COMPLIANCE MANUAL
REPORTING REQUIREMENTS
CODE OF CONDUCT
COMPLIANCE PROGRAM STRUCTURE & GUIDELINES
SBH Community Service Network, Inc.
Adopted: March 2024
Table of Contents
| Description | Tab |
| Introduction/Key Definitions | A |
| Compliance Program Reporting Requirements | B |
| Code of Conduct | C |
| Compliance Program Structure and Guidelines | D |
| Acknowledgement (to be signed and returned to Compliance Officer) | E |
| Compliance Policies and Procedures | F |
| Billing, Coding and Documentation Policy | F-1 |
| Compliance Monitoring, Risk Assessment and Training | F-2 |
| Compliance Reviews for Excluded Individuals/Entities | F-3 |
| Compliance Reviews of Staff Credentials | F-4 |
| Compliance with Anti-Referral Laws | F-5 |
| Compliance with Federal and State False Claims Laws: Overview of the Laws Regarding False Claims and Whistleblower Protections | F-6 |
| Gifts and Benefits | F-7 |
| Non-Retaliation, Non-Intimidation for Good Faith Participation in the Compliance Program | F-8 |
| Conflicts of Interest | F-9 |
| Protocols for Investigations and Implementing Corrective Action, Including Discipline | F-10 |
| Responding to Government Inquiries | F-11 |
| Waiving Coinsurance Amounts | F-12 |
| Contractor Agreement Requirements | F-13 |
| Compliance Documents | G |
| Annual Work Plan | G-1 |
| Compliance Resolution | G-2 |
| Memo to Staff | G-3 |
| Poster | G-4 |
Introduction
SBH Community Service Network, Inc. (the “Agency”) has designed and implemented a comprehensive Compliance Program that sets forth the standards of conduct, policies and procedures that all “Affected Individuals” (as defined below) are expected to follow. Our Compliance Program consists of the following:
(A) Compliance Program Code of Conduct. The Code of Conduct sets forth the general standards of conduct to which all Affected Individuals associated with the Agency must adhere.
(B) Compliance Program Structure and Guidelines. The Compliance Program Structure and Guidelines set forth the structure of the Compliance Program and describes its day-to-day operation.
All Affected Individuals are required to review and be familiar with the Code of Conduct and the Compliance Program Structure and Guidelines.
(C) Specific Compliance Policies and Procedures. Certain compliance issues require further detail and instruction. To that end, the Agency has adopted specific Compliance Policies and Procedures covering certain areas. If you have specific responsibilities that are addressed by a Compliance Policy and Procedure, you must ensure that you are familiar with its requirements. The Compliance Policies and Procedures may be accessed on the internet/intranet at P/Divisions/MentalHealthClinic/Training. They are also available upon request to the Compliance Officer at any time.
The Code of Conduct, the Compliance Program Structure and Guidelines, and our Compliance Policies and Procedures are collectively referred to as the Agency’s “Compliance Manual”.
The Agency expects to conduct its business in a manner that supports integrity in our operations. To that end, our Compliance Program is designed to effectively prevent, detect and correct non-compliance with applicable laws, rules and regulations, including Federal health care program requirements (e.g., the Medicare and Medicaid programs). Our Compliance Program has many goals. Among them are: (i) detecting and preventing fraud, waste and abuse, (ii) organizing our resources to address compliance issues as quickly and efficiently as possible, and (iii) putting in place a system of checks and balances to prevent recurrence of any such issues.
We require that all Affected Individuals cooperate fully with the Compliance Program.
In short, we are committed to doing the right thing legally and ethically, and our Compliance Program is designed to assist us in effectively keeping to that commitment. Conduct that is contrary to these expectations will be considered a violation of the Compliance Program.
If you have any questions regarding the Compliance Program, please refer to the Code of Conduct, the Compliance Program Structure and Guidelines or Compliance Policies and Procedures, or speak with our Compliance Officer for more detailed information.
Key Definitions
Unless otherwise defined in the Compliance Manual, the terms listed below have the following meanings:
(1) “Compliance Committee” means the group established by the Agency to coordinate with the Compliance Officer to ensure that the Agency is conducting its business in an ethical and responsible manner, consistent with our Compliance Program.
(2) “Compliance Officer” means the individual designated by the Agency with responsibility for the day-to-day operation of the Compliance Program. The Compliance Officer is the focal point for our Compliance Program. Megan Ann Kolsch is the Compliance Officer for the Agency. The Compliance Officer reports directly to, and is accountable to, the Agency’s Chief Executive Officer.
(3) “Federal health care program” means any plan or program that provides health benefits whether directly, through insurance or otherwise, which is funded directly, in whole or in part, by the United States Government, including certain State health care programs. Examples include, but are not limited to: Medicare, Medicaid, Veterans’ programs and the State Children’s Health Insurance Programs. The Federal Employees Health Benefits Program is not included in this definition.
(4) “Good faith participation in the Compliance Program” includes, but is not limited to, the following actions when taken in good faith: (a) reporting potential compliance issues to appropriate personnel; (b) participating in investigation of potential compliance issues; (c) self-evaluations; (d) audits; (e) remedial actions; (f) reporting instances of intimidation or retaliation; and (g) reporting potential fraud, waste or abuse to the appropriate State or Federal entities.
(5) “Affected Individuals” means all persons who are affected by the Agency’s “risk areas,” including our employees, the chief executive and other senior administrators, managers, contractors, agents, subcontractors, independent contractors, and governing body and corporate officers. Affected Individuals are sometimes referred to in this Compliance Manual as “you.”
