MOUNTAIN HEALTH COOPERATIVE
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND
DISCLOSED HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY. The MOUNTAIN HEALTH COOPERATIVE (“Co-Op”) is committed to safeguarding and protecting your protected health information from unauthorized uses and disclosures.
We apply the protections and practices described in this notice to all protected health information that we maintain, including the information of former members who are no longer covered by us. We abide by the notice that is currently in effect. This notice is effective October 1, 2014.
We may use and disclose your protected health information under the following circumstances without your permission. Not every possible use or disclosure in each category is listed.
Treatment. We may use or disclose your protected health information your health care providers to facilitate medical treatment and services. We may disclose your protected health information for the treatment activities of any of your health care providers, for example, to provide you with preventative health, early detection and disease and case management programs.
Payment. We may use your protected health information for payment purposes, for example, to facilitate payment for the treatment and services you receive from health care providers, to determine benefit responsibility under your plan, to coordinate plan coverage, to assist with processing or adjudicating claims and for our other payment activities.
Health Care Operations. We may use your protected health information for Co-op health care operations, for example, Co-Op operational or administrative purposes necessary to run the Co-Op, conducting quality assessment and improvement activities, premium rating, submitting claims for stop-loss or excess loss coverage, conducting or arranging for medical review, legal services, audit services, compliance activities, business planning, development and cost management, and general Co-Op administration. We may also disclose protected health2 information about you to another covered entity for its operational activities under certain circumstances. We are prohibited by law from using or disclosing genetic health care information for underwriting purposes.
Business Associates. We may contract with individuals or entities known as Business Associates to perform various functions on the Co-Op’s behalf or to provide certain services to the Co-Op. In order to perform such functions or provide such services, Business Associates may receive, create, maintain, use and/or disclose your protected health information, but only after they agree with us in writing to implement appropriate safeguards regarding your protected health information.
To Plan Sponsors. For purposes of administering employer sponsored group health plans, we may disclose your protected health information to certain employees of your employer. However, those employees may only use or disclose that information as necessary to perform plan administration functions or as otherwise required or authorized by HIPAA, unless you have authorized further use or disclosures. Your protected health information cannot be used for employment purposes without your specific authorization.
Health-Related Services, Reminders and Marketing. We may use your personal information to communicate with you for health-related services, reminders, and/or marketing activities, for example informing you of available or replacement health plans or enhancements, reminding you to obtain preventive health services, including wellness classes and information, and providing information on treatment alternatives or health- related benefits and services. We will not use or disclose your protected health information for marketing communications unless you authorize us to do so, except as permitted by law. Further, we will not sell your protected health information without your authorization, except as permitted by law.
In addition to the above uses and disclosures, the following categories describe other possible ways that we may use and disclose your protected health information. Not every possible use or disclosure in each category is listed.
As Required by Law. We may disclose your protected health information when required to do so by federal, state or local law, including disclosures to government agencies with certain oversight responsibilities. The law also requires that we make your personal information available to you, subject to certain limited exceptions.
To Avert a Serious Threat to Health or Safety. We may use and disclose your protected health information when necessary to prevent a serious threat to your health and safety, or the health and safety of the public or another person. Any disclosure, however, would only be to3 someone able to help prevent the threat. For example, we may disclose your protected health information in a proceeding regarding the licensure of a physician.
Law Enforcement. We may release protected health information if asked to do so by a law enforcement official: in response to a court order, warrant, summons or other similar process; to identify or locate a suspect, fugitive, material witness, or missing person; about the victim of a crime if, under limited circumstances, we are unable to obtain the person's agreement; about a death we believe may be the result of criminal conduct; about criminal conduct; and in emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.
Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose protected health information about you in response to a court or administrative order. In certain circumstances, we may disclose protected health information about you in response to a subpoena or discovery request.
Workers’ Compensation. We may disclose your protected health information for workers’ compensation or similar programs. These programs provide benefits for work related injuries or illness.
