INLAND EMPIRE HEALTH PLAN CODE OF BUSINESS CONDUCT AND ETHICS Our shared commitment to honesty, integrity, transparency and accountability UPDATED: February 2014
TABLE OF CONTENTS Topic Page A. The IEHP Code of Conduct... 2 B. The IEHP Rules of Conduct... 2 C. The IEHP Commitment... 3 D. Reporting Non-Compliance with Laws, Regulations, Contract Requirements and/or the Code... 3 E. Investigations... 3 F. Non-Retaliation Policy... 4 G. How to Report Suspected Non-Compliance... 5 H. Respect for Our Members... 5 I. Respect for Our Providers... 5 J. Conflict of Interest... 6 K. Gifts and Entertainment... 6 L. Confidential and IEHP Proprietary Information... 7 M. Privacy Breach Reporting... 9 N. Fraud, Waste and Abuse (FWA) Prevention, Identification and Reporting... 11 O. Identification of Excluded Individuals and Entities... 13 Acknowledgement of Receipt and Recognition... 14
A. The IEHP Code of Conduct The Code is meant to provide guidance about the compliance culture at IEHP and the role that each Team Member, including management, Chief Officers and the Governing Board, plays in building and preserving that culture. B. The IEHP Rules of Conduct IEHP expects Team Members and business entities doing business with IEHP to conduct business activities in an ethical and professional manner that promotes public trust and confidence in the integrity of IEHP. Actions considered contrary to that expectation which will subject a Team Member or a business entity to disciplinary action, up to and including contract or employment termination (as applicable) are: - Theft, fraud, forgery, bribery or other forms of dishonesty; - Unauthorized release of confidential information about IEHP, its Team Members, its Members or its contracted entities; - Falsification or material omission on the Employment Application or other records; - Conviction of a misdemeanor and/or a felony; - Engaging in any activity which is in conflict with the best interests of IEHP; - Revealing IEHP trade secrets; - Failure to report to either your supervisor, the CEO or the Compliance Department any suspicious, unethical, or illegal conduct by fellow Team Members, Members, Providers and any individuals and/or entities with whom IEHP does business; - Accepting monetary tips from Members, their families or friends, and/or IEHP vendors; - Violation of any federal, state or local laws; - Failure to report a conflict of interest; - Appearance on the List of Excluded Individuals and Entities (LEIE); the General Service Administration Excluded Parties List System (EPLS); and/or any other applicable state or federal sanction list(s); - Failure to attend mandatory compliance training; or, - Failure to comply with IEHP confidentiality, privacy, security and fraud, waste and abuse policies. Additional examples of actions which result in discipline are provided in Human Resources Policy Section R-3. Refer to Human Resources Policy Section C-10 for potential corrective actions. Page 2
C. The IEHP Commitment IEHP is firmly committed to comply with its legal and contractual obligations under all state and federal programs, laws, regulations, directives and transmittals applicable to Medi-Cal, Healthy Kids, IEHP Medicare DualChoice, IEHP DualChoice Cal MediConnect Plan (Medicare-Medicaid Plan) and other lines-of-business in which IEHP may choose to participate. As a result, any entity doing business with IEHP, along with our Team Members, is expected to respect and comply with these obligations. D. Reporting Non-Compliance with Laws, Regulations, Contract Requirements and/or the Code All Team Members and entities doing business with IEHP have a right and a responsibility to promptly report known and/or perceived violations of this Code. You are encouraged to discuss the problem with your supervisor, manager, Director or Chief; with the Human Resources Department; with the Compliance Team or the IEHP Compliance Officer. These resources are available to you in assessing the situation and reaching a decision to report a compliance concern. Please read on for more information on how to report your compliance concerns. E. Investigations Any and all compliance concerns will be investigated thoroughly and as confidentially as the law allows. IEHP will conduct a fair, impartial and objective investigation into your concerns and will take appropriate action to correct any violations or incorrect perceptions that are identified. IEHP maintains a system to receive, record, respond to and track compliance questions or reports from any source. Investigative findings that meet state and/or federal criteria for additional investigation are referred to the appropriate state and/or federal entity. Page 3
