We at Athena, as well as our customers, have set very high standards for how we
conduct ourselves and perform our work. To help meet these standards, and to help
fulfill our mission of being the most trusted and effective business service to medical
offices, Athena has updated its Code of Conduct. The Code of Conduct is a combined
expression of Athena’s values, including our commitment to comply with legal and
ethical standards. We expect all employees to know the following Code and to live it
every day that they work at Athena:
INTEGRITY – Follow the highest legal and ethical standards and require the
same of those with whom we work
QUALITY – Provide Athena services in a compliant, timely, and accurate
manner
PRIVACY – Protect customer, patient and Athena confidential information
INITIATIVE – Know the Code of Conduct, and prevent, or report and resolve,
possible violations
A detailed description of the Code of Conduct is provided below for further reference
and guidance. Of course, no written document can address every situation that will
confront us from day to day. This is why the Code of Conduct is the foundation for the
more comprehensive set of policies and resources that comprise Athena’s
Compliance Program and other compliance, quality, and integrity efforts at Athena.
Join us in reading, learning, teaching, and living this Code. It is critical to achieving
our mission.
Jonathan Bush
President and Chief Executive Officer
George Smith
Chief Compliance Officer
C-200-CODE OF CONDUCT
Policy Number
C-200
Owner:
General Counsel
Approving
Authority:
Athenahealth Audit Committee
Approval Date:
7/25/08
Supersedes (if
applicable):
5/06 and 7/26/07 versions of Code
Review
Requirements:
Laws and
Regulations
Addressed:
Applicability:
At Minimum Annually
Several
The Code of Conduct applies to all employees, directors, and officers
of Athena, as well as individual independent contractors (collectively
referred to as “employees”).
Purpose/Reason For This Policy
We believe that high legal and ethical standards are necessary to maintain competitive
advantage, the pride and confidence of our employees and the ability to provide quality services
to our customers. For the Compliance Program to be effective, we must have the cooperation
and involvement of all employees at all levels of authority and responsibility.
Policy Statement
ATHENAHEALTH, INC.
CODE OF CONDUCT
1
This Code of Conduct applies to all employees, directors, and officers of Athena, as well
as individual independent contractors (collectively referred to as “Athena Personnel”).
Introduction
The Board of Directors of athenahealth, Inc. (together with its subsidiaries, “Athena”) has
established this Code of Conduct to aid our directors, officers and employees in making ethical
and legal decisions when conducting Athena’s business and performing their day-to-day duties.
Our Board of Directors, in conjunction with the Audit Committee of the Board, is responsible
for administering this Code. The Board of Directors has delegated day-to-day responsibility for
administering and interpreting the Code to our Chief Compliance Officer.
This Code contains general guidelines that Athena Personnel are expected to adhere to in the
conduct of Athena’s business. It is designed to be read with the policies and procedures that
Athena publishes from time to time and with the Compliance Program Charter that contains
specific information about how this Code functions, including who administers the Code, who
can provide guidance under the Code and how violations may be reported, investigated and
disciplined. This Code will not contain the answer to every situation you may encounter or every
concern you may have about conducting our business ethically and legally. In these situations,
or if you otherwise have questions or concerns about this Code, we encourage you to speak
with your supervisor (if applicable) or with the Chief Compliance Officer or the Company’s legal
counsel.
A Note About Other Obligations
Athena Personnel generally have other legal and contractual obligations to Athena, and this
Code is not intended to reduce or limit those obligations. Instead, the standards in this
Code should be viewed as the minimum standards that Athena expects from Athena
Personnel in the conduct of its business.
I.
Integrity
Follow the highest legal and ethical standards and require the same of those with
whom we work
Team Effort. We believe that high legal and ethical standards are necessary to maintain
competitive advantage, the pride and confidence of our employees and the ability to
provide quality services to our customers. For the Compliance Program to be effective,
we must have the cooperation and involvement of all Athena Personnel at all levels of
authority and responsibility.
•
Because the Code of Conduct cannot possibly detail all behavior that is expected of
all Athena Personnel, it is presented as a general guide to legal and ethical behavior.
All Athena Personnel must exercise their reasonable judgment and use their best
efforts to identify and understand the legal and ethical requirements that apply to
Athena and to their functions for Athena, and to be vigilant to detect situations or
activity that may potentially violate applicable law or the Code of Conduct.
•
Adherence to these standards should never be traded in favor of financial or other
business objectives. Individuals should avoid seeking loopholes, taking shortcuts, or
relying upon “technicalities” to avoid responsible conduct, and they must reject the
notion that unethical behavior is acceptable because “everyone is doing it.”
