UR Medicine Home Care Corporate Compliance Plan

This Corporate Compliance Plan applies to the following entities (referred to individually and collectively as UR Medicine Home Care, or URMHC):

• UR Medicine Home Care, Certified Services, Inc.
• UR Medicine Home Care, Certified Services, Inc. (UR Medicine Hospice)
• UR Medicine Home Care Licensed Services, Inc. (DBA Community Care of Rochester)
• Finger Lakes Home Care, Inc.
• UR Medicine Home Care, Community Services, Inc.

The purpose of the UR Medicine Home Care (URMHC) Corporate Compliance Plan (referred to as “Compliance Plan”) is to adopt, implement and maintain an effective Compliance Program (referred to as “Program”) together with URMHC’s Code of Ethical Conduct and Compliance Policies and Procedures. URMHC’s Compliance Plan is supported by the University of Rochester Medical Center (URMC) Corporate Compliance Plan and available resources.

This Compliance Plan outlines and demonstrates URMHC’s commitment to comply with all applicable federal and New York State laws, rules, guidelines, regulations and standards (referred to as “regulations”) through the implementation of the following required Program elements, requirements and guidelines¹:

1. Written policies, procedures, and Code of Ethical Conduct describing compliance expectations that are available, accessible, and applicable to all Affected Individuals²;
2. Designation of an individual to serve as its compliance officer who is the focal point for the program and is responsible for the day-to-day program operation;
3. Designation of a Compliance Committee (referred to as ‘Committee’) responsible to coordinate with thecompliance officer to ensure URMHC is conducting its business in an ethical and responsible manner, consistent with its program;
4. Creation and maintenance of an effective compliance education and training program for its compliance officer and all affected individuals;

5. Maintenance of effective lines of communication, ensuring confidentiality for its Affected Individuals;

6. Ensuring that a Non-Retaliation\Non-Intimidation policy is enforced in relation to any individual reporting a suspected violation of URMHC’s Program;

7. Procedures for the enforcement of written disciplinary standards addressing potential Program violations and encouraging good faith participation in the Program by all Affected Individuals;

8. An effective system for the routine monitoring and identification of compliance risks; and,
9. Procedures and systems for promptly responding to compliance issues as they are raised including the investigation of potential issues as identified in the course of internal auditing and monitoring and the day-to-day program operation.

¹ NYCRR Title 18 Subpart 521-2, ‘Compliance Programs’; and the Department of Health and Human Services Office of Inspector General (HHS-OIG) ‘Program Guidance for Home Health Agencies’ 1998; and ‘Program Guidance for Hospices’, 1999, HHS-OIG ‘General Compliance Program Guidance’ November 2023.

² NYCRR Title 18 Subpart 521-2, ‘Compliance Programs., Affected Individuals means all persons who are affected by the required provider’s risk areas including the required provider’s employees, the CEO, senior administrators, managers, contractors, agents, subcontractors, independent contractors, and governing body and corporate officers.

Policies, Procedures and Code of Ethical Conduct

URMHC’s Compliance policies, procedures and Code of Ethical Conduct provide the framework and structure for an effective Program. Its written documents communicate compliance mandates and expectations of all Affected Individuals (referred to as Individuals). They promote adherence to our legal and ethical obligations and are reasonably designed to prevent, detect and correct non-compliance with government program requirements including fraud, waste and abuse most likely to occur within identified Program risk areas and organizational experience.

URMHC’s Program documents are applicable and disseminated to all Individuals and are incorporated into Compliance Training as outlined in the Annual URMHC Compliance Training Plan. The URMHC Compliance Committee approves all written documents associated with the Program and completes an annual review incorporating revisions, if needed.

Compliance Committee and Compliance Officer

The URMHC Compliance and Privacy Officer (“Compliance Officer”) is responsible for carrying out the day- to-day activities of the Program. The Compliance Officer reports directly and is accountable to the URMHC Chief Executive Officer/President and the URMHC Board of Directors. Additionally, as an employee of the URMC Office of Compliance and Integrity (OIC), the Compliance Officer reports directly to the URMC Chief Compliance Officer and URMC Chief Privacy Officer.

Refer to URMHC’s ‘Compliance Officer and Compliance Committee Policy’.

Education and Training Program

URMHC has established and developed an effective compliance education and training program (“education”) for its Compliance Officer and affected individuals. Education includes all aspects of the Program and applicable risks. Education occurs promptly upon hire and no less frequently than annually for all Individuals.

Each education program conducted reinforces the fact that strict compliance with the Program is a condition of employment or doing business with URMHC.

Refer to URMHC’s ‘Compliance Education and Training Program Policy’.

Lines of Communication:

URMHC has established and implemented accessible effective lines of communication (“communication”) that ensure reporter confidentiality and/or anonymity, if chosen, for all Individuals. Communication allows for Program questions to be asked or violations reported. Access to the URMHC Compliance Officer is publicized within Program documents,

URMHC Compliance Training and Education, and via the URMC OIC website.

The confidentiality of persons reporting compliance issues shall be maintained unless the matter is:

• Subject to a disciplinary proceeding, or,
• Referred to or under investigation by law enforcement, Health and Human Services Office of Inspector General, the New York State Attorney General’s Medicaid Fraud Control Unit, or the New York State Office of the Medicaid Inspector General; or,
• Required to be disclosed during a legal proceeding.

Any person making a disclosure shall be protected under URMHC’s policy for non-intimidation and non-retaliation.

Refer to URMHC’s ‘Lines of Communication Policy’.

