Doing Business with Hometown Health Centers

Hometown sometimes requires quality services or products at a fair price from carefully screened
contractors. They are checked on Exclusion Lists, their business reputation is evaluated, and a final
selection is based on a competitive bidding process if applicable.

As noted, contractors are expected to comply with Hometown’s Compliance Program or have a
comparable program in place to aggressively combat fraud, waste, and abuse.

Hometown’s Compliance Officer (contact information listed below) must be notified if concerns arise
regarding impropriety, unethical conduct, or violations to State and Federal Law and Regulations.

Reporting fraud, waste, and abuse in the Medicaid/Medicare programs is not an option. It is a
requirement for doing business with Hometown.

Contractual Requirements

In addition to meeting some of the compliance standards outlined above, vendors may be required to
collaborate with contract auditing, provide evidence of up-to-date cybersecurity protocols, share
appropriate training documentation, assist in any State or Federal investigation, and give System and
Organization Control Reports (SOC-1 or SOC-2) regarding security, financial controls, processing
integrity, and privacy/confidentiality upon request. Also, contractors must receive written authorization
from Hometown before any assignment or subcontracting is allowed. On the rare occasion
subcontractors are permitted, they too will be required to meet compliance standards to identify and
stop fraud, waste, and abuse. This includes, but is not limited to, training staff.

Vendors receive an annual letter reminding them of obligations to either abide by Hometown’s
Compliance Program or to have one in place meeting best practices for compliance. These practices
should include training.