The Code of Ethics & Code of Conduct Handbook

The Code of Ethics & Code of Conduct Handbook 2019-2020

COMPLIANCE, ETHICS, RISK & PRIVACY COMPLIANCE, ETHICS, RISK & PRIVACY

11x17 Cares Cover only.indd 1 6/3/2019 2:51:33 PM

This, our Code of Ethics and Code of Conduct Handbook, is a valuable reference for every member of Millennium’s workforce. Every employee, vendor, and contracted service provider should read this handbook and understand its content.

Compliance violations in the healthcare industry result in millions of dollars in fines. Through an active and participatory Compliance Program we can assure that none of our valuable resources are spent on civil or criminal fines.

Compliance is a simple concept, it is “Doing the Right Thing.” Doing things right is one of our most important beliefs. We work hard every day to provide care for our patients and services that enhance the lives of people in our community. This handbook will provide each of us with a better understanding of regulatory issues and will encourage us to act appropriately, ethically, and with integrity.

Additionally, an Organization that emphasizes the importance of compliance creates a friendly, less stressful environment in which to work.

Compliance is everyone’s responsibility. It is important that each employee understands the principles of our compliance program; upholds our company values; follows our Code of Conduct daily as demonstrated our behavior standards and, abides by our expectations that he or she will follow this guide.

We, the Board Chairman and the Chief Executive Officer, are committed to maintaining an environment that is compliant with all state and federal rules and regulations related to healthcare delivery and we expect all employees to make the same commitment.

Brian Fox, Executive Chairman Kevin Kearns, CEO

Compliance Program Plan & Handbook Page 1 of 25 Hotline: 855-517-8676 Created 10/2018, Revised 5/2019

THE CODE OF ETHICS AND CODE OF CONDUCT HANDBOOK Millennium Physician Group, LLC - Millennium Healthcare, LLC

Millennium Healthcare, LLC and Millennium Physician Group, LLC (Millennium) are committed to possessing and demonstrating the reliability, honesty, trustworthiness and high degree of integrity expected of a leading healthcare organization and a participant in federally funded healthcare programs. To help strengthen this commitment, Millennium has implemented its Compliance Program. Millennium is committed to the prevention, detection and control of Fraud, Waste and Abuse activity within its organization. This plan indicates the structures and activities through which the physician group practices achieve these goals. Compliance with the principles, policies and procedures while improving operational quality and ensuring high quality healthcare, as well as other policies and procedures of this organization is a condition of employment.

Purpose The Millennium Compliance Program clarifies the organization’s expectation all employees will adhere to applicable laws governing their behavior. It also provides examples of how the organization will do business in certain situations.

The Millennium Compliance Program ensures the organization meets the requirements of the Federal Sentencing Guidelines for Organizational Defendants and the advice of the Office of the Inspector General of the United States Department of Health and Human Services.

The Compliance Program also ensures Millennium can seek reimbursement for services provided to Medicare and Medicaid participants. The government acts as a trustee by distributing money designated to fund the healthcare expenses of Medicare and Medicaid participants. Like any trustee, the government takes great care to ensure that these funds are distributed appropriately and that the healthcare providers, who seek reimbursement from Medicare and Medicaid, do so in accordance with the law.

Finally, the Compliance Program helps ensure uniformity across Millennium. The Compliance Program and the policies and procedures that make up the Compliance Program apply equally to all employees across all Millennium facilities and service lines.

Compliance Program Plan & Handbook Page 2 of 25 Hotline: 855-517-8676 Created 10/2018, Revised 5/2019

Code of Ethics

Leadership Ethical Principles and Core Values It is the responsibility of our leadership to influence and create an ethical culture and ethical behaviors in our organization. Our leaders at Millennium will foster our ethical culture and environment by demonstrating, modeling and following our leadership principles of ethics. The Principles are a mechanism to “self-rule” in our day-to-day management. This is the manner to which we make “decisions” to guide our daily responsibilities.

Connect – Principle One: Promoting Interdisciplinary Cooperation and Collaboration • We garner and establish a team approach, providing mechanisms and channels of communications freely and openly allowing staff and patient’s ability to elaborate and offer opinions, advices and information. Respecting what each person brings to the organization, culturally, intelligently and passionately.

Advocate – Principle Two: Beneficence • Our leadership team members maintain a foundational moral obligation and/or action of doing the right thing for others. Doing the right thing for the greater good of our patients and organization.

Respect – Principle Three: Autonomy & Transparency • We allow and provide each other independent leadership and management at a high level of responsibility and the ability to perform our work at an equal level. Each of us provides free and open communication and disclosures without fear of retribution.

Engage – Principle Four: Loyalty • We embrace a sense of allegiance, commitment and dedication to the vison, mission and future of Millennium. We ensure common goals and duties are aligned with trust and support of each other. This is a foundation to our success.

Serve - Principle Five: Honesty – Justice – Fiscal Integrity • We possess and provide a high level of integrity, truthfulness and trustworthy communications and actions in our work to all. We will demonstrate impartiality in the manner we treat each other, while protecting the rights of all, upholding what is just and fair. We conduct ourselves in a manner that supports our financial goals. Striving to review, refine and account for timely and accurate financial information and records to ensure the company remains solvent and successful.

Compliance Program Plan & Handbook Page 3 of 25 Hotline: 855-517-8676 Created 10/2018, Revised 5/2019

Compliance Program Plan & Handbook Page 4 of 25 Hotline: 855-517-8676 Created 10/2018, Revised 5/2019

The Code of Ethics, along with the Core Values is our Code of Conduct (below), it requires that all facilities, business areas and functional areas of Millennium, including all employees and agents within those areas, exercise due diligence to prevent, detect and report unlawful conduct or conduct in violation of Millennium’s policies. We present our CARES message with this set of expected behaviors and the desired accountability for each of us to follow.