Public Health Risks. We may disclose your protected health information for public health actions. These actions generally include the following:
Government Audits and Oversight Activities. We are required to disclose your protected health information to the Secretary of the United States Department of Health and Human Services when the Secretary is investigating or determining our compliance with the HIPAA Privacy Rule. We may also use or disclose your protected health information for health care oversight, such as activities of state insurance commissioners, HHS, the U.S.4 Department of Labor, and the U.S. Food and Drug Administration, licensing and peer review authorities, and fraud prevention agencies.
Military and Veterans. We may disclose your protected health information as required by military command authorities, if you are a member of the armed forces.
Coroners, Medical Examiners and Funeral Directors. We may release protected health information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information about patients to funeral directors as necessary to carry out their duties.
Other Special Situations. We may also use and disclose your protected health information under certain circumstances relating to the following categories.
Personal Representatives. We generally will disclose your protected health information to an individual designated or authorized as your personal representative, attorney-in-fact or agent, guardian, etc., so long as we are provided with a written authorization or other legally valid and sufficient document (e.g., power of attorney, letters of guardianship, etc.). Such disclosures will not be made under certain circumstances, such as where you have been subjected to domestic violence, abuse or neglect by such person, treating such person as your personal representative could endanger you, or where in the exercise of professional judgment, we determine it is not in your best interests to treat the person as your personal representative.
Family and Friends Involved in Care. We may share your protected health information with your spouse, family members, friends or other persons whom you identify as being involved in your care or payment for health care. We may also discuss this information with these other persons if you are present and agree or you do not object when given the opportunity to do so. If you are not present or it is impracticable to gain your consent for5 certain disclosures, because of emergency or other circumstances, we may discuss your protected health information with a family member or other person involved in your care, when, in exercising our professional judgment, we determine that doing so would be in your best interest. We may also use our professional judgment and experience to make reasonable inferences about your best interests in allowing another person to act on your behalf in certain circumstances. In addition, if you are deceased we may disclose personal information as allowed by law about you to a family member or other certain other persons who were involved in your care or payment for your care prior to your death if the information is relevant to that person’s involvement, unless doing so is inconsistent with any prior expressed preference of your that is known to us.
Other Uses and Disclosures Only As Authorized by You. We must obtain a separate, specific authorization from you to use or disclose your protected health information for any purpose not covered by this notice or the laws that apply to us. Authorizations are valid for up to two (2) years. You may revoke your written authorization at any time, so long as the revocation is in writing. Once we receive your written revocation, it will be effective only for future uses and disclosures. It will not be effective for any use or disclosure made in reliance upon the written authorization and made prior to receiving your written revocation.
Use and Disclosure of Certain Types of Medical Information. Certain types of personal information require that we provide greater privacy protection. For example, use or disclosure of certain types of personal information must be specifically authorized by you or be required by law for certain HIV Test Information, Genetic Information, Psychotherapy Notes, or Alcoholism or Drug Abuse Information.
No Use of Genetic Information. We are prohibited by law from using or disclosing your protected health information that is genetic information for purposes of underwriting. If we request your health information at any time, we are not requesting your genetic information.
You have the rights described below in regard to the protected health information that we maintain about you. You are required to submit a written request to exercise any of these rights. You may contact our Privacy Official to obtain a form that you can use to exercise any of the rights listed below.
Right to Inspect and Copy. You have the right to inspect and copy certain protected health information used to make decisions about your health benefits. To inspect and copy your protected health information, you must submit your request in writing to our Privacy Official. We may charge you a reasonable fee for the costs of copying, mailing and supplies associated with your request. We may deny your request to inspect and/or copy your protected health information in certain limited circumstances. If you are denied access, you may request that the denial be reviewed by submitting a written request to our Privacy Official.6
Right to Amend. If you feel that protected health information that we have about you is incorrect or incomplete, you may make a written request that we amend it. You have the right to request an amendment for as long as the information is kept by us. To request an amendment, your request must be made in writing and submitted to our Privacy Official. In addition, you must provide a reason that supports your amendment request. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask to amend information that we did not create; that is not part of the protected health information that we maintain; that is not part of the information that you would be permitted to inspect and copy; or that is accurate and complete.
