Common use of Compliance Program and Anti-Fraud Initiatives Clause in Contracts

Compliance Program and Anti-Fraud Initiatives. Provider shall (and shall cause its Downstream Entities to) institute, operate, and maintain an effective compliance program to detect, correct and prevent the incidence of non- compliance with CMS requirements and the incidence of fraud, waste and abuse (FWA) relating to the operation of HCS’s Medicare Program. Such compliance program shall be appropriate to Provider's or Downstream Entity's organization and operations and shall include: 1. written compliance policies and standards of conduct that are comparable to HCS’s compliance policies / HCS Code of Conduct and articulate the entity's commitment to comply with federal and state laws, ethical behavior and compliance program operations. Provider will disseminate either HCS’s compliance policies/HCS Code of Conduct or comparable versions to Provider's employees, officers, and Downstream Entities within 90 days of hire/contracting, when updates are made, and annually thereafter; 2. reporting mechanisms communicated to Provider's employees and Downstream Entities for their use in adhering to the expectation that Provider, its employees and its Downstream Entities report potential non- compliance or FWA issues (internally and to HCS, as applicable) and understand their obligation to report. Provider must publicize the reporting methods to Provider employees and Downstream Entities along with a no-tolerance policy for retaliation or retribution for good faith reporting; 3. completion of CMS' Medicare Learning Network® "Medicare Parts C and D Fraud, Waste, and Abuse Training and Medicare Parts C and D General Compliance Training" by Provider employees, officers, and Downstream Entities initially within ninety (90) days of hire/contracting and at least annually thereafter, unless exempt from such training under relevant CMS regulations. Training may be completed in one of two ways: i. by completing the general compliance and FWA training modules located on the CMS Medicare Learning Network; ii. or by downloading, viewing or printing the content of the then current CMS standardized training modules from the HCS provider portal to incorporate into Provider's and/or Downstream Entity's organization's existing compliance training materials/systems. (The CMS training content may not be changed but Provider and/or its Downstream Entities may add to it to cover topics specific to its organization); 4. processes to oversee and ensure that Provider and Provider's Downstream Entities maintain compliance with processes to oversee and ensure that: i. HCS and Provider maintain compliance with CMS compliance program requirements, and ii. Provider's Downstream Entities perform Medicare Services consistent with this Agreement and the agreement between Provider and such Downstream Entities. Provider's oversight under this Agreement shall include: iii. imposition of disciplinary actions, as needed, to ensure employee compliance with CMS compliance program requirements, and iv. implementation of corrective actions (up to and including contract termination), as needed, with respect to its Downstream Entities to ensure Downstream Entity compliance with applicable CMS requirements, including the CMS compliance program requirements, this Agreement and Provider's contract with the Downstream Entity; and 5. retention of evidence showing that Provider and Provider's Downstream Entities complied with the requirements set forth in this Section. Such evidence must be maintained for at least the period of 10 years and shall be made available to HCS and CMS, upon request. Provider shall complete attestations in the form and manner requested by HCS to confirm its compliance with this section on an annual basis.

