Fraud waste and Abuse FWA FWA Training Purpose We are all responsible for preventing and reporting suspected cases of Fraud Waste and Abuse FWA without fear of punishment Training will give you basic information necessary to understand what FWA is and what your obligations are if you sus ID: 706263
Download Presentation The PPT/PDF document "Transportation Provider Compliance Train..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Transportation Provider Compliance TrainingSlide2
Fraud, waste and Abuse (FWA)Slide3
FWA Training Purpose
We are all responsible for preventing and reporting suspected cases of Fraud, Waste, and Abuse (FWA) without fear of punishment
Training will give you basic information necessary to understand what FWA is and what your obligations are if you suspect it is happening
By looking out for FWA, we protect Federal funding given to Medicaid and Medicare programs for NEMTSlide4
Agenda
Centers for Medicare and Medicaid Services (CMS)
What is FWA: Laws and Regulations
MTM’s Quality and Compliance Department
HIPAA, PHI, and DUASlide5
CMS
Centers for Medicare and Medicaid
Services, also referred to as CMS:
A
n
agency within the US Dept. of Health and Human Services
R
esponsible
for several health care
programs and
rules regarding FWA that must be followed by MTM, First Tier, Downstream
and
Related Entities
Providers, drivers
and
office staffSlide6
MTM and CMS
MTM partners with Medicare and Medicaid clients
Clients are required
by
CMS to conduct FWA training with:
Transportation Providers
Drivers
Office Staff
As MTM clients are regulated by CMS, so are MTM employees and its subcontractors (transportation providers)
Documentation of annual FWA training must be maintained and available to CMS and MTM clients when requestedSlide7
FWA: What
is Fraud?
An intentional deception or misrepresentation made by a person with knowledge that deception could result in unauthorized benefit to himself or another person
I
ncludes any act that constitutes fraud under applicable Federal and State lawsSlide8
FWA: What
is Waste?
Overutilization
of services or other practices that result in unnecessary costs
Generally not caused by criminally negligent actions but rather misuse of resourcesSlide9
FWA: What
is Abuse?
Defines ways
that, either directly or indirectly, result in unnecessary costs to the Medicare
or Medicaid Program
Reimbursement for unnecessary services or services that fail to meet professionally recognized standards for healthcareSlide10
FWA
Laws
and Regulations
Suspected violations of:
False Claims Act; 31 U.S.C. §3729
L
aw
prohibits incorrect claims from being submitted to Medicare and
Medicaid
Stark LawLaw
was written to prevent doctors and other clinicians from referring patients to their own practices (physician self-referral
)
Anti-Kickback Statute
L
aw
keeps doctors, hospitals and other clinicians from offering or receiving kick-backs for referring patients to certain
practicesSlide11
FWA Laws and Regulations
Acts defined in 18 U.S.C.
- HITECH
Act of 2009 which widened scope of privacy and security protections available under HIPAA
Health Insurance Portability and Accountability Act (HIPAA)
State-specific laws and regulations that address Medicaid/Medicare
FWA - Laws
that a state implements that are more
strict
than the federal privacy lawSlide12
FWA: Your
Obligations
Comply with all policies and procedures developed and amended by MTM in relation to FWA
Acknowledge that payments made to you consist of Federal and State funding
You may be held civilly/criminally liable for non-performance or misrepresentation
of FWA services
Immediately refer all suspected or confirmed FWA to MTM’s Quality and
Compliance department - 1-866-436-0457Slide13
Examples of
Member
FWA
Changing, forging, or altering:
Prescriptions
Medical records
Referral forms
Lending insurance card to another person
Identity
theft
Using
NEMT for
non-medical services
Misrepresenting
eligibility status
Resale of medications to others
Medication stockpiling
Doctor shoppingSlide14
Resolution Options for Member FWA
Add a note to member’s file advising MTM for future trips
Add member’s name to a list of frequent abusers
Trip requests will be monitored and managed to prevent potential future FWA
Report
issue to MTM's client liaison, who will determine the best way to report to other
entitiesSlide15
Examples of Provider FWA
Falsifying credentials
Billing for services not rendered
Inappropriate billing
Double billing
F
raudulent billing
Collusion among providers
Falsifying information submitted through prior authorization or other mechanism to justify coverageSlide16
Resolution Options for Provider FWA
MTM's investigations specialists will determine which, if any, of the following actions are
appropriate
Recover trip cost
Provide education
Make recommendation for an audit of trip records
Establish Corrective Action Plan (CAP)
Disciplinary action
Dismissal from MTM network of providersSlide17
Who is Responsible for Identifying FWA?Slide18
Who Monitors FWA at MTM?
