July 29, 2024
Compliance4U newsletter provides you with insight into the day-to-day functions of Health Plan’s Compliance Program.
Overview of the 7 Elements of an Effective Compliance Program
You may ask, “what is a compliance program, and even more importantly, what makes an effective one?” At its most basic level, a compliance program can be a set of internal policies and procedures put in place to help an organization comply with the law. An effective compliance program does much more than that and enhances the organization's operations, improves quality of care, and reduces overall costs. It helps identify problems upfront and do something about them before they become systemic and costly.
Given the broad spectrum of entities playing a role in healthcare delivery today, a focus on compliance is more important than ever. The Office of Inspector General (OIG) outlines seven elements health plans must follow to achieve an effective compliance program. These elements are:
1. Written Policies and Procedures
2. Compliance Leadership and Oversight
3. Training and Education
4. Effective Lines of Communication with the Compliance Officer and Disclosure Program
5. Enforcing Standards: Consequences and Incentives
6. Risk Assessment, Auditing, and Monitoring
7. Responding to Detected Offenses and Developing Corrective Action Initiatives
Over the next seven issues of Compliance4U we’ll explore each element and then during Corporate Compliance & Ethics Week 2024 - November 4-8 - we’ll celebrate!
Regulatory Affairs & Communication (RAC)
RAC is our Health Plan’s primary point of contact with the Department of Health Care Services (DHCS) and the Department of Managed Care’s (DMHC) Office of Plan Licensing.
RAC attends regulatory calls (DHCS Managed Care Plan Call - MCPC) and other regulatory meetings/calls where key regulatory information is shared. RAC maintains material from those weekly calls, check it out HERE.
Do you have a question for Compliance? To submit an inquiry, on SharePoint go to TeamSites > Compliance > Requests > Submit an Inquiry or simply use this link: check it out here.
All Plan Letters (APL)
DHCS and DMHC release APLs to communicate changes in Federal or State policy or procedure and provide instruction to MCPs on implementing these changes. RAC analyzes the APLs to ensure compliance with the requirements and to meet timely filing. Draft APLs (denoted by “XXX” indicating that a policy number has not been assigned by both regulators) are issued by both DHCS and DMHC on a regular basis to solicit feedback from MCPs before they are officially published and become effective. During this period of time, MCPs have the opportunity to provide feedback or concerns to DHCS and DMHC on upcoming APLs. Here are the APLs that were recently released:
A. DHCS Regulatory Notices
DHCS Draft APL 24-XXX: Transgender, Gender Diverse or Intersex Cultural Competency Training Program and Provider Directory Requirements
Summary: This All Plan Letter provides guidance regarding the transgender, gender diverse, intersex (TGI) Cultural Competency Training program and provider directory changes required by Senate Bill (SB) 923 for the purpose of providing trans-inclusive health care to Medi-Cal Members.
DHCS Draft APL 24-XXX: Non-Specialty Mental Health Services – Member Outreach, Education, and Experience Requirements
Summary: This All Plan Letter provides guidance on requirements for Member outreach, education, and assessing Member experience for Non-Specialty
Mental Health Services (NSMHS), as required by Senate Bill (SB) 1019 (Gonzalez, Chapter 879, Statutes of 2022).
DHCS Draft APL 24-XXX: Diversity, Equity, and Inclusion Training Program
Summary: This All Plan Letter provides guidance regarding the Diversity, Equity, and Inclusion (DEI) training program requirements.
B. DMHC Regulatory Notices
No new APL or draft APL has been issued since the last reporting period.
Regulatory Reports
Below is a list of reports due for submission in the next few weeks. The table also includes the Director and Executive accountable for the report. Check out the list to find out which ones are in your department. Click on the report title for more information.
