Published on Policy and Procedure Manual (https://mainsl.annkissamprojects.com)

Home > FMS Policies and Procedures MN > General Policies

General Policies

Obtain Separate Federal Employer Identification Number & Employer Agent Status

Policy: 

F/EA obtains approval from federal authorities prior to serving as an agent of employer for consumers in the Participant Direction Program. F/EA begins issuing payments to consumers’ employees or withhold taxes from payments prior to  active authority from federal tax agencies to serve as an Employer Agent pursuant to the Fiscal Employer Agent Agreement. The F/EA is not aware of any situation whereby the IRS has denied approval. Policies and Procedures relating to filing for and obtaining approval on behalf of each participant are documented in Submit Form 2678, Employer Appointment of Agent, to the IRS. 
F/EA obtained a separate Employer Identification Number (EIN) specifically for the purpose of filing and depositing Federal Income Tax, Social Security, Medicare and FUTA taxes on behalf of consumers, under Section 3504, Rev. Proc. 70-6, Proposed Regulations REG-137036-08 of January 13, 2010 or under Revenue Procedure 2013-39. That EIN is used for all Federal tax filing, payment and remitting purposes for all consumers active in the F/EA program.
 
The August 2014 IRS Form 2678 instructions state that an agent (F/EA) is not liable for filing any federal tax returns or making any deposits or payments until it receives approval from the IRS to act as an agent for an individual.  Therefore, during the period from when the agent files the IRS Form 2678 for an individual until the agent receives IRS agent approval for that individual, F/EA includes in F/EA's contract with Program Administrator that F/EA is responsible for filing and depositing federal employment taxes and any unfulfilled federal tax obligations, including penalties and interest even before the IRS approves the IRS Form 2678
 
F/EA includes the above language in all contracts executed with Program clients.
 

Procedure: 

 
1.      Maintain a separate EIN specifically for the purpose of filing and depositing Federal Income Tax, Social Security, Medicare and FUTA taxes on behalf of participant, under Section 3504, Rev. Proc. 70-6, Proposed Regulations REG-137036-08 of January 13, 2010 of the Internal Revenue Code and under Revenue Procedure 2013-39.

  • F/EA obtained a separate EIN on <<Date>>.  That EIN is <<12-3456789>>.
  •  This EIN is used to file and deposit all Federal Income Tax, Social Security, Medicare and FUTA taxes on behalf of consumers in the Participant Direction Program

2.      Include IRS Form 2678 in each participant’s enrollment packet (See Policy and Procedure Chapter <<X>>)
3.      Each participant must sign a Form 2678 authorizing F/EA to be appointed the participant’s agent under Section 3504, Rev. Proc. 70-6, Proposed Regulations REG-137036-08 of January 13, 2010 of the Internal Revenue Code (See Policy and Procedure <<X>>)

  • Each Form 2678 includes F/EA’s separate agent EIN on page 2 for the EIN for the Agent of Employer.

4.      F/EA submits an executed Form 2678 to the IRS for each participant on whose behalf F/EA pays wages to the participant’s workers (see Policy and Procedure document <<X>>.
5.      F/EA receives notice LTR-1997-C authorizing F/EA to act as agent of each participant
6.      F/EA maintains these notices in each participant’s electronic file (See Policy and Procedure <<X>>)
7.      F/EA obtains Tax Information Authorization per IRS Form 8821.
8.      Each participant should sign a Form 8821 authorizing F/EA to act on behalf of the participant for purposes of obtaining prior EINs.
9.      F/EA retains an executed Form 8821 in electronic files for each participant on whose behalf F/EA pays wages to the participant’s workers(s) (see Policy and Procedure document <<X>>).  The Form 8821 is only filed in the event it is needed to obtain participant information from the IRS.
10.     Include Form SS-4 in each participant's enrollment packet.
11.     Each participant must sign a Form SS-4 allowing the F/EA to attain an EIN for the participant.
12.   The EIN is obtained by calling the IRS and referring to the participant as a "Home Health Care Service Recipient".  

