In this ptresentation i have talked about corporate compliance program Specially Endo Pharmaceuticals corporate compliance program. Here is discussed about Some external government requirements related to compliance, Elements of an Effective Compliance Program, Corporate Compliance & Business Practices, Endo's Culture of Compliance, Leadership responsibilities, Code of Conduct, Reporting a Concern, Findings from corporate compliance. We have also recommended for overcoming some drawbacks related to corporate compliance to do so they will have to make the corporate compliance more effective & more motivational & more efficient. The study is performed based on the information extracted from different sources collected by using a specific methodology. This report is analytical in nature. To prepare the report on corporate compliance policy and procedure of Endo Pharmaceuticals. The information has been collected from secondary sources.
How is COVID-19 Reshaping the role of Institutional strategy? By.Dr.Mahboob KhanHealthcare consultant
While workers around the globe are keeping essential services running, it is imperative for business leaders, particularly senior strategy executives, to reflect on the lasting implications of COVID-19 and what they can do to best position their people, their businesses, and society to recover and thrive in the long term. Five key shifts can help chief strategy officers (CSOs) successfully guide their organizations through the pandemic.
SECOND LETTER TO THE BOARD OF DIRECTORS OF GOLDEN VALLEY HEALTH CENTERSSave Gvhc
Board should thoroughly review and take a closer look at corporate governance at Golden Valley Health Centers (GVHC) – more specifically Ethics and Compliance. Dr. Pham’s Open Letter of December 2 outlined some serious concerns and issues relating to the behavior and ethics of the GVHC leadership team. Good corporate governance begins with the behavior and ethics of the leadership team. In fact, a factor that is often cited in governance failures is a poor “tone at the top”. Beyond overseeing and asking the right questions of the leadership team regarding GVHC’s ethics and compliance efforts, the GVHC Board has a significant role to play in building and promoting an ethical culture. READ the Second Letter to the Board: Ethics and Compliance.
The Season for Compliance is upon. The Office of the Inspector General has mandated elder care facilities institute this 7 part compliance program. Are you ready?
In this ptresentation i have talked about corporate compliance program Specially Endo Pharmaceuticals corporate compliance program. Here is discussed about Some external government requirements related to compliance, Elements of an Effective Compliance Program, Corporate Compliance & Business Practices, Endo's Culture of Compliance, Leadership responsibilities, Code of Conduct, Reporting a Concern, Findings from corporate compliance. We have also recommended for overcoming some drawbacks related to corporate compliance to do so they will have to make the corporate compliance more effective & more motivational & more efficient. The study is performed based on the information extracted from different sources collected by using a specific methodology. This report is analytical in nature. To prepare the report on corporate compliance policy and procedure of Endo Pharmaceuticals. The information has been collected from secondary sources.
How is COVID-19 Reshaping the role of Institutional strategy? By.Dr.Mahboob KhanHealthcare consultant
While workers around the globe are keeping essential services running, it is imperative for business leaders, particularly senior strategy executives, to reflect on the lasting implications of COVID-19 and what they can do to best position their people, their businesses, and society to recover and thrive in the long term. Five key shifts can help chief strategy officers (CSOs) successfully guide their organizations through the pandemic.
SECOND LETTER TO THE BOARD OF DIRECTORS OF GOLDEN VALLEY HEALTH CENTERSSave Gvhc
Board should thoroughly review and take a closer look at corporate governance at Golden Valley Health Centers (GVHC) – more specifically Ethics and Compliance. Dr. Pham’s Open Letter of December 2 outlined some serious concerns and issues relating to the behavior and ethics of the GVHC leadership team. Good corporate governance begins with the behavior and ethics of the leadership team. In fact, a factor that is often cited in governance failures is a poor “tone at the top”. Beyond overseeing and asking the right questions of the leadership team regarding GVHC’s ethics and compliance efforts, the GVHC Board has a significant role to play in building and promoting an ethical culture. READ the Second Letter to the Board: Ethics and Compliance.
The Season for Compliance is upon. The Office of the Inspector General has mandated elder care facilities institute this 7 part compliance program. Are you ready?
From complex coding requirements to strict patient referral rules, physicians are scrambling to avoid entanglements in a broad net of federal, state, and commercial payer requirements. Get ideas on how you can help protect your practice.
For more resources and information:
http://sites.mckesson.com/practiceconsulting/kc_coding.htm
IT 549 Final Project Guidelines and Rubric Overview .docxchristiandean12115
IT 549 Final Project Guidelines and Rubric
Overview
The final project for this course is the creation of a functional information assurance plan.
The effective management of information and protection of pertinent data is essential for leveraging the required knowledge to serve customers and
stakeholders on a continuous basis. Employing information assurance best practices will ensure a firm is able to eliminate hierarchical structures, become more
flat, and have greater customer touch points by leveraging the correct information at the right time. Successful firms will maintain an established information
assurance plan and posture that are reviewed on a weekly basis.
This assessment will consist of the creation of a functional information assurance plan. You will review a real-world business scenario in order to apply
information assurance research and incorporate industry best practices to your recommendations for specific strategic and tactical steps. These skills are crucial
for you to become a desired asset to organizations seeking industry professionals in the information assurance field.
The project is divided into four milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final
submissions. These milestones will be submitted in Modules Two, Four, Five, and Seven. The final product will be submitted in Module Nine.
In this assignment, you will demonstrate your mastery of the following course outcomes:
Assess confidentiality, integrity, and availability of information in a given situation for their relation to an information assurance plan
Propose appropriate protocols for incident and disaster responses and managing security functions that adhere to best practices for information
assurance
Analyze threat environments using information assurance research and industry best practices to inform network governance
Recommend strategies based on information assurance best practices for maintaining an information assurance plan
Evaluate the appropriateness of information assurance decisions about security, access controls, and legal issues
Assess applicable threats and vulnerabilities related to information assurance to determine potential impact on an organization and mitigate associated
risks
Prompt
Your information assurance plan should answer the following prompt: Review the scenario and create an information assurance plan for the organization
presented in the scenario.
Specifically, the following critical elements must be addressed in your plan:
I. Information Assurance Plan Introduction
a) Provide a brief overview of the goals and objectives of your information assurance plan, including the importance of ensuring the confidentiality,
integrity, and availability of information. What are the benefits of creating and maintaining an information assurance plan around those key
concepts?
b) Assess the confi.
Project 1Create an application that displays payroll informatio.docxbriancrawford30935
Project 1:
Create an application that displays payroll information by:
a. Drawing the flowchart for this application.
b. Write the code by using Visual Basic programming language.
Design your application to have the following characteristics:
1. The application should allow the user to enter the following data for ten employees:
· Employee Id
· Number of hours worked
· Hourly pay rate
· Percentage to be withheld for state income tax
· Percentage to be withheld for federal income tax
· Percentage to be withheld for The Federal Insurance Contributions Act ( FICA)
2. The application should calculate and display the following data for each employee (in a one list Box or in multiple list Boxes:
· Gross pay (the number of hours worked multiplied by the hourly pay rate)
· State income tax withholdings (gross pay multiplied by state income tax percentage)
· Federal income tax withholdings (gross pay multiplied by federal income tax percentage)
· FICA withholdings (gross pay multiplied by FICA income tax percentage)
· Net pay (the gross pay minus state income tax, federal income tax, and FICA)
3. When the calculations are performed, be sure to check for the following error:
· If any employee’s state income tax plus federal tax plus FICA is greater than the employee’s gross pay, display an error message stating that the withholdings are too great
4. Make sure to clear all textboxes and labels before entering the information for the new employee
5. Provide ‘Exit’ button which is used to terminate project execution
6. Hitting the [Esc] key should produce the same effect as clicking the ‘Exit’ button
Note: Please, print the flowchart and the source code of your application. Also, I will see the execution of your application.
IT 549 Final Project Guidelines and Rubric
Overview
The final project for this course is the creation of a functional information assurance plan.
The effective management of information and protection of pertinent data is essential for leveraging the required knowledge to serve customers and
stakeholders on a continuous basis. Employing information assurance best practices will ensure a firm is able to eliminate hierarchical structures, become more
flat, and have greater customer touch points by leveraging the correct information at the right time. Successful firms will maintain an established information
assurance plan and posture that are reviewed on a weekly basis.
This assessment will consist of the creation of a functional information assurance plan. You will review a real-world business scenario in order to apply
information assurance research and incorporate industry best practices to your recommendations for specific strategic and tactical steps. These skills are crucial
for you to become a desired asset to organizations seeking industry professionals in the information assurance field.
The project is divided into four milestones, which will be submitted at various points throughout the co.
How HIM Supports the Seven Elements of an Effective Compliance ProgramPYA, P.C.
•An understanding of the seven elements of a robust compliance program.
This presentation offers a review of the regulatory guidance surrounding compliance programs, an identification of HIM’s role in organization compliance, and a discussion of the intersection between HIM and compliance.
