Compliance

HCSC INSURANCE SERVICES COMPANY MEDICARE AND GOVERNMENT CONTRACTS COMPLIANCE PROGRAM

I. POLICY STATEMENT

A. Standard of Conduct

As a subsidiary of Health Care Service Corporation, a Mutual Legal Reserve Company ("HCSC"), HCSC Insurance Services Company, ("HISC") is subject to HCSC's Corporate Integrity and Compliance Program (the "HCSC Compliance Program") which includes the Code of Business Ethics and Conduct (the "Code"). This Medicare and Government Contracts Compliance Program (the "HISC Compliance Program") is in addition to the obligations and responsibilities placed on the HISC's Board of Directors, employees, agents and independent contractors by the HCSC Compliance Program. It applies to all entities and individuals, whether employed by HISC, HCSC or any other subsidiary, agent and independent contractor that perform services under any of HISC's Government Contracts whether as a prime contractor or subcontractor.

Like HCSC, HISC is founded on basic principles of good business behavior. Among these principles are a commitment to the highest standard of business ethics and integrity, and strict observance of and compliance with the laws and regulations governing the business operations of HISC, and in particular the services that it performs or has delegated to others to perform pursuant to Medicare or other government contracts. HISC demands that all members of HISC's Board of Directors (the "Directors"), its employees, its agents and independent contractors adhere to the highest legal and ethical standards to ensure that HISC complies with all applicable laws and regulations, and all terms and conditions of its Government Contracts, and the HISC Compliance Program. HISC and its subcontractors will fulfill their obligations under the Government Contracts with special emphasis on preventing fraud and abuse and with respect for the rights of all enrollees.

B. Detailed Policies and Procedures

General. As a Government contractor or sub-contractor, HISC and its subcontractors are committed to comply with all applicable statutory, regulatory and contractual requirements. HISC shall adopt and adhere to detailed policies and procedures regarding the operations and the services performed under its Government Contracts.

Medicare Advantage. HISC and its subcontractors will establish and maintain current policies and procedures regarding all areas identified by the Office of Inspector General ("OIG") or the Centers for Medicare and Medicaid Services ("CMS") as high risk areas, including but not limited to, marketing materials and personnel, selective marketing and enrollment, disenrollment, underutilization and quality of care, data collection and submission processes, anti-kickback and other inducements and emergency services. These policies and procedures are incorporated herein as Appendix A.

When establishing or modifying such policies, if advice is requested from CMS, such request will be documented along with any response from CMS whether written or oral. In addition, records relevant to the issue; such as whether HISC or its subcontractors exercised due diligence in developing procedures to implement the advice and whether reliance on such advice was reasonable will be retained.

Policies and procedures will be made available to all individuals who are affected by the particular risk or policy issue including those individuals whose duties touch upon a particular risk or policy area, as well as agents and independent contractors with whom HISC has contracted to perform delegated activities.

Retention of Records and Information Systems. HISC and its subcontractors will adopt detailed policies and procedures that pertain to its documents and the documents of its subcontractors regarding the retention of documents that at a minimum will: (i) document the creation, distribution, retention, storage, retrieval and destruction of documents required by applicable Federal or State law and the program requirements of applicable Federal or State health plans; (ii) list the persons responsible for implementing each part of the HISC Compliance Program; (iii) and maintain all records necessary to protect the integrity of the compliance process and confirm the effectiveness of the HISC Compliance Program which, includes but is not limited to, evidence of employee training, HOTLINE reports, HOTLINE investigation results, modifications to the HISC Compliance Program, all written notification to providers regarding compliance activities, and HISC's auditing and monitoring activities. HISC and its subcontractor shall also establish detailed policies and procedures for maintaining the integrity of the data collections systems used in the performance of its Government Contracts.

II. DESIGNATION AND ADMINISTRATION OF THE COMPLIANCE PROGRAM

A. HISC Board of Directors

The HISC Board of Directors has adopted and will support and monitor the implementation of the HISC Compliance Program, to demonstrate HISC's commitment to full and comprehensive compliance with all applicable laws and regulations, and contract terms and conditions, including, without limitation, HISC's obligation under any and all Medicare, Medicaid, FEP, IHS, CHAMPUS or other government contracts (hereinafter referred to as the "Government Contracts"). At least annually, the HISC Board of Directors shall review the HISC Compliance Program and shall ratify or amend the Compliance Program and Code as appropriate.

B. Audit, Corporate Responsibility & Compliance Committee of the HCSC Board

The Audit, Corporate Responsibility & Compliance Committee of the HCSC Board (the "HCSC Board Audit & Compliance Committee") is responsible for ensuring that HISC has fully implemented the HISC Compliance Program. At least annually, the Committee shall review the HISC Compliance Program and recommend such changes and amendments as the Committee considers appropriate. The Committee, the Corporate Compliance Officer and the HISC Compliance Officer shall maintain close communications among themselves and with the HISC Board of Directors as a whole, and shall address and review matters concerning or relating to the HISC Compliance Program so the Committee can take appropriate action or make appropriate recommendations.