Potential cases reported to MTM’s Quality and Compliance department
Quality Investigation Specialist investigates each reported incident
Note results of investigation in member’s file
FWA reported against Transportation providers, drivers, and office staff are handled in the same manner
MTM reports incidents of FWA to clients on a monthly basisSlide19
Preventing FWA
Preventing FWA before it happens is critical
Transportation providers should report incidents of FWA they suspect to MTM’s Quality Management department immediately
Report all cases of suspected FWA to MTM immediatelySlide20
Preventing FWA
MTM staff are diligent and watch carefully for signs of potential FWA
Deny a trip if it seems “suspect”
Push trip request up internal chain of command to Team Lead
Contact client and get their guidance
Report suspicious activity to Quality Management department for investigationSlide21
Reporting FWA
Contact MTM’s Quality Management department
1-866-436-0457
Try to include all pertinent information:Slide22
Corporate Compliance Hotline
MTM has a Compliance Hotline to report unethical or illegal behavior in an anonymous and confidential manner
Types of issues that may be reported to the hotline include inappropriate billing practices, falsified credentialing documentation, violations of HIPAA or informational security standards, or other unethical or illegal practicesSlide23
FWA Reporting Protections
Whistleblowers offered protection against retaliation under the False Claims Act
Employees discharged, demoted, harassed, or otherwise discriminated
against for
reporting FWA
are
entitled to
protection under the False Claims ActSlide24
FWA
Conclusion
Training has given you:
Knowledge about what FWA is and why it is important to identify cases of suspected FWA
Tools necessary to feel confident in reporting suspected FWA without fear of reprisal
Understanding of why MTM requires training
Knowledge that everyone is responsible for reporting FWA
Knowledge that preventing FWA is critical—stop it before it happens Slide25
Health insurance portability and accountability act (HIPAA)Slide26
HIPAA Privacy Rule
Ensures consistent protection nationwide for all health information
Imposes restrictions on use and disclosure of Protected Health Information (PHI)
Gives people greater access to their own medical records
Provides people with more control over health informationSlide27
HIPAA BackgroundSlide28
Protected Health Information (PHI)
PHI is individually identifiable health information that is:
Transmitted or maintained in electronic media
Transmitted or maintained in any other form or medium
When an MTM member, agency, or health provider gives personal information to MTM, that information becomes PHISlide29
Examples of PHISlide30
HITECH Act
HITECH Act promotes the adoption and meaningful use of health information technologySlide31
HIPAA Expectations
Use or disclose PHI only for work related purposes
Exercise reasonable caution to protect PHI under your control
Understand and follow MTM privacy policies
Report potential HIPAA violations to MTM’s Quality and Compliance departmentSlide32
Use or Disclosure of PHI
HIPAA's privacy rule covers how we can use or disclose
PHI
Designed to minimize careless or unethical disclosure
PHI can’t be used or disclosed unless it is permitted or required by the Privacy RuleSlide33
Use vs. Disclosure
PHI is used when it is:
Shared
Examined
Applied
Analyzed
PHI is disclosed when it is:
Released/transferred
Accessed in any way by any one outside entity holding informationSlide34
