This presentation provides an overview of corporate compliance for Hawthorne Foundation employees. It discusses the importance of following laws and regulations to ensure the organization remains viable. Employees are responsible for knowing policies and procedures, documenting services accurately, and reporting any issues or concerns. The goal is to prevent fraud and abuse and encourage a culture of integrity where employees do the right thing even without supervision.
1. Corporate Compliance
Thank you in advance for attending
this mandatory training.
A corporation has a legal existence
that often outlasts generations of
people. How do we keep a corporation
viable?
1
2. Corporate Compliance
• Hawthorne Foundation, Inc., a corporation, can only
fulfill its vision of serving those in need if governing
laws, regulations, and company policies are followed
faithfully.
• Our vision: To foster independence, integration,
individualization and productivity while enhancing the
quality of the lives for the people we serve. Our goal is
to enable each and every individual to reach his or her
maximum potential in the least restrictive environment
by selecting and promoting educational practices that
are grounded in research and science-in particular
Applied Behavior Analysis and to assist each and
every individual in identifying and realizing his or her
own goals.
2
3. Purpose of this Presentation
• To provide an understanding of the regulatory environments
in which the Hawthorne Foundation operates
• Hawthorne is accountable to: DOH, OMH, OPWDD, OTDA,
OCFS, DOE (NYSED) and the Justice Center.
• All of Hawthorne’s programs have Federal and State
documentation requirements.
• To provide an overview of Corporate Compliance and
components of the Corporate Compliance Plan
• To provide an understanding of documentation requirements
• To communicate that HFI has a culture of ‘’doing the right
thing, even if no one is watching.’’
3
5. Integrity
Doing the right thing – even when nobody’s watching
If you have to:
DO SOMETHING.
You are responsible for knowing policy and procedure to
keep your environment safe. This includes students in a
school setting, or the adult individuals whom you serve if
you are in Adult Services.
Communicate with your supervisor(s) to learn these
procedures. In any emergency, ensure the safety of
students or the adults whom you serve. When the
situation is safe, follow policy and procedure for incident
reporting.
5
6. Integrity
Doing the right thing – even when nobody’s watching
0
To date for Calendar Year 2021,
number of staff no longer
employed by HFI due to
infractions related to compliance.
6
7. Doing the right thing – when school is in session,
WAIT 23 seconds for this gate to close. If others go around you,
remind them. If this continues, contact your department chair
and copy me in.
7
8. Regulatory History
• False Claims Act (Federal)
• Enacted during the Civil War; revised in 1986. There is a NYS version, enacted in 2007.
• Prohibits the submission of a false claim or making a false statement in order to secure payment
of a false or fraudulent claim from the Government
• Fines and prosecutions apply for both Federal and State
• Under the False Claims Act, private persons file on behalf of the Government. The
“whistleblower” (qui tam relator) is entitled to a percentage of the proceeds the government
recovers.
• “Whistleblower protection” prohibits retaliation or discrimination against employees
taking lawful actions under the False Claims Act.
• Deficit Reduction Act of 2005 (effective 2006)
• Requires Policies and Procedures geared toward fraud detection and prevention
• Requires Training and Education of Staff regarding the False Claims Act and Whistleblower
Protection
• Encourages State level actions in addition to Federal level
• Patient Protection and Affordable Care Act of 2010
• Included Blacklist Protection for Whistleblowers
8
9. Common Examples of Fraud that
apply to the False Claims Act
• Service provided by unqualified staff
• Billing for a service that was not provided
• Documentation that is false or inaccurate
• Billing for more service than provided
• Billing for service that is not authorized or
medically necessary
• Billing twice for the same service
9
10. More Federal and State
regulation…
• Health Insurance Portability and Accountability Act
of 1996 (HIPAA) This applies to privacy and security
of health related information and has resources for
detecting fraud, including
• Creation of the Health Integrity and Protection Data
Bank
• https://www.law.uh.edu/healthlaw/perspectives/Fraud
/991210Fighting.html
• Medicaid is a major source of funds for our
programs, hence the foregoing is relevant.
10
11. At the state level: NYCRR Title 18, Part
521
• Established requirement for “Provider Compliance
Programs” for any agency wanting to be eligible to
receive or submit claims for medical assistance
payments for care, services or supplies for or on
behalf of another person.
11
12. Office of the NY State Medicaid
Inspector General (OMIG)
• Created in 2005, it is the first OMIG in the nation at the State
level. It is an independent entity within the New York State
Department of Health.