2
General Compliance with Law. We shall conduct our business in compliance with
applicable laws, rules and regulations. Athena Personnel shall not engage in any
unlawful activity in conducting Athena’s business or in performing their day-to-day duties
at Athena, nor will they instruct others to do so.
Athena Workplace. Athena is committed to providing an equal opportunity work
environment in which everyone is treated with fairness, dignity and respect. Athena
Personnel must comply with all federal and state employment laws, as well as Athena’s
policies addressing workplace conduct and behavior.
•
Officers and employees are responsible for reading and complying with all workplace
policies, including those contained in the Athena Employee Handbook, a current
version of which is available on the Wiki and on Tweety, or from a member of the
Human Resources team.
•
Athena Personnel shall not engage in harassment, or disrespectful or disruptive
behavior. Athena will not tolerate harassment of anyone based on an individual’s
characteristics or cultural background. Degrading or humiliating jokes, slurs,
intimidation, or similar conduct is forbidden. Any form of sexual harassment is also
forbidden. Refer to Athena’s Policy and Procedure for the Elimination of Sexual
Harassment and Unlawful Discrimination in the Work Place, contained in the
Employee Handbook, for detailed statements of the Company’s workplace conduct
policies.
Financial Records. The integrity, reliability and accuracy in all material respects of
Athena’s books, records and financial statements is fundamental to our continued and
future business success. Athena Personnel shall not cause or permit Athena to enter
into a transaction with the intent to document or record it in a deceptive or unlawful
manner, nor shall they create any false or artificial documentation or book entry for any
transaction entered into by the Company. Officers, employees and contractors who have
responsibility for accounting and financial reporting matters have a responsibility to
accurately record all funds, assets and transactions on Athena’s books and records.
Public Disclosures. Athena is committed to providing its stockholders with complete and
accurate information about its financial condition and results of operations as required by
the securities laws of the United States. It is our policy that the reports and documents
we file with or submit to the Securities and Exchange Commission, and its earnings
releases and similar public communications made by us, include fair, timely and
understandable disclosure. Athena Personnel who are responsible for these filings and
disclosures, including our principal executive, financial and accounting officers, must use
reasonable judgment and perform their responsibilities honestly, ethically and objectively
in order to ensure that this disclosure policy is fulfilled. The Company’s Disclosure
Committee and senior management are primarily responsible for monitoring the
Company’s public disclosure.
Athena Assets and Opportunities. Directors, officers and employees of Athena are
responsible for protecting the Company’s assets against theft, carelessness, misuse and
waste. All Athena Personnel must use and must take steps to assure that others use the
Company’s assets solely for legitimate business purposes and to advance the legitimate
interests of Athena and not for any personal benefit. They also owe a duty to the
3
Company to advance Athena’s legitimate business interests when the opportunity to do
so arises. Athena personnel must not divert to themselves or to others any opportunities
that are discovered through the use of Athena’s property or information or as a result of
their position with Athena unless the opportunity has first been presented to, and rejected
by, Athena; they must not use Athena’s property or information or their position for
improper personal gain; and, they must not compete with the Company.
IT IS NEVER IN THE INTEREST OF ATHENA FOR ANY ATHENA PERSONNEL TO
ENGAGE IN ANY ILLEGAL OR UNETHICAL ACTIVITY.
Medical Fraud and Abuse. Athena Personnel shall comply with all laws and regulations
governing the relationships of Athena with health care providers and others in the health
care industry. Among other things, Athena, and Athena Personnel, shall not:
•
Solicit, offer, give, or receive any form of payment, direct or indirect, to physicians or
other health care providers in exchange for or in connection with the referral of
patients or to induce the sale, purchase or use of any item or service that is
reimbursed by or charged to any healthcare program.
•
Solicit, offer, give, or receive kickbacks, bribes, rebates, or any other kind of benefits
intended to induce referrals or the sale, purchase or use of items or services paid for
in whole (for example, a claimed reimbursement item) or in part (for example, a cost
item included in cost based reimbursement) by any healthcare program.
•
Knowingly, recklessly or in deliberate ignorance submit, permit any client to submit or
cause to be submitted any claim for payment for medical items or services not
materially as provided or properly documented.
•
Make any material misstatement or fail to disclose any material data in connection
with submission of any claim for payment for medical items or services.