Internal Controls: 

The internal controls used by F/EA to monitor this process are:
1.      The SS-4 containing F/EA’s separate Agent EIN is stored in a locked file drawer in the FEA Coordinator office until all required information is complete, all documents are scanned into electronic files which have limited access by aurhorized personnel only.
2.      All completed Forms 2678 are scanned and maintained per File Retention Policy for a minimum of 7 years
3.      All completed Forms 8821 are scanned and maintained for a minimum of 7 years
4.      All IRS Forms LTR-1997-C authorizing F/EA as agent of the employer are scanned and maintained for a minimum per File Retention Policy of 7 years.
5.     All completed Forms SS-4 are scanned and maintained per File Retention Policy for a minimum of 7 years.
 

HIPAA Policy

Policy: 

The Health Insurance Portability and Accountability Act (HIPAA) is enforced at F/EA per F/EA’s HIPAA policy. All F/EA operations are performed in accordance with the HIPAA policy. F/EA staff must complete HIPAA training within 2 weeks of hiring a staff member.

F/EA shares their HIPAA policy with Counselors. Counselors educate consumers on F/EA’s HIPAA policy. After reviewing the policy, consumers sign the HIPAA Policy form included in the Fiscal/Employer Agent Start-Up package (See Policy and Procedure document <<X>>).
 
Per Policy and Procedure document <<X>>, F/EA’s processes each executed Receipt of Privacy Practices form. A copy of each form is maintained separately and forwarded to the F/EA <<Staff Title>> monthly.
 
Following the procedure, F/EA's HIPAA Policy is attached.
 
Procedure: 

 

  1. Counselors share the F/EA HIPAA policy during the in-take and orientation session
  2. The signed HIPAA Policy Form is returned to the  <<department>> with the Fiscal/Employer Agent Start up Package
  3. The <<Staff Title>>  follows Policy and Procedure document <<X>> to process the HIPAA Policy Form
  4. <<Staff Title>> selects the HIPAA Policy Form from Fiscal/Employer Agent Start-Up packages
  5. <<Staff Title>> forwards copies of executed forms to:
Privacy Officer’s address
  1. Privacy Officer maintains all forms for a minimum of 7 years per File Retention Policy.
Internal Controls: 

The internal controls used by F/EA to monitor this process establish responsibility, segregate duties, document procedures and ensure independent internal verification.

  1. Counselors share the F/EA HIPAA policy during the in-take and orientation session.
  2. The signed HIPAA Policy Form is returned to the <<department>> with the Fiscal/Employer Agent Start-up Package.
  3. <<Staff Title>> forwards copies of executed forms to F/EA Privacy Officer.
  4. Privacy Officer maintains all forms for a minimum of 7 years per File Retention Policy.



Information Systems Security

Policy: 

F/EA maintains a System Security Plan Template outlining the security measures enacted to protect and secure F/EA computer systems and data. The System Security Plan is updated with each change to F/EA systems or systems security. Following a change to the Plan, the Plan is reviewed and signed and dated by F/EA executive staff and F/EA officers. All changes to the Plan are tracked under the “Revisions History” section of the plan.

A suggested Plan is published below and should be revised and expanded according to F/EA operations and state regulations.
 
Procedure: 

The purpose of this written information security policy is to define the safeguards that F/EA has in place for protecting confidential information (“CI”) including:

  1. Personal Health Information (“PHI”) -- Any demographic information, medical history, test and laboratory results, insurance information and other health data which may be identified as relating to a specific individual, including any data covered by HIPAA.
  2. Personal Information (“PI”) – A person’s first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a person’s financial account.

CI shall not include information that is lawfully obtained from publicly available information or from federal, state or local government records lawfully made available to the general public; nor shall it include any information that is excluded from protection by an agreement that F/EA has in place with another entity.