• Mission is “To improve the efficiency and accountability of the
New York State Medicaid program by preventing and
detecting fraudulent, wasteful and abusive practices within
the Medicaid program.”
• Under F-SHRP – the Federal-State Health Reform Partnership
– New York State was mandated to generate fraud and abuse
recoveries of past overpayments
• OMIG is known for using ‘’small clerical errors’’ to disqualify
claims for extended periods of time, and across similar cases,
not just the one discovered (‘’extrapolation’’). See:
https://www.nysenate.gov/newsroom/press-releases/pete-
harckham/harckham-bill-curb-punitive-omig-audits-drug-
treatment
12
13. Why should you be aware of Federal and State laws
and regulations?
• You will interact with OT, PT, SLPs, counselors,
nurses and doctors.
• They have to pass clearance scrutiny. So do you if
you sign off on Medicaid related documentation.
• We check providers at the federal and state
levels, across more than one state.
• The checks are based upon Medicaid violations
and disqualifications.
13
14. HIPAA, FERPA, and Student
Data Privacy
• You are encouraged to access
hawthornefoundation.org to view our policies and
procedures regarding the above.
• For those of you in a school setting, Student Data
Privacy is under the governance of the New York
State Education Department, so it would be good
for you to be familiar with this topic.
• HIPAA and FERPA (Family Education Rights and
Privacy Act) are governed by federal laws and
regulations.
14
15. HIPAA in the news….
• https://www.healthcareitnews.com/news/hospital-
hipaa-trouble-after-reports-nfl-medical-record-leak
• The following may not have been a HIPAA
violation, but you get the idea…
• https://www.orlandosentinel.com/news/os-xpm-
1995-11-24-9511232027-story.html
15
16. How do HIPAA and FERPA affect
you at work?
• Err on the side of caution before disclosing any student’s identifying
information or any other info about a student. If such a request comes your
way, refer it to your supervisor(s). (Tell them to blame Susan…)
• The financial penalties in HIPAA are devastating.
• Guard your work e-mail and related passwords.
• Think before attaching a student file to any e-mail. (This is also FERPA
related, but some files may contain student diagnoses.) Who will receive
it? Do you have a release from the family?
• Think before making photocopies of student files to give or send to
others. Do you have a release?
• SAFEGUARD all student binders and documents. They should be kept
locked at end of day.
16
17. Medicaid in Schools
• http://www.oms.nysed.gov/medicaid/
• Depending on your role, you may find yourself visiting this
site periodically.
• BTW, you do not need to know and probably should not
know which of your students are Medicaid eligible. That
being said, you should assume that all students are
Medicaid eligible so that you will be diligent about
documentation, reports, etc. Follow school service delivery
policies and ask your administrators about any
documentation questions you may have.
• At the school level, please bear in mind that any document
you are asked to sign may be Medicaid related. Double
check that information you are signing is correct.
17
18. Service Planning and
Delivery
• “Medically Necessary”
• Usually based on a diagnosis or a disability
• Determined through evaluation by a physician or other healthcare professional
• Refer to Medicaid guidelines to see if/when referral(s) are needed for a type of service (OT/PT,
other)
• “Otherwise Authorized”
• IEP, ISP / Life Plan, Treatment Plan, Habilitation Plan, Service Plan, Prescription, Doctor’s Order
• Reviewed as required
• Services must be delivered by trained and qualified staff and as specified in the service/ treatment
plan
• Effectiveness of the service/treatment plan must be reviewed on a regular and frequent basis
• The plan (IEP for school level, Life Plan for adult services) must be revised as necessary
18
19. What is your idea of corporate compliance on
an everyday basis in your school setting?
• Ensure that IEP mandated services and goals are
delivered.
• Collaborate with fellow teachers, aides, supervisors,
parents, and…your students.
• Collaborate with related service providers (OT, PT, speech,
counseling). Identify activities that will assist learning.
(Don’t copy or mimic, since OT and PT are medical
licenses, speech techniques are highly specialized, and
counseling is related to psychological services.) Just ask
providers for suggestions that you can use in the
classroom.
• Write/deliver your required reports accurately and timely.
19
20. (Everyday corporate compliance in the
school setting,continued)
• Review and be very aware of all student safety
requirements (allergies, etc.) as listed in the IEP and other
forms (Special Alerts)
• Know where your students are. If a related service provider
does a pullout session, he/she is responsible for bringing
the student back in person.
• Be familiar with school procedure if you suspect a student
has eloped. Act immediately.
• Observe school procedures for arrival/dismissals re: bus
safety.