Right to an Accounting of Disclosures. You have the right to request one free "accounting of disclosures" of your protected health information every 12 months. This is a list of certain disclosures we have made of your protected health information. There are several categories of disclosures that we are not required to list in the accounting. For example, we are not required to keep track of disclosures that are authorized. Your request must state a time period, which may not be longer than 6 years. If you request more than one accounting in a 12-month period, we may charge you for the costs of providing the list.
Right to Request Restrictions. You have the right to request a restriction or limitation on the protected health information we use or disclose for treatment, payment or health care operations. You also have the right to request a limit on the protected health information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. We are not required to agree to your request (except with respect to certain disclosures to a health plan solely with respect to a health care item or service for which the health care provider has been paid out-of-pocket in full). To request restrictions, you must make your request in writing to our Privacy Official. If we agree, we will comply with your request. In your request, you must indicate the type of restriction you want, the information you want restricted and to whom you want the limits to apply, for example, your spouse.
Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail. To request confidential communications, you must make your request in writing to our Privacy Official. We will not ask you the specific reason for your request, but you must clearly indicate that the disclosure of all or part of your information may endanger you. You must specify how or where you wish to be contacted. We will accommodate all reasonable requests.
Right to be Notified of a Breach. You have the right to be notified as required by law in the event that we or a Business Associate discover a breach of your unsecured protected health information.
Right to a Paper Copy of This Notice. You have the right to a paper copy of this notice. To obtain a paper copy of this Notice, contact our Privacy Official.7
We reserve the right to amend this Notice. Copies of the current Notice will be posted at the Co- Op’s offices and will be available for you to pick up on each visit to the Co-Op. Contacting Our Privacy Official
For more information about our privacy practices, to discuss questions or concerns, or to receive additional copies of this notice, you may contact our Privacy
Official as follows:
Mountain Health Cooperative
1545 E. Iron Eagle Drive, Suite 103
Eagle, ID 83616
If you believe your privacy rights have been violated, you may file a complaint with us or with the Office of Civil Rights of the Department of Health and Human Services (OCR/HHS). To file a complaint with us, contact our Privacy Officer as described above. To file a complaint with the OCR/HHS, you must submit the complaint within 180 days of when you knew or should have known of the circumstance that led to the complaint. The complaint must be submitted in writing. Information on how to file a complaint can be located on the OCR/HHS website at: http://www.hhs.gov/ocr/privacy/index.html. You will not be retaliated against for filing a complaint.
We will follow the privacy practices described in this notice, but we may change our privacy practices at any time. For example if privacy laws change, we will change our practices to comply with the law. If this occurs, we will send a new notice to you prior to making a significant change in our practices. Any changes will apply to all protected health information we have in our possession, including any information created or received before we changed the notice.
Mountain Health Cooperative
Corporate Compliance Program
Established June 2014
It is the policy and commitment of Mountain Health Cooperative (the “CO-OP”) to observe the highest standard of business ethics and integrity, and to consistently and fully comply with all laws and regulations governing its business operations as a private, nonprofit Consumer Operated and Oriented Plan (“CO-OP”), whose mission is to issue qualified health plans in the individual and group insurance markets.
The CO-OP demands that all members of its Board of Directors and its officers, employees, workforce members and contractors (collectively referred to as “workforce”) adhere to the highest legal and ethical standards to ensure and reinforce the CO-OP’s status as a responsible corporate citizen and to maintain the utmost confidence of the CO-OP’s members, providers, employees and the public in its honesty and integrity.
In order to effect the CO-OP’s commitment to the highest legal and ethical standards and establish an environment that promotes legal and ethical behavior, the CO-OP has adopted this Corporate Integrity and Compliance Program which includes the “Code of Business Ethics and Conduct” attached as Appendix A (hereafter “the Code”). The Code is intended to reinforce, on a day-to-day basis, the CO-OP’s commitment to a working environment which encourages and requires ethical behavior, maintains the CO-OP’s high standards for integrity and honesty and demonstrates the CO-OP’s strong commitment to ethical and lawful conduct. The policy of the CO-OP is to deter or prevent the occurrence of unethical or unlawful behavior, to detect as early as possible such behavior whenever it occurs, to appropriately disclose or report such behavior to authorities and to actively and fully cooperate in any investigation or regulatory inquiry.