Core Values - Code of Conduct

The Core Values – Code of Conduct is endorsed and promoted by Millennium Leadership. It is utilized every day in our work and how we hold each other to these important elements of being a good citizen of Millennium!

1. CONNECT BY FACILITATING THE SEAMLESS DELIVERY OF CARE • I will encourage innovation. • I will remove barriers that slow down process. • I will keep it simple. • I will appreciate others’ experiences.

2. ADVOCATE BY ANTICIPATING OUR PATIENT NEEDS • I will meet immediate needs or find someone to help. • I will do the right thing. • I will move past problems to solutions. • I will work to create a culture of trust.

3. RESPECT BY TREATING OUR PATIENTS WITH DIGNITY • I will honor the trust others place in us. • I will not make assumptions; I will ask questions. • I will show appreciation and celebrate accomplishments. • I will keep critiques and disagreements productive.

4. ENGAGE BY BUILDING TRUSTING RELATIONSHIPS • I will welcome every person. • I will invite others’ knowledge and perspective. • I will include others in decisions. • I will listen, listen again, and, listen some more.

5. SERVE BY HUMBLY SUPPORTING OUR PATIENTS • I will promote a positive environment. • I will inspire action, and, my actions will support my words. • I will be a role model, attitude is everything. • I will take ownership and never say “not my job”.

Compliance Program Plan & Handbook Page 5 of 25 Hotline: 855-517-8676 Created 10/2018, Revised 5/2019

Identifying a Compliance Issue – Decision Making and the Code of Conduct

It is not uncommon for us to come across situations where we aren’t quite sure what to do or we feel that what is happening is not quite right. No compliance program and no law or regulation can address all the situations that might occur in the healthcare environment. Ultimately, it is up to each one of us to apply the general principles we have learned in our compliance training. And, if we aren’t sure, we ask for help! No one at Millennium should ever have to struggle alone with a compliance question or concern.

If you are unsure about the legality or the appropriateness of an action or a proposed action, think of the following: • Does it comply with the law and Millennium’s Compliance Policies and Procedures? • How would it make you feel if you did it? • Does it reflect our company values and ethics? • Does it respect the rights of others? • How would it look to your family and friends, your coworkers, or, our patients and the community?

If you know it’s wrong, don’t do it! If you are not sure, ask. Keep asking until you get an answer that makes sense. Get the right answer, not just the easy answer.

Resolving a Compliance Issue and Reporting – Speaking Up We have many resources available to help you resolve compliance issues. The answers to many questions can be found in the various Millennium Compliance Policies and Procedures. We encourage you to ask questions and raise issues without fear of retaliation. When you are in doubt, “speaking up” is highly recommended and desired by our leadership staff, executive staff and Board. Speaking up immediately in serious situations could save lives, time, money and reputation.

Compliance Program Plan & Handbook Page 6 of 25 Hotline: 855-517-8676 Created 10/2018, Revised 5/2019

Identifying a Compliance Issue – Decision Making and the Code of Conduct (Continued)

The Four-Step Communication Process

For compliance questions or concerns that cannot be resolved by reviewing the various Millennium policies and procedures, discuss the issue with your supervisor, manager, or, another higher-level supervisory employee. Seek to resolve the problem promptly, constructively and at the lowest level possible by following these four steps:

Discuss the issue with a Supervisor. Supervisors are familiar with the particular workplace environment and its issues. Therefore, they should be given the first opportunity to resolve the matter.

Speak to the Department or Practice Manager. If you and your supervisor cannot resolve the matter, if you feel that your concern is not getting the proper attention, or, if your supervisor is the issue, you should request a meeting with your Department Manager or Director to discuss the matter further.

Speak to the Human Resources Department and/or your Regional Director or Chief Operating Officer. If your Department Manager or Director is unable to resolve the matter to your satisfaction, you should contact the Human Resources Department, your Regional Director, the Chief Operating Officer, or alternatively, you may elect to bring the matter directly to your Chief Executive Officer or Senior Executive.

Bring the matter to the attention of the Chief Compliance, Ethics & Risk Officer or Department. Matters that are not resolved at the facility level should be brought to the attention of the Compliance Department. You can bypass the above if you feel uncomfortable.

Reporting a Compliance Issue

As an employee, you are obligated to report any issue or practice that you believe in good faith may constitute a violation of law or Millennium’s policies. Employees who are found to have engaged in unlawful conduct or conduct in violation of Millennium’s policies, or who have failed to detect, report and/or correct any offense, are subject to corrective action, up to and including termination of employment.

To report a compliance issue, follow the Four-Step Communication Process described above. If you feel uncomfortable reporting a compliance issue to your supervisor or to any other Millennium manager, you may call the Compliance Hotline.

Compliance Program Plan & Handbook Page 7 of 25 Hotline: 855-517-8676 Created 10/2018, Revised 5/2019

855-517-8676

The Compliance Hotline

Millennium’s Compliance Office has a Compliance Hotline where anyone may call 855-517-8676. Calls to the Compliance Hotline are anonymous, cannot be traced, and, will be treated confidentially.

Employees may remain anonymous if they choose and to the extent allowed by law. No caller will be subject to retaliation for bringing forth a good faith concern. Anyone who attempts to retaliate against an employee who has in good faith made a call to the Compliance Hotline will be subject to corrective action up to and including termination of employment.

