1
EXHIBIT 10.4
CORPORATE INTEGRITY AGREEMENT
BETWEEN THE
OFFICE OF INSPECTOR GENERAL
OF THE
DEPARTMENT OF HEALTH AND HUMAN SERVICES
AND
MEDAPHIS CORPORATION
I. PREAMBLE
Medaphis Corporation ("Medaphis") hereby agrees to enter into this
Corporate Integrity Agreement ("CIA") with the Office of Inspector General
("OIG") of the United States Department of Health and Human Services ("HHS") and
implement any reasonable and necessary policies, procedures, and practices to
ensure compliance with the terms of this agreement and the requirements of
Medicare, Medicaid, and all other Federal health care programs (as defined in 42
U.S.C. ss. 1320a-7b(f)). On or about this date, Medaphis is entering into a
settlement agreement with the United States and this CIA is incorporated into
that Settlement Agreement by reference.
Prior to the execution of this CIA, Medaphis commenced its own
compliance program which provides for a chief compliance officer, a compliance
committee, a training and education program, an internal monitoring and auditing
program, a confidential hotline, a screening methodology for prospective
employees, and for policies and procedures which, as represented by Medaphis,
are aimed at ensuring that its role in
1
2
submitting claims is conducted in conformity with the statutes, regulations and
other directives applicable to the Federal and state health care programs.
Medaphis owns several subsidiaries, including Medaphis Physician
Services Corporation ("MPSC") and Gottlieb's Financial Services, Inc. As used
herein, any specific reference to MPSC includes Gottlieb's Financial Services,
Inc.
II. TERM OF THE AGREEMENT
Medaphis agrees to undertake the compliance and corporate integrity
obligations set forth below for a period of five (5) years and one hundred and
fifty (150) days from the date of execution of this CIA. At the end of four (4)
years and one hundred and fifty (150) days from the date of the execution of
this CIA, however, Medaphis shall have the right to petition the HHS-OIG for
early termination of this CIA. The date of execution will be the date of the
final signature on the Settlement Agreement with the United States Attorney's
Office in the Central District of California. The petition for early termination
(the "Petition") shall be submitted in writing to the address designated in
section VII of this CIA and shall state the reasons why early termination should
be granted. HHS-OIG shall review the Petition and shall transmit in writing its
decision concerning early termination to Medaphis. In determining whether the
Petition should be granted, HHS-OIG may consider: (1) Medaphis' compliance with
the provisions of this CIA; (2) the state of Medaphis' compliance programs and
its effectiveness; and (3) the opinions of any fiscal intermediaries, carriers,
or officers thereof or other fiscal agents of Federal health
2
3
care programs regarding Medaphis' compliance with statutes, regulations, and
other directives applicable to the Federal and state health care programs.
III. CORPORATE INTEGRITY OBLIGATIONS
A. Compliance Officer. Medaphis shall continue, for at least
the term of this CIA, to have in place a Compliance Officer who shall be
responsible for developing and implementing policies, procedures, and practices
designed to ensure compliance with the requirements set forth in this CIA, and
with the requirements of Medicare, Medicaid, and all other Federal health care
programs. The Compliance Officer shall be a member of senior management of
Medaphis (i.e., not subordinate to the general counsel, Chief Financial Officer
("CFO"), or similar officer of Medaphis) and shall make regular (at least
quarterly) reports regarding compliance matters directly to the Medaphis Chief
Executive Officer ("CEO") and to the Board of Directors of Medaphis. If the
identity of the Compliance Officer changes, Medaphis shall notify the OIG, in
writing, within fifteen (15) days of such change.
In addition, for at least the term of this CIA, MPSC shall continue to
have in place a Compliance Committee. The Compliance Committee shall, at a
minimum, include the Compliance Officer, a senior executive from MPSC, and any
other appropriate senior officers as would be required to fulfill the duties and
responsibilities as set forth in this CIA. The Compliance Committee will support
the Compliance Officer in fulfilling his/her responsibilities. The names and
positions of the Compliance Committee members
3
4
will be included in the Implementation and First Annual Reports. Any changes to
the membership of the Compliance Committee shall be noted in subsequent Annual
Reports.
B. Policies and Procedures. Within one hundred and twenty
(120) days after the date of execution of this CIA, to the extent not already
accomplished, Medaphis shall develop and initiate implementation of written
Standards of Conduct, Policies and Procedures regarding the operation of
Medaphis' corporate integrity program, and compliance with all applicable
Federal and state health care statutes, regulations, and guidelines, including
the requirements of Medicare, Medicaid, and other Federal health care programs.
The Board of Directors shall annually review the Standards of Conduct. In
addition to other requirements as determined by Medaphis, the Policies and
Procedures shall specifically require, with respect to claims submitted to
Medicare, Medicaid, and all other Federal health care programs, that: (1) for
those claims where coding or diagnosis decisions are made by employees or
contractors of Medaphis and/or MPSC, the claims are properly supported by
required documentation and shall be properly coded and not subject to improper
unbundling(1), upcoding(2), assumption coding(3), or other inappropriate
- - ------------------
(1) The term "unbundling" refers to the inappropriate coding of a single
procedure, such as a laboratory profile or single operative session, as
a number of separate procedures.
(2) The term "upcoding" refers to the coding of a service at a higher level
of complexity than was actually performed or documented to obtain a
higher level of reimbursement.
(3) The term "assumption coding" refers to the coding of a diagnosis or
procedure without supporting clinical documentation.
4
5
coding; (2) for claims that are submitted based upon coding by the provider(4),
that such providers have been informed that claims shall be properly supported
by required documentation, properly coded, and not subject to improper
unbundling, upcoding, assumption coding, or other inappropriate coding; (3)
quality control systems be implemented to prevent the submission of duplicate
bills, and that resubmissions are done in accordance with the instructions by
the appropriate payor; (4) the computer systems employ technically feasible
techniques reasonably designed to detect false or fraudulent claims activity in
claims submitted by MPSC or Medaphis; (5) credit balances are regularly and
properly monitored to ensure that Medaphis timely notifies providers that
appropriate and timely refunds are due payors and patients; (6) modifiers are
appropriately used by Medaphis and MPSC coders, if such coding is performed by
Medaphis or MPSC, and that providers are advised to use appropriate modifiers
when Medaphis' or MPSC's billing is based upon modifiers supplied by the
provider; and (7) the necessary procedure and diagnosis reference tools are
regularly updated, made available, and used by the appropriate personnel. In
addition, the Policies and Procedures shall include disciplinary guidelines and
methods for employees to make complaints and notifications about compliance
issues to Medaphis' management through the Confidential Disclosure Program
required by section III(E). Medaphis shall review and, when
- - ----------------
(4) For purposes of this CIA, the term "provider" is used to designate
those individuals and entities for whom Medaphis or any of its
subsidiaries, including MPSC, submit claims.
5
6
applicable, update the Policies and Procedures at least annually, and more
frequently as appropriate. The Policies and Procedures shall be available to the
OIG upon request.
