Trillium HEALTH AC Center, Inc., dba Trillium Health and Pleasant Street Apothecary COMPLIANCE PLAN COMPLIANCE PLAN AG Genter, Inc., dba Trilium Health and Pleasant Street Apothecary. hereby calle ‘the organization,” is strongly commitied to and nas a longstanding reputation for knwful and ethical conduct, We taka pride in merting the tust of those we serve, government regulators and one another. Giver the many laws, rules and regulations goverring healthcare, the organization has established a comprehensive compliance program lo help us live up to aur commitment to adhere lo the highest elhical standards of conduct in all business practices. ‘The organization voluntarily implements a compliance program aimed at fraud. waste, and abusa pravention while at the same tire advancing the mission of providing quality patient and client care. Our compliance elforts are aimed at preventian, detection, and resolution of variances. ‘The eight elerrents of the crganization's Compliance Pian are: 41. Commitment to Compliance A, Standards of Conduct B. Patiant and Client Righis . Peisonal Health InformationiHIPAA‘Article 27-F Compliance: D. Medical Necessity E. Billing F. Compliance with Applicable HHS Fraud Alerts G. Marketing H. Anli-Kick Back/inducements |. Relationships with Vendors and Suppliers 4. Ratantion af Records/Cncumentation K. Medical Records/Chant Record Documentation L Prescription Drugs snd Conlralled Substances 2, Designation of a Compliance Ofiear!Committes 23, Conducting Training and Edueation Programs 4, Communication 5, Disciplinary Guidelines 8. Auditing ard Monitoring 7. Corrective Action 8, Response 9 Special Agent's Visit for the Purpose of Investigating Allegations. of Fraud and Abuse 4. COMMITMENT TO COMPLIANCE A, Standards of Conduct ‘The organization promotes adheronce ta the Compliance Program as en elernent inthe performance evaluation of all staff members. 2014 Complies Pir Lama Page 2 of IS COMPLIANCE PLAN ‘The organization's employees are bound to comply, in all official acts and duties, with all applicable laws, rules, regulations, standards of conduct, including, but not limited to laws, rules, regulations, and directives of the federal government and tha stata of Now York, also rules and policies and procedures of the organization, These current and future standards of conduet are incorporated by reference in this Compliance Plan, All candidates for employment shall undergo @ reasonable and prudent ‘background investigation, including a reference and criminal background check. Due diligence will he used in the recruitment and hiring pracess to prevent the appointment tc pasitions with substantial discrelionary authority, persons whose record (professional licensure, credentials. prior employment. criminal record or specific “exclusion from Medicaid funded programs) gives reasonable cause to believe the individual has a propensity to fal to adhare to applicabla standards af conduct. All new employees will receive orlentatlon and trainlag In compllance policies and procedures. Participation in required training is a concition of employment Failure (o participate in required training may resuit in disciplinary actions, up to and including, termination of amploy-nent, Every employes is ssked to sign a statement cerlifying they have received, read, and understood the Gonlents of Uke compliance plan, Every employee will roccive poriodie training updates in compliance protocals as they relate to the employee's individual duties. Non-cumpliance with the plan or violations will result in sanctioning of the involved employee(s) up to. and including, termination of employment. B. Pationt/Client Rights We treal our palignisicients wilh respect and dignity and provide care that is both necessary and appropriate, No distincton is made in the admission, transfer. discharge or care of individuals on the basis of race, croee, religion, national origin, gender, gender expression, sexual orientation, source of payment oF disability. Clinical cara is provided based on identfied healtheare needs and Case Management is provided based on needs identified through @ uniform assessment tool, not on financial cfiteria, and no treatment or action is, Undertaken without the Informed consent of the patient ar an authorized representative, Patients/c ionts are provided with @ written statement of rights which corfoms to all applicable laws, and their autonomy and privacy are raspactad within the context of a safe congregate setting, 2014 Cinopliance Plan 12014 Poge3 of IS COMPLIANCE PLAN Employees involved in patientclient care ere expected to know and camply with all applicable laws and regulst ons and our policies and provecures gaveming their particular program, . Personal Health Informatioa/HIPAA/Article 27-F Compliance ‘The organization collects personal nealth information about aur palienssialients to provide the best possible care. We realize ihe sensitive nature of this information, and! are committed to safeguarding patients’ clients’ privacy ‘The organization has ereated the Privacy Officer position in accordance with the HIPAA Privacy Rule. The Privacy Officer is responsible for development and implementation of policies, pravadures and educalional programs