The Compliance Hotline is toll-free from anywhere in the United States. It is an answering machine dedicated for reports of suspected illegal or unethical activity. It is open 24 hours a day, seven days a week. The Compliance Department reviews the messages Monday through Friday

Although a call to the Compliance Hotline satisfies the employees’ obligation to report suspected illegal or unethical activity to the Chief Compliance, Ethics & Risk Officer, it is not intended to replace the local management team or the Four-Step Communication Process outlined on the previous page. The Compliance Hotline is intended to supplement existing internal communication channels. The Compliance Hotline is available when employees feel they have exhausted all normal channels or are uncomfortable bringing an issue to their supervisors or managers.

Failing to Act in Accordance with the Compliance Program

The Compliance Program helps ensure that Millennium follows applicable laws, regulations and Millennium’s compliance policies. Therefore, the consequences of not acting in accordance with the Compliance Program are significant for the employee as well as Millennium. Millennium, its member organizations and the employee may be subject to criminal and/or civil prosecution resulting in payment of fines and/or imprisonment. In addition, Millennium, its member organizations and the individual may be excluded or suspended from participation in any federal or state government healthcare program. Finally, any employee who fails to adhere to the Compliance Program will be subject to corrective action, such as a verbal or written reprimand, paid or unpaid suspension or even termination of employment.

Compliance Program Plan & Handbook Page 8 of 25 Hotline: 855-517-8676 Created 10/2018, Revised 5/2019

Principal Documents of the Millennium Physician Group / Millennium Healthcare Compliance Program

Millennium Compliance Plan

The Compliance Plan (the “Plan”) is a document specifically tailored to Millennium identifies the various compliance personnel, documents and activities that comprise the Compliance Program. The Plan discusses the designation of compliance personnel and establishes their responsibilities and duties; the development and distribution of compliance policies and procedures; the compliance education and training activities; the communication lines established for use in obtaining answers to compliance questions or concerns; the enforcement standards and disciplinary guidelines for compliance violations; and, the various compliance auditing and monitoring activities for ensuring that compliance policies and procedures are effective and followed.

The Plan incorporates the utilization of Compliance 360. This software is comprised of modules to manage the compliance activities of auditing, monitoring (universal assessments), incident management, policy and procedure workflows and organization, contract management database, and compliance workspace. It has a virtual evidence space to maintain regulatory compliance documentation. The Chief Compliance, Ethics & Risk Officer oversees the monitoring of the Compliance Plan and reports the outcome results from the modules and systems to the Board where outliers, issues and incidents have been identified and mitigated. This instrument will be vital in the coming months and years to ensure Millennium is monitoring and implementing a robust and effective Corporate Compliance Program.

Millennium Code of Ethics and Code of Conduct Handbook

The Handbook summarizes Millennium’s Compliance Program, Code of Ethics, Principles for Leadership, and our Core Values - Code of Conduct. It provides instructions on how to identify, resolve and report compliance issues and contains general compliance guidelines that all employees must follow. This handbook shall be used as a reference by all staff for guidance and annual adherence/attestation to its contents and scope of duty.

Compliance Program Plan & Handbook Page 9 of 25 Hotline: 855-517-8676 Created 10/2018, Revised 5/2019

MillenniumMillennium Privacy Privacy and and Security Security Compliance Compliance Policies Policies

Millennium’sMillennium’s Privacy Privacy and and Security Security Compliance Compliance P Policiesolicies are are located located on on Mill Millennium’sennium’s Compliance Compliance 360 360 Policy Policy Module.Module. This This is is a a desktop desktop icon icon accessible accessible to to all all Millennium Millennium employees. employees. TheseThese policies policies provide provide guidance guidance to to MillenniumMillennium staff staff regarding regarding the the use use and and disclosure disclosure of of patient patient information information in in the the medical medical record, record, the the electronic electronic patientpatient record, record, or or in in conversations. conversations. AllAll newly newly hired hired employees employees are are trained trained personally personally by by the the Privacy Privacy Offi Officcerer and and SecuritySecurity Offi Officercer . . ThisThis important important training training gives gives employees employees the the information information they they need need to to know know to to be be compliant compliant withwith the the privacy privacy rules rules and and regulations. regulations.

MMaintainingaintaining secure secure private private patient patient information information is is imperative imperative to to our our organization. organization. TheThe community, community, stakeholders stakeholders andand members members of of our our workforce workforce depend depend on on us us to to provide provide strict strict security security measures measures and and promise promise of of privacy privacy protections.protections. ItIt is is paramount paramount to to our our success success to to provide provide assurances assurances to to every every person person that that we we take take the the privacy privacy andand security security of of his/her his/her information information very very seriously. seriously.

ManagementManagement of of the the Millennium Millennium Compliance Compliance Program Program

TheThe Compliance Compliance Program Program was was created created at at the the direction direction of of Millennium’s Millennium’s Board. Board. The The Board Board Committ Committeeee oversees oversees thethe operation operation of of the the Compliance Compliance Program Program and and receives receives regular regular reports reports from from Millennium’s Millennium’s Chief Chief Compliance, Compliance, EthicsEthics & & Risk Risk Officer Officer. .All All Millennium Millennium leaders, leaders, from from the the Board Board Chairman Chairman to to the the Senior Senior Leadership Leadership in in every every MillenniumMillennium Facility Facility, , areare important important to to Millennium’s Millennium’s compliance compliance efforts. efforts. The The Compliance Compliance Program Program is is essential essential toto Millennium’s Millennium’s future future success.success. Therefore, Therefore, all all employees, employees, as as well well as as all all persons persons and and entities entities retained retained and and authorizedauthorized to to act act on on behalf behalf of of MillenniumMillennium (“agents”), (“agents”), are are responsible responsible for for u understandingnderstanding and and following following the the compliancecompliance policies policies that that make make up up the the Compliance Compliance Program. Program.

