Banner Health Network



Banner Health Network’s (BHN) triple aim goals are: improving the patient’s experience of care, improving the health of populations, and reducing the per capita cost of health care. To meet these goals and our commitment to compliance BHN must ensure that our first tier, downstream, and related entities (FDRs) operate in compliance with the applicable law and regulatory guidance. FDRs must complete this Attestation Form upon contract execution and annually thereafter. BHN has developed this Attestation Form to facilitate its responsibilities of ensuring FDR compliance and to assist in providing a consistent process for oversight of the BHN FDRs.

Attestation Form Submission Instructions

Please complete the below attestation in its entirety and provide to Banner by due date listed below.

This Attestation Form must be signed by an individual with the authority to sign on behalf of FDR and to attest to the accuracy and completeness of the information provided.

Attestation Form Due Date:

The completed Attestation form may be mailed or scanned and e-mailed to:

Banner Health Network

BHN Compliance Dept.

Attn: Linda Steward

1441 N 12th St

Phoenix, AZ 85006

Office #: 602-747-2253

Linda.steward@

Please maintain records for 10 years that show that you have met these requirements. You may be called upon by us or CMS to provide documentation upon request. Examples of documentation include: (1) communication of Standards of Conduct in an email, website portal or contract; (2) FWA and general compliance training methods, materials used for training, employee sign-in sheet(s), attestations or electronic certifications that include the date of the training; (3) method of OIG/GSA and state (if applicable) exclusion checks and a copy of a sanction check report for each employee/contractor; and (4) policy(ies) and procedure(s) that describe the process(es) you use to meet the preceding requirements.

What if I identify a potential issue?

Please report all suspected or detected noncompliance, potential Fraud, Waste and Abuse, suspected breach of PHI or misconduct to us immediately so that we may investigate and respond appropriately. Reports can be made to your BHN Account Manager, business contact or BHN Compliance Officer. Confidential reports can be made to the Banner Health ComplyLIne at 888-747-7989. Callers are encouraged to provide contact information in case additional information is needed. You may also report anonymously. BHN expressly prohibits retaliation for reports made in good faith.

What if I identify an excluded individual or entity?

If you identify an excluded individual or entity employed or contracted by your organization, you must report this to BHN through either your Account Manager, business contact or BHN Compliance Officer.

Organization(s) Covered by Attestation: _______________________________________________________

Compliance Policies and Procedures

Chapter 21, Section 50.1.3, 42 CFR §§ 422.503(b)(4)(vi)(A), 23.504(b)(4)(vi)(A)

Please check (() one of the following:

☐ Contractor has implemented written compliance policies and procedures and Standards of Conduct compliant with the requirements of Chapter 21 and distributes the foregoing to all employees who provide health or administrative services for Medicare beneficiaries who are enrolled in a Medicare Part C or Part D plan (hereinafter referred to as “Employees”).

☐ If Contractor has not implemented written compliance policies and procedures and Standards of Conduct of its own, within 90 days of contracting with BHN and annually thereafter while the contract with BHN is in place, Contractor will distribute to all Employees BHN’s Standards of Conduct and compliance policies and procedures.

☐ If not attesting to either of the above, please provide an explanation:

|      |

Link to Banner Health’s Code of Conduct, Compliance Handbook, Compliance Plan and General Compliance Program Training:



General Compliance Training

Chapter 21, Section 50.3, 42 CFR §§ 422.503(b)(4)(vi)(C), 423.504(b)(4)(vi)(C)

Please check (() one of the following:

☐ Contractor will (1) require its Employees, at least annually, to take general compliance training[1] required by CMS and ensure that the general compliance training is part of the orientation of new Employees and (2) communicate to its Employees general compliance information provided by BHN.

☐ If Contractor does not have general compliance training adequate to meet CMS requirements, Contractor will require its Employees to take BHN’s general compliance training.