Third Party Due Diligence - Know Your Third Party - EY IndiaErnst & Young
Third party due diligence, forensic data analytics and frequent compliance audits form the basis of a strong monitoring system. For more details, visit http://bit.ly/1RQuEGB.
Title of PaperYour nameHCA375– Continuous Quality Monito.docxjuliennehar
Title of Paper
Your name
HCA375– Continuous Quality Monitoring and Accreditation
Type Instructor Name Here
Type Date
HCA375 - WEEK 4 ASSIGNMENT
PART 1 – DETAIL OF THE ADVERSE EVENT CHOSEN
Refer to the instructions in the Week 4 Assignment of your online course to understand what is expected in each row. This completed template should be between eight to ten pages in length. Include APA citations within the description row where appropriate. List your references in APA format according to the Ashford Writing Center guidelines on the last page of this template.
CONTENT
DESCRIPTION
ADVERSE EVENT
HISTORICAL BACKGROUND
LEGAL & ACCREDITING AGENCY REQUIREMENTS
CQI TEAM COMMUNICATION
OPERATIONAL OR SAFETY PROCESSES
IMPACT OF THIS EVENT
WEEK 4 ASSIGNMENT
PART 2 - GRAPH THE DATA
You are tasked with graphing the data in Excel for your chosen event. The data is located in the classroom under the Week 4 Assignment Directions. Make sure to use only the data for your chosen event. The directions identify which columns of information to use depending on the chosen adverse event. Once you complete the graph in Excel, copy/paste your graph below.
Include an analysis of the data in paragraph format.
Discuss the frequency of the adverse event as compared to the increase or decrease of patient discharges.
What is the data telling you?
What possible factors in your opinion could be attributed to the change?
WEEK 4 ASSIGNMENT
PART 3 – CQI TOOL
· Choose one of the CQI Tools listed below to illustrate the use of the tool with your chosen Adverse Event.
· You will be responsible for creating the CQI Tool, completing the tool, taking a screenshot, and copying/pasting the screenshot into the space below. If you are unfamiliar with these tools, please refer to the recommended readings, specifically the article from Week 2, which is listed below. You can locate the article in the Ashford Library.
· In addition, as a learning resource, the CQI tools listed below are hyperlinked to the Institute for Health Care Improvement website, which discusses and illustrates examples of each type of tool.
Siriwardena, A. (2009). Using quality improvement methods for evaluating health care. Quality in Primary Care, 17(3), 155-159. ISSN: 1479-1072 PMID: 19622265
· Choose a CQI Tool that best suits your chosen Adverse Event from the following list.
· Fishbone (Cause and Effect) Diagram
· Flowchart
· Pareto Diagram
WEEK 4 ASSIGNMENT
PART 4 - FUTURE PREVENTION
APPLYING PDSA - Worksheet
PHASE
PHASE ACTIVITIES
EXPLANATION
PLAN
Problem
Objective
Team members
Communication
Data collected
Pilot phase
DO
Three possible solutions
One solution to implement
Result of pilot (create own scenario)
Methods of communication
STUDY
Summarize data
Observations and problems
Comparison of pilot plan to pilot results
Revisions needed to meet objective
ACT
Revised improvement plan
How to Implement the plan hospital wide
Plan for monitoring the improvemen ...
From complex coding requirements to strict patient referral rules, physicians are scrambling to avoid entanglements in a broad net of federal, state, and commercial payer requirements. Get ideas on how you can help protect your practice.
For more resources and information:
http://sites.mckesson.com/practiceconsulting/kc_coding.htm
IT 549 Final Project Guidelines and Rubric Overview .docxchristiandean12115
IT 549 Final Project Guidelines and Rubric
Overview
The final project for this course is the creation of a functional information assurance plan.
The effective management of information and protection of pertinent data is essential for leveraging the required knowledge to serve customers and
stakeholders on a continuous basis. Employing information assurance best practices will ensure a firm is able to eliminate hierarchical structures, become more
flat, and have greater customer touch points by leveraging the correct information at the right time. Successful firms will maintain an established information
assurance plan and posture that are reviewed on a weekly basis.
This assessment will consist of the creation of a functional information assurance plan. You will review a real-world business scenario in order to apply
information assurance research and incorporate industry best practices to your recommendations for specific strategic and tactical steps. These skills are crucial
for you to become a desired asset to organizations seeking industry professionals in the information assurance field.
The project is divided into four milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final
submissions. These milestones will be submitted in Modules Two, Four, Five, and Seven. The final product will be submitted in Module Nine.
In this assignment, you will demonstrate your mastery of the following course outcomes:
Assess confidentiality, integrity, and availability of information in a given situation for their relation to an information assurance plan
Propose appropriate protocols for incident and disaster responses and managing security functions that adhere to best practices for information
assurance
Analyze threat environments using information assurance research and industry best practices to inform network governance
Recommend strategies based on information assurance best practices for maintaining an information assurance plan
Evaluate the appropriateness of information assurance decisions about security, access controls, and legal issues
Assess applicable threats and vulnerabilities related to information assurance to determine potential impact on an organization and mitigate associated
risks
Prompt
Your information assurance plan should answer the following prompt: Review the scenario and create an information assurance plan for the organization
presented in the scenario.
Specifically, the following critical elements must be addressed in your plan:
I. Information Assurance Plan Introduction
a) Provide a brief overview of the goals and objectives of your information assurance plan, including the importance of ensuring the confidentiality,
integrity, and availability of information. What are the benefits of creating and maintaining an information assurance plan around those key
concepts?
b) Assess the confi.
Project 1Create an application that displays payroll informatio.docxbriancrawford30935
Project 1:
Create an application that displays payroll information by:
a. Drawing the flowchart for this application.
b. Write the code by using Visual Basic programming language.
Design your application to have the following characteristics:
1. The application should allow the user to enter the following data for ten employees:
· Employee Id
· Number of hours worked
· Hourly pay rate
· Percentage to be withheld for state income tax
· Percentage to be withheld for federal income tax
· Percentage to be withheld for The Federal Insurance Contributions Act ( FICA)
2. The application should calculate and display the following data for each employee (in a one list Box or in multiple list Boxes:
· Gross pay (the number of hours worked multiplied by the hourly pay rate)
· State income tax withholdings (gross pay multiplied by state income tax percentage)
· Federal income tax withholdings (gross pay multiplied by federal income tax percentage)
· FICA withholdings (gross pay multiplied by FICA income tax percentage)
· Net pay (the gross pay minus state income tax, federal income tax, and FICA)
3. When the calculations are performed, be sure to check for the following error:
· If any employee’s state income tax plus federal tax plus FICA is greater than the employee’s gross pay, display an error message stating that the withholdings are too great
4. Make sure to clear all textboxes and labels before entering the information for the new employee
5. Provide ‘Exit’ button which is used to terminate project execution
6. Hitting the [Esc] key should produce the same effect as clicking the ‘Exit’ button
Note: Please, print the flowchart and the source code of your application. Also, I will see the execution of your application.
IT 549 Final Project Guidelines and Rubric
Overview
The final project for this course is the creation of a functional information assurance plan.
The effective management of information and protection of pertinent data is essential for leveraging the required knowledge to serve customers and
stakeholders on a continuous basis. Employing information assurance best practices will ensure a firm is able to eliminate hierarchical structures, become more
flat, and have greater customer touch points by leveraging the correct information at the right time. Successful firms will maintain an established information
assurance plan and posture that are reviewed on a weekly basis.
This assessment will consist of the creation of a functional information assurance plan. You will review a real-world business scenario in order to apply
information assurance research and incorporate industry best practices to your recommendations for specific strategic and tactical steps. These skills are crucial
for you to become a desired asset to organizations seeking industry professionals in the information assurance field.
The project is divided into four milestones, which will be submitted at various points throughout the co.
How HIM Supports the Seven Elements of an Effective Compliance ProgramPYA, P.C.
•An understanding of the seven elements of a robust compliance program.
This presentation offers a review of the regulatory guidance surrounding compliance programs, an identification of HIM’s role in organization compliance, and a discussion of the intersection between HIM and compliance.
Third Party Due Diligence - Know Your Third Party - EY IndiaErnst & Young
Third party due diligence, forensic data analytics and frequent compliance audits form the basis of a strong monitoring system. For more details, visit http://bit.ly/1RQuEGB.
Title of PaperYour nameHCA375– Continuous Quality Monito.docxjuliennehar
Title of Paper
Your name
HCA375– Continuous Quality Monitoring and Accreditation
Type Instructor Name Here
Type Date
HCA375 - WEEK 4 ASSIGNMENT
PART 1 – DETAIL OF THE ADVERSE EVENT CHOSEN
Refer to the instructions in the Week 4 Assignment of your online course to understand what is expected in each row. This completed template should be between eight to ten pages in length. Include APA citations within the description row where appropriate. List your references in APA format according to the Ashford Writing Center guidelines on the last page of this template.