ManagersManagers and and supervisors supervisors must must consistently consistently enforce enforce and and communicate communicate Millennium’s Millennium’s C Complianceompliance P Policiesolicies to to allall employees employees and and agents agents within within their their business business areas. areas. Finally, Finally, every every employee employee and and agent agent are are responsible responsible for for detecting,detecting, resolving resolving and and reporting reporting to to the the appropriate appropriate Millennium Millennium management management unlawful unlawful conduct conduct that that may may violateviolate the the Compliance Compliance Program Program or or Millennium’s Millennium’s C Complianceompliance P Policies.olicies.

CertainCertain persons persons and and departments departments within within M Millenniumillennium have have been been charged charged with with management management of of the the Compliance Compliance Program.Program. These These persons persons and and departments departments serve serve as as resources resources to to all all employees employees toto ensure ensure that that the the Compliance Compliance ProgramProgram and and Millennium’s Millennium’s C Complianceompliance P Policiesolicies are are implemented implemented and and enforced enforced consistently.consistently. T Theyhey are are the: the: • • ChiefChief Compliance, Compliance, Ethics Ethics & & Risk Risk Officer Officer • • ComplianceCompliance Committee Committee • • ComplianceCompliance Data Data Auditor Auditor • • ComplianceCompliance Analyst Analyst • • PrivacyPrivacy Offi Officcerer • • ChiefChief Information Information & & Security Security Offi Officcerer • • CorneliusCornelius Compliance Compliance and and Patty Patty Privacy Privacy (T (Theyhey help help shar sharee messages messages andand trtrainingaining t oto our our staff staff l ooklook for for them them in in the the M Millenniumillennium M Mininuteute and and Emails!)Emails!)

Chief Chief Compliance, Compliance, Ethics Ethics & & Risk Risk Officer Officer TheThe Chief Chief Compliance, Compliance, Ethics Ethics & & Risk Risk Officer Officer acts acts as as Millennium’s Millennium’s Chief Chief Compliance Compliance & & Risk Risk Officer Officer and and is is responsibleresponsible for for overseeing overseeing Millennium’s Millennium’s c complianceompliance activities. activities.

PagePage 10 10 of of 26 26 ComplianceCompliance Program Program Plan Plan & & Handbook Handbook Hotlin Hotline:e: 855 855-517-517-8676-8676 CreatedCreated 10/2018, 10/2018, Revised Revised 5/2019 5/2019

PrincipalPrincipal D Documenocumentsts of of the the M Millenniumillennium Physician Physician G Grouproup – /M illennium Millennium HealthcarHealthcaree Complianc Compliancee Pr Proogrgramam (Continued) (Continued)

ComplianceMillennium Offic Privacye and Security Compliance Policies The Chief Compliance, Ethics & Risk Officer, leads the Compliance Office. This Office is responsible for the dayMillennium’s-to-day management Privacy and and Security administration Compliance of the Policies Compliance are located Program, on Mill suchennium’s as: developing Compliance ethics 360 and Policy complianceModule. This policies, is a desktop procedures icon accessibleand training; to allmanaging Millennium the Complianceemployees. Hotline;These policies reporting, provide auditing guidance and to monitoringMillennium compliance staff regarding issues; the and use, verifying and disclosure corrective of patient action informationplans for areas in the of non medical-compliance. record, the The electronic patient record, or in conversations. All newly hired employees are trained personally by the Privacy Officer and Compliance Office contact information is as follows: Security Officer . This important training gives employees the information they need to know to be compliant with the privacy rules and regulations. Millennium Physician Group Maintaining secure private patient informationCompliance is imperativeDepartment to our organization. The community, stakeholders and members of our workforce depend6321 Daniels on us to Parkway, provide strict Suite security 200 measures and promise of privacy protections. It is paramount to our successFort Myers,to provide FL assurances33912 to every person that we take the privacy and security of his/her information very seriously. Tel: 855-674-7400 Fax: 855-674-7401 E-mail: [email protected] ComplianceManagement Committee of the Millennium Compliance Program

The Millennium Compliance Board Committee provides advice, oversight and guidance to the Chief The Compliance Program was created at the direction of Millennium’s Board. The Board Committee oversees Compliance, Ethics & Risk Officer on matters relating to Millennium’s Compliance & Risk Program. This the operation of the Compliance Program and receives regular reports from Millennium’s Chief Compliance, CommitteEthics &e Risk meets Officer monthl. Ally Millennium to review andleaders, discuss from compliance the Board activities. Chairman The to theCommittee Senior Leadership consists of in the every Board Chairman,Millennium Chief Facility Compliance, are important, Ethics & Riskto Millennium’s Officer, Chief compliance Executive Offiefforts.cer, ThePresident, Compliance Chief MedicalProgram Officer, is essential Chiefto Millennium’s Population Health future Offi success.cer, Chief Therefore, Analytics all Offi employees,cer, Chief as Financial well as Offiall personscer, Chief and Operating entities retainedOfficer, Chief and Administrativeauthorized to Offi actc er,on andbehalf Chief of InformationMillennium (“agents”),& Security Offiare cresponsibleer of Millennium. for understanding Other members and followingmay be the designatedcompliance ad -policieshoc by Millennium’sthat make up Chief the Compliance Executive Offi Program.cer or Board Chairman.

