2015 Compliance Program Table of Contents:

(1)

2015 Compliance Program

Introduction

Brand New Day, its Board of Directors, its management, its staff, and its contracting providers are committed to honoring and following all guidance and regulations promulgated and distributed by the Centers for Medicare and Medicaid Services (CMS). Following is the Brand New Day Compliance Program Description indicating how Brand New Day (BND) works to ensure compliance to meet the regulatory requirements set forth at 42 CFR§422.503(b)(4)(vi) and 423.504(b)(4)(vi). Brand New Day monitors and ensures the prompt implementation of HPMS memos, Call Letters, Best Practices, and any other guidance released by CMS.

Minimum Seven Core Elements

The Brand New Day Compliance Program includes the minimum seven core requirements listed below:

1. Written Policies, Procedures, and Standards of Conduct

2. Compliance Officer, Compliance Committee, and High Level Oversight 3. Effective Training and Education

4. Effective Lines of Communication 5. Well Publicized Disciplinary Standards

6. Effective System for Routing Monitoring and Identification of all Compliance Risks

7. Procedures and System for Prompt Response to Compliance Issues.

Resources, Roles, and Responsibilities

Brand New Day understands the need and requirement to dedicate appropriate resources to ensure the Program’s success in achieving and maintaining compliance. The following BND staff members are responsible for working with the Compliance Officer and have accepted responsibility to implement and oversee the following main areas of compliance:

(4)

# Responsibilities / Duties Responsible Party With Assistance from: 1. Promote and enforce

Standards of Conduct

Director of Human Resources

Executive Management as needed

2. Promote and enforce the BND Compliance Program

Compliance Officer Executive Officers

3. Effectively train and educate its governing body members, employees, and FDRs

Compliance Officer Compliance Dept. and Provider Service Representatives 4. Establish effective lines of

communication within BND and between BND and its First Tier and Downstream Related Entities (FDRs)

Chief Operations Officer (COO) and Chief Information Officer (CIO)

Provider Services Representatives

5. Oversee FDR compliance with Medicare Part C and D requirements

Compliance Officer Delegation Oversight Auditors, Delegation Coordinator and Compliance Dept. Staff 6. Establish and implement an

effective system for routine auditing and monitoring

Compliance Officer Director of Compliance and staff

7. Identify and promptly

respond to risks and findings

Compliance Officer Director of Compliance and staff

First Tier and Downstream Related Entities (FDRs) and Delegated Functions

Part D Delegation:

Brand New Day utilizes a Pharmacy Benefit Manager (PBM), currently MedImpact, to help manage its formulary and the administration of its pharmacy benefits. Some functions are delegated to the PBM and some functions are retained. Prior to the start of each year BND and the PBM meet on multiple occasions to discuss which functions will be delegated and how they are to be performed in accordance with the BND Plan Benefit Packages (based on the next year’s Bid). BND requests and reviews the PBM’s policies and procedures (P&Ps) as requirements change and annually at a minimum. BND Subject Matter Experts (SMEs) review the P&Ps and the Medicare / Medi-CAL Operations Compliance, Quality, and Service Improvement (MOCQSI) Committee gives final approval. The BND Compliance Officer and departmental leadership meet with the PBM weekly or bi-weekly to review new CMS guidance, communications with Pharmacies, and to discuss and track issues and requests. BND conducts desk review audits of the PBM to monitor and help ensure its compliance. BND requests corrective

(5)

action plans (CAPs) as needed from the PBM and re-measures later to determine the effectiveness of the CAP.

Part C Delegation:

Brand New Day expanded its network of direct contracting physicians in 2012 by slowly adding delegated medical groups and independent physician associations (IPAs) to its network. With that expansion BND started conducting pre-delegation due diligence audits of the IPAs and contracting medical groups (CMGs) that were interested in accepting delegation. Subject matter experts (SMEs) from each delegating department were designated to perform audits utilizing tools approved by the Delegation Oversight Team (DOT) and forwarded for final approval to the Medicare Operations, Compliance, Quality and Service Improvement (MOCQSI) Committee (the Compliance Committee at large).

BND Delegation Oversight Auditors (designated SMEs) audit and monitor the delegated entities including pre-delegation and annual review of the delegates’ policies and procedures (P&Ps). The annual audits also include file review. The Delegation Oversight Auditors (DOAs) meet with the Compliance staff monthly at a minimum as the Delegation Oversight Team (DOT). The Compliance Delegation Oversight Coordinator facilitates and chairs the DOT. The DOT reports its findings and delegation recommendations to the MOCQSI (Compliance) Committee which makes final delegation decisions and gives final delegation approval. Delegation agreements are signed by both parties identifying duties and functions to be delegated and notating functions that are not delegated. BND requires delegates to submit reports at specific intervals (monthly, quarterly, and annually) and additionally whenever required by BND. BND conducts annual Delegation Oversight Audits at a minimum and Focused Audits as needed.

BND provider service representatives, the Chief Operations Officer (acting CEO), Medical Director, and Pharmacist (when available), with other BND staff) visit delegated providers by conducting Joint Operations & Utilization Management (JOUM) Committee (JOUMC) meetings with the providers at their location(s) or at the BND corporate offices. The frequency of JOUMC meetings is determined based on experience, utilization data, and compliance issues. BND is hoping to move some JOUMCs to a webinar format during 2015 or 2016. BND requires corrective actions as needed and follows them through completion to ensure effectiveness.

Retention of Ultimate Responsibility:

Although BND delegates functions and duties to other entities, BND always retains full responsibility for the actions, lack of action, and inappropriate actions of its delegates. BND works to train delegates to learn and understand Medicare requirements to ensure the beneficiaries have good experiences, good care, and good outcomes.

(6)

Chapter One

Written Policies, Procedures, and Standards of Conduct

Written Policies and Procedures:

Brand New Day has written policies and procedures (P&Ps or “policies”). Every policy statement includes a commitment to comply with all applicable State and Federal requirements. Policies are routinely reviewed and updated as regulations change, as departmental procedures change, and bi-annually at a minimum. Policies are reviewed by impacted departments. Leadership of the departments discuss the policies and when agreement is reached, they jointly submit policies to the Medicare / Medi-CAL Operations’ Compliance, Quality, and Service Improvement (MOCQSI / Compliance)) Committee for final approval tracking. Between meetings the policies may be adopted and implemented if approved by all impacted departmental leadership and the Compliance Officer (CO) and the Chief Operations Officer (COO) or Chief Medical Officer (CMO).