To the extent not already accomplished, within one hundred and twenty
(120) days of the execution date of the CIA, Medaphis shall ensure that
employees have been provided the Standards of Conduct and all appropriate
policies and procedures which are relevant to that particular employee's
functions and responsibilities. Each employee shall certify, in writing, that he
or she has read, understands, and will abide by Medaphis' Standards of Conduct
and the applicable policies and procedures. Compliance staff or supervisors
should be available to explain any and all policies and procedures. New
employees shall receive the Standards of Conduct and the applicable policies and
procedures within one (1) week after the commencement of their employment or
contract. These individuals shall also certify, in writing, that they have read,
understand and will abide by Medaphis' Standards of Conduct and the applicable
policies and procedures. Medaphis shall distribute any changes as necessary to
the appropriate individuals. Employees must certify on an annual basis that they
have read, understand, and will abide by the Standards of Conduct and the
applicable policies and procedures.
C. Training and Education. Medaphis shall continue to maintain
a training and educational program. Such program shall: (1) ensure that by
December 31, 1998, all employees who supervise any function affecting coding
decisions will have the designation of either Certified Professional Coder
("CPC") (or an independent certified
6
7
coder designation similar to a CPC) or a Medaphis Certified Coder ("MCC")(5);
and (2) ensure that within one hundred and eighty (180) days, employees who
perform any function affecting coding decisions will have the designation of
either CPC (or similar designation) or MCC.
Medaphis shall also provide at least two (2) hours of training annually
to each employee of Medaphis and its subsidiaries. This general training shall:
(1) cover Medaphis' Corporate Integrity Agreement; (2) cover Medaphis' Policies
and Procedures as appropriate for the type of employee; (3) reinforce the need
for strict compliance with the applicable statutes, regulations, program
guidelines, and Medaphis' Policies and Procedures; and (4) advise employees how
potential violations of these regulations or of the provider's policies and
procedures should be handled and that any failure to comply may result in
disciplinary action, up to termination of employment. New employees shall
receive the general training described above within thirty (30) days of the
beginning of their employment. Any employee who has received training on these
issues within one hundred and twenty days (120) days prior to the effective date
of this CIA, need only be advised of the terms and conditions of this CIA as it
applies to their responsibilities, to comply with the training requirements of
this paragraph for the current year.
- - -----------------
(5) MCC is a certification received after a minimum of eighty (80) hours of
training and five examinations relating to the CPT and ICD codes, human
anatomy, medical terminology, and billing compliance.
7
8
In addition to the general training described above, each MPSC employee
and any other employee who is involved in the preparation or submission of
claims for reimbursement for such care for Medicare, Medicaid, or any other
Federal health care programs, shall receive at least four (4) hours of training,
annually, in: (1) the submission of accurate bills to Medicare, Medicaid, or
other Federal health care programs; (2) the personal obligation of each
individual involved in the billing process to ensure that such billings, and the
information contained therein, are accurate; (3) applicable reimbursement rules
and statutes; (4) the legal sanctions for improper billings; and (5) examples of
proper and improper billing practices. At least seventy-five percent (75%) of
all employees covered under this paragraph shall receive the specified training
as set forth in this paragraph within one hundred and twenty (120) days of the
execution date of this CIA. The remaining twenty-five percent (25%) of the
employees shall receive the specified training within one hundred and eighty
(180) days of the execution date of this CIA. Any employee having received such
training within the previous one hundred and twenty (120) days of the effective
date of this CIA need not undergo additional training until next year.
Individuals specifically responsible for coding or supervising such
function shall also engage in an additional four (4) hours annual training
designed to update their MCC or CPC status and provide information on any coding
changes relating to that individual's particular specialty (e.g., Radiology,
Pathology, Emergency Services, or Anesthesiology).
8
9
Any employee having received such training within the previous one hundred and
twenty (120) days of the effective date of this CIA need not undergo additional
training until next year.
New employees who have any responsibility for billing or the assignment
of procedure or diagnosis codes shall have their work reviewed and supervised by
a Medaphis employee who has completed the training as specified in this section
until all appropriate training has been completed.
Medaphis will maintain a record of the date of training of each
employee.
D. Audits and Disclosures. Medaphis shall continue, for the
duration of this CIA, to do annual internal audits and reviews of each of its
thirty (30) largest billing offices of MPSC and internal audits and reviews
of the remaining billing offices of MPSC once every three (3) years. These
internal audits and reviews shall be conducted in accordance with the current
scope and methodology adopted by Medaphis, except to the extent that additional
procedures are required herein.
Medaphis also agrees that with respect to each office reviewed or
audited, it shall provide an analysis of that office's billing and coding
operation (including how the billing system operates, strengths and weaknesses
of the system, and whether the findings apply to other offices). In addition,
Medaphis agrees to do an audit, based upon a statistically valid random sample
of claims, to determine if the claims for services billed to Medicare, Medicaid,
and other Federal health care programs are accurate. Such audit shall also
9
10
indicate the dollar variation at each of the offices and in auditing the Halley
claims (the net effect may also be reported). Such audit shall be performed at
the following offices, according to the following schedule:
Year 1:
- The MPSC billing offices located in Calabasas, California,
Grand Rapids, Michigan, and Jacksonville, Florida (or if they
have moved, the offices at the new location).
- Three (3) MPSC offices, not included in the previous sentence,
picked at random from a list of billing offices whose primary
clients require billing for Emergency Services (such review of
these three (3) offices will relate to the billing of
Emergency Room Services).
- A randomly chosen sample of one hundred (100) claims relating
to Emergency Room Services from the Halley claims clearing
house. Should such sample reveal a claim(s) that would result
in an overpayment, the audit will then include appropriate
follow-up to determine the nature and scope of the problem.
YEAR 2:
- The MPSC billing offices that represent the three (3) largest
billing offices (as determined by amount of gross revenue),
excluding from the list of offices that are chosen from any
office audited in Year 1.
10
11
- Three (3) MPSC offices, not included in the audits of Year 1
or in the previous sentence, picked at random from a list of
billing offices whose primary clients require billing for
Radiology (such review of these three (3) offices will relate
to the billing of Radiology).
- A randomly chosen sample of one hundred (100) claims relating
to Radiology Services from the Halley claims clearing house.
Should such sample reveal a claim(s) that would result in an
overpayment, the audit will then include appropriate follow-up
to determine the nature and scope of the problem.
Year 3:
- The MPSC billing offices that represent the next three (3)
largest billing offices (as determined by amount of gross
revenue), excluding from the list that offices are chosen from
any office audited in Year 1 or Year 2.
- In addition, three (3) MPSC offices, not included in the
audits of Year 1 or Year 2 or in the previous sentence, picked
at random from a list of billing offices whose primary clients
require billing for Pathology (such review of these three (3)
offices will relate to the billing of Pathology).