CONTENT
DESCRIPTION
ADVERSE EVENT
HISTORICAL BACKGROUND
LEGAL & ACCREDITING AGENCY REQUIREMENTS
CQI TEAM COMMUNICATION
OPERATIONAL OR SAFETY PROCESSES
IMPACT OF THIS EVENT
WEEK 4 ASSIGNMENT
PART 2 - GRAPH THE DATA
You are tasked with graphing the data in Excel for your chosen event. The data is located in the classroom under the Week 4 Assignment Directions. Make sure to use only the data for your chosen event. The directions identify which columns of information to use depending on the chosen adverse event. Once you complete the graph in Excel, copy/paste your graph below.
Include an analysis of the data in paragraph format.
Discuss the frequency of the adverse event as compared to the increase or decrease of patient discharges.
What is the data telling you?
What possible factors in your opinion could be attributed to the change?
WEEK 4 ASSIGNMENT
PART 3 – CQI TOOL
· Choose one of the CQI Tools listed below to illustrate the use of the tool with your chosen Adverse Event.
· You will be responsible for creating the CQI Tool, completing the tool, taking a screenshot, and copying/pasting the screenshot into the space below. If you are unfamiliar with these tools, please refer to the recommended readings, specifically the article from Week 2, which is listed below. You can locate the article in the Ashford Library.
· In addition, as a learning resource, the CQI tools listed below are hyperlinked to the Institute for Health Care Improvement website, which discusses and illustrates examples of each type of tool.
Siriwardena, A. (2009). Using quality improvement methods for evaluating health care. Quality in Primary Care, 17(3), 155-159. ISSN: 1479-1072 PMID: 19622265
· Choose a CQI Tool that best suits your chosen Adverse Event from the following list.
· Fishbone (Cause and Effect) Diagram
· Flowchart
· Pareto Diagram
WEEK 4 ASSIGNMENT
PART 4 - FUTURE PREVENTION
APPLYING PDSA - Worksheet
PHASE
PHASE ACTIVITIES
EXPLANATION
PLAN
Problem
Objective
Team members
Communication
Data collected
Pilot phase
DO
Three possible solutions
One solution to implement
Result of pilot (create own scenario)
Methods of communication
STUDY
Summarize data
Observations and problems
Comparison of pilot plan to pilot results
Revisions needed to meet objective
ACT
Revised improvement plan
How to Implement the plan hospital wide
Plan for monitoring the improvemen ...
IHP 610 Final Project Guidelines and Rubric Overview MalikPinckney86
IHP 610 Final Project Guidelines and Rubric
Overview
Healthcare is a field dominated by complex regulation, limited resources, highly charged debates, changing reimbursement, expensive education barriers to
entry, and knowledge imbalances. Healthcare decision-makers often have to review information about an issue, analyze the applicable law, and make a decision.
Those decisions are often not founded on clearly right or clearly wrong “answers.” Nonetheless, after decision makers conduct or review a policy analysis and a
legal analysis and arrive at a conclusion, they must be able to support and defend that decision. Stakeholder values are often in conflict; decision makers working
in the field of healthcare and health law have many opportunities to defend their decisions!
The final project for this course will give you an opportunity to build policy and legal analysis skills. You will choose from one of three issue prompts at the
beginning of the course. Throughout the course, you will draft a memo containing an overview and analysis of your selected issue, as well as a series of
recommendations for a healthcare executive. You will experience some of the challenges of reconciling competing values, demands for resources, and
organizational needs. Each issue prompt is based on “real world” scenarios, so take this opportunity to practice developing health law and policy analysis skills.
This final project addresses your mastery with regard to the following course outcomes:
Assess the impact of stakeholder needs on decision making for ensuring effective implementation of health law and policy
Assess the impact of current healthcare laws, policies, and financing practices on affected key stakeholders for informing policy recommendations
Determine the extent to which legal risks and potential malpractice issues influence policy decision making
Recommend appropriate strategies for resolving value conflicts among key healthcare stakeholders
Analyze the role of key stakeholders in shaping, implementing, and evaluating health law and policy for improving population health outcomes
Prompt
You will write a policy memorandum, with recommendations, paper in which you will analyze a health law and policy issue and make a series of
recommendations to a healthcare executive. At the beginning of this course, you chose one of three issue scenarios. Now, you will create each section of the
policy memorandum using the tools and strategies you developed in this course. You have developed those tools and strategies in a stepwise fashion in each
module. Remember that the purpose of the policy memorandum is to analyze the issue scenario, make thoughtful arguments about the issue, and make
recommendations based on your analysis.
Your policy memorandum with recommendations paper must contain the following critical elements. Most of the critical elements align with a particular course
outcome (shown in brackets).
I ...
Discusses the resources needed to ensure billing and coding compliance update...intel-writers.com
Ensuring billing and coding compliance in healthcare organizations
requires a range of resources to effectively manage and maintain adherence to regulatory requirements. Here are some key resources needed for billing and coding compliance:
Trained Staff: Having a knowledgeable and well-trained team of staff members is essential for billing and coding compliance. This includes certified coders, medical billers, and coding specialists who have expertise in relevant coding systems (such as ICD-10, CPT, HCPCS) and a thorough understanding of billing regulations and guidelines.
Coding Manuals and References: Access to current and authoritative coding manuals and references is crucial for accurate coding and billing. These resources provide detailed instructions and guidelines for assigning the appropriate codes to medical diagnoses, procedures, and services. Common references include the Current Procedural Terminology (CPT) manual, International Classification of Diseases (ICD) coding manuals, and Healthcare Common Procedure Coding System (HCPCS) manuals.
Compliance Policies and Procedures: Developing and implementing comprehensive compliance policies and procedures is essential for billing and coding compliance. These policies should outline the organization’s commitment to compliance, define the roles and responsibilities of staff members, and provide clear guidelines for proper coding, documentation, and billing practices. They should also address potential compliance risks and strategies for addressing and resolving issues.
Compliance Software and Tools: Utilizing compliance software and tools can streamline billing and coding processes and help ensure compliance. Electronic health record (EHR) systems with built-in coding and billing functionalities can automate coding processes, provide coding suggestions, and flag potential errors or inconsistencies. Additionally, specialized compliance software can help monitor billing activities, conduct audits, and generate reports to identify compliance gaps or irregularities.
The Health Finance and Governance (HFG) Project organized a multi-country workshop to support policymakers from public health and finance agencies in developing concrete action plans for mobilizing domestic resources for health. This presentation on the HFG toolkit addresses gaps in the Ministry of Health and Ministry of Finance relationship. The toolkit presents a set of strategies, self assessment methodologies and performance management processes to help the MOH better manage their own resources and to help foster more effective coordination between the MOH and the MOF.
2. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
TABLE OF CONTENTS
Page
I.
OVERVIEW AND GOALS OF A COMPLIANCE PROGRAM............................. 1
II.
STRUCTURE AND GUIDELINES OF THE COMPLIANCE PROGRAM .......... 4
A.
ELEMENT 1: WRITTEN POLICIES AND PROCEDURES......................................... 4
B.
ELEMENT 2: DESIGNATION OF A COMPLIANCE OFFICER; COMPLIANCE
AND RISK STRUCTURE AND GOVERNANCE ....................................... 7
C.
ELEMENT 3: TRAINING AND EDUCATION ............................................................ 10
D.
ELEMENT 4: COMMUNICATION LINES TO COMPLIANCE ................................ 15
E.
ELEMENT 5: DISCIPLINARY POLICIES AND PROCEDURES .............................. 18
F.
ELEMENT 6: ROUTINE IDENTIFICATION OF COMPLIANCE RISK AREAS .... 20
G.
ELEMENT 7: RESPONDING TO COMPLIANCE ISSUES ⎯ REMEDIATION AND
SELF-DISCLOSURE ............................................................................... 26
H.
ELEMENT 8: POLICY OF NON-INTIMIDATION AND NON-RETALIATION ..... 28
3. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
1
I. OVERVIEW AND GOALS OF A COMPLIANCE PROGRAM
The importance of having an effective compliance program will be discussed throughout
the guidelines. The origins of an effective compliance program come from the U.S. Sentencing
Guidelines. The U.S. Sentencing Guidelines are used by federal judges when they are
determining what penalty to impose on a company that has been charged with a federal crime.
Since having an effective compliance program, allows a judge to impose a lesser penalty or a
sentence on an entity, it makes good business sense to invest in one∗
. (USSG Section 8B2.1). In
New York, the Office of Medicaid Inspector General (“OMIG”) requires payers and providers
that receive Medicaid dollars to certify annually to having an effective compliance program.
