. The corrective action

program may include requirements for individual or group remedial education

and training, consultation, monitoring, and/or concurrent review.

5. Reduction, suspension, or revocation of clinical privileges.

6. Suspension or termination of employment.

7. Modification of assigned duties.

8. Reduction in the amount of salary compensation.

The Chief Medical or Oral Health Officer shall have the authority to, at any time,

suspend summarily the involved employee’s clinical privileges or to summarily impose

consultation, concurrent review, monitoring, or other conditions or restrictions on the

assigned duties of the involved provider to reduce the substantial likelihood of violation

of standards of conduct.

Page 12 of 18

VI. AUDITING AND MONITORING

The Corporate Compliance Team or designee will conduct ongoing evaluations of

compliance processes through monitoring and reporting to the Board of Cherry Health.

Compliance reporting will be included in program dashboard reports shared with the

Client Services Committee. Annually, the Director of Quality and Informatics will report

through the Executive Committee of the Board.

The Corporate Compliance Team or designee will develop audit tools designed to

address the organization’s compliance with laws governing documentation, coding and

billing, claim development and submission, reimbursement, reporting and record-

keeping. Internal audits will be conducted on a regular basis.

As part of the exit interview of employees, compliance questions will be included to

solicit information concerning potential problems and questionable practices. The

answers to those questions will be shared with the Corporate Compliance Team. The

Corporate Compliance Team or designee may follow up with the former employee

regarding the report of potential problems or questionable practices.

VIII. RESPONDING TO DETECTED OFFENSES AND DEVELOPING CORRECTIVE ACTION

INITIATIVES

Violations of Cherry Health’s Corporate Compliance Program, failure to comply with

applicable state or federal law, other requirements of government, private health

programs, funding sources, accreditation bodies, and other types of misconduct may

threaten the organization’s status as a reliable, honest, and trustworthy provider

capable of participating in federal health care programs. Detected, but uncorrected,

misconduct may seriously endanger the mission, reputation and legal status of the

organization. Consequently, upon reports of reasonable indications of suspected

noncompliance, the Corporate Compliance Officer must initiate an investigation to

determine whether a material violation of applicable laws or requirements has

occurred.

The steps of the internal investigation may include interviews and a review of relevant

documentation. Records of the investigation should contain documentation of the

alleged violation, a description of the investigative process, copies of interview notes

and key documents, a log of witnesses interviewed, and the documents reviewed, the

results of the investigation and the corrective actions implemented.

If an investigation of an alleged violation is undertaken and the Corporate Compliance

Team believes the integrity of the investigation may be hampered by the presence of

staff members under investigation, those staff members should be removed from their

current work activities pending completion of that portion of the investigation. These

staff members will be suspended, with pay, pending the outcome of the investigation.

Page 13 of 18

Additionally, the Corporate Compliance Team must take appropriate steps to secure or

prevent the destruction of documents or other evidence relevant to the investigation.

If the results of the internal investigation identify a problem, the response may be

immediate referral to criminal and/or civil law enforcement authorities, development of

a corrective action program, or a report to the government and submission of any

overpayments, if applicable. If potential fraud or violations of the False Claims Act are

involved, the Corporate Compliance Officer should report the potential violation to the

Office of the Inspector General or the Department of Justice.

When making a repayment for an overpayment, Cherry Health should inform the payer

of the following:

1) The refund is being made pursuant to a voluntary Corporate Compliance

Program.

2) A description of the complete circumstances prompting the overpayment.

3) The methodology by which the overpayment was determined.

4) Any claim-specific information used to determine the overpayment.

5) The amount of the overpayment.

The CEO of Cherry Health will have the authority and responsibility to direct repayment

to payers and the reporting of misconduct to enforcement authorities as is determined,

in consultation with legal counsel, to be appropriate or required by applicable laws and

rules.

If the CEO of Cherry Health discovers credible evidence of misconduct and has reason to

believe that the misconduct may violate criminal, civil, or administrative law, then the

Corporate Compliance Officer will promptly report the matter to the appropriate

government authority within a reasonable time frame, but not more than 60 days after

determining that there is credible evidence of a violation.

Office of Inspector General Hotline: 1.800.HHS.TIPS (1.800.447.8477)

When reporting misconduct to the government, the Corporate Compliance Team should

provide all evidence relevant to the potential violation of applicable federal or state

laws and the potential cost impact.

This Corporate Compliance Program may be altered or amended in writing only with the

concurrence of the CEO of the organization.

