The Mission, Vision and Guiding Principles of the Corporate Compliance Office
The mission of the Nuvance Health Corporate Compliance Office is to establish, implement, and maintain a Corporate Compliance and Ethics Program that:
- Represents a best in class compliance operation
- Actively engages Nuvance Health stakeholders; and
- Embraces not only the spirt of the law, but the letter of the law also
The vision for the Nuvance Health Corporate Compliance Office is to foster an organizational culture that encourages, supports, requires and enforces the accomplishment of patient care activities and business objectives in a manner that:
- Complies with applicable Federal and State law, Federal healthcare program requirements, and internal standards of conduct; and
- Upholds sound ethical business practices
Seven guiding principles of the Corporate Compliance Office
- Integrity: Acting at all times with professionalism and ethics, as well as transparency with regard to reporting obligations. Conduct of compliance activities should be unbiased, free or prejudice, and always compliant with applicable law and internal standards of conduct
- Independence: Conducting the compliance functions with impartiality free of conflicts of interest, and without actual or apparent improprieties
- Competence: Understanding and implementing the key elements of an effective compliance program. Additionally, keeping abreast of compliance program best practices and changes in privacy and fraud, waste and abuse law; Federal healthcare program requirements; and legislative, legal, and regulatory scheme related to compliance practice components and key risk areas
- Availability: Maintaining open lines of communication with our workforce, business affiliates, and agents, as well as patients and their families and other stakeholders of the combined organization
- Responsiveness: Responding promptly to questions posed, concerns raised and reports submitted regarding potential or actual compliance issues
- Diligence: Acting thoroughly, promptly, and with due care when addressing compliance queries, issues or concerns
- Ability to collaborate: Working in a professional manner with fellow compliance team members, workforce members and other stakeholders to effectuate the compliance program while maintaining integrity, independence, and impartiality
HIPAA Privacy/Security and Organizational Privacy
Nuvance Health is committed to protecting the confidentiality, integrity and availability of protected health information (“PHI”) and other forms of confidential personal information. As part of this commitment, Nuvance Health has implemented administrative, physical and technical safeguards to facilitate the ongoing identification of, and timely response to, reasonably anticipated threats to Nuvance Health devices and systems that house, store or transmit confidential personal information. Nuvance Health strictly prohibits the impermissible access, disclosure or other use of confidential personal information. Unless otherwise authorized by applicable Federal and State law and Nuvance Health’s internal policies and procedures, all access, disclosure or other use of confidential personal information at Nuvance Health is limited to the minimum necessary in light of the reason for such use.
Kevin Chang, Executive Compliance Officer/HIPAA Privacy and Security Officer within the Corporate Compliance Office, serves as the Privacy Official and Security Official as set forth under the HIPAA Privacy Rule at 45 CFR 164.530 [a][i] and the HIPAA Security Rule at 45 CFR 164.308 [a], respectively. Additionally, pursuant to the Privacy Rule at 45 CFR § 164.530 [a][1[ii] and 45 CFR § 164.520, Mr. Chang, who’s contact information is provided at the bottom of this page, has been designated as the individual to receive HIPAA-related complaints and provide information related to the Nuvance Health’s HIPAA Notice of Privacy Practices, respectively.
Benjamin Smith, Chief Information Security Officer within the Information Technology Office, in consultation with Wayne A. McNulty, Chief Compliance, Audit & Privacy Officer within the Corporate Compliance Office, shall serve as the employee responsible for coordinating the Nuvance Health security program as set forth under N.Y. General Business Law §§ 899-bb [b][ii] & [b][ii][A][i].
The Corporate Compliance Office, which includes Nuvance Health’s Compliance, Internal Audit, and HIPAA Privacy/Security and Organizational Privacy divisions, supports Nuvance Health Reason for Being values
by: (i) facilitating and monitoring compliance with applicable Federal and State laws, Federal healthcare program requirements, and Nuvance Health’s internal standards of conduct. Standards; and (ii) promoting the organization's commitment to lawful and ethical behavior.