Compliance Program and Anti-Fraud Initiatives. Provider Upline shall (and shall cause its Downstream Entities to) institute, operate, and maintain an effective compliance program to detect, correct and prevent the incidence of non- non-compliance with CMS requirements and the incidence of fraud, waste and abuse (FWA) relating to the operation of HCSAetna’s Medicare Program. Such compliance program shall be appropriate to Provider's Upline’s or Downstream Entity's ’s organization and operations and shall include: 1. (a) written compliance policies and standards of conduct that are comparable to HCSAetna’s compliance policies / HCS policies/Aetna Code of Conduct and articulate the entity's ’s commitment to comply with federal and state laws, ethical behavior and compliance program operations. Provider Upline will disseminate either HCSAetna’s compliance policies/HCS Aetna Code of Conduct or comparable versions to Provider's Upline’s employees, officers, and Downstream Entities within 90 days of hire/contracting, when updates are made, and annually thereafter; 2. (b) reporting mechanisms communicated to Provider's Upline’s employees and Downstream Entities for their use in adhering to the expectation that ProviderUpline, its employees and its Downstream Entities report potential non- non-compliance or FWA issues (internally and to HCSAetna, as applicable) and understand their obligation to report. Provider Upline must publicize the reporting methods to Provider Upline’s employees and Downstream Entities along with a no-tolerance policy for retaliation or retribution for good faith reporting; 3. (c) completion of CMS' ’ Medicare Learning Network® "“Medicare Parts C and D Fraud, Waste, and Abuse Training and Medicare Parts C and D General Compliance Training" ” by Provider Upline’s employees, officers, and Downstream Entities initially within ninety (90) days of hire/contracting and at least annually thereafter, unless exempt from such Fraud, Waste, and Abuse training under relevant CMS regulations. Training may be completed in one of two ways: i. : (1) by completing the general compliance and FWA training modules located on the CMS Medicare Learning Network; ii. or (2) by downloading, viewing or printing the content of the then current CMS standardized training modules from the HCS provider portal CMS website to incorporate into Provider's Upline’s and/or Downstream Entity's ’s organization's ’s existing compliance training materials/systems. (The CMS training content may not be changed but Provider Upline and/or its Downstream Entities may add to it to cover topics specific to its organization); 4. (d) processes to oversee and ensure that Provider Upline and Provider's Upline’s Downstream Entities maintain compliance with processes to oversee and ensure that: i. HCS : (1) Upline and Provider Upline’s Downstream Entities maintain compliance with CMS compliance program requirements, and ii. Provider's and (2) Upline’s Downstream Entities perform Medicare Services the services to be provided under this Agreement consistent with this Agreement and the agreement between Provider Upline and such Downstream Entities. Provider's Upline’s oversight under this Agreement shall include: iii. : (1) imposition of disciplinary actions, as needed, to ensure employee compliance with CMS compliance program requirements, and iv. and (2) implementation of corrective actions (up to and including contract termination), as needed, with respect to its Downstream Entities to ensure Downstream Entity compliance with applicable CMS requirements, including the CMS compliance program requirements, this Agreement and Provider's Upline’s contract with the Downstream Entity; and 5. (e) retention of evidence showing that Provider Upline and Provider's Upline’s Downstream Entities complied with the requirements set forth in this SectionSection 8(e). Such evidence must be maintained for at least the period of 10 years time specified in Section A (3) of this Exhibit D and shall be made available to HCS Aetna and CMS, upon request. Provider Upline shall complete attestations in the form and manner requested by HCS Aetna to confirm its compliance with this section Section on an annual basis.

Compliance Program and Anti-Fraud Initiatives. Provider Producer shall (and shall cause its Downstream Entities to) institute, operate, and maintain an effective compliance program to detect, correct and prevent the incidence of non- compliance with CMS requirements and the incidence of fraud, waste and abuse (FWA) relating to the operation of HCSCompany’s Medicare Program. Such compliance program shall be appropriate to Provider's Producer or Downstream Entity's ’s organization and operations and shall include: 1. (a) written compliance policies and standards of conduct that are comparable to HCSCompany’s compliance policies / HCS policies/Company’s Code of Conduct and articulate the entity's ’s commitment to comply with federal and state laws, ethical behavior and compliance program operations. Provider Producer will disseminate either HCSCompany’s compliance policies/HCS Company’s Code of Conduct or comparable versions to Provider's Producer’s employees, officers, and Downstream Entities within 90 days of hire/contracting, when updates are made, and annually thereafter; 2. (b) reporting mechanisms communicated to Provider's Producer’s employees and Downstream Entities for their use in adhering to the expectation that ProviderProducer, its employees and its Downstream Entities report potential non- non-compliance or FWA issues (internally and to HCSCompany, as applicable) and understand their obligation to report. Provider Producer must publicize the reporting methods to Provider Producer’s employees and Downstream Entities along with a no-tolerance policy for retaliation or retribution for good faith reporting; 3. (c) completion of CMS' ’ Medicare Learning Network® "“Medicare Parts C and D Fraud, Waste, and Abuse Training and Medicare Parts C and D General Compliance Training" ” by Provider Producer’s employees, officers, and Downstream Entities initially within ninety (90) days of hire/contracting and at least annually thereafter, unless exempt from such Fraud, Waste, and Abuse training under relevant CMS regulations. Training may be completed in one of two ways: i. : (1) by completing the general compliance and FWA training modules