CORPORATE COMPLIANCE PROGRAM REQUIREMENTS

29.1 CORPORATE COMPLIANCEPROGRAM

The Contractor shall:

29.1.1 Have a comprehensive Corporate Compliance Program (program) which meets the requirements in 42 CFR 438.608 for deterring and detecting fraud and abuse. Contractor shall include the following in the program:

29.1.1.1 Written policies, procedures, and standards of conduct that describes Contractor’s commitment to comply with all applicable Federal and State standards;

29.1.1.2 Contractor’s corporate compliance committee that meets regularly and reports to senior management;

29.1.1.3 Effective training and education on fraud and abuse for the corporate compliance officer and Contractor’s employees;

29.1.1.4 Effective lines of communication between the compliance officer and the Contractor’s employees;

29.1.1.5 Enforcement of standards through well-publicized disciplinary guidelines;

29.1.1.6 A provision for internal monitoring; and

29.1.1.7 A provision to promptly address detected offenses and create corrective action plans.

29.2 CORPORATE COMPLIANCE OFFICER

The Contractor shall:

29.2.1 Require its Corporate Compliance Officer to perform the following activities:

29.2.1.1 Train Employees in detecting and reporting fraud and abuse;

29.2.1.2 Chair corporate compliance committee meetings;

29.2.1.3 Oversee internal and external fraud and abuse audits and investigations;

29.2.1.4 Record, track and trend all fraud and abuse complaints;

29.2.1.5 Conduct fraud and abuse awareness campaign;

29.2.1.6 Develop and maintain internal control assessments;

29.2.1.7 Conduct fraud risk assessments; and

29.2.1.8 Act as a liaison with ADHS corporate compliance.

29.2.2 Structure the Corporate Compliance Officer’s position to independently report fraud and abuse to AHCCCS-OIG and DBHS-OPI. The corporate compliance officer shall not be the CEO, CFO, contract compliance manager, in-house legal counsel, QM/UM manager, data validation manager, grievance and appeal manager or have any other title, duties or responsibilities that would be a potential or actual conflict of interest.

29.2.3 Provide its Corporate Compliance Officer with complete access to all information, databases, files, records and documents in order to conduct audits and investigate and report suspected fraud and abuse directly to AHCCCS-OIG and DBHS-OPI independently.

29.3 FRAUD AND ABUSE AUDITS

The Contractor shall:

29.3.1 Conduct internal monitoring and auditing in accordance with 42 CFR 438.608.

29.3.2 Include elements and audit steps to discover or identify suspected fraud and abuse within the contractor’s organization and its subcontractors, networks and providers.

29.3.3 Cooperate with ADHS in any review, audit or investigation of the Contractor, subcontractor or providers. ADHS may conduct a review, audit or investigation onsite without notice and the Contractor shall provide access to all records, documents and data related to the Contract and the subcontractors.

29.3.4 Respond and reply to all requests for records, documents, data and information within the timeframe specified by ADHS.

29.3.5 Require that all subcontractors, networks or providers respond to all ADHS requests for interviews, information, data or documents as a part of any audit or investigation.

29.4 REPORTING SUSPECTED FRAUD AND ABUSE

The Contractor shall:

29.4.1 Within ten (10) business days of discovery, or sooner whenever possible, report all instances of suspected fraud or abuse to AHCCCS-OIG as required by A.R.S. § 36-2918.01 and AAR 4277. Failure to comply with the requirement to report suspected fraud and abuse may result in the penalty described in A.R.S. §§ 36-2992.

29.4.2 Report all instances of suspected fraud and abuse involving Title XIX and Title XXI funds, AHCCCS providers or AHCCCS members immediately to AHCCCS-OIG in writing using the AHCCCS reporting form with a copy sent to DBHS-OPI.

29.4.3 Report all instances of suspected fraud and abuse involving non-title XIX and non-title XXI funds, or non- AHCCCS providers or members immediately to ADHS/DBHS-OPI in writing using an approved reporting DBHS-OPI reporting form.

29.4.4 Record, track and trend all fraud and abuse related complaints and referrals received or initiated by the contractor.

29.4.5 The record must contain the following minimum information:

29.4.5.1 Contact information of complainant;

29.4.5.2 Name and identifying information of person suspected of fraud;

29.4.5.3 Date complaint received;

29.4.5.4 Nature of complaint and summary of concern;

29.4.5.5 Potential loss amount and funding source;

29.4.5.6 Contractor’s unique case identifying number;

29.4.5.7 The department or agency the complaint has been reported to; and

29.4.5.8 Current status or final disposition.

29.5 EXCLUDED PROVIDERS

The Contractor shall:

29.5.1 Have policies and procedures to comply with 42 CFR 438.610 and 42 CFR 1001.1901 which prohibits the contractor from knowingly having a relationship with any person or entity that is debarred, suspended or otherwise excluded from participating in procurement or nonprocurement activities in accordance with the regulations and guidelines of Executive Order No. 12549.

29.5.2 Develop and implement policies and procedures for checking potential and existing employees and subcontractors against the Excluded Provider List System (EPLS) and the Health and Human Services

(HHS) List of Excluded Individuals/Entities (LEIE) databases including checking all existing employees and subcontractors on an annual basis.

29.5.3 Notify AHCCCS-OIG and DBHS-OPI immediately of any confirmed instances of an excluded provider that is or appears to be in a prohibited relationship with the Contractor or subcontractors.

29.6 FALSE CLAIMS ACT

The Contractor shall:

29.6.1 Train its employees and subcontractors pursuant to the Deficit Reduction Act of 2005 (DRA), and The Federal False Claims Act, 31 U.S.C. §§ 3729-3733, provisions, including the following:

29.6.1.1 The administrative remedies for false claims and statements;

29.6.1.2 Any state laws relating to civil or criminal penalties for false claims and statements; and

29.6.1.3 The whistleblower protections under such laws.

29.7 CORPORATE COMPLIANCEPERIODIC REPORTING

The Contractor shall:

29.7.1 Submit documentation annually of its most current Corporate Compliance Program Plan to the ADHS by October 1st of each contract year for review and approval.

29.7.2 Provide copies of all completed internal and external audit reports and findings, which contain the requisite fraud and abuse audit steps, to the ADHS quarterly, in accordance with Attachment A of this Contract.

29.7.3 Submit the year-to-date fraud and abuse record and trend analysis to ADHS quarterly, in accordance with Attachment A of this Contract.

29.7.4 Submit the year-to-date list of all employees and subcontractors names that have been checked against the Exclude Parties List System (EPLS) located at https://www.epls.gov and the Office of Inspector General (OIG) database located at http://exclusions.oig.hhs.gov/ and submit the results to ADHS quarterly, in accordance with Attachment A of this Contract.

29.7.5 Submit reports, upon occurrence, referenced in Section 29.4 REPORTING SUSPECTED FRAUD AND ABUSE of this Contract.