Effectiveness requires more than a ‘check the box’ program, but a program embedded into the
culture of the company. A remarkable aspect of the program is it does not matter if the business
is a securities broker or a restaurant or a health plan, the elements apply universally and when put
into place effectively, the evidence supports that they do protect the company from fraud, waste
and abuse occurring as well as brand and reputational harm in the marketplace. In New York,
the OMIG added one element to the seven elements prescribed by the U.S. Sentencing
Guidelines and that is the policy of non-intimidation and non-retaliation. The element is in the
first element of the U.S. Sentencing Guidelines version, however, to recognize its importance the
OMIG decided that it should stand on its own. Within each element there are many processes
and some may need improvement, but if in aggregate the processes are compliant then that
element can be satisfied. However, if there is a failure of any one element to be effective that
will cause the entire program to be ineffective. A program that has all the elements in place, but
lacks a culture of compliance, cannot be effective. It is further recommended that the entity
adopt a values-based system rather than rules-based one, so that ethical decision-making is part
of the program.
Why?
• Without a culture of compliance, any policy could be viewed as something to work
around or something to be ignored.
• Without an ethical framework for resolving issues, the program is left with only rules
to follow. That is a problem because no Code or set of policies can anticipate every
scenario that might occur, so there simply may not be a rule in place to turn to. The
∗
It goes without saying that having an effective compliance program can be a competitive
advantage as new customers seek out an entity with an excellent reputation. LRN’s 2016 “How
Report” provides data to support this assumption. They view the lens through three types of
organization: 1.blind obedience; 2.informed acquiescence and 3.self-governance, the last
category is where the staff is inspired by the values-based ethics of the organization and culture
of true non-retaliation, and what was found is that these self-governing organizations are centers
of innovation and creativity and have gained market share over the others and continue to grow.
(www.LRN.com)
4. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
2
entity should instead train its employees to use a decision-making framework that will
prevent them from proceeding with an action even if it may not be a violation of a
written rule, but could cause harm to the entity, its stakeholders and to the employee.
To that end, a comprehensive compliance program should ensure that both legal and
ethical conduct is an integral part of the organization’s culture and operations.
The expectations and standards of conduct of the compliance program should be set forth
in the Code of Conduct which should embed and link to the compliance policies and procedures.
The Code of Conduct should be reviewed annually and updated when necessary. The
Board of Directors should formally resolve (in a “Resolution”) to annually review and approve
the Code of Conduct. A periodic re-fresh of the Code of Conduct allows it to reflect the latest
issues that staff has had questions about and a new format can make annual training more
engaging.
The compliance program should align with the eight elements as described below in this
illustrative depiction.
5. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
3
The following is a brief description of how each element can be designed, structured and
implemented to make it effective.
6. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
4
II. STRUCTURE AND GUIDELINES OF THE COMPLIANCE PROGRAM
A. ELEMENT 1: WRITTEN POLICIES AND PROCEDURES
1. The Code of Conduct. The Code of Conduct should provide an overview of the
compliance program. It provides the standards for legal and ethical conduct; describes
compliance expectations; implements the operation of the compliance program;
provides guidance to staff and others on dealing with potential compliance issues and
potential fraud, waste and abuse (“FWA”); identifies how to communicate and report
compliance and FWA issues; provides guidance through a question and answer
section of the type of ethical questions that arise in the entity; and describes how
potential compliance problems and FWA are investigated and resolved.
Tips on Drafting a Code:
• Make it readable: Sixth grade reading level is recommended by the experts (i.e.,
not child-like, but clear, concise and precise language, the entity may have
employees whose primary language is not English).
• Add in “Questions and Answers” that relate to the company: Take some examples
from the hotline complaints and de-identify them.
• Provide red flags: Things to look out for in helping to detect FWA.
• Add in pictures: Some Code’s use pictures of employees like a yearbook or
themed purchased pictures.
• Make each section an embedded link so staff can get to their question without
having to spend too much time searching for it. That way it becomes a ‘go to’
guide sitting on their computer desktop.
• Make the annual training or a message around launching a new or updated code
memorable: Use of humor causes people to talk about it, spread the word and
promotes retention.
• Distribute it via e-mail or in hard copy to new hires, and all staff, Board members,
and others delegated to assist the health plan that the Centers for Medicare and
Medicaid Services (“CMS”) refers to as first tier, downstream and related entities
(“FDRs”) upon an update.
• Make it visible and accessible on the website. It should be no more than one click
away from the landing page or, ideally, on the landing page right under “Who we
are”. Below it should be placed a link to the hotline and/or the special
7. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
5
investigation unit’s (SIU) intranet referral link and a telephone number to key
compliance personnel.
• It needs to embed in it the basic FWA and Privacy statutes:
− False Claims Act (State and Federal statutes)
− Health Care Fraud (State and Federal statutes)
− The Anti-Kickback Act(s)
− Foreign Corrupt Practices Act
− Commercial Bribery
− Antitrust and Securities violations
− HITECH and HIPAA penalties
− The Whistleblower protection statute(s)
• As well as the risk areas:
− conflicts of interest, gifts and entertainment, work place behavior
(harassment), confidential and proprietary information, marketing, accurate
record keeping, procurement, use of corporate assets, record retention,
relationships with government employees, among other areas. If the entity is
a provider rather than a health plan, or if it is both, then also add topics around
billings and payments, documentation, medical necessity, quality of care,
mandatory reporting, credentialing and exclusions, and the process for
identification and disclosures of overpayments received.
2. Compliance Policies and Procedures. The entity must adopt and implement
compliance policies and procedures that align with the Code of Conduct and if
possible link back and forth between them. The entity also needs to adopt and
implement business policies and procedures, but they do not need to link to the Code.
(See corresponding Manual on drafting effective policies and procedures for MA
Plans).
8. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
6
RECAP AND CONFIRM
Here are some questions asked by the New York OMIG regarding
policies and procedures:
• Do you have written policies and procedures that describe
compliance expectations in a code of conduct or code of
ethics?
• Have you implemented the operation of the compliance
program?
• Do you have written policies and procedures that provide
guidance to employees on dealing with potential compliance
issues?
• Do you have written policies and procedures that provide
guidance to others (like FDRs) on dealing with potential
compliance issues?
• Do you have written policies and procedures that provide
guidance on how to communicate compliance issues to
appropriate compliance personnel?
• Do you have written policies and procedures that provide
guidance on how potential compliance problems are
investigated and resolved?
9. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
7
B. ELEMENT 2: DESIGNATION OF A COMPLIANCE OFFICER; COMPLIANCE
AND RISK STRUCTURE AND GOVERNANCE
The creation of a governance structure that embodies the objectives of Element 2 means
more than updating an organizational chart. This element may be the single most important
element in the compliance program. If the goal of an effective compliance program is to combat
fraud, waste and abuse and create a culture of compliance, governance creates the resources and
leadership to get that job done.
The guidance comes from Center of Medicare & Medicaid (“CMS”) (42 CFR Section
422.503(b)(4)(vi)(B) and 42 CFR Section 423.504(b)(4)(vi)(B) and throughout Chapter 21 of the
Medicare Compliance Manual and from the New York State Office of the Medicaid Inspector
General (“OMIG”) and the U.S. Sentencing Guidelines. (See USSG Section 8B2.1)
• Hire a compliance officer that is experienced enough to speak credibly to the CEO
and Board of Directors. CMS recommends that the person be an employee of the
organization and a full-time compliance officer. CMS does have a bias against
having the Compliance Officer also hold another role, but if the organization is small
and the employee can satisfy the responsibilities of both roles (including resolving
any conflicts that may occur from the dual role), then it can be acceptable.
• It is not considered an impermissible dual role when the Compliance Officer also
oversees the privacy program. A Compliance Officer, who is also an attorney, is a
natural fit to manage the privacy process. However, this may not be true of the role of
overseeing security as it requires a strong information technology background and,
unless the Compliance Officer has that background, it would be best to have another
employee as the Chief Security Officer. That said; consider carefully the reporting
structure of the Security Officer. This role is a compliance role in that it should be
solely focused on protecting the security of an entity’s information infrastructure. It
is not a business role and reporting into the Chief Information Officer, who is often
focused on business needs around adopting new products, may sometimes result in a
poor alignment. This issue can be resolved with matrix reporting into Compliance or
Internal Audit.
• It is typically suggested that the Compliance Officer be a Vice President and up level
employee that reports to the leadership and the Board. He or she should also be
someone that can manage a staff of employees. The compliance staff is often under
pressure in an organization, and may be at odds with the business functions, so they
need a strong leader to support them. The Board should be part of any hiring decision
and firing decision and have a relationship with the Compliance Officer that may
involve ad hoc telephone calls or meetings between scheduled Board sessions.
• With regular meetings, the Board can then rely upon the Officer as their ‘eyes and
ears’. This assists the Board in its monitoring function, but also can be a very
10. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
8
effective feedback loop from the Board to management. CMS recommends that the
Compliance Officer attend the Board’s Audit Committee meetings and provide a
compliance report, so if the Audit committee meets quarterly, the Compliance Officer
should attend all four meetings, but may only have a full report twice a year.
• Executive sessions between the Compliance Officer and the Audit committee should
be regular and closed even if there is nothing to report on; so when there is an issue, it
is not a noticeable change in process.