☐ If not attesting to either the above, please provide an explanation:

|      |

Link to Banner Health’s General Compliance Training and Compliance Program Training:



FWA Training

Chapter 21, Section 50.3, 42 CFR §§ 422.503(b)(4)(vi)(C), 423.504(b)(4)(vi)(C)

Please check (() one of the following:

☐ Contractor meets Fraud, Waste, and Abuse (“FWA”) certification requirements through enrollment into the Medicare program or through accreditation as a supplier of Durable Medical Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS) and, as such, is “deemed” compliant with CMS FWA training requirements.

☐ Within 90 days of hire/contracting with BHN and annually thereafter, Contractor provides all of its Employees FWA training compliant with CMS requirements or requires its employees to take training developed by CMS and available through CMS Medicare Learning Network (MLN) at .

☐ If not attesting to either of the above, please provide an explanation:

|      |

Link to CMS’s Fraud, Waste and Abuse Training:



OIG/GSA Exclusion

Chapter 21, 50.6.8, 42 CFR §§ 422.503(b)(4)(vi)(F), 423.504(b)(4)(vi)(F), 42 CFR 1001.1901

Please check (() one of the following:

☐ Contractor reviews the DHHS OIG List of Excluded Individuals and Entities (LEIE list) and the GSA Excluded Parties Lists System (EPLS) prior to the hiring or contracting of any new Employee, temporary Employee, volunteer, consultant, governing body member, and downstream entities, and monthly thereafter, to ensure that none of these persons or entities are excluded or become excluded from participation in federal programs and (2) will immediately disclose (and has disclosed) any exclusion, or other event that makes them ineligible to perform work related directly or indirectly to Federal health care programs to BHN.

☐ If not attesting to the above, please provide an explanation:

|      |

[Remainder of page intentionally left blank.]

Conflict of Interest

Chapter 21, 50.6.4, 42 CFR §§ 422.503(b)(4)(vi)(F), 423.504(b)(4)(vi)(F), 42 CFR 1001.1901

Please check (() one of the following:

☐ Contractor has a process in place to effectively screen its governing bodies and senior leadership for conflicts of interest.

☐ If not attesting to the above, please provide an explanation:

|      |

[Remainder of page intentionally left blank.]

Record Retention

Chapter 21, Section 50.3.2, 42 C.F.R. §§ 422.503(b)(4)(vi)(C), 423.504(b)(4)(vi)(C), 42 CFR 422.504 (e) (4)

☐ Contractor retains records to support this attestation including but not limited to time, attendance, topic, certificates of completion (if applicable), and test scores of any tests administered to Employees for at least ten (10) years, or longer if required by applicable law.

☐ If not attesting to the above, please provide an explanation:

|      |

[Remainder of page intentionally left blank.]

Business Continuity and Disaster Recovery Management

Health Insurance Portability and Accountability Act: Sec 164.306 Security Standards: General Rules; Sec.164.308 Administrative Safeguards: (a)(7)(i) Contingency Plan Standard and (a)(7)(ii) Contingency Plan Implementation Specifications.

Please check (() one of the following:

☐ Contractor has a disaster recovery management plan in place to effectively provide system-wide consistency and conformity of emergency, business continuity, and disaster recovery management activities.

☐ If not attesting to the above, please provide an explanation:

|      |

[Remainder of page intentionally left blank.]

HIPAA & Privacy

Health Insurance Portability and Accountability Act: of 1996 and 45 Code of Federal Regulations. HITECH Act provisions within the American Recovery and Reinvestment Act of 2009. If the Contractor has access to BHN’s protected health information there must be a Business Associate Agreement (BAA). This also requires that the Contractor have a process to notify BHN if a breach of unsecured protected health information occurs. Must provide notice to BHN without reasonable delay and not later than 60 days from discovery of the breach.

Please check (() one of the following:

☐ Contractor has appropriate safeguards and controls in place to protect and secure BHN’s protected health information from any intentional or unintentional use or disclosure.