The Compliance Officer or designee maintains a tracking log of all policies including review dates, authors, and important historical information such as policy number changes, replacement policies, etc. Policies are stored on the Intranet or in a Shared Drive where all staff can access the most recent policies, use them, or recommend changes as needed.

Changes are tracked to enable ease in identifying the modifications. Retired versions and retired policies are stored in the Archives.

Policies are developed by each department regarding how they comply with Federal and State requirements and regulations. Policies generally include important information such as standards for timeliness, responsible parties, actions or process steps required for compliance, and steps to prevent and detect potential fraud, waste, and abuse.

Distribution of Policies to BND Employees

Policies are posted on the Brand New Day intranet / shared drive for easy access by all staff. This ensures that the staff has the most current versions available at all times.

(7)

Policies are shared with Providers in the Provider Operations Manual and through other electronic media depending upon the provider’s ability to view electronic media.

Distribution of Policies to the Board of Directors:

Policies are available to the Board of Directors upon request and via the Brand New Day intranet to which all Board members have unlimited access.

Distribution of Policies to FDRs and their Employees:

BND distributes policies to its First Tier and Downstream Related Entities (FDRs) and their employees via one or more of the following methods:

Providers

• Provider Orientation Manual contains the BND policies

• Medicare Mandated Training is posted on the internet at

http://www.bndhmo.com/providers/ipa/cms-mandated-training/

• HIPAA Policy is posted on the internet at http://www.bndhmo.com/privacy/

• Some policies are restated in the Provider Manual which is referenced in the provider contract, indicating the requirement for compliance with the policies

• Providers may at any time request additional copies of the policies. Employees

• Medicare Mandated Training is posted on the internet at

http://www.bndhmo.com/providers/ipa/cms-mandated-training/

• HIPAA Policy is posted on the internet at http://www.bndhmo.com/privacy/

• A complete set of P&Ps are posted on the company intranet where they are listed by department / functional area.

Demonstrating Delivery of Policies and Standards of Conduct to FDRs and their Employees:

BND maintains a tracking log of dates when policies and Standards of conduct were mailed to providers. Providers are asked to attest regarding their Codes of Conduct and delivery to their staff and contracting providers. Additionally the Brand New Day Code of Conduct appears (ongoing) on the internet.

Monitoring Compliance Policies:

Brand New Day Compliance Department conducts periodic auditing of a sample of FDRs based on the volume of members and/or any noted risk factors. The audit includes a review of the FDR’s compliance policies. The Compliance Department conducts ongoing monitoring of policy updates to ensure compliance as follows:

P&P Tracking Log: Compliance Dept. maintains the Tracking Log of the BND P&Ps.

FDR P&Ps Audited: BND collects and reviews the P&Ps of delegated contracting medical groups and IPAs during pre-delegation and annual audits. Corrective actions are required when policies do not meet standards.

(8)

PBM P&Ps Audited: Annually and as regulations change BND collects and reviews the P&Ps from the PBM to ensure compliance with existing and changed standards. The Compliance Officer addresses any findings during the weekly PBM Oversight Meetings and requests corrections.

Standards of Conduct / Code of Conduct:

Approved by the Board of Directors:

The Brand New Day “Code of Conduct” is the company’s statement of its ethical business expectations for all Board members, all staff, and all First Tier and Downstream Related Entities (FDRs) and their staff. Therefore the Code of Conduct is presented to the Board of Directors of Universal Care, Inc. for review and adoption annually. The Board is committed to adhering to ethical standards as set forth in the Code of Conduct. The Board of Directors lead by example.

Shared with Employees:

The Brand New Day Code of Conduct is shared with all new employees by the Director of Human Resources upon hiring. Employees must sign an acknowledgement of receipt. Additionally within 90 days of hiring and the Code of Conduct is reviewed and us discussed with staff during the “New Hire Orientation” by a designated staff person from the Compliance Department. The Annual Staff Training includes the Code of Conduct as one component. Failure to comply with the standards results in disciplinary action up to and including potential termination of services.

Shared with FDRs:

The Code of Conduct is shared with Providers during the New Provider Orientation and is posted on the website in the Provider section (which is reviewed with them and serves as the Provider Guidelines). Brand New Day is committed to doing business only with ethical individuals and entities. The Annual Provider Training includes the Code of Conduct in addition to other mandated training like Compliance, Model of Care, Fraud/Waste/Abuse, and HIPAA training. Providers are asked to attest to training their staff.

Internal Tracking of Training / Distribution of the Code of Conduct:

The Compliance Officer and designee are responsible to ensure the training of all newly hired Brand New Day employees within the first 90 days of employment and annually thereafter. The Compliance Coordinator tracks the initial training.

The Director of Human Resources provides a listing of all employees to the Compliance Department upon request including the “Hire Date.” The HR Director also notifies the Compliance Coordinator each time a person is hired.

(9)

Annually the Compliance Department distributes (or posts) materials for self study (either electronically or in hard copy). Department Leadership may request the Compliance Coordinator to schedule a training meeting with the Compliance Department if preferred. Any staff member may attend a monthly New Hire Training to brush up on their skills or to satisfy the training and testing requirements. The materials include a “Knowledge Check” (test) to measure their understanding. Scores under 85% result in a corrective action plan requiring re-testing with a passing score within 30 days.

Shared with the Public:

The Code of Conduct is placed on the Brand New Day website to ensure the public that Brand New Day has ethical standards to which it is committed.

Monitoring / Auditing:

The Compliance Department conducts full or random sample audits to ensure compliance as follows:

New Hire Training: The Compliance Officer or designee monitors tracking logs to monitor compliance and reports any compliance issues to MOCQSI (the compliance committee). The Compliance Officer addresses non-compliance by sending non-compliance notices including warnings of suspension to staff who have not completed the training as required.

Annual Staff Training: The Compliance Officer or designee reviews tracking logs to monitor compliance and reports any compliance issues to MOCQSI (the compliance committee). The Compliance Officer addresses non-compliance by sending non-compliance notices including warnings of suspension to staff who have not completed the training as required.

Provider Orientation: The Provider Services Dept. reports Provider Orientation summaries to MOCQSI periodically.

FDR Compliance P&Ps Audited: BND auditors review FDR policies for compliance to Medicare standards during pre-delegation and annual audits. They report findings to the Delegation Oversight Team (DOT) which is under the Compliance Department. DOT reviews and approves corrective action plans CAPs required of non-compliant FDRs.

FDR Codes of Conduct: BND collects and reviews attestations regarding Codes of Conduct from delegated contracting medical groups annually. BND makes several attempts to collect these.

