Office of compliance & audit service

1. Office of compliance & audit service Mandatory (Medicaid) Compliance Program New York is the first state to implement Mandatory Medicaid Compliance Program requirements. Effective October 1, 2009 • New York State healthcare organizations for which Medicaid constitutes $500,000 or more of the provider’s annual business operations (considered “substantial” and defined as ordering, providing, billing or claiming $500,000 or more from Medicaid in a twelve-month period), must have an “effective” compliance program and certify on an annual basis that the compliance program meets related statutory requirements. • The effective compliance program requirement is also applicable to any New York State provider subject to the provisions of Articles 28 or 36 of the New York Public Health Law or Articles 16 or 31 of the New York Mental Hygiene Law, regardless of the amount of Medicaid business. The Deficit Reduction Act of 2005 (“DRA”, 42 USC §1396a(a)(68)) requires entities with $5.0 million or more in annual Medicaid payments (in a Federal fiscal year) to establish written policies and procedures informing and educating their employees, contractors, and agents about Federal and State false claim acts and whistleblower protections.

2. Office of compliance & audit service Mandatory (Medicaid) Compliance Program – cont’d The New York Mandatory Medicaid Compliance Program requirements are a result of New York Social Services Law §363-d and New York State Codes, Rules and Regulations Title 18, Part 521 (“Provider Compliance Programs” or “Part 521”).  Part 521 defines the entities to which the requirements apply (“covered providers”) and mandates that each covered provider’s compliance program include the following eight elements (as included in §521.3(c)): It is important to note that the Part 521 requirements are more stringent than previous voluntary guidelines and specify that the compliance program must be effective.

3. Office of compliance & audit service Sample Elements of SBUH’s Compliance Program 1. Policies and Procedures - Code of Conduct, Administrative Policies and Procedures Interim Chief Compliance Officer – John W. Ruth, MBA, RHIA Training and Education - New Employee Orientation, Annual Re-Certification, Focused Training and Special Requests Communication - Anonymous Compliance Helpline (1-866-623-1480), or direct contact with our Interim Chief Compliance Officer 631-638-2366. Discipline - Action taken is appropriate and consistent with collective bargaining agreements, federal, state and local laws. Auditing and Monitoring/Risk Area Identification - Continuous monitoring/auditing initiatives, collaborative assessment of organizational control activities. Reporting and Response - Investigations of compliance concerns and corrective action plans Non-Retaliation - To promote the reporting of known or suspected violations SBUH has adopted a code of non-retaliation for individuals who in “good faith” provide information they believe or perceive to be true.

4. Office of compliance & audit service Compliance Programs Guidance has been available since the late 1990s in the form of the Office of the Inspector General’s (“OIG”) voluntary “Compliance Program Guidance” publications in the Federal Register. The OIG’s guidance recommends specific compliance program elements and identifies certain key risk areas which should be addressed by the compliance programs of healthcare providers. The United States Federal Sentencing Guidelines (“Sentencing Guidelines”), Chapter 8, Part B (§8B2.1, “Effective Compliance and Ethics Program”) outline specific factors considered by the Federal government when establishing organizational penalties or sanctions following instances of criminal conduct. The Sentencing Guidelines address overall “effectiveness” factors (e.g., organizational culture, governance and oversight, communication, training and remediation) evaluated to determine whether an organization’s compliance program is adequately designed to prevent, detect and respond to criminal conduct.  The Sentencing Guidelines provide the Federal government with standards for the determination of organizational culpability and establishment of sanctions, but meeting the compliance program “effectiveness” criteria can be a significant mitigating factor for organizations in the unfortunate situation of facing penalties as a result of criminal conduct

5. Office of compliance & audit service Fraud, Waste and Abuse Definitions There are both Federal and New York State statutes relating to the filing of False Claims and protection offered to Whistleblowers who report False Claims. They protect against Fraud, Waste and Abuse. Fraud includes obtaining a benefit through intentional misrepresentation or concealment of material facts Waste includes incurring unnecessary costs as a result of deficient management, practices, or controls Abuse includes excessively or improperly using government resources