MCPAR Critical Incidents Q2 2024
Hospital Directed Payments Contract Sampling
DHCS Quarterly Financials Q2 2024
MOT CY 2022 Risk Corridor SRD
Directed Payment Contract Flagging CY23 Phase I
Medical Loss Ratio-CY24 Landscape Analysis Report
Provider Directory File and use 2024-08
ECM/CM JSON
Data Certification 2024-07
CBAS Waiver 2024-07
274 File
MCPDIP 2024-07
ECM/CS Quarterly
Post Payment Recovery
SRF 2024-07
Johnathan Yeh Lakshmi Dhanvanthari
Sheela Srinivasan Michelle Tetreault
Sheela Srinivasan Michelle Tetreault
Christopher Navarro Michelle Tetreault
Clarence Rao Victoria Worthy
Christopher Navarro Michelle Tetreault
Ana Aranda Liz Le
Clarence Rao Victoria Worthy
Tamara Hayes Sunny Cooper
Pamela Lee Tracy Hitzeman
Clarence Rao Victoria Worthy
Clarence Rao Victoria Worthy
Jonathan Yeh Lakshmi Dhanvanthari
Christopher Navarro Michelle Tetreault
Clarence Rao Victoria Worthy
FSR/MRR Ramanpreet Kaur Lakshmi Dhanvanthari
Community Health Worker Q2 2024
Niyati Reddy Liz Le
Provider Complaints
When providers exercise their right to submit complaints related to payment to the DMHC, they must submit a provider dispute resolution request to us before filing with the DMHC. Compliance coordinates a cross-functional group to review each complaint received by Health Plan. This group investigates the cases (from the original request to claims processing and dispute resolution) and prepares a comprehensive response to the DMHC about the provider’s concerns and the actions taken by Health Plan
From January 2024 through July 2024, Health Plan received 44 requests (17 Provider Complaints and 27 additional information requests) In addition, each complaint may contain multiple issues that require a response. These tables outline the status:
Table 1: Provider Complaints Received as of July 24th, 2024:
Table 2: Provider Complaint Closures by Decision:
Regulatory Audits and Corrective Action Plans (CAP)
We did it! Health Plan’s virtual onsite audit for the Network Adequacy
Validation (NAV) 1 was July 24, 2024 DHCS and Health Services Advisory Group (HSAG) conducted a NAV audit of all Managed Care Plans. Many of you were key stakeholders, speakers and submitted multiple documents to respond to a lengthy questionnaire called Information Systems Capabilities Assessment Tool (ISCAT). The agenda was packed. Everyone did a wonderful job responding to
1 Network Adequacy (ca.gov)
our Auditor’s questions and demonstrated how Health Plan’s systems worked. There were zero findings identified during the Exit Conference!!
Leading up to the actual virtual interview date on July 24th, the Audit team worked tirelessly to ensure that we have a smooth audit. Here are some highlights:
• We answered a complex 21-page questionnaire (ISCAT) in April and May.
• We provided additional 54 documents including system diagrams, provider/member data workflow, etc.
• We hosted multiple review sessions and meetings between April and leading up to July 24th
• We conducted 10 mock audit sessions practicing our answers and system demos.
• We collected numerous NAV Audit experience from our sister plans including documentation of questions asked by their auditors to prepare our own team.
• We documented Audit Scripts for Staff based on Mock Audits and Sister Plan NAV Audit Questions
The next step is for the Auditor to finalize their audit report.
Intermediate Care Facilities for Individuals with Developmental Disabilities (ICF/DD) Network Readiness Phase 1 Corrective Action Plan (CAP)
Health Plan was issued a CAP from DHCS on July 1st, 2024. Health Plan failed to meet the Phase I of the LTC ICF/DD Network Readiness Requirements for:
• Have an executed contract with at least one (1) LTC ICF/DD home statewide
• Have an executed contract with at least one (1) LTC ICF/DD-N within Stanislaus County
Compliance is working with Provider Contracting and Operations teams develop Health Plan’s response and outline the mitigation plan. Health Plan is actively working to engage and contract with these critical services for our members. As a result of the CAP, Health Plan will provide monthly updates on contracting efforts to DHCS. All of us continue to work hard to ensure our
members have access to the services while contracting efforts continue until all requirements are met.