located on the CMS Medicare Learning Network; ii. or (2) by downloading, viewing or printing the content of the then current CMS standardized training modules from the HCS provider portal CMS website to incorporate into Provider's Producer’s and/or Downstream Entity's ’s organization's ’s existing compliance training materials/systems. (The CMS training content may not be changed but Provider Producer and/or its Downstream Entities may add to it to cover topics specific to its organization; (09/19); 4. (d) processes to oversee and ensure that Provider Producer and Provider's Producer’s Downstream Entities maintain compliance with processes to oversee and ensure that: i. HCS : (1) Producer and Provider Producer’s Downstream Entities maintain compliance with CMS compliance program requirements, and ii. Provider's and (2) Producer’s Downstream Entities perform Medicare Services the services to be provided under this Agreement consistent with this Agreement and the agreement between Provider Producer and such Downstream Entities. Provider's Producer’s oversight under this Agreement shall include: iii. : (1) imposition of disciplinary actions, as needed, to ensure employee compliance with CMS compliance program requirements, and iv. and (2) implementation of corrective actions (up to and including contract termination), as needed, with respect to its Downstream Entities to ensure Downstream Entity compliance with applicable CMS requirements, including the CMS compliance program requirements, this Agreement and Provider's Producer’s contract with the Downstream Entity; and 5. (e) retention of evidence showing that Provider Producer and Provider's Producer’s Downstream Entities complied with the requirements set forth in this SectionSection 8(e). Such evidence must be maintained for at least the period of 10 years time specified in Section 2 of this Addendum B and shall be made available to HCS Company and CMS, upon request. Provider Producer shall complete attestations in the form and manner requested by HCS Company to confirm its compliance with this section Section on an annual basis.

Compliance Program and Anti-Fraud Initiatives. Provider Producer shall (and shall cause its Downstream Entities to) institute, operate, and maintain an effective compliance program to detect, correct and prevent the incidence of non- compliance with CMS requirements and the incidence of fraud, waste and abuse (FWA) relating to the operation of HCSCompany’s Medicare Program. Such compliance program shall be appropriate to Provider's Producer or Downstream Entity's ’s organization and operations and shall include: 1. (a) written compliance policies and standards of conduct that are comparable to HCSCompany’s compliance policies / HCS policies/Company’s Code of Conduct and articulate the entity's ’s commitment to comply with federal and state laws, ethical behavior and compliance program operations. Provider Producer will disseminate either HCSCompany’s compliance policies/HCS Company’s Code of Conduct or comparable versions to Provider's Producer’s employees, officers, and Downstream Entities within 90 days of hire/contracting, when updates are made, and annually thereafter; 2. (b) reporting mechanisms communicated to Provider's Producer’s employees and Downstream Entities for their use in adhering to the expectation that ProviderProducer, its employees and its Downstream Entities report potential non- non-compliance or FWA issues (internally and to HCSCompany, as applicable) and understand their obligation to report. Provider Producer must publicize the reporting methods to Provider Producer’s employees and Downstream Entities along with a no-tolerance policy for retaliation or retribution for good faith reporting; 3. (c) completion of CMS' ’ Medicare Learning Network® "“Medicare Parts C and D Fraud, Waste, and Abuse Training and Medicare Parts C and D General Compliance Training" ” by Provider Producer’s employees, officers, and Downstream Entities initially within ninety (90) days of hire/contracting and at least annually thereafter, unless exempt from such Fraud, Waste, and Abuse training under relevant CMS regulations. Training may be completed in one of two ways: i. : (1) by completing the general compliance and FWA training modules located on the CMS Medicare Learning Network; ii. or (2) by downloading, viewing or printing the content of the then current CMS standardized training modules from the HCS provider portal CMS website to incorporate into Provider's Producer’s and/or Downstream Entity's ’s organization's ’s existing compliance training materials/systems. (The CMS training content may not be changed but Provider Producer and/or its Downstream Entities may add to it to cover topics specific to its organization); 4. (d) processes to oversee and ensure that Provider Producer and Provider's Producer’s Downstream Entities maintain compliance with processes to oversee and ensure that: i. HCS : (1) Producer and Provider Producer’s Downstream Entities maintain compliance with CMS compliance program requirements, and ii. Provider's and (2) Producer’s Downstream Entities perform Medicare Services the services to be provided under this Agreement consistent with this Agreement and the agreement between Provider Producer and such Downstream Entities. Provider's Producer’s oversight under this Agreement shall include: iii. : (1) imposition of disciplinary actions, as needed, to ensure employee compliance with CMS compliance program requirements, and iv. and (2) implementation of corrective actions (up to and including contract termination), as needed, with respect to its Downstream Entities to ensure Downstream Entity compliance with applicable CMS requirements, including the CMS compliance program requirements, this Agreement and Provider's Producer’s contract with the Downstream Entity; and 5. (e) retention of evidence showing that Provider Producer and Provider's Producer’s Downstream Entities complied with the requirements set forth in this SectionSection 8(e). Such evidence must be maintained for at least the period of 10 years time specified in Section 2 of this Addendum B and shall be made available to HCS Company and CMS, upon request. Provider Producer shall complete attestations in the form and manner requested by HCS Company to confirm its compliance with this section Section on an annual basis.