6. Office of compliance & audit service Federal and State False Claims Act ( FCA ) FEDERAL LAWS • Federal False Claims Act (31 USC §§3729-3733) • Anti-Kickback Statute (42 USC § 1320a-7b(b) • Physician Self-Referral Law (42 USC § 1395nn) • Exclusion Statute (42 USC § 1320a-7) • Civil Monetary Penalties Law (42 USC § 1320a-7a)  NEW YORK STATE LAWS • CIVIL AND ADMINISTRATIVE LAWS • New York False Claims Act (State Finance Law §§187-194) • Social Services Law, Section 145-b, and 145 • CRIMINAL LAWS • Social Services Law, Sections 145, 145c, and 366-b • Penal Law Article 175, 176 and 177 WHISTLEBLOWER PROTECTION • Federal False Claims Act (31 U.S.C. §3730(h)) • New York State False Claim Act (State Finance Law §191) • New York State Labor Law, Section 740, and 741

7. Office of compliance & audit service Fraud Enforcement and Recovery Act of 2009 (FERA) On May 20, 2009, the Fraud Enforcement and Recovery Act of 2009 ("FERA") was signed into law. It includes the most significant amendments to the FCA since the 1986 amendments. Section 4 of the FERA has major significance for health care providers and managed care plans, and all Medicaid providers. This section, “Clarifications to the False Claims Act to Reflect the Original Intent of the Law”: Redefined terms such as “claim”, and “obligation” . Expands the anti-retaliation provisions from only employees to include “contractors and agents” who “act to stop one or more violations.” This provision could protect contracted physicians in a government-funded managed care plan, for example, who took action to stop false reporting or illegal denial of services by the plan.

8. Internal Controls The New York State Governmental Accountability, Audit and Internal Control Act of 1987 (Internal Control Act) required State agencies and other organizations to promote and practice good internal control and to provide accountability for their activities. The New York State Division of Budget’s Policy and Reporting Manual Item B-350, Governmental Internal Control and Internal Audit Requirements: Describes internal control responsibilities to be performed by all state agencies Requires all state agencies to certify each year that they are in compliance with these internal control requirements and the Internal Control Act. Internal control is defined as: the integration of the activities, plans, attitudes, policies, systems, resources and efforts of the people of an organization working together to provide reasonable assurance that the organization will achieve its objectives and mission. Internal control is focused on the mission of the organization, and this mission must be kept in mind when evaluating the appropriateness of specific internal control practices. Office of compliance & audit services

9. Types of Controls Detective Controlsare designed to detect errors or irregularities that may have occurred. For example, reviews of performance, reconciliations, physical inventories and audits. Corrective Controlsare designed to prevent the recurrence of errors. They begin when improper outcomes occur and are detected and keep the "spotlight" on the problem until management can solve the problem or correct the defect. For example budget variance reports. Preventive Controls are designed to keep errors or irregularities from occurring. For example, standards, policies and procedures, segregation of duties, authorization and approval levels. For a control objective to be effective, compliance with it must be measurable and observable. Internal controls provide reasonable assurance that an organization meets established objectives and goals. Office of compliance & audit services Internal Controls

10. Office of compliance & audit service Gifts and Entertainment The State of New York, Commission on Public Integrity, in Advisory Opinion No. 08-01 has adopted the term “nominal value.” Stony Brook University Hospital has not defined Nominal Value with a dollar limit. Nominal value is considered such a small amount that acceptance of an item of nominal value could not be reasonably interpreted or construed as attempting to influence a State employee. Items of insignificant value, as, for example, a regular cup of coffee or a soft drink, are considered nominal. Nominal value would not include a meal nor would it include an alcoholic beverage. If you have any questions regarding this slide, please feel free to contact the Interim Chief Compliance Officer, John W. Ruth at 638-2366 or e-mail at John.Ruth@stonybrookmedicine.edu

11. Office of compliance & audit service Helpline Information Confidential Compliance Helpline 1 866 - 623 - 1480 https://www.compliance-helpline.com/sbuh.jsp 24 hours per day / 7 days per week English / Spanish If you wish to report an issue of non-compliance please contact the Interim Chief Compliance Officer, John Ruth, at 8-2366, John.Ruth@stonybrookmedicine.edu,or call the Corporate Compliance Helpline, which is available 24 hours a day, seven days a week. Reports can be made anonymously or by name. No Hospital representative will be disciplined or subjected to retaliatory actions because he or she made a report in good faith.