F. Non-Retaliation Policy All Team Members are encouraged to participate in the Compliance Program without fear of intimidation or retaliation, including but not limited to: reporting potential issues; conducting self-evaluations; remedial actions, and reporting to appropriate officials. IEHP has a zero tolerance retaliation policy and will discipline individuals who retaliate with discriminatory behavior or harassment up to and including termination of employment. Questions to Ask When Making Ethical Decisions Q&A Do I have all of the facts? Gather enough information to make a well-informed decision and consider the relevant facts to support your concerns of unethical behavior. Does the situation that I am concerned about appear to reflect non-compliance with applicable laws, regulations, contract requirements or IEHP policy? IEHP has no tolerance for non-compliance with laws, regulations and/or contract requirements that guide our policy and procedures. Identify the law, regulation or requirement that has been violated and carefully consider the act(s) that might have resulted in non-compliance. Sometimes, this is not easy to do and you may want to discuss the situation with your supervisor and/or a Compliance Department Team Member. If my supervisor directs me to do something that I think will result in non-compliance with a regulation or IEHP policy, should I do it? No, you should not. Laws, regulations, contract requirements and IEHP policies must be observed and direction to the contrary should be reported to Human Resources and/or the Compliance Department. Page 4
G. How to Report Suspected Non-Compliance You have a variety of ways to report a compliance concern: 1 2 3 4 5 The Compliance Hotline is toll-free at (866) 355-9038 and is available 365 days/year, 24 hours/day. If a Compliance Team Member is not present, a confidential voice mail will take your message and the Team will pick it up on the next business day. You may report your concerns anonymously, although we appreciate the opportunity to ask questions if necessary. E-mail at: compliance@iehp.org Send a fax to: (909) 890-2973 Send a letter addressed to: IEHP Compliance Officer P.O. Box 1800 Rancho Cucamonga, CA 91729-1800 Visit the Compliance Team or the IEHP Compliance Officer: 1st Floor of the Atrium near the front (North) entrance. H. Respect for our Members IEHP Members deserve to be treated with respect and to experience the kind of customer service that each one of us expects from each other. Every Member encounter with a Team Member is an opportunity to demonstrate excellent customer service. I. Respect for our Providers IEHP is dedicated to giving our providers a level of service that exceeds their expectations. Every Team Member who interacts with a provider should do so with professionalism and a willingness to assist the provider with his/her IEHP needs. Page 5
J. Conflict of Interest Team Members at all levels in the organization are required to comply with the conflict of interest policy. Examples of conflict of interest include, but are not limited to: - Accepting concurrent employment with, acting for, or rendering services to any business or endeavor, with or without compensation, which competes or conducts business with IEHP; - Selling products directly or indirectly in competition with IEHP; - Financial interest or business involvement with an outside concern which conducts business with or is a competitor of IEHP; - Representing IEHP in any transaction in which a personal interest exists; and, - Accepting gifts or any substantial favors from an outside concern, which does business with or is seeking to do business with IEHP. Additional information is provided in the Conflict of Interest Policy, Human Resources C-8. K. Gifts and Entertainment $10.01 A Team Member may not give or accept gifts, entertainment or any other personal favor or preferential treatment (valued in excess of $10.00) to or from anyone IEHP has, or is likely to have, any business dealings. $10.01 TICKET $10.01 $10.01 TICKET Q&A A Member sent me a bracelet to thank me for helping her obtain the care that she needed. May I keep it? As long as the gift can be valued at $10.00 or less you may keep it. Page 6
L. Confidential and IEHP Proprietary Information IEHP has an established policy to protect confidential information relating to IEHP operations, Team Members, Members and Providers. Information Team Members obtain in the course of their work and employment at IEHP is to be used solely for the purpose of conducting IEHP business. Confidential information includes but is not limited to: - IEHP proprietary information about the company; - Proprietary information about IEHP s contracted entities; - Private information about our providers; - Member personal and protected health information (PHI) protected by the Health Insurance Portability and Accountability Act (HIPAA); the Health Information Technology for Economic and Clinical Health (HITECH) Act; and, state confidentiality laws. Included are any Member demographic data that specifically identifies the Member, i.e., address, Social Security Number, date of birth, etc.; and, any healthcare information, i.e., diagnosis, treatment, ICD-9-CM and/or CPT codes; - Enrollment of a Member with IEHP; - Personal and/or private information about our Team Members. confidential Confidential information may be in the form of: - Documents and tapes - Electronic information - Lists and computer print-outs - Studies and reports - Drafts and charts - Records and files confidential Such confidential information should never be disclosed to individuals outside of IEHP during employment or at anytime thereafter except as required by a Team Member s immediate supervisor or as required by law. This would include telling an individual something confidential or saying something confidential where it can be overheard by those without the need to know. It also includes viewing confidential information that is unrelated to your job. IEHP has a privacy and security program to protect electronic and paper confidential information. Attendance at confidentiality, privacy and security training is mandatory for all Team Members upon initial employment and annually thereafter. A failure to attend may result in disciplinary action and will be considered at the time of the annual Performance Evaluation. Page 7
