Compliance Training Policy

Policy: Compliance Training
Policy Number: 207 Policy Section: Compliance 
Owner: Trevor Purifoy Approved By: David Katcher
Effective Date: 6/22/2023 Date of Last Review: 12/11/24

SUD Specialty Group – CA, Mental Health Specialty Group, P.A., Mental Health Specialty Group NJ, PC, and Mental Health Specialty Group KS, P.A. (collectively, “Group”) contracts with Path, CCM, Inc. d/b/a Rula (“Rula”) for management and administrative support services.  Each entity within the Group and Rula may be referenced herein as a Company and, collectively, as the Companies.  This policy applies to all of the Companies. 

Policy Statement

Rula recognizes the importance of providing effective training that meets all compliance requirements. This policy outlines mandatory compliance training requirements for all team members and progressive disciplinary action for failure to complete or provide proof of timely training.

Applicability:

The section of this policy that addresses HIPAA training applies to all team members who have direct or indirect access to patient protected health information (PHI). The sections of this policy that addresses Medicare training applies to all team members who, directly or indirectly, provide services to Medicare beneficiaries. 

For purposes of this policy, the Group’s and Rula’s team members include individuals such as employees, independent contractors, business team members, and other persons whose work performance is under the direct purview of Rula or the Group’s business practices.

Definitions

HIPAA:  Health Insurance Portability and Accountability Act  

Policy

  1. HIPAA Training
    1. Mandatory HIPAA Training Requirements 
      1. Team members are required to have HIPAA training to help assure compliance with HIPAA policies and procedures to protect patient privacy. 
      2. Initial and recurrent training will be provided to team members who have direct or indirect access to PHI.
      3. The Privacy Officer will oversee the training and maintain documentation of satisfactory completion of training completed by team members for a minimum of ten (10) years.
    2. Initial HIPAA Training 
      1. Initial HIPAA training must be completed within 14 days after a person joins the team.
      2. Initial HIPAA training will include: 
        1. A summary of the information contained within the HIPAA policies and procedures;
        2. Education on covered vs non-covered entities;
        3. An overview of the applicable requirements of the HIPAA Privacy and Security Rules;
        4. An explanation of PHI and “minimum necessary standard” and how it applies to team members;
        5. An overview of permitted and required uses and disclosures;
        6. A summary of the process for reporting and handling unauthorized disclosures; and
        7. A description of the patient’s right to privacy and other patient rights under the HIPAA Privacy Rule.
    3. Recurrent HIPAA Training
      1. Recurrent training will be provided to team members at least annually. 
      2. Additional training may be provided for affected individuals if the HIPAA privacy policies undergo a material change or if there is a pattern or severity of HIPAA incident associated with a role, team or function. 
      3. The required additional training will be provided within a reasonable time after the material policy change becomes effective or the HIPAA incident.
      4. The content of the recurring training will be determined by the Privacy Officer. 
  1. Fraud, Waste, and Abuse and General Compliance Training (FWA Training)  
    1. FWA Training is required by all Rula employees and any team member who works with the Medicare beneficiaries in any capacity. Initial training must be completed within 14 days of joining the team.
      1. Team members are required to have FWA training to help assure compliance with Medicare rules, as necessary and appropriate for them to carry out their functions. 
      2. Initial and recurrent training will be provided to team members for whom training is necessary and appropriate for them to carry out their functions.
      3. The Compliance Officer will oversee the training and maintain documentation of satisfactory completion of training completed by team members for a minimum of ten (10) years.
      4. For those who are required to receive the training, FWA training must be completed upon initially joining the team and annually thereafter.
      5. FWA Training and General Compliance Training includes the following:
        1. How to recognize FWA in the Medicare Program
        2. Major FWA laws and regulations, including:
          1. Federal Civil False Claims Act (FCA)
          2. Criminal Health Care Fraud Statute
          3. Anti-Kickback Statute (AKS)
          4. Physician Self-Referral Law (Stark Statute)
          5. Civil Monetary Penalties Law (CMPL)
          6. Exclusion Statute
          7. HIPAA
        3. Potential consequences and violation penalties
        4. Methods to prevent FWA
        5. How to report FWA
        6. How to correct FWA
        7. An overview of Compliance policies and procedures
        8. The seven elements of an effective compliance program.

9.  How each individual can prevent non-compliance

    10. Obligation and methods to report non-compliance

11. The consequences of non-compliance

  1. Training Non-Compliance
    1. Failure to comply with mandatory training requirements may result in progressive disciplinary action up to and including termination for W-2 employees or removal from the Group for 1099 providers, as applicable.  For purposes of 1099 providers being removed from the Group, patient safety and clinical considerations may impact timing of removal.  
      1. W-2 employees who are not on an approved leave of absence are subject to the following actions: 
        1. Written warning if training is not completed within 30 days of the mandatory deadline. 
        2. Termination from employment may occur if training is not completed within 60 days after the mandatory deadline. 
      2. For purposes of recurring training requirements, 1099 providers with active patients may be subject to the following actions: 
        1. 1099 providers may be marked “On Pause” and may be unable to receive new patients but may continue to see current scheduled patients. Providers will be removed from “On Pause” status  following the completion of the training.
        2. The 1099 provider may be locked out of the EHR and any scheduled appointments will be canceled. Providers may return to providing services upon providing proof of completion of the training. 
        3. The 1099 provider may be terminated from the Group. 
      3. Non-provider contractors will have the following action: 
        1. Written warning if training is not completed within 30 days of the mandatory deadline. 
        2. Discontinuation of ability to contract with the Companies may be enforced if training is not completed within 60 days of the mandatory deadline. Access to all applicable systems may be discontinued at this time. 

Attachments: None

Was this article helpful?

0 out of 0 found this helpful