(10)

1 2 3 4 5 6 7

Chapter Two

8 9

Compliance Officer, Compliance Committee, and High Level Oversight 10

11 12 13

Compliance Officer 14

( Medicare Managed Care Manual, Part C, Chapter 21.50.2.1; Prescription Drug Manual, 15

Chapter 9.50.2.1) 16

17

Unfiltered Reporting to the Governing Body 18

Brand New Day has a full-time employed Compliance Officer who is able to give unfiltered, 19

in person reports directly to the senior-most leader (the CEO) and to the governing body 20

(the Board of Directors) at the discretion of the Compliance Officer. The Compliance 21

Officer attends the Board of Director meetings on a regular basis. If needed, the 22

Compliance Officer (CO) may request and meet with the Board of Directors in Executive 23

Session. The CO’s reports are not routed through the COO or other executives. The 24

Compliance Officer furnishes reports regarding the status and the activities of the 25

compliance program. The CO is free to raise compliance issues without fear of retaliation. 26

To ensure this, the Board of Directors must approve any decision to terminate the services 27

of the CO. 28

29

Overall Responsibilities 30

The Compliance Officer is responsible for developing and implementing the health plan’s 31

compliance program. The CO defines the program structure, educational requirements, 32

reporting, complaint mechanisms, response and corrective action procedures, and 33

compliance expectations of all FDRs. Therefore, the CO is required to have training and 34

experience in working with the Medicare Advantage and Prescription Drug programs and 35

must communicate well with regulatory authorities. The CO is a member of the senior 36

management team. 37

38

Duties 39

The basic duties of the Compliance Officer (CO) are as follows: 40

(11)

• Routine Compliance Reports: Ensure that regular compliance reports are developed 41

and delivered to the CO, the Board of Directors (BOD), CEO, and Compliance 42

Committee; 43

• Reports of Oversight & Potential Non-compliance: Ensure that reports include 44

existing and potential areas of non-compliance, oversight and audit activities; 45

• Operational Interactions: Ensure awareness of daily business activities by interacting 46

with operational areas; 47

• Compliance Training: Develop and implement training programs about the 48

compliance program elements and compliance expectations for the Board of 49

Directors, management, employees, contractors, and FDRs; Ensure that BND staff 50

and FDRs know where and how to report compliance issues; 51

• Regulations Training: Train and educate regarding applicable and statutory 52

regulations and requirements; 53

• Prevent Retaliation for Reporting: Develop and implement programs and methods 54

for the reporting of program non-compliance and potential Fraud, Waste, or Abuse 55

(FWA) without fear of retaliation (which includes the opportunity to report to the CO 56

anonymously. Confidentiality is maintained to the greatest extent possible); 57

• Prompt Investigation & Response: Develop and implement programs to ensure quick 58

responses to potential FWA via close coordination of internal investigations; 59

• Exclusion Lists Monitoring: Ensure that the Department of Health and Human 60

Services (DHHS) Office of the Inspector General (OIG), Government Services 61

Administration (GSA), and/or other lists are reviewed monthly for any sanctioned or 62

excluded personnel of Brand New Day or its FDRs; 63

• Non-Compliance Documentation: Maintain documentation for each report of 64

potential noncompliance or potential FWA received from any source; 65

• CAP Implementation & Tracking: Oversee the development, implementation, 66

tracking, and monitoring and effective completion of any necessary corrective action 67

plans (CAP) 68

69

Authority: 70

The compliance officer should collaborate with other sponsors (health plans and 71

Prescription Drug Plans), State Medicaid programs, the California Department of Managed 72

Health Care (DMHC), Medicaid Fraud Control Units (MCFUs), the MEDIC, commercial 73

payers, and other organizations, where appropriate, when a potential FWA issue is 74

discovered that involves multiple parties; and the Brand New Day Compliance Officer has 75

the authority to: 76

• Interview or delegate the responsibility to interview the sponsor’s employees and 77

other relevant individuals regarding compliance issues; 78

(12)

• Review company contracts and other documents pertinent to the Medicare program; 79

• Review or delegate the responsibility to review the submission of data to CMS to 80

ensure that it is accurate and in compliance with CMS reporting requirements; 81

• Independently seek advice from legal counsel; 82

• Report potential FWA to CMS, its designee or law enforcement; 83

• Conduct and/or direct audits and investigations of any FDRs; 84

• Conduct and/or direct audits of any area or function involved with Medicare Parts C 85

or D plans; and 86

• Recommend policy, procedure, and process changes 87

88 89

Compliance Committee 90

Chapter 9.50.2.2) 92

93

The primary Brand New Day compliance committee is the Medicare / Medi-CAL 94

Operations, Compliance, Quality, and Service Improvement (MOCQSI) Committee. It is a 95

multidisciplinary team of departmental leadership, chaired by the Compliance Officer, that 96

meets monthly a minimum of ten times per year. The MOCQSI Committee (referred to 97

hereafter as “The Committee” or “MOCQSI”) reviews compliance data and advises the 98

Compliance Officer (CO). The Committee is accountable to and provides regular 99

compliance reports to the Chief Executive Officer (CEO) and Board of Directors (BOD) 100

through the CO. The Committee designates subgroups (called “Work Groups,” “Teams,” 101

and “Subcommittees” that meet regarding investigatory matters or matters that require 102

greater confidentiality. Subgroups at the time of writing include: 103

• Sales Allegation Review Team (SART): Investigates and reviews every marketing 104

allegation; The SART meets ad hoc as needed and makes determinations regarding 105

“Fault,” “No Fault,” or “No Determination;” The SART requires corrective actions 106

which it tracks to ensure satisfactory completion and effectiveness. 107

• Special Investigation Unit (SIU): is comprised of designated Compliance staff 108

appointed by the Compliance Officer and possible some Subject Matter Experts 109

(SMEs). They meet on an ad hoc basis to investigate matters of potential FWA, or 110

other non-compliance that requires the strictest confidentiality. 111

• Compliance Ongoing Oversight Leadership (COOL): is comprised of the Compliance 112

staff. They meet weekly to review HPMS memos and determine the COOL member 113

responsible for implementing any new guidance, or changes in the existing guidance. 114

This ensures that the Compliance team (staff) are all at least somewhat aware of 115

every HPMS memo and its guidance. 116

(13)