• The Compliance Officer should assemble and oversee a compliance committee that is
comprised of senior leadership from each function impacting the health plan and
meets regularly and has the authority to not only identify issues, but also be able to
resolve them.
• There is no better way to communicate the company's dedication to compliance than
by having the Compliance Officer sitting ‘at the table’ when strategic decisions are
being made. It also prevents delays in implementation and costly re-does that may
result from the Compliance Officer being informed after the deal is done.
The entire company will watch to see how leadership treats the compliance officer: It indicates to
the staff how compliance is being viewed by the entity.
• Whether he or she has been assigned sufficient staff and tools to get the job done
• Where his or her office is located
• What his or her official title is
• Who he or she reports to
• Whether he or she is invited to strategy meetings
11. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
9
RECAP AND CONFIRM
Here are some questions asked by the New York OMIG regarding
governance:
• Has a designated employee been vested with responsibility for
the day-to-day operation of the compliance program?
• Are the designated employee’s duties related solely to
compliance?
• If the designated employee’s compliance duties are combined
with other duties, are the compliance responsibilities
satisfactorily carried out?
• Does the designated employee report directly to the entity's
chief executive or other senior administrator?
• Does the designated employee periodically report directly to
the governing body on the activities of the compliance
program?
12. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
10
C. ELEMENT 3: TRAINING AND EDUCATION
Training and Education
Annual Training: The Board, leadership, and staff must be trained annually on
compliance, privacy and FWA or in the case of First tier, Downstream and
Related Entities (FDR)∗
, they must attest annually to training (unless Medicare
deemed FDRs (typically the network physicians) and then they need only attest to
compliance training). They do not all need to be trained on the same material or
using the same format. It may be easier to train the staff using a computer
module, but it may be better to take an hour of a Board meeting to train the Board
members and executives that attend Board meetings in person. Also CMS
recommends that every new Board member has one-on-one training within 90
days of on-boarding about the compliance program, and if possible, provided by
the compliance officer.
.
New Hires: They must be trained on Day 1 at orientation especially on HIPAA
and patient confidentiality before any PHI is disclosed to them in the workplace.
National Compliance week: An entity may choose to celebrate the whole week or
one day. It is typically in May each year. It is a great way to make the team
visible on an annual basis and in a fun and engaging manner. This ‘training’ can
have staff made videos, games, scavenger hunts, and leadership led town halls.
Trinkets such as pens and mouse pads can be distributed that are imprinted to
reinforce a message and provide ways to report issues. If the compliance officer is
shy, this is an opportunity to get him or her in front of staff, so that when the
∗
FDRs are obligated to their Sponsors who hold a contract with CMS to give annual (and new
hire) training to certain staff and leaders who oversee delegated functions (first tier) or provide
clinical services to members (downstream) or have “job functions that place the FDR in a
position to commit significant noncompliance with CMS program requirements or health care
FWA.” (HPMS memorandum, December 15, 2015). In addition, an FDR needs to oversee its
FDRs to make certain that are performing the necessary training. CMS has created a FWA and a
Compliance module that can be accessed online (MLN) or the materials can be taken, though not
modified, and incorporated into training of the FDR’s staff. Medicare providers who are deemed
(have enrolled with CMS) can receive the compliance training by placing the compliance
material in a document they are expected to read. Documenting the training can be challenging.
Various reporting tools can be used from Learning Module reports to a common SharePoint with
staff uploading certificates or class sign-in lists for live presentations. One can document the
‘deemed provider’ communication by retaining evidence of the vehicle of transmission (e.g.,
provider portal or e-mail). The Attestations require that documentation of the training exists and
is retained
13. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
11
government regulator asks, ‘who is your compliance officer’? The staff answers
the question correctly.
External Training and Conferences: Set aside funds for staff to attend
conferences like those sponsored by the HCCA. Encourage them to take the
compliance tests and become certified. Also, encourage them to present as
speakers about the best practices of the entity’s compliance program. As
speakers, entrance fees are often waived. Health plans may have their own events
like “Blues Summit” or non-industry specific compliance events like the
Ethisphere’s competition for “World’s Most Ethical Company”.
Periodic Specialized Training: The Compliance unit can assist the business in
training staff on new regulations. CMS requires that in addition to general
compliance training that the staff is trained on the Medicare requirements related
to their job functions.
Mandatory Participation: Attendance and participation in training and educational
programs is mandatory for all employees – no exceptions for executives. In fact,
the leadership should be setting an example by being first to complete their
training. The government auditors may be more interested in knowing that the c-
suite took its training than with the overall completion rate of the staff. This raises
the bar to make certain that the entity uses the resources to make the training
engaging and worthwhile every year. (HINT: CMS has asked CFOs during on-
sites if they took the annual training in exit interviews.)
Training and informal education should be varied, memorable and continuous.
Training cannot be a once a year event.
What does ‘acting ethically’ mean? As we know, neither the Code of Conduct
nor the laws and requirements can cover every situation, so the training needs to
train staff to ask themselves if the conduct is ethical or if the decision they are
about to make is an ethical one.
Does it pass the ethics test?
How will others be affected by the decision?
What effect could this decision have on the company’s reputation?
How would this decision be portrayed on the front page of the New
York Times?
14. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
12
How would I explain my decision to my children?
We often hear the expression ‘Tone from the Top” and there is no doubt that hearing the
message both in the words and actions from the ‘top’ is important and meaningful, but it must be
authentic and match their behavior. A message that is not authentic can be worse than no
message at all. Employees can quickly turn a message about ‘speaking up’ to ‘shutting up’ if
they don’t believe that their leaders will protect them from retaliation.
The leadership should be aware that they are being watched and they need to reflect the
‘tone’ in everything they do, from how they address someone in the cafeteria to making certain
they occasionally eat in the staff cafeteria. They need to show the staff that when the staff does
something important that they appreciate their efforts especially when it is an improvement that
may impact customer satisfaction, quality and compliance.
There is also tone from the middle which is the message delivered daily by middle
management – what they say and do is also being watched every day by the front-line staff.
Finally, making certain the front-line staff exude the appropriate tone when they speak
with the entity’s customers, network providers and regulators, is critical to an entity’s success.
The front-line staff will reflect the company’s culture so making certain there is an enlightened
‘tone from the top’ will improve customer satisfaction and relationships with stakeholders.
Recap on Training:
Varied: Training can be an e-mail blast on a topic, a monthly “Dear Compliance
Officer” column, a blog (if in real-time this has some risks), de-identified ‘hotline’
questions, a six second video ‘vine’, etc.
Memorable: Make it stick: As mentioned, humor can be one way to do that.
Continuous: The above messaging must occur all year round with the annual
training being a moment to reflect on what has been learned.
Track It: Retain the above messages and create a system to track how they were
disseminated to recipients. (Training test results and records should be kept for ten
years per CMS).
The government may chose not to prosecute the entity or not to intervene in a False
Claims Action (qui tam) if they determine that the wrongdoer was a “rogue employee” who
chose to ignore the compliance training and education. This was the situation in the Morgan
Stanley case. (See United States v. Garth Peterson).
15. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
13
In the Morgan Stanley case, the government decided not to the prosecute Morgan Stanley
for the violations of the Foreign Corrupt Practices Act (FCPA) because the entity was able to
demonstrate that it:
Maintained a system of internal controls;
Had internal policies, which were updated regularly to reflect regulatory
developments and specific risks;
Frequently trained its employees on its internal policies, the FCPA and other anti-
corruption laws; and
Between 2002 and 2008, Morgan Stanley trained various groups of Asia-based
personnel on anti-corruption policies fifty-four times. During the same period, it
trained Garth Peterson on the FCPA seven times and reminded him to comply
with the FCPA at least thirty-five times.
Return on Investment?
Yes. The Morgan Stanley compliance program protected the corporation from
prosecution and as a result it rewarded Morgan Stanley many millions for having an effective
compliance program.
The entity needs to understand its own unique company’s risks by having a solid annual
risk assessment process and then fashion brief trainings featuring the risks in various ways
throughout the year and keep track of every one. It is optimum, if the entity can keep track of
which employees fail to pick it up an e-mail message, then re-send it to them and/or speak
directly to them, to make certain the messages are received.
16. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
14
RECAP AND CONFIRM
Here are some questions asked by the New York OMIG regarding
Training:
• Is training and education provided to all staff on compliance
issues, expectations and the compliance program operation?
• Is training and education provided to all Board members on
compliance issues, expectations and the compliance program
operation?
• Does the compliance training occur periodically?
• Is compliance training part of the orientation for new
employees?
• Is compliance training part of the orientation for executives?
• Is compliance training part of the orientation for Board
members?
17. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
15
D. ELEMENT 4: COMMUNICATION LINES TO COMPLIANCE
1. Communication Methods. The Compliance Officer maintains open lines of
communication with all employees to facilitate communication and reporting of
compliance issues.
