COMPLIANCE

The following are member rights in accordance with 42 CFR Section 438.100:

Be treated with respect and with recognition of the member’s dignity and need for privacy. (42 CFR 438.100.(b)(2)(ii));
The right to privacy includes protection of any information that identifies a particular member except when otherwise required or permitted by law.
The Health Plan and its providers must ensure the confidentiality of health, service, and medical records and of other member information and maintained in a secure manner. (Refer to the Medical Records Requirements included in AHCCCS AMPM Policy 940 (940.B.3.c) of the AHCCCS AMPM Chapter 900).
Receive required information in a manner and format that may be easily understood and is readily accessible. (42 CFR 438.10.c.1);
Notified that oral interpretation is available for any language and written information is available in prevalent languages, that auxiliary aids and services are available upon request at no cost to the member and how to access those services. (42 CFR 438.10.c.4);
Receive information on available treatment options and alternatives, presented in a manner appropriate to the member’s condition and ability to understand (42 CFR 438.100(b)(2)(iii));
Participate in decisions regarding their health care, including the right to refuse treatment (42 CFR 438.100(b)(2)(iv));
Be free from any form of restraint or seclusion used as a means of coercion, discipline, convenience, or retaliation (42 CFR .438100(b)(2)(v));
Request and receive a copy of their medical records, and to request that the record be amended or corrected, as specified in 45 CFR part 164.524 and 164.526 and applicable state law (42 CFR 438.100(b)(2)(vi)); and
Free to exercise their rights and that the exercise of those rights shall not adversely affect service delivery to the member (42 CFR 438.100(c)).

The Health Plan recognizes member rights and responsibilities as set forth in 42 CFR 438.100 and AMPM 940. The expectation is that all providers are informed and have implemented processes to ensure that all elements described in 42 CFR 438.100 and AMPM 940 are an integral part of their operation.

The Health Plan and its providers must respond to the diverse cultural, ethnic, and linguistic characteristics (dimensions of diversity) of the population they serve to ensure that services are culturally responsive, relevant, and sensitive for all members and families.

The Health Plan has adopted the Culturally and Linguistically Appropriate Services in Health Care (National CLAS Standards; 45 CFR § 92.201, 42 CFR 438.10; Affordable Care Act Section 1557) as its cultural responsiveness framework to support a more consistent, empathic, sensitive, and comprehensive approach to cultural and linguistic responsiveness in health care. By tailoring services to an individual's and family's culture, dimensions of diversity, health literacy, and language preference, health professionals can help bring about positive and effective health outcomes for diverse populations. Providers are required to adhere to and implement the CLAS standards to comply with Cultural Responsiveness Health Care Requirements. The National CLAS Standards can be obtained and reviewed at HHS.gov.

The Health Plan makes available tools for individual and organizational self-assessments related to cultural and linguistic responsiveness. Providers who are interested in assessing their organization may email azchculturalaffairs@azcompletehealth.com for more information.

What is Culture?

Culture refers to integrated patterns of human behavior that include the language, thoughts, communications, actions, customs, beliefs, values, and institutions of racial, ethnic, religious, or social groups. Culture defines the preferred ways for meeting needs and may be influenced by factors such as geographic location, lifestyle, and age. Culture is dynamic, and individuals may identify with multiple cultures over their lifetimes.

AHCCCS defines Cultural Competency as “A set of congruent behaviors, attitudes and policies that come together in a system, agency, or among professionals, which enables that system, agency, or those professionals to work effectively in cross-cultural situations. Culture refers to integrated patterns of human behavior that include the language, thoughts, communications, actions, customs, beliefs, values, and institutions of racial, ethnic, religious, or social groups. Competence implies having the capacity to function effectively as an individual and an organization with the context of the cultural beliefs, behaviors and needs presented by consumers and their communities.” Additionally, this includes health status, national origin, sex, gender, gender diversity, sexual orientation, and age.

Culturally Responsive Care

The Health Plan and its providers must ensure that cultural considerations are being integrated in approaches-services-interventions to member and family care. Culturally responsive health care incorporates cultural considerations and dimensions of diversity that include, but are not limited to the following: ethnicity, race, age, gender diversity, sexual orientation, geographical location, economic status, military experience, physical/emotional/mental abilities, literacy, primary/preferred languages, spiritual-religious beliefs and practices, communities, family roles, and English proficiency, and health-related social needs/desires. To comply with the Culturally Responsive Care requirements, the Health Plan and its providers must provide culturally relevant, responsive, sensitive, and appropriate services for all members and families. They must be treated fairly without regard to age, ethnicity, race, sex, spirit-religion, national origin, creed, tribal affiliation, ancestry, gender diversity, sexual orientation, marital status, genetic information, socio-economic status, physical or intellectual disability, ability to pay, mental illness, and/or cultural and linguistic need. Culturally responsive health care enables individuals and organizations to respond respectfully and effectively in a manner that recognizes, affirms, and values their worth, and is person-family-centered. Being culturally responsive requires having the ability to understand recognize cultural differences, recognize potential biases, and look beyond differences to work productively with children, adults, families, and communities whose cultural contexts are different from one’s own. Cultural Competency Program representatives develop, establish, and monitor programs for members that meet the cultural contractual requirements established by the Arizona Health Care Cost Containment System (AHCCCS). For more information on cultural and linguistic services provided by the Health Plan or cultural community resources, contact the Health Plan Cultural Competency Program at azchculturalaffairs@azcompletehealth.com.

Organizational Supports for Cultural and Linguistic Need

Under State guidance, and to comply with the Organizational Supports for Cultural Competence, the Health Plan and providers must:

Conduct ongoing assessments of the organization’s CLAS-related activities and integrate CLAS-related goals/objectives into measurement and continuous quality improvement activities.
Create conflict and grievance resolution processes that are culturally and linguistically appropriate to identify, prevent, and resolve conflicts or complaints.
Consult with diverse groups to develop relevant communications, outreach and marketing strategies that review, evaluate, and improve service delivery to diverse individuals, families, and communities, and address disparities in access and utilization of services.

Workforce Development and Training

Providers are required to:

Recruit, retain, promote, and support culturally and linguistically diverse representation within all levels of the organization that is responsive to the population in the service area(s) and reflects the cultural background of members served.
Provide new hire, ongoing, and annual cultural competency training to the workforce. This includes addressing the requirements in the Cultural Competency section of the Provider Manual, the CLAS Standards, and the NCQA Standards, which include but are not limited to the use of language assistance and alternative formats for members with Limited English Proficiency (LEP), diversity awareness, health equity, health literacy, equity, bias diversity, inclusion, cultural humility, and culturally relevant topics customized to meet the needs of their service area(s). Providers must maintain full compliance with all mandatory Cultural Competency trainings (see Section 16 Training and Workforce Development) and verify that staff at all levels and across all disciplines receive the ongoing education and training in culturally and linguistically appropriate service delivery.
Ensure all staff have access to resources for members with diverse cultural needs.

Documenting Clinical Cultural and Linguistic Need

To advance health literacy, reduce health disparities, and identify the individual’s- familiy's unique needs, providers are required to do the following:

Providers must document in a member’s medical record if the person has a preferred language other than English.
- Providers must document the language not only of the member but also of the guardian, health care decision maker or legal appointed representative if the member care requires the presence of a legal parent, decision maker, or guardian who does not speak English (e.g., when the patient/member is a minor or severely disabled).
Maintain documentation within the medical record of American Sign Language (ASL) interpretation and oral interpretation provided in a language other than English- by certified bilingual staff or an interpretation vendor. Documentation must include the date of service, interpreter name, type of language provided, interpretation duration, and type of interpretation assistance provided.
Collect and maintain accurate and reliable cultural (for example: age, ethnicity, race, national origin, sex, gender diversity, sexual orientation, tribal affiliation, refugee status, veteran-military status, disability) and linguistic (for example, primary language, preferred language, language spoken at home,) needs within the medical records to inform service delivery.

Communication and Language Assistance

In accordance with Title VI of the Civil Rights Act, Prohibition against National Origin Discriminations, the President’s Executive Order 131166, section 1557 of the Patient Protection and Affordable care Act, the Health Plan and its providers must make language assistance available to persons with Limited English Proficiency (LEP) at all points of contact during all hours of operation. Oral interpretation, American Sign Language, alternative formatting, augmentative-alternative communication device, and written translation are provided at no charge to AHCCCS eligible persons.

Members must be provided with information instructing them how to access language assistance. Per federal laws, providers must post nondiscrimination notices and language assistance taglines in lobbies and on websites. Language assistance taglines notify individuals of the availability of language assistance in at least the top 15 languages utilized in Arizona as identified by the ACA 1557 and include at least one tagline in conspicuously visible font. Nondiscrimination notices and taglines must also be included in correspondence sent to the member. For more information on what specific information needs to be included in the nondiscrimination notice and taglines, reference CMS and the Code of Federal Regulations.

In order to ensure competence and proficiency of those providing language assistance, the Health Plan requires that persons who provide oral interpretation and written translation are certified through language testing by ALTA Services or another approved language testing vendor with a score of eight (8) or higher (if using a different vendor, a comparable score is required) to be considered qualified, with a higher level of proficiency needed for the provision of more complex communication, such as psychiatric services and psychological testing, and medical care. If using ALTA Services for testing, providers can register for testing at http://www.altalang.com. The charge for the testing is the provider agency’s responsibility. Certificates of proficiency indicating level/testing scores shall be maintained in personnel records and/or subcontractor’s files and made available to the Health Plan. The Health Plan will audit providers to verify they are using certified bilingual staff at the appropriate level of proficiency to provide language assistance or that they are using a language vendor.