• Again, any occurrence rising to the level of an ‘’incident’’
must be reported as per HFI policy and procedure.
20
21. Benefits of a Compliance Plan
• Educated, qualified, and trained staff protect the agency
• Internal Controls, to include Auditing and monitoring activities, to find your
weaknesses before another party does (early detection)
• Promotes ethical conduct by monitoring that the right things are being
done
• Open lines of communication
• Communicates our commitment to regulatory compliance and to conducting
business by doing things the right way
• Drives more efficient and effective operations to respond to changes and
identified issues with clear policies, procedures, and practices
• Helps improve and protect the financial health of the agency
• Helps defend the agency and may mitigate paybacks and fines if ‘’we’’ find
mistakes. For innocent errors, there are no penalties if we self-report and pay
back funds we should not have received.
• Doing the right thing – Even when no one is looking.
21
22. Elements of a Compliance Plan and Oversight
1. Written Policies and Procedures
2. Compliance Program Oversight
3. Training and Education
4. Effective, Confidential Communications
5. Enforcement of Compliance Standards
6. Auditing and Monitoring
7. Responding to Violations and Developing a Corrective Action Plan
8. Whistleblower Provisions and Protections
Compliance Officer and Compliance Committee
• Board and Management Staff
• Effective methods to report compliance-related issues
• Management
• Human Resources
• Compliance Officer
• Corporate Compliance Drop Boxes
• Hotline – (914) 468-7411
• Email – susanh.dayhab@hfadm.org
22
23. Policies and Procedures and Code of Conduct
Written code that applies to all employees and
independent contractors
• Based on Laws, Regulations, and Best Practices. Updated as laws,
regulations, and practices change
• Revised based on the results of internal or external reviews
• Provide direction and guidance, and expresses commitment to
compliance
• Establishes clear expectations for Board, management, employees,
contractors, and agents
• Distributed to all employees with a signed acknowledgment of
receipt
• Reviewed and revised with changes in laws, regulations, and
practices.
• Supported by policies and procedures
• Written in plain language 23
25. Medicaid: Adult Services
• MEDICAID IS A DOMINANT FORCE at the direct care level.
This impacts those who work directly with individuals.
• In adult services, there is much paperwork, reporting,
documentation, all required for Medicaid reimbursement.
• At the adult services level, the documentation requirements
are very high stakes…
https://clinictracker.com/images/omig.pdf
We strive to prevent
Fraud: “… a misrepresentation, omission, or concealment
calculated to deceive.”
Abuse: “… performing acts that are inconsistent with
acceptable business practices.”
25
26. Recent whistleblower cases pertaining
to Adult Services:
https://archives.fbi.gov/archives/newyork/press-releases/2011/manhattan-u.s.-
attorney-announces-18-million-civil-fraud-settlement-with-new-yorks-largest-
operator-of-facilities-for-adults-with-developmental-disabilities
https://www.justice.gov/usao-edca/pr/action-defrauding-program-individuals-
developmental-disabilities-settles-approximately
https://www.justice.gov/usao-mdal/pr/spectracare-health-systems-inc-agrees-pay-1-
million#:~:text=Montgomery%2C%20Alabama%20%E2%80%93%20On%20July%
2023,Stewart.
https://www.fcacounsel.com/blog/comfort-community-center-llc-settles-false-claims-
act-allegations-for-150000/
This one is different, but relevant:
https://www.lohud.com/story/news/crime/2021/08/31/yonkers-man-convicted-
chappaqua-school-bribery-kickback-scheme/5660997001/
26
27. Service Documentation
• Services must be documented
“contemporaneously” with the service delivery (at
the same time or in close proximity)
• Documentation must include all required elements
• Documentation must be permanent and legible
(able to be read by a reviewer)
27
28. Common Mistakes
• Not documenting allowable services
• Not supporting provision of planned services
• Implementing unauthorized or expired service/treatment plans
• Service/treatment plans lack specific interventions/activities
• Billing without necessary documentation
• Services must be documented “contemporaneously” with the
service delivery (at the same time or in close proximity)
• Documentation must include all required elements
• Documentation must be permanent and legible (able to be
read by a reviewer)
28
29. Documentation Do’s and
Don’ts
Note:
What follows will vary, depending on
whether or not an electronic record
keeping system (for example, Therap,
Frontline, Mains’l) is used.