- Also, there will be a randomly chosen sample of one hundred
(100) claims relating to Pathology from the Halley claims
clearing house. Should such sample reveal a claim(s) that
would result in an overpayment, the audit will
11
12
then include appropriate follow-up to determine the nature and
scope of the problem.
YEAR 4:
- The MPSC billing offices that represent the next three (3)
largest billing offices (as determined by amount of gross
revenue) within MPSC, excluding from the list that offices are
chosen from any office audited in Year 1, Year 2, or Year 3.
- Three (3) offices, not included in the audits of Year 1, Year
2, or Year 3 or in the previous sentence, picked at random
from a list of billing offices whose primary clients require
billing for Anesthesiology (such review of these three (3)
offices will relate to the billing of Anesthesiology
Services).
- A randomly chosen sample of one hundred (100) claims relating
to Anesthesiology Services from the Halley claims clearing
house. Should such sample reveal a claim(s) that would result
in an overpayment, the audit will then include appropriate
follow-up to determine the nature and scope of the problem.
YEAR 5:
- The MPSC billing offices that were (or are still) located in
Calabasas, California, Grand Rapids, Michigan, and
Jacksonville, Florida. If such offices have moved, the audit
will occur at the new location(s).
12
13
- Three (3) MPSC offices, picked at random from a list of
billing offices that were not included in any of the lists
required in Year 1 - Year 4.
- A randomly chosen sample of one hundred (100) claims relating
to any codes, not included in the subspecialties chosen in the
previous four (4) years, from the Halley claims clearing
house. Should such sample reveal a claim(s) that would result
in an overpayment, the audit will then include appropriate
follow-up to determine the nature and scope of the problem.
In addition, within one hundred and twenty (120) days of the date of
execution of this CIA, Medaphis shall retain an independent review organization,
such as an accounting firm or consulting firm, to perform agreed upon procedures
to assist the parties in assessing the adequacy of Medaphis' billing and
compliance practices. This will be an annual requirement and will cover a twelve
(12) month period. The independent review organization must have expertise in
the billing, coding, reporting and other requirements of Medicare, Medicaid, and
other Federal health care programs to which Medaphis submits claims.
The independent review organization will conduct two separate
engagements. One will be an analysis, based upon agreed upon procedures, of
MPSC's billing to the Medicare, Medicaid and all other Federal health care
programs to assist the parties in determining compliance with all applicable
statutes, regulations, and policies ("billing engagement"). The second
engagement will determine whether Medaphis is in compliance with this CIA
("compliance engagement"), based upon agreed upon
13
14
procedures. The agreed upon procedures are attached hereto as "Appendix A" and
are incorporated into this CIA by reference.
The billing engagement shall provide:
1. an analysis of the sufficiency of MPSC's internal review of its
billing and coding operation (including how the billing system operates
and the strengths and weaknesses of the system);
2. an analysis of whether the internal audits were performed as
described above, an analysis of the sufficiency of the methodology
utilized, and a test of fifteen percent (15%) of those claims audited,
randomly selected, to independently determine whether those claims are
in accordance with the requirements of the Medicare, Medicaid, and
other Federal health care programs.
3. an analysis as to whether MPSC's and/or Medaphis' procedures are
effective to correct inaccurate billings or codings to Medicare,
Medicaid, and other Federal health care programs;
4. an analysis of whether programs, policies, operations, and
procedures comply with the statutes, regulations and other requirements
of Medicare, Medicaid and other Federal health care programs to which
Medaphis submits claims;
5. an analysis of whether Medaphis has instituted adequate quality
controls to prevent upcoding, duplicate billing, or assumption coding;
and
14
15
6. an analysis of the steps Medaphis is taking to bring its operation
into compliance or to correct problems identified by the internal
audit(s) or reviews or by the independent review organization, as
appropriate;
The second engagement conducted by the Independent Review Organization
will be an analysis, based upon agreed upon procedures, of whether Medaphis'
program, policies, procedures, and operations comply with the terms of this
Agreement. In addition, Medaphis will ensure that a due diligence process will
be performed by the compliance office or independent due diligence firm on any
new acquisitions during the year. The due diligence process will include, but
not be limited to, a review of the policies and procedures, an analysis of a
random sample of claims to ensure they are being submitted with the proper codes
and diagnosis, interviews of current employees, and the use of a fraud and abuse
management tool to assess any aberrant billing patterns. In addition, the
computer systems of the new acquisition shall be reviewed to ensure there are no
systemic biases that would result in duplicate billing or overbilling to the
Medicare, Medicaid, or other Federal health care programs and Medaphis will
ensure that the personnel are qualified and properly trained in coding policies
and procedures.
A complete copy of the internal reviews and audits and the Independent
Review Organization's billing and compliance engagements shall be included in
Medaphis' Annual Report to the OIG.(6) The billing audit and engagement section
shall include the
(6) Medaphis however, is not required to include records from a due
diligence process for a potential acquisition which was not
consummated.
15
16
methodology used to make each determination, the audit and engagement results,
and the identification of overpayments. The listing of overpayments should
include the amount of the overpayment and name of the contractor who should
receive the refund.
If, as a result of these audits or through any other means, there are
any billing, coding, or other policies, procedures and/or practices that result
in an overpayment and/or material deficiency, and Medaphis or MPSC had
responsibility in whole or in part for making the decision of how an item or
service should be billed, which decision resulted in an overpayment, then
Medaphis shall notify the payor (e.g., Medicare fiscal intermediary or carrier)
and the provider within thirty (30) days of discovering the deficiency or
overpayment and take remedial steps within sixty (60) days of discovering the
deficiency or overpayment (or such additional time as may be agreed to by the
payor) to correct the problem, including preventing the deficiency from
recurring. The notice to the payor should include: (1) a statement that the
notification is being made pursuant to a Corporate Integrity Agreement; (2) a
description of the complete circumstances surrounding the overpayment; (3) the
methodology by which the overpayment was determined; (4) the amount of the
overpayment; (5) any claim-specific information used to determine the
overpayment (e.g., beneficiary health insurance number, claim number, service
date, and payment date); and (6) the provider's name and identification number.
If the payor is not able to collect or recoup such an overpayment from the
provider in accordance with the payor's procedures, then Medaphis agrees to
refund the overpayment
16
17
to the appropriate payor. Nothing in this paragraph affects Medaphis' rights to
collect such refund amounts from the appropriate provider.
If Medaphis has identified such a material deficiency, contemporaneous with
Medaphis' notification to the payor as provided above, Medaphis shall notify
OIG of: (1) the material deficiency (including Medaphis' findings and any
overpayment amounts); (2) Medaphis' findings concerning the material
deficiency; (3) Medaphis' action(s) to correct and prevent such material
deficiency from recurring; (4) the payor's name, address, and contact person
where the overpayment was sent; and (5) a copy of the letter to the provider
providing notification of the overpayment.