Staff Requirements

F/EA requires all staff members to adhere to the following rules regarding information security:

  1. Computers require a login password, and are set to trigger a password-protected screensaver mode after 5 minutes of inactivity
  2. All computer programs and systems used by F/EA that may contain participant or workers CI must be password-protected
  3. Passwords to web-based software that may contain CI are not cached in any browser
  4. Passwords to specific web-based systems that are likely to contain CI (including email) are required to be changed monthly
  5. Computers with the Windows operating system are required to have anti-virus software installed, and configured to update their virus definitions automatically
  6. Smartphones used to access F/EA web-based systems that are likely to contain CI (including email) must be password protected and require the password to be entered upon powering on or returning from idle 

Physical Security

Paper records (e.g., participant files) are kept in locked file cabinets and are accessible only to authorized F/EA personnel.  CI stored in this manner is accessed only to fulfill F/EA-related tasks and/or duties.

Security Checklist and Staff Requirements

Violations of this policy shall be handled on a case-by-case basis.  Discipline shall also be handled on a case-by-case basis, with potential discipline ranging from retraining to suspension and termination depending on the context of the violation.

Security Incidents

In the event F/EA discovers that unencrypted CI has been accessed by an unauthorized third party, F/EA shall notify all personnel that are impacted by the breach.

Ongoing Responsibility

<<F/EA Director>> shall have ultimate responsibility for the ongoing maintenance of and compliance with this Information Security Policy.

 

Maintain an Up-to-Date Policy and Procedure Manual

Policy: 

The F/EA <<Quality Assurance Administrator>> is responsible for maintaining the accuracy of the Policy and Procedure Manual. Specific duties of the Quality Assurance Administrator as related to the Policy and Procedure Manual include, but are not limited to:

  1. Assist management with development of policies and procedures as required.
  2. Assist management with updating and maintaining the Fiscal/Employer Agent policies and procedures to ensure relevance and compliance with F/EA’s contractual obligation to clients.
  3. Establish an annual work plan and budget (with collaboration with <<Staff Title>>) to test compliance with all Fiscal/Employer Agent contract deliverables. This work plan must include compliance testing on Corrective Action Plans from previous audit findings. 
  4. Implement the agreed upon work plan and report in writing any non-compliance to <<Staff Title>> and <<Other Staff Titles>>.
  5. Work with Fiscal/Employer Agent staff to develop a plan to correct any areas of non-compliance, and monitor implementation of such plan.
  6. Any non-compliance will be escalated to <<Staff Title>>.
  7. Ensure that communication with department staff occurs routinely and appropriately whenever there is a policy or procedure change.
  8. Assist with retraining staff on policies and procedures for all Fiscal/Employer Agent functions and reports that are not meeting compliance.
Procedure: 

Review Policy and Procedure Manual Quarterly

On a quarterly basis, the Quality Assurance Administrator performs the processes in each Policy and Procedure sub-chapter, to “test” the sub-chapter, thereby ensuring that documented procedures accurately reflect completion of quality processes. “Dummy” tasks must be performed in instances where completing the actual task would be detrimental to F/EA operations. A control document is updated tracking review and update of the each Policy and Procedure sub-chapter.
 
The Quality Assurance Administrator compares the output produced by the procedure with the most recent output produced as part of normal processes. Any discrepancies in output are noted and researched with staff with primary responsibility for the task. Any areas of the sub-chapter that are not sufficiently documented to allow successful completion of the task are reviewed with staff with primary responsibility for the task. A corrective action plan is developed to:
 
  • Update the Policy and Procedure Manual sub-chapter
  • Train staff on updated Policies and Procedures
  • Reconcile Policy and Procedure Manual sub-chapter to contract requirements
 
After completing each process, Quality Assurance Administrator compares the sub-chapter to the relevant sections of the contract between Program Administrator and F/EA, as well as any addenda to the contract or other guidance as provided by Program Manager.  Any discrepancies between the Policy or Procedure and the contract are noted and solutions integrated into the corrective action plan. 
 
As changes to policy or procedure are implemented, the Quality Assurance Administrator will be fully informed. The Quality Assurance Administrator is in attendance at relevant meetings where policies and procedures are discussed and receives copies of applicable correspondence and documentation of policy or process changes. The Quality Assurance Administrator works with assigned staff to understand changes to the policy or process. The Quality Assurance Administrator updates the manual accordingly on an ongoing basis.
 