Corporate Compliance Policies and Procedures

The following policies and procedures are included in the Corporate Compliance

Program as the foundation of the program. The procedures provide guidance to the

workforce and Board of Directors in working within an organization that is committed to

compliance or when confronted with issues that relate to compliance.

Page 14 of 18

Policies:

1. Corporate Compliance Program

The mission of Cherry Health is to improve the health and wellness of individuals by

providing comprehensive and integrated health care while encouraging access by those

who are underserved. In fulfilling this mission, Cherry Health is dedicated to adhering to

the highest ethical standards and accordingly recognizes the importance of compliance

with all applicable state and federal laws. To evidence this dedication, the Board of

Directors adopts and provides authorization to staff to implement the Corporate

Compliance Program.

2. Ethical Environment

Cherry Health is dedicated to the delivery of health care in an environment

characterized by strict conformance with the highest standards of accountability for

administration, clinical, business, marketing and financial management. Cherry Health’s

leadership is fully committed to the need to prevent and detect fraud, fiscal

mismanagement and misappropriation of funds, and has in place a formal Corporate

Compliance Program to ensure ongoing monitoring and conformance with all legal and

regulatory requirements.

This program emphasizes:

• Development and distribution of a written code of ethics and conduct, as

well as written policies and procedures that address the various components

of the Corporate Compliance Program and addresses principal risk areas.

• Designation of Compliance Team and a Quality Management Oversight Team

charged with the responsibility of operating and monitoring the Compliance

Program.

• Development and implementation of regular, effective education and

training programs for Cherry Health employees, Board members, members

of the medical staff, contractors and volunteers.

• Maintenance of an effective and well publicized protocol for reporting or

raising conduct or ethical concerns without fear of retaliation.

• Development of disciplinary standards to clarify and respond to conduct

prohibited by the Code of Ethics and conduct and pursue equitable

enforcement of standards with regard to employees who violate law or

regulation according to the Compliance Program.

• Development of criteria and protocol for ensuring that no individual who has

engaged in illegal or unethical behavior or who has been convicted of health

care related crimes shall hold positions that exercise discretionary authority.

• Maintenance of effective auditing and monitoring systems to evaluate

compliance with laws, regulations, federal health care programs, and the

standards developed in the compliance plan; to assist in the prevention of

compliance program violations; and to maintain the effectiveness of the

compliance program.

Page 15 of 18

• Investigate, respond, and prevent identified noncompliance, including the

establishment of appropriate and coordinated corrective action measures.

Procedures:

1. Corporate Compliance Program

The Corporate Compliance Program is intended to become a part of the fabric of the

Organization’s routine operations. The organization endeavors to communicate to all

personnel the intent to comply with applicable laws through the Corporate Compliance

Plan. In addition, the Corporate Compliance Program will:

• Assess Cherry Health’s business activities and consequent legal risks.

• Educate all personnel regarding compliance requirements and train

personnel to conduct their job activities in compliance with state and federal

law and according to the policies and procedures of the organization.

• Implement monitoring and reporting functions to measure the effectiveness

of the plan and to address problems in an efficient and timely manner.

• Include enforcement and discipline components that ensure that all

personnel take their compliance responsibilities seriously.

Overall responsibility for the operation and oversight of the Corporate Compliance

Program belongs to the Board; however, the day-to-day responsibility for operation and

oversight of the program rests with the Director of Quality and Informatics. The Director

of Quality and Informatics will be assisted in these duties by the Quality Oversight

Committee.

No members of the organization have authority to act contrary to any provision of the

Corporate Compliance Program or to condone any such violations by others. Anyone

with knowledge of information concerning a suspected violation of law or violation of a

provision of the Corporate Compliance Program is required to report promptly such

violations in accordance with the Corporate Compliance Program and Duty to Report

Compliance Issue procedure.

Members of the organization who violate any provision of the Corporate Compliance

Program, including the duty to report suspected violations, will be subject to disciplinary

measures as set forth in the Corrective Action policy and procedure. Cherry Health will

take steps to investigate all reported violations and will endeavor through constant

vigilance to ensure that the Corporate Compliance Program is effective in preventing,

detecting and eliminating violations of the law. In addition, promotion of and adherence

to the Corporate Compliance Program will be part of the job performance evaluation

criteria (Integrity section) for all organization members.

Cherry Health reserves the right to change, modify or amend the Corporate Compliance

Program as deemed necessary. If changes, modification or amendments are made to

the program, members of the organization will be informed as soon as possible after the

changes, amendments or modifications are approved by the Board.