The providers are responsible for ensuring interpretation is arranged for each applicable appointment.

The best practice for providing language assistance is to have certified bilingual staff available to meet the language assistance needs.
For oral interpretation and American Sign Language, if a provider does not have certified bilingual staff or licensed American Sign Language interpreters available, the provider may utilize the interpreters that are provided by Health Plan language vendors at no cost to providers or members. However, providers are required to contract with language vendors to meet these needs when Health Plan vendors or staff are not able to secure interpretation for any reason. [Please note for after business hours access to telephone interpretation, providers will need to use their own contracts as Health Plan staff will not be available to connect the calls.]
Health Plan offers telephone, face to face, and video face-to-face interpretation options. Information regarding interpreter assistance is available by contacting the Health Plan Provider Services Call Center number at 866-796-0542 (TTY/TDD: 711). For face-to-face requests, please make the request before the appointment with as much notice as possible. At a minimum, the request should be seven (7-10) days out from the appointment to allow time for the vendors to meet the need. When calling, the following information is required:
- Member name.
- Member ID number.
- Appointment date and time (advance note preferred, if possible).
- Type of interpretation needed.
- Language requested.
If a provider receives notice from the language vendor that an interpreter cannot be secured for an appointment, please call Customer Service to let them know, and to request they utilize a different vendor for the request. An interpreter will not be secured unless you make the request.
Providers may receive an email or call from language vendor to confirm details such as which health plan the member belongs to. Please respond to the vendor so they can finalize the interpretation, or they will not complete the request.
If there is still no interpreter secured due to a lack of interpreter availability, a telephone interpreter may meet the need. In addition, providers can and should utilize other resources to ensure interpretation occurs as needed and without interruption of services to a member. Providers should not continually reschedule a member with interpreter needs because it does not foster effective communication and equitable access to care and may be considered discrimination. Health Plan language resources are an additional option. They are being provided as a courtesy to ease some of the burden if providers do not have their own resources. It is not required to use Health Plan resources. If providers would like to use other vendors to meet their needs, they are able to and should, to ensure member needs are met. However, Health Plan will not reimburse any provider for expenses related to the use of their own interpreter resources since interpretation is included in administrative funding. Language assistance is a federal requirement, and providers should do whatever is needed to ensure interpreters are available.)

We have customer service representatives who can speak to members/family members in their preferred language or will conference in an interpreter. Customer Service at 866-796-0542 can also conference in an interpreter, as needed.

Augmentative and Alternative Communication (AAC) evaluations and devices are covered services for all integrated AHCCCS population. Reference this information when reviewing benefits and eligibility, referrals, and prior authorization requirements.

Steps

Member’s physician writes a referral/prescription for an AAC assessment from a speech language pathologist (SLP).
Health plan works with member/provider to identify providers in the state who conduct AAC evaluations.
SLP does assessment for an ACC Device.
SLP submits PA for appropriate AAC Device.
If approved SLP will request DME provider to send ACC.
SLP will contact member/family to schedule training.

Providers must ensure any document requiring the member's signature and that contains vital information such as the treatment, medications or notices, or service plans, is translated into their preferred/primary language upon request.

Providers must ensure their websites meet compliance with Section 508 Accessibility Standards. Section 508 is a federal law that requires agencies to provide people with disabilities with equal access to electronic information and data comparable to those who do not have disabilities.

Restrictions Related to Interpretation or Facilitation of Communication

A Provider shall NOT require an individual with limited English proficiency to provide their own interpreter or rely on an adult or child accompanying an individual with limited English proficiency to interpret or facilitate communication. In addition, a Provider shall NOT rely on staff other than qualified bilingual/multilingual staff to communicate directly with individuals with limited English proficiency. Exceptions to these expectations include:

In an emergency involving an imminent threat to the safety or welfare of an individual or the public where there is no qualified interpreter for the individual with limited English proficiency immediately available.
Where the individual with limited English proficiency specifically requests that the accompanying adult interpret or facilitate communication, the accompanying adult agrees to provide such assistance, and reliance on that adult for such assistance is appropriate under the circumstances for minimal needs.

Welcoming Environments

Creating culturally welcoming and responsive environments is essential to member-family engagement. Using person first, inclusive, responsive, sensitive and plain language in all materials and conversations is paramount to fostering an environment where a member feels safe, visible, respected, valued, accepted, and included in care.

Some examples of person first language:

Instead of saying the person is bi-polar. Instead say this person has bi-polar disorder.
Instead of saying the person is schizophrenic. Instead say this person has schizophrenia disorder.
Instead of saying the disabled person, the disabled, the handicapped. Instead say person with disability.
Instead of saying the blind. Instead say person who is blind or person who has low vision.
Best practice: ask the person their preference on how they would like to be referenced and-or how they would like to be described.

Some examples of inclusive language:

Instead of using his/her, use their; instead of using he/she, use they; instead of using him/her, use them.
Instead of saying hearing impaired, say deaf or hard of hearing.
Instead of saying visually impaired, say blind or low vision.
Instead of saying pregnant women, say pregnant invididual(s), pregnant person(s) or pregnant women and other pregnant indivduals/persons.
Best practice: ask the person about their preferred pronouns.

The Health Plan makes available tools for individual and organizational self-assessments related to cultural and linguistic competence. Providers who are interested in assessing their organization may email azculturalaffairs@azcompletehealth.com for more information.

Health Plan Nondiscrimination Notice:

Health Plan complies with applicable Federal civil rights laws and does not discriminate based on race, color, national origin, age, disability, gender identity, or sex. Health Plan does not exclude people or treat them differently because of race, color, national origin, age, disability, gender diversity or sex. Health Plan:

Provides aids and services at no cost to people with disabilities to communicate effectively with us, such as: qualified-certified sign language interpreters.
Provides written information in other formats (conspicuously large print, audio, accessible electronic formats, other formats).
Provides language services at no cost to people whose primary language is not English, such as: qualified interpreters and information written in other languages.

If you need these services, contact Member Services at 1-888-788-4408 (TTY: 711).

If you believe that the Health Plan did not provide these services or discriminated in another way based on race, color, national origin, age, disability, gender identity, or sex, you can file a grievance with the Chief Compliance Officer. You can file a grievance in person, by mail, fax, or email. Your grievance must be in writing and must be submitted within 180 days (about 6 months) of the date that the person filing the grievance becomes aware of what is believed to be discrimination.

Submit your grievance to:

Arizona Complete Health-Complete Care Plan
Attention: Grievance and Appeals
1850 W. Rio Salado Parkway Suite 211
Tempe, AZ 85281

You can also file a civil rights complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, electronically through the Office for Civil Rights Complaint Portal, available at , or by mail at U.S. Department of Health and Human Services; 200 Independence Avenue, SW; Room 509F, HHH Building; Washington, D.C. 20201; or by phone: 1-800-368-1019, 1-800-537-7697 (TTY: 711). Complaint forms are available on the website.

Laws and Policies Addressing Discrimination and Diversity

Provider agencies must abide by the following referenced federal and state applicable rules, regulations, and guidance documents:

AHCCCS Contractor Operations Manual, Cultural Competency and Language Access Plan, and Family/Member Centered Care: https://www.azahcccs.gov/shared/ACOM/. This Policy applies to Acute Care, ALTCS/EPD, CRS, DCS/CHP, DES/DDD, and ACC-RBHA Contractors. Title VI of the Civil Rights Act prohibits discrimination based on race, color, and national origin in programs and activities receiving federal financial assistance.
Section 1557 of the Patient Protection and Affordable Care Act is the nondiscrimination provision of the Affordable Care Act (ACA). The law prohibits discrimination based on race, color, national origin, sex (including gender identity and sexual stereotypes), age, or disability in certain health programs or activities Section 1557 builds on long-standing and familiar Federal civil rights laws: Title VI of the Civil Rights Act of 1964, Title IX of the Education Amendments of 1972, Section 504 of the Rehabilitation Act of 1973, and the Age Discrimination Act of 1975. Section 1557 extends nondiscrimination protections to individuals participating in any health program or activity any part of which receive federal funding.
National Standards for Culturally and Linguistically Appropriate Services (CLAS) in Health and Health Care focused on health equity.
Title VI of the Civil Rights Act 1964 prohibits discrimination based on race, color, and national origin in programs and activities receiving federal financial assistance. Refer to: Department of Health and Human Services - Guidance to Federal Financial Assistance Members Regarding Title VI Prohibition Against National Origin Discrimination affecting Limited English Proficient Persons.
Executive Order 13166 - An Executive Order is an order given by the President to federal agencies. The LEP Executive Order (Executive Order 13166) says that people who have Limited English Proficiency should have meaningful access to federally conducted and federally funded programs and activities.
Section 504 of the Rehabilitation Act prohibits discrimination based on disability in delivering contract services.
Section 508 of the Rehabilitation Act requires that institutions receiving federal funds solicit, procure, maintain, and use all Information and Communication Technology (ICT) so that equal or alternate/comparable access is given to federal employees and members of the public with and without disabilities. It is a federal law that requires agencies to provide people with disabilities equal access to electronic information and data comparable to those who do not have disabilities; and,
The Americans with Disabilities Act prohibits discrimination against persons who have a disability. Providers must deliver services so that they are readily accessible to persons with a disability.
45 CFR § 92.201 - Meaningful access for individuals with limited English proficiency
42 CFR § 438.10 - Information requirements

In the State of Arizona, and to the extent permitted by federal law, verification of United States (U.S.) Citizenship or Lawful Presence of non-citizens is mandatory prior to a person being able to receive public health benefits (A.R.S. § 1-502) (PDF) https://www.azleg.gov/ars/1/00502.htm). In addition to citizenship/lawful presence, the Arizona Health Care Cost Containment System, (AHCCCS) requires verification of a person’s identification in order to determine eligibility.