(6) “Effective compliance program” means a compliance program adopted and implemented that, at a minimum, satisfies the requirements of 18 NYCRR Subpart 521-1 and that is designed to be compatible with our characteristics (i.e., our size, complexity, resources, and culture). Our Compliance Program is designed to ensure that it: (i) is well-integrated into our operations and supported by the highest levels of the organization, including the chief executive, senior management, and the governing body; (ii) promotes adherence to our legal and ethical obligations; and (iii) is reasonably designed and implemented to prevent, detect, and correct noncompliance with applicable Federal health care programs (including, but not limited to, Medicare and Medicaid) and other requirements, including fraud, waste, and abuse most likely to occur for the Agency’s “risk areas” and “organizational experience.”
(7) “Organizational experience” means the Agency’s: (i) knowledge, skill, Agency and understanding in operating our Compliance Program; (ii) identification of any issues or risk areas in the course of our internal monitoring and auditing activities; (iii) experience, knowledge, skill, practice and understanding of our participation in Federal health care programs (including, but not limited to, Medicare and Medicaid) and the results of any audits, investigations, or reviews we have been the subject of; and (iv) awareness of any issues we should have reasonably become aware of for our category or categories of service.
(8) “Risk areas” are those areas to which the Agency’s Compliance Program applies. This includes those areas of operation affected by the Compliance Program and applies to: (i) billings; (ii) payments; (iii) ordered services; (iv) medical necessity; (v) quality of care; (vi) governance; (vii) mandatory reporting; (viii) credentialing; (ix) contractor, subcontractor, agent or independent contract oversight; and (x) other risk areas that are or should reasonably be identified through our organizational experience.
(9) “Contractors” means contractors, agents, subcontractors, and/or independent contractors who are affected by the Agency’s risk areas.
![]()
Reporting Requirements
All Affected Individuals must abide by the Compliance Program and are required to report suspected misconduct, possible violations of Federal or State law or regulations, possible violations of the Compliance Program and other compliance-related concerns. You may report to the Compliance Officer, to the Compliance Hotline,to your supervisor or to management. Issues reported to a supervisor or management must in turn be immediately reported to the Compliance Officer.
You may make reports confidentially. To report confidentially, please use the Compliance Hotline. The confidentiality of persons reporting compliance issues will be maintained, unless the matter is subject to a disciplinary proceeding, referred to, or under investigation by, the New York State Attorney General’s Medicaid Fraud Control Unit (“MFCU”), the New York State Office of the Medicaid Inspector General (“OMIG”) or law enforcement, or disclosure is required during a legal proceeding. In addition, persons reporting compliance issues will be protected under our Non-Retaliation, Non-Intimidation for Participation in the Compliance Program Policy.
Affected Individuals may also report compliance issues anonymously, if they so choose. To report anonymously, please use the Compliance Hotline.
As explained in detail in our Non-Retaliation, Non-Intimidation for Participation in the Compliance Program Policy, retaliation or intimidation in any form against an individual who in good faith reports possible misconduct or illegal conduct is strictly prohibited. Acts of retaliation or intimidation should be immediately reported, and if substantiated, the individuals responsible will be appropriately disciplined.
| Name | Contact Information |
| Compliance Officer Carol Rubinstein | Ph: (718) 787-1100 Extension 393 Email: Compliance@sbhonline.org |
| Compliance Hotline | Ph: (718) 787-1100 Extension 393 |
| Chief Executive Officer Nathan Krasnovsky | Ph: (718) 787-1100 Extension 318 Email: nathank@sbhonline.org |
Code of conduct
SBH Community Service Network, Inc.
Code of Conduct
This Code of Conduct sets forth the standards of conduct that all Affected Individuals must adhere to and follow.
I CODE OF CONDUCT: COMMITMENT TO COMPLIANCE
¡ For over forty years, the Agency has stood as a pillar of charity and volunteerism in the community. Although the organization itself has grown exponentially since its inception in May 1974, its core values of selflessness and responsibility have never wavered.
The Agency has been dedicated to the caring of those less fortunate. It is the shoulder to cry on, the lifeline, the answer to your calls for help. Countless leaders have been born, friendships formed, and prides restored. Its truisms have become a part of the very fabric of what it means to be part of “the community”; To care for your neighbor as if they are your brother, to give with compassion, discretion and respect, asking for nothing in return. The breadth and depth of our programs and services now reach each and every family and individual. Whether you have been on the giving or receiving line, you have taken part in the building of an agency that you can be proud to call your own. We thank you for all you have done in helping us reach this point and look forward to many more generations of loving kindness.
¡ The Agency strives to provide high quality services to our clients without regard to age, race, color, sexual orientation, marital status, religion, sex, or national origin. We have a commitment to conduct our business in compliance with all applicable laws, rules and regulations and in accordance with ethical principles. The Agency expects the same from all Affected Individuals. We do not and will not tolerate any form of unlawful or unethical behavior by anyone associated with the Agency. We will follow the letter and spirit of applicable laws, rules and regulations, conduct our business ethically and honestly, and act in a manner that enhances our standing in the community.
II CODE OF CONDUCT: SCOPE OF APPLICATION to AFFECTED INDIVIDUALS
¡ The Compliance Program – and specifically this Code of Conduct – applies to all Affected Individuals. The term Affected Individuals is defined in this Compliance Manual.
¡ All Affected Individuals have a responsibility to help create and maintain a work environment in which compliance concerns may be openly raised, and promptly reviewed, discussed and addressed.
III CODE OF CONDUCT: STANDARDS
¨ General Standards
¡ You must be honest and lawful in all of your business dealings and avoid doing anything that could create even the appearance of impropriety.