Customer and Vendor Contracts. Every agreement with an Athena customer, or a
contractor or vendor of Athena, shall be in writing and shall contain only the form and
substance approved by Athena’s legal counsel. Officers and employees are responsible
for following all Athena contracting policies.
Other Third Parties. Athena Personnel shall work and deal honestly, openly, and fairly
with other third parties with which Athena has relationships, such as clients, investors,
creditors, insurers, vendors and auditors. No Athena Personnel should take unfair
advantage of another person in business dealings on the Company’s behalf through the
abuse of privileged or confidential information or through improper manipulation,
concealment or misrepresentation of material facts.
Marketing. Athena is committed to representing its services fairly, honestly, and
accurately. Advertising and marketing materials shall not contain unfair, inaccurate, or
deceptive statements or exaggerated or unwarranted representations. All advertising
and marketing materials shall accurately reflect the services and capabilities of Athena.
Antitrust. Athena Personnel must be aware of, and vigilant to detect, arrangements
among providers, or suggested by providers or those who consult or sell to providers,
which could result in price fixing, market allocation, group boycotts, tying or bundling
products or services, or other similar practices. Athena Personnel who become aware of
any such arrangements should report the matter to the Compliance Team or the Legal
4
Department.
When attending trade shows, conventions, and other professional
meetings, Athena Personnel must not engage in discussions on topics such as pricing,
labor costs, or marketing plans.
Gifts. Giving or receiving gifts of significant value could compromise the objectivity of our
personnel as well as create the appearance of possible impropriety. Athena Personnel
shall never give or receive a gift of any value in exchange for any advantage or favor.
Any gifts given or received by directors, officers or employees must fall within Company
policies guidelines, including but not limited to any political contributions or gifts to
government officials. However, in no case should any Athena Personnel accept any gift
if accepting such gift could potentially cloud or skew their judgment.
Conflicts of Interest. Athena Personnel must avoid actual or potential conflicts of
interest. A conflict of interest arises whenever an activity, association or investment of
Athena Personnel, or a member of the family of Athena Personnel, interferes with the
independent exercise of sound judgment in Athena’s best interests.
Conflicts can arise in many situations and take many forms. For example, a conflict of
interest may arise if an individual is simultaneously employed or engaged by Athena and
by another business, particularly an Athena client, vendor or other business partner, or if
an individual takes part in an activity that enhances or supports a competitor’s position,
including accepting simultaneous employment with a competitor. A conflict may also
arise if an individual or any member of an individual’s immediate family gives or accepts
any gift with the intent to improperly influence the normal business relationship between
Athena and its clients, vendors or other business partners, or gives or accepts a gift from
a competitor. In addition, a conflict may arise if an individual or any member of an
individual’s family holds a financial interest or plays a significant role in an Athena
competitor, client, vendor or other business partner.
•
Athena Personnel who themselves have or whose family members have any
interest, direct or indirect in any supplier, customer, competitor or other business
partner of Athena must promptly disclose the interest to Athena and obtain
approval from the appropriate authority to continue the relationship.
•
Unless the activity is approved by Athena, directors, officers and employees
should not offer their skills or services to competitors or engage in outside
businesses that compete with or sell goods or services to Athena.
Any transaction or relationship that reasonably could be expected to give rise to a conflict
of interest should be reported promptly to the Compliance Officer.
II.
Quality
Provide Athena services in a compliant, timely, and accurate manner
Billing and Claims Submission. Athena is committed to accurate and timely billing for all
services provided to its customers. Billing shall occur only according to the requirements
of the contract with the customer and in accordance with Athena policies and
procedures.
•
In submitting health care claims to federal and state health care programs on behalf
of providers, Athena assumes a serious set of responsibilities to both its customers
as well as to governmental payors. In particular, the Medicare, Medicaid and other
5
federal and state government health programs have specific requirements for the
proper submission of health care claims with which Athena employees must comply.
•
Athena Personnel whose job responsibilities include the design or execution of
systems or activities involving the submission of claims must be familiar with and
abide by all relevant federal, state, and local laws, regulations, and rules applicable to
the proper submission of claims. These individuals must be continually aware of the
following key risk areas, among others, and bring any potential issues related to them
to the attention of their supervisor or the Compliance Team:
o
o
o
Failure of procedures for identifying and reporting credit balances
Failure of procedures to ensure duplicate bills are not submitted in an attempt
to gain duplicate payment
System designs which encourage billing personnel to enter data in a field
indicating services were rendered when such services were not actually
performed or documented
•
Under the structure of athenaNet, Athena’s customers enter the procedure codes
directly, or attest to the accuracy of such codes, to support billing. Athena does not
verify the accuracy of coding, however, individuals involved in billing activities must
act diligently and carefully with the information available to them to detect and to seek
correction of any data or practices that would result in inaccurate, untimely or invalid
coding or claims.