For purposes of this CIA, a "material deficiency" shall mean anything that
has a significant, adverse financial impact upon the Medicare and/or Medicaid
programs, which may be the result of an isolated event or a series of
occurrences, and which lacks conformity with Medicare and/or Medicaid billing
and/or reimbursement principles or other applicable statutes, and the
regulations and written directives issued by the Health Care Financing
Administration ("HCFA") and/or its agents, or any other agency charged with
administering the Federal health care program implicated and/or its agents.
While this reporting requirement focuses on occurrences having a "significant,
adverse financial impact," this provision does not excuse the Medaphis'
obligation under any applicable statutory or regulatory requirements to bring
to a payor's attention any other billing deficiencies, regardless of amount,
and to make appropriate refunds and take any steps necessary to prevent the
occurrence in the future.
17
18
For purposes of this CIA, an "overpayment" shall mean the amount of
money received in excess of the amount due and payable under the Medicare,
Medicaid, or other Federal health care program statutes and regulations.
E. Confidential Disclosure Program. Medaphis will continue its
Confidential Disclosure Program, which consists of a toll-free compliance
"hotline" (1-888-COMPLYH), enabling employees, agents and contractors, if
applicable, to disclose, to the Compliance Officer or another appropriate
person who is not in the reporting individual's chain of command, any
identified issues or questions associated with the policies, practices, or
procedures with respect to Medicare, Medicaid, or any other Federal health care
program, alleged by the individual to be inappropriate.
The Confidential Disclosure Program shall emphasize a non-retribution,
non-retaliation policy, and shall include a reporting mechanism for anonymous,
confidential communication. Upon receipt of a complaint, the compliance officer
or other responsible person shall gather the information in such a way as to
elicit all relevant information from individuals reporting alleged misconduct.
The Compliance Officer or designee shall make a preliminary good faith inquiry
into the allegations set forth in every disclosure to ensure that he or she has
obtained all of the information necessary to determine whether a further review
should be conducted. For any disclosure that is sufficiently specific that it
reasonably permits a determination of the appropriateness of the alleged
improper practice, and provides opportunity for the taking of corrective
action, the Compliance
18
19
Officer shall require the internal review of the allegations set forth in such
disclosure and ensure that proper follow-up is conducted.
The Compliance Officer shall maintain a confidential disclosure log,
which shall include a record of each allegation received, status of the
investigation of the allegation, and any corrective action taken in response to
the investigation.
F. Excluded Individuals. Medaphis shall not employ, contract with,
or otherwise use the services of any individual whom Medaphis knows or should
have known, after reasonable inquiry, (1) has been convicted of a criminal
offense related to health care (unless the individual has been reinstated to
participation in Medicare and all other Federal health care programs after
being excluded because of the conviction), or (2) is currently listed by a
Federal agency as excluded, debarred, or otherwise ineligible for participation
in any Federal health care program. In furtherance of this requirement,
Medaphis agrees to make reasonable inquiry as to any prospective employee,
agent, or individual considered for engagement by Medaphis as an independent
contractor by reviewing the General Services Administration's List of Parties
Excluded from Federal Programs (available over the Internet at
http://www.arnet.gov/epls) and the HHS/OIG Cumulative Sanction Report
(available over the Internet at http://www.dhhs.gov/progorg/oig). Within one
hundred and twenty (120) days of the date of execution of this CIA, if it has
not already been accomplished, Medaphis will have made reasonable inquiry
whether any current employee is excluded, debarred or
19
20
otherwise ineligible for participation in any Federal health care program and
taken appropriate action.
G. Notification of Proceedings. Within thirty (30) days of
discovery, Medaphis shall notify OIG, in writing, of any ongoing investigation
or legal proceeding conducted or brought by a governmental entity or its agents
involving an allegation that Medaphis has committed a crime or has engaged in
fraudulent activities or any other knowing misconduct. The notification shall
include a description of the allegation, the identity of the investigating or
prosecuting agency, and the status of such investigation or legal proceeding.
Medaphis shall also provide written notice to OIG within thirty (30) days of
the resolution of the matter, and shall provide OIG with a description of the
findings and/or results of the proceedings.
IV. NEW ACQUISITIONS
Within thirty (30) days of acquiring a new company (by Medaphis or any
of its subsidiaries) or establishing a new billing office of MPSC, Medaphis
will notify the OIG, in writing, of the addition of any new operations, its
address, and functions. All requirements with respect to new employees (e.g.,
completing certifications and undergoing training) must be met as set forth in
this CIA.
V. OIG INSPECTION, AUDIT AND REVIEW RIGHTS
In addition to any other rights OIG may have by statute, regulation,
contract or pursuant to this CIA, OIG or its duly authorized representative(s)
or agents may examine
20
21
Medaphis' books, records, and other documents and supporting materials for the
purpose of verifying and evaluating: (i) Medaphis' compliance with the terms of
this CIA; and (ii) Medaphis' compliance with the requirements of the Medicare,
Medicaid, and other Federal health care programs. As part of these records, the
OIG requires that Medaphis maintain and make available upon request a listing
for each Medaphis location of all billing numbers (e.g. PIN, IPIN) for which
that particular Medaphis location has billed the Medicare, Medicaid, or other
Federal health care programs. The documentation described above shall be made
available by Medaphis at all reasonable times for inspection, audit, or
reproductions. (7) Furthermore, for purposes of this provision, OIG or its duly
authorized representative(s) may interview any of Medaphis' employees who
consent to be interviewed at the employee's place of business during normal
business hours or at such other place and time as may be mutually agreed upon
between the employee and OIG. Medaphis agrees to assist OIG in contacting and
arranging interviews with such employees upon OIG's request. Medaphis employees
may elect to be interviewed with or without a representative of Medaphis or
counsel present.
- - ---------------
(7) By so agreeing to this section, Medaphis does not waive any
applicable attorney-client or work product privileges, however, any such claim
of privilege may not be used to avoid compliance with this CIA.
21
22
VI. IMPLEMENTATION AND ANNUAL REPORTS
A. IMPLEMENTATION REPORT
Within one hundred and fifty (150) days after the date of execution of
this CIA, Medaphis shall submit a written report to the OIG summarizing the
status of implementation of the requirements of this CIA. This implementation
report shall include:
(1) the name, address, phone number and position description of the
Compliance Officer and compliance committee required in III(A);
(2) a certification by the Compliance Officer that the written
Policies and Procedures required by III(B) have been developed, are
being implemented, and that each affected employee, as specified in
this agreement, has signed the certification attesting he or she has
received, read, understood and will abide by the applicable policies
and procedures;
(3) a description of the training programs implemented pursuant to
III(C), a summary of the activities undertaken in furtherance of the
training programs, including schedules and format of the training
sessions, and a certification by the Compliance Officer that the
training required within the first one hundred and twenty (120) days
has been completed;
22
23
(4) a description of the confidential disclosure program pursuant to
III(E) and a description of the other lines of communication between
the compliance officer and employees;
(5) the identity of the independent review organization and the
proposed start and completion date of the first engagements; and
(6) a summary of personnel actions taken pursuant to section III(F).