• Delegation Oversight Team (DOT): This team is comprised of Brand New Day SME 117

auditors and key stakeholders who review all matters related to the delegation 118

oversight of medical groups and independent physician associations (IPAs) such as 119

but not limited to: pre-contractual audits, focused audits, annual audits, required 120

reporting, corrective action plans, and other issues that may arise. This Team works 121

under the direction of the Compliance Officer and the Compliance Committee. 122

• PBM Oversight Team (PBM-OT): This team meets telephonically with the PBM at 123

scheduled intervals. They meet weekly, bi-weekly, or monthly at various times of the 124

year, depending on the number of issues or matters of delegation to discuss. The 125

Compliance Officer is present and invites Brand New Day SMEs to participate in the 126

meetings (some ongoing and some as needed). 127

128

Duties of the Compliance Committee: 129

The basic duties of the Compliance Committee are as follows: 130

• Oversee the Compliance Program: All aspects of the compliance program are under 131

the MOCQSI (Compliance) Committee; 132

• FWA Prevention: Develop strategies to detect, report, and correct any FWA issues; 133

• FWA Training Program: Review and approve FWA Training materials ensuring that 134

the education is appropriately completed and effective; 135

• Preventive Plans: Develop prevention strategies and actions to reduce violations; 136

• Risk Assessment: Review and approve the risk assessment, developing and 137

implementing work plans to mitigate risk; 138

• Audit Results: Review and implement corrective actions as needed to resolve issues 139

detected during audits (internal or external); 140

• CAP Tracking: Monitor CAPs to ensure completion and effectiveness; 141

• Resource Monitoring: Monitor the effectiveness and completeness of internal 142

controls to ensure that adequate staff and other resources are available to the 143

Compliance Department to enable its ability to complete required tasks and duties; 144

• Policies and Procedure Maintenance: Monitor policies and procedures to ensure 145

that compliance policies are up to date; 146

• System for Questions and Answers: Ensure that Brand New Day has a process in 147

place by which members, FDRs, employees, and contractors can ask compliance 148

questions and report potential issues of non-compliance in a confidential / 149

anonymous manner without fear of retaliation. 150

• Monitoring Compliance / Non-compliance: Review and ensure that appropriate 151

corrective actions are taken to address audits and other reports of non-compliance; 152

(14)

• Reports to the CEO and Board of Directors: The Compliance Committee provides 153

quarterly and ad hoc reports to the Board of Directors via the Compliance Officer, 154

with recommendations regarding improving compliance; This may be done via 155

minutes from the MOCQSI Committee; 156

157

Composition of the MOCQSI / Compliance Committee: 158

The multi-disciplinary compliance committee includes some clinicians, non-clinicians, 159

auditors, departmental leadership, senior management. Departmental leaders in 160

attendance have decision making authority. 161

162 163

Governing Body 164

Chapter 9.50.2.3) 166

42 CFR §§ 422.503(b)(4)(vi)(B), 423.504(b)(4)(vi)(B) 167

168

The Universal Care, Inc., (parent company) Board of Directors (BOD) oversees the 169

implementation and effectiveness of the Brand New Day Compliance Program. (Universal 170

Care dba “Brand New Day”. The Compliance Officer’s written report advises the BOD of 171

compliance issues and/or risk, and makes recommendations to the BOD. The BOD may 172

request additional actions and/or resources to ensure the issues are resolved. They follow 173

up to ensure actions are completed and effective. 174

175

The Compliance Officer provides information to educate the BOD regarding the structure, 176

operations, risks, and strategies of the Compliance so the BOD is able to judge the 177

outcome measurements to determine the effectiveness of the Compliance Program. 178

179

Oversight: 180

The BOD oversees the following at a minimum: 181

182

• Code of Conduct: Review and approve 183

• Compliance Program Structure: Understand the program 184

• Monitoring: Be informed regarding program outcomes, and results of internal and 185

external audits; Review Compliance Committee / Officer’s reports and updated 186

information; Have the ability to review minutes from various committees 187

• CMS Enforcement Activities: Be informed regarding: 188

o CMS Notices of Non-Compliance 189

o Warning Letters 190

o Corrective Actions 191

o Formal Actions 192

(15)

• Assessments: Review results of performance and effectiveness assessments of the 193

compliance program including (but not limited to) Model of Care Fidelity 194

Assessments and any other risk assessments 195

196

Involvement or Delegation 197

At their discretion, the BOD may be involved in, may delegate to senior management, or 198

may delegate to the MOCQSI Committee the following activities: 199

200

BOD Delegated Activities 201

The BOD has chosen to delegate the following activities to the MOCQSI Committee: 202

• Policies and Procedures: development, implementation, annual review, and approval 203

of P&Ps 204

• Compliance and FWA Training: development, implementation, annual review, and 205

approval of training materials 206

• Compliance Risk Assessment: review and approval 207

• Internal and External Audit Work Plans and Results: review and approval 208

• Corrective Action Plans: review and approval 209

• Compliance Dashboards and Self Assessment Tools: review and assess program 210

based on outcomes 211

212

BOD Involved Activities 213

The BOD is responsible for the following activities: 214

• Compliance Officer: only the BOD has the authority to hire or fire the Compliance 215

Officer 216

• Compliance Officer’s Job Description: only the BOD has the authority to determine, 217

review duties of, and approve performance goals for the Compliance Officer 218

• Senior Management’s Commitment: the BOD is involved in the evaluation of the 219

senior management’s commitment to ethics and the compliance program, and may 220

seek input from others as needed 221

• Monitoring Evidence: the BOD reviews measurable evidence to determine if the 222

compliance program is detecting and correcting issues of non-compliance in a timely 223

manner. The BOD requests data showing that the Compliance Program has reduced 224

the risks of Program non-compliance and FWA. Some indicators it monitors are: 225

o Enrollment and Disenrollment data 226

o Appeals and Grievance data 227

o PDE Errors data 228

o Claims timeliness data 229

(16)

o Claims accuracy data 230

o Delegation Oversight Audit data 231

o Compliance Internal Audit (CIA) data 232

o External Audit data 233

o Sales Allegation data 234

o Tracking HPMS memos to ensure the timely, complete implementation of 235

new or changing CMS regulations 236

o Tracking submission of CMS required reports and monitoring analysis 237

o Tracking CMS notices of non-compliance, warning letters, etc. 238

o Tracking to determine if root causes were found and corrected 239

o Ensuring there was timely, appropriate, and consistent disciplinary action as 240

needed 241

BOD Minutes 242

The BOD maintains contemporaneous minutes which it is able to share with CMS auditors 243

as evidence of the BOD’s active engagement in oversight of the Medicare Compliance 244