A person who has verified both citizenship/lawful presence and identification and has been found eligible for AHCCCS may:

Be eligible for Title XIX/XXI (Medicaid) or Title XXI (KidsCare) covered services; or
Not qualify for Title XIX/XXI entitlements, but be eligible for services.

The Health Plan and its providers must verify U.S. citizenship or lawful presence in the U.S. of all persons applying for publicly funded services.

Refer to Section 13.1 Eligibility Screening for AHCCCS Health Insurance, Medicare Part D Prescription Drug Coverage and the Limited Income Subsidy Program for further information regarding:

Eligibility to Receive Public Services with Verification of U.S. Citizenship/Lawful Presence
Eligibility to Receive Public Services Without Verification
Completing an AHCCCS Eligibility Determination Screening as Part of the Verification Process
What Is the Process for Completing the Eligibility Screening Using Health-E-Arizona PLUS
Inability to Provide the Required Identification or Citizenship/Lawful Presence Documents at the Time of Application
Documentation Requirements

Employees of the Health Plan and its providers are considered agents of the State, and therefore, must report discovered violations of immigration status to AHCCCS, which is responsible for submitting the reports to the U.S. Immigration and Customs Enforcement (ICE) agency. Failure to report a discovered violation is a Class 2 Misdemeanor.

10.4.1 Identification of Violations

The Health Plan and its providers must refrain from conduct or actions that could be considered discriminatory behavior. It is unlawful and discriminatory to deny persons services, exclude persons from participation in those services, or otherwise discriminate against any person based on grounds of race, color, or national origin.

The Health Plan and its providers must not use any information obtained about a person’s citizenship or lawful presence for any purpose other than to provide a person with services. Factors that must NOT be considered when identifying a potential violation:

The person’s primary language is a language other than English;
The person was not born in the United States;
The person does not have a Social Security number;
The person has a “foreign sounding” name;
The person cannot provide documentation of citizenship or lawful presence;
The person is identified by others as a non-citizen; and
The person has been denied AHCCCS eligibility for lack of proof of citizenship or lawful presence.

If a person applying for services, in the course of completing the application process or while conducting business with the Health Plan or the Health Plan provider, voluntarily reveals that they are not lawfully present in the United States then and only then may the Health Plan or its providers consider it to be a reportable violation.

The Health Plan and its providers must not require documentation of citizenship or lawful presence from persons who are not personally applying for services, but who are acting on behalf of or assisting the applicant (for example, a parent applying on behalf of a child).

It is not the responsibility of the Health Plan or its providers to ensure the validity of the submitted documents. Documents must be copied for files and submitted, as requested, to the appropriate agency, as instructed through Health-e-Arizona PLUS.

The criteria for screening and applying for AHCCCS eligibility are not changed by these reporting requirements. Further, the documentation requirements for verifying or establishing citizenship or lawful presence are not changed by this process.

The Health Plan and its providers must follow the expectations outlined when identifying and reporting violations. Questions regarding reporting requirements may be submitted via email to the AHCCCS Office of Inspector General at AHCCCSFraud@azahcccs.gov. Additionally, the link “How to Report Fraud, Waste or Abuse of the Program.

10.4.2 Reporting Process

The Health Plan or a provider that identifies a violation must submit a report to AHCCCS via secure email to AHCCCS Office of Inspector General at AHCCCSFraud@azahcccs.gov that contains the following information:

First and last name of identified individual;
Residential address/street, address of identified individual, including city, state, and zip code; and
Reason for referral.

Additionally, the link “Report Fraud, Waste and Abuse"

10.4.3 Documentation Expectations

The Health Plan or its providers must document in the person’s medical record (if a provider) or in the Compliance Department (The Health Plan) the following:

Reason for making a report, including how the information was obtained and whether it was an oral or written declaration;
The date the report was submitted to AHCCCS;
Any actions taken as a result of the report; and
A copy of the email to AHCCCS that contains the report.

Any provider staff with a basis to believe that abuse, neglect, exploitation, injuries, and unexpected death of an incapacitated or vulnerable adult or minor child has occurred shall immediately report the incident to a peace officer, the Department of Economic Security/ Adult Protective Services (DES/APS) or the Department of Economic Security/Department of Child Safety (DES/DCS) worker as appropriate, as well as to the Health Plan. The Health Plan will then report it to AHCCCS Quality Management.

10.5.1 Duty to Report Abuse, Neglect, or Exploitation of a Vulnerable Adult

Providers responsible for the care of adults, including incapacitated or vulnerable adults, and who have a reasonable basis to believe that abuse or neglect of the adult has occurred or that exploitation of the adult's property has occurred shall report this information immediately either in person or by telephone. This report shall be made to a peace officer or to a protective services worker within APS. Information on how to contact APS to make a report is located by going to the webpage for the APS Central Intake Unit. A written report must also be mailed or delivered within forty-eight hours or on the next working day if the forty-eight hours expire on a weekend or holiday. The report shall contain:

The names and addresses of the adult and any persons who have control or custody of the adult, if known;
The adult's age and the nature and extent of their incapacity or vulnerability;
The nature and extent of the adult's injuries or physical neglect or of the exploitation of the adult's property; and
Any other information that the person reporting believes might be helpful in establishing the cause of the adult's injuries or physical neglect or of the exploitation of the adult's property.

Upon written and signed request for records from the investigating peace officer or APS worker, the person who has custody or control of medical or financial records of the incapacitated or vulnerable adult for whom a report is required shall make such records, or a copy of such records, available (see Section 10.7.1 Disclosure of Health Information). Records disclosed are confidential and may be used only in a judicial or administrative proceeding or investigation resulting from the report. If psychiatric records are requested, the custodian of the records shall notify the attending psychiatrist, who may remove the following information from the records before they are made available:

Personal information about individuals other than the patient; and
Information regarding specific diagnoses or treatment of a psychiatric condition, if the attending psychiatrist certifies in writing that release of the information would be detrimental to the patient's health or treatment.

If any portion of a psychiatric record is removed, a court, upon request of a peace officer or APS worker, may order that the entire record or any portion of such record containing information relevant to the reported abuse or neglect be made available to the peace officer or APS worker investigating the abuse or neglect.

Additionally, providers must report to the Health Plan healthcare acquired conditions, abuse, neglect, exploitation, injuries, high profile cases and unexpected death of adults as required under Section 11.10 Reporting of Incidents, Accidents, and Deaths.

10.5.2 Duty to Report Abuse, Neglect, Exploitation Injuries, Denial or Deprivation of Medical or Surgical Care or Nourishment, and Unexpected Death of a Minor

Any provider who reasonably believes that any of the following incidents has occurred shall immediately report this information to a peace officer or to a Department of Child Safety (DCS) worker by calling the Arizona Child Abuse Hotline, and must also notify the Health Plan of:

Any physical injury, abuse, reportable offense, or neglect involving a minor that cannot be identified as accidental by the available medical history; or
A denial or deprivation of necessary medical treatment, surgical care, or nourishment with the intent to cause or allow the death of an infant.

In the event that a report concerns a person who does not have care, custody or control of the minor, the report shall be made to a peace officer only. Reports shall be made immediately by telephone or in person and shall be followed by a same-day progress note in the member’s health record. The report shall contain:

The names and addresses of the minor and the minor's parents or the person(s) having custody of the minor, if known;
The minor's age and the nature and extent of the minor's abuse, physical injury, or neglect, including any evidence of previous abuse, physical injury, or neglect; and
Any other information that the person believes might be helpful in establishing the cause of the abuse, physical injury, or neglect.

If a physician, psychologist, or behavioral health professional receives a statement from a person other than a parent, stepparent, or guardian of the minor during the course of providing sex offender treatment that is not court ordered or that does not occur while the offender is incarcerated in the State Department of Corrections or the Department of Juvenile Corrections, the physician, psychologist, or behavioral health professional may withhold the reporting of that statement if the physician, psychologist, or behavioral health professional determines it is reasonable and necessary to accomplish the purposes of the treatment.

Upon written request by the investigating peace officer or DCS worker, the person who has custody or control of medical records of a minor for whom a report is required shall make the records, or a copy of the records, available (see Section 10.7.1 Disclosure of Health Information). Records are confidential and may be used only in a judicial or administrative proceeding or investigation resulting from the required report. If psychiatric records are requested, the custodian of the records shall notify the attending psychiatrist, who may remove the following information before the records are made available:

Personal information about individuals other than the patient; and
Information regarding specific diagnoses or treatment of a psychiatric condition, if the attending psychiatrist certifies in writing that release of the information would be detrimental to the patient's health or treatment.

If any portion of a psychiatric record is removed, a court, upon request by a peace officer or DCS worker, may order that the entire record or any portion of the record that contains information relevant to the reported abuse, physical injury or neglect be made available for purposes of investigation.

Additionally, providers must report to the Health Plan healthcare acquired conditions, abuse, neglect, exploitation, injuries, high profile cases, denial, or deprivation of medical or surgical care or nourishment, and unexpected death of minors as required under Section 11.10 Reporting of Incidents, Accidents, and Deaths.

Any health provider employed or subcontracted by the Health Plan or a mental health provider that has determined a patient poses a serious danger of violence to others shall take reasonable actions to protect the potential victim(s) of that danger ((AHCCCS AMPM 960)

10.6.1 Duty to Protect Potential Victims of Physical Harm

All providers, regardless of their specialty or area of practices, have a duty to protect others against a member’s potential danger to self and/or danger to others. When a provider determines, or under applicable professional standards, reasonably should have determined, that a member poses a serious danger to self or others, the provider has a duty to exercise care to protect others against imminent danger of a patient harming themselves or others. The foreseeable victim need not be specifically identified by the member but may be someone who would be the most likely victim of the member’s dangerous conduct.