☐ If not attesting to the above, please provide an explanation:

|      |

In addition, please provide responses to the questions below:

1) Is there a current and executed BAA between BHN and the Contractor? Yes ☐ No ☐

2) Does the Contractor have a process to notify BHN if a breach occurs? Yes ☐ No ☐

ICD-10

45 CFR 162.1002 HHS’s final regulation that adopted the ICD-10 code set as HIPAA standards. Contractor has the planning, communications, testing and training in place to ensure compliance with meeting the 10/1/15 due date and implementation of the ICD-10 code set.

Please check (() one of the following:

☐ Contractor will be compliant with the 10/1/15 due date and implementation of the ICD-10 code set.

☐ If not attesting to the above, please provide an explanation:

|      |

[Remainder of page intentionally left blank.]

Sub-Contract and Offshore Contracts

Health Insurance Portability and Accountability Act of 1996, 45 CFR Parts 160, 162 and 64,CMS issued guidance 08/15/2006 and 07/23/2007; and 2008 Call Letter

1. Does your or organization sub-contract any functions?

Yes No If yes, provide sub-contract name(s) and function(s) each preforms:

|      |

2. Does your organization outsource (claims scanning, claims data entry or claims processing, mailroom services, etc.)

Yes No If yes, provide entity name(s) and function(s) each preforms:

|      |

3. If Yes, for either 1 or 2 above. Have you communicated these contractual relationships to Banner Health Network?

Yes No If yes, provide name of person this was communicated to and the date:

|      |

4. If Yes, for either 1 or 2 above. Are any of these contractual relationships or functions located offshore? (“offshore” refers to any country that is not one of the fifty United States or one of the United States Territories (American Samoa, Guam, Northern Marianas, Puerto Rico and Virgin Islands).

Yes No If yes, provide entity name(s) and function(s) each preforms:

|      |

Sub-Contract and Offshore Contracts - continued

5. If Yes, for 4. Have you submitted a completed offshore attestation for each of the entities you provided above for 4 to Banner Health Network?

Yes, If yes, provide a copy submitted

No, If no, Please complete and return the BHN Offshore Subcontractor Attestation attached hereto as Attachment A, annually thereafter as well as within 20 days of entering into or amending any agreement with an Offshore Subcontractor.

Signature

By signing below, I attest that I have carefully reviewed the information provided on this Attestation Form and attest to its completeness and accuracy, and that I have the authority to sign this Attestation on behalf of the Contractor.

Print Name: _____________________________________________________

Print Title: _____________________________________________________

Signature: _____________________________________

Date: _________________________________

|Name of Entity Completing Attestation: |

|Enter your name, your title and the date that you completed this attestation: |

|Name: Title: Signature: |

|Date: |

|Do you utilize offshore subcontractors? | |

|Centers for Medicare and Medicaid Services define an offshore subcontractor as the following: The term “subcontractor” refers to any | |

|organization that a Medicare Advantage Organization or Part D sponsor contracts with to fulfill or help fulfill requirements in their | |

|Part C and/or Part D contracts. Subcontractors include all first-tier, downstream and/or related entities. The term “offshore” refers to | |

|any country that is not one of the fifty United States or one of the United States territories (American Samoa, Guam, Northern Marianas, | |

|Puerto Rico, and Virgin Islands). Examples of countries that meet the definition of “offshore” include Mexico, Canada, India, Germany, | |

|and Japan. Subcontractors that are considered offshore can be either American-owned companies with certain portions of their operations | |

|performed outside of the United States or foreign-owned companies with their operations performed outside of the United States. Offshore |Response: Yes |

|subcontractors provide services that are performed by workers located in offshore countries, regardless of whether the workers are |No |

|employees of American or foreign companies. | |

|We engage in offshore subcontracting that involves receiving, processing, transferring, handling, storing, or accessing protected health |Response: Yes |

|information (PHI). |No |

|If “No,” the survey is complete and you do not need to complete or submit the attestation. | |