The CO-OP may enter into and perform services under certain government contracts. The CO-OP is committed to full and comprehensive compliance with all of its contractual obligations regarding these services, and will, as appropriate, adopt specific policies, procedures and corporate standards for all workforce members who work on such contracts, provide appropriate training and resources, and operate an effective compliance program in regards to such contracts.
As used in this document, the term “employee” shall be deemed to include all workforce members where the context so allows. Revised 09/10/13
General. The Code sets forth the fundamental legal and ethical principles for conducting all aspects of CO-OP business. The CO-OP has adopted, or will adopt from time to time, detailed CO-OP policies, procedures and standards for conducting its business and other CO-OP manuals, memoranda, instructions and directions applicable to particular job functions. The Compliance Officer shall coordinate with management to ensure that all employees have open access to the Code and to all such policies, procedures and standards and specific policies which bear on their duties and responsibilities, and that all employees receive periodic notification as to the location of such resources. The CO-OP policy assuring non-retaliation for bringing forward good faith issues of concern to the CO-OP is incorporated in Appendix B, hereto.
The CO-OP’s Board of Directors has adopted and will support and monitor the implementation of this Corporate Integrity and Compliance Program, including the Code of Business Ethics and Conduct, (referred to herein collectively as the “Compliance Program”) to demonstrate the CO-OP’s commitment to full and comprehensive compliance with all applicable laws and regulations, and contract terms and conditions, including, without limitation, the CO-OP’s obligation under any and all government contracts. At least annually, the CO-OP’s Board of Directors shall review the Corporate Integrity and Compliance Program and the Code of Business Ethics and Conduct and shall ratify or amend the Compliance Program and Codes as appropriate.
General. The Audit & Compliance Committee of the CO-OP’s Board of Directors (hereinafter the “Board Audit & Compliance Committee”) is comprised of at least three (3) Directors, a majority of whom are not employed by the CO-OP or its affiliates.
Responsibilities. The Board Audit & Compliance Committee is responsible for maintaining a strong Board involvement in ensuring that the CO-OP has fully implemented the Compliance Program and the Code and that the Program is operating in an effective manner. At least annually, the Committee shall review the Code and the Compliance Program and shall present the Code and the Compliance Program to the Board for approval, together with such changes and amendments to the Code and the5 Revised 09/10/13 Compliance Program as the Committee considers appropriate. The Committee and the Corporate Compliance Officer shall maintain close communications among themselves and with the CO-OP Board of Directors as a whole, and shall address and review matters concerning or relating to the Compliance Program so that it can take appropriate action or make appropriate recommendations for Board action.
Duties. In carrying out its responsibilities under the Compliance Program, the Board Audit & Compliance Committee shall:
General. The CO-OP’s Chief Operating Officer (“COO”) shall serve as Corporate Compliance Officer (the “Compliance Officer”). The Compliance Officer is responsible for administration of the Compliance Program for the CO-OP. The Compliance Officer reports to the Board of Directors and to the President and Chief Executive Officer.6 Revised 09/10/13
Duties and Responsibilities. The duties and responsibilities of the Compliance Officer includes the following:
The Compliance Officer shall also serve as the designated Security Official responsible for the development and implementation of the policies and procedures required by the Security Standards for the Protection of Electronic Protected Health Information (45 CFR part 164, Subpart C).
The Compliance Officer shall also be responsible for the CO-OP’s compliance with applicable provisions of Health Information Technology for Economic and Clinical Health Act regulations regarding Notification in the Case of Breach of Unsecured Protected Health Information (45 CFR part 164,
General. The Corporate Compliance Committee shall provide oversight, advice, support and general guidance, as appropriate, to the Corporate Compliance Officer in the discharge of his or her responsibilities. The Corporate Compliance Committee shall be comprised of the following officers and employees: the Corporate Compliance Officer, Controller/Chief Financial Officer, Chief Executive Officer and Legal Counsel. The CEO shall appoint such other persons to the Corporate Compliance Committee as he or she deems appropriate. The Committee shall be chaired by the Corporate Compliance Officer.