Page 16 of 18

Should members of Cherry Health have any questions or uncertainties regarding

compliance with applicable state or federal law, or any aspect of the Corporate

Compliance Program, including related policies or procedures, they should seek

immediate clarification from their supervisor, the Corporate Compliance Officer, or

through the Compliance Hotline.

2. Corporate Compliance Coordination and Quality Oversight Committee

Cherry Health will designate a Director of Quality and Informatics to serve as the

coordinator of all compliance activities and a Quality Oversight Committee to advise the

Corporate Compliance Officer and assist in the implementation of the Corporate

Compliance Program as needed.

The responsibilities and scope of authority of the Director of Quality and Informatics and

Quality Oversight Committee are included in the Corporate Compliance Program and

position description.

3. Compliance Reporting to the Board of Directors

Compliance reporting will be included in program dashboard reports to the Client

Services Committee of the Board of Directors on a regular basis. If an issue is deemed to

be of a serious nature it will be reported to the Board at its next regularly scheduled

meeting after the issue arises.

4. Duty to Report Compliance Issues

Duty to Report: All staff, patients/families, members of the board and business

associates are expected to report any activity that appears to violate applicable laws,

rules, regulations and/or applicable Cherry Health policies and procedures without fear

of retaliation or retribution.

As much as possible, the confidentiality of the reporting person will be protected.

However, during the investigation of the claim, the identity of the reporting person may

be deduced or indirectly disclosed.

Non- Retaliation or Retribution: Staff, members of the board or business associates are

not permitted to engage in retaliation, retribution, punishment or any form of

harassment against another employee or associate for reporting compliance-related

concerns made in good faith through established reporting methods. Any retribution,

retaliation or harassment will result in disciplinary action.

How to Report a Concern: Generally, compliance concerns involve the potential for

fraud, abuse and waste, confidentiality violations or noncompliance with policies or

procedures. Examples of compliance concerns include (but are not limited to):

• Submitting inaccurate or misleading claims for services provided.

• Making false statements or representations to obtain payment for services.

Page 17 of 18

• Offering or giving something of value to patients to encourage them to use or

purchase health care services.

• Sending a statement of account (billing statement) which includes protected

health information (PHI) to the wrong address or person.

• Unintentionally sharing PHI inappropriately.

Those with a compliance concern have several options to report or obtain additional

information and assistance.

• Whenever possible, resolve the issue within the department. It is an expectation

to raise concerns first with the manager or direct supervisor if that approach is

appropriate.

• If discussing the concern with the manager or supervisor is inappropriate, the

employee may contact the Corporate Compliance Team directly by phone or

email. The employee may report to any supervisor, manager, administrator,

utilize the compliance email box, the staff feedback portal or call the Compliance

Hotline.

• The Compliance Hotline is available for anyone to use to raise an issue. The

hotline can be used either anonymously, or if a response is desired the person

should identify themselves.

• Concerns regarding employee performance should be directed to Human

Resources and addressed through the Problem Resolution process.

After a Concern Has Been Reported:

• The Corporate Compliance Team will investigate all concerns reported. If the

concern relates to a process or procedure of another department, and is not a

compliance issue, the Corporate Compliance Officer will refer that concern to

the appropriate department for resolution. There will be a determination of

whether a formal investigation, by an outside party, is warranted.

• The Corporate Compliance Team will notify the reporting individual (if known)

that the concern has been received and is either resolved or being investigated

further.

• If a complaint warrants formal investigation by an outside party, the Executive

Committee of the Board of Directors will engage and receive the report from the

outside party.

5. Billing Integrity Audits

Billing Integrity Audits (BIA) will be conducted by Corporate Compliance staff or

designee on a regular basis and prior to the submission of bills to the payers.

A random selection of an adequate number of patient records will be used. The BIA will

verify the accuracy of claims and services provided by a comparison of the patient

record to the requirements of the payer and the remittance advice.

Page 18 of 18

The BIA will include that services provided are documented in accordance with

appropriate requirements, are coded correctly, billed appropriately, and payment is

applied appropriately. Exceptions noted will be documented on a spreadsheet that will

indicate the date of service, the provider of the service, description of the exception,

and are reported to the CMO, program supervisors and providers.

Ongoing monitoring will continue to ensure repeated errors do not occur by updating

reports, which will indicate errors made by individual staff as well as by program, the

corrective action recommended and when the corrections were made within the

timelines established in the recommendation of the auditor. Additional documentation

will be kept that indicates if the corrective actions were successful. The outcome of the

BIA will be the improvement of procedures and processes to assure efficient and

accurate billing of services.

The BIA will be made available to auditors per contract or agreement as appropriate.