The responsibility of behavioral health provider to take reasonable precautions to prevent harm threatened by a member may include any of the following: Communicating, when possible, the threat to all identifiable victims,
Notifying a law enforcement agency in the vicinity where the patient or any potential victim resides,
Taking reasonable steps to initiate proceedings for voluntary or involuntary hospitalization, if appropriate, and in accordance with AMPM Policy 320-U, or
Taking any other precautions that a reasonable and prudent health provider would take under the circumstances.

The Health Plan contracted providers are required to immediately notify by telephone the Health Plan Statewide crisis line provider when a patient is identified as a potential danger to self or others, and update the statewide crisis line provider as appropriate based on the level of risk to the member and the community. Providers are required to report to the statewide crisis line provider all relevant information; including, information about the person’s access to weapons, names and addresses of potential victims, attempts to protect victims, police involvement, relevant clinical information, and support system information. With respect to the legal liability of a behavioral health provider, A.R.S. § 36-517.02 provides that no cause of action or legal liability shall be imposed against a behavioral health provider for breaching a duty to prevent harm to a person caused by a patient unless both of the following occur:

The patient has communicated to the mental health provider an explicit threat of imminent serious physical harm or death to a clearly identified or identifiable victim or victims, and the patient has the apparent intent and ability to carry out such threat, and
The mental health provider fails to take reasonable precautions.

10.7.1 Disclosure of Health Information

This section is intended to provide guidance to protect the privacy of persons who receive services, guidance as to whom information can be disclosed and when authorization* is required prior to that disclosure, and guidance on the notification of those persons in the event their unsecured Protected Health Information (PHI) is breached. It is not all-inclusive of the HIPAA and State Laws; the references throughout are available for providers to access and examine the applicable laws in more detail.

^*For purposes of uniformity and clarity, the term “authorization” is used throughout this section to reference a person’s permission to disclose medical records and protected health information and has the same meaning as “consent” which is used in 42 C.F.R. Part 2.

Information and records obtained in the course of providing or paying for services to a person are confidential and are only disclosed according to the provisions of applicable federal and State law. In the event of an unauthorized use/disclosure of unsecured PHI, the Health Plan’s providers must notify all affected persons.

10.7.2 Overview of Confidentiality Information

The Health Plan and its providers must keep medical records, payment records, behavioral health records and all information contained in those records, and any other personal health and enrollment information that may identify a particular member or subset of members confidential and cannot disclose such information unless permitted or required by federal or State law. Providers must verify that all emails being sent by the provider with Protected Health Information (PHI) are sent using a secure email program and must use an individualized secure business domain email, and not use public email entities (such as Google or Yahoo) to conduct business and transmit PHI.

The law regulates two major categories of confidential information:

Information obtained when providing services not related to alcohol or drug abuse referral, diagnosis, and treatment; and
Information obtained in the referral, diagnosis and treatment of alcohol or drug abuse.

The Health Plan also requires its providers to have policies and procedures in place to protect the privacy of individuals verified to be in the Address Confidentiality Program. See 41 A.R.S. § 161 et seq.

10.7.2.1 Health Information Not Related to Alcohol and Drug Treatment

Information obtained when providing services not related to alcohol and drug abuse treatment is governed by State law and the HIPAA Privacy Rule, 45 C.F.R., Part 164, Subparts A and E, Part 160 Subparts A and B (“the HIPAA Rule”). The HIPAA Rule permits a covered entity (health plan, health care provider, or health care clearinghouse) to use or disclose protected health information with or without patient authorization in a variety of circumstances, some of which are required and others that are permissive. Many of the categories of disclosures contain specific words and phrases that are defined in the HIPAA Rule. Careful attention must be paid to the definitions of words and phrases in order to determine whether disclosure is allowed. In addition, the HIPAA Rule may contain exceptions or special rules that apply to a particular disclosure. State law may affect a disclosure. For example, the HIPAA Rule may preempt State law or State law may preempt the HIPAA Rule. HIPAA, when read together with State law, may impose additional requirements for disclosure. In addition, a covered entity must, with certain exceptions, make reasonable efforts to limit protected health information to the minimum necessary to accomplish the intended purpose of the disclosure.

Before disclosing protected health information, it is good practice to consult the specific citation to the HIPAA Rule, State law, and consult with legal counsel. See Section 10.7.4 below for more detail regarding the disclosure of health information not related to alcohol or drug referral, diagnosis, or treatment.

10.7.2.2 Drug and Alcohol Treatment Information

Information regarding treatment for alcohol or drug abuse is afforded special confidentiality by federal statute and regulation (42 U.S.C. § 290 dd-2 and 42 C.F.R. Part 2). This includes any information concerning a person’s diagnosis or treatment from a federally assisted alcohol or drug abuse program or referral to a federally assisted alcohol or drug abuse program. See Section 10.7.5 below for more detail regarding the disclosure of drug and alcohol abuse information.

10.7.3 General Procedures for All Disclosures

Unless otherwise accepted by State or federal law, all information obtained about a person related to the provision of services to the person is confidential whether the information is in oral, written, or electronic format.

All records generated as a part of the State or the Health Plan grievance and appeal processes are legal records, not medical or payment records, although they may contain copies of portions of a person’s medical record. To the extent these legal records contain personal medical information, the State or the Health Plan will redact or de-identify the information to the extent allowed or required by law.

10.7.3.1 List of Persons Accessing Records

The Health Plan’s providers must verify that a list is kept of every person or organization that inspects a currently or previously enrolled person’s records other than the person’s clinical team, the uses to be made of that information and the staff person authorizing access. The access list must be placed in the enrolled person’s record and must be made available to the enrolled person, their guardian or other designated representative.

10.7.3.2 Disclosure to Clinical Teams

Disclosure of information to members of a clinical team may or may not require an authorization depending upon the type of information to be disclosed and the status of the receiving party. Information concerning diagnosis, treatment or referral for drug or alcohol treatment may only be disclosed to members of a clinical team with authorization from the enrolled person as prescribed in Section 10.7.3. Information not related to drug and alcohol treatment may be disclosed without patient authorization to members of a clinical team who are providers of health, mental health or social services, provided the information is for treatment purposes as defined in the HIPAA Rule. Disclosure to members of a clinical team who are not providers of health, mental health or social services requires the authorization of the person or the person’s legal guardian or parent as prescribed in Section 10.7.4 below.

10.7.3.3 Disclosure to Persons Involved in Court Proceedings

Disclosure of information to persons involved in court proceedings including attorneys, probation or parole officers, guardian ad litem and court appointed special advocates may or may not require an authorization depending upon the type of information to be disclosed and whether the court has entered orders permitting the disclosure.

10.7.4 Disclosure of Information Not Related to Alcohol and Drug Treatment

The HIPAA Rule and State law allow a covered entity to disclose protected health information under a variety of conditions. This is a general overview and does not include an entire description of legal requirements for each disclosure. Below is a general description of all required or permissible disclosures:

To the individual and the individual’s health care decision maker;
To health, mental health and social service providers for treatment, payment or health care operations;
Incidental to a use or disclosure otherwise permitted or required by 45 C.F.R. Part 160 and Part 164, Subpart E;
To a person or entity with a valid authorization;
Provided the individual is informed in advance and has the opportunity to agree or prohibit the disclosure:
For use in facility directories;
To persons involved in the individual’s care and for notification purposes.
When required by State or federal law;
For public health activities;
About victims of child abuse, neglect or domestic violence;
For health oversight activities;
For judicial and administrative proceedings;
For law enforcement purposes;
About deceased persons;
For cadaveric organ, eye, or tissue donation purposes;
For research purposes, if the activity is conducted pursuant to applicable federal or State laws and regulations governing research;
To avert a serious threat to health or safety or to prevent harm threatened by patients;
To a human rights committee;
For purposes related to the Sexually Violent Persons program;
With communicable disease information;
To personal representatives including agents under a health care directive;
For evaluation or treatment;
To business associates;
To the Secretary of Health and Human Services or designee to investigate or determine compliance with the HIPAA Rule;
For specialized government functions;
For worker’s compensation;
Under a data use agreement for limited data;
For fundraising:
For underwriting and related purposes;
To the Arizona Center for Disability Law in its capacity as the State Protection and Advocacy Agency;
To a third-party payer the payer’s contractor to obtain reimbursement;
To a private entity that accredits a health care provider;
To the legal representative of a health care entity in possession of the record for the purpose of securing legal advice;
To a person or entity as otherwise required by state or federal law;
To a person or entity permitted by the federal regulations on alcohol and drug abuse treatment (42 CFR Part 2);
To a person or entity to conduct utilization review, peer review and quality assurance pursuant to A.R.S. §§ 36-441, 36-445, 36-2402 or 36-2917;
To a person maintaining health statistics for public health purposes as authorized by law; and
To a grand jury as directed by subpoena.

10.7.4.1 Disclosure to an Individual

A covered entity is required to disclose information in a designated record set to an individual when requested unless contraindicated. Contraindicated means that access is reasonably likely to endanger the life or physical safety of the patient or another person (See A.R.S. § 36-507(3); 45 CFR § 164.524; A covered entity should read and carefully apply the provisions in 45 CFR §164.524 before disclosing protected health information in a designated record set to an individual.