B. ANNUAL REPORT
Thereafter, Medaphis shall submit to the OIG an Annual Report, with
respect to the status and findings of Medaphis compliance activities. The Annual
Reports shall include:
(1) any change in the identity or position description of the
Compliance Officer described in III(A);
(2) notification of any changes or amendments to the Policies and
Procedures required by III(B) and the reasons for the changes (e.g.,
change in contractor policy). The Compliance Officer shall certify in
the annual report to the OIG that copies of the certifications required
by III(B) are on file and will be maintained for OIG inspection;
(3) compliance officer certification that all affected employees
have attended and completed training sessions as well as a summary of
when the training was performed and the proposed schedule for the next
year pursuant to III(C). The training materials will be available to
the OIG upon request;
23
24
(4) a complete copy of the Independent Review Organization's billing
and compliance engagements and any corrective action Medaphis plans to
initiate in response; a complete copy of all internal reviews and
audits covered by this CIA and done for the previous year; and a copy
of the due diligence process performed for new acquisitions;
(5) a summary of problems identified in either a) the internal
audits or reviews; or b) the independent review organization billing,
compliance engagements or due diligence reviews; status of corrective
actions taken to address those problems; and, for each identified
overpayment, the following information: amount of individual
overpayments identified, the provider identification, the
corresponding payor's name to which the notification, and if required,
any payment was sent;
(6) a report of the aggregate overpayments that have been returned
to the Medicare, Medicaid, and other Federal health care programs that
were discovered as a direct or indirect result of the corporate
integrity provisions in this CIA; Overpayment amounts should be broken
down into the following categories: Medicare, Medicaid (report each
applicable state separately) and other Federal health care programs.
For any overpayments not identified through the audits, reviews, or
engagements pursuant to III(D), include a description of how each
overpayment was calculated and the reason for the overpayment;
24
25
(7) a description of the disclosures received, status of actions
taken and the results pursuant to III(E) and a copy of the
confidential disclosure log required by that section;
(8) a description of any personnel action (other than hiring) taken
by Medaphis as a result of the obligations in section III(F);
(9) a description of any ongoing investigation or legal proceeding
conducted or brought by a governmental entity involving an allegation
that Medaphis has committed a crime or has engaged in fraudulent
activities as required by III(G). The statement shall include a
description of the allegation, the identity of the investigating or
prosecuting agency, and the status of such investigation, legal
proceeding or requests;
(10) a listing of all Medaphis locations (street, city, state, zip,
phone, and fax), and the corresponding name each location is doing
business as;
(11) a list of all providers who have ceased using the services of
Medaphis or MPSC during the previous year and provide the average
number of claims submitted per month on behalf of that provider; and
(12) a certification by the Compliance Officer verifying that: a)
Medaphis is in compliance with all of the requirements of this CIA, to
the best of his or her knowledge; and b) the Compliance Officer has
reviewed the Annual Report and has made reasonable inquiry regarding
its content and believes that, upon such inquiry the information is
accurate and truthful.
25
26
The first Annual Report shall be received by the OIG no later than one
year and one hundred and fifty (150) days after the execution of the CIA.
Subsequent Annual Reports shall be submitted no later than one year after the
first report is due.
VII. NOTIFICATIONS AND SUBMISSION OF REPORTS
Unless otherwise stated subsequent to the execution of this CIA, all
notifications and reports required under the terms of this CIA shall be
submitted to the entities listed below:
OIG:
Civil Recoveries Branch - Compliance Unit
Office of Counsel to the Inspector General
Office of Inspector General
U.S. Department of Health and Human Services
330 Independence Avenue, SW
Cohen Building, Room 5527
Washington, D.C. 20201
Phone 202.619.2078
Fax 202.205.0604
Medaphis:
Christopher L. Ideker
Chief Compliance Officer
Medaphis Physician Services Corporation
Billing Compliance Department
2700 Cumberland Parkway - Suite 300
Atlanta, GA 30339
Phone 770.444.5504
Fax 770.444.7504
26
27
VIII. DOCUMENT AND RECORD RETENTION
Medaphis shall maintain for inspection documents and records belonging
to Medaphis and relating to reimbursement from the Federal health care programs
or with compliance with this CIA one year longer than the duration of this CIA
or until otherwise required to retain such records, whichever is later.
Medaphis shall also maintain records of its current clients for the same
duration as stated in the previous sentence, to the extent allowed by law.
Medaphis shall not return records to discontinued clients unless such request
is initiated by the client and is in writing.
IX. CONFIDENTIALITY
The confidentiality of all documents and other information provided by
MPSC or Medaphis in connection with its obligations under this CIA shall be
maintained by the OIG except to the extent disclosure is required by law.
Nothing in this CIA shall be construed to prohibit the OIG from providing
information to any other department or agency of the United States Government,
or its representatives or agents or to any State, provided that any such entity
receiving such information shall be advised by the OIG of the confidentiality
provisions of this CIA. The OIG recognizes that certain information submitted
to it under this CIA may constitute trade secrets or confidential commercial or
financial information within the meaning of section 552(b) of the Freedom of
Information Act ("FOIA"), 5 U.S.C. ss. 552(b)(4). Medaphis shall identify all
records that it contends fall with this section. To the extent the OIG
determines that records submitted fall within
27
28
the ambit of this exemption, OIG agrees to follow its pre-disclosure
notification procedures set out in 45 C.F.R. ss. 5.65 with respect to such
records. These procedures include prior notice to the designated person within
Medaphis (as provided in section VII) of any potential release of records under
the FOIA and an opportunity to provide information as to why the information is
exempt under 5 U.S.C. ss. 552(b)(4). Medaphis will also be given advance notice
to the address set forth herein, if OIG decides that any such information is
not exempt under section 552(b)(4). Medaphis shall designate documents as
subject to such an exemption only if such is the case.
X. BREACH AND DEFAULT PROVISIONS
Medaphis' compliance with the terms and conditions in this CIA shall
constitute an element of Medaphis' present responsibility with regard to
participation in Federal health care programs. Full and timely compliance by
Medaphis shall be expected throughout the duration of the compliance period
required by this CIA with respect to all of the obligations herein agreed to by
Medaphis. All modifications to this CIA (including changes to dates on which an
obligation is due to be met) shall be requested in writing and agreed to by the
OIG in writing prior to the date on which the modification is expected to take
effect.
28
29
A. STIPULATED PENALTIES FOR FAILURE TO COMPLY WITH CERTAIN
OBLIGATIONS
As a contractual remedy, Medaphis and OIG hereby agree that failure to
comply with certain obligations set forth in this CIA may lead to the
imposition of the following monetary penalties (hereinafter referred to as
"Stipulated Penalties") in accordance with the following provisions.