TheManagers Complia nceand Committee’s supervisors mustprimary consistently objective enforceis to facilitate and communicate the effective Millennium’s operation of CMillennium’sompliance P olicies to Complianceall employees Program and .agents This will within be accomplished their business through areas. Finally, a combination every employee of creating and a agentculture are within responsible the for organizationdetecting, andresolving the overs and ightreporting of implementation to the appropriate of the Millennium core components management of the Compliance unlawful conduct, Ethics that& Risk may Program.violate the Compliance Program or Millennium’s Compliance Policies.

TheCertain Chief Compliance,persons and Ethicsdepartments & Risk Officer within shallMillennium provide have monthly been dashboard charged with reports management to the Board of thecontaining Compliance the activitiesProgram. relating These to persons the Seven and (7) departments Elements of serve the Compliance as resources Program, to all employees a Privacy Reportto ensure and that additional the Compliance Incident andProgram Complaint and reporting. Millennium’s Each Compliance January the Policies Chief Compliance,are implemented Ethics and & Risk enforced Officer consistently.shall provide T thehey Compliance are the: Program Annual• Chief Report Compliance, for the previous Ethics & year Risk inOfficer combination with the next year’s Compliance, Ethics & Risk Work Plan. • Compliance Committee • Compliance Data Auditor Privacy and• SecurityCompliance Support Analyst To assist its• employeesPrivacy Offi in cresolver ing Privacy compliance issues (privacy, security violations), Millennium has a Certified Privacy• Chief Compliance Information Officer & Security who serves Officer as Millennium’s Privacy Officer. Millennium maintains the ability to ac• tivateCornelius audit accessCompliance reports and on Patty a periodic Privacy basis (They to help conduct share messagessurveillance or to detect possible privacy and security compromises.and training to Thisour staff function look for is additionallythem in the M utilizedillennium in M theinute identification and of inappropriate access to protected healthEmails!) information and assists in the documentation of investigation activities. Millennium has an appointed Security Officer as well as a Chief Information & Security Officer. Both work in conjunction with Chief the Compliance, Privacy Offic erEthics to facilitate & Risk Officerelectronic systems of security regulations. The Chief Information & SecurityThe Chief Offi Compliance,cer is responsible Ethics for & theRisk Security Officer actsRisk asAssessments Millennium’s and Chief any Complianceidentified risks & Risk associated Officer andwith is the assessments.responsible The for Privacyoverseeing Offi Millennium’scer will assist cinompliance any identifi activities.ed issues of risk regarding the Privacy Rule.

Page 10 of 26 Compliance Program Plan & Handbook Page 11 of 25 Hotline: 855 Hotlin-517e:-8676 855- 517-8676 Created 10/2018, Revised 5/2019