Use or Disclosure of PHI
Payment:
Various activities of healthcare and healthcare related providers (such as you) to obtain payment or be reimbursed for services Slide35
Use or Disclosure of PHI
Transportation Providers permitted to use or disclose PHI for:
Scheduling trip information
Confirming special needs or adaptive equipment
Incidental use such as talking to a facility or medical providerSlide36
Minimum Necessary
Use or disclosure of PHI should be limited to minimum amount of health-related information necessary to accomplish intended purpose of use or disclosure
MTM has developed policies and procedures to make sure least amount of PHI is shared
If you have no need to review PHI, then stop!Slide37
Data Use
Agreement (DUA)Slide38
Data Use Agreement DUA
The Data Use Agreement (DUA) is an agreement between
MTM, MTM’s clients, and MTM’s subcontractors
This agreement states that all information obtained by transportation providers including PHI will remain confidential and will be disposed of properly Slide39
Data Use Agreement DUA
DUA applies to all MTM employees, transportation providers, and drivers who have access to confidential client informationSlide40
Transportation Provider Responsibilities
Transportation provider will secure access to all clients’ confidential information and ensure that it is only used in a manner that is approved under the
DUA
Transportation provider is required to secure any form of paper documentation that contains client
PHI
Transportation provider is required to secure mobile devices by a PIN number or equivalent security that contains client PHISlide41
Transportation Provider Responsibilities
Transportation providers
will establish appropriate penalties against any
member of
its
workforce
that violates the sharing of
client information
R
esponsible
for compliance with sending
and
destroying of confidential
informationSlide42
Transportation Provider
Responsibilities
Transportation providers will deliver written certification of compliance when requested
Upon termination, the transportation provider is required to retain documentation pursuant to contractual obligationsSlide43
Transportation Provider Responsibilities
Transportation providers will designate a person to implement the security requirements of the DUASlide44
Transportation Provider Responsibilities
Transportation providers assure that their employees/drivers are only provided information as needed to complete job requirements
Transportation providers must have and maintain a list of employees/drivers, and their signatures, titles, and the date they agreed to the terms of the DUA Slide45
Transportation Provider
Responsibilities
Transportation providers will adhere to the policies and procedures relating to the use of confidential information as set forth in the DUA, the Business Associate Agreement and the Medical Transportation Service AgreementSlide46
Transportation Provider Responsibilities
All data transferred and communicated will be through secure systems
A completed ‘DUA Agreement’ is required and maintained with MTM
A completed ‘DUA
A
uthorized
U
ser List’ is maintained and regularly updated for users accessing dataSlide47
What is a Breach of the DUA?
Any incident where PHI is used in an unsecure or unauthorized manner
Accessing client information that is not job
related
Sharing client information over social media, text, or screen
shots
Disposing of trip sheets in the trash of a public placeSlide48
What is a Breach of
the DUA and HIPAA
?