An individual has a right of access to their designated record set, except for psychotherapy notes and information compiled for pending litigation. See 45 CFR § 164.524(a)(1) and Section 13405(e) of the Health Information Technology for Economic and Clinical Health (HITECH) Act. Under certain conditions a covered entity may deny an individual access to the medical record without providing the individual an opportunity for review. See 45 CFR § 164.524(a)(2); ARS § 12-2293. Under other conditions, a covered entity may deny an individual access to the medical record and must provide the individual with an opportunity for review. See 45 CFR § 164.524(a)(3). A covered entity must follow certain requirements for a review when access to the medical record is denied. See 45 CFR § 164.524(a)(4).

An individual must be permitted to request access or inspect or obtain a copy of their medical record. See 45 CFR § 164.524(b)(1). A covered entity is required to act upon an individual’s request in a timely manner. See 45 CFR § 164.524(b)(2). An individual may inspect and be provided with one free copy per year of their own medical record unless access has been denied.

A covered entity must follow certain requirements for providing access, the form of access and the time and manner of access. See 45 CFR § 164.524(c).

A covered entity is required to make other information available in the record when access is denied, must follow other requirements when making a denial of access, must inform an individual of where medical records are maintained and must follow certain procedures when an individual requests a review when access is denied. See 45 CFR § 164.524(d).

A covered entity is required to maintain documentation related to an individual’s access to the medical record. See 45 CFR § 164.524(e).

10.7.4.2 Disclosure with an Individual or the Individual’s Health Care Decision Maker’s Authorization

The HIPAA Rule allows information to be disclosed with an individual’s written authorization.

For all uses and disclosures that are not permitted by the HIPAA Rule, patient authorization is required. See 45 CFR §§ 164.502(a)(1)(iv); and 164.508. An authorization must contain all of the elements in 45 CFR § 164.508.

A copy of the authorization must be provided to the individual. The authorization must be written in plain language and must contain the following elements:

A description of the information to be used or disclosed that identifies the information in a specific and meaningful fashion;
The name or other specific identification of the person(s), or class of persons, authorized to make the requested use or disclosure;
The name or other specific identification of the person(s), or class of persons, to whom the covered entity may make the requested use or disclosure;
A description of each purpose of the requested use or disclosure. The statement “at the request of the individual” is a sufficient description of the purpose when an individual initiates the authorization and does not, or elects not to, provide a statement of the purpose;
An expiration date or an expiration event that relates to the individual or the purpose of the use or disclosure. The statement “end of the research study,” “none,” or similar language is sufficient if the authorization is for a use or disclosure of protected health information for research, including for the creation and maintenance of a research database or research repository; and
Signature of the individual and date. If the authorization is signed by a personal representative of the individual, a description of the representative’s authority to act for the individual must also be provided.

In addition to the core elements, the authorization must contain statements adequate to place the individual on notice of all of the following:

The individual’s right to revoke the authorization in writing, and either:
- The exceptions to the right to revoke and a description of how the individual may revoke the authorization; or
- A reference to the covered entity’s notice of privacy practices if the notice of privacy practices tells the individual how to revoke the authorization.
- The ability or inability to condition treatment, payment, enrollment or eligibility for benefits on the authorization, by stating either:
- o The covered entity may not condition treatment, payment, enrollment, or eligibility for benefits on whether the individual signs the authorization when the prohibition on conditioning of authorizations in 45 CFR § 164.508 (b)(4) applies; or
- The consequences to the individual of a refusal to sign the authorization when, in accordance with 45 CFR § 164.508 (b) (4), the covered entity can condition treatment, enrollment in the health plan or eligibility for benefits on failure to obtain such authorizat
The potential for information disclosed pursuant to the authorization to be subject to re-disclosure by the member.

10.7.4.3 Disclosure to Health, Mental Health, or Social Service Providers for Treatment, Payment, or Health Care Operations; Reports of Abuse and Neglect

Disclosure is permitted without patient authorization to health, mental health and social service providers involved in caring for or providing services to the person for treatment, payment or health care operations as defined in the HIPAA Rule. These disclosures are typically made to primary care Providers, psychiatrists, psychologists, social workers, or other behavioral health professionals. Particular attention must be paid to 45 CFR §164.506(c) and the definitions of treatment, payment, and health care operations to determine the scope of disclosure. For example, a covered entity is allowed to disclose protected health information for its own treatment, payment, or health care operations. See 45 CFR §164.506(c)(1). A covered entity may disclose for treatment activities of a health care provider including providers not covered under the HIPAA Rule. See 45 CFR § 164.506(c)(2). A covered entity may disclose to both covered and non-covered health care providers for payment activities. See 45 CFR § 164.506(c)(3). A covered entity may disclose to another covered entity for the health care operations activities of the receiving entity if each entity has or had a direct treatment relationship with the individual and the disclosure is for certain specified purposes in the definition of health care operations 42 CFR. See 45 CFR § 164.506(c)(4).

If the disclosure is not for treatment, payment, or health care operations or required by law, patient authorization is required unless otherwise allowed by law.

The HIPAA Rule does not modify a covered entity’s obligation under A.R.S. § 13-3620 to report child abuse and neglect to Department of Child Safety or disclose a child’s medical records to the Department of Child Safety for investigation of child abuse cases.

Similarly, a covered entity may have an obligation to report adult abuse and neglect to Adult Protective Services. See A.R.S. § 46-454. The HIPAA Rule imposes other requirements in addition to those contained in A.R.S. § 46-454, primarily that the individual be notified of the making of the report or a determination by the reporting person that it is not in the individual’s best interest to be notified. See 45 CFR § 164.512(c).

10.7.4.4 Disclosure to Other Persons Including Family Members Who Are Actively Participating in the Member’s Care, Treatment, or Supervision

A covered entity may disclose protected health information without authorization to other persons including family members actively participating in the member's care, treatment, or supervision. Prior to releasing information, an agency or non-agency treating professional or that person's designee must have a verbal discussion with the person to determine whether the person objects to the disclosure. If the person objects, the information cannot be disclosed. If the person does not object, or the person lacks capacity to object, or in an emergency circumstance, the treating professional must perform an evaluation to determine whether disclosure is in that person's best interests. A decision to disclose or withhold information is subject to review pursuant to A.R.S. § 36-517.01.

An agency or non-agency treating professional may only release information relating to the person's diagnosis, prognosis, need for hospitalization, anticipated length of stay, discharge plan, medication, medication side effects, and short-term and long-term treatment goals. See A.R.S. § 36-509(7).

The HIPAA Rule imposes additional requirements when disclosing protected health information to other persons including family members. A covered entity may disclose to a family member or other relative the protected health information directly relevant to the person’s involvement with the individual’s care or payment related to the individual’s health care. If the individual is present for a use or disclosure and has the capacity to make health care decisions, the covered entity may use or disclose the protected health information if it obtains the individual’s agreement, provides the individual with the opportunity to object to the disclosure and the individual does not express an objection. If the individual is not present, or the opportunity to agree or object to the use or disclosure cannot practicably be provided because of the individual’s incapacity or an emergency circumstance, the covered entity may, in the exercise of professional judgment, determine whether the disclosure is in the best interests of the individual and, if so, disclose only the protected health information that is directly relevant to the person’s involvement with the individual’s health care. See 45 CFR § 164.510(b).

10.7.4.6 Disclosure to an Agent Under a Health Care Directive

A covered entity may treat an agent appointed under a health care directive as a personal representative of the individual. See 45 CFR § 164.502(g). Examples of agents appointed to act on an individual’s behalf include an agent under a health care power of attorney, see A.R.S. § 36-3221 et seq.; surrogate decision makers, see A.R.S. § 36-3231; and an agent under a mental health care power of attorney, see A.R.S. § 36-3281.

10.7.4.7 Disclosure to a Personal Representative

A covered entity may disclose protected health information to a personal representative, including the personal representative of an un-emancipated minor, unless one or more of the exceptions described in 45 CFR §§ 164.502(g)(3)(i) or 164.502(g)(5) applies. See 45 CFR § 164.502(g)(1).

The general rule is that if State law, including case law, requires or permits a parent, guardian or other person acting in loco parentis to obtain protected health information, then a covered entity may disclose the protected health information. See 45 CFR § 164.502(g)(3)(ii)(A).

Similarly, if State law, including case law, prohibits a parent, guardian or other person acting in loco parentis from obtaining protected health information, then a covered entity may not disclose the protected health information. See 45 CFR § 164.502(g)(3)(ii)(B).

When State law, including case law, is silent on whether protected health information can be disclosed to a parent, guardian or other person acting in loco parentis, a covered entity may provide or deny access under 45 CFR § 164.524 to a parent, guardian or other person acting in loco parentis if the action is consistent with State or other applicable law, provided that such decision must be made by a licensed health care professional, in the exercise of professional judgment. See 45 CFR § 164.502(g)(3)(ii)(C).

10.7.4.7 Disclosure to a Personal Representative, Adults and Emancipated Minors

If under applicable law, a person has authority to act on behalf of an individual who is an adult or an emancipated minor in making decisions related to health care, a covered entity must treat such persons as a personal representative with respect to protected health information relevant to such personal representation. See 45 CFR § 164.502(g)(2). Simply stated, if there is a State law that permits the personal representative to obtain the adult or emancipated minor’s protected health information, the covered entity may disclose it. A covered entity may withhold protected health information if one or more of the exceptions in 45 CFR § 164.502(g)(5) applies.

10.7.4.8 Deceased Persons

If under applicable law, an executor, administrator, or other person has authority to act on behalf of a deceased individual or of the individual’s estate, a covered entity must treat such persons as a personal representative with respect to protected health information relevant to the personal representation. See 45 CFR § 164.502(g)(4). A covered entity may withhold protected health information if one or more of the exceptions in 45 CFR § 164.502(g)(5) applies. A.R.S. § 12-2294 (D) provides certain persons with authority to act on behalf of a deceased person.