The Corporate Compliance Officer shall keep the Corporate Compliance Committee informed of any significant actions taken with respect to the implementation, administration and operation of the Compliance Program and shall prepare recommendations on compliance-related policies, procedures and corporate standards for review by the Committee.
Responsibilities. The Corporate Compliance Committee shall assist and support the Compliance Officer overseeing the continual improvement in the performance of the Compliance Program, including, but not limited to:
It is the responsibility of all executive, management and supervisory personnel to ensure that all employees comply with all applicable laws and regulations, including but not limited to those related to health insurance issuers, terms and conditions of Government Contracts, and the Compliance Program and Code. This responsibility is of the highest priority, and CO-OP management is required to take an active role in promoting and enforcing the Compliance Program. It is the responsibility of management to assure that each employee attends all required compliance training and executes and returns to the Ethics and Compliance Department all training and compliance related certifications. Management is responsible for actions of employees and must maintain an atmosphere conducive to compliance and disclosure and vigilance with respect to violations of applicable laws and regulations, terms and conditions of Government Contracts, or the Compliance Program and Code. Promotion of and adherence to the CO-OP’s compliance initiatives shall be part of each member of management’s performance standards and evaluation.
In order to ensure that the requirements of the Compliance Program are fully12 Revised 09/10/13 communicated to employees and that an atmosphere of compliance is fostered, all CO- OP management shall set high ethical standards for themselves and demonstrate their commitment to the Compliance Program by exemplary behavior. They shall also make themselves available to discuss ethics concerns raised by employees or by third parties. Each member of management shall be required to provide the CO-OP annually with a completed certification attesting that he or she has: (i) discussed with each subordinate under his or her direct supervision the content and application of the Code and the Compliance Program; (ii) informed each such subordinate that strict compliance with the Code and the Compliance Program is a condition of employment; and (iii) informed each such subordinate that the CO-OP shall take disciplinary action, up to and including termination of employment, for violation of any applicable law or regulation, terms and conditions of Government Contracts, the Code or the Compliance Program. These certifications shall be retained in the employee human personnel file. F. Legal Counsel
The CO-OP shall make available to the Compliance Officer, the Board Audit and Compliance Committee, and the Corporate Compliance Committee such CO-OP legal counsel, assistance and representation (whether in-house or external counsel) as shall be necessary to ensure corporate compliance with applicable laws, regulations and contracts, and assisting the Compliance Officer and the CO-OP in interpreting applicable laws and regulations, determining whether proposed or existing conduct complies with law or regulations, government contracts, and addressing other legal issues arising in the course of the implementation, administration, operation or improvement of the Compliance Program.
The COO is responsible for the review and appropriate resolution of workforce relations related issues and for ensuring that discipline under the Compliance Program is applied on a basis that is appropriate, consistent and equitable.
The Compliance Officer shall direct the development of new employee and annual CO-OP-wide training and education programs on the Code, the Compliance Program, and applicable laws and regulations. The purpose of the program will be to ensure that all Directors and employees are familiar with the requirements of, the importance of compliance with, and their responsibilities pursuant to the Code, the13 Revised 09/10/13 Compliance Program, applicable laws and regulations, and terms and conditions of Government Contracts. The Compliance Officer shall ensure that mechanisms exist for testing the efficacy of the education program and for updating the training program to account for developments in laws and regulations and in the CO-OP’s business. The Corporate Compliance Committee shall ensure that the compliance communication and training program is implemented throughout the CO-OP. The Compliance Officer shall determine whether additional or specialized training may be required for those employees who perform services under the Government Contracts or in other particular areas and shall provide for any such additional or specialized training.
New Directors and employees initially will receive an orientation program and at least two hours of training on the Code, the Compliance Program, and applicable laws and regulations (HIPAA), including those dealing with any areas identified by the Compliance Officer as areas of heightened concern. All Directors and employees will receive at least one hour of additional training annually to refresh and update them on the requirements of, and the importance of complying with, the Code, the Compliance
Program and applicable laws and regulations, including those dealing with any areas identified by the Compliance Officer as areas of heightened concern. Training may be conducted using instructor-led, computer-based or other alternate means of delivery.