¡ You must: comply with the Code of Conduct; refuse to participate in any action you think may be possibly unethical, illegal or in violation of the Code of Conduct, a Compliance Policy and Procedure or the Compliance Program; report compliance issues and any unethical or illegal conduct to the Compliance Officer; cooperate with compliance inquiries and investigations; and work to correct any improper practices that are identified. Agency expects and requires your good faith participation in the Compliance Program.
¡ Acts of retaliation or intimidation for good faith reporting of any suspected violation of, or for other good faith participation in, the Compliance Program will not be tolerated and are themselves a violation of the Compliance Program. For more information, see the Non-Retaliation, Non-Intimidation for Good Faith Participation in the Compliance Program Policy.
¨ Standards Related to Quality of Care/Credentialing/Medical Necessity
¡ You are required to protect and promote the rights of all patients, including but not limited to, the right to participate in all decisions about their own care and treatment.
¡ You must ensure that patient care conforms to acceptable clinical and safety standards.
¡ All professional staff associated with Agency will be properly licensed, certified and/or registered as required by applicable laws, rules and regulations. Agency will take steps on a regular basis to monitor and ensure such compliance.
¡ In addition to the general credentialing process, Agency will confirm the identity and determine the exclusion status of all Affected Individuals. In doing so, we will review the following State and Federal databases at least every thirty (30) days: (a) the OMIG Exclusion List; (b) the U.S Department of Health and Human Services Office of Inspector General’s (the “OIG”) List of Excluded Individuals and Entities (c) the General Services Administration’s System for Award Management. Our Contractors are also required to comply with these requirements. The results of such checks will be promptly shared with the Compliance Officer and other appropriate compliance personnel. For more information, see our Compliance Reviews for Excluded or Ineligible Individuals/Entities Policy.
¡ The QI/Compliance will be responsible for overseeing quality of care issues. In consultation with quality improvement personnel, the Compliance Officer (or his or her designee(s)) will ensure that quality assurance reviews are conducted, issues are addressed, and corrective actions are implemented.
¡ The Agency will only submit claims for payment to payers for services that are medically necessary or that otherwise constitute a covered service and are consistent with the payer’s applicable policies and requirements.
¨ Standards Related to Coding, Billing and Documenting Services
¡ The Agency will comply with the coding, billing, documentation and submission rules and requirements of all of its payers, including government payers such as Medicare and Medicaid, and commercial payers, as well as all applicable Federal and State laws, rules and regulations governing the coding, billing, documentation and submission of claims. For more information, see our Billing, Coding and Documentation Policy.
¡ The Agency is committed to preparing accurate claims, consistent with such requirements. All coding, billing and documentation of services must be accurate and truthful.
¡ Specifically, among other rules, we follow 18 NYCRR § 521-1.3(d):
¡ Risk areas. The compliance program shall apply to the required provider’s risk areas, which are those areas of operation affected by the compliance program and shall apply to: (1) billings; (2) payments; (3) ordered services; (4) medical necessity; (5) quality of care; (6) governance; (7) mandatory reporting; (8) credentialing; (9) contractor, subcontractor, agent or independent contract oversight; (10) other risk areas that are or should reasonably be identified by the provider through its organizational experience.
¡ You may never misrepresent charges or services to or on behalf of the government, a patient or a payer. False statements, intentional omissions or deliberate and reckless misstatements to government agencies, payers or others will expose those involved to disciplinary action. As but one example, no Affected Individual will knowingly engage in any form of upcoding of any service in violation of any law, rule, regulation or requirement. Among other things, any Affected Individual involved in such activities is subject to potential termination of employment or contract, and potential criminal and civil liability.
¡ Billing codes – including CPT, HCPCS and ICD diagnostic codes – should never be selected on the basis of whether the given code guarantees or enhances payment. Rather, only those codes that correspond to the actual service rendered and documented should be selected.
¡ Only those services that are consistent with accepted standards of care may be billed. In this regard, billing and coding must always be based on adequate documentation of the justification for the service provided and for the bill submitted, and this documentation must comply with all applicable requirements.
¡ We also comply with all associated and applicable Federal and State laws, rules and regulations that relate to the coding, billing and documentation of services including, but not limited to those concerning: the ordering of services; waiving coinsurance or other patient financial responsibility amounts; providing professional courtesy to physicians or their families; obtaining Advance Beneficiary Notices from Medicare patients for non-covered services; and gathering insurance information from patients.
¡ In accordance with Federal and New York State law,[1] the Agency provides to all Affected Individuals a detailed description of: (i) the Federal False Claims Act; (ii) the Federal Program Fraud Civil Remedies Act; (iii) State civil and criminal laws pertaining to false claims; and (iv) the whistleblower protections afforded under such laws. The Agency also provides Affected Individuals with detailed provisions regarding our policies and procedures for detecting and preventing fraud, waste, and abuse. The employee handbook also includes specific discussion of the laws described above, the rights of employees to be protected as whistleblowers, and the Agency’s policies and procedures for detecting and preventing fraud, waste and abuse.
¡ The Agency does not retain any payments to which it is not entitled. The Agency will timely report, return and explain any identified overpayments in accordance with applicable law, rules, regulations and requirements. For more information, see “Mandatory and Other Reporting” below; and
For more information, see the Billing, Coding and Documentation Policy; the Waiving/Reducing Coinsurance, Copayment and Deductible Amounts Policy; the Compliance with Anti-Referral Laws Policy; and the Compliance with Federal and State False Claims Laws (Overview of the Laws Regarding False Claims and Whistleblower Protections/Policy.