10.7.4.9 Disclosure for Court-Ordered Evaluation or Treatment

An agency in which a person is receiving court ordered evaluation or treatment is required to immediately notify the person's guardian or agent or, if none, a member of the person's family that the person is being treated in the agency. See A.R.S. § 36-504(B). The agency shall disclose any further information only after the treating professional or that person's designee interviews the person undergoing treatment or evaluation to determine whether the person objects to the disclosure and whether the disclosure is in the person's best interests. A decision to disclose or withhold information is subject to review pursuant to section A.R.S. § 36-517.01.

If the individual or the individual’s guardian makes the request for review, the reviewing official must apply the standard in 45 CFR § 164.524(a)(3). If a family member makes the request for review, the reviewing official must apply the “best interest” standard in A.R.S. § 36-517.01.

The reviewer’s decision may be appealed to the superior court. See A.R.S. § 36-517.01(B). The agency or non-agency treating professional must not disclose any treatment information during the period an appeal may be filed or is pending.

10.7.4.10 Disclosure for Health Oversight Activities

A covered entity may disclose protected health information without patient authorization to a health oversight agency for oversight activities authorized by law, including audits; civil, administrative, or criminal investigations; inspections; licensure or disciplinary actions; civil, administrative, or criminal proceedings or actions or other activities necessary for appropriate oversight of entities subject to government regulatory programs for which health information is necessary for determining compliance with program standards. See 45 CFR § 164.512(d).

10.7.4.11 Disclosure for Judicial and Administrative Proceedings including Court Ordered Disclosures

A covered entity may disclose protected health information without patient authorization in the course of any judicial or administrative proceeding in response to an order of a court or administrative tribunal, provided that the covered entity discloses only the protected health information expressly authorized by the order. See 45 CFR § 164.512(e). In addition, a covered entity may disclose information in response to a subpoena, discovery request or other lawful process without a court order if the covered entity receives satisfactory assurances that the requesting party has made reasonable efforts to provide notice to the individual or has made reasonable efforts to secure a qualified protective order. See 45 CFR §§ 164.512(e)(1)(iii),(iv) and (v) for what constitutes satisfactory assurances.

10.7.4.12 Disclosure to Persons Doing Research

A covered entity may disclose protected health information to persons doing research without patient authorization provided it meets the de-identification standards of 45 CFR § 164.514(b). If the covered entity wants to disclose protected health information that is not de-identified, patient authorization is required or an Institutional Review Board or a privacy board in accordance with the provisions of 45 CFR § 164.512(i)(1)(i) can waive it.

10.7.4.13 Disclosure to Prevent Harm Threatened by Patients

Mental health providers have a duty to protect others against the harmful conduct of a patient under certain circumstances. See A.R.S. § 36-517.02. When a patient poses a serious danger of violence to another person, the provider has a duty to exercise reasonable care to protect the foreseeable victim of the danger. Little v. All Phoenix South Community Mental Health Center, Inc., 186 Ariz. 97, 919 P.2d 1368 (1996). A covered entity may, consistent with applicable law and standards of ethical conduct, use or disclose protected health information without patient authorization if the covered entity, in good faith, believes the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public and is to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat, or is necessary for law enforcement authorities to identify or apprehend an individual. See 45 CFR § 164.512(j)(1)(ii); 164.512(f)(2) and (3) for rules that apply for disclosures made to law enforcement. See 45 CFR § 164.512(j)(4) for what constitutes a good faith belief.

10.7.4.14 Disclosures to Human Rights Committees

Protected health information may be disclosed to a human rights committee without patient authorization provided personally identifiable information is redacted or de-identified from the record. See A.R.S. §§ 36-509(10) and 41-3804. In redacting personally identifiable information, a covered entity must comply with the HIPAA Rule de-identification standards in 45 CFR §164.514(b) and not State law. If a human rights committee wants non-redacted identifiable health information for official purposes, it must first demonstrate to AHCCCS that the information is necessary to perform a function that is related to the oversight of the health system, and in that case, a covered entity may disclose protected health information to the human rights committee in its capacity as a health oversight agency. See 45 CFR §164.512(d)(1).

10.7.4.15 Disclosure to the Arizona Department of Corrections

Protected health information may be disclosed without patient authorization to the state department of corrections in cases where prisoners confined to the State prison are patients in the State hospital on authorized transfers either by voluntary admission or by order of the court. See A.R.S. § 36-509(5) the HIPAA Rule limits disclosure to correctional institutions to certain categories of information that are contained in 45 CFR § 164.512(k)(5).

10.7.4.16 Disclosure to a Governmental Agency or Law Enforcement to Secure Return of a Patient

Protected health information may be disclosed to governmental or law enforcement agencies if necessary to secure the return of a patient who is on unauthorized absence from any agency where the patient was undergoing court ordered evaluation or treatment. See A.R.S. § 36-509(6). A covered entity may disclose limited information without patient authorization to law enforcement to secure the return of a missing person. See 45 CFR § 164.512(f)(2)(i). In addition, a covered entity is permitted limited disclosure to governmental agencies to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. See 45 CFR § 164.512(j).

10.7.4.17 Disclosure to a Sexually Violent Persons (SVP) Program

Protected health information may be disclosed to a governmental agency or a competent professional, as defined in A.R.S. § 36-3701, in order to comply with the SVP Program (Arizona Revised Statutes, Title 36, Chapter 37). See A.R.S. § 36-509(9)).

A "competent professional" is a person who may be a psychologist or psychiatrist, is approved by the Superior Court and is familiar with the State's sexually violent person’s statutes and sexual offender treatment programs. A competent professional is either statutorily required or may be ordered by the court to perform an examination of a person involved in the sexually violent persons program and must be given reasonable access to the person in order to conduct the examination and must share access to all relevant medical and psychological records, test data, test results and reports. See A.R.S. § 36-3701(2).

In most cases, the disclosure of protected health information to a competent professional or made in connection with the sexually violent persons program is required by law or ordered by the court. In either case, disclosure under the HIPAA Rule without patient authorization is permitted. See 45 CFR § 164.512(a) (disclosure permitted when required by law) and 45.

CFR § 164.512(e) (disclosure permitted when ordered by the court). If the disclosure is not required by law or ordered by the court or is to a governmental agency other than the sexually violent persons program, the covered entity may have the authority to disclose if the protected health information is for treatment, payment, or health care operations. See 45 CFR § 164.506(c) to determine rules for disclosure for treatment, payment, or health care operations.

10.7.4.18 Disclosure to Third Party Payors

Disclosure is permitted to a third-party payor to obtain reimbursement for health care, mental health care or behavioral health care provided to a patient. See A.R.S. § 36-509(13).

10.7.4.19 Disclosure to an Accreditation Organization

Disclosure is permissible to a private entity that accredits a health care provider and with whom the health care provider has an agreement that requires the agency to protect the confidentiality of patient information. See A.R.S. § 36-509(14).

10.7.4.20 Disclosure of Communicable Disease Information

A.R.S. § 36-661 et seq., includes a number of provisions that address the disclosure of communicable disease information. The general rule is that a person who obtains communicable disease related information in the course of providing a health service or pursuant to a release of communicable disease related information must not disclose or be compelled to disclose that information. See A.R.S. § 36-664(A). Certain exceptions for disclosure are permitted to:

The individual or the individual’s health care decision maker;
AHCCCS or a local health department for the purpose of notifying a Good Samaritan;
An agent or employee of a health facility or a health care provider;
A health facility or a health care provider;
A federal, State or local health officer;
Government agencies authorized by law to receive communicable disease information;
Persons authorized pursuant to a court order;
The Department of Economic Security for adoption purposes;
The Industrial Commission;
The Department of Health Services to conduct inspections;
Insurance entities;
A private entity that accredits a health care facility or a health care provider; and
A person or entity for research only if the research is conducted pursuant to applicable federal or State laws governing research.

A.R.S. § 36-664 also addresses issues with respect to Disclosures to the Department of Health Services or local health departments. These disclosures are also permissible under certain circumstances:

Authorizations;
Re-disclosures;
Disclosures for supervision, monitoring and accreditation;
Listing information in death reports;
Reports to the Department; and
Applicability to insurance entities.

An authorization for the release of communicable disease related information must be signed by the protected person or, if the protected person lacks capacity to consent, the person’s health care decision maker (see A.R.S. § 36-664(F)). If an authorization for the release of communicable disease information is not signed, the information cannot be disclosed. An authorization must be dated and must specify to whom disclosure is authorized, the purpose for disclosure and the time period during which the authorization is effective. A general authorization for the release of medical or other information, including communicable disease related information, is not an authorization for the release of HIV-related information unless the authorization specifically indicates its purpose as authorization for the release of HIV-related information and complies with the requirements of A.R.S. § 36-664(F).

The HIPAA Rule does not preempt State law with respect to disclosures of communicable disease information; however, it may impose additional requirements depending upon the type, nature, and scope of disclosure. It is advisable to consult with the HIPAA Compliance Officer and/or legal counsel prior to disclosure of communicable disease information.

For example, if a disclosure of communicable disease information is made pursuant to an authorization, the disclosure must be accompanied by a statement in writing which warns that the information is from confidential records which are protected by State law that prohibits further disclosure of the information without the specific written consent of the person to whom it pertains or as otherwise permitted by law. A.R.S. § 36-664(H) affords greater privacy protection than 45 CFR § 164.508(c)(2)(ii), which requires the authorization to contain a statement to place the individual on notice of the potential re-disclosure of the member and thus, is no longer protected. Therefore, any authorization for protected health information that includes communicable disease information must contain the statement that re-disclosure of that information is prohibited.