Responsibilities and Duties. In carrying out its responsibilities under the HISC Compliance Program, the HCSC Board Audit & Compliance Committee shall:

  1. Provide oversight and support the implementation, administration and continuing operations of the HISC Compliance Program;
  2. Review matters relating to education, training and communication in connection with the HISC Compliance Program to ensure that HISC policies and procedures on compliance are properly disseminated, understood and followed; and
  3. Recommend to the HISC Board of Directors such measures and actions as may be appropriate to assist HISC in conducting its business activities in full compliance with all applicable laws and regulations, terms and conditions of its Government Contracts, and the HISC Compliance Program.

C. HISC Compliance Officer

General. HISC shall appoint a senior member of management with significant government contracts experience to be the HISC's Compliance Officer (the "HISC Compliance Officer"). The HISC Compliance Officer is responsible for administration of the HISC Compliance Program. The HISC Compliance Officer reports to HISC's Board of Directors, the HISC Chief Executive Officer, and the HCSC Corporate Compliance Officer.

Authority. The HISC Compliance Officer shall have full authority to stop the submission of data that he or she believes is problematic until such time as the issue in question has been resolved to the satisfaction of the HISC Compliance Officer with agreement from the Corporate Compliance Officer. The HISC Compliance Officer shall be copied on the results of all internal audit reports and work closely with key individuals to identify aberrant trends in all areas that require certification. The HISC Compliance Officer shall have the authority to review all documents and other information that the HISC Compliance Officer deems to be relevant to HISC compliance activities and Government Contracts.

Responsibilities and Duties. The responsibilities and duties of the HISC Compliance Officer include the following:

  1. Implementation and Administration of the HISC Compliance Program. The HISC Compliance Officer shall:

    1. Design and direct the implementation, administration and operation of the HISC Compliance Program to ensure compliance with the laws and regulations, terms and conditions of Government Contracts, and the HISC Compliance Program;
    2. Ensure that all agents, consultants, independent contractors, vendors and producers are aware of the HISC Compliance Program and with HISC's expectation that they will comply with the Program's requirements when performing contractual functions. Further coordinate with management to determine whether and to what extent a consultant, contractor, vendor or producer is subject to the training requirements of the Compliance Program;
    3. Periodically review the HISC Compliance Program to ensure its relevance and recommend to the HISC Chief Executive Officer and the Corporate Compliance Committee modifications to account for changes in applicable laws or regulations, changes in the nature of HISC's business, HISC's experience in the operation of the Program, and to incorporate and follow applicable industry practices and standards;
    4. Report directly on a regular basis to the HISC Chief Executive Officer, HISC Board, and the Corporate Compliance Committee regarding the operation of the HISC Compliance Program and all significant issues relating to compliance with applicable laws and regulations, terms and conditions of Government Contracts, and the HISC Compliance Program;
    5. Develop a general training and education program regarding the Government Contracts which also addresses fraud and abuse and ethical concerns. The HISC Compliance Officer will also develop specialized training for specific risk areas that will be provided to those individuals who have duties and responsibilities for such risk areas. Attendance at such training will be a required in order for such individuals to continue to perform services under the Government Contracts;
    6. Ensure that mechanisms exist for testing the efficacy of the education program and for updating the training program to account for developments in laws and regulations and the terms and conditions of the Government Contracts;
    7. Ensure that every individual that performs services under the Government Contracts shall either receive a copy, electronically or otherwise, of the HISC Compliance Program and will be required to sign a certification acknowledging that he or she has read and will comply with the HISC Compliance Program. Each year hereafter, each individual that performs services under the Government Contracts must complete a certification acknowledging that he or she has read, will comply with and is unaware of any violations of the HISC Compliance Program;
    8. Work with the HCSC Vice President - Governance & Regulatory Oversight to ensure the design, development, implementation and ongoing compliance requirements for the Standards for Privacy and Security of Individually Identifiable Health Information, and other Federal and State regulations & legislation, as appropriate, including, but not limited to requirements concerning policies and procedures, training, and safeguards to protect and secure protected health information;
    9. Be responsible for oversight of all certifications filed by Directors and others relating to the HISC Compliance Program and training there under; and
    10. Serve as a member of the HCSC Corporate Compliance Committee.
  2. HOTLINE & Investigations. The HISC Compliance Officer shall:

    1. Utilize existing systems to allow and encourage individuals to raise questions, whether anonymously or otherwise, about the application or meaning of the HISC Compliance Program and to disclose possible violations. HISC shall ensure that employees who raise these matters are treated with respect and are not subject to retaliation.
    2. Maintain a log of all calls received by the HOTLINE relating to Government Contracts and maintain a record of all allegations which may constitute a violation of applicable laws or regulations, terms and conditions of Government Contracts, and the HISC Compliance Program. The operation of this HOTLINE shall be the responsibility of the HCSC Vice President – Compliance Operations;
    3. Maintain a confidential, written record reflecting each communication concerning all possible violations of the HISC Compliance Program;
    4. Ensure a prompt and thorough investigation appropriate to the circumstances. When an investigation is initiated, steps shall be taken to ensure the retention of relevant documents. Routine document destruction procedures shall be suspended insofar as they may affect documents relevant to the potential violation. Individuals who may possess relevant documents shall be instructed to retain them or to turn them over to the investigative team. A record shall be maintained of all employees to whom such a request is made and of all documents retained for purposes of the investigation;
    5. Evaluate, as appropriate, any calls received on a separate fraud and abuse HOTLINE established for vendors, providers, consultants, contractors, producers and beneficiaries to report suspected health care fraud and abuse or other misconduct to HISC. The operation of this HOTLINE shall be the responsibility of the HCSC Vice President - Special Investigations and Security. Any calls received on this HOTLINE that credibly allege a material violation of criminal or civil law by HISC shall be referred to the HISC Compliance Officer, including, without limitation, those calls relating to its government contracts, dealing with health care fraud and abuse;
    6. Work with the Vice President –Special Investigations and Security to ensure effective coordination of programs and issues involving corporate security of HISC personnel and assets and related investigations. Any reports received or information developed by Corporate Security that credibly alleges or may indicate a material violation of criminal or civil law by HISC shall be referred to the HISC Compliance Officer, including, without limitation, those matters related to its government contracts, dealing with health care fraud and abuse; and
    7. Work with the Senior Vice President – Chief Human Resources Officer to ensure effective coordination of Workforce Relations related issues that are brought to the attention of the HISC Compliance Officer and that discipline is utilized in a manner that is appropriate and consistent.
  3. Review and Monitoring.

    The HISC Compliance Officer shall:

    1. Ensure that the compliance risks to which HISC is exposed, both internal and external, are assessed on a regular basis and direct the implementation of internal systems and controls to reinforce compliance and other activities (the HISC compliance audit plan), as appropriate, to ensure the HISC Compliance Program is responsive to those risks; and
    2. Work with the HCSC Vice President – Audit and Performance Review and external auditors, as necessary, to ensure effective communication and implementation of programs to audit, monitor and validate adherence with all applicable laws and regulations, terms and conditions of Government Contracts and the HISC Compliance Program.

    HISC shall appoint a senior member of management to be the "designated privacy official" for HISC to ensure the design, development, implementation and administration of the requirements set forth in the Department of Health and Human Services Rule entitled Standards for Privacy of Individually Identifiable Health Information (45 CFR Parts 160-164, as finalized), including, but not limited to requirements concerning privacy policies and procedures, workforce training and safeguards to protect the privacy of protected health information.

D. Corporate Compliance Committee

General. The Corporate Compliance Committee shall provide oversight, advice, support and general guidance, as appropriate, to the HISC Compliance Officer in the discharge of his or her responsibilities. The HISC Compliance Officer shall keep the Corporate Compliance Committee informed of any significant actions taken with respect to the implementation, administration and operation of the Compliance Program and shall prepare recommendations on compliance-related policies and procedures for review by the Committee.

Responsibilities and Duties. In regards to the HISC Compliance Program the Corporate Compliance Committee shall:

  1. Build an appropriate infrastructure for the administration of the HISC Compliance Program, including mechanisms and systems for long-term support;
  2. Analyze HISC's regulatory environment, the legal requirements with which it must comply and the specific risk areas and make recommendations regarding the HISC Compliance Program regarding such environment, requirements and risks; and
  3. Monitor internal and external audits for the purpose of identifying issues and deficient areas and implementing corrective and preventive action.

E. Management Responsibility and Disciplinary Standards

It is the responsibility of all management and supervisory personnel to ensure that HISC and all persons performing under the Government Contracts comply with the provisions of applicable laws and regulations, terms and conditions of Government Contracts, and the HISC Compliance Program. Individuals in management and supervisory capacities will be appropriately disciplined up to and including termination of employment or contractual relationship for failure to instruct others or for failure to detect non-compliance with applicable policies and legal requirements, where reasonable due diligence on the part of the manager or supervisor should have led to the discovery of any problems or violations. Promotion and adherence to HISC compliance initiatives shall be part of the performance standards and evaluation for each individual that performs services under the Government Contracts.

Each individual that functions in a management capacity in regards to an HISC Government Contract is required to provide HISC annually with a completed certification attesting that he or she has: (i) discussed the HISC Compliance Program with all relevant personnel including all policies and requirements applicable to their function; (ii) informed all relevant personnel that strict compliance with the HISC Compliance Program is a condition of employment; and (iii) informed relevant personnel that HISC shall take disciplinary action, up to and including termination of employment, for violation of any applicable law, regulation, term or condition of a Government Contract, or the HISC Compliance Program. This certification may be part of or in addition to other certifications required by HCSC or other subsidiaries.