¨ Standards Relating to Business Practices
¡ All business records must be accurate, truthful and complete, with no material omissions.
¡ The Agency will forego any business transaction or opportunity that can only be obtained by improper or illegal means, and will not make any unethical or illegal payments to induce or reward the use of our services.
¡ No Affected Individuals will engage, either directly or indirectly, in any corrupt business practices intended to influence the manner in which the Agency performs services, or otherwise engages in business practices.
¨ Standards Relating to Record Retention and Access to Records
¡ The Agency will comply with all applicable laws, rules, regulations and requirements relating to the retention of billing and medical records.
¡ The Agency will make available to the New York State Department of Health (“DOH”), the OMIG and the MFCU, upon request, all records demonstrating that we have adopted, implemented and operate an effective compliance program and have satisfied the requirements of 18 NYCRR Subpart 521. Such records will be retained by the Agency for a period not less than six (6) years from the date the program was implemented, or any amendments thereto were made, in accordance with 18 NYCRR § 521-1.3(b), or for such longer period of time as may be required by applicable laws, rules, regulations or contractual requirement.
¡ In order to help ensure the effectiveness of the Compliance Program, the Compliance Officer and appropriate compliance personnel will have access to all records, documents, information, facilities and Affected Individuals that are relevant to carrying out their Compliance Program responsibilities.
¨ Patient Referrals/Marketing Activities
¡ In general, Federal and State anti-kickback laws prohibit offering, paying, soliciting or receiving any remuneration to induce or reward referrals of items or services that are reimbursed by a Federal health care program (including, but not limited to, Medicare and Medicaid). This includes the giving of any form of remuneration, including virtually anything of value, in return for a referral. The decision to refer patients is a separate and independent clinical decision made by physicians or other appropriate licensed practitioners. In certain situations, there may be exceptions and/or “safe harbors” to the anti-kickback laws. The Agency does not offer, pay, solicit or receive remuneration to or from physicians, or anyone else, either directly or indirectly, for patient referrals, in violation of applicable laws, rules and/or regulations. For more information, see our Compliance with Anti-Referral Laws Policy; and our Compliance with Federal and State False Claims Laws (Overview of the Laws Regarding False Claims and Whistleblower Protections) Policy.
¡ All marketing activities and advertising by Affected Individuals must be truthful and not misleading, must be supported by evidence to substantiate any claims made and must otherwise be in accordance with applicable laws, rules and regulations. In this regard, our best “advertisement” is the quality of the services we provide. You should never disparage the service or business of a competitor through the use of false or misleading representations.
¡ You may not offer, pay, solicit or receive any gifts or benefits to or from any person or entity that would compromise the Agency’s integrity (or even create an appearance that the Agency’s integrity is compromised), or under circumstances where the gift or benefit is offered, paid, solicited or received with a purpose of inducing or rewarding referrals or other business between the parties, in violation of applicable laws, rules, regulations or requirements. The guiding principle is simple: Affected Individuals may not be involved with gifts or benefits that are undertaken to influence any business decision in a manner that violates the law. Cash or cash equivalents may not be given or accepted under any circumstances. For more information, see our Gifts and Benefits Policy; and our Compliance with Anti-Referral Laws Policy.
¨ Mandatory and Other Reporting
¡ As part of its commitment to providing high quality care and services, the Agency complies with all applicable Federal and State mandatory reporting laws, rules and regulations. To this end, the Agency will ensure that all incidents and events that are required to be reported are reported in a timely manner, and will monitor compliance with such requirements. This includes required reporting to appropriate government agencies or parties.
¡ The Agency will also ensure its compliance with the requirement that, upon enrollment and annually thereafter, it certifies that it has met the requirements of New York Social Services Law (i.e., N.Y. Social Services Law § 363-d and 18 NYCRR Subpart 521-1). Further, the Agency will provide a copy of the certification required by 18 NYCRR § 521-1.3 to each Medicaid Managed Care Organization (including managed care providers and managed long term care plans) (collectively, “MMCO”) for which it is a participating provider upon signing the participating provider agreement with the MMCO, and annually thereafter. As applicable, the Agency will also comply with other State and Federal certification requirements that are or may become applicable to it.
¡ The Agency will ensure that all identified overpayments are timely reported, returned and explained in accordance with applicable laws, rules, regulations and requirements. For example, it is our policy to exercise reasonable diligence in identifying overpayments, not to knowingly retain any funds which are received as a result of overpayments and to report, return and explain any overpayments received from Federal health care programs (including, for example, but not limited to, Medicare and Medicaid) within 60 days from the date the overpayment is identified (or within such time as is otherwise required by law or contract). Any such monies that are improperly collected will be refunded, in accordance with applicable laws, rules, regulations and requirements, to the appropriate party at the correct address. For more information, see our Protocols for Investigation and Implementing Corrective Action, Including Discipline Policy.
¡ Moreover, in appropriate circumstances (e.g., after an internal investigation confirms possible fraud, waste, abuse or inappropriate claims), the Agency will utilize the appropriate self-disclosure process and report, as necessary and appropriate, to the OMIG, OIG, the Centers for Medicare and Medicaid Services, or other appropriate payer/agency. In such circumstances, the Agency may consult with legal counsel or other experts, as needed. For more information, see our Protocols for Investigation and Implementing Corrective Action, Including Discipline Policy.
¨ Standards Relating to Confidentiality and Security
¡ In compliance with Federal and State privacy laws, all Affected Individuals will keep patient information confidential and secure.
¡ The Agency has also implemented and maintains a HIPAA Compliance Program that addresses privacy and security. All Affected Individuals must adhere to the standards of the HIPAA Compliance Program.