|If “Yes,” continue completing the form below and provide a copy to: | |

| | |

|Banner Health Network | |

|BHN Compliance Department | |

|Attn: Linda Steward | |

|Provider Network Management 1441 N 12th St | |

|Phoenix, AZ 85006 | |

|If a new offshore subcontractor is added, the full Offshore Subcontractor Attestation must be completed and sent to Banner Health Network| |

|within 20 calendar days from the date the contract is signed with the Offshore Vendor. | |

| |

|Part I. Offshore Subcontractor Information |

| | |

|Offshore Subcontractor Name: | |

| | |

|Offshore Subcontractor Country: | |

| | |

|Offshore Subcontractor Address: | |

| | |

| | |

| | |

|Describe Offshore Subcontractor Functions: | |

|Effective Date for Offshore Subcontractor: | |

|(Month, Day, Year: Example | |

|January 15, 2009) | |

| |

|Part II. Precautions for PHI |

| | |

|Describe the PHI that will be provided to the | |

|offshore subcontractor: | |

| | |

|Discuss why providing PHI is necessary to | |

|accomplish the offshore subcontractor objectives: | |

| | |

| | |

|Describe alternatives considered to avoid | |

|providing PHI, and why each alternative was | |

|rejected: | |

|Part I. Attestation of Safeguards to Project Beneficiary Information in the Offshore Subcontract |

| | |Response: Yes |

|Item |Attestation |No |

|I.1. |Offshore subcontracting arrangement has policies and procedures in place to ensure that Medicare beneficiary PHI| |

| |and other personal information remains secure | |

|I.2. |Offshore subcontracting arrangement prohibits subcontractor’s access to Medicare data not associated with the | |

| |sponsor’s contract with the offshore subcontractor | |

|I.3. |Offshore subcontracting arrangement has policies and procedures in place that allow for immediate termination of| |

| |the subcontract upon discovery of a significant security breach | |

|I.4. |Offshore subcontracting arrangement includes all required Medicare Part C and D language such as record | |

| |retention requirements, compliance with all Medicare Part C and D requirements, etc. | |

|Part II. Attestation of Audit Requirements to Ensure Protection of PHI |

| | |Response: Yes |

|Item |Attestation |No |

|II.1. |Organization will conduct an annual audit of the offshore subcontractor | |

|II.2. |Audit results will be used by the Organization to evaluate the continuation of its relationship with the offshore | |

| |subcontractor | |

|II.3. |Organization agrees to share offshore subcontractors audit results with CMS upon request | |

-----------------------

[1] Per CMS guidance, the following are examples of topics the general compliance training program should communicate:

• A description of the compliance program, including a review of compliance policies and procedures, the Standards of Conduct, and the Banner’s commitment to business ethics and compliance with all Medicare program requirements;

• An overview of how to ask compliance questions, request compliance clarification or report suspected or detected noncompliance. Training should emphasize confidentiality, anonymity, and non-retaliation for compliance related questions or reports of suspected or detected noncompliance or potential FWA;

• The requirement to report to Banner actual or suspected Medicare program noncompliance or potential FWA;

• Examples of reportable noncompliance that an employee might observe;

• A review of the disciplinary guidelines for non-compliant or fraudulent behavior. The guidelines will communicate how such behavior can result in mandatory retraining and may result in disciplinary action, including possible termination when such behavior is serious or repeated or when knowledge of a possible violation is not reported;

• Attendance and participation in compliance and FWA training programs as a condition of continued employment and a criterion to be included in employee evaluations;

• A review of policies related to contracting with the government, such as the laws addressing gifts and gratuities for Government employees;

• A review of potential conflicts of interest and the sponsor’s system for disclosure of conflicts of interest;

• An overview of HIPAA/HITECH, the CMS Data Use Agreement (if applicable), and the importance of maintaining the confidentiality of personal health information;

• An overview of the monitoring and auditing process; and

• A review of the laws that govern employee conduct in the Medicare program.

-----------------------

Banner Health Network

Offshore Subcontracting Attestation

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download