Lending
your mobile
device that
contains
client
information
Emailing or
storing client information in the cloud in an unsecured mannerSlide49
If a Breach is Suspected
Transportation providers will cooperate fully with MTM in investigating any breach of confidential information
Transportation providers have no more than 24 hours after discovery of a breach to report the event or breach of the security policy to MTMSlide50
DUA Guidelines
DUA is effective on the date of execution
All DUA users must be on the authorized user list
The DUA ends upon termination of the Service Agreement with the exception of retention provisionsSlide51
DUA Guidelines
MTM may immediately terminate the Service Agreement in the event of a material violation of the DUA
MTM may immediately terminate the Authorized User of the DUA Agreement in the event of a material violationSlide52
Maintaining Privacy: Written
Keep information in a folder during business hours and locked drawer after hours
Shred documents containing PHI after use
Keep a minimal amount of information in hard copy format
Do not leave documents unattended at printer Slide53
Maintaining Privacy: Telephone
Leave minimal information necessary on voice mail or answering machines regarding confirmation of trips, or ask member to return call to confirmSlide54
Maintaining Privacy: Faxes
Always include a cover sheet that:
States it is a confidential document
Gives a contact if fax is received in error
Spells out HIPAA (confidentiality) language
Verify fax number before sendingSlide55
Maintaining Privacy: Email
Emails containing PHI must be sent securely
Follow all directions for secured email
Do not enter any PHI in subject lineSlide56
Maintaining Privacy: Workstation/Vehicle
Always lock access to computer with a password and use privacy notice
Remove documents containing PHI from copiers and printers ASAP
Keep PHI in a folder or upside down during working hours
Remove PHI from desk or vehicle and place in locked drawer at end of work day
Do not discuss PHI in public areasSlide57
Cell Phone Best Practices
Use a device pin, or password
Install and/or enable encryption to your device
Remote wipe capability for lost or stolen devices
Disable use of file sharing applications
Keep your software up to date
Use adequate security to send or receive health information over public Wi-Fi networksSlide58
Protecting PHI
Verify identity and authority of person requesting before releasing PHI
Transmit PHI by telephone only when it can not be overheard
When leaving messages, limit information left to member’s name, a request to return call and your name/telephone number Slide59
Misuse of PHI
Misuse of PHI can result in civil and criminal sanctions:
Civil Penalties
: Up to $25,000/year for inadvertent violations; $250,000 for willful neglect; $1.5 million for repeated or uncorrected violations
Criminal Penalties
: Up to $250,000 fine and prison sentence up to 10 years for deliberate violations
Sanctions by DHHS
Other penalties related to not meeting contractual obligationsSlide60
Example of Misuse of PHI
A South Dakota medical student took home copies of 125 patients’ psychiatric records to work on a research project
He disposed of material in a dumpster of a fast food restaurant, where they were found by a newspaper reporterSlide61
Reporting Misuse of PHI
Report incidents of accidental or intentional disclosure to your supervisor and MTM
No adverse action will be taken against anyone who reports in good faith violations or threatened violations of Privacy Rule, Security Rule or related policiesSlide62
Breach of ePHI
Breach is unauthorized acquisition, access, use or disclosure of PHI which compromises the security or privacy of information
HITECH Act promotes the adoption and meaningful use of health information technologySlide63
Example of Breach of ePHI
Theft of 6 hard drives at an insurance company’s training facility, including images from computer screens containing data that was encoded but not encryptedSlide64
Breach Notification
Notice to individual of breach of his/her PHI is required under the HITECH Act
Breaches involving PHI of more than 500 persons in one circumstance must be immediately reported to DHHS by covered entity
Will be posted on DHHS site
Business Associates must report security breaches to covered entitySlide65
Enforcement of Privacy and Security
Office of Civil Rights has enforced Privacy Rule since 2003
CMS has enforced Security Rule since 2005
As of July 27, 2009 DHHS has delegated enforcement of both rules to Office of Civil RightsSlide66
HIPAA Resources
CMS – Center for Medicare and Medicaid Services
www.cms.hhs.gov/SecurityStandard/
Office of Civil Rights
www.hhs.gov/ocr/hippa/
US DHHS – Department of Health and Human Services
www.hhs.govSlide67
HIPAA Glossary
Business Associate
: Person or entity that performs certain functions or activities that involve use or disclosure of PHI on behalf of, or provides services to a covered entity
Protected Health Information
: Individually identifiable health information
Minimum Necessary Information
: Current practice is that PHI should not be used or disclosed when not necessary to satisfy a purpose or carry out a functionSlide68
Resources
Report Fraud, Waste and Abuse:
Corporate Compliance Hotline Number: (855) 847-0262
Corporate
Compliance Web Link:
http://www.reportlineweb.com/mtm
Report Information Security Issues:
Email:
security@mtm-inc.net
Phone: (636) 695-5644Slide69
Please complete the Assessment following
this trainingSlide70
Questions?Slide71
Thank you for your active participation!