Employee Compliance Training

Employee Compliance Training

Training Outline

  1. Compliance Program, ethics and compliance Principles at Program Development Services Inc.
  2. Some of the applicable laws that determine how we do what we do.
  3. Consequences of noncompliance.
  4. Reporting compliance concerns.

Compliance at Program Development Services is our:

  • Culture
  • Consistency
  • Speaking Up
  • Empowering
  • Stewardship
  • Identifying Concerns
  • Ethical
  • Vital
  • Standard Setting
  • Remediation

Compliance at Program development Services Inc. means

Adhering to the rules, this is how we have been able to improve

the lives of individuals for

the past 30+ years

  1. We try to avoid making a mistake by double checking documentation and following procedures.
  2. We own up to mistakes, speak with the right person and follow steps to mitigate consequences.
  3. We teach others what we have learned.


  1. Follow agency & government regulations
  2. Report suspected fraud waste & abuse of government funding
  3. Maintain your high standards
  4. Take responsibility in the prevention of fraud, waste and abuse.
  5. Admit an error they happen.


As a human services agency who receives Medicaid/Medicare dollars, PDS is required to have a robust Corporate Compliance Program which adheres to the seven essential compliance elements as defined by the Department of Health and Human Services Office of the Inspector General.

PDS’s Corporate Compliance Program Policy and Procedures may be accessed here.


The seven essential elements which govern PDS’s Corporate Compliance Program are:

Element One: Written standards, policies and procedures to prevent and detect fraud, waste, abuse and criminal conduct

Element Two: The Corporate Compliance officer, Leandre Constantine serves as the compliance officer and be responsible for the day-to-day operation of the Corporate Compliance Program and for fostering an environment of compliance. Program Development Services also has an agency-wide Corporate Compliance Committee whose membership includes key personnel from each department and agency leadership. The committee meets quarterly to discuss, review, and assess compliance subject matters, reporting to the agency CEO on a regular basis.

Element Three: Training and education of all affected parties, including all staff, board members, interns, contractors, on compliance issues, expectations and the compliance program.

Element Four: Communication lines to the chief compliance officer are in place. These allow people supported, family members, staff, the general public etc. to anonymously report compliance concerns or have compliance questions addressed. These are the Compliance hotline, (718-307-7846), and our Compliance Violation Report form.

Element Five: Disciplinary procedures and incentives to encourage good faith participation in Program Development Service’s Inc. Compliance Program by all affected parties are in place. Disciplinary standards are applied in a fair and consistent manner.

Element Six: A system for routine identification of compliance risk areas, including monitoring and auditing to detect criminal conduct is in place.

Element Seven: A system to responding to compliance issues when raised, which includes reporting, investigating and correcting problems.


False Claims Act prohibits knowingly or negligently submitting false claims.

Doing so = huge financial penalties (ranging between $13,507 to $27,018 for each claim) plus three times the amount of the original false claim

If it was your job to know, the government holds you responsible.

Everyday ethical practices


Less daily compliance risk

The Federal Government says filling a False Claim is when you:

  • Bill for services that were not provided.
  • Provide & bill for unnecessary services.
  • Bill for a time period longer than the service was provided.
  • Complete documentation with little or no factual basis.
  • Fail to document the actual time spent on a service.
  • Keep poor records.

Consequences of noncompliance:

A false claim

=huge financial penalties (ranging between $13,507 to $27,018 for each claim) plus three times the amount of the original false claim

= lost opportunities for the people we support for our colleagues, for ourselves (State Exclusion List; civil and criminal liabilities), loss of reputation and Program Development Services Inc. exclusion from the Medicaid program

Disciplinary Actions for non-compliant or non-ethical Behavior:

All agents of PDS (Board members, staff, interns, volunteers, and contractors) are expected to model behavior and practices consistent with all applicable regulatory and legal requirements and adhere to all PDS Compliance program policies and procedures including prompt notifications of non-compliant behavior.

Failure to adhere to PDS’s Compliance program and demonstrate compliant and ethical behavior may lead to disciplinary action ranging from a verbal or written warning to immediate termination.

PDS will ensure that its disciplinary standards are applied fairly and consistently across the agency.

The Federal Governments wants you to:

Avoid conflicts of interest

Family and Friends vs. PDS
Outside Business Interests and Job Duties vs. PDS
External Boards, Committees, and/or Politics vs. PDS Accepting and giving gifts to the detriment of PDS
Personal financial gains at the expense of PDS

Avoid the appearance of crossing the line

You didn’t have to intend to commit fraud to be found guilty of committing fraud.

PDS can be audited by:

The Federal Government (ex. Office of Medicaid Inspector General, OMIG, who sets and enforces compliance requirements)

New York State (ex. Office for People With Developmental Disabilities, OPWDD)

New York City (ex. New York City Department of Health and Mental Hygiene, NYC DOHMH)

PDS Corporate Compliance Department Reviewing your own work makes you your own auditor

You are doing your job if:

  • You are accurately and contemporaneously document only services that you provided. Never document services provided by another person.
  • Follow procedure then make suggestions.
  • Ask questions when in doubt
  • Participate in annual required trainings and corporate compliance standards.
  • Request whistleblower anti-intimidation, and anti- retaliation protections.
Whistle blowers are protected
If you blow the whistle in good faith Program Development Services cannot retaliate i.e. alter schedule, location, position level if you blow the whistle. You are deserving of gratitude, support, recognition, appreciation and respect.

Non-Retaliation and Non- Intimidation:

Good Faith participation or reporting includes, but is not limited to:

  • Reporting actual or potential issues or concerns
  • Cooperating or participating in the investigation of such matters.
  • Assisting with or patriating in self-evaluations, audits and /or remedial actions; and reporting to appropriate officials as provide in New York state law.