¡ Confidential information acquired by Affected Individuals about the business of the Agency must also be held in confidence and not used for personal gain, either directly or indirectly, or in any manner that violates applicable laws, rules, regulations or requirements.
¨ Government Inquiries
¡ It is the Agency’s policy to comply with applicable laws, rules, regulations and requirements, and to cooperate with legitimate government investigations or inquiries. All responses to requests for information must be accurate and complete, and must not omit any material information. Any action by Affected Individuals to destroy, alter, or change any of the Agency’s records in response to a request for such records is strictly prohibited and will subject them to immediate termination of employment or contract and possible criminal prosecution, among other things.
¡ You may speak voluntarily with government agents, and the Agency will not attempt to obstruct such communication. It is recommended, however, that you contact the Compliance Officer before speaking with any government agents.
¡ You must receive authorization from the Compliance Officer before responding to any request to disclose the Agency’s documents to any outside party.
¡ It is the Agency’s policy to comply with applicable laws, rules, regulations and requirements, and to cooperate with legitimate government investigations or inquiries. All responses to requests for information must be accurate and complete, and must not omit any material information. Any action by Affected Individuals to destroy, alter, or change any of the Agency’s records in response to a request for such records is strictly prohibited and will subject them to immediate termination of employment or contract and possible criminal prosecution, among other things.
¡ It also is our policy to comply with all lawful directives of the DOH, OMIG or other appropriate government agencies with respect to the adoption, implementation and maintenance of our Compliance Programs pursuant to applicable laws, rules and regulations, including, but not necessarily limited to, 18 NYCRR Subpart 521-1.
For more information, see our Responding to Government Inquires Policy.
¨ Specific Compliance Provisions for Agreements with Contractors
¡ It is the policy of the Agency to ensure that all contracts with our Contractors specify that the Contractor is subject to our Compliance Program, to the extent that the Contractor is affected by our risk areas (within the scope of the contracted authority and affected risk areas). We will follow OMIG’s guidance regarding agreements in place prior to the effective date of OMIG’s updated compliance regulations. For more information, see our Contractor Requirements Policy.
¡ In addition, such contracts will also include termination provisions for the failure to adhere to our Compliance Program requirements.
COMPLIANCE PROGRAM STRUCTURE and gUIDELINES
SBH Community Service Network, Inc.
Compliance Program Structure and Guidelines
The following elements comprise the Compliance Program’s Structure and Guidelines. Each element governs a different and important aspect of the Compliance Program. The Structure and Guidelines are intended to provide you with an overview of the Compliance Program’s framework that supports its day-to-day operations. The framework is designed to allow room for continuous improvement in, and evolution of, the Compliance Program so as to ensure that we continue to conduct business in a manner that supports integrity and ethics in our operations and compliance with the laws, rules, regulations and requirements to which we are subject.
ELEMENT 1: Written Policies and Procedures
¡ Formal Policies. The Code of Conduct, the Compliance Program Structure and Guidelines, and our specific Compliance Policies and Procedures (i.e., our Compliance Manual) have all been formalized in writing and adopted by the Agency. These documents demonstrate our commitment to complying with applicable legal, regulatory and other requirements, appropriate guidance, and our contractual commitments.
¡ Specifically, the Agency’s written Compliance Policies and Procedures and the Code of Conduct are designed to:
(i) articulate our commitment and obligation to comply with all applicable Federal and State standards. In so doing, we have identified governing laws and regulations that are applicable to our risk areas, including, but not limited to, applicable Federal health care programs (i.e., Medicare and Medicaid) policies and procedures;
(ii) describe compliance expectations as embodied in standards of conduct (i.e., our Code of Conduct). These standards of conduct serve as a foundational document which describe our fundamental principles and values, and our commitment to conduct our business in an ethical manner;
(iii) document the implementation of our Compliance Program and its requirements, and outline its ongoing operation. Among other things, our Compliance Policies and Procedures are designed to describe, at a minimum, the structure of our Compliance Program, including the responsibilities of all Affected Individuals in carrying out the functions of the Compliance Program;
(iv) provide guidance to Affected Individuals on dealing with potential compliance issues. Specifically, our guidance is designed to, at a minimum: (a) assist Affected Individuals in identifying potential compliance issues, questions and concerns, set forth expectations for reporting compliance issues, and explain how to report such issues, questions, and concerns to the Compliance Officer; and (b) establish the expectation that all Affected Individuals will act in accordance with the standards of conduct, that they must refuse to participate in unethical or illegal conduct, and that they must report any unethical or illegal conduct to the Compliance Officer;
(v) identify the methods and procedures for communicating compliance issues to the appropriate compliance personnel;
(vi) describe how we investigate and resolve potential compliance issues and the procedures for documenting the investigation, and the resolution or outcome (for more information, see our Protocols for Investigation and Implementing Corrective Action, Including Discipline Policy);
(vii) include a policy of non-intimidation and non-retaliation for good faith participation in the Compliance Program, including, but not limited to: (a) reporting potential compliance issues to appropriate personnel; (b) participating in investigation of potential compliance issues; (c) self-evaluations; (d) audits; (e) remedial actions; (f) reporting instances of intimidation or retaliation; and (g) reporting potential fraud, waste or abuse to the appropriate State or Federal entities (for more information, see the Non-Retaliation, Non-Intimidation for Participation in the Compliance Program Policy; and the Protocols for Investigations and Implementing Corrective Action, Including Discipline Policy);
(viii) include a written statement setting forth our policy regarding Affected Individuals who fail to comply with the written policies and procedures, standards of conduct, or State and Federal laws, rules and regulations. That policy, which may be found in our Protocols for Investigation and Implementing Corrective Action, Including Discipline Policy, also establishes our standards for taking and escalating disciplinary actions that must be taken in response to non-compliance. Generally speaking, intentional or reckless behavior is subject to more significant sanctions. Sanctions may include oral or written warnings, suspension, and/or termination;
(ix) additionally, we also comply with the requirements of the Federal Deficit Reduction Act (42 USC § 1396a(a)(68)) as to maintaining and disseminating policies regarding false claims law and whistleblower protections (for more information, see our Compliance with Federal and State False Claims Laws (Overview of the Laws Regarding False Claims and Whistleblower Protections) Policy);
and
(x) we will meet at least annually to review all Compliance Program Policies and Procedures and standards of conduct in order to determine: (i) if such written policies, procedures, and standards of conduct have been implemented; (ii) whether Affected Individuals are following the policies, procedures, and standards of conduct; (iii) whether such policies, procedures, and standards of conduct are effective; and (iv) whether any updates are required. Policies will be reviewed and approved by the Compliance Committee, Compliance Officer, and CEO on an annual basis.