10.7.4.21 Disclosure to Business Associates

The HIPAA Rule allows a covered entity to disclose protected health information to a business associate if the covered entity obtains satisfactory assurances that the business associate will safeguard the information in accordance with 45 CFR § 164.502(e) and the HITECH Act. See the definition of “business associate” in 45 CFR § 160.103. Also see 45 CFR § 164.504(e) and Section 13404 of the HITECH Act for requirements related to the documentation of satisfactory assurances through a written contract or other written agreement or arrangement.

***10.7.4.22 Disclosure to the Arizona Center for Disability Law, Acting in the Capacity as the State Protection and Advocacy Agency Pursuant to 42 U.S.C* § *10805 is:***

Allowed when an enrolled person is mentally or physically unable to consent to a release of confidential information, and the person has no legal guardian or other legal representative authorized to provide consent; and
Allowed when a grievance has been received by the Center or the Center asserts that the Center has probable cause to believe that the enrolled person has been abused or neglected.

The reporting of suspected fraud and program abuse is a requirement of the Arizona Health Care Cost Containment System (AHCCCS). Under the requirements of the Corporate Compliance Program, and in accordance with A.R.S. §36-2918.01, §36-2932, §36-2905.04 and ACOM Policy 103, the Health Plan, its subcontractors and providers are required to immediately notify the AHCCCS Office of Inspector General (AHCCCS-OIG) regarding all allegations of suspected fraud, waste or abuse (FWA) involving the AHCCCS Program.

Providers must be cognizant of the potential for fraud, waste, and abuse within the public health system. Fraud as defined by Federal law and as recognized in the State of Arizona is an intentional deception or misrepresentation made by a person with the knowledge that the deception could result in some unauthorized benefit to themselves or some other person. It includes any act that constitutes fraud under applicable State or Federal law, as defined in 42 CFR 455.2. Providers must ensure adequate training addressing FWA prevention, recognition, and reporting, and encourage employees, members, and any subcontractors to report FWA without fear of retaliation.

Members or providers who intentionally deceive or misrepresent to obtain a financial gain or benefit they are not entitled to must be reported to Arizona Complete Health or directly to AHCCCS Office of Inspector General (AHCCCS-OIG). Individuals and/or entities found to be submitting fraudulent claims for services will be reported to AHCCCS-OIG and may be subject to an investigation that could lead to an exclusion from participating in any Federally funded health care program pursuant to section 1128 of the Social Security Act.

Under the federal False Claims Act (FCA) provisions, no specific intent to defraud is required. The civil FCA defines "knowing" to include not only actual knowledge but also instances in which the person acted in deliberate ignorance or reckless disregard of the truth or falsity of the information. Further, the civil FCA contains a whistleblower provision that allows a private individual to file a lawsuit on behalf of the United States government against those who have defrauded the government and entitles that whistleblower to a percentage of any recoveries.

In the context of this section of the Provider Manual, persons receiving care in the public health system can also commit acts of fraud, waste, and abuse. Examples of member fraud might include use of someone else’s member ID card or failure to report other insurance.

The Health Plan’s providers are responsible for ensuring that mechanisms are in place for the identification, prevention, detection and reporting of suspected fraud, waste, and abuse. All employees of providers must be familiar with the types of FWA that could occur during their normal daily activities. The Health Plan has designated a Compliance Officer and a Compliance Committee responsible for the development and implementation of the Corporate Compliance Program which addresses FWA prevention, detection, deterrence, and reporting.

Under the applicable law of the state of Arizona, a person may not present or cause to be presented to this state or to a contractor:

A claim for a medical or other item or service that the person knows or has reason to know was not provided as claimed.
A claim for a medical or other item or service that the person knows or has reason to know is false or fraudulent.
A claim for payment that the person knows or has reason to know may not be made by the system because:
- The person was terminated or suspended from participation in the program on the date for which the claim is being made.
- The item or service claimed is substantially in excess of the needs of the individual or of a quality that fails to meet professionally recognized standards of health care.
- The patient was not a member on the date for which the claim is being made. ARS 36-2918

The state may impose civil penalties and assessments or both, pursuant to R9-22-1101. Basis for Civil Monetary Penalties and Assessments for Fraudulent Claims. This Article applies to prohibited acts as described under A.R.S. § 36-2918(A), and submissions of encounters to the Administration. The Administration considers a person who aids and abets a prohibited act affecting any of the AHCCCS programs or Health Care Group to be engaging in a prohibited act under A.R.S. § 36-2918(A).

10.8.1 Methods for Reporting Fraud, Waste, and Abuse

The Health Plan providers are required to immediately report, but no later than 10 days, all suspected FWA involving any Title XIX/XXI and NTXIX/XXI funds, AHCCCS providers, or AHCCCS members to the AHCCCS Office of Inspector General (OIG) in writing using the AHCCCS online reporting form, and which may be submitted online, or via the following methods:

Arizona Health Care Cost Containment System (AHCCCS)

Inspector General

Office of Inspector General (OIG)

801 E. Jefferson St., Mail Drop 4500

Phoenix, AZ, 85034

To Report Provider Fraud:

In Arizona: 602-417-4045
Toll free Outside of Arizona Only: 888-ITS-NOT-OK or 888-487-6686

To Report Member Fraud:

In Arizona: 602-417-4193
Toll free Outside of Arizona Only: 888-ITS-NOT-OK or 888-487-6686

Email: AHCCCSFraud@azahcccs.gov

Fax: 602‐417‐4102

AHCCCS Website

This includes acts of suspected or confirmed FWA that were resolved internally but involved AHCCCS funds or AHCCCS providers. Failure to comply with the requirement to report suspected FWA may result in the penalty described in A.R.S. § 36-2992.

10.8.2 Reporting Fraud, Waste, and Abuse to the Health Plan

In addition to notifying AHCCCS, all providers must immediately notify the Health Plan of all suspected or confirmed FWA activities. Health Plan providers must report suspected FWA to the Health Plan via mail, phone, or email to:

Arizona Complete Health-Complete Care Plan

Attn: Compliance Officer

1850 W. Rio Salado Parkway, Suite 211

Tempe, AZ 85281

Fraud and Abuse Hotline: (866) 685-8664

Hotline is available 24/7, all calls are confidential and can be made anonymously.
Customer Service 888-778-4408 (TTY 711)
Email: AzCHFWA@azcompletehealth.com

The public, members, staff, and providers may report suspected FWA cases confidentially and anonymously by submitting information to any of the above locations.

Providers are required to develop, maintain, and publicize a confidential and anonymous FWA reporting process. The reporting process must be made readily accessible to the public, members, employees, and contractors.

Once a suspected case of fraud, waste, or program abuse has been reported to AHCCCS' OIG, the Health Plan will take no action to recoup, offset or act in any manner inconsistent with AHCCCS-OIG's authority to conduct a full investigation. The requirements to take no action following referral to AHCCCS OIG also applies to subcontractors working on behalf of Arizona Complete Health. If the Health Plan receives anything of value that could be construed to represent the repayment of any amount expended due to fraud, waste or abuse, the Health Plan shall forward that recovery to AHCCCS/OIG within 30 days of its receipt. As specified in the AHCCCS Minimum Subcontractor Provisions (MSP), the above requirements apply to any actions undertaken on behalf of a Contractor by a Subcontractor.

10.8.3 AHCCCS-OIG Communications

The Health Plan Providers shall report to the Health Plan (ATTN: Compliance Officer) and the AHCCCS-Office of Inspector General (OIG) immediately, but no later than ten (10) days from receipt of notification, all contact made by AHCCCS-OIG in reference to any open/closed FWA case, a voluntary self-disclosure or settlement, and/or any other type of FWA activity involving official communications by AHCCCS-OIG.

The Health Plan (ATTN: Compliance Officer) shall be advised of the final disposition of any case and/or settlement agreement made between a provider and AHCCCS-OIG.

10.8.4 Cooperation with AHCCCS and the Health Plan

Providers must respond timely to all Health Plan, and AHCCCS-OIG requests for interviews, information, data, or documents as a part of any investigation, inquiry, or audit. AHCCCS-OIG may conduct an audit review or on-site investigation without notice and the provider must provide access to all records, documents, and data related to the provider’s contract at all times.

Upon request, providers must furnish all documents, including original copies, to representatives of the Health Plan and AHCCCS-OIG at no cost. The Health Plan or AHCCCS-OIG will establish the designated timeframe to copy the requested documents, which will not exceed twenty (20) business days, from the date of the Health Plan request.

In addition, providers must verify that all emergent phone calls from the Health Plan to the provider’s point of contact are returned within 4 hours; all urgent phone calls are returned within one workday and all routine calls are returned within two workdays. Providers must verify that all emails sent from Health Plan staff are addressed timely with responses from the provider received within three workdays.

10.9.1 Corporate Compliance Plan

Providers must maintain a Corporate Compliance Plan that is reviewed and updated annually. The current Corporate Compliance Plan must be made available to the Health Plan upon request.

The Corporate Compliance Plan must include, at a minimum, the following elements:

Designated Compliance Officer.
Provisions of the Deficit Reduction Act of 2005 (DRA) and provisions of the Federal False Claims Act, Business Ethics and Conduct Policy, including the establishment of Codes of Conduct.
Establishment of an effective training and education program as a systematic means for educating and training agency employees and subcontractor employees to identify and report suspected waste, fraud, and abuse.
A process to conduct periodic monitoring of claims/encounters, claims medical review and other operations for compliance with laws, regulations, and payer requirements, such as conducting periodic internal audits.
A process for employees to receive information on how to identify and report incidents of suspected waste, fraud, and abuse through (The Health Plan's) Ethics and Compliance Hotline.
Compliance committee to oversee the implementation of an effective compliance program.
Verify all staff and subcontractor staff have been trained annually regarding fraud, waste, abuse, false claims act, whistleblower protections and State laws relating to civil or criminal penalties for false claims and statements.