Program. The BOD asks questions, takes actions, and follows up as needed. 245

246 247

Senior Management Involved in Compliance Program 248

Chapter 9.50.2.4) 250

42 CFR §§ 422.503(b)(4)(vi)(B), 423.504(b)(4)(vi)(B) 251

252

The Brand New Day senior officer, the Chief Executive Officer (CEO) and other senior 253

management understand the importance of the compliance program. They are involved 254

in oversight of the Compliance Program. They ensure that the Compliance Officer is given 255

the respect, credibility, authority, and resources needed to maintain a robust and effective 256

compliance program. The Compliance Officer updates the CEO and COO regarding areas 257

in which Brand New Day is at risk of non-compliance. The Compliance Officer is free to 258

discuss issues, audit results, and strategies to improve compliance. The CEO and COO are 259

advised of all compliance enforcement notices and activities in a timely manner. 260

261 262

Monitoring / Auditing: 263

There is a check and balance that takes place between the Board of Directors, the 264

Compliance Officer, and the Compliance Committee (MOCQSI). 265

266

Compliance Committee: The Compliance Officer is responsible to ensure the 267

Committee meets a minimum of 10 months per year. 268

(17)

Compliance Officer: The Board of Directors monitors the work of the Compliance 269

Committee via quarterly reporting furnished to the Board from the Compliance 270

Officer. 271

Board of Directors: The Compliance Officer trains and tests the Board annually 272

and as needed regarding Compliance, Fraud Waste & Abuse, Models of Care, and 273

other required elements. 274

275

(18)

276 277 278 279 280 281 282

Chapter Three

283 284

Effective Training and Education 285

286 287 288

(Medicare Managed Care Manual, Part C, Chapter 21.50.3; Prescription Drug Manual, 289

Chapter 9.50.3) 290

42 CFR §§ 422.503(b)(4)(vi)(C), 423.504(b)(4)(vi)(C) 291

292 293

Brand New Day has training at the onset of employment / contracting and again annually 294

thereafter. The Compliance Department tracks completion of training with a passing 295

score. Effective training should result in higher rates of compliance with all Medicare 296

program requirements. Brand New Day Compliance Department staff and departmental 297

leadership spend time training employees in various departments regarding how their 298

work impacts the Compliance Program and how the Medicare requirements apply to their 299

job functions. 300

301 302

General Compliance Training 303

Chapter 9.50.3.1) 305

42 CFR §§ 422.503(b)(4)(vi)(C), 423.504(b)(4)(vi)(C) 306

307

The Compliance Officer with assistance from the Compliance Department staff, conducts 308

new hire and annual Compliance Training for employees, contractors who work with BND 309

members, members of the Board of Directors, and management staff, New Hire training is 310

required to take place within 90 days of hiring / contracting and whenever possible it takes 311

place in a full day of face to face training with other “new hires.” Annual training is self 312

study with a test that must be completed and submitted to the Compliance Department 313

for scoring. Corrective actions are required when the test results are less than 85%. Brand 314

New Day Compliance staff track completion by each new hire and employee annually. The 315

Compliance Officer or designee follow up as needed with those who did not take their test 316

timely to ensure the test is completed. An attestation that the Code of Conduct was 317

received, reviewed, and understood is also required and tracked to ensure completion. 318

319

(19)

Brand New Day mails, emails, faxes, or posts on the website, the First Tier and 320

Downstream Related Entities (FDRs) training materials. The FDRs are required to 321

complete training and testing with their staff and/or contractors. BND requires that the 322

FDRs submit an attestation stating they have completed training with their staff and that 323

they have records available for audit. BND accepts FWA Certifications from those who 324

completed requirements through Medicare. They are deemed to have met the training 325

and educational requirements for FWA. 326

327

Brand New Day encourages employees and FDRs to complete the CMS training on their 328

website. The website URL is given as an optional training. When completed they are 329

asked to furnish a copy of their certificate of completion. 330

331

Updating Content of Compliance Training Materials 332

Brand New Day reviews and updates training materials annually at a minimum and when 333

there are material changes in regulations, policies, or guidance. 334

335

Content of Compliance Training Materials: 336

Brand New Day compliance training materials must include at a minimum: 337

• Compliance policies, Code of Conduct, and Brand New Day’s commitment to 338

conducting all business in an ethical manner in compliance with Medicare 339

requirements; 340

• How to report suspected non-compliance or Fraud, Waste or Abuse (FWA); 341

• Assurance of confidentiality, anonymity, and non-retaliation for reporting; 342

• The requirement to report (against federal law to not report); 343

• Examples of non-compliance employees might witness; 344

• Review of Disciplinary Guidelines (including potential termination of services); 345

• Training is mandatory and a condition of continued employment; 346

• Review policies related to contracting with government (no gifts); 347

• Review of potential Conflicts of Interest (COI) and requirement to report it to the 348

Brand New Day Director of Human Resources; 349

• HIPAA security and confidentiality; 350

• Compliance monitoring and auditing; 351

• Laws that govern employee conduct in the Medicare program 352

353

Fraud, Waste, and Abuse Training 354

Chapter 9.50.3.1) 356

(20)

42 CFR §§ 422.503(b)(4)(vi)(C), 423.504(b)(4)(vi)(C) 357

HPMS memo of May 8, 2012, regarding CMS FWA Training and Education Guidance 358

359

Like the Compliance Training, the FWA Training is conducted by the Compliance 360

Department staff for New Hires within 90 days of employment / contracting and annually 361

thereafter. As needed Brand New Day may conduct ad hoc training focusing on specific 362

issues regarding FWA risks, non-compliance, or when requirements change. Brand New 363

Day conducts the same training for all during the New Hire and Annual training but ad hoc 364

training may be department specific. FDR Training is the general training but ad hoc 365

training may be more specific. 366

If FDRs have completed the training available through the CMS Medicare Learning 367

Network (MLN) at http://www.cms.gov/MLNProducts they are not required to complete 368

the Brand New Day training. They can submit the training certificate from MLN instead 369

and be deemed “trained.” 370

FWA Training includes: 371

• Laws and regulations related to MA and Part D FWA (False Claims Act, Anti-Kickback 372

statute, HIPAA/HIGHTECH, etc.); 373

• FDR obligation to have FWA policies and procedures; 374

• Processes for reporting FWA to FDR or Brand New Day; 375

• Protections for FDR employees who report FWA; 376

• Types of FWA that can occur in the FDR setting; 377

378

Record Retention – Evidence of Training 379

Medicare requires health plans and providers (FDRs) to retain all records for a minimum of 380

ten (10) years. Proof of training and training materials must be retained for the ten year 381

period to enable CMS to audit training records. Plans and providers must be able to 382

demonstrate evidence of training via: attestations, sign-in sheets, tests, test scores, 383

certificates, etc. BND accepts FWA Certifications from those who completed requirements 384

through Medicare websites. They are deemed to have met the training and educational 385

requirements for FWA. 386

387

Tracking Logs are maintained to monitor the completion of training. Providers attest to 389

also training their staff. 390

391

New Hire Training: The Compliance Officer or designee monitors monthly to 392

ensure newly hired employees are trained within 90 days of hiring. 393

Annual Employee Training: The Compliance Officer or designee monitors annually 394

to ensure employees are re-trained annually at a minimum. 395

(21)