The Compliance Officer shall interact with management at all levels on a regular basis to explain the significance of the Code and to determine if additional training is needed. The Compliance Officer will encourage management to engage their employees in group or individual discussions regarding the Code to determine what additional training may be needed.
The Code (including updates and revisions thereafter whenever the Code is modified) will be made available to all Directors and employees upon election to the Board or upon employment as the case may be.
Through one or more certifications, all Directors and employees will certify that
he or she:
(i) has read or will read and will comply with the Code;14 Revised 09/10/13
(ii) is unaware of any undisclosed violations of the Code; and
(iii) has disclosed any violations of which he or she had knowledge.
The Compliance Officer may also utilize a certification or any other reasonable method for ascertaining information regarding Directors or employees that may be necessary to operate an effective compliance program, such as, whether they have been convicted of a crime regarding dishonesty or breach of trust, regarding conflict of interest and disclosure, etc. The completed certifications will be reviewed and retained according to the CO-OP’s policies on employee screening and record retention.
The Compliance Officer shall ensure that a CO-OP-wide system exists that allows and encourages employees to raise questions about the application or meaning of the Code and the Compliance Program and to report or disclose possible violations.
The Compliance Officer shall provide information about the resources available to assist employees in resolving any questions or concerns. Further, the Code shall contain a description of who employees may contact if they do not want to raise questions or disclose or report violations to their supervisory management. The Code shall explain the extent to which reports of wrongdoing will be kept confidential.
The CO-OP shall adopt policies and procedures to ensure that employees who raise these matters are treated with respect and are not subject to retaliation. A copy of the CO-OP’s Policy prohibiting retaliation is attached hereto as Appendix B.
A confidential, written record shall be maintained reflecting each communication concerning a possible violation of this Compliance Program. Whenever a possible material violation of the Code is disclosed, the Compliance Officer shall be notified. In each such instance, the Compliance Officer shall undertake or cause to be undertaken a prompt and thorough investigation appropriate to the circumstances. If the possible violation materially affects the CO-OP’s books and records, or if it may expose the CO- OP to criminal liability or substantial civil liability, the Compliance Officer shall consult with legal counsel with respect to the matter and shall notify the CEO and the Chair of the Board Audit & Compliance Committee.
When an investigation is initiated, steps shall be taken to ensure the retention of relevant documents. Routine document destruction procedures shall be suspended insofar as they may affect documents relevant to the potential violation and related investigation. Employees who may possess relevant documents shall be instructed to15 Revised 09/10/13 retain them or to turn them over to the investigative team. A record shall be maintained of all employees to whom such a request is made and of all documents retained for purposes of the investigation.
If the Compliance Officer has reasonable grounds to believe that any misconduct may constitute a material violation of criminal or civil law or in regards to the CO-OP’s performance under any Government Contract, the Compliance Officer shall initiate an internal investigation, promptly notify the CEO, the Board and Legal Counsel of such alleged misconduct, and shall timely report to the appropriate authorities. Other aspects of the Compliance Officer’s duties with respect to allegations of misconduct are set forth in Section II, above.
The Controller/CFO or internal auditor (collectively “IA”) shall provide the tools, skills and process design necessary to support line management implementation of controls into all the operational areas in the CO-OP. IA is an independent appraisal function within the CO-OP established to examine and evaluate CO-OP activities as a service to management. IA is authorized to access all records, personnel and physical properties relevant to the performance of audits. IA directly reports to the CEO.
IA audits, reviews, verifies, monitors, tests and validates financial and operational controls as required for efficient management of the CO-OP's system of internal controls and achievement of the organization’s strategic goals. In executing these functions, IA uses all necessary techniques, including sampling, to ensure that reasonable internal control policies, procedures and corporate standards exist, that line management properly monitors such controls, and that a CO-OP-wide network of internal controls properly operates to capture, monitor, summarize and report both internal control weaknesses and internal control strengths. IA reports all significant findings to the Board Audit & Compliance Committee. IA plans its functions based on an annual control risk assessment performed in conjunction with the Compliance Officer and Corporate Compliance Committee, recognizing independent auditors' concerns, legitimate compliance issues, findings from internal audits and reviews, control weaknesses identified by line management, changes in the regulatory, economic or market environment and any other sources IA, the Compliance Officer and the Corporate Compliance Committee deem reasonable. The audit plan and the compliance audit plan are developed based on the results of this risk assessment. IA meets with the Board16 Revised 09/10/13 Audit & Compliance Committee annually to review the audit plan and reports progress and results to the Committee throughout the year.
