Applicable Laws

 

False Claims Act

The Federal False Claims Act (FCA) forbids knowingly and willfully making false statements or representations in connection with a claim submitted for reimbursement to a federal healthcare program. The FCA allows the federal government to recover money stolen through fraud or otherwise inappropriately claimed by government contractors. CareFirst is a government contractor because it participates in federal and state health insurance exchanges and the Federal Employee Health Benefits Program.

To ensure compliance with the FCA:

  • All government contracts/grant claims must be charged to the correct accounts
  • Unallowable costs may not be included in claims presented to the government
  • Overpayments from the government must be properly reported and timely returned

The FCA prohibits employers from retaliating against their employees who report fraud, waste and abuse to the government, or who file a lawsuit on behalf of the government.

CareFirst’s non-retaliation policy protects CareFirst associates and Third Parties from retaliation for making or supporting a charge of wrongdoing or misconduct in the workplace. Third Parties also must protect their employees and subcontractors from any retaliation.

Federal and State Anti-Kickback Statutes

Federal and state anti-kickback statutes impose severe criminal, civil and monetary penalties on individuals who offer or accept a kickback and on any company that solicits or accepts a kickback.

A “kickback” is giving or offering anything of value to any government contractor or subcontractor or their employees to improperly obtain or reward favorable treatment in connection with a government contract or subcontract.

To avoid potential violations of federal or state anti-kickback statutes, employees of Third Parties must never offer, request or receive anything of value from anyone in return for payment under a government program or preferred treatment by the government.

Foreign Corrupt Practices Act

Bribes of all forms are prohibited. The Foreign Corrupt Practices Act makes it illegal for companies doing business outside the United States to influence a foreign government official with any personal payments or rewards.

Employees of Third Parties must not, directly or indirectly, offer, pay, promise or authorize bribes, kickbacks or other payments of money or anything of value to any government official, including any employee or agent of a government-owned or government-controlled business or any Third Party, for the purpose of:

  • Influencing any act or decision of such government official, in his official capacity
  • Inducing such government official to perform or omit any act in violation of the lawful duty of such official
  • Inducing such government official to use his influence in order to assist in obtaining, retaining or directing CareFirst business

This includes giving money or anything of value to any Third Party where there is reason to believe it will be passed on to anyone involved in the business decision process for the purpose of influencing the decision.

All expenses that you incur in connection with doing business with CareFirst must be recorded fully and accurately in the organization’s books and records, and shall be made available, upon request, to CareFirst, or any accounting firm we may designate, in order that CareFirst may verify compliance with this policy.

HIPAA and HITECH

CareFirst has a responsibility to protect the confidentiality of the Protected Health Information (PHI) it collects, uses and discloses about its members, applicants or others as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This law requires any PHI to be collected and used only as permitted under HIPAA, and maintained, stored and processed in a secure and appropriate manner.

You must maintain the confidentiality, integrity and security of the PHI you access, use, maintain, store, process or disclose when providing services to or on behalf of CareFirst.

The Health Information Technology Economic and Clinical Act (HITECH Act) requires CareFirst to notify an individual whose PHI was compromised through an unpermitted acquisition, access, use or disclosure. If you become aware of any unauthorized acquisition, access, use or disclosure of PHI that CareFirst collects, uses, discloses or otherwise provides, you must notify the CareFirst Privacy Office without delay, but in no event any later than ten (10) days following discovery. Notify the Privacy Office in writing at privacy.office@carefirst.com or by phone at 800-853-9236.

Third Parties that provide a service to or on behalf of CareFirst which requires the use or disclosure of PHI are considered Business Associates and must enter into a Business Associate Agreement with CareFirst in accordance with HIPAA.

Consult with the CareFirst Chief Compliance, Ethics & Privacy Officer or Medicare Compliance Officer if you have a question about these standards.