ELEMENT 2: Designation of Compliance Officer and the Compliance Committee
¡ Duties of the Compliance Officer. The Compliance Officer is the focal point of our Compliance Program and is responsible for the Program’s day-to-day operations.
The Compliance Officer’s primary responsibilities include:
(i) overseeing and monitoring the adoption, implementation and maintenance of the Compliance Program and evaluating its effectiveness;
(ii) drafting, implementing, updating and coordinating a compliance work plan no less frequently than annually or, as otherwise necessary, to conform to changes to Federal and State laws, rules, regulations, policies and standards. The work plan will outline our proposed strategy for meeting the requirements of an effective compliance program for the coming year, with a specific emphasis on applicable requirements relating to our written Compliance Policies and Procedures, training and education, auditing and monitoring, and responding to compliance issues;
(iii) reviewing and revising the Compliance Program, and, at least annually, the written Compliance Policies and Procedures and standards of conduct, to incorporate changes based on our organizational experience and promptly incorporate changes to Federal and State laws, rules, regulations, policies and standards. We will also conduct a review, at least annually, to determine whether such Policies and Procedures and standards of conduct have been implemented, are being followed by Affected Individuals, and whether they are effective and/or any updates are required;
(iv) reporting directly, on a regular basis, but no less frequently than quarterly, to the Agency’s governing body, chief executive, and Compliance Committee on the progress of adopting, implementing, and maintaining the Compliance Program;
(v) assisting in establishing methods to improve our efficiency, quality of services, and reducing our vulnerability to fraud, waste and abuse; and
(vi) investigating and independently acting on matters related to the Compliance Program, including designing and coordinating internal investigations and documenting, reporting, coordinating, and pursuing any resulting corrective action with all internal departments, contractors and the State.
The Agency is committed to ensuring that the Compliance Officer is allocated sufficient staff and resources to satisfactorily perform their responsibilities for the day-to-day operation of the Compliance Program, based on our risk areas and organizational experience. We will assess our allocation of staff and resources as part of our annual review of our Compliance Program’s effectiveness (see, “Annual Compliance Program Review” in Element 6, below).
¡ Duties of the Compliance Committee. A Compliance Committee has been formed to coordinate with the Compliance Officer in order to ensure that we are conducting our business in an ethical and responsible manner, consistent with the Agency’s Compliance Program. The Compliance Committee operates pursuant to a written charter. Among other things, the charter outlines the duties, responsibilities and membership of the Committee, designates a Chair and outlines the frequency of the Committee’s meetings. We review the charter no less frequently than annually.
The Compliance Committee meets no less frequently than quarterly, and reports directly to, and is accountable to, the chief executive officer and our governing body. The Committee’s membership consists, at a minimum, of senior managers.
The Compliance Committee’s responsibilities include:
(i) coordinating with the Compliance Officer to ensure that our written Compliance Policies and Procedures, and standards of conduct, are current, accurate and complete, and that the training topics that are part of our Compliance Program are timely completed;
(ii) coordinating with the Compliance Officer to ensure communication and cooperation by Affected Individuals on compliance-related issues, internal or external audits, or any other function or activity required by applicable law, regulation or requirement;
(iii) advocating for the allocation of sufficient funding, resources and staff for the Compliance Officer to fully perform their responsibilities;
(iv) ensuring that we have effective systems and processes in place to identify Compliance Program risks, overpayments and other issues, and effective Compliance Policies and Procedures for correcting and reporting such issues; and
(v) advocating for adoption and implementation of required modifications to the Compliance Program.
For more information, see the Compliance Monitoring, Risk Assessment and Training Policy.
ELEMENT 3: Training and Education
¡ As an integral part of the Compliance Program, we have established and implemented an effective compliance training and education program. This program applies to all Affected Individuals and to our Compliance Officer.
¡ Affected Individuals and the Compliance Officer will complete the training program no less frequently than annually. Our training and education program is a part of the orientation of new Compliance Officers and Affected Individuals and occurs promptly upon hiring (i.e., within 30 days of their start date.
¡ Training is provided in a form and format that is accessible and understandable to all Affected Individuals, consistent with applicable language and other access laws, rules or policies.
¡ The Compliance Program also has a training plan. At a minimum, our training plan outlines the subjects or topics for training and education, the timing and frequency of the training, which Affected Individuals are required to attend, how attendance will be tracked, and how the effectiveness of the training will be periodically evaluated.