Program Integrity Unit (PIU)
PIU oversees Health Plan’s Fraud Prevention Program, which includes but is not limited to investigation and reporting of privacy & security incidents and disclosures, potential fraud, waste or abuse (FWA), and Medical/Medicare exclusion monitoring. Check out what’s been happening in our program:
A. Privacy & Security Incidents
Privacy Tip – pause and double check, especially when a process is manual and not automated. It is important to avoid unintentional disclosures of member’s Protected Health Information/Personal Information (PHI/PI) per policy HPA34 Use of Member PHI/PI Remember your training!
Below is a summary of the types of incidents investigated. As you read these, think through what NOT to do – and when you see it, REPORT IT! We had 4 privacy/security incidents that occurred between July 8 – July 19, 2024. None of these were reportable to DHCS.
• A Covered Entity sent an unencrypted email to another Covered Entity.
Reminder: Ensure all emails containing PHI are encrypted before sending them
• A member of Health Plan staff assisted a member without correctly verifying a minimum of three HIPAA validation questions to confirm their identity.
Reminder: Confirming the identity of a member is mandatory to reduce the risk of unintentional disclosure of PHI/PI to the wrong party.
• There were two incidents in which Health Plan staff faxed and emailed member PHI/PI to the wrong recipient.
Reminder: Ensure that the member PHI/PI you are sending is going to the correct intended recipient. Check and double-check the fax number before pressing the send button.
B. Fraud, Waste, and Abuse (FWA) Spotlight
The PIU is on constant alert, managing potential FWA incidents at every stage of investigation.
What happened?
Recently, it was brought to our attention that two individuals associated with an imaging billing company have been using email addresses linked to an imaging medical group without authorization. These individuals falsely represented themselves as Director of Contracting and Vice Present of Contracting for the medical group.
What did we do?
We distributed an urgent email to relevant internal departments, including Provider Contracting, Provider Relations, Credentialing, Configuration, and Claims, to notify them of the unauthorized contacts and to request any relevant information.
We also collaborated with the Technology Operations and Security Department, and as a result, they have blocked the unauthorized email addresses to prevent any further fraudulent communications.
What can you do?
We urge all team members to remain vigilant and report any suspicious emails or requests for sensitive information.
C. Provider Exclusion Monitoring
We are obligated to verify the eligibility of our Providers for their participation in the Medi-Cal Program. In accordance with state and federal regulations, our PIU team assesses eligibility no less than monthly. This is performed with a Third-Party vendor that checks an inventory of our providers against several sources (e.g. List of Suspended and Ineligible Providers, U.S. Department of Health and Human Services, Office of Inspector General, System of Award Management, SSA Death Master file, and more). In addition to the monthly monitoring, exclusion checks are completed throughout the month ahead of a new Letter of Agreement 2 (LOA) being established with an out of network provider. PIU received 37
requests during this reporting period. 0 restrictions were found.
Audit & Oversight (A&O)
As promised, in this newsletter we’ll cover monitoring - a key activity the A&O Department performs is to “conduct internal auditing and monitoring” which is one of the "Seven Elements of an Effective Compliance Program” outlined by the Office of Inspector General (OIG).
Monitoring focuses on maintaining vigilance in real-time or shortly after operations are carried out. In contrast to the true retroactive view that auditing provides, health care compliance monitoring is a continuous look into operations to detect and prevent compliance breaches as - or before! - they occur. Automated systems, analytics – by way of retrospective file review - and dashboards are used to track key performance indicators, flag anomalies, and trigger alerts for further investigation. By proactively identifying potential issues, monitoring allows organizations to implement timely interventions, mitigate risks and minimize the impact of non-compliance.
Effective monitoring enhances regulatory compliance and supports operational efficiency and patient safety but goes beyond the tangible and fosters a culture of vigilance and accountability across the organization. The A&O Department conducts ongoing monitoring by reviewing third-party reports monthly and quarterly with an emphasis on Claims and Credentialing data.
As part of our continuous improvement, A&O is implementing enhanced monitoring activities including:
• Applying a risk stratification methodology to tailor our monitoring processes.