Including but not limited to any act to manipulate a person or intentionally cause feelings of fear or inadequacy subsequently deterring that person from reporting breach of the law.


Any adverse action against the individual because of the individual’s good faith report of a compliance concern or participation in a compliance investigation.

Making corrections

To correct a mistake on a document:

  1. Draw a single line through the error
    ex. Peter Paul Jones
  2. Make the correction
    ex. Paul Jones
  3. Initial the correction
    ex. Paul JonesPJ
  4. Add the full date you made and initialed the correction
    ex. Paul Jones Paul Jones PJo 9/21/2011

Write-overs and white out are NEVER acceptable

If your full signature does not appear somewhere on the document, you must also sign the document.

Reporting on Non-Compliant Behavior, Compliance Concerns, or Issues

All agents of PDS (Board of Directors, staff, contractors, volunteers, and interns) have an obligation to report any instances of non-compliant behavior, issues or concerns.

All compliance reports are treated as confidential as permissible by law and are transmitted directly to the Chief Compliance Officer or designee for review and follow up. All confidential reports are handled with the utmost care to ensure that necessary corrective action is achieved.

You may submit your report anonymously. Compliance reports can be made either through the:.

Compliance Contact

Leandre Constantine

Director of Quality Improvement and Corporate Compliance

Compliance Officer

347-668-4820 | Lconstsantine@4pds.org

Health Insurance Portability and Accountability Act (HIPAA)

Keeping your Protected Health Information (PHI) safe.

HIPAA protects PHI with the Privacy Rule2003 and the Security Rule2005

PHI, are identifiers, including but not limited to names, dates of birth, physical and email addresses, social security numbers, photos, diagnoses, program enrollments, evaluations, program documentation, and payment methods. Minimum necessary PHI is the least amount of information needed and seen by only those who need.

Adults Electronic Protected Health Information (EPHI) is protected under the Security Rule2005

Adults PHI Kept on paper is Protected Under the Privacy Rule2005

Releasing PHI

A specific HIPAA Release form must be completed and authorized before PHI can be released except when information is needed to carry out treatment, payment, or operations.

Students are protected under FERPA

Electronic PHI
Electronic Family and Educational Rights Privacy Act

Student Educational Records & Protected Health Information are kept secure

HIPAA Summary

Privacy Rule
PHI disclosed only as permitted by law (treatment, payment or operations) or person supported/personal representative.

Security Practices
PH I disclosed as only as Permitted by law (treatment, Payment or operations) or Per son supported/personal Representative.

Privacy officer
Leandre Constantine

PHI mishandled
Privacy Breach

EPHI mishandled
Security Breach

Protected Health Information (PHI) Best Practices

  • Conversations are held in private.
  • Shredded
  • Is picked up immediately from copiers & fax machines.
  • Is accessed and copied as required by your position.
  • Is kept with you, not in common areas.
  • Is distributed as endorsed in signed consent forms.
  • Is faxed after verifying recipient, fax# & receipt.

EHIPAA/EFERPA Best Practices

  • Position monitors for privacy.
  • Log off when away from your desk and when leaving for the day.
  • Screen shot suspicious email and send to IT.
  • Use the approved agency encryption procedure (word CONFIDENTIAL in the subject line of the email)
  • Double check that only intended email recipients are present and that their email address is correct.
  • Contact IT asap if electronic equipment is lost, stolen or in need of disposal.
  • Do not click on web links included in mails unless you’re expecting it.

More EHIPM/EFERPA Best Practices

  • Use AHRCNYC email only.
  • Use strong passwords.
  • Save files on directories and drives as told by your supervisor.
  • Only use AHRCNYC USB drives. These can be obtained from the IT department.
  • Use two factor authentication when required (passwords + SMS txt code)
  • Never respond to unsolicited emails requesting personal or sensitive information. Unsure? Email PDS4.org
  • Verify sender’s email address (not display name) before responding.

    Phishing attacks usually impersonate people you know, including PDS staff always verify email addresses.

HIPAA’s newest piece

Systems such as Cx360 and Evolv store PHI and fall under the Health Information Technology for Economic and Clinical Health Act2009.

HIPAA and PDS will continue to evolve.

Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”)

While HIPM protects the PHI of those receiving services from PDS, the SHIELD Act (which became effective 03/21/2020) broadens the definition of what is considered PHI (as defined below) and its protections are extended, but not limited to, PDS employees, contractors, interns, and business associates.

Broadening the Definition of “Private Information.”
Include biometric information and username/email address in combination with a password or security questions and answers. It also includes an account number or credit/debit card number, even without a security code, access code, or password if the account could be accessed without such information.

Expanding the Definition of “Breach.”
Unauthorized “access” of computerized data that compromises the security, confidentiality, or integrity of private information, and it provides sample indicators of access. Previously, a breach was defined only as unauthorized acquisition of computerized data.

Expanding the Territorial Scope.
Now any person or business that owns or licenses private information of a New York resident. Previously, the law was limited to those that conduct business in New York.

Imposing Data Security Requirements.
Requires companies to adopt reasonable safeguards to protect the security, confidentiality, and integrity of private information. A company should implement a data security program containing specific measures, including risk assessments, employee training, vendor contracts, and timely data disposal.

Program Development Services Inc. Best Practices

If you think there may be a Compliance issue, have a Conversation with your supervisor Or Leandre Constantine, Corporate Compliance.

*A listening ear

Compliance Training Presentation Acknowledgment

I have read the compliance training presentation and Fully understand the rules and regulations of the compliance training guidelines.
I understand that I must comply with all Policies And Regulations Pertaining to Compliance.

    Enter your full name

    Your signature

    Today's date