IA executes its functions within all areas of the CO-OP. The operational areas and other IA functions addressed in the audit plan include but are not limited to, the following:
All job applications shall contain a statement that prospective employees understand that they are required, in the event of their employment, to abide by all rules and regulations of the CO-OP including the Code. The commitment of each employee to abide by the Code and fulfill his or her responsibilities under the Compliance Program will be a condition of employment at the CO-OP. Each job applicant shall be screened to determine, to the extent practicable, whether he or she (i) has a history of criminal conduct and the nature of any such conduct, (ii) is charged with a criminal offense involving government business and the nature of any such offense, (iii) is listed by a federal agency as debarred, (iv) is proposed for debarment or suspension, (v) is otherwise excluded from federal program participation, or (vi) has been the subject of any disciplinary action related to any license required with respect to such applicant’s potential job duties or functions with the CO- OP. This inquiry shall include at least a review of the OIG’s List of Excluded Individuals and Entities and of the General Services Administration’s List of Parties Excluded from Federal Procurement Programs and may from time to time, as determined by the17 Revised 09/10/13 Compliance Officer, include screening for other criteria or of other lists. Any applicant who demonstrates such a history may not be hired.
The CO-OP shall not vest an employee with authority to act on behalf of the CO- OP when that employee has demonstrated an inability to act in an honest and ethical manner nor shall the CO-OP employ personnel in positions with substantial authority that the CO-OP knew or should have reasonably known has engaged in illegal activities or other conduct inconsistent with an effective compliance program.
Should an employee be convicted of any criminal offense, debarred or excluded from Federal health care program participation, or have been found to have engaged in illegal activities or other conduct inconsistent with an effective compliance program, the CO-OP shall, at its sole discretion, upon discovery and confirmation of that fact, terminate that person’s employment, subject to and consistent with the CO-OP’s employment policies and procedures.
It is the policy of the CO-OP to prohibit the hiring or continued employment of individuals who have been convicted of a government program criminal offense or who are listed as debarred or excluded, from federal health care program participators. In addition, pending the resolution of any criminal charges or proposed debarment or exclusion, such individual will be removed from direct responsibility for or involvement with any federal health care program or other Government Contract. With regard to a current employee, if resolution of the matter results in conviction, debarment or exclusion, the CO-OP shall, upon discovery and confirmation of that fact, terminate that person’s employment, subject to and consistent with the CO-OP’s employment policies and procedures.
The CO-OP will not knowingly form a contract with, purchase from, or enter into any substantial business relationship with, for the purpose of fulfilling its obligations under any contract, any individual or entity charged with a criminal offense, listed by a federal agency as debarred, proposed for debarment or suspended, otherwise excluded from federal program participation, or who have engaged in illegal activities or other conduct inconsistent with an effective compliance program unless, in the judgment of the Compliance Officer in consultation with the Corporate Compliance Committee, there is a compelling reason to do so.
The CO-OP will make reasonable inquiry into the status of any vendor, contractor, consultant, or other such third party. This inquiry will include at least a18 Revised 09/10/13 review of the OIG’s List of Excluded Individuals and Entities and the General Services Administration’s List of Parties Excluded from Federal Procurement Programs and may from time to time, as determined by the Compliance Officer, include screening for other criteria or of other lists.
Should any vendor, contractor, consultant or other third party be convicted of any offense, debarred or excluded from Federal health care program participation, or have been found to have engaged in illegal activities or other conduct inconsistent with an effective compliance program, the CO-OP shall, at its sole discretion, upon discovery and confirmation of that fact, terminate its relationship with such vendor, contractor, consultant or other third party. In addition, pending resolution of any criminal charges, proposed debarment, or exclusion, such vendor, contractor or other third party will be removed from direct responsibility from or involvement with any federal health care program or other Government Contract. If resolution of the matter results in conviction, debarment, or exclusion, the CO-OP shall, upon discovery and confirmation of that fact, cease to do business with that party unless the CO-OP has otherwise received a waiver or permission from the government to continue its business relationship with such vendor, contractor, or other third party.