(1) A Stipulated Penalty of $2,500 (which shall begin to accrue
on the day after the date the obligation became due) for each day Medaphis
fails to have in place any of the following during the entire period beginning
one hundred and twenty (120) days after the execution of this CIA and
concluding at the end of the corporate integrity period required by this CIA:
a. a Compliance Officer;
b. a Compliance Committee;
c. written Policies and Procedures;
d. an education and training program;
e. a Confidential Disclosure Program;
(2) A Stipulated Penalty of $2,500 (which shall begin to accrue on
the day after the date the obligation became due) for each day Medaphis fails
meet any of the deadlines to provide the Implementation Report or the Annual
Reports.
(3) A Stipulated Penalty of $1,500 (which shall begin to accrue on
the date the failure to comply began) for each day Medaphis employs or
contracts with an individual
29
30
after that individual has been listed by a federal agency as excluded, debarred,
suspended or otherwise ineligible for participation in the Medicare, Medicaid
or any other Federal health care program. This stipulated penalty shall not be
demanded if Medaphis can demonstrate that it did not discover the individual's
exclusion or other ineligibility after making a reasonable inquiry (as described
in section III(F)) as to the current or potential status of the employee or
consultant engaged, and Medaphis terminated the employment of such individual
immediately upon notice of ineligibility.
(4) A stipulated penalty of $1,500 (which shall begin to accrue on
the date the Medaphis fails to grant reasonable access) for each day Medaphis
fails to grant reasonable access to the information or documentation necessary
to exercise OIG's inspection, audit and review rights set forth in section V of
this CIA.
(5) A Stipulated Penalty of $1,000 (which shall begin to accrue
ten (10) days after the date of an OIG notice to Medaphis of a failure to
comply) for each day Medaphis fails to comply with any obligation of this CIA
other than those specifically mentioned in paragraphs (1) through (4) of this
section X(A).
B. PAYMENT OF STIPULATED PENALTIES
(1) Demand Letter. Upon finding that Medaphis has failed to comply
with any of the obligations described in section X(A) and determining that
Stipulated Penalties are appropriate, the OIG shall notify Medaphis by
certified mail of: (a) its failure to comply; and (b) the OIG's exercise of its
contractual right to demand payment of the Stipulated Penalties (this
notification is hereinafter referred to as the "Demand Letter"). Within
30
31
fifteen (15) days of the date of the Demand Letter, Medaphis shall either: (a)
cure the breach to the OIG's satisfaction and pay the applicable stipulated
penalties; or (b) request a hearing before an HHS administrative law judge
("ALJ") to dispute the OIG's determination of noncompliance, pursuant to the
agreed upon provisions set forth below in section X(D). Failure to respond to
the Demand Letter shall be considered a material breach of this Agreement and
shall be grounds for exclusion under section X(C).
(2) Timely Written Requests for Extensions. Medaphis may submit a
timely written request for an extension of time to perform any act or file any
notification or report required by this CIA. Notwithstanding any other
provision in this section, if the OIG grants the timely written request with
respect to an act, notification, or report, then Stipulated Penalties shall not
begin to accrue for the activity subject to the request, unless and until
Medaphis fails to meet the deadline granted by the extension. Notwithstanding
any other provision in this section, if OIG denies such a timely written
request, Stipulated Penalties for failure to perform the act or file the
notification or report shall not begin to accrue until two (2) business days
after Medaphis receives OIG's written denial of such a request. A "timely
written request" is defined as a request in writing received by OIG at least
five (5) business days prior to the date by which any act is due to be
performed or notification or report is due to be filed.
(3) Form of Payment. Payment of the stipulated penalties shall be
made by certified or cashier's check, payable to "Secretary of the Department
of Health and Human Services," and submitted to the OIG at the address set
forth in section VII.
31
32
(4) Independence from Material Breach Determination. Except as
otherwise noted, these provisions for payment of Stipulated Penalties shall not
affect or otherwise set a standard for the OIG's determination that Medaphis has
materially breached this CIA, which decision shall be made at the OIG's
discretion and governed by the provisions in section X(C), below.
C. EXCLUSION FOR MATERIAL BREACH OF THIS CIA
(1) Notice of Material Breach and Intent to Exclude. The parties
agree that a material breach of this CIA by Medaphis constitutes an independent
basis for Medaphis' exclusion from participation in Medicare, Medicaid, and all
other Federal health care programs. Upon a determination by the OIG that
Medaphis has materially breached this CIA and that exclusion should be imposed,
the OIG shall notify Medaphis by certified mail of (a) its material breach; and
(b) the OIG's intent to exercise its contractual right to impose exclusion
(this notification is hereinafter referred to as the "Notice of Material
Breach and Intent to Exclude Letter").
(2) Opportunity to Cure. Medaphis shall have thirty-five (35)
days from the date of the letter to demonstrate to the OIG's satisfaction that:
a. Medaphis is in full compliance with this CIA;
b. the alleged material breach has been cured; or
c. the alleged material breach cannot be cured within
the thirty-five (35) day period, but that (i) Medaphis
has begun to take action to cure the material breach,
(ii) Medaphis is pursuing such action with
32
33
due diligence, and (iii) Medaphis has provided to the
OIG a reasonable timetable for curing the material
breach.
(3) Exclusion Letter. If at the conclusion of the thirty-five (35)
day period, Medaphis fails to satisfy the requirements of section X(C)(2), OIG
may exclude Medaphis from participation in the Medicare, Medicaid, and all
other Federal health care programs. OIG will notify Medaphis in writing of its
determination to exclude Medaphis (this letter shall be referred to hereinafter
as the "Exclusion Letter"). Subject to the Dispute Resolution provisions in
section X(D), below, the exclusion shall go into effect thirty (30) days after
the date of the Exclusion Letter. The exclusion shall have national effect and
will also apply to all other federal procurement and non-procurement programs.
If Medaphis is excluded under the provisions of this CIA, Medaphis may seek
reinstatement pursuant to the provisions at 42 C.F.R. ss. 1001.3001-3004.
(4) Material Breach. A material breach of this CIA means: (a) a
failure by Medaphis to meet an obligation under this CIA where the failure has
a significant financial impact on the integrity of Medicare, Medicaid, or any
over Federal health care program (for example, a failure to report a material
deficiency, take corrective action and pay the appropriate refunds, as provided
in section III(D)); (b) repeated or flagrant violations of the obligations
under this CIA, including, but not limited to, the obligations addressed in
section X(A); or (c) a failure to respond to a Demand letter concerning the
payment of Stipulated Penalties in accordance with section X(B) above.
33
34
D. DISPUTE RESOLUTION
(1) Review Rights. Upon the OIG's delivery to Medaphis of its
Demand Letter or of its Exclusion Letter, and as an agreed-upon contractual
remedy for the resolution of disputes arising under the obligation of this CIA,
Medaphis shall be afforded some review rights comparable to the ones that are
provided in 42 U.S.C. ss. 1320a-7(f) and 42 C.F.R. ss. 1005 as if they applied
to the stipulated penalties or exclusion sought pursuant to this CIA.