Provider Training: The Compliance Officer or designee monitors quarterly to 396

assess the completion of training by providers of their staff / contractors. 397

398

(22)

399 400 401 402 403 404 405

Chapter Four

406 407 408

Effective Lines of Communication 409

410 411 412

Chapter 9.50.3) 414

42 CFR §§ 422.503(b)(4)(vi)(D), 423.504(b)(4)(vi)(D) 415

416 417

Brand New Day has established lines of communication that ensure confidentiality 418

between the compliance officer, members of the compliance committee, employees, 419

managers, the Board of Directors, and the FDRs. Compliance issues can be reported via a 420

confidential and anonymous “Hot Line” answered only by the Compliance Officer or 421

Compliance Director. Brand New Day has an email box available to those who wish to 422

report via confidential email. Documentation is maintained in a confidential shared drive, 423

“GovtAffairs.” 424

425 426

Effective Lines of Communication Among the Compliance Officer, Compliance 427

Committee, Employees, Governing Body, and FDRs 428

Chapter 9.50.4.1) 430

42 CFR §§ 422.503(b)(4)(vi)(C), 423.504(b)(4)(vi)(C) 431

432

Compliance Officer and Compliance Committee: 433

The Compliance Officer (CO) is the Chair of the Compliance Committee (the Medicare / 434

Medi-CAL, Operations, Compliance, Quality, and Service Improvement Committee 435

(MOCQSI) and sets the agenda. The agenda includes changes and new information from 436

CMS via the sharing of HPMS memos, audit findings, monitoring reports, etc. The 437

decision-making leaders from each department are given opportunities to openly discuss 438

issues, barriers, or concerns they may have. The CO communicates changes in regulations, 439

requirements, company policies and procedures, and the Code of Conduct. 440

(23)

441

Compliance Officer and Employees: 442

The CO is available to all employees via an “open door policy.” Employees are able to 443

come to the CO with any issues, concerns, or barriers to compliance. They may also share 444

any concerns regarding suspicious activities, potential fraud, waste, or abuse. The CO 445

issues memoranda, Medicare Alerts, or other written communications to employees and 446

contracting staff. Each memo includes the Compliance Officer’s name, address, and 447

contact information. The CO and/or Compliance Department staff conduct training 448

meetings with employees, leadership, contracting staff, and consultants as needed from 449

time to time. 450

451

Compliance Officer and Compliance Committee with the Board of Directors: 452

The CO is invited to the quarterly meetings of the Board of Directors (BOD). The CO shares 453

with the board compliance risks, issues of compliance, audit findings, and 454

recommendations to improve compliance through new processes or the addition of 455

needed resources. The CO shares appeals and grievance trends and interventions with the 456

BOD. The BOD may recommend additional activities and interventions they wish to have 457

carried out. The CO is responsible to ensure the effective implementation of such 458

activities and interventions. The CO communicates requests / required actions from the 459

Board of Directors. The CO communicates to the Board of Directors regarding activities 460

and compliance issues during quarterly meetings, or as needed by email or memo. The 461

HPMS Memo Tracking Log (with hyperlinks) is posted on the intranet where all staff can 462

access any memo at any time to view or review the details. 463

464

50.4.2 – Communication and Reporting Mechanisms 465

(Medicare Managed Care Manual, Chapter 21. 50.4.2; Prescription Drug Manual, Chapter 466

9. 50.4.2) 467

42 C.F.R. §§ 422.503(b)(4)(vi)(D), 423.504(b)(4)(vi)(D) 468

469

Mandated Reporting 470

Universal Care / Brand New Day requires employees to report possible ethical issues. The 471

Company offers several channels by which employees and others may report ethical 472

concerns or incidents, including, without limitation, concerns about violation of this code, 473

our policies, accounting, internal controls, or auditing matters. We provide a Compliance 474

Hotline that is available 24 hours a day, seven days a week. Individuals may choose to 475

remain anonymous. We prohibit retaliatory action against any individual for raising 476

legitimate concerns or questions regarding ethical matters, or for reporting suspected 477

violations. 478

479

Communication and Reporting Mechanisms 480

(24)

Brand New Day communicates and reminds staff regarding the importance of reporting and 481

how to report potential compliance issues including but not limited to fraud, waste, and 482

abuse; HIPAA violations; other ethical concerns. Some ways that communicate how to report 483

are as follows: 484

• New employee and annual mandated training materials and discussion 485

• Code of Conduct 486

• ID badges for building access have an attached laminated information card indicating 487

it is everyone’s responsibility to report, it indicates the Hotline extension, it indicates 488

it can be anonymous, it indicates it is retaliation free, it indicates reporting is 489

available 24/7, it indicates an email address for reporting, and it indicates the 490

Compliance Officer’s name. 491

• Framed posters are on walls throughout the building 492

493

Reporting information is as follows: 494

495

By telephone: Compliance Hotline: 866 255-4795 Ext 4071 496

497

By mail: Compliance Officer: 498

5455 Garden Grove Blvd., 5^th floor 499

Westminster, CA 92683 500

501

By fax: 657-400-1212 502

503

By email: [email protected] or 504

[email protected] 505

506 507

Communications with the FDRs takes place in a variety of ways: 508

Providers receive information and communication from BND in many ways including but 509

not limited to the following: 510

• Cerecons Provider Portal 511

• Scheduled “Joint Operations / Utilization Management Committee” (JOUMC or 512

JOUM) meetings take place on a regular basis with each FDR. Meetings are 513

scheduled monthly, bi-monthly, quarterly, or semi-annually depending on the 514

performance of the group and the length of time they have been with Brand New 515

Day. 516

• Brand New Day “Provider Alerts” are sent to providers by email and posted on 517

Cerecons. 518

(25)

• Outbound phone calls from the Provider Services staff take place for expedient 519

requests / information. 520

• Mailings of information about specific members (Individual Care Plans, Predictive 521

Modeling Reports, Listings of preventive services due, Incentive bonuses, etc. 522

