Skip to Main Content

Compliance & Privacy

Compliance Program Overview

Episcopal Health Services Inc. (“EHS”) is committed to fostering a culture of compliant and ethical conduct that includes the prevention, detection, and remediation of actions or behaviors that fail to comply with applicable law, ethical standards, and/or policies and procedures. EHS is subject to federal and New York State (“NYS”) laws, regulations, and guidelines that require it to implement an effective compliance program as a condition of payment for care, services, items, or supplies, including eligibility to submit claims.

EHS’ Compliance Program focuses on:

  • Preventing, detecting, and deterring healthcare fraud, waste, and abuse, and illegal conduct;
  • Promoting an environment that encourages ethical conduct, as well as compliance with laws and regulations;
  • Developing and maintaining practices that promote the privacy of health and business information; and
  • Creating and enforcing policies and procedures that describe the implementation of the Compliance Program and processes for addressing potential non-compliance.

The scope of the Compliance Program includes all EHS employees, medical staff,  volunteers, students,  trainees, and agency staff, as well as members of the EHS Board of Trustees, businesses, contractors, subcontractors, independent contractors, affiliates, entities, vendors, agents, and all other individuals associated with EHS regardless of employment, contractual, or affiliation relationship with EHS.

The Compliance Program works in collaboration with all lines of business at EHS, as well as with outside regulatory entities, such as OMIG, NYS Department of Health, NYS Office of Mental Health, NYS Attorney General’s Office (“AG”) and its Medicaid Fraud Control Unit (“MFCU”), federal OIG, CMS, U.S. Department of Health and Human Services Office for Civil Rights (“OCR”), and U.S. Department of Justice (“DOJ”).

Foundational Compliance Program Documents

EHS maintains a series of documents that guide its Compliance Program operations and behavioral expectations. Four of the foundational Compliance Program documents are the Code of Conduct, the Compliance Plan, the Conflicts of Interest Policy, and the Deficit Reduction Action Notice. First, the Code of Conduct provides standards and expectations of behaviors for all individuals that are part of the Compliance Program. Second, EHS maintains a Compliance Plan. Its purpose is to provide a guide for the daily development, implementation, and administration of policies, procedures, and operations that assist EHS in fulfilling its legal and regulatory obligations. Third, EHS has a Conflicts of Interest Policy that navigates and directs ethical business decision making practices. Fourth, EHS provides its Deficit Reduction Act Notice to employees, contractors, and agents. EHS team members should be aware of requirements governing our operations, as well as the policies in place for preventing, detecting, and deterring fraud, waste, and abuse. This includes our Fraud, Waste & Abuse Prevention & Self-Disclosures Policy.

Privacy of Health and Personal Information

EHS is subject to laws and regulations that govern the use and disclosure of an individual’s Protected Health Information (“PHI”), Personal Identifiable Information (“PI”), and standards for an individual’s privacy rights. Privacy & Security are components of EHS’ Compliance Program.

The Compliance Program performs the following activities in order to prevent, identify, and address Privacy & Security risks:

  • Maintains responsibility for EHS’ compliance with federal HIPAA and NYS SHEILD rules and regulations;
  • Implements processes to maintain compliance with other applicable federal and state laws related to the privacy, security, and confidentiality of PHI and PI;
  • Evaluates and monitors operations and systems development for Privacy & Security requirements;
  • Promotes collaboration between the Compliance and Privacy Department and Information Technology and Services;
  • Involvement and oversight of periodic Privacy and Security risk assessments;
  • Works with all EHS owned, operated, or affiliated facilities, entities, and programs to measure, evaluate, audit, and/or review the implementation, effectiveness, and quality of EHS’ Privacy & Security policies and procedures and related expectations; and
  • Investigates, documents, addresses, and mitigates unauthorized uses and disclosures of PHI, as well as unauthorized access, acquisition, or other potential breach of PHI, PI, and/or other confidentiality or privacy complaints.

EHS’ Notice of Privacy Practices (English, Spanish) describes how the health information about patients may be used and disclosed and the rights afforded to them under the Health Insurance Portability & Accountability Act (“HIPAA”).

EHS maintains and monitors security systems, data backup systems, and storage capabilities so that information is maintained safely, effectively, and securely. The Compliance and Privacy Department collaborates with Information Technology and Services to ensure that policies, procedures, processes, and practices are in place to protect the confidentiality of information.

Reporting Compliance & Privacy Concerns

Anyone may report suspected non-compliance or other issues to the Compliance and Privacy Department as follows:

  • By phone at (718) 869-5711;
  • By email at compliance@ehs.org.
  • Via the 24/7 Confidential and Anonymous Compliance Hotline by calling 1-844-973-0162 or visiting www.ehs.ethicspoint.com; or
  • By mail at Episcopal Health Services Inc., 327 Beach 19th Street, Far Rockaway, NY 11691. Attn: Compliance and Privacy.

If you suspect Medicare fraud, or matters involving a health plan, you may also contact the health plan sponsor directly or contact the OIG at 1-800-HHS-TIPS.

The EHS Compliance Hotline (“Hotline”) is owned and operated by an independent third-party company. Hotline representatives are not employed or otherwise affiliated with EHS. The Hotline uses both telephonic and online, web-based mechanisms for communication and reporting. Both mechanisms are accessible 24 hours a day, 7 days a week, 365 days a year.

All reports to the Compliance Hotline are confidential to the extent permissible by federal, New York State (“NYS”), or local law. This includes a reporter’s identity. It may be released or revealed only on a need-to-know basis or as required by law, including if the matter is subject to disciplinary proceedings or under investigation by the NYS AG, MFCU, OMIG, federal OIG, OCR, CMS, or other regulatory, law enforcement, or judicial authority.

Non-Retaliation or Intimidation

EHS strictly prohibits intimidation, harassment, or retaliation, in any form, against any individual or entity that “In Good Faith” participates in the EHS Compliance Program by reporting or participating in the investigation of any known or suspected violation of law, privacy, EHS policies and procedures, potential fraud, waste, abuse, or other non-compliance.

The Compliance and Privacy Department is responsible for the oversight of any investigation into allegations of retaliation. Any attempt to intimidate or retaliate against an individual or entity that participates in the EHS Compliance Program will result in action up to and including termination of employment, contractual, or other affiliation relationship with EHS. These expectations and obligations are further detailed in the Whistleblower and Non-Retaliation/Intimidation Policy.