• Open Access: This means there is an ‘open door’ culture. This does not mean
there is an “open door” to the Compliance Officer as the company should provide
the Officer with a traditional four-walled office (or a room to use) for confidential
conversations with staff.
A health plan also needs to maintain a method of anonymous and confidential
reporting of compliance issues. An internal telephone hotline can be ‘confidential’
if the caller asks the recipient to keep it confidential, however, it can only be
‘anonymous’ if there is a system in place that removes the ability to see who is
calling in. This is why many plans, and almost all Sarbanes-Oxley regulated
entities, have moved to third party vendors that handle the call or web portal
entry, and reply giving the party making the complaint a code number so they can
continue to provide information anonymously and can be updated on the status of
the investigation.
Compliance “Hotline” messages must be clear – Here are some tips on how
to draft the message in the Code:
• Confidentiality: “The entity will hold all information, reports and questions
provided or being raised by any individual in the strictest confidence
permitted by applicable law.” Sometimes the government requires an entity to
disclose the source.
• The Right to Report Anonymously: “If employees wish to remain
anonymous, he/she may call the anonymous hotline/web portal. “
• A user-friendly hotline or web portal has become the standard: Although
not required, regulators have come to expect that health plans have a 24 hour a
day web portal or hotline so that issues can be logged when the staff is not at
work. If it has a tracking mechanism then it has the added advantage of
making reporting to the Board and others on hotline metrics much easier.
• Investigation and Reporting Back: The Compliance Officer will typically
oversee the investigation of complaints except when the issues involve the
compliance unit’s staff or when outside counsel is handling the investigation.
However, it should be clear that “whoever is handling the inquiry will always
aim to report back to the individual or entity reporting the complaint on the
18. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
16
status and ultimate outcome of the investigation, as permitted by applicable
law.”
Nota Bene: Although anonymous and confidential reporting vehicles are
necessary, it is, of course, a sign of success when the staff identifies themselves
when they report issues. It is an excellent sign that the entity has a strong culture
of compliance and that staff do not have a concern about retaliation for making a
complaint. (Hint: Having a metric showing a trend on anonymous vs. identified
reporting is an excellent chart to provide to management and the Board.)
Tips To avoid the issue turning into a whistleblower complaint and one with
significant penalties:
• How to Report: Reporting in good faith should be stated as an employee
obligation. Employees who identify issues early and help with the
remediation should be rewarded for speaking up. Those who ignore problems
or, even worse, make malicious false reports to simply harm others, should be
disciplined.
• Act swiftly upon information: If a complaint is made and it is not
investigated and the lawsuit is filed, then damages against the company can go
up for having been alerted to the issue, but not having taken action. Also, if
the entity responds quickly to the complainant that the investigation is
underway this may stop the complainant from going to external parties.
• Provide a mechanism to communicate with complainant: Use a method to
continue gathering information from the complainant (e.g., a numbering
system, etc.).
• Most whistleblowers inform the company in some manner before they file
an action: This requires a culture of listening to staff and investigating and
remediating issues when they are raised. Do not ignore the sealed anonymous
letter left on an executive’s chair.
19. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
17
RECAP AND CONFIRM
Here are some questions asked by the New York OMIG regarding
“Open Access”:
• Are there lines of communication to the designated employee
that are accessible to all staff to allow compliance issues to be
reported?
• Are there lines of communication to the designated employee
that are accessible to all executives to allow compliance issues
to be reported?
• Are there lines of communication to the designated employee
referred that are accessible to Board members to allow
compliance issues to be reported?
• Is there a method in place for anonymous good faith reporting
of potential compliance issues?
• Is there a method in place for confidential good faith reporting
of potential compliance issues?
20. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
18
E. ELEMENT 5: DISCIPLINARY POLICIES AND PROCEDURES
When to Impose Discipline?: The imposition of discipline may be based on
unlawful or unethical actions, negligent or reckless conduct, deliberate ignorance of
the rules that govern the job, condoning or not reporting unlawful actions by others,
retaliation or intimidation against those who report suspected wrongdoing, or other
violations.
Discipline may include giving an employee an oral or written warning, probation for
a specified period, suspension, or termination of employment.
Fair Treatment: Although there is no requirement that everyone be treated exactly
the same for a compliance violation, there is an expectation that the treatment is not
dependent on an employee’s title or financial contribution to the organization. The
Policy should set out what conduct the company has zero tolerance for and then the
company, using its judgment, needs to follow its policy and apply it in a fair and
consistent manner.
Be Timely: If the wrongdoing is well known then being timely may be very
important, so that the company can get back to business.
Deterrence: It is important that employees, and especially new hires, know what
happens when someone commits an offense. Good examples to use in orientation are
when there has been an actual employee that was terminated and referred to law
enforcement for an offense like falsifying documents, or taking kickbacks. If none
exist, then highlights from the industry work as well.
Compliance Champions: On the flip side, the staff member’s good conduct should
be rewarded. As discussed above, every annual review should have a section with a
‘commitment to compliance’. Also, when an employee identifies an issue and helps
to fix it, that employee’s work can be spotlighted on the website, in an awards
assembly or by being given a spot bonus.
21. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
19
RECAP AND CONFIRM
Here are some questions asked by the New York OMIG regarding
disciplinary policies:
• Do disciplinary policies exist to encourage good faith
participation in the compliance program by all affected
individuals?
• Are there policies in effect that articulate expectations for
reporting compliance issues for all affected individuals?
• Are there policies in effect that articulate expectations for
assisting in the resolution of compliance issues for all affected
individuals?
• Is there a policy in effect that outlines sanctions for failing to
report suspected problems for all affected individuals?
• Is there a policy in effect that outlines sanctions for
participating in non-compliant behavior for all affected
individuals?
• Is there a policy in effect that outlines sanctions for
encouraging, directing, facilitating or permitting non-compliant
behavior for all affected individuals?
• Are all compliance-related disciplinary policies fairly and
firmly enforced?
22. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
20
F. ELEMENT 6: ROUTINE IDENTIFICATION OF COMPLIANCE RISK AREAS
1. Routine Identification of Compliance Risk Areas.
Metrics:
• What is the entity monitoring and measuring?
• How does it measure what it is tracking? Does it set thresholds and targets to
be achievable or aspirational? (Typically, Red, Yellow & Green are used to
identify issues that are on track, off-track, and seriously off-track.) (HINT:
when a manager asks to have the metric threshold and targets be raised, this is
cause for celebration.)
• How does an entity assign accountability for making certain the data is
provided in a timely fashion?
• Can some data be delivered in ‘real-time’ like enrollment data?
• Does an entity use a system to track the data and measure the metrics?
There are a many things an entity can measure. Whatever an entity
prioritizes to measure, the entity needs to make certain that if it is failing
that it then digs deep into the root cause(s) to find out why.
Beware of metrics that solely reward timeliness like claims payment or
complaint resolution, extraordinary success on timeliness may mean
quality or accuracy are being forfeited for turnaround time.
Below are a few examples of metrics that when they are failing, leadership and the Board should
be asking “why”:
If the first level decision or denials are being overturned above a certain %
⎯ ask why?
If the same members are calling in repeatedly with the same issues to be
resolved -- ask why?
If a high % of claims are not being paid in time ⎯ ask why?
If sales are not sticking ⎯ ask why?
If the entity is not retaining employees ⎯ ask why?
23. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
21
If as a provider claims are being denied ⎯ ask why?
• Annual risk assessment: Include the U.S. Office of Inspector General (OIG)
and New York OMIG work plans, as well as internal issues and internal audit
findings, the risks should reflect both the industry and the entity risks. Once a
list of top ten risks is compiled, have each leader, or maybe even all staff, rank
the risks.
• Annual Employee Surveys: There should be questions about how comfortable
the staff feel reporting wrongdoing or even mistakes and how their leadership
responds to their concerns. No one wants to hear bad news, but the sign of a
good leader is one who encourages such reporting. These metrics along with
employee retention are important for the Board to see. Try to keep some
questions the same year over year, so the entity can see track a trend over-time
on how employees are answering questions, for example; do you know how to
report wrongdoing?; do you feel comfortable reporting issues?; do you feel
the leadership is receptive to bad news?, etc.
• Exclusion Process: Compliance needs an enterprise-wide process to regularly
check employees, contracted staff, providers, FDRs and Board members to
assure they are not on the federal exclusion lists.
• Conflict of Interest process: Compliance needs an enterprise-wide process to
annually, and when changes occur throughout the year, allow employees and
Board members to update their conflict of interest forms (COI). Ideally, this
process is an online form and when a change occurs, Compliance it notified.
• Attestation and Training Process: Compliance needs a process to obtain
attestations from its FDRs as to the FDRs compliance training and FWA
training -- if they are not a Medicare deemed provider.