¡ The Agency’s training and education includes, at a minimum, the following topics:
(i) our risk areas and organizational experience;
(ii) our written Compliance Policies and Procedures as identified above in Element 1, “Written Policies and Procedures”;
(iii) the role of the Compliance Officer and the Compliance Committee;
(iv) how Affected Individuals can ask questions and report potential compliance-related issues to the Compliance Officer and senior management, including the obligation of Affected Individuals to report suspected illegal or improper conduct and the procedures for submitting such reports, and the protection from intimidation and retaliation for good faith participation in the Compliance Program;
(v) disciplinary standards, with an emphasis on those standards related to our Compliance Program and the prevention of fraud, waste and abuse;
(vi) how we respond to compliance issues and implement corrective action plans;
(vii) requirements specific to payors for the categories of service we provide (e.g., Medicare and Medicaid requirements);
(viii) coding and billing requirements and best practices; and
(ix) claim development and the submission process.
For more information, see the Compliance Monitoring, Risk Assessment and Training Policy.
ELEMENT 4: Effective Lines of Communication
¡ Communication System. The Agency has established and implemented effective lines of communication, ensuring confidentiality for Affected Individuals. The lines of communication are accessible, allow compliance issues to be reported as they are identified and include methods for anonymous and confidential good faith reporting of potential compliance issues.
Specifically:
(i) our lines of communication are accessible to all Affected Individuals and allow for questions regarding compliance issues to be asked and for compliance issues to be reported;
(ii) we publicize the lines of communication to the Compliance Officer and they are made available to all Affected Individuals, as well as to all Medicaid recipients of service;
(iii) we have a method for anonymous reporting of potential fraud, waste and abuse, and compliance issues directly to the Compliance Officer;
(iv) we ensure that the confidentiality of persons reporting compliance issues is maintained unless the matter is subject to a disciplinary proceeding, referred to, or under investigation by, MFCU, OMIG or law enforcement, or disclosure is required during a legal proceeding, and that such persons are protected under our policy for non-intimidation and non-retaliation (for more information, see the Non-Retaliation, Non-Intimidation for Good Faith Participation in the Compliance Program Policy;) and
(v) we make available on our website, information concerning our Compliance Program, including our standards of conduct.
¡ “Open Door Policy.” The Agency has an “open door” policy for receiving reports and for answering questions concerning adherence to the law and the Compliance Program.
¡ Reporting Issues. All Affected Individuals must abide by the Compliance Program and are required to report suspected illegal or improper conduct, possible violations of the Compliance Program and other compliance-related concerns. Affected Individuals may report issues to the Compliance Officer, to the Compliance Hotline, or to their supervisor or to management.
¡ Reporting to the Compliance Officer. If a report is made to a supervisor or management or anyone other than the Compliance Officer, that person must in turn immediately inform the Compliance Officer so that the issues may be addressed.
¡ Anonymous and Confidential Reporting Methods. Personnel may report issues or concerns anonymously if they so choose. Personnel may report anonymously by calling the Compliance Hotline. Personnel may also choose to identify themselves. In such case, the reporting person’s identity will be kept confidential, whether requested or not, unless the matter is subject to a disciplinary proceeding, is referred to, or is under investigation by, the MFCU, OMIG or law enforcement, or disclosure is required during a legal proceeding.
¡ Retaliation or Intimidation is Prohibited. Retaliation or intimidation in any form against an individual who reports possible misconduct or illegal conduct, or otherwise participates in good faith in the Compliance Program, is strictly prohibited. Acts of retaliation or intimidation should be immediately reported to the Compliance Officer, or to the Hotline and, if substantiated, the individuals responsible will be appropriately disciplined (for more information, see the Non-Retaliation, Non-Intimidation for Good Faith Participation in the Compliance Program Policy).
ELEMENT 5: Disciplinary Standards to Encourage Good Faith Participation in the
Compliance Program
¡ The Agency has established well-publicized disciplinary standards, and has implemented enforcement procedures for those standards, in order to address potential violations and to encourage good faith participation in the Compliance Program by all Affected Individuals.
¡ Specifically, our written Compliance Policies and Procedures establishing our disciplinary standards and the procedures for taking such actions are published and disseminated to all Affected Individuals and are incorporated into our training plan. Moreover, we enforce our disciplinary standards fairly and consistently, and the same disciplinary action applies to all levels of personnel.
¡ The types of discipline imposed will be commensurate with the severity of the violation, and may include one or more of the following: training, re-training, verbal warnings, written warnings, suspension and/or termination of employment or contract, as appropriate, under the circumstances.
For more information, see the Protocols for Investigations and Implementing Corrective Action, Including Discipline.
ELEMENT 6: The System for Routine Monitoring and Identification of Compliance Risk Areas; Annual Compliance Program Reviews; Excluded Provider Checks
¡ The Agency has established an effective system for the routine monitoring, identification and assessment of compliance risks. This system includes, but is not limited to, internal monitoring and audits, and, as appropriate, external audits, to evaluate the Agency’s compliance with Federal health care program (e.g., Medicare and Medicaid) requirements and the overall effectiveness of the Compliance Program.
¡ Routine Monitoring and Auditing. Routine audits will be performed by internal or external auditors who have expertise in applicable State and Federal requirements (e.g., the Medicare and Medicaid Programs) and other applicable laws, rules, regulations and requirements, or have expertise in the subject area of the audit.
¡ Specific Risk Areas, Documentation and Reporting. Our audits and monitoring will meet the following requirements, at a minimum: (i) internal and external compliance audits will focus on our risk areas; (ii) the results of all internal or external audits, or audits conducted by the State or Federal government will be reviewed for risk areas that can be included in updates to our Compliance Program and compliance work plan; and (iii) the design, implementation, and results of any internal or external audits will be documented, and the results shared with the Compliance Committee and our governing body.