  1. On a quarterly basis, Quality Assurance Administrator will use each sub-chapter to perform the process described in the manual.
  2. Quality Assurance Administrator opens Policy and Procedure Manual Review Control Sheet YYYY saved at:
  • For each sub-chapter tested, Quality Assurance Administrator updates the following fields:

Sub-Chapter Number
Review Date
Reviewer Initials
Process Completed
Process Discrepancies Identified
Output Produced
Output Reviewed by Primary Staff
Output Discrepancies Identified
Compared to Contract
Contract Comparison Discrepancies Identified
Sub-Chapter Updated per Discrepancies
 
 
  1. Quality Assurance Administrator selects a sub-chapter from the manual
  2. Quality Assurance Administrator performs the process outlined in the Policy and Procedure Manual sub-chapter
  3. Quality Assurance Administrator highlights any areas that are not sufficient to perform the process
  4. After completing process, Quality Assurance Administrator compares output to the output produced by staff with primary responsibility for the task as part of normal processes
  5. Quality Assurance Administrator’s output should be identical (or appropriately similar, depending on the process) to the output produced as part of normal operations
  6. Staff with primary responsibility for the task reviews Quality Assurance Administrator’s output and notes any discrepancies
  7. Quality Assurance Administrator compares sub-chapter to relevant parts of the contract, contract addenda and other guidance issued by workers Program Manager
  8. Discrepancies are noted and reviewed with <<Staff Title>> or other assigned staff as applicable
  9. Any discrepancies in Policy and Procedure Manual sub-chapter are corrected
  10. After reviewing all Policy and Procedure sub-chapters, Quality Assurance Administrator compares reviewed sub-chapters listed in Policy and Procedure Manual Control Document to Table of Contents
  11. Quality Assurance Administrator cross references to ensure that all Policy and Procedure Manual sub-chapters have been reviewed and updated
  12. Quality Assurance Administrator prints Policy and Procedure Manual Control Document
  13. Quality Assurance Administrator signs and dates next to “Prepared By:”
  14. <<Staff Title>> reviews Policy and Procedure Manual Control Document
  15. <<Staff Title>> signs and dates next to “Reviewed By”
  16. Policy and Procedure Manual Control Document is scanned as saved to H:\Policies and Procedures\Review Control Sheets
  17. The scanned file is saved with the quarter and year in the file name
Internal Controls: 

The internal controls used by F/EA to monitor this process establish responsibility, segregate duties, document procedures and ensure independent internal verification.

  1. A control document is used to track the review and update of the Policy and Procedure Manual.
  2. Staff with primary responsibility for the task for which the sub-chapter is being tested review the output produced by the ‘test’ process to ensure it complies with output produced as part of normal operations.
  3. A corrective action plan is developed for any discrepancies or deviations from the sub-chapter.
  4. Any non-compliance is escalated to <<Staff Title>>
  5. Any continued non-compliance is escalated to the <<Staff Title>>
  6. The Quality Assurance Administrator cross-references the Policy and Procedure Manual Review Control Document with the Policy and Procedure Manual Table of Contents to ensure that all sub-chapters were reviewed.
  7. The Quality Assurance Administrator signs and dates the control document after reviewing all sub-chapters.
  8. The <<Staff Title>> signs and dates the control document after reviewing the control document.
  9. The control document is scanned and saved on the network drive for a minimum of 7 years per File Retention Policy.

Organizational Structure

Policy: 

The organizational structure of F/EA supports the F/EA to provide excellent service to consumers, workers, vendors, families, administrators and other stakeholders.

Major organizational roles and individuals in those roles are outlined below.  Attached to this chapter is an Organizational Chart.

F/EA Director

<<insert description of role.>>

Important Role 2

<<insert description of role.>>

Important Role 3

Procedure: 

<<Leave this section blank.>>

Internal Controls: 

<<Leave this section blank.>>