•
Specific risk areas that individuals must be continually aware of include:
o
o
o
o
o
o
o
o
o
•
Athena Personnel who work with customers on billing must:
o
o
o
•
Billing for items or services not rendered or not provided as claimed
Submitting claims for services, equipment, or supplies that are not reasonable
and necessary
Double billing resulting in duplicate payment
Billing for non-covered services as if covered
Knowing misuse of provider ID numbers which result in improper billing
Unbundling (billing for each component of the service instead of billing or
using an all-inclusive code)
Failure to properly use coding modifiers
Clustering
Upcoding
Strive to maintain an open, positive, and collaborative dialogue regarding
billing and coding matters that arise in Athena’s work for such customers.
Regularly inform customers of billing matters, including coding, reconciliation
of credit balances, and other matters, which are the responsibility, or shared
responsibility, of the customers.
If evidence of misconduct is detected (e.g, inaccurate claim submission),
notify a supervisor and ensure that the provider is notified promptly.
Athena Personnel must be vigilant to detect possible misconduct by Athena’s
customers and vendors. If Athena discovers credible evidence of misconduct,
including failure to comply with applicable laws or regulations, Athena will take
appropriate action to remedy and/or report the situation. If Athena determines
ultimately that the situation cannot be remedied then Athena will terminate the
6
relevant business relationship.
Quality. It is critically important both from an operational and compliance standpoint to
follow through on the work that we have undertaken for clients in a quality manner.
Because unresolved performance or quality issues have the potential to become serious
compliance issues, they should be reported as compliance concerns.
Timeliness. Any Athena Personnel who becomes aware of work backlogs or quality
problems must report those issues to a supervisor (if applicable). If there is no
supervisor or the supervisor does not appear to be responding in an adequate manner,
the matter should be reported to the Compliance Team. The Compliance Team will
make a determination as to whether a compliance issue exists and will address the issue
if necessary.
III.
Privacy and Confidentiality
Protect customer, patient and Athena confidential information
Protected Health Information. All Athena Personnel must become familiar with and abide
by the relevant laws and regulations related to the transmission, privacy and security of
Protected Health Information (PHI), including but not limited to:
o
the Health Insurance Portability and Accountability Act of 1996 (HIPAA);
o
federal regulations adopted under HIPAA related to the proper use and
disclosure of PHI (the Privacy Rule), the security of PHI in electronic form (the
Security Rule), and the transmission of electronic health care transactions in
standard forms and formats (the Transactions Rule); and
o
state laws, regulations and legal standards in states in which Athena
customers operate related to patient privacy and information security.
•
Athena Personnel must all be aware of the PHI to which they have access in our
work, to ensure that such PHI is kept secure according to Athena’s policies and
procedures, including policies directing employees to use and disclose only the
minimum necessary PHI to accomplish the task at hand.
•
Athena Personnel must carefully follow Company security policies and procedures
aimed at maintaining the confidentiality, integrity, and availability of PHI.
•
Athena Personnel must be on the lookout for improper uses, disclosures, or
transmittals of PHI, and must report such situations promptly to their supervisor or to
the Compliance Team.
Confidential Business Information – Non-PHI confidential information concerning the
business of Athena’s customers and concerning Athena’s business shall be kept
confidential and may not be accessed or disclosed except as required or permitted by a
valid contract or as required by law. Confidential information may be used by Athena
Personnel only as needed to perform their job responsibilities. Confidential information
includes, without limitation, practice and Athena financial information, business plans,
proprietary methods and data, rules, designs, databases, software code, and other
business information that has not been publicly disclosed. Improper use or disclosure of
confidential information can subject Athena and employees to legal liability, and can
damage Athena’s business relationships and intellectual property assets.
7
IV.
Initiative
Know the Code of Conduct, and prevent, or report and resolve, possible violations
Incorporating the Code into our Work. Understanding the Code of Conduct is only the
first step in earning the trust of Athena’s customers—It is how we conduct our day to day
work that will make the Code of Conduct a living reality at Athena and an essential
feature of the service that Athena provides. Because the regulatory environment and the
Company’s market and services change constantly, Athena must constantly update its
compliance processes. To accomplish this, Athena Personnel must have a positive
regard for compliance.