that will ensure that the organization will continue fo be cempliant with the Privacy regulations ariel will also ensure that protected health information is secure. In order to ensure that confidentia ity is maintained, employees end their representatives must adhere ta the following rules: © Do not discuss protacted health information (PHI! client information in public areas such as clovators, nallways, common gathering areas. + Limit release of PHitclient information to the minimam reasonably necessary for the purpose of the disclosure, © Do not discinsa PHI witho.t an appropriate consent signed by the patianticl ent unless it is related ta tne person's care, paymert of care, oF health care operations of tre organization. In an emergency siluatior, a palignt's conser may not be required when a healthcare provider treating the patient requests informacion, but tre name and affllation of tia parson requesting the information must be confirmed and documented in the medical record, + Honor any restrislions on uses of disclosure of information placed by the plientel ent Make sura PHielient informatinn stored in the computer system is properly secured + Be familiar with and comply with special confidentiality rules governing the disclosure of HIVIAIDS, alenhcl, substance abuse and mental heath sreatment, D. Medical Necessity The crganizalion will take reasonable measures to ensure that only claims for services that are reasonable and necessary, given the patient's condition! client's needs are billed. 2014 Compliunee Plan 12014 Paged of 1S COMPLIANCE PLAN Documentation will supporl tie determinations of medical necessity'aient need when providing services. ‘The arganization is aware that private and governmental third party payers will only pay for tests that reet the coverage crileria and ane reasunable and ‘necessary to treat of diagnose a patient. Therefore, the organization's Providers will Use prudent ordering practicas, In requosting diagnostic procadures or tests, the organization's Providers will make an independent medical necessity decision with regard to each item ordered. A disgrosis will be submitted for all tests ordered. Documentation of ‘Indings and dlagnoses will support the medical necessity of the service. Tho oganization’s Providers understand that private and governmental third party payers generally hava limitations on labaratary and diagnostic tests; therefore, the pitar autharization process wil be followed. The organization's providers wil order tests or services that are medically necessary for the approoriate traatmert of tra patient. E. Billing All claims for serices submitted :o pitvate and governmental thied party payers or other health benefits programs will correctly identify the services ordered, Only those tests ordered oy an authorized Provider that are performed and that maa private and gavernmartal third party payer's criteria wil be billed, Intentionally or knowingly up coding (the selection of @ code to maximize reimbursement when such code is not the must appropriate desciptor of the service offered) may result in immediate termination. The organization's providers must provide documentation to support the current CPT and ICD codes sed based on macical findings and diagnoses. Immediate disciplinary action, up to and including temnination will be implemented for instances of intentional misrepresentation of any service provided that results in over billing, All irdiv duals who pravide billing information and billing cenartment employees who prepare or submit billing slalemenis must comply wilh all applicable laws, rules and regulations and the organization's policies. The organization will promptly retum to payers any payments which wa datermine da nat conform te ur eolicies ard applicable laws. If erronequs claims have been made to Medicaid from the Health Homes or Adult Day Health programs, the applicable AIDS Institute cowract manager will be noted. 2014 Compliance Plan 10:4 Page S of 15 COMPLIANCE PLAN As healihcarefhutnan service Providers, our business involves reimbursement under govemment programs which require submission of certain teports ot our costs of operations, The organization complies with all federal and state laws and ragulations ralating ta cost reports, which define what costs are allowable and oser-be the appropriate mathodolagies to clam reimbursement for the cost of services provided to program beneficiaries. Given the complexity of this area, all issues related lo the cumpletion and settlament of cost reports must be communicated through or coordinated with tha Chief Financial Officer as well as the Ch ef Compliance Office. F. Compliance with Applicable HHS Fraud Alerts ‘The Compliance Officer will review tha Modicaid/Mediearc Fraud Alerts ‘The Compliance Officer will ensure that any conduct disparaged by the Fraud Alert is immediately ceased, implemen! corieclive ac:ions, and take reasonable factions lo ensure that future vie ations do not accur. G. Marketing ‘The organization will promole only honast, straightforward, fully informative, and non-decentive marketing, We use marketing fo educate the public, increase awareness of our services and recruit employces. All marketing materials must