Unauthorized release of confidential information may make a Team Member subject to a civil action and may subject IEHP to penalties under prevailing state and federal laws and regulations, including HIPAA and the HITECH Act. Failure to comply with IEHP confidentiality, privacy and security policies will be grounds for termination. There are certain circumstances under which Member information may be released without a written authorization by the Member: - For purposes of treatment by a provider, i.e., a PCP, specialist, hospital or other healthcare professional who is treating the Member - For purposes of payment to a provider - For purposes of IEHP operations, i.e. in order for all departments to provide the Member with whatever services he/she may need For additional information related to HIPAA and other legislation refer to IEHP Human Resources Policy Section H-3 and to Compliance Policy/Procedure, HIPPA Program Description, PRO_CMP 04a. Q&A A non-contracted physician who is not treating our Member is asking for information about her care. Is it OK to give that information to the physician? No, not without the Member s written authorization because the physician is not involved in the actual diagnosis and/or treatment of the Member. A husband is requesting information about his wife s (our Member s), medications but there is no documentation to indicate that our Member has authorized him to obtain her medical information. May I give it to him because he is her husband? No. Her Protected Health Information (PHI) is confidential even from family members unless she authorizes releasing that information. Page 8
M. Privacy Breach Reporting Member privacy breaches occur when Protected Health Information (PHI) is disclosed to an individual or entity not authorized to hear and/or see it without a written authorization from the Member. This excludes PHI provided for treatment, payment and/or IEHP operations. Breaches may be caused by misdirected faxes; verbal Member information shared in front of a non-authorized individual; mail sent to the wrong address; and misdirected e-mails, to name a few. Privacy breaches must be reported to DHCS and, under certain circumstances, to the federal Department of Health and Human Services. A failure to report and/or to report a privacy breach within one (1) hour of discovery to DHCS may result in monetary penalties and/or sanctions against IEHP. REPORT As you can see, the timeline for reporting is very strict, therefore it is the responsibility of every Team Member to report a potential privacy breach to the Compliance Department immediately upon perceiving that one has occurred. Page 9
You have a variety of ways in which to report a potential privacy breach: 1 2 3 4 5 6 Access the Intranet and click on Compliance 360. Then select PnP Search and finally type Combined Privacy Breach Internal Investigation and CAP Form in the search box. Complete the form and submit to the Compliance e-mail or to a member of the Compliance Team. Call the Compliance Department at ext. 2014. The Compliance Hotline is toll-free at (866) 355-9038 and is available 365 days/year, 24 hours/day. If a Compliance Team Member is not present, a confidential voice mail will take your message and the Team will pick it up on the next business day. You may report your concerns anonymously, although we appreciate the opportunity to ask questions if necessary. E-mail at: compliance@iehp.org Send a fax to: (909) 890-2973 Visit the Compliance Team or the IEHP Compliance Officer: 1st Floor of the Atrium near the front (North) entrance. Whenever a Member privacy breach occurs, IEHP must inform the Member in writing that their PHI and health information was viewed and/or received without their authorization. You should also report privacy breaches that affect an IEHP Member to the Compliance Department even if we did not cause the breach. An example might be Member PHI and healthcare information that was accidentally faxed by a provider s office to a person or entity that was unrelated to the Member s care, such as a private residence fax or a non-related healthcare business. Q&A Why are privacy breaches of such great concern to IEHP? Put yourself in the place of a Member whose confidential and very private PHI and healthcare information has been sent to someone without a right to see it. Not only is IEHP responsible for the incident but we will have breached the trust of an individual, our Member. Page 10