29
30. Documentation Do’s and
Don’ts
DO
• Use full date (mm/dd/yyyy)
• Use signature and title on all entries
• Include date with your signature
• Use blue or black ink in records
• Draw a line through errors, note the error, sign and
date
• Assure that documentation is accurate
30
31. Documentation Do’s and
Don’ts
DO
• Document service delivery promptly
• Document only the services you provided
• Only submit claims for services provided
• Obtain proper authorization for services
• Protect your passwords
31
32. Documentation Do’s and
Don’ts
DON’T
• Document in colored ink or pencil
• Document anything you have not actually done
• Leave labeled fields blank
• Use initials without a corresponding signature key
• Attempt to obliterate errors – No “white out,” black
markers or scribbling over
• Alter previous documentation – Correct, but DON’T alter
32
33. Responsibilities as a Hawthorne
employee regardless of your
setting
• Attend required training(s)
• Read Agency’s Corporate Compliance Plan (go to
https://www.hawthornefoundation.org/ )
• Read and follow the Code of Conduct (it is incorporated in the
Corporate Compliance Plan)
• Comply with laws, regulations, and Agency’s policies,
procedures, and practices
• Provide and document services according to Service/Treatment
Plans
• Report any issues, concerns, or possible
violations
33
34. AND IF YOU MUST, DO
SOMETHING!
• Act first to make the situation safe to protect
student(s) or the adults whom we serve (in Day
Hab or residential settings)
• Call 911 if necessary
• Once the situation is safe, speak with your
supervisor IMMEDIATELY about reporting
procedures, and report the incident ASAP.
• If you have questions, do not hesitate to call this
department. See the next slide.
34
35. Corporate Compliance Hotline
Report Concerns Confidentially
Report Concerns Confidentially or Anonymously – 24 / 7
(914) 468-7411
Drop Box Locations
• Outside Administration Floor Door - Overcash Building
• Manhattan Campus – “Staff Bathroom”
• Elmsford Day Habilitation Program – “Staff Bathroom”
• Clearbrook Training Center – Unisex Bathroom
• Email – alicem@hfadm.org* regarding incident questions
• susanh@hfadm.org for Corporate Compliance questions
* Create an email address on one of the free sites (e.g., gmail, msn, aol, yahoo) with an ID
that doesn’t identify you, and use that email address to report the issue
35
36. This concludes the presentation. It
does not conclude our obligation to ‘’do
the right thing.’’
• Keep Corporate Compliance in the back of your
mind. How can I do my best? How can I help
others do their best?
• Always ask questions of your supervisor(s) if you
are not sure how to proceed.
• If in doubt, report. The Hotline number is 914-468-
7411.
36
37. Please read, carefully, all of the compliance forms you are
being asked to sign. All of these forms are important, but pay
particular attention to the Photography/Video policy, and the
Social Media/Blogging policy.
37
Editor's Notes
This is the theme of Corporate Compliance – Doing the right thing even when no one else is watching. It also means not doing something you’re not supposed to be doing and if you see someone else doing something s/he shouldn’t be saying something about it.
The original False Claims Act which was enacted during the Civil War to combat fraud in government contractors prohibits persons or businesses from improperly receiving governmental funding for goods and services, and from abusing or wasting governmental funds. Last updated in 1986 it also prohibits anyone from submitting a false claim or making a false statement to obtain governmental funds. The 1986 revision holds management more accountable with a “knew or should have known” provision about fraudulent claims or false statements. In order to encourage individuals to come forward and report misconduct involving false claims, the False Claims Act contains a “Qui Tam” (pronounced “kee tom”) or whistleblower provision.
Private citizens are able to bring suits, under the False Claims Act, in the name of the government. The suit must be sealed and served on the government, which then has 60 days to decide whether to join the suit. If the government joins the suit and is successful in the prosecution, the relator or whistleblower is entitled to between 15% and 25% of the recovery. If the government declines to join the suit, the relator can proceed with the suit on its own. If the case is successfully prosecuted, the relator shares in the government’s recovery with an entitlement between 25 to 30% of the recovery.
There is a protection under this law for the relator or whistleblower that prohibits retaliation against the person who reported. This is referred to as “whistleblower protection”.
The False Claims Act prohibits discrimination against any employee for taking lawful actions under the False Claims Act. Any employee who is discharged, demoted, harassed, or otherwise discriminated against because of lawful acts by the employee in False Claims actions is entitled to relief. Such relief may include reinstatement, double back pay, and compensation for any special damages.
The agency has a procedure for reporting compliance concerns and strictly prohibits retaliation against an employee who raises a compliance concern in good faith.