Principal Documents of the Millennium Physician Group – Millennium PrincipalPrincipal D Documenocumentsts of of the the M Millenniumillennium Physician Physician G Grouproup // Healthcare Compliance Program (Continued) MMillenniumillennium Healthcar Healthcaree Complianc Compliancee Pr Proogrgramam (Continued) (Continued) AllThese employees guidelines and are patients not intended are encouraged to minimize to reportthe importance any privacy of- relatedother applicable issues to thelaws, Privacy regulations, Officer. The PrivacyprofessionalMillennium Offic erstandards Privacy maintains and or aethical Securitystrict dutyprinciple Compliance to keeps which pol Policies iciesmay upbe tocovered date and in more employees detail underinformed other of theircompliance privacy responsibilities.documents and policies. While the Compliance Handbook does not address every conceivable situation, it doesMillennium’s summarize Privacy Millennium’ and Security s basic Compliance standards andPolicies expectations are located for on employee Millennium’s conduct. Compliance Questions 360 or Policy concern s notMillenniumModule. specifi cThisally maintains isaddressed a desktop secure in icon the servers accessible Compliance and encryption to Handbookall Millennium devices may employees. be for covered all electronic Thesein the hardware policiesother C omplianceprovide and software guidance documents in to its facilities.Millennium Millennium staff regarding meets the the federal use and government disclosure’s of standards patient information for protecting in the electronic medical personal record, the health electronic orpatient may be record, resolved or byin conversations. using the Four AllStep newly Communication hired employees Process. are trained personally by the Privacy Officer and information by conducting training and awareness programs and by utilizing internal auditing and monitoring Security Officer . This important training gives employees the information they need to know to be compliant systemsPatientwith the Rights,and privacy a reporting Relationships rules and system regulations. and for Patient any alleged Care violations. Millennium is committed to providing quality healthcare to its patients. Assuring the quality of medical services is the single most important responsibility of each Millennium employee. All Millennium employees are expected ResponsibilitiesMaintaining secure of the private Millennium patient informationCompliance is Program imperative to our organization. The community, stakeholders toand contribute members to ofthis our effort workforce and to depend promote on exemplary us to provide conduct strict thatsecurity complies measures fully andwith promise laws and of standardsprivacy As an organization committed to compliance, Millennium has assumed certain responsibilities: applicableprotections. to the It is industry. paramount Misconduct to our success of any to kind, provide including assurances fabrication to every or falsifi personca tionthat ofwe any take medical the privacy services or documents,and security• Develop masking of his/her C omplianceincorrect information services, documents very or seriously. anyto provide other actioemployeesn which with might guidance compromise on matters the of quality daily business and integrity conduct. of the patient’s• Ensure care, thatwill notthe beCompliance tolerated. documents Employees are who accessible engage to in all such emp misconductloyees, offic willers andbe directors. subject to corrective actionManagement up• toEstablish and of including the and Millennium maintain termination training Compliance of programs employment. Program to ensure familiarity with and understanding of compliance requirements. FreedomThe Compliance• ofAdvise Choice employees,Program was offi createdcers and at directors the direction on the of proper Millennium’s interpretation Board. Theand Boardapplication Committ of theee oversees Uponthe operationthe patient’sCompliance of the first Compliance Prograappointmentm. Program to a healthcare and receives servic regulare, Millennium reports from must Millennium’s provide him/her Chief Compliance,with a written statementEthics• & RiskofAdminister patient’s Officer. theAllrights. MillenniumCompliance This statement leaders,Program must from and includeits the supporting Board the Chairman rights policies of patients toin athe fair Senior andto make timely Leadership decisions manner. in regardingevery their medicalMillennium• careEnsure andFacility it a must working, are conform important atmosphere to toall Millennium’s applicable conducive stateto compliance compliance and federal efforts.and laws free The ofand retaliation Compliance regulations. for Program the Patients reporting is must essential of be given theto opportunity Millennium’salleged to future beviolations involved success. of inCompliance Therefore,all aspects Program. allof employees,their care and as wellMillennium as all persons must obtain and entities informed retained consent and for treatment.authorized As to applicable, act on behalf each of patient Millennium or patient (“agents”), representative are responsible may be for provided understanding with a clear and followingexplanation the of carecompliance including policies, but not that limited make to, up diagnosis, the Compliance plan of Program.care, right to refuse or accept care, care decision dilemmas, Responsibilities of Millennium Employees advanceManagers directive and supervisors options, and must an consistentlyexplanation enforceof the risks and andcommunicate benefit associated Millennium’s with C availableompliance treatment Policies to options.Everyone Patients has an obligationmay be referred to ensure to specialty that the providersCompliance; the Program patients is willa success. be provided Employees choice cans in help this toprocess achieve thatall employeessuccess by doingand agents the following: within their business areas. Finally, every employee and agent are responsible for asdetecting, well. resolving and reporting to the appropriate Millennium management unlawful conduct that may violate• theRead Compliance and regularly Program review or Millennium’s Millennium’s C omplianceCompliance Policies. documents to fully understand the Confidentialcomplia Informationnce requirements that apply to his or her job. ThereCertain are• persons twoParticipate general and departmentstypesin training of confi programs withindential M andinformation:illennium staff meetings have patient been designed medicalcharged to informationwith help management him or, and her, understandbusiness of the Compliance information. his or InformationProgram. Theseher about obligations persons a patient’s and under medicaldepartments the Compliancecondition serve is as Program.highly resources sensitive to all and employees its confi dento tialityensure must that bethe maintained. Compliance Program and Millennium’s Compliance Policies are implemented and enforced consistently. They are the: No employee,• Abide physician by the orrequirements other healthcare set forth provider in the has Compliance the right Program’sto any patient policies information and procedures. other than what is necessary• • Ask toChief performquestions Compliance, his and or seekher Ethics job. assistance & No Risk employee Officer when heshould or she ever is uncertain release or about discuss the patient proper-specifi coursec ofinformation action. with others unless it is necessary to provide appropriate medical care to the patient; it is with the patient’s • • SupportCompliance employees Committee who report suspected violations of the Compliance Program. Recognize written consent; or, it is required or permitted by law. Finally, all employees are expected to maintain the • thatCompliance retaliation Data against Auditor persons who report suspected violations is not permitted. confidentiality of protected health information (“PHI”) as that term is defined by the Standards for Privacy of • • BeCompliance alert to situations Analyst that could result in illegal or unethical conduct and encourage other employees Individually Identifiable Health Information (commonly known as the “HIPAA Privacy Regulations”). • toPrivacy consult Offi withcer their supervisors, their Chief Compliance Officer, or the Legal Counsel if it appears that

• theyChief may Information be in danger & Security of violating Offic theer law. Confidential business information is any information about a present or planned business matter that has not • • ReportCornelius suspected Compliance violations and Patty of the Privacy Compliance (They help Program. share messages been releasedand publicly training by to Millennium.our staff look forSpecifi themcally in the, employeesMillennium M areinute not and allowed to release information without authorizationEmails!) regarding:

Compliance• Pricing Guidelines The following guidelines summarize Millennium’s basic standards and expectations for employee conduct. Chief •Compliance, Financial DEthicsata & Risk Officer Many of the laws and policies discussed in this Compliance Handbook are complex and many of the concepts The Chief• MarketingCompliance, Programs Ethics & Risk Officer acts as Millennium’s Chief Compliance & Risk Officer and is areresponsible developed• Electronic for in overseeingcase -Medicalby-case Millennium’s Recorddeterminations. Techniques compliance In addition,and activities. Applications the Compliance Handbook can deal only generally with some of the more important legal principles and compliance policies.

Page 10 of 26 ComplianceCompliance ProgramProgram Plan Plan & & Handbook Handbook Page 13 of 25 Compliance Program Plan & Handbook Page 12 of 25 Hotline: Hotlin 855-517e: 855-8676-517 -8676 CreatedCreated 10/2018,10/2018, Revised Revised 5/2019 5/2019 Created 10/2018 Revised 5/2019