• Developing a comprehensive work plan and calendar of events for ongoing monitoring.
• Crafting and executing a communication strategy for regulatory updates and educating third-party partners.
• Designing and deploying dashboards/scorecards to enhance communication through visualization.
• Establishing effective hand-off and escalation processes between Health Plan departments to ensure seamless operations; and
• Implementing automated processes.
Stay tuned for our upcoming newsletter where we’ll explore the benefits of Auditing and Monitoring in healthcare compliance!
Carelon Corrective Action Plan (CAP) Update
We are pleased to share the progress made to mitigate the outstanding CAPs issued to Carelon to enhance compliance and operational excellence.
A&O continues to host weekly meetings with Carelon to discuss remediation of outstanding CAPs. In this reporting period, Carelon closed one more CAP. As a result, since the initiation of these meetings, Carelon has now resolved thirteen (13) of the twenty-two (22) CAPs that were issued for 2023 and 2024 Audit and Monitoring Oversight Activities.
For the remaining CAPs, A&O is working closely with Carelon to obtain the required validation elements, such as evidence of reporting and implementation, to ensure complete remediation of the issues identified. We are also working closely with our internal business partners impacted by the respective CAPs to ensure we receive insight on performance data and enhanced workflows needed to remediate the CAPs.
For detailed information and to review the respective CAPs, please visit our Compliance and Regulatory CAP Tracker.
Compliance Program Projects and other Key information
Our Compliance team supports and leads various projects that impact ALL OF US!
Policies and Procedures
The Policy Review Committee (PRC) has set goals to address a few opportunities to enhance Health Plan’s policy program. One of those goals is to categorize policies based on member and provider impact and critical areas for annual and biannual reviews. The committee has established the following criteria for policies:
1. High: Policies directly related to Member Quality of care and Access to care; as well as Provider facing.
• Action required – Annual* PRC review required if changes are made or not.
2. Medium: Policies demonstrating regulatory compliance, that are not identified as HIGH, including oversight and sanctions/disciplinary actions.
• Action required – Consent review required annually if no/non-material changes are made. PRC approval is required for material changes.
3. Low: Operational and department policies not identified as High or Medium.
• Action required – Consent review every 2 years if no/non-material changes are made. PRC approval is required for material changes.
This structured approach allows for a focused allocation of time and resources, ensuring that critical policies receive the attention needed to stay current and effective, while also ensuring that all policies are updated as necessary.
The following are published policies reviewed and approved by the PRC (Policy Review Committee) as of July 2024. We encourage you to read and be familiar with the policies which impact your job functions as compliance is required for ALL staff. If for any reason you have questions regarding policy changes, please submit your questions to the policy owner and/or submit a Compliance Inquiry.
Policies (except for HR policies) are published to the Compliance Management System (C360) and selected policies* will be available publicly on the Health Plan website. You can access all published policies directly via the Policies link on our Intranet (see screenshot below).
San Joaquin Health Plan Team Site - Home (sharepoint.com)
Published (6/26/2024 - 7/23/2024)
Policy # and Name
BH06 Student Behavioral Health Incentive Program New Policy
BH07 Data Exchange with County Mental Health Plan New Policy
Revision/Update
CLMS14 Overpayment of Services Recovery Added waste or abuse to Policy Section 1(e)
CMP20 Exclusion and Ineligibility Monitoring
Minor/No changes for annual review and moved to the co-branded template
FIN43 Administration and Management of Risk Corridors New Policy
*HPA44 Sensitive Services
UM02 Inpatient Admissions and Concurrent Review
UM56 Vision Care Medi-Cal
*Publicly posted
Policy created and edited to remove language from section III.a.4.
Minor/No changes for annual review and moved to the co-branded template
Minor/No changes for annual review and moved to the co-branded template
Reminder! Compliance Week is November 4, 2024 - November 8, 2024.
Stay Connected with Compliance!
Stay informed and up-to-date with Compliance4U, a biweekly newsletter focused on connecting and informing