Corporate Compliance Program

The mission/purpose of Harris Health System's Corporate Compliance Program is to ensure Harris Health operates in accordance with in all applicable laws and regulations. Specifically, the Corporate Compliance Program is designed to:

• Prevent any accidental and intentional violations of law;
• Detect and report violations if they occur; and
• Correct activities that may lead to future non-compliance.

The program structure consists of the following four parts, each of which has certain responsibilities:

• The Board of Trustees Corporate Compliance Committee provides oversight of the Corporate Compliance Program;
• The Executive Corporate Compliance Committee advises and assists with the operation of the Corporate Compliance Program and supports the Corporate Compliance Officer;
• The Corporate Compliance Officer directs the daily operations of the program; and
• The Corporate Compliance Department staff carries out the plans, policies, and assignments that make the program effective in its compliance functions.

The Office of the Inspector General of the U.S. Department of Health and Human Services provides that there are seven (7) elements of an effective compliance program. The seven elements are:

1. Code of Conduct: Harris Health’s Code of Conduct serves as the foundation document for Harris Health’s Corporate Compliance Program. All workforce members, vendors, contractors, and other third parties who conduct business with Harris Health are subject to the Code of Conduct and must abide by it.
   
   
2. Corporate Compliance Officer: Harris Health’s Corporate Compliance Officer is Carolynn Jones. Ms. Jones can be reached at 346-426-0181 or by email at Carolynn.Jones@harrishealth.org.
    
3. Policies and Procedures: Harris Health has policies and procedures that describe how Harris Health’s Corporate Compliance Program operates as well as the compliance obligations of all Harris Health workforce members, vendors, contractors, and other third parties who conduct business with Harris Health.
   
   
4. Hotline and Communication: The Corporate Compliance Program has a hotline that provides a way for individuals to anonymously report suspected or known violations of any federal, state, or local law or regulation or any other compliance issues and concerns without fear of retaliation. The hotline telephone number is 844-565-0621. Individuals may also submit complaints on the Corporate Compliance Hotline website or in writing to the Corporate Compliance Program’s P.O. box at: P.O. Box 300033, Houston, Texas 77054.
   
   
5. Auditing and Monitoring: Auditing and monitoring involves an on-going review of the Corporate Compliance Program and other areas of risk to Harris Health. The Corporate Compliance Program has an Auditing and Monitoring policy that specifies how the Corporate Compliance Program will audit and monitor risk areas and respond to findings as a result of its auditing and monitoring activities.
   
   
6. Enforcement: Ensures that there are disciplinary standards imposed for non-compliance.
   
   
7. Education and Training: Ensures that all Harris Health workforce members can perform his or her job responsibilities and functions in compliance with applicable federal, state, and local laws and regulations. Further, all Harris Health workforce must members complete general compliance training upon being hired and must also complete annual compliance training as part of Harris Health’s mandatory annual education requirements.
   

In addition, below is a summary of important laws and regulations that are applicable to Harris Health’s Corporate Compliance Program.

1. Deficit Reduction Act of 2005
   Requires entities that receive or make annual payments of at least $5 million under a state Medicaid program to establish written policies for employees and contractors that provide detailed information about the Federal False Claims Act (FCA), administrative remedies, any state laws pertaining to civil or criminal penalties for false claims and statements, and whistleblower protections under such laws to prevent and detect fraud, waste and abuse in federal health care programs.
   
   
2. Federal and State False Claims Acts
   It is a violation of federal and Texas law to knowingly submit claims for payment with false and untrue information. Both the Federal False Claims Act and the Texas Medicaid Fraud Prevention Act contain Qui Tam provisions to protect whistleblowers.
   
   Any person who reports an allegedly false claim to the federal or state government or participates in their investigation is protected by these acts from retaliation for reporting false claims under these acts.
   
   
3. Fraud and Enforcement Recovery Act of 2009 (FERA)
   The Fraud and Enforcement Recovery Act of 2009 (FERA) expands exposure under the Federal False Claims Act by imposing liability for: (1) making statements to a private entity such as a subcontractor that results in payments of federal funds; or (2) retaining money owed to the government such as an obligation to refund overpayments. FERA also expands protection to whistleblowers, permits the sharing and use of information between the government, state and local law enforcement agencies, and whistleblowers, and expands the statute of limitations for actions brought under the Federal False Claims Act.
   
   
4. Anti-Kickback Statute
   It is a criminal offense to offer, pay, solicit, or receive any remuneration to induce or reward referrals of items or services reimbursable by a federal health care program.
   
   
5. Stark Law
   The Stark Law prohibits a physician (or an immediate family member of such physician) who has a financial relationship (including compensation and investment/ownership interests) with an entity from referring patients to the entity for certain health services covered by the Medicare program, unless an exception is available.
   
   
6. Health Insurance Portability and Accountability Act (HIPAA)
   The Health Insurance Portability and Accountability Act of 1996, also known as HIPAA, is a set of federal healthcare requirements that protect the privacy and security of patients’ protected health information by: (1) giving patients more control over their protected health information; (2) establishing limits on the use and disclosure of protected health information; (3) establishing safeguards that must be put in place to protect the privacy of patients’ protected health information; and (4) holding entities and the individuals who work for those entities accountable for violations. It also provided for the portability of health insurance.
   
   
7. American Recovery and Reinvestment Act of 2009 (ARRA) including the HITECH Act
   The American Recovery and Reinvestment Act of 2009 (ARRA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 make HIPAA's privacy and security standards more stringent and important for health care providers and their employees.
   

It is everyone's affirmative duty to report any violations of the law or Harris Health’s Code of Conduct. To report violations of laws, regulations or policies, use the following mechanisms:

Contact the Corporate Compliance Officer at 346-426-0181, the confidential Compliance Hotline at 844-565-0621 or visit the Corporate Compliance Hotline website.

It is the policy of Harris Health that no disciplinary action or retaliation will be taken against anyone for reporting, in good faith, a perceived compliance issue, problem, concern, or a suspected or known violation of a federal, state, or local law or regulation or a violation of a Harris Health policy.

For more information about the Harris Health’s Corporate Compliance Program, please refer to the following:

• Harris Health Code of Conduct
• Harris Health Policy and Procedure 3.31: Preventing and Reporting Fraud, Abuse, and Wrongdoing
• Harris Health Policy and Procedure 3.58: Non-Retaliation for Reporting Fraud, Abuse and Wrongdoing