Specifically, the OIG's determination to demand payment of stipulated penalties
or to seek exclusion shall be subject to review by an ALJ and the Departmental
Appeals Board ("DAB") in a manner consistent with the provisions in 42 C.F.R.
ss. 1005.2-1005.21. Notwithstanding the language in 42 C.F.R. ss. 1005.2(c), the
request for a hearing involving stipulated penalties shall be made within ten
(10) days of the date of the Demand Letter and the request for a hearing
involving exclusion shall be made within thirty (30) days of the date of the
Exclusion Letter.
(2) Stipulated Penalties Review. Notwithstanding any provision of
Title 42 of the United States Code or Chapter 42 of the Code of Federal
Regulations, the only issues in a proceeding for stipulated penalties under
this CIA shall be: (a) whether Medaphis was in full and timely compliance with
the obligations of this CIA for which the OIG demands payment; and (b) the
period of noncompliance. Medaphis shall have the burden of proving its full and
timely compliance and the steps taken to cure the noncompliance, if any. If the
ALJ sustains the OIG and orders Medaphis to pay Stipulated Penalties, such
Stipulated Penalties shall become due and payable 20 days after the ALJ issues
such a
34
35
decision, notwithstanding that Medaphis may request review of the ALJ decision
by the DAB.
(3) Exclusion Review. Notwithstanding any provision of Title 42 of
the United States Code or Chapter 42 of the Code of Federal Regulations, the
only issues in a proceeding for exclusion based on a breach of this CIA shall
be: (a) whether Medaphis was in material breach of this CIA; and (b) whether
such breach was continuing on the date of the Exclusion Letter. For purposes of
the exclusion herein agreed to in the event of material breach of this CIA, the
ALJ's decision shall trigger the exclusion. Thus, the OIG may proceed with its
exclusion of Medaphis if and when the ALJ issues a decision in favor of the
OIG. Medaphis' election of its contractual right to appeal to the DAB shall not
abrogate the OIG's authority to exclude Medaphis upon the issuance of the ALJ's
decision. If the ALJ sustains the OIG and determines that exclusion is
authorized, such exclusion shall take effect twenty (20) days after the ALJ
issues such a decision notwithstanding that Medaphis may request review of the
ALJ decision by the DAB.
(4) Finality of Decision The review by an ALJ or DAB provided for
above shall not be considered to be an appeal right arising under any statutes
or regulations. Consequently, the parties to this CIA agree that the DAB's
decision (or the ALJ's decision if not appealed) shall be considered final for
all purposes under this CIA and agree to waive any right they may have to
appeal the decision administratively, judicially, or otherwise seek its review
by any court or other adjudicative forum.
35
36
XI. EFFECTIVE AND BINDING AGREEMENT
Consistent with the provisions in the settlement pursuant to which
this CIA is entered, and into which this CIA is incorporated, Medaphis and the
OIG agree as follows:
1. This CIA shall be binding on the successors, assigns and
transferees of Medaphis Corporation and/or MPSC;
2. This CIA shall become final and binding on the date the final
signature is obtained on the Settlement Agreement;
3. Any modifications to this CIA shall be made with the prior
written consent of the parties to this CIA; and
4. The undersigned Medaphis signatories represent and warrant
that they are authorized to execute this CIA. The undersigned
United States signatory represents that he is signing this
CIA in his official capacity and that he is authorized to
execute this CIA.
36
37
ON BEHALF MEDAPHIS CORPORATION
/s/ Randolph L.M. Hutto 9/2/98
- - ----------------------------------------------------------- ------------
Randolph L.M. Hutto DATE
Executive Vice-President and General Counsel
of Medaphis Corporation
Executive Vice-President of Medaphis Physician Services
Corporation
/s/ Christopher L. Ideker 9/2/98
- - ----------------------------------------------------------- ------------
Christopher L. Ideker DATE
Chief Compliance Officer
Medaphis Corporation
/s/ Stephen S. Cowen 9/2/98
- - ----------------------------------------------------------- -----------
Stephen S. Cowen DATE
Attorney for Medaphis Corporation
King & Spalding
37
38
ON BEHALF OF THE OFFICE OF INSPECTOR GENERAL
OF THE DEPARTMENT OF HEALTH AND HUMAN SERVICES
/s/ Lewis Morris 9/2/98
- - ----------------------------------------------- ------------
LEWIS MORRIS DATE
Assistant Inspector General for Legal Affairs
Office of Inspector General
U. S. Department of Health and Human Services
38
39
APPENDIX A
AGREED UPON PROCEDURES
A. OBJECTIVE - to define procedures that will be followed by an
Independent Review Organization (IRO) that contracts with Medaphis to
conduct the agreed upon compliance and billing engagements, as set
forth in the CIA at paragraph II(D). The function of these agreed upon
procedures is to provide an analysis that will enable the OIG to
determine whether Medaphis: 1) is in compliance with the terms of the
CIA; and 2) has taken appropriate steps to comply with the applicable
requirements of Medicare, Medicaid, and other Federal health care
programs.
B. AGREED UPON PROCEDURES. In order to gather evidence to establish
whether Medaphis is in compliance with the terms of the CIA, the IRO
shall perform the following procedures and provide a report, as
required by the CIA, which shall note any deficiencies or variances:
1. Compliance Officer Responsibilities Review -- To assure that
the Medaphis Compliance Officer (CO) is functioning in a manner
consistent with the terms of the CIA, the IRO shall:
a. Review a Medaphis and MPSC corporate organization chart;
b. Review the CO job description;
c. Review the reporting obligations of the CO; and
d. Obtain and review the Board of Directors meeting minutes.
2. Review of Compliance Committee Function -- To assure that the
Medaphis Compliance Committee is functioning in a manner
consistent with the terms of the CIA, the IRO shall:
a. Review a current Compliance Committee membership list;
b. Review Compliance Committee minutes (redacted for
attorney-client privileged communications, if any); and
c. Review any reports, findings, or recommendations issued
by the Compliance Committee.
3. Review of Medaphis Written Policies and Procedures -- To assure
that the Medaphis Written Policies and Procedures function in a
manner consistent with the terms of the CIA and the Medicare,
Medicaid, and other Federal health care programs, the IRO
shall:
a. Review the current Standards of Conduct and any revisions
made thereto;
b. Review current billing compliance policies and
procedures, noting any policies that are at variance with
applicable laws, regulations, and program
-i-
40
guidance. Additionally, the IRO shall note any laws,
regulations, or program guidance of which it is aware that the
Medaphis billing compliance policies appear to fail to cover or
consider;
c. Note specifically the existence and comment on the relevance
and accuracy of policies involving:
(i) Diagnosis coding;
(i) Procedure coding (including modifiers);
(iii) Duplicate billing;
(iv) Carrier or payor instructions for resubmission of claims;
and
(v) Adequate medical and billing documentation to support
proper payment of claims.
d. Review procedures relating to data processing controls for
detection of false or incorrect claims;
e. Review policies and procedures designed to instruct providers
concerning proper coding and use of modifiers and analyze the
effectiveness and accuracy of such instructions and note any
deficiencies;
f. Review credit balance monitoring mechanisms and evaluate
effectiveness for monitoring compliance with the credit balance
policy. Such review shall include, at a minimum:
(i) Review of Medaphis' credit balance reports;
(ii) Review repayment procedures and timeliness issues; and
(iii) Review communication procedures with Medaphis clients
regarding appropriate repayment of credit balances.
g. Review retention of records policy to ensure compliance with
the CIA; and
h. Review overpayment verification procedures for material
deficiencies and to ensure submission of accurate information
to payors and OIG. Also review attendant remedial steps and
provide an analysis of whether they are effective.
