|
3.12 Records Access. Provider acknowledges and agrees that the State, the U.S. Department of
<br />Health and Human Services and other authorized federal and state personnel shall have complete
<br />access to all records pertaining to services provided to Covered Persons. Provider shall provide
<br />immediate access to facilities, records and supportive materials pertinent to the State Contract for
<br />State or Federal fraud investigators.
<br />3.13 Government Audit; Investigations. Provider acknowledges and agrees that the State and the
<br />U.S. Department of Health and Human Services or their authorized representatives shall have the
<br />right to inspect or otherwise evaluate the quality, appropriateness, and timeliness of services
<br />provided under the terms of the State Contract and any other applicable rules. There shall be no
<br />restrictions on the right of the State or federal government to conduct whatever inspections and
<br />audits are necessary to assure quality, appropriateness or timeliness of services provided pursuant
<br />to the State Contract and the reasonableness of their costs. Moreover, Provider agrees to permit
<br />the State, including HCA, MFCD and state auditor, and federal agencies, including but not
<br />limited to; CMS, Government Accountability Office, Office of the Inspector General, Office of
<br />Management and Budget, the Office of the Inspector General, the Comptroller General, and their
<br />designees, to access, inspect and audit any records or documents of Provider, and shall permit
<br />inspection of the premises, physical facilities, and equipment where Medicaid -related activities
<br />or work is conducted, at any time. Provider shall forthwith produce all records, documents, or
<br />other data requested as part of such inspection, review, audit, investigation, monitoring or
<br />evaluation. If the requesting agency asks for copies of records, documents, or other data,
<br />Provider shall make copies of records and shall deliver them to the requestor, within 30 calendar
<br />days of request, or any shorter timeframe as authorized by law or court order. Copies of records
<br />and documents shall be made at no cost to the requesting agency. (42 C.F.R. § 455.21(a)(2); 42
<br />C.F.R. § 431.107(b)(2)). The right for the parties named above to audit, access and inspect under
<br />this Provision exists for 10 years from the final date of the contract period or from the date of
<br />completion of any audit, whichever is later, or any other timeframe authorized by law.
<br />3.14 Privacy; Confidentiality. Provider understands that the use and disclosure of information
<br />concerning Covered Persons is restricted to purposes directly connected with the administration
<br />of the State Program and shall maintain the confidentiality of Covered Person's information and
<br />records as required by the State Contract and in federal and State law including, but not limited
<br />to, all applicable privacy, security and Administrative Simplification provisions of the Health
<br />Insurance Portability and Accountability Act of 1996 ("HIPAA" ), Public Law 104-191, and
<br />associated implementing regulations, including but not limited to 45 CFR Parts 160, 162, 164, as
<br />applicable and as may be amended from time to time, and shall safeguard information about
<br />Covered Persons in accordance with applicable federal and State privacy laws and rules
<br />including but not limited to 42 CPR §438.224, 42 CFR Part 2, and 42 CFR Part 431, Subpart F;
<br />42 CFR Part 434 and 42 CFR 438.6 (if applicable), as may be amended from time to time.
<br />Access to member identifying information shall be limited by Provider to persons or agencies
<br />that require the information in order to perform their duties in accordance with this Agreement,
<br />including the U.S. Department of Health and Eluman Services (HHS), the HCA and other
<br />individuals or entities as may be required. (See 42 CFR §431.300, et seq, and 45 CFR Parts 160
<br />and 164.) Any other party shall be granted access to confidential information only after
<br />complying with the requirements of state and federal laws, including but not limited to HIPAA,
<br />and regulations pertaining to such access. Provider is responsible for knowing and understanding
<br />the confidentiality laws listed above as well as any other applicable laws. Nothing herein shall
<br />prohibit the disclosure of information in summary, statistical or other form that does not identify
<br />particular individuals, provided that de- identification of protected health information is
<br />performed in compliance with the HIPAA Privacy Rule.
<br />UFIC/STATE PROGR MS RGGAPX WA.02.25
<br />32
<br />
|