Compliance Program and Anti-Fraud Initiatives. Provider shall (and shall cause its Downstream Entities to) institute, operate, and maintain an effective compliance program to detect, correct and prevent the incidence of non- non-compliance with CMS requirements and the incidence of fraud, waste and abuse (FWA) relating to the operation of HCSCompany’s Medicare Program. Such compliance program shall be appropriate to Provider's ’s or Downstream Entity's ’s organization and operations and shall include: (1. ) written compliance policies and standards of conduct that are comparable to HCSAetna’s compliance policies / HCS policies/Aetna Code of Conduct and articulate the entity's ’s commitment to comply with federal and state laws, ethical behavior and compliance program operations. Provider will disseminate either HCSAetna’s compliance policies/HCS Aetna Code of Conduct or comparable versions to Provider's ’s employees, officers, and Downstream Entities within 90 ninety (90) days of hire/contracting, when updates are made, and annually thereafter; (2. ) reporting mechanisms communicated to Provider's ’s employees and Downstream Entities for their use in adhering to the expectation that Provider, its employees and its Downstream Entities report potential non- non-compliance or FWA issues (internally and to HCSCompany, as applicable) and understand their obligation to report. Provider must publicize the reporting methods to Provider employees and Downstream Entities along with a no-tolerance policy for retaliation or retribution for good faith reporting; (3. ) completion of CMS' ’ Medicare Learning Network® "“Medicare Parts C and D Fraud, Waste, and Abuse Training and Medicare Parts C and D General Compliance Training" ” by Provider employees, officers, and Downstream Entities initially within ninety (90) days of hire/contracting and at least annually thereafter, unless exempt from such training under relevant CMS regulations. Training may be completed in one of two ways: i. : (1) by completing the general compliance and FWA training modules located on the CMS Medicare Learning Network; ii. or (2) by downloading, viewing or printing the content of the then current CMS standardized training modules from the HCS provider portal CMS website to incorporate into Provider's ’s and/or Downstream Entity's ’s organization's ’s existing compliance training materials/systems. (The CMS training content may not be changed but Provider and/or its Downstream Entities may add to it to cover topics specific to its organization); (4. ) processes to oversee and ensure that Provider and Provider's ’s Downstream Entities maintain compliance with processes to oversee and ensure that: i. HCS : (1) Provider and Provider Provider’s Downstream Entities maintain compliance with CMS compliance program requirements, and ii. and (2) Provider's ’s Downstream Entities perform Medicare Services consistent with this Agreement and the agreement between Provider and such Downstream Entities. Provider's ’s oversight under this Agreement shall include: iii. : (1) imposition of disciplinary actions, as needed, to ensure employee compliance with CMS compliance program requirements, and iv. and (2) implementation of corrective actions (up to and including contract termination), as needed, with respect to its Downstream Entities to ensure Downstream Entity compliance with applicable CMS requirements, including the CMS compliance program requirements, this Agreement and Provider's ’s contract with the Downstream Entity; and (5. ) retention of evidence showing that Provider and Provider's ’s Downstream Entities complied with the requirements set forth in this SectionSection 5(E) of this Addendum. Such evidence must be maintained for at least the period of 10 years time specified in Section 5(I) of this Addendum and shall be made available to HCS Company and CMS, upon request. Provider shall complete attestations in the form and manner requested by HCS Company to confirm its compliance with this section on an annual basis.