5101:3-26-06 Managed health care programs: program integrity - fraud and abuse, audits, reporting, and record retention.

(A) MCPs must have administrative and management arrangements or procedures, including a mandatory compliance plan, to guard against fraud and abuse.

(1) These arrangements or procedures must include the implementation of sound business practices which support appropriate access to and appropriate payment for quality services and must include the following:

(a) Written policies, procedures, and standards of conduct that articulate the MCP's commitment to comply with all applicable federal and state standards, including the prevention, identification, investigation, correction, and reporting of fraud and abuse;

(b) Designation of a compliance officer and a compliance committee that are accountable to senior management;

(c) Effective training and education for the compliance officer and the MCP's employees;

(d) Effective lines of communication between the compliance officer and the MCP's employees. To ensure effective communication, the MCP must organize resources to respond to complaints of fraud and abuse and have established procedures to process these complaints;

(e) Education of providers and delegated entities about fraud and abuse;

(f) Enforcement of MCP standards through well-publicized disciplinary guidelines;

(g) Provision for internal monitoring and auditing, including procedures to monitor service patterns of providers and subcontractors;

(h) Establishment and/or modification of internal MCP controls to ensure the proper submission and payment of claims;

(i) Provision for prompt response to detected offenses, and for development of corrective action initiatives relating to the MCP's contract; and

(j) Prompt reporting of all instances of fraud and abuse to ODM and member fraud to the CDJFS.

(2) These arrangements or procedures must be made available to ODM upon request.

(3) MCPs must annually submit to ODM a report which summarizes the MCP's fraud and abuse activities for the previous year and which identifies any proposed changes to the MCP's fraud and abuse program for the coming year.

(B) ODM or its designee, the state auditor's office, the state attorney general's office, the MFCU and the U.S. department of health and human services may evaluate or audit a contracting MCP's performance for the purpose of determining compliance with the requirements of Chapter 5101:3-26 of the Administrative Code, fraud and abuse statutes, applicable state and federal regulations or requirements under federal waiver authority.

(C) ODM or its designee may conduct on-site audits and reviews as deemed necessary based on periodic analysis of financial, utilization, provider panel, and other information.

(D) The MCP must submit required reports and additional information, as requested by ODM, as related to their duties and obligations and where needed to assure operation in accordance with all state and federal regulations or requirements.

(E) Failure of the MCP to submit any ODM-requested materials, as specified in paragraph (D) of this rule, without cause as determined by ODM, on or before the due date, may result in application of any or all of the sanctions listed in rule 5101:3-26-10 of the Administrative Code.

(F) Record retention.

All hard copy or electronic records originated or prepared in connection with the MCP's performance of its obligations under the provider agreement, including but not limited to working papers or information related to the preparation of reports, medical records, progress notes, charges, journals, ledgers, and fiscal reports, will be retained and safeguarded by the MCP and its subcontractors in accordance with applicable sections of the federal regulations, the Revised Code, and the Administrative Code. Records stored electronically must be produced at the MCP's expense, upon request, in the format specified by state or federal authorities. All such records must be maintained for a minimum of eight years from the renewal, amendment or termination date of the provider agreement or in the event that the MCP has been notified that state or federal authorities have commenced an audit or investigation of the provider agreement, until such time as the matter under audit or investigation has been resolved. For the initial three years of the retention period, the records must be stored in a manner and place that provides readily available access.

Effective: 07/01/2013
R.C. 119.032 review dates: 04/01/2014
Promulgated Under: 119.03
Statutory Authority: 5111.02 , 5111.16 , 5111.17
Rule Amplifies: 5111.01 , 5111.02 , 5111.021 , 5111.16 , 5111.17
Prior Effective Dates: 4/1/85, 2/15/89 (Emer), 5/8/89, 5/1/92, 5/1/93, 11/1/94, 7/1/96, 7/1/97 (Emer), 9/27/97, 12/10/99, 7/1/00, 7/1/01, 7/1/03, 7/1/04, 10/31/05, 6/1/09