• Posting of information on the BND website: www.BNDhmo.com 523

524

50.4.3 – Enrollee Communications and Education 525

(Medicare Managed Care Manual, Chapter 21.50.4.3; Prescription Drug Manual, Chapter 526

9.50.4.3) 527

42 C.F.R. §§ 422.503(b)(4)(vi)(D), 423.504(b)(4)(vi)(D) 528

529

Brand New Day has information on its website about how to report potential FWA or 530

other compliance issues of concern. From time to time, BND includes in member mailings 531

a brief information sheet about FWA and how to protect oneself. 532

533 534

Communications are monitored to ensure they are taking place and the avenues of 536

communication are open. 537

538

Provider Communication: The Compliance Officer or designee monitors monthly 539

or quarterly the number of provider meetings conducted to ensure 540

communications are open and taking place. 541

Provider Alerts: The Director of Provider Services shares again with providers, 542

during joint meetings any Provider Alerts developed by the Compliance Officer or 543

department. 544

Website: The Director of Compliance ensures the website is up to date and 545

contains information about Compliance, Privacy, and Fraud. 546

547

(26)

548 549 550 551 552 553 554

Chapter Five

555 556 557

Well-Publicized Disciplinary Standards 558

559 560

Chapter 9.50) 562

42 C.F.R. §§ 422.503(b)(4)(vi)(E), 423.504(b)(4)(vi)(E) 563

564 565

Brand New Day has a Code of Conduct that includes the company’s expectations / 566

requirement regarding reporting compliance issues. The Code of Conduct clarifies the 567

need to identify and report noncompliance and unethical behavior. BND includes the fact 568

that disciplinary actions will be taken, up to and including termination of employment for 569

violating the Code of Conduct. Brand New Day ensures timely, consistent, and effective 570

enforcement of the standards when noncompliance or unethical behavior is determined. 571

572 573

50.5.1 – Disciplinary Standards 574

(Medicare Managed Care Manual, Part C, Chapter 21. 50.5.1; Prescription Drug Manual, 575

Chapter 9. 50.5.1) 576

42 C.F.R. §§ 422.503(b)(4)(vi)(E), 423.504(b)(4)(vi)(E) 577

578

Brand New Day has published disciplinary policies and procedures that reflect clear and 579

specific disciplinary standards. The disciplinary policies must describe the sponsor’s 580

expectations for the reporting of compliance issues including noncompliant, unethical or 581

illegal behavior, that employees participate in required training, and the expectations for 582

assisting in the resolution of reported compliance issues. 583

584

The policies have some examples of noncompliant, unethical or illegal behavior, through 585

examples of violations. Disciplinary action is determined based on the seriousness of the 586

violation. 587

588

Methods to Publicize Disciplinary Standards 589

9. 50.5.2) 591

(27)

42 C.F.R. §§ 422.503(b)(4)(vi)(E), 423.504(b)(4)(vi)(E) 592

593

Brand New Day publishes its expectation of reporting Compliance, FWA, and other Ethical 594

concerns via some of the following: 595

• Regular discussions in committees and in department staff meetings; 596

• Communications with FDRs such as the Provider Manual and sharing the BND Code 597

of Conduct; 598

• General compliance training; 599

• Internet website; 600

• Posters prominently displayed throughout employee work and break areas; and 601

• ID badge attachments 602

603

Enforcing Disciplinary Standards 604

9. 50.5.3) 606

42 C.F.R. §§ 422.503(b)(4)(vi)(E), 423.504(b)(4)(vi)(E) 607

608

Highest Priority 609

Brand New Day considers unethical behavior and fraudulent activities or other violations 610

of the Code of Conduct to be serious offenses. These issues are of highest priority. 611

612

Records of Issues and Actions 613

Brand New Day documents compliance violations and disciplinary actions, noting the date 614

the violation was reported, details of the violation, dates of investigations, investigator’s 615

name and job title, findings, disciplinary action taken and the date it was taken. All 616

Medicare records are maintained for a period of 10 years. 617

618

Monitoring for Consistent and Timely Actions 619

The Compliance Officer or designee periodically review these records of discipline to 620

ensure that disciplinary actions are appropriate to the seriousness of the violation, fairly 621

and consistently administered and imposed within a reasonable timeframe. Any non- 622

compliance is indicated on an individual’s annual performance review. BND may or may 623

not (due to the small size of the company) publish de-identified disciplinary action in 624

employee publications, such as a newsletter, in order to demonstrate to employees that 625

disciplinary action is imposed for violations. 626

627 628

Monitoring of the publicizing / warning of Disciplinary Actions is done by the Compliance 630

Officer or designee. 631

632

(28)

New Hire On-Boarding: The Human Resources Director delivers the first copies of 633

the Code of Conduct and warnings of disciplinary actions to newly hired staff 634

during the on-boarding process. The Compliance Officer may inspect the files of 635

any employees at any time to validate this. 636

New Hire Orientation: The Compliance Officer or designee conducts New Hire 637

training including review of the Code of Conduct and warnings of disciplinary 638

actions. The Compliance Officer reviews tracking logs of completed training 639

monthly. 640

641

(29)

642 643 644 645 646 647 648

Chapter Six

649 650 651

Effective System for Routine Monitoring, Auditing and Identification of Compliance Risks 652

653 654

(Medicare Managed Care Manual, Chapter 21. 50.6; Prescription Drug Manual, Chapter 9. 655

50) 656

42 C.F.R. §§ 422.503(b)(4)(vi)(E), 423.504(b)(4)(vi)(E) 657

658 659

Committee Monitoring 660

Brand New Day conducts routine monitoring and to identify areas of deficiency, poor 661

performance and compliance risks. BND does this by reviewing data in standing 662

committees and work groups such as but not limited to: 663

• Medicare Operations Compliance, Quality, and Service Improvement (MOCQSI) 664

• Quality Council 665

• Utilization Management Committee 666

• Delegation Operations Committee 667

• Delegation Oversight Team 668

• Sales Allegation Review Team 669

• Medical Operations Team 670

• SNP Model of Care Teams (one for each SNP) 671

• Contracting Committee 672

• Peer Review Committee 673

Additionally, BND conducts internal and external audits to evaluate the Brand New Day 674

and FDR compliance with CMS requirements and the overall effectiveness of the 675

compliance program. 676

677 678

Routine Monitoring and Auditing 679

(30)

(Medicare Managed Care Manual, Chapter 21. 50.6.1; Prescription Drug Manual, Chapter 680

9. 50.6.142 C.F.R. §§ 422.503(b)(4)(vi)(F), 423.504(b)(4)(vi)(F) 681

682

Internal Auditing 683

Brand New Day conducts internal audits to measure the company’s compliance with State, 684