N. Fraud, Waste and Abuse (FWA) Prevention, Identification and Reporting IEHP has established a Fraud Prevention Program and will investigate allegations of fraud, waste and/or abuse on the part of Members, Providers, vendors, pharmacies, health plans, Team Members and any entity doing business with IEHP. A powerful weapon against FWA is a knowledgeable and responsible Team Member who can recognize potential fraud and knows the reporting procedures. Every Team Member not only has the right to report suspected FWA but a responsibility under state and federal laws and contracts as well as IEHP Policy. The Federal False Claims Act and similar state laws make it a crime to submit a false claim to the government for payment. False Claims include, but are not limited to, billing for treatment not rendered; upcoding to bill for higher reimbursement; and falsifying records to support billed amounts. These same laws protect individuals known as whistleblowers. These individuals generally have inside knowledge of false claims billing by companies for whom they work or have worked. Under the federal False Claims Act, they may bring a civil suit against the company on behalf of the U.S. Government and, if the suit is successful, they may be awarded a percentage of the funds recovered. There is a provision in the federal False Claims Act that protects a whistleblower from retaliation by an employer. Actions such as suspension, threats, harassment or discrimination could be considered retaliatory. IEHP will not tolerate retaliation against any person who has suspected fraudulent activity and reported those suspicions in compliance with IEHP policy. Page 11
You have a variety of ways in which to report potential fraud, waste or abuse: 1 Access the Intranet and click on Compliance 360. Then select PnP Search and finally type Fraud Report Form in the search box. Complete the form and submit to the Compliance e-mail or to a member of the Compliance Team. 2 3 4 5 6 Call the Compliance Department at ext. 2014. The Compliance Hotline is toll-free at (866) 355-9038 and is available 365 days/year, 24 hours/day. If a Compliance Team Member is not present, a confidential voice mail will take your message and the Team will pick it up on the next business day. You may report your concerns anonymously, although we appreciate the opportunity to ask questions if necessary. E-mail at: compliance@iehp.org Send a fax to: (909) 890-2973 Visit the Compliance Team or the IEHP Compliance Officer: 1st Floor of the Atrium near the front (North) entrance. Attendance at Fraud, Waste and Abuse training is mandatory for all Team Members upon initial employment and annually thereafter. A failure to attend may result in disciplinary action and will be considered at the time of the annual Performance Evaluation. If a Team Member violates any aspect of IEHP s Fraud Prevention Program, they will be subject to disciplinary action, up to and including, termination. For additional information relative to FWA and related legislation refer to IEHP Human Resources Policy Section F-2 and to Compliance Policy/Procedure, Fraud, Waste and Abuse Program, PRO-CMP 03a. Page 12
O. Identification of Excluded Individuals and Entities IEHP has a monitoring system to identify individuals and/or entities that have been excluded from participation in federal health care programs by the Department of Health and Human Services (DHHS), the Office of Inspector General (OIG), and/or the General Service Administration (GSA). IEHP will not use federal funds to pay for salaries, services, equipment or drugs to a provider, supplier, Team Member, first tier or downstream entity that has been excluded. Page 13
NOTES:
2013 Inland Empire Health Plan. All Rights Reserved. FN 01972-0113-1
ACKNOWLEDGEMENT OF RECEIPT AND RECOGNITION OF THE IEHP CODE OF CONDUCT I acknowledge having read IEHP s Code of Conduct and I understand that the content contains important information on IEHP s Compliance Program; Confidentiality Policies and Procedures (including HIPAA and the HITECH Act); the Fraud, Waste and Abuse (FWA) Program; and, the Conflict of Interest Policy. I recognize that the Code of Conduct explains my obligations as a Team Member or business entity contracted with IEHP. I acknowledge that I am expected to read, understand and adhere to the Code of Conduct and designated policies and procedures and will familiarize myself with their contents. I understand my responsibility to protect Member PHI and other confidential records and data to which I have knowledge and access to in the course of my employment or business association with IEHP. Keeping this confidentiality is a condition of my employment or contract. This information shall not be disclosed to anyone under any circumstances, except to the extent necessary to fulfill my job or contract requirements. Any disclosure of confidential records or data to non-iehp employees requires authorization by IEHP senior management and may require the execution of an agreement. I understand that my duty to maintain confidentiality continues even after I am no longer employed or contracted by IEHP. I understand that information reported under the Fraud, Waste and Abuse Program will remain confidential to the extent allowed by law, and IEHP will investigate any suspected fraudulent activity and take appropriate preventive and/or corrective action. I agree to cooperate fully with fraud, waste and abuse investigations and I understand that IEHP s policy will not tolerate retaliation against any person who suspects fraud, waste or abuse and reports those suspicions to IEHP. I understand that I have a legal, moral and ethical obligation to report potential privacy breaches as well as potential fraud, waste and abuse, in compliance with state and federal laws, contractual requirements and IEHP Policies and Procedures. I understand that violation and/or non-compliance with the Code of Conduct requirements is grounds for immediate disciplinary action, up to and including, termination of employment or contract. Team Member/Entity Name (Print) Team Member/Entity Signature Date 2013 Inland Empire Health Plan. All Rights Reserved. FN 01986-0113-1