4. Review of Medaphis Training Program -- To assure that the Medaphis
Training Program functions in a manner consistent with the terms of
the CIA, the IRO shall:
a. Obtain and review relevant training database(s), materials,
policies, and other compilations regarding Standards of Conduct
and CIA training, training for individuals responsible for
procedure and diagnosis coding, and individuals responsible for
billing;
b. Review training materials and analyze whether they address the
issues as identified in the CIA and the appropriate policies
and procedures;
c. Review mechanism for timely distribution of Standards of
Conduct to all employees and note variance in implementation;
d. Compare training database with employee database regarding
Standards of Conduct and CIA training and note and report on
variances;
-ii-
41
e. Compare training database with appropriate employee database
regarding training for individuals responsible for procedure
and diagnosis codes and note and report on variances,
including, but not limited to, an analysis of whether employees
responsible for making coding decisions have the required
certification as specified in the CIA;
f. Compare training database with appropriate employee database
regarding training for individuals responsible for billing and
note and report on variances;
g. Randomly select twenty-five (25) employees from the Standards
of Conduct ("SOC") database and confirm each employee's
receipt and understanding (ECRU) form, and note variances;
h. Randomly select twenty-five (25) employees who would be
required to attend billing or coding training to confirm
attendance at and completion of all applicable training;
i. Randomly select twenty-five (25) coders from Medaphis'
Certified Coder database to interview in person or by
telephone, as appropriate, and inquire as to:
(i) Job responsibilities and adequate job training;
(ii) Fulfillment of compliance training requirements;
(iii) Supervisor identity and views on his/her commitment to
correct coding procedures;
(iv) Use of coding aides and materials, their adequacy,
clarity, and accuracy; and
(v) Knowledge and comfort level in use of Medaphis
confidential disclosure program.
j. Randomly select twenty-five (25) of the MPSC new hires within
the preceding one year period from the appropriate employee
database and compare with training database. Report on
compliance with timeliness of SOC and CIA training. Determine,
through interviews, whether such new hires have received the
appropriate supervision, as required in the CIA.
5. Review of Compliance Audit Procedures -- To assure that the Medaphis
Compliance Audit mechanism functions in a manner consistent with the
terms of the CIA, the IRO shall:
a. Select the six office audits (as required by the CIA)
conducted in the last year for review of:
(i) Audit plan (including procedure used for of the
selection of claims, noting any potential for sample
selection bias);
(ii) Completeness and accuracy of workpapers;
(iii) Agreement with findings and accuracy of findings as
related in OIG report(s); and
-iii-
42
(iv) Progress on remedial action plan and review of accuracy
of attendant language in OIG report(s) concerning such
remedial action plans.
b. Randomly select and review fifteen percent (15%) of the claims
at each of the specified offices and fifteen percent (15%) of
the claims from the Halley claims processing center that were
audited by Medaphis' compliance department to assure that
audit protocols are in compliance with the requirements of
the CIA. Such review shall include:
(i) An independent review of the claims to determine if they
are being billed in compliance with the requirements of
the Medicare, Medicaid, and Federal health care
programs, including, but not limited to, examination of
the support documentation and coding conclusions, noting
variances, if any;
(ii) Review of workpapers; and
(iii) Review of refund activity (if any) arising from findings
of Medaphis' compliance audit.
c. Provide an analysis of the internal audits with respect to
those items required by the CIA;
d. Provide an analysis of the sufficiency, including any
recommendations for improvement, of any due diligence reviews
conducted during the year which resulted in an acquisition;
and
e. Review the outcomes of the Fraud and Abuse Management System
("FAMS") Tool by randomly choosing twenty-five (25) FAMS
outliers and providing an analysis of the completeness of the
investigation with respect to those particular outliers,
including, but not limited to, any corrective action or
resolution of the possible aberrant billing behavior.
6. Review of OIG Reporting Obligations -- To assure that the Medaphis
reporting obligations are met in a manner consistent with the terms of
the CIA, the IRO shall:
a. Review Medaphis' reports submitted to OIG and any overpayment
reports submitted to government payors and note variances from
requirements of CIA; and
b. Review the calculations of all overpayments and provide an
analysis of the accuracy of the calculations.
7. Review of Confidential Disclosure Program -- To assure that the
Medaphis Confidential Disclosure Program functions in a manner
consistent with the terms of the CIA, the IRO shall:
a. Confirm that the hotline number works;
b. Review Medaphis' steps to make existence of hotline known to
all employees and note any deficiencies;
-iv-
43
c. Review the completeness of the log of disclosures;
d. Review the policies and procedures implemented to address
hotline or other confidential disclosures of potential
improper conduct; and
e. Review the remedial steps taken to address identified improper
conduct relating to billing and note any deficiencies in such
remedial procedures.
8. Review of Disciplinary Policy and Procedures -- To assure that the
Medaphis Disciplinary Policy and Procedures function in a manner
consistent with the terms of the CIA, the IRO shall:
a. Review Disciplinary Policies to ensure there is a
well-defined, written policy that sets forth the degree of
disciplinary action for failure to comply with the Company's
standards, policies and applicable statutes and regulations;
and
b. Review written Standards of Conduct to ensure that the
policies elaborate on procedures for addressing disciplinary
problems and the individuals responsible for taking such
disciplinary action.
9. Review of New Employee Policy -- To assure that the Medaphis New
Employee Policy functions in a manner consistent with the terms of
the CIA, the IRO shall:
a. Interview the Human Resources ("HR") manager and other
supervisory employees as necessary to confirm that all new
employees have been screened to ensure that they are not
debarred, excluded, or otherwise ineligible for participation
in federal health care programs;
b. Review HR documents and forms for new employees maintained to
document that new employees have been properly screened and
note any deficiencies in the forms or their retention; and
c. Review HR screening procedures to ensure that new employees
are not debarred, excluded, or otherwise ineligible for
participation in federal health care programs and note any
deficiencies with such screening procedures.
10. Other Recommendations -- To assure compliance with the CIA and
applicable Medicare, Medicaid, and other Federal health care program
statutes, regulations and policies, the IRO shall make any other
suggestions it deems necessary.
-v-