Federal, and company policies and procedures to ensure timely, quality care for its 685

members, and to identify noncompliance and potential FWA. 686

687

Monitoring 688

Per CMS, “Monitoring activities are regular reviews performed as part of normal 689

operations to confirm ongoing compliance and to ensure that corrective actions 690

are undertaken and effective.” 691

692

Auditing 693

Per CMS, “An audit is a formal review of compliance with a particular set of 694

standards (e.g., policies and procedures, laws and regulations) used as base 695

measures.” 696

697

Brand New Day has a “Compliance Internal Audit” (CIA) auditing schedule. Barring 698

unexpected, unavoidable other events (such as audits from CMS or other external 699

entities), BND adheres to the CIA auditing schedule as much as possible. When the 700

schedule must be adjusted, it is done so with thought to ensure that areas of greater risk 701

are audited and areas of lesser risk are postponed. 702

703

Auditing Team 704

The compliance officer and compliance committee are key participants in the auditing 705

process. BND may have the department being audited perform the first audit and the 706

Compliance staff may review (over-read) their work for accuracy. 707

708

Responsibility 709

The auditing schedule is developed by the Compliance Director and overseen by the 710

Compliance Officer. The compliance department staff assists and conducts actual audits. 711

The Compliance Officer (CO) may also conduct audits. Findings from all audits are 712

reported to the CO and the Compliance Committee (MOCQSI). Corrective actions may be 713

required and followed by MOCQSI and the CO. The CO also reports audit results to the 714

CEO (COO), senior leadership and the Board of Directors. 715

716

External Auditing 717

Brand New Day conducts external audits of its FDRs that are delegated functional duties 718

such as Contracting, Credentialing, Utilization Management, Claims, etc. Auditing is 719

conducted “pre-delegation” and annually thereafter. There may also be focused audits 720

when there is a deficiency that could put the members at risk. Corrective Action Plans 721

(CAPs) are required when performance does not meet required thresholds and when 722

there are deficiencies noted during the audit. Delegation may be revoked at any time due 723

(31)

to inadequate performance by the delegate. External auditing is monitored by a 724

Delegation Oversight Team (of auditors and key stakeholders) that reports to MOCQSI 725

(compliance committee) and seeks guidance from them. 726

727 728

Development of a System to Identify Compliance Risks 729

(Medicare Managed Care Manual, Chapter 21.50.6.2; Prescription Drug Manual, Chapter 730

9. 50.6.2) 731

42 C.F.R. §§ 422.503(b)(4)(vi)(F), 423.504(b)(4)(vi)(F) 732

Brand New Day conducts an annual overall risk assessment to identify areas of potential 733

risk. The assessment includes all business operational areas. Each operational area must 734

be assessed for the types and levels of risks the area presents to members and to the 735

company. Factors considered in determining the risks associated with each area include, 736

but are not limited to: 737

• Size of department; 738

• Complexity of work; 739

• Amount of training that has taken place; 740

• Past compliance issues; and 741

• ^Budget. 742

743

Areas of Special Concern 744

Medicare has indicated that areas of particular concern for Medicare Parts C and D 745

sponsors include, but are not limited to, “marketing and enrollment violations, 746

agent/broker misrepresentation, selective marketing, enrollment/disenrollment 747

noncompliance, credentialing, quality assessment, appeals and grievance procedures, 748

benefit/formulary administration, transition policy, protected classes policy, utilization 749

management, accuracy of claims processing, detection of potentially fraudulent claims, 750

and FDR oversight and monitoring.” These are also of concern to BND. 751

752

Scoring and Prioritizing Risks 753

The risk tool assigns a score to each element to indicate which risk areas will have the 754

greatest impact on the company. BND prioritizes its auditing strategy accordingly. 755

756

Re-evaluations 757

Because laws, regulations, staff, and other factors are always changing, there must be 758

ongoing review of potential risks of noncompliance and FWA and a periodic re-evaluation. 759

Risk areas identified through CMS audits and oversight, as well as through the sponsor’s 760

own monitoring, audits and investigations are priority risks. 761

762 763

Development of the Monitoring and Auditing Work Plan / Schedule 764

(32)

(Medicare Managed Care Manual, Chapter 21 .50.6.3; Prescription Drug Manual, Chapter 765

9.50.6.3) 766

42 C.F.R. §§ 422.503(b)(4)(vi)(F), 423.504(b)(4)(vi)(F) 767

768

The results of the risk assessment help develop the Compliance Internal Auditing (CIA) 769

audit schedule. BND prioritizes (and reprioritizes, adjusting the CIA audit schedule as 770

needed throughout the year. Not all audits scheduled will be completed based on varying 771

factors including staffing which is a challenge in a small health plan such as BND. The high 772

risk areas are of greatest concern and will be audited. BND may re-audit when an area is 773

found to have multiple findings that put members and the company at risk. Corrective 774

actions are required for deficiencies. Corrective action and follow-up are overseen by the 775

compliance officer with compliance department staff. When appropriate BND reports 776

findings to the NBI MEDIC and state agencies as appropriate. 777

778 779

Audit Schedule and Methodology 780

9. 50.6.4) 782

42 C.F.R. §§ 422.503(b)(4)(vi)(F), 423.504(b)(4)(vi)(F) 783

784

The CIA Auditing Schedule includes a schedule that lists all of the monitoring and auditing 785

activities for the calendar year. (Adjustments are made as needed.) BND uses a 786

combination of desk and on-site audits. 787

788

BND utilizes audit tools (including CMS audit tools) The audit tool serves as the audit 789

report. A written letter to FDRs also explains the findings, recommendations, and 790

requirements for corrective actions. 791

792

BND conducts follow up audits as appropriate to re-audit areas previously found non- 793

compliant to determine the effectiveness of the corrective actions taken. 794

795 796

Audit of the Sponsor’s Operations and Compliance Program 797

9. 50.6.5) 799

42 C.F.R. §§ 422.503(b)(4)(vi)(F), 423.504(b)(4)(vi)(F) 800

801

Audit of Operations 802

The compliance officer and compliance committee takes into consideration the small size 803

of the health plan when developing the CIA Audit Schedule. Audits may be performed by 804

the department being audited and then spot checked for accuracy by the Compliance 805

Department. Auditors must be knowledgeable about CMS operational requirements for 806

the areas under review. Auditors may include SMEs such as pharmacists, nurses, 807

physicians, certified public accountants, fraud investigators, and compliance staff. Final 808