¡ Overpayments and Corrective Actions. Any identified overpayments, including, but not limited to Medicaid or Medicare identified overpayments, will be reported, returned and explained in accordance with applicable laws, rules, regulations and requirements, including for instance, NY Social Services Law § 363-d, 18 NYCRR Subpart 521-3 and 42 USC § 1320a-7k(d), and the Agency will promptly take corrective action to prevent recurrence of the issues that caused the overpayment.
¡ Annual Compliance Program Review. The Agency also has a process to review, at least annually, whether our Compliance Program is effective, whether any revision or corrective action is required, or whether there should be any other changes or modifications to the Compliance Program.
Specifically:
(i) this review may be carried out by the Compliance Officer, Compliance Committee, external auditors, or other staff we designate, provided that such other staff has the necessary knowledge and expertise to evaluate the effectiveness of the components of the Compliance Program they are reviewing and are independent from the functions being reviewed;
(ii) the review should include on-site visits, interviews with Affected Individuals, review of records, surveys, or any other comparable method that is appropriate, provided that it does not compromise the independence or integrity of the review;
(iii) we will document the design, implementation and results of our effectiveness review, and any corrective action implemented; and
(iv) the results of our annual Compliance Program review will be shared with the chief executive, senior management, Compliance Committee and the governing body.
¡ Excluded Provider Checks. In accordance with the requirements of 18 NYCRR ![]()
515.5 and 18 NYCRR § 521-1.4 (g)(3), we will confirm the identity, and determine the exclusion status, of Affected Individuals. Specifically, in determining the exclusion status of a person, we will review, at a minimum, the following databases at least every thirty (30) days: (a) the OMIG Exclusion List; (b) the OIG’s List of Excluded Individuals and Entities; and (c) the General Services Administration’s System for Awards Management. The results of these checks will be promptly shared with the Compliance Officer and appropriate compliance personnel. Further, we require our Contractors to perform these checks as well.
For more information, see the Compliance Monitoring, Risk Assessment and Training Policy; the Protocols for Investigations and Implementing Corrective Action, Including Discipline; and our Compliance Reviews for Excluded or Ineligible Individuals/Entities Policy.
ELEMENT 7: The System for Promptly Responding to Compliance Issues
¡ The Agency has established and implemented procedures and systems for promptly responding to compliance issues as they are raised, investigating potential compliance problems as identified in the course of the internal auditing and monitoring, correcting such problems promptly and thoroughly to reduce the potential for recurrence, and ensuring ongoing compliance with State and Federal laws, rules and regulations, and requirements, including those of the Medicare and Medicaid Programs. Our procedures and systems include the following:
(i) upon the detection of potential compliance risks and compliance issues, whether through reports received, or as a result of auditing and monitoring, we will take prompt action to investigate the conduct in question and determine what, if any, corrective action is required, and likewise promptly implement such corrective action;
(ii) we will document the investigation of the compliance issue. Documentation will include any alleged violations, a description of the investigative process, copies of interview notes and other documents essential for demonstrating that a thorough investigation of the issue was completed. Where appropriate, we may retain outside experts, auditors, or counsel to assist with the investigation;
(iii) we will also document any disciplinary action taken and the corrective action implemented; and
(iv) if the Agency identifies credible evidence or credibly believes that a State or Federal law, rule or regulation has been violated, it will promptly report such violation to the appropriate governmental entity, where such reporting is otherwise required by law, rule or regulation. The Compliance Officer will receive copies of any reports submitted to governmental entities.
¡ Investigations. All compliance issues, however raised (i.e., whether reported or discovered through audits/self-evaluations or other means), must be brought to the attention of the Compliance Officer.
¡ Corrective Action and Responses to Suspected Violations. When appropriate, corrective action plans will be created and tailored to the particular conduct, and will provide a structure with time frames in order to attempt to ensure non-compliant activity does not recur. Corrective action will be implemented promptly and thoroughly and may include (but is not necessarily limited to): conducting training and education; revising or creating appropriate forms; modifying or creating new Compliance Policies and Procedures; conducting additional internal reviews, audits or follow-up audits; imposing discipline (up to and including termination of employment or contract), as appropriate and/or refunds to appropriate payers and/or self-disclosing to appropriate government agencies or payers. Corrective Action Plans and other corrective actions will continue to be monitored after they are implemented to ensure that they are effective.
For more information, see the Compliance Monitoring, Risk Assessment and Training Policy; and the Protocols for Investigations and Implementing Corrective Action, Including Discipline.
acknowledgement
I acknowledge that I have received and reviewed the Agency’s Compliance Manual.
I affirm the following:
(1) I will follow the standards and procedures set forth in the Compliance Manual. I will ask questions if I do not understand my responsibilities under the Compliance Program.
(2) I will act in accordance with the Compliance Manual. I will refuse to participate in unethical or illegal conduct, and will report any unethical or illegal conduct to the Compliance Officer through one of the reporting methods set out in the Compliance Manual.
(3) If I have other compliance-related concerns, I will report such issues through one of the methods set out in the Compliance Manual.
(4) I understand that I may be subject to discipline (or other corrective action) if I violate the standards and requirements set forth in the Compliance Manual or any other aspect of the Compliance Program, as the same may be developed or amended from time-to-time.
| Name (Printed) and Title | |
| Signature | |
| Date | |
| Name of Agency |
[1] See 42 USC § 1396a(a)(68); 18 NYCRR § 521-1.4(2)(ix).