accurately describe our services and programs. In order to ensure thst no incorrect information is dissemizaled, employaes mus! ccordinale ak marketing materials with and direct all media requests to the Vice President of Organizational Advancement or Vice Prasident of Organizational Performance Management, if the formar position is vacant. The Organization will only use andior disciosa any paticnticient protected health information for marketing ‘activities if a writtan prior aulharization is obtained H. Anti-Klckback/Inducements ‘The organization will not part cipate in nor condane tre provision of inducements fo recaipt of kiakhacks fe gain business or influerice referrals, The organizalion's Providers will consider the palienticient's interests in offering referral for treatment, diagnostic, or service options. Federal and state laws prohibit any form of kicknack, bribe or rebate, cither directly or in directly, in cash or in kind, to induce the purchase or referral of goods, sorvices or lems paid for by Medicare or Medicaid. 2914 Cunrpliarce Plan Leola Page 6 of 35 COMPLIANCE PLAN Self-referral laws prohibit a Provider from referring a alien! for verlain lypes of health servicas te an entity with which the Provider or members of his or her immediate farrily has a financial ralationship. Since violations of these laws may subject both the organization and the individual involvad to civil and criminal penalties and exclusion from government funded healthcare programs, all prososed transactions with healthcare Providers must be reviewed with fogal coun Any employee involved in promoting or accepting kickbacks or offering inducements ‘nay be terminated immediately. | Relationships with Vendors and Suppliers ‘The omgarization is committed to employing the highest ethical standards in its Telationships wilh vendors and suppliers with respect to source selection, negotiation, determination of contract awards, and administ-ation of purchasing actiatias. Al" vendors and suppliers are to be selected solely on the bass of objective criteria; personal ralationships ard frendships play no part in the selection process. The organization doas nat knawingly contract or da business willl a vendor thal has been excluded from a govemment-funded healthcare program, Any vendor or suppler who has access to the Organization’s PHI and 1s not a covered entity, will be required to enter into a Business Associate Agreement to comply with HIPAA rules and the HITECH Act J. Retention of Records/Documentation The organization wik ensure that all records required by federal andior state faw ara created and maintained. All records will be maintained for a period of no lass than seven years, Documentation of compliance efforts will include staff meeting and committee minutes, audit reports, memoranda concerning compliance protocols, problems identified and corrective acticns taken, the results of any investigations, and documentation supportive cf assessment findings, diagnoses, treatments, and plan of care, K, Medical Record Documentation Timely, accurate and complete documentation is important to clinical patient are. This documentation not only facilitates. high quality patient care, but also serves to verify that billing is accurate as subrmiltad, ‘The otganizalion requires thal Providers follow Ihese documentation guidelines: ‘+The medical record! client record is cornplote and legible 24014 Compliance Plan 12014 COMPLIANCE PLAN = Documentation is timely + The documentation of each patient encounter includes the reagan for the encounter, any relevant history, physical examination findings, prior agnostic test results, assessment, clinical impression or diagnosis, plan of care, and date and legible identity at the observer. » OPT and ICD-8 codes used for clair-s submission are supported by documentation In the medical record Appropriate health risk factors are identified. The patient's progress, his or her response to treatment + Care management encounters will be documented per New York State Department of Health guidelines. LL. Prescription Drugs and Controlled Substances The organization's employees routinely have access to prescription drugs, conirolied substances and olher medical supplies. in accordance with federal, state and local laws, itis strictly prohibited to divert prescription drugs and contyolled substances te unauthorized individuals. to administer them without propar ardars, to distrhute adulterated, mishranded, mislabeled ar expired drugs fr devices, of to fail to repart significant adverse events. Any employee of the organization who becomes aviare of a potential lapse in security or the improper diversion of druys musl reporl the incident immediately <0 his‘her supervisor or she Compliance Officer. IL DESIGNATION OF A COMPLIANCE OFFICER AND/OR A COMPLIANCE COMMITTEE The organization designates the Sr. Vice Presiden: of Organizational Performance Management fn sarva as the Compliance Officer and coordinator of all complianca actiitias, Compliance Officer: The responsibilties of the Compliance Officer are: + Ghair the Compliance Commitee and serve as a spokesperso9 for the committee + Overseeing and monitoring the implementation of the compliance program, + Reporting