PrincipalPrincipal Documen Documents tsof of the the M Millenniumillennium Physician Physician G Grouproup / / MillenniumMillennium Healthcar Healthcare Compliance Compliance Pre Progrogramam (Continued) (Continued) These guidelines are not intended to minimize the importance of other applicable laws, regulations, professionalMillennium standards Privacy or and ethical Security principle Compliances which mayPolicies be covered in more detail under other compliance documents and policies. While the Compliance Handbook does not address every conceivable situation, it doesMillennium’s summarize PrivacyMillennium’ and Security s basic standardsCompliance and Policies expectations are located for employeeon Millennium’s conduct. Compliance Questions 360 or Policyconcern s notModule. specifically This addressed is a desktop in theicon Compliance accessible to Handbook all Millennium may beemployees. covered in These the other policies Compliance provide guidance documents to Millennium staff regarding the use and disclosure of patient information in the medical record, the electronic or maypatient be resolvedrecord, or by in using conversations. the Four Step All newly Communication hired employees Process. are trained personally by the Privacy Officer and Security Officer . This important training gives employees the information they need to know to be compliant Patientwith Rights,the privacy Relationships rules and regulations. and Patient Care Millennium is committed to providing quality healthcare to its patients. Assuring the quality of medical services is theM singleaintaining most secureimportant private responsibility patient information of each Millennium is imperative employee. to our organization. All Millennium The employees community, are stakeholders expected to contributeand members to this of oureffort workforce and to promote depend on exemplary us to provide conduct strict that security complies measures fully with and lawspromise and ofstandards privacy applicableprotections. to the It industry. is paramount Misconduct to our success of any kind, to provide including assurances fabrication to every or falsifi personcation that of we any take medical the privacy services or documents,and security masking of his/her incorrect information services, very or seriously.any other action which might compromise the quality and integrity of the patient’s care, will not be tolerated. Employees who engage in such misconduct will be subject to corrective actionManagement up to and including of the Millennium termination Compliance of employment. Program

FreedomThe Compliance of Choice Program was created at the direction of Millennium’s Board. The Board Committee oversees Uponthe the operation patient’s of fi therst Complianceappointment Program to a healthcare and receives servic regulare, Millennium reports from must Millennium’s provide him/her Chief with Compliance, a written statementEthics & of Risk patient’s Officer rights.. All Millennium This statement leaders, must from include the Board the rights Chairman of patients to the Seniorto make Leadership decisions in regarding every their medicalMillennium care and Facility it must, are conform important to all to applicable Millennium’s state compliance and federal efforts. laws andThe regulations.Compliance ProgramPatients mustis essential be given theto opportunity Millennium’s to futurebe involved success. in all Therefore, aspects of all their employees, care and as Millennium well as all persons must obtain and entities informed retained consent and for treatment.authorized As applicable,to act on behalf each ofpatient Millennium or patient (“agents”), representative are responsible may be providedfor understanding with a clear and explanation following the of carecompliance including, butpolicies not limitedthat make to, updiagnosis, the Compliance plan of care, Program. right to refuse or accept care, care decision dilemmas, advanceManagers directive and supervisorsoptions, and must an explanation consistently of enforce the risks and and communicate benefit associated Millennium’s with available Compliance treatment Policies to options.all employees Patients andmay agents be referred within to their specialty business providers areas.; Finally, the patients every willemployee be provided and agent choice ares responsiblein this process for as well.detecting, resolving and reporting to the appropriate Millennium management unlawful conduct that may violate the Compliance Program or Millennium’s Compliance Policies. Confidential Information ThereCertain are two persons general and types departments of confiden withintial Minformation:illennium have patient been medical charged information with management, and, business of the Complianceinformation. InformationProgram. aboutThese apersons patient’s and medical departments condition serve is highly as resources sensitive to andall employees its confiden totiality ensure must that be the maintained. Compliance No Programemployee, and physician Millennium’s or other Compliance healthcare Policies provider are hasimplemented the right to and any enforced patient informationconsistently. other They arethan the: what is necessary• toChief perform Compliance, his or her Ethics job. No & Riskemployee Officer should ever release or discuss patient-specific information with others• unlessCompliance it is necessary Committee to provide appropriate medical care to the patient; it is with the patient’s written consent• Compliance; or, it is required Data Auditor or permitted by law. Finally, all employees are expected to maintain the confidentiality• ofCompliance protected Analyst health information (“PHI”) as that term is defined by the Standards for Privacy of Individually• IdentifiPrivacyable Offi Healthcer Information (commonly known as the “HIPAA Privacy Regulations”). • Chief Information & Security Officer Confidential• businessCornelius information Compliance is and any Patty information Privacy (Tabouthey help a presentshare messages or planned business matter that has not been released andpublicly training by tMillennium.o our staff look Specifi for themcally in the, employees Millennium are Min utenot and allowed to release information without authorization regarding:Emails!) • Pricing Chief• Compliance,Financial D ataEthics & Risk Officer The •Chief Marketing Compliance, Programs Ethics & Risk Officer acts as Millennium’s Chief Compliance & Risk Officer and is responsible• Electronic for overseeing Medical Millennium’s Record Techniques compliance and Aactivities.pplications

Page 10 of 26 ComplianceCompliance Program Program Plan Plan & & Handbook Handbook Page 13 of 25 Hotline: 855Hotlin-517e: -8558676-517 -8676 CreatedCreated 10/2018, 10/2018, Revised Revised 5/2019 5/2019

Principal Documents of the Millennium Physician Group / PrincipalPrincipal D Documenocumentsts of of the the MMillenniumillennium PhysicianPhysician Group / MMillenniumillennium Healthcar Healthcaree Complianc Compliancee Pr Proogrgramam (Continued) (Continued) Millennium Healthcare Compliance Program (Continued) These guidelines are not intended to minimize the importance of other applicable laws, regulations, professionalInformationMillennium suchstandards Privacy as this and or is ethical theSecurity core principle ofCompliance Millennium’ss which Policies may business. be covered It is also in more a key detail component under otherof just compliance about every documentstopic discussed and inpolicies. this Compliance While the Handbook. Compliance For Handbook example, does releasing not address this information every conceivable can violate situation, laws it doesregarding:Millennium’s summarize Privacy Millennium’ and Security s basic Compliance standards andPolicies expectations are located for on employee Millennium’s conduct. Compliance Questions 360 or Policy concern s notModule. specifi cThisally isaddressed a desktop in icon the accessible Compliance to Handbookall Millennium may employees. be covered Thesein the policiesother C omplianceprovide guidance documents to Millennium• Confl staffict regarding of Interest the use and disclosure of patient information in the medical record, the electronic or may be resolved by using the Four Step Communication Process. patient• record,Antitrust or in conversations. All newly hired employees are trained personally by the Privacy Officer and