• HIPAA Security Rule Assessment: The Office of Civil Rights (OCR)
recommends a periodic assessment of the potential risks to confidentiality,
integrity and availability of e-PHI held by the covered entity. Initially, OCR
recommended that it be performed annually. Now it appears to be something
less than annually. Also, the OCR is attempting to make the process more
palpable for small providers and in 2014 came out with a security risk
assessment tool specifically for health care providers in small to medium sized
offices. All covered entities, plans and providers, are required to perform an
assessment. 45 CFR §164.308(a)(1)(ii)(a).
24. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
22
• Compliance Assessment: CMS recommended a few years ago that on an
annual basis a health plan have an external party assess its compliance
program for effectiveness. The recommendation was later modified because
of concerns about the added cost, to suggest that the ‘external’ party could be
another plan (e.g., one Blue Cross Blue Shield plan assess another Blue Cross
Blue Shield plan) or even the Internal Audit team as long as the team is not a
part of the compliance unit. In 2015, CMS suggested that the below tool be
used by sponsoring organizations. It can be used as a self-assessment or by
the party performing the assessment.
https://www.cms.gov/Medicare/Compliance-and-Audits/Part-C-and-
Part-D-Compliance-and-Audits/Downloads/Compliance-Program-
Effectiveness-Self-Assessment-Questionnaire.pdf
2. Ongoing Compliance Auditing and Monitoring.
• Compliance, Delegated Oversight, Special Investigations Unit (SIU), Internal
Audit and Legal & Regulatory Affairs must work closely together.
• Legal and Regulatory Affairs need to advise business units on how to
implement new regulations with assistance from Compliance and Internal
Audit on overseeing execution.
• Internal Audit must prepare a Master Audit plan and then present it for
approval to the Audit Committee of the Board. Internal Audit should also
lead the Model Audit Rule process that may focus on financial controls or
more broadly take into account all system controls for all functions.
• Compliance may do real-time spot-checking of issues (e.g., making calls to
random members to see if paid services were satisfactorily rendered, or handle
and/or oversee the outbound enrollment verification process required for
Medicare Advantage plans by CMS).
• SIU typically takes outside referrals and investigates them, but they can
certainly have a role in internal investigations of fraud issues. Certain CMS
Compliant Tracking Module complaints (referred to as CTMs) should be
investigated by the SIU, e.g., sales misrepresentations, while operational
issues may be better suited to be handled by the Compliance unit.
25. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
23
In addition, an entity needs the following functions:
• Delegated Oversight: This unit or program can be part of Compliance or stand
on its own. It must ensure oversight of FDRs compliance issues as well as
making certain they are following the service level agreements (‘SLAs’) in
their contracts.
• Credentialing or Sanctioning Committee: There needs to be within the entity a
cross-functional committee that oversees the process of terminations and
sanctioning of network providers. It may be a function of the Credentialing
Committee or it may be a separate committee.
Fraud, waste and abuse Program (Special Investigations Unit)
• New York requires that every Payer have a fraud and abuse prevention plan
and a special investigations unit (SIU) to carry it out once it has 10,000 or
more members in its government plan. (10 NYCRR Section 98-1.21).
• However, even if a Payer (or a provider) is not required to have a unit per se,
they still need to identify fraud, waste and abuse as an element of an effective
compliance program, so they may need to have a plan to detect and prevent
fraud and abuse without having an SIU to carry it out. If there is no SIU, then
some of the functions can be handled by the Compliance unit.
• Fraud and Abuse Prevention Plan:
Both payers and providers need to have a fraud line to receive leads.
Payers should have a comprehensive data warehouse where SIU staff can
query patterns of abuse and find potential provider outliers.
Payers should have a process to audit providers on claims already paid
over a 12 month period.
Payers should have a process to identify providers whose claims should be
pended before payment and be able to quickly review those pended claims
before payment.
Payer and providers need to train all of the staff on what to look for to help
in the detection of fraud and abuse.
26. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
24
Providers need to train staff to support claims with accurate, complete and
contemporaneous documentation.
Providers and payers need to have a process around receipt of potential
overpayments. The CMS Final Rule provides 60 days to return an
overpayment to the government and that clock begins to tick upon
quantification of the identified overpayment. (See recent CMS Final Rule,
42 CFR Part 401 and 405)
3. Tracking New Developments.
This includes at a minimum:
• Receiving and reviewing daily the Health Plan Management System
(“HPMS”) memos and guidance;
• Reviewing newly issued OIG Special Fraud Alerts and Advisory Opinions;
• Reviewing CMS and OMIG’s compliance alerts and related issuances; and
• Reviewing OMIG and OIG Work Plans and CMS readiness checklist.
Based on any relevant new developments, compliance must oversee and monitor
that the new requirement is implemented and track the execution through an
enterprise-wide process (including delegated entities if impacted). This can be
accomplished through an attestation flow-down process.
Employees should also read publications put out by HCCA, Kaiser Health News,
medical journals, alerts by trusted sources, investor analysis of health care trends,
health plan 10Ks, among other items. Reading materials from a variety of points
of view, will improve the staff’s ability to be innovative when solving problems.
27. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
25
RECAP AND CONFIRM
Here are some questions asked by the New York OMIG regarding
disciplinary policies:
• Do you have a system in place for routine identification of
compliance risk areas specific to your provider type?
• Do you have a system in place for self-evaluation of the risk
areas, including internal audits and as appropriate external
audits?
• Do you have a system in place for evaluation of potential or
actual non-compliance as a result of self-evaluations and
audits?
28. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
26
G. ELEMENT 7: RESPONDING TO COMPLIANCE ISSUES ⎯ REMEDIATION
AND SELF-DISCLOSURE
Integrity is not about being perfect. It is about having the ethical backbone to admit
when an error has been made and fixing it.
If Elements 4 and 6 are in place, there should be no shortage of issues being reported.
Typically when a new compliance program is rolled out, there is an uptick in issues
being raised. Once the issues come in, then what?
As described under Element 4, make certain the issue is tracked and then respond, as
soon as possible, to the party that raised the issue, even if it is a general statement that
their complaint was received and they will hear back from them.
Begin the investigation and as it is on-going, remediate and mitigate the issues along
the way. An entity should never wait until the investigation is complete to remediate
the issues, especially if the issue causing a lack of compliance could impact members
in its un-remediated state. This lesson was recently delivered by the OCR in seeking
Civil Monetary Penalties against a respiratory care provider in an investigation of a
HIPAA violation because the entity knew about the complaint, and the potential
disclosure of more patient information due to the violation, and failed to begin
remediation until the inquiry was closed. (See Lincare, February 3, 2016).
If the issue involves a process issue that has already impacted members and/or
government overpayments, then there needs to be process to disclose the issues and
the corrective action to CMS and the OMIG.
Disclose early: CMS will penalize the entity in an Audit if an issue is discovered that
was known, or should have been known, and was not disclosed.
Overpayments: As stated above, the CMS and the OMIG expect timely refunds of
overpayments received.
Corrective Action Plan (“CAP”): CMS and/or the OMIG will typically require a
corrective action plan so the entity should have a plan in place when it discloses. It is
not recommended that an entity delay the disclosure until the CAP is complete, but
rather provide information as to when it was put in place and what will be done to
oversee the implementation and execution of the plan and then how it will be
monitored over-time.
29. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
27
RECAP AND CONFIRM
Here are some questions asked by the New York OMIG regarding
responding and reporting
• Is there a system in place for responding to compliance issues
as they are raised?
• Is there a system in place for investigating potential
compliance problems?
• Is there a system in place for responding to compliance
problems as identified in the course of self-evaluations and
audits?
• Is there a system in place for correcting compliance problems
promptly and thoroughly? Is there a system in place for
implementing procedures, policies and systems as necessary to
reduce the potential for recurrence?
• Is there a system in place for identifying and reporting
compliance issues to the NYS Department of Health or the
NYS Office of Medicaid Inspector General?
• Is there a system in place for refunding Medicaid
overpayments?
30. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
28
H. ELEMENT 8: POLICY OF NON-INTIMIDATION AND NON-RETALIATION
The Code of Conduct should state the following:
1. Every employee has an affirmative duty to report issues or concerns that come to
his/her attention through the appropriate channels. Failure to do so can result in
disciplinary action.
2. The entity will not take disciplinary or retaliatory action against an employee who
in good faith raises a concern.
3. Retaliation or intimidation in any form by any individual is strictly prohibited and
is itself a serious violation of the Code of Conduct.
4. Managers have the responsibility to maintain an environment where employees
feel comfortable raising issues or asking questions.
5. If any employee feels that he or she is being intimidated or retaliated against, that
individual needs to contact the Compliance Officer, Chief of Human Resources or
the General Counsel or if necessary the CEO or even the Board.
6. Any employee who commits or condones any form of retaliation needs to know
that they will be subject to discipline including termination.
The OMIG expects that every health care provider and health plan that is required in
New York to have a compliance program have an eighth element -- a policy and
practice of zero retaliation against whistleblowers.
That means that at every level of the organization, an employee can identify a process
failure, a potential risk, and can even be wrong, but if they acted in good faith, then
there should be no retaliation, no dismissal, no demotion, and no change of duties.