periodically to the Compliance Committee, the President and the Board of Diractors on the progress of implamentation of compliance initiatives, corrective actions and recommendations to reduce the vulnerability to allegations of fraud, waste, and abuse. + Developing and distributing all writen compliance policies and procedures to all affected employees, 2014 Complianoe Plan sword Page 8a 1S COMPLIANCE PLAN + Parindically ravising the program in light of changes in the needs of the organization and in the law; and changes in policies and procedures af government and private payer health plans. + Developing, cuerdinating, and participating in a multifaceted educational and! training program that focuses on the elements of the compliance Program and socks to ensure that all employees are knowledgeable of, ‘and comply with, pertinent federal. state, and private payer standants. + Coordinating with lhe Human Resources Department ta ensure that ‘employees do nol appear in any of the "excluded, dabarred or suspended’ personnel listings published by Medicare and Medicaid. + Ensuring that all ProvidersiGare Management Slaif are informed of compliancs program standards with respect te coding, billing documentation, and marketing. et. + Assisting in coordivaling intemal compliance raviow and mentoring activiies, including annual or p-r.n. raviows of policies. + Review the results of compliance audits, including internal reviews of compliance, indopendent reviews and extemal compliance audits. + Indepandently investigating and acting on matters related to compliance, including the flexibly to design and coordinate intemal investigations. + Developing policies and programs that encourage managers and employees to report stspactad fraud and other improprieties wilhoul fear of retaliation. (See Wristicblover Policy) + Interacting with extemal legal counsel lo discuss the Organization's initiatives an regulatory compliance, + Handling inquiries by employees, volunteers, affiliates, consumers and family members regarding compliance issucs. ‘The Compliance Officer has the authority to review all documents. and ther information relative to compliance activities, including, but aot limited to HRiPersannel records, requisition forms, billing information, claims infonmatian, ‘and records conceming marketing afforts and arrangements with cliers. Compliance Committee: ‘Tha organization will designate a Compliance Committee to advise the Compliance Officer and assist in the implementation of the compliance program as needed. The Compliance Committee will consist af at least the Chief Financial Dfficer, Chief Medical Officer, President, and one or more Board members. The Compliance Officer will alsa’ sclect designees representing Human Resources. and other Depariments/Divisions as needed. The Compliance Oficer is the Chair of the Compliance Committee, which reports to the Executive Cammittee of the Board at least twice per year. ‘The functions of the Compliance Committee are: 2014 Compliance Plan 19014 Page ors COMPLIANCE PLAN + Analyzing the Qiganivation’s regulatory environment, the legal requirements with which it must comply, and specific risk areas. + Assessing existing policies and procedures that addrese risk areas for possible incorporation into the Compliance Program, + Working within the Organization's standards o* conduct and policies and procedures to promote complianca, Reonmmending and monitoring the development of intemal systems and controls to Implement standards, policies, and procedures as parl of the daily operations. + Delermining Ihe appropriate strategylapproach to promote compliance with the program and detection of any potential problarrs or violations. + Developing a system to solicit, avaluata, and respond to complaints and orab ams, ill. CONDUCTING EFFECTIVE TRAINING AND EDUCATION ‘The organization requires all employees ta artend spociic training upon hire and fon an annual and p.r.n, basis thereafter. This will include training in federal and State statutes, regulations, program requirements, policies of private payers, and corporate eth cs. The training will emphasize the Organizalion’s corrmilment to compliance wilh these legal ‘equirements and policies, The training programs will include sessions highlighting the Organization's Compliance Program, summaries of fraud and abuse laws, discussions of coding requirements, claim development, claim submission processes, and marketing practices ihal reflect current legal and program standards. The Gamplianaa Officer or other dosignatad staff mamber will dacument the attordecs, the subjects covered, and any materials distributed at the training Basic training wil include: + Governmert and private payer reimbursement principles. General prchibitions on paying or receiving remuneration to induce referrals. Proper translation of narrative diagnoses, Only billing for services ordered, performed, and reported. Examples of fraud, waste, and abuse, Duly to repart misconduct Iv, DEVELOPING EFFECTIVE LINES OF COMMUNICATION The organization will protact whistls-blowars from retaliation. The organization ‘will not rotal ate against cmployees who, in good faith, have mace a protest or 2014 Commplinmess Phim Laola Page Wal ts