LOS ANGELES COUNTY
DEPARTMENT OF MENTAL HEALTH
  Policy 106.12 Compliance Officer
 
  PROCEDURES
  1. The Compliance Officer (CO) has the following general compliance-related responsibilities:
     
    1. Ensures the 42 CFR § 438.608 is met by including the following arrangements or procedures:
       
      1. Written policies, procedures, and standards of conduct that articulate Los Angeles County Department of Mental Health's (DMH/Department) commitment to comply with all applicable federal and State standards.
         
      2. Effective training and education for the CO and DMH employees are routinely available.
         
      3. Effective lines of communication are established between the CO and DMH managers and employees.
         
      4. Enforcement standards are publicized.
         
      5. Provisions for internal auditing and monitoring are in place.
         
      6. Provisions for prompt response to detected offenses and development of corrective action plans/initiatives relative to the State contract are in place (DMH Policy 106.11).
         
    2. Directs all investigations involving potential criminal activity to the Auditor-Controller’s Office of County Investigations (OCI) consistent with Board of Supervisors policy. In doing so, DMH will avoid disturbing any evidence or notifying potential subjects of an investigation, while enabling the OCI to assess the evidence and complete an investigation with complete access to data or other evidence. The CO will report such actions to the Chief Deputy Director in a timely manner. 
       
    3. Administers auditing and monitoring contract and agreements with the Certified Public Accounting (CPA) firm that conducts outside monitoring and the County’s Auditor-Controller’s Contract Monitoring Division. Administration includes:
       
      1. Ensuring the CPA firm receives information necessary to conduct their audits as specified in the contract between the County Auditor-Controller and the CPA firm.
         
        1. At the request of the auditee, Audit Services will review the CPA firm’s financial audit reports to ensure policies, procedures, rules, regulations, and legal requirements are properly interpreted and applied to findings. This request is considered an audit appeal as specified in the contract between the County and Auditor-Controller.
           
      2. Attending audit exit conferences.
         
      3. Reviewing corrective action plans.
         
      4. Invoicing contractors for disallowed costs and/or units.
         
      5. Monitoring the implementation of audit and review findings.
         
      6. Meeting with DMH Quality Assurance and Auditor-Controller’s Contract Monitoring Division auditors to review findings and to ensure proper interpretation of DMH guidelines.
         
    4. The following CO responsibilities are limited to DMH only:
       
      1. Advises DMH management of the need for new or revised policies and procedures; oversees development, distribution, and implementation of policies; assures policies adequately and effectively communicate legal and regulatory requirements; periodically reviews policies and procedures and initiates needed updates (DMH Policies 106.01 and 106.17).
         
      2. Develops training that meets the needs of the Department, assuring training accurately reflects and communicates legal and regulatory requirements; develops and implements tracking mechanisms to document attendance and/or completion of required training (DMH Policy 106.10). 
         
      3. Continuously reviews Departmental risk areas to identify necessary auditing and monitoring activities to be included in the Compliance Work Plan.
         
      4. Assists the Department in developing appropriate standards for discipline and enforcement, e.g., DMH Policies 605.01 and 106.08.
         
  2. The CO is responsible for ensuring Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Privacy requirements are met. This includes, but is not limited to:
     
    1. Ensuring contract agreements are developed and reviewed to be certain that DMH Business Associates are aware of their responsibilities for protecting the privacy of DMH clients. This responsibility is delegated to the Privacy Officer who reports to the CO.
       
    2. Conducting monitoring reviews to maintain compliance with HIPAA and HITECH Act requirements.
       
    3. Developing and updating of policies and procedures relative to privacy.
       
    4. Consulting with the Countywide Privacy Officer as needed.
       
    5. Consulting with County Counsel as needed.