Disciplinary Standards

URMHC has established written disciplinary standards and implemented procedures for the enforcement of those disciplinary standards to address potential violations and encourage good faith participation in the Program by all Individuals.

URMHC’s Disciplinary Standards Policy is disseminated and accessible to Individuals and included in new employee and annual mandatory education.

Disciplinary standards shall be fairly and consistently enforced and applied to all levels of personnel.

Refer to URMHC’s ‘Disciplinary Standards for Compliance Violations Policy’.

Auditing and Monitoring

URMHC has established and implemented an effective system for the routine monitoring and auditing of identified compliance risks. Risks are identified in a variety of methods including URMHC’s annual risk assessment process, review and reporting of external audit results to the Committee, monitoring government work plans and initiatives and documentation and process reviews and monitoring completed by staff internally and reported to URMHC’s Quality Assurance and Performance Improvement Committee (referred to as QAPI).

Refer to URMHC’s ‘Auditing and Monitoring Policy’.

Annual Program Review

The Program is reviewed annually by Compliance Officer and the Committee to determine required program elements are being met and whether the Program is effective.

The Committee establishes review method(s) and determines Program effectiveness based on review findings. Program revisions are approved by the Committee, if applicable to results. All documentation related to the annual review are documented in Committee meeting minutes. Annual effectiveness review results are shared with the URMHC Board of Directors by the Compliance Officer.

Excluded Providers

URMHC confirms the identity and determines exclusion status of Individuals prior to hire or doing business with URMHC. After hire, the URMC Office of Integrity and Compliance (OIC) completes the exclusion checking process monthly.

Refer to URMHC’s ‘Exclusion Checking Policy’.

Responding to Compliance Issues

URMHC has established and implemented procedures and systems for promptly responding to compliance issues. Issues will be thoroughly investigated and risks mitigated via applicable plans of correction.

Investigations of compliance issues are documented including any disciplinary action taken and corrective action implemented.

Refer to URMHC’s ‘Responding to Potential Violations of URMHC’s Compliance Program Policy’.

Obligations of Affected Individuals

Acknowledgement and Application

Affected Individuals have duties and responsibilities to the URMHC Program, Code of Ethical Conduct, applicable policies and procedures, and contract terms, if applicable. Failure to perform according to those duties and responsibilities may subject Individuals to sanctions as detailed in Program documents.

Assessment of Employee/Affected Individual Performance under Program

1. Violation of Applicable Law or Regulation: If an employee/ Individuals violates any law or regulation in the course of their employment/contract or relationship with URMHC, the employee/ Individuals may be subject to sanctions.

2. Other Violations of the Program: In addition to direct participation in an illegal act, employees/ Individuals may be subject to disciplinary actions for failure to adhere to the principles and policies set forth in this Program. Examples of actions or omissions that may subject an employee to discipline on this basis include, but are not limited to the following:

1. 1. A breach of policy.
   2. Failure to report a suspected or actual violation of law or a breach of policy.
   3. Failure to make, or falsification of, any certification required under the Program.
   4. Lack of attention or diligence on the part of supervisory personnel that directly or indirectly leads to a violation of law.
   5. Direct or indirect retaliation against an employee/ Individual who reports a violation of the Program.

3. Possible Sanctions: The possible sanctions include, but are not limited to, termination of employment/contract, suspension, demotion, reduction in pay, reprimand, and/or retraining. Employees who engage in intentional or reckless violation of laws or regulations will be subject to more severe sanctions than accidental transgressors

4. Non-employment or Retention of Sanctioned Individuals: URMHC shall not knowingly employ any individual, or contract with any person or entity, who has been convicted of a criminal offense related to health care or who is listed by a Federal Agency or State as debarred, excluded, or otherwise ineligible for participation in federally funded or state health care programs. Additionally, until the OIC has completed a comprehensive review of any Individual found to be debarred\excluded from participation in a federal healthcare program, the Individual will be removed from their direct responsibilities. Confirmation of debarment\exclusion of an Individual will result in termination of employment or business relationship.

Compliance Investigations

URMHC, along with its legal counsel where necessary, shall promptly respond to and investigate all allegations of wrongdoing of employees whether such allegations are received through the URMC Integrity Help Line or in any other manner.

References

NYS Social Services Law Section 363-d – Provider Compliance Program

18 NYCRR Part 521 – Fraud, Waste and Abuse Prevention The U.S. Federal Sentencing Guidelines (FSG)

• Reference: U.S. Sentencing Guidelines § 8B2.1 – Effective Compliance and Ethics Program

The False Claims Act (FCA)

• Reference: 31 U.S.C. § 3729 – False Claims Act

OIG Compliance Program Guidance: The U.S. Department of Health and Human Services Office of Inspector General (OIG) provides guidance for compliance programs, especially in healthcare settings.

• Reference: 65 Fed. Reg. 59434 (Oct. 5, 2000 HIPAA Privacy Rule:
• Code of Federal Regulations (CFR) Title 45, Part 164

OIG Compliance Program Guidance for Home Health Agencies (HHAs)

• Reference: U.S. Department of Health and Human Services, Office of Inspector General (OIG) – Compliance Program Guidance for Home Health Agencies
• Federal Register: 63 Fed. Reg. 51758 (Sept. 28, 1998) OIG Compliance Program Guidance for Hospices
• Reference: U.S. Department of Health and Human Services, Office of Inspector General (OIG) – Compliance Program Guidance for Hospices
• Federal Register: 63 Fed. Reg. 53515 (Oct. 6, 1998

OIG General Compliance Program Guidance

• Reference: U.S. Department of Health and Human Services, Office of the Inspector General (OIG) –

General Compliance Program Guidance

1. November 2023