10.9.2 Deficit Reduction and Federal False Claims Act

The Health Plan requires all providers to adhere to Deficit Reduction Act (DRA) requirements. The DRA requires that any entity which receives or makes payments under a state plan approved under Title XIX or under any waiver of such plan, totaling at least $5 million annually, must establish written policies for its employees, management, contractors, and agents regarding the federal False Claims Act (FCA), the administrative remedies for false claims and statements, applicable state laws that provide civil or criminal penalties for making false claims and statements, the “whistleblower” protections afforded under such laws and the role of such laws in preventing and detecting FWA.

The FCA applies to claims presented for payment by federal health care programs. The FCA allows private persons to bring a civil action against those who knowingly submit false claims upon the government. The following are activities for which one may be liable under the FCA:

Knowingly presenting to an officer or employee of the United States government a false or fraudulent claim for payment or approval;
Knowingly making, using or causing a false record or statement to get a false or fraudulent claim paid or approved by the government.
Conspiring to defraud the government by getting false or fraudulent claims allowed or paid.
Having possession, custody or control of property or money used, or to be used by the government, and intending to defraud the government by willfully concealing property, delivering or causing to be delivered less property than the amount for which the individual receives;
Authorizing to make or deliver a document, certifying receipt of property used by the government and intending to defraud the government and making or delivering a receipt without completely knowing that the information on the receipt is true.
Knowingly buying or receiving as a pledge of an obligation or debt, public property from an officer or employee of the government, or a member of the Armed Forces, who lawfully may not sell or pledge the property.
Knowingly making, using, or causing to be made or used, a false record or statement to conceal, avoid or decrease an obligation to pay or transmit money or property to the government.

The definition of “knowing” and “knowingly” as it relates to the FCA includes actual knowledge of the information, acting in deliberate ignorance of the truth or falsity of the information, and/or acting in reckless disregard of the truth or falsity of the information. Proof of specific intent to defraud is not required for reporting potential violations of the law.

Violation of the False Claims Act is punishable by a civil penalty as prescribed by federal or state law. A federal false claims action may be brought by the U.S. Attorney General.

10.9.3 Identifying Fraud, Waste, and Abuse

Providers must conduct internal monitoring and auditing in an effort to discover or identify suspected fraud, waste, and program abuse within the provider’s organization. In accordance with A.R.S. §36-2918.01 and ACOM Policy 103, providers should have a process to, upon discovery, promptly address and notify the Health Plan and AHCCCS-OIG of any instances of an excluded provider or employee that is, or appears to be, in a prohibited relationship with the Subcontractor (42 CFR 455.17).

10.9.3.1 Additional Requirements for Behavioral Health Specialty Providers and Crisis Providers

Behavioral health specialty providers and crisis care providers must also contract with an independent auditor to conduct an annual claims review to verify compliance with all State and federal laws, regulations, and payer requirements.

10.9.4 Corporate Compliance Program

Providers must have a comprehensive Corporate Compliance Program designed to deter, detect, and prevent fraud, waste, and abuse. The Corporate Compliance Programs should be compliant with the requirements of Section 6032 Deficit Reduction Act of 2005 (DRA) [Section 1902(a)(68) of the Social Security Act, Title 42 CFR 457.1285, and Title 42 CFR 438.608 (a) (6). The provider must establish written policies, and shall ensure adequate training and ongoing education for, all of its employees including management, members, and of any subcontractors or agents regarding the following:

Detailed information about the Federal False Claims Act,
The administrative remedies for false claims and statements,
Any State laws relating to civil or criminal liability or penalties for false claims and statements, and
The whistleblower protections under such laws.

Additionally, the Corporate Compliance Program should include:

Written policies, procedures, and standards of conduct that articulate the organization's commitment to processes for, complying with all applicable federal and State Standards;
A process for the monthly screening of all provider existing staff, potential staff and subcontractors against the List of Excluded Individuals and Entities (LEIE) & the System for Award Management (SAM) formerly known as the Excluded Parties List (EPLS) databases for those that have been debarred, suspended, or otherwise excluded as well as any other databases as required/requested by the Health Plan, AHCCCS or Centers for Medicare and Medicaid Services (CMS). All potential staff and subcontractors must be checked before hire and all existing staff and subcontractors must be checked on a monthly basis;
A mechanism for enforcement of standards through well-publicized disciplinary guidelines;
Have a process to confirm the identity and determine the exclusion status of any person with an ownership or control interest in the Contractor and with regard to its fiscal agents, to identify, obtain and report the exclusion status on persons convicted of crimes; and
Develop and maintain robust internal controls and mechanisms in order to consistently identify, prevent, deter, and detect fraud, waste and program abuse that includes the implementation of corrective action plans (42 CFR 438.608).

10.9.5 Compliance Officer

Providers must establish written criteria for selecting a Compliance Officer and job description that clearly outlines the responsibilities and authority of the position. The Compliance Officer shall have the authority to assess records and independently refer suspected member fraud, provider fraud, waste and member abuse cases to the Health Plan and the AHCCCS-OIG. The Compliance Officer shall not have any title, duties or responsibilities that could constitute a potential or actual conflict of interest. Providers must require the Compliance Officer to be responsible for the following:

Provide training and ongoing education to employees in identifying and reporting fraud, waste, and program abuse.
Oversee internal and external compliance audits
Record, track and trend all fraud, waste and abuse related complaints received including those initiated by the Health Plan or a subcontractor, which shall capture and maintain the following information, at a minimum:
- Contact information of complainant;
- Name and identifying information of person or entity suspected of fraud, waste and/or program abuse;
- Date and time complaint was received;
- Nature of the allegations and summary of concern;
- Potential estimated dollar loss amount and specific identification of funding source(s) involved;
- Subcontractor's unique case identifying number;
- The department or agency in which the complaint has been reported, and
- Date in which the case was referred to the Health Plan or AHCCCS-OIG.

Providers must ensure the Compliance Officer has complete access to all information, databases, files, records, and documents in order to conduct audits and to strategically structure the position to report suspected fraud, waste, and program abuse directly the Health Plan and AHCCCS-OIG independently (42 CFR 455.17).

10.9.6 Other Activities

The provider must conduct additional activities, such as:

Regular fraud, waste, and abuse awareness activities (i.e., campaigns, newsletters).
Develop and maintain internal control assessments.
Risk assessments.
The Health Plan responds to and coordinates responses made by the Health Plan Compliance Committee.
Notify the Health Plan of any CMS compliance issues related to HIPAA transactions and code set complaints or sanctions.
Communicate with the Health Plan and AHCCCS OIG on the final disposition of the research and advice of actions, if any, taken by the provider.

Contract with an independent auditor to conduct an annual claims review to verify compliance with all State and federal laws, regulations, and payer requirements

The Centers for Medicare and Medicaid Services (CMS) requires the Arizona Health Care Cost Containment System (AHCCCS) to conduct encounter validation studies as a condition for receiving federal Medicaid funding. AHCCCS requires the Health Plan to conduct encounter validation studies of their providers.

The purpose of encounter validation studies is to compare recorded utilization information from a clinical record or other source with submitted encounter data. The review “validates” or confirms that covered services are encountered timely, correctly, and completely. The purpose of this section is to:

Inform providers that encounter validation studies may be performed by AHCCCS, the Health Plan and/or AHCCCS staff; and
Convey the AHCCCS’ expectation that providers cooperate fully with any encounter validation review that AHCCCS, the Health Plan and/or AHCCCS may conduct.

10.10.1 Criteria Used in Encounter Validation Studies

The criteria used in encounter validation studies include timeliness, correctness, and omission of encounters, in addition to encountering for services not documented in the medical record. These criteria are defined as follows:

Timeliness - an encounter received at AHCCCS beyond the allowable time period as defined in the contract.
Accuracy Errors - an inconsistency between the claim documentation and an encounter submitted in respect to member ID, Provider ID, NPI, procedure/revenue code(s), modifier(s), diagnosis code(s), date(s) of service, billed charges, units, coordination of benefits, etc.
Encounter Omission Errors - an encounter for a medical record entry of a service for which a Contractor incurred a financial liability but did not submit this data to AHCCCS. Or an encounter inappropriately voided from AHCCCS historical files and not resubmitted but still appearing as a paid claim for the Contractor is an omission. To avoid an omission error, there should be a paid/approved (31/78) encounter in PMMIS.

Providers may be subject to sanctions for failure to meet the criteria used in encounter audits.

Providers must notify the Health Plan if, on the basis of moral or religious grounds, the provider elects not to provide coverage of a covered counseling or referral service pursuant to 42 CFR 438.102(a)(2). If the provider elects not to provide coverage of a covered counseling or referral service pursuant to 42 CFR 438.102(a) (2), the provider is required to make alternative arrangements with another entity to provide the service. A provider must notify the Health Plan prior to entering into a contract or adopting a policy as described above during the term of the provider’s contract with the Health Plan. The notification and policy must be consistent with the provisions of 42 CFR 438.10; must be provided to members during their initial appointment; and must be provided to members at least thirty (30) days prior to the effective date of the policy.

10.11.1 Provider Responsibilities

Providers must deliver covered services in accordance with the AHCCCS Medical Policy Manual.

Providers must document adequate information in the clinical record and submit encounters to the Health Plan. Any audit findings that indicate suspected fraud, waste and/or program abuse must be reported to the Health Plan’s Compliance Department as described in Section 10.8.2 Reporting Fraud, Waste and Abuse to the Health Plan.