Responsibilities of Athena Departments and Managers. Policies and procedures are
only useful if they are clearly communicated to Athena Personnel and actually
implemented. It is each Athena department’s responsibility to develop policies for
implementing the Code of Conduct and Company policies which can clearly be
accomplished by such department on an ongoing basis.
•
Department managers shall work to integrate compliance procedures and knowledge
into employees’ job functions and responsibilities.
•
Department managers shall work with the Chief Compliance Officer and members of
the Compliance Committee to resolve any questions or issues related to the
development or implementation of policies in connection with the Compliance
Program.
Ongoing Education. Understanding and complying with the Code of Conduct involves
ongoing learning and developing a greater awareness of compliance issues in the work
that we do, including among other things participation in training sessions and other
learning opportunities.
•
Athena will provide compliance training to its directors, officers and employees, which
will include initial general compliance training for new employees, and periodic
compliance refresher training.
•
It is the responsibility of every Athena manager to deliver compliance training which
is specific to the manager’s area, and to conduct periodic refresher training courses
focused on department policies and procedures which address compliance concerns
specific to their departments.
•
All Athena Personnel, whenever possible, should take advantage of informal teaching
and learning opportunities when compliance issues are raised at times other than
formal trainings.
Open and Honest Communication. Athena strongly values clear, open, and honest
communication among Athena Personnel regarding compliance issues. No individual
has a monopoly on learning and knowledge in this area, and the contributions and insight
of all personnel are important.
Being Proactive. Participation in the Compliance Program should be approached
proactively. The Compliance Program will function well only if Athena Personnel
appreciate and are aware of the Code of Conduct, and other Compliance Program
policies and procedures, and bring potential violations to the attention of a supervisor or
8
the Compliance Team.
Failure to Comply. All officers and employees are expected to follow Compliance
Program requirements, as stated in Athena’s Foundational Competency of Integrity. The
failure by any Athena Personnel to follow the Compliance Program requirements could
result in the loss of our reputation for integrity and fair dealing and could substantially
harm Athena’s business. It could also result in sanction by Athena up to and including
termination or legal action.
•
We recognize that failure to comply with statutory and regulatory requirements could
result in liability to the government and to third parties. In some instances,
consequences for Athena and for any individuals involved could ultimately include
criminal charges, fines and imprisonment as well as other penalties such as
termination of existing contracts and exclusion from future participation in federal
health care programs.
•
In view of the seriousness of noncompliance, Athena shall take appropriate action
with respect to any individual who violates the Compliance Program and any
contractor who engages in acts that violate relevant law in connection with Athena,
athenaNet or other Athena services or facilities.
Non-retaliation. Athena shall not take corrective action solely on the basis that an
individual reported in good faith an act of wrongdoing or a violation of the Compliance
Program. However, an individual may be subject to corrective action if it is reasonably
concluded that the report of wrongdoing was knowingly fabricated by the individual or
was knowingly distorted, exaggerated, or minimized.
Reporting Compliance Matters. It is critical that potential violations of law or the
Compliance Program are reported so that Athena knows of, and can address, potential
violations. If any Athena Personnel believes that actions have taken place, may be taking
place, or may be about to take place that violate or would violate this Code, he or she
shall report the matter.
Athena shall act to protect any individual from retaliation for matters reported in good
faith, and shall honor requests for confidentiality to the extent allowed by law and
consistent with corporate legal and ethical responsibility under the Code of Conduct.
•
Reports should be made either to your Athena supervisor or to the Compliance
Team. Report potential compliance matters to the Compliance Team as follows:
(1) Call or send an e-mail to a member of the Compliance Team (the Chief
Compliance Officer, the Compliance Manager or the Compliance Associate) or e-mail
[email protected], (2) Prepare an online compliance report with our
third party reporting service through www.mycompliancereport.com (Password:
ATH), or (3) Call our third party reporting service – the Athena ComplianceLine at
(800) 910-6732.
•
Reports can be made anonymously in writing to the Chief Compliance Officer,
athenahealth, Inc., 311 Arsenal Street, Watertown, MA 02472 or by telephone call to
the Athena Compliance Hotline.
All Athena employees must cooperate with the Chief Compliance Officer in investigating and
resolving any potential violations.
9
Review History
Date
Reviewed by
5/06
Chris Nolin
7/07
Chris Nolin
7/26/07
Athenahealth Audit
Signature
Committee
7/25/08
Dan Orenstein
7/25/08
Athenahealth Audit
Committee
10