Our Corporate Compliance Program is based upon the US Department Health & Human Services-Office of the Inspector General Guidance, as well as Section 363-D of the NYS Social Services Law. Both of which detail the elements of an effective compliance program. These elements, which are incorporated in our program, include:
- The development and distribution of written standards of conduct, as well as written policies and procedures that promote the hospitals' commitment to compliance;
- The designation of a chief compliance officer and other appropriate bodies, e.g., a corporate compliance committee, charged with the responsibility of operating and monitoring the compliance program, and who report directly to the CEO and the governing body;
- The development and implementation of regular, effective education and training programs for all affected employees;
- The maintenance of a process, such as a hotline, to receive complaints, and the adoption of procedures to protect the anonymity of complainants and to protect whistleblowers from retaliation;
- The development of a system to respond to allegations of improper/illegal activities and the enforcement of appropriate disciplinary action against employees who have violated internal compliance policies, applicable statutes, regulations or Federal healthcare program requirements;
- The use of audits and/or other evaluation techniques to monitor compliance and assist in the reduction of identified problem area; and a system for identification of compliance risk areas specific to the provider type, for self-evaluation of such risk areas;
- The investigation and remediation of identified systemic problems and the development of policies addressing the non-employment or retention of sanctioned individuals and;
- A policy of non-intimidation and non-retaliation for good faith participation in the compliance program, including but not limited to reporting potential issues, investigating issues, self-evaluations, audits and remedial actions, and reporting to appropriate officials.
The goals of our Corporate Compliance Program are to:
- Empower our employees;
- Demonstrate our commitment to conducting business in an ethical manner;
- Serve as a resource when dealing with difficult, complex or confusing issues;
- Provide an outlet for addressing concerns;
- Ensure we follow Local, State and Federal laws that apply.
Our Compliance Program serves to:
- Provide employees with a central resource for addressing compliance issues;
- Provide employees with information and policies for successful job performance;
- Encourage reporting concerns and resolving issues;
- Minimize the risk of fraud & abuse;
- Provide constant monitoring;
- Protect our reputation in the community and ensure our continued success.
If you have a compliance question or issue, a HIPAA issue, or wish to obtain guidance on compliance related topics, please feel free to contact us using the contact information below.
You may contact the Corporate Compliance Hotline at 844.YES.WeComply (for Nuvance West – i.e., Nuvance Health facilities, units, and entities located in New York ) or 844-395-9331 (for Nuvance East – i.e., Nuvance Health facilities, units, and entities located in Connecticut); and speak directly with a representative. The Hotline is available 24 hours a day, seven days a week. The Hotline is anonymous, not set up for caller ID, and cannot trace calls. However, you may decide to identify yourself in order to provide information that may be necessary in an investigation. Information you provide will remain confidential to the extent possible. You will be given a case number and a call-back date. You may call back again on or after the call-back date to find out whether action has been taken, but the nature and outcome of an investigation is always confidential.
Please provide us with all the information related to your Compliance question.
Address: Nuvance Health Corporate Compliance Office, 100 Reserve Rd Danbury, CT 06810
General E-mail Address: Compliance@nuvancehealth.org
General Office Line: 203-739-7110
General Facsimile Line: 203-739-8576 or 845-475-9761 47)
Covered Individuals may report compliance issues, concerns, and Program violations anonymously and confidentially by:
Calling the 24-hour Nuvance Health confidential and anonymous Compliance Hotline at: 844.YES .WeComply (for Nuvance West – i.e., Nuvance Health facilities, units, and entities located in New York ) or 844-395-9331 (for Nuvance East – i.e., Nuvance Health facilities, units, and entities located in Connecticut);
Wayne A. McNulty, JD, MS, CHC, CIPP
Chief Compliance, Audit & Privacy Officer
Kevin Chang, MBA, CRISC, CIA, CISA, CISSP
Executive Compliance Officer, Information Governance and HIPAA Privacy & Security
Jared B. Gaynor, JD, CCEP, CHC, CHPC, CHRC, CIPM
Deputy Chief Compliance Officer
Evan Kang, MBA, CPA, CGMA, CISA, CRISC, CDPSE, CRMA, CFE
Lead Managing Internal Auditor
Renee Pierre-Louis, Ph.D., MBA, MA, CCRP-CP
Executive Compliance Officer, Human Subjects Research and Academic Affairs
Suzanne Salfi, RHIT, CHC
Executive Compliance Officer, Quality, Clinical and Physician Audit & Billing Cycle Integrity
Mark Schneider, MBA, CPCO, CHC, CHPC, CHRC, HCAFA
Senior Compliance Officer, Ancillary Programs