Good Faith means they did not intentionally put forth a false complaint
Is the ‘whistleblower’ given protection? Yes, but not special protection.
A whistleblower or realtor must be treated the way all employees should be treated
under the Code of Conduct. An entity cannot discriminate against an employee for
being a whistleblower. The employee should be treated no worse for having reported
the issue.
31. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
29
Any whistleblower, which is discharged, demoted, suspended, threatened, harassed or
in any other manner discriminated against by his or her employer for reporting a
violation, will be entitled to:
• reinstatement with seniority;
• double back pay;
• interest;
• special damages; and
• attorney’s fees and costs.
32. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
30
RECAP AND CONFIRM
Can you certify to the OMIG that you have:
• A policy of non-intimidation for good faith participation in the
compliance program, including but not limited to reporting
potential issues, investigating issues, self-evaluations, audits
and remedial actions, and reporting to appropriate officials as
provided in Sections 740 and 741 of the New York State Labor
Law?
• A policy of non-retaliation for good faith participation in the
compliance program, including but not limited to reporting
potential issues, investigating issues, self-evaluations, audits
and remedial actions, and reporting to appropriate officials as
provided in Sections 740 and 741 of the New York State Labor
Law?
Both sections prohibit any retaliatory personnel action by the employer against an
employee who “blows the whistle”.
Section 740 is for an action where a violation is alleged that creates and presents a
substantial and specific danger to the public health or safety, or which constitutes
health care fraud.
• Section 740 applies broadly to all employers in New York
State including health care employees.
Section 741 is for an action that the whistleblower “reasonably believed,” in good
faith, that the complained-of activity, policy or practice of the employer constituted
improper quality of patient care.
• Section 741 applies to New York health care employers only.
33. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
31
I. CMS SANCTIONS HEALTH PLANS THAT FAIL TO HAVE AN EFFECTIVE
COMPLIANCNE PROGRAM
CMS lists on its website civil monetary penalties assessed against health plans during
program audits. The high risk areas currently involve a failure to monitor the Part D
Pharmacy Benefit Manager (“PBM”); failure to oversee the process to provide accurate
and timely Explanations of Coverage (EOC) and Annual Notice of Coverage (ANOC)
and failure to properly administer the Grievance and Appeals process.
In addition, CMS often mentions the compliance program requirements and a failure to
have in place an effective compliance program. Below is some typical language from the
CMS letters that describes the sanctions:
Compliance Program Relevant Requirements
(42 C.F.R. §§ 422.503(b)(4)(vi) and 423.504(b)(4)(vi); IOM Pub. 100-18 Medicare Prescription
Drug Benefit Manual, Chapter 9; IOM Pub. 100-16 Medicare Managed Care Manual, Chapter
21)
Sponsors are required to adopt and implement an effective compliance program, which must
include measures that prevent, detect and correct non-compliance with CMS’ program
requirements.
An effective compliance infrastructure is necessary for a sponsor to adequately monitor and
oversee its operations as a whole.
Serious issues of non-compliance often occur when a sponsor does not dedicate the resources to
developing and maintaining an effective compliance program.
Some of the most important requirements for an effective compliance program include, but are
not limited to:
• involving the sponsor’s senior leaders in issues of non-compliance;
• developing an effective system for routine monitoring and identifying of compliance
risks;
• promptly responding to compliance issues as they are raised; investigating potential
issues of non-compliance and correcting those problems;
• and monitoring and auditing first tier entities that contract with the sponsor to ensure that
they are in compliance with CMS requirements.
Failure to have an effective compliance program is considered by CMS a violation of the
health plan’s contract and can result in penalties and other sanctions. Here are a few
compliance related violations:
34. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
32
1. Failure to establish and implement a formal risk assessment and an effective system for
routine monitoring and auditing of identified compliance risks. This is in violation of 42
C.F.R. §§ 422.503(b)(4)(vi)(F) and 423.504(b)(4)(vi)(F); IOM Pub. 100-16 Medicare
Managed Care Manual, Chapter 21, Section 50; and IOM Pub. 100-18 Medicare
Prescription Drug Benefit Manual, Chapter 9, Section 50.
2. Failure to have adequate and appropriate resources dedicated to FDR audit activities.
This is in violation of 42 C.F.R. §§ 422.503(b)(4)(vi)(F) and 423.504(b)(4)(vi)(F); IOM
Pub. 100-16 Medicare Managed Care Manual, Chapter 21, Section 50; and IOM Pub.
100-18 Medicare Prescription Drug Benefit Manual, Chapter 9, Section 50.
3. Failure to provide updates on results of monitoring, auditing, and compliance failures to
senior leadership. This is in violation of 42 C.F.R. §§ 422.503(b)(4)(vi)(B) and
423.504(b)(4)(vi)(B); IOM Pub. 100-16 Medicare Managed Care Manual, Chapter 21,
Section 50; and IOM Pub.100-18 Medicare Prescription Drug Benefit Manual, Chapter 9,
Section 50.
4. Failure to receive regular reports of audit and monitoring results and the status of the
effectiveness of corrective actions taken. This is in violation of 42 C.F.R. §§
422.503(b)(4)(vi)(F) and 423.504(b)(4)(vi)(F); IOM Pub. 100-16 Medicare Managed
Care Manual, Chapter 21, Section 50; and IOM Pub. 100-18 Medicare Prescription Drug
Benefit Manual, Chapter 9, Section 50.
5. Failure to maintain thorough documentation of all deficiencies identified and corrective
actions taken. This is in violation of 42 C.F.R. §§ 422.503(b)(4)(vi)(G) and
423.504(b)(4)(vi)(G); IOM Pub. 100-16 Medicare Managed Care Manual, Chapter 21,
Section 50; and IOM Pub. 100-18 Medicare Prescription Drug Benefit Manual, Chapter
9, Section 50.
CMS will look at the health plan’s resources to see if it is properly staffed to perform the
obligations of its contract. In a letter on the website it stated:
The [Plan ] did not have the proper resources dedicated to the compliance function, which
affected their ability to complete a formalized risk assessment, implement annual monitoring and
auditing work plans, and ensure its operational areas complied with Medicare regulations.
In addition to having insufficient staff, the [Plan] did not demonstrate an understanding of CMS
requirements for monitoring its FDRs and assumed its FDRs would independently comply with
all applicable CMS requirements. The committee overseeing the compliance program was not
aware of its responsibilities and requirements for reporting auditing and monitoring activities to
its senior leadership. The [Plan’s] Compliance Officer was not able to effectively conduct any
follow up of corrective action plans to ensure they were effective in fully addressing and
resolving identified compliance issues.
35. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
33
How does a compliance program help with the objective of detection and
prevention of non-compliance and fraud, waste and abuse?
• A well written Code is read, understood and followed by the staff.
• Policies and procedures that can be easily located, reflect practices and are
regularly updated are referred to and followed by employees.
• The culture of ethical behavior with a strong commitment from the top makes it
clear to the staff what the entity is about. It can distinguish an entity in the
marketplace providing the entity with a reputation that it can be trusted. It can
help to attract and retain highly ethical employees.
• Appropriate governance in terms of reporting structure, decision-making and
accountability can provide leadership with a window to its issues and improve
risk management.
• Training on ‘hot spots’ and ‘red flags’ helps to detect fraud, waste and abuse.
• Having a hotline lets an entity find the issues, remediate them and track and trend
the outcomes.
• Spotlighting compliance champions will make everyone want to be a champion.
• Monitoring and Oversight that is collaborative and cooperative can make
compliance an enterprise-wide priority.
• Metrics and reporting help the entity to learn from its operational failures and
improve over-time.
• The culture of no retaliation means that issues will be raised, reported and
remediated early and possibly before members have been impacted. If the issues
need to be disclosed to the government, the issues will be disclosed by the entity
rather than by a whistleblower.
36. COMPLIANCE PROGRAM
GUIDELINES FOR MEDICARE ADVANTAGE
AND NEW YORK MEDICAID HEALTH PLANS
34
Paulette Wunsch is a consultant in areas of compliance and managed care operational
effectiveness. She is an attorney and member of the Bar in New York and Connecticut.
Prior to consulting, Paulette held roles as a General Counsel, Chief Compliance Officer and
Associate General Counsel at MCOs including Oxford Health Plans, UnitedHealthcare,
WellCare, Blue Cross Blue Shield of Florida, Nippon Life Benefits and VNSNY.
Prior to coming in-house, she practiced law in the law firm of Day, Berry & Howard (now
known as Day Pitney) where she represented both health plans and providers and prior to that
she spent eight years with the U.S. Department of Justice, including serving as a federal
prosecutor in the U.S. Attorney's Office in Manhattan during which time she was part of the New
York Health care Task Force.
She received her B.A. from the University of Chicago, her J.D. from Yeshiva University,
Cardozo School of Law and her LL.M. from Columbia University, School of Law.