(a) The General Assembly finds that:
(1) Medical assistance providers potentially are able to detect and correct payment and billing mistakes and fraud if required to develop and implement compliance programs;
(2) A provider compliance program makes it possible to organize provider resources to resolve payment discrepancies, detect inaccurate billings as quickly and efficiently as possible, and to impose systemic checks and balances to prevent future recurrences;
(3) It is in the public interest that providers within the medical assistance program implement compliance programs;
(4) The wide variety of provider types in the medical assistance program necessitates a variety of compliance programs that reflect a provider's size, complexity, resources, and culture;
(5) For a compliance program to be effective, it must be designed to be compatible with the provider's characteristics;
(6) Key components shall be included in each compliance program if a provider is to be a medical assistance program participant; and
(7) A provider should adopt and implement an effective compliance program appropriate to the provider.
(b) A provider of medical assistance program items and services that receives annually seven hundred fifty thousand dollars ($750,000) or more through the state Medicaid program shall adopt and implement a compliance program.
(c)
(1) The Office of Medicaid Inspector General shall create and make available on its website guidelines including a model compliance program.
(2) A model compliance program under subdivision (c)(1) of this section shall be applicable to billings to and payments from the medical assistance program but need not be confined to billings and payments.
(3) The model compliance program required under subdivision (c)(1) of this section may be a component of a more comprehensive compliance program by the medical assistance provider if the comprehensive compliance program meets the requirements of this section.
(d) A compliance program shall include without limitation:
(1) A written policy and procedure that:
(A) Describes compliance expectations;
(B) Describes the implementation of the operation of the compliance program;
(C) Provides guidance to employees and others on dealing with potential compliance issues;
(D) Identifies a method for communicating compliance issues to appropriate compliance personnel; and
(E) Describes the method by which potential compliance problems are investigated and resolved;
(2)
(A) Designation of an employee vested with responsibility for the operation of the compliance program.
(B) The designated employee's duties may solely relate to compliance or may be combined with other duties if compliance responsibilities are satisfactorily carried out.
(C) The designated employee shall report directly to the entity's chief executive or other senior administrator and periodically shall report directly to the governing body of the provider on the activities of the compliance program;
(3)
(A) Training and education of affected employees and persons associated with the provider, including executives and governing body members, on compliance issues, expectations, and the compliance program operation.
(B) The training under subdivision (d)(3)(A) of this section shall occur periodically and shall be made a part of the orientation for a new employee, appointee, associate, executive, or governing body member;
(4)
(A) Lines of communication to the designated compliance employee that are accessible to all employees, persons associated with the provider, executives, and governing body members to allow compliance issues to be reported.
(B) The lines of communication under subdivision (d)(4)(A) of this section shall include a method for anonymous and confidential good-faith reporting of potential compliance issues as they are identified;
(5) Disciplinary policies to encourage good-faith participation in the compliance program by an affected individual, including a policy that articulates expectations for reporting compliance issues and assisting in their resolution and outlines sanctions for:
(A) Failing to report suspected problems;
(B) Participating in noncompliant behavior; and
(C) Encouraging, directing, facilitating, or permitting noncompliant behavior;
(6) A system for routine identification of compliance risk areas specific to the provider type for:
(A) Self-evaluation of the risk areas, including internal audits and as appropriate external audits; and
(B) Evaluation of potential or actual noncompliance as a result of the self-evaluations and audits;
(7) A system for:
(A) Responding to compliance issues as they are raised;
(B) Investigating potential compliance problems;
(C) Responding to compliance problems as identified in the course of self-evaluations and audits;
(D) Correcting problems promptly and thoroughly and implementing procedures, policies, and systems to reduce the potential for recurrence;
(E) Identifying and reporting compliance issues to the Department of Human Services or the Office of Medicaid Inspector General; and
(F) Refunding overpayments; and
(8) A policy of nonintimidation and nonretaliation for good-faith participation in the compliance program, including without limitation:
(A) Reporting potential issues;
(B) Investigating issues;
(C) Self-evaluations;
(D) Audits and remedial actions; and
(E) Reporting to appropriate officials.
(e)
(1) Upon enrollment in the medical assistance program, a provider shall certify to the Department of Human Services that the provider satisfactorily meets the requirements of this section.
(2) The Medicaid Inspector General shall determine whether a provider has a compliance program that satisfactorily meets the requirements of this section by requesting no more than one (1) time every year an updated certification that the provider satisfactorily meets the requirements of this section.
(f) A compliance program that is accepted by the United States Department of Health and Human Services' Office of Inspector General and remains in compliance with the standards of the Office of Medicaid Inspector General is in compliance with this section.
(g) If the Medicaid Inspector General finds that a provider does not have a satisfactory compliance program within ninety (90) days after the effective date of a rule adopted under this section, the provider is subject to any sanction or penalty permitted by a state law or rule or a federal law or regulation, including revocation of the provider's agreement to participate in the medical assistance program.
(h)
(1) The Office of Medicaid Inspector General shall adopt rules to implement this section.
(2) The rules shall be subject to review by the Legislative Council.