Vendors will be required to agree to comply with the CO-OP’s Code of Business Ethics and Conduct as stated in each vendor’s contract.
Disciplinary action will be taken on a fair and equitable basis. Such sanctions will range from oral warnings to suspension, termination, or financial penalties. While some disciplinary action can be handled by department managers, others may have to be resolved by a senior manager. Disciplinary action may be appropriate where a responsible employee’s failure to detect a violation is attributable to his or her negligence, deliberate indifference, or reckless conduct.
It is a violation of the Code for any employee of the CO-OP to:
Any employee who violates the Code will be subject to appropriate disciplinary action, ranging from a warning to discharge and/or referral for criminal prosecution or civil action. MHC Compliance Program 1
Effective July 2013
I hereby acknowledge that I have received a copy of MHC’s Compliance Program, including the Code of Conduct, which provides guidelines on the organizations compliance program, associated policies and procedures, and programs ensuring organizational and individual compliance. I understand that the procedures, practices, policies, and benefits described there supersede all prior policies and procedures, and may be modified or discontinued from time to time and that MHC will try to inform me of any changes as they occur.
I understand that I should consult with my supervisor or the organizations Compliance Officer, Larry Turney, if I have any questions that are not answered in Compliance Program Document.
I accept responsibility for familiarizing myself with the information, seeking clarification of its terms or guidance, where necessary, and complying with the content.
EMPLOYEE NAME (PRINTED)
This form will be retained in the Employee’s Personnel File.1
Mountain Health Cooperative
Non-Retaliation Policy and Procedure
To protect employees and other workforce members who report or cooperate in investigations of actual or suspected violations of the law, of the CO-OP’s Code of Business Ethics and Conduct, and/or the CO-OP’s policies and procedures (“violation”) from retaliation or attempted retaliation by other employees or workforce members, CO-OP leadership, and/or CO-OP Directors.
The CO-OP prohibits any form of retaliation or attempted retaliation against an employee or other workforce member who in good faith reports or cooperates in an investigation of any violation.
This policy protects any employee who in good faith reports a violation regardless of whether the report is made to the CO-OP leadership or to a regulatory or law enforcement agency, and protects any employee who in good faith cooperates in any investigation of a violation regardless of whether the investigation is conducted by the CO-OP, a third party or by a regulatory or law enforcement agency. Retaliation or attempted retaliation by other employees or workforce members, CO-OP leadership, and/or CO-OP Directors against such employee or workforce member will subject the individual or individuals involved in the retaliation or attempted retaliation to discipline.
Any employee or workforce member who observes or experiences retaliation or attempted retaliation should promptly report his or her concerns to the Compliance Officer. If for any reason it is not practical to report concerns to the Compliance Officer, the employee or workforce member should report his or her concerns to his or her leadership or to another person in leadership at the CO-OP.
As appropriate to the situation, the Compliance Officer, or the Compliance Officer’s designee, will conduct a prompt, thorough and impartial investigation. The CO-OP will take prompt and appropriate disciplinary action if it is determined that retaliation or attempted retaliation occurred.
An employee or workforce member may file a complaint of retaliation or attempted retaliation with a government agency if the complaint implicates or concerns an unlawful or allegedly unlawful discriminatory practice under state or federal law within the jurisdiction of such state or federal agency.
The employee or workforce member may contact the Mountain Human Rights Commission or the federal Equal Employee Opportunity Commission to determine whether a state or federal agency has jurisdiction over a complaint and for the specific filing period and requirements applicable to the complaint.
As a Member-Owner of the Mountain Health CO-OP, you have a right to:
As a Member-Owner of the Montana Health CO-OP, you have a responsibility to:
Mountain Health CO-OP
1545 E. Iron Eagle Drive, Suite 103
Eagle, ID 83616