Billing for a service that was not actually provided is fraud. This can occur when a person documents for something that they did not provide and the agency receives payment for the service. This can also occur when documentation is not completed or is inadequately completed for a service that was provided.
A provider cannot bill for services while a person is in the hospital, a nursing home, or other certified residential programs such as an ICF. There are some exceptions if services were provided on the day of admission or discharge. Agencies must be very carefully in taking attendance and the recording of services that were provided.
It is considered fraud when payment is received for documentation that is false or inaccurate. The agency must assure that all services are accurately and completely documented.
In most programs, services are authorized based on a person’s need. The authorization for the type, amount, and frequency of services is stated in the form of a plan, such as an Individualized Service Plan (ISP), a Treatment Plan, an Individualized Educational Plan (IEP), or a prescription or order by a physician. It is considered fraud when services are billed in excess of the amount authorized.
In some programs, the person providing service must meet certain educational requirements or possess a current license for their profession. It is considered fraud when an unqualified or unlicensed person provides services that are billed to Medicaid or Medicare.
Billing for a services that are not authorized according to the requirements of the program, or for services that are not medically necessary, are considered fraud.
And billing twice for the same service, whether by one provider or two different providers, is considered fraud.
To prevent fraud it is up to every employee to comply with the agency’s policies and procedures and standards of practices.
HIPAA legislation increased the size and authority of the enforcement agencies that are part of ensuring the privacy and security of health related information. In addition to increasing the resources for detecting fraud the Data Bank was established to list providers who have defrauded ANY federal healthcare program.
Effective July 1, 2009, this regulation changes the status of Compliance Programs from voluntary to mandatory for any provider that accepts Medicaid dollars.
The DOH is the channel for Medicaid funds from the federal government.
Key features.
First of all, services must be medically necessary. The services are usually based on a diagnosis or the individual’s disability. This is determined through an evaluation by a physician or other healthcare professional. It is documented in the record. In some programs, there are also certain eligibility requirements that must be met.
Once an evaluation or a statement of the person’s need for a particular service is identified, a plan of service is developed by a professional or the program’s staff. The plan of service may be in the form of an Individualized Service Plan (ISP), Individualized Educational Plan (IEP), a treatment plan, a habilitation plan, a prescription, or a doctor’s order. The plan or order identifies the medical necessity or need for a particular service or several types of services. The requirements vary among program types.
In order for a service to be billed to Medicaid, it must be included in the required plan, or with a written order by a physician.
Each program has specific requirements and timeframes for the review of plans or the order for services. The review must be conducted by the required parties and usually includes involvement of the person and/or their parent, legal guardian, or advocate.
Our Compliance Plan is designed to find our weaknesses, or mistakes, before an outside reviewer or governmental agency does.
The Compliance Plan and the Code of Conduct state our commitment to complying with the laws and regulations and provide high quality services with the highest degree of honesty and integrity.
As a result of our compliance program, the training that we provide our staff, and our methods for reporting alleged wrongdoing without fear of retaliation for raising an issue, the agency expects to protect itself from “qui tam” or whistleblower lawsuits.
Because we are continually monitoring ourselves and developing corrective actions when we discover an error or the potential for an error, we are able to operate more efficiently. As a result of the reduced risk for payback or financial penalties, we are able to make sure the agency is financially healthy.
An effective compliance program has been shown to reduce penalties, payback and fines that could result from a review or audit by a governmental oversight agency.
The first element includes written policies and procedures. These are developed from the laws and regulations and provide employees with written directions on how to perform their job responsibilities.
A Code of Conduct is part of the written documents that guide employees in their day-to-day actions and performance of their job.
It is important that you are familiar with the agency’s policies and procedures and the Code of Conduct.
In many cases, forms or formats have been developed to make it easier to provide the required information. But they need to be completed thoroughly and accurately.
These mistakes could result in disallowances or fraudulent claims.
To summarize your responsibilities as an agency employee related to our compliance program, it is important that you attend required trainings, read and be familiar with the agency’s Corporate Compliance Plan and the Code of Conduct.
We expect that you comply with all applicable laws, regulations, and agency policies, procedures, and standards of practice.
Services must be provided according to approved treatment or service plans and documented accurately, thoroughly, and promptly after providing the service.
It is important that you report any issues, concerns, or possible violations of the agency’s Compliance Plan or Code of Conduct.
If you have any questions about the material covered by this presentation, please direct them to you supervisor, a member of the management staff or the Compliance Officer.
Reference the AIU, Social Media, Photo / Video Policies, etc.