Security• OffiEmploymentcer . This important Matters training gives employees the information they need to know to be compliant Patient Rights, Relationships and Patient Care with the• privacyFinances rules and regulations. Millennium is committed to providing quality healthcare to its patients. Assuring the quality of medical services is • Intellectual Property theM singleaintaining most secure important private responsibility patient information of each Millenniumis imperative employee. to our organization. All Millennium The community,employees stakeholdersare expected • toand contribute members Patient to ofthis ourC onfieffort workforceden andtiality to depend promote on exemplary us to provide conduct strict thatsecurity complies measures fully andwith promise laws and of standardsprivacy applicableprotections. to the It is industry. paramount Misconduct to our success of any to kind, provide including assurances fabrication to every or falsifi personca tionthat ofwe any take medical the privacy services or documents,Employeesand security should masking of his/her remember incorrect information this services, pledge very or seriously. to any keep other business action and which patient might medical compromise information the quality confi denandtial integrity of theand patient’sto respect care, the willprivacy not be of tolerated.those Millennium Employees serves. who engage in such misconduct will be subject to corrective actionManagement up to and of including the Millennium termination Compliance of employment. Program Conflict of Interest FreedomA Theconfl Complianceict of interestChoice Program arises waswhenever created an at employee’s the direction interest of Millennium’s or that of anBoard. employee’s The Board immediate Committ familyee oversees confl icts orUponthe appears operationthe patient’s to confl of the icfirstt withCompliance appointment the interest Program to of a Millennium. healthcare and receives servic Everyone regulare, Millennium reportshas a duty from must to Millennium’s avoid provide confl him/heric Chiefts of interest Compliance,with a written or the appearancestatementEthics & Riskof of patient’s Officerconflicts. Allrights. of Millennium interest. This statement The leaders, following must from discussion include the Board the is Chairman notrights intended of patients to the to Seniorintrude to make Leadership upon decisions an employee’s in regardingevery their medicalMillennium care andFacility it must, are conform important to toall Millennium’s applicable state compliance and federal efforts. laws The and Compliance regulations. Program Patients is must essential be given privacyto Millennium’s but to help future employees success. avoid Therefore, conflicts all of employees, interest. If asan wellemployee as all persons is faced and with entities a personal retained transaction, and decisionthe opportunity or situation to be which involved he/she in all think aspectss may of create their care a conf andlic tMillennium of interest, musthe/she obtain must informed report it promptlyconsent forto treatment.authorized As to applicable, act on behalf each of patient Millennium or patient (“agents”), representative are responsible may be for provided understanding with a clear and followingexplanation the of his/her Supervisor, the Human Resources Director and the Chief Compliance Officer. carecompliance including policies, but not that limited make to, up diagnosis, the Compliance plan of Program.care, right to refuse or accept care, care decision dilemmas, advance directive options, and an explanation of the risks and benefit associated with available treatment InManagers many situations, and supervisors if there is must no illegal consistently or unethical enforce conduct and communicate involved, Millennium Millennium’s can Cconsentompliance to the Policies proposed to options.all employees Patients and may agents be referred within theirto specialty business providers areas. Finally,; the patients every employee will be provided and agent choice are responsibles in this process for asactivity well. even though a conflict of interest may exist. detecting, resolving and reporting to the appropriate Millennium management unlawful conduct that may violate the Compliance Program or Millennium’s Compliance Policies. ConfidentialMillennium’s InformationCompliance Handbook or the Conflict of Interest Policy cannot describe all of the situations that mayThereCertain give are risepersons two to general confl andic departmentstypest of interest of confi circumstances,withindential M information:illennium nor havecan patient it been take medicalcharged the place informationwith of amanagement personal, and commitment, business of the Compliance information. to do InformationwhatProgram. is right. These about persons a patient’s and medicaldepartments condition serve is as highly resources sensitive to all and employees its confi dento tialityensure must that bethe maintained. Compliance NoProgram employee, and physician Millennium’s or other Compliance healthcare Policies provider are implemented has the right and to any enforced patient consistently. information T otherhey are than the: what The following is a list of frequently encountered conflicts of interest. is necessary• toChief perform Compliance, his or her Ethics job. & No Risk employee Officer should ever release or discuss patient-specific information with others• unlessCompliance it is necessary Committee to provide appropriate medical care to the patient; it is with the patient’s writtenAgents andconsent• Consultants:Compliance; or, it is required Data Individuals Auditor or permitted who provide by law. services Finally, to Millenniumall employees as areagents expected or consultants to maintain are t he requiredconfidentiality to• observeCompliance of protected the same Analyst health standards information of conduct (“PHI”) as asemployees that term of is Millennium. defined by the Standards for Privacy of Individually Identifiable Health Information (commonly known as the “HIPAA Privacy Regulations”). • Privacy Officer • Chief Information & Security Officer Business Opportunities: Employees are prohibited from taking personal financial advantage of a business Confident•ial businessCornelius information Compliance andis any Patty information Privacy (T heyabout help a shar presente messages or planned business matter that has not opportunity as a result of our association with Millennium without first obtaining approval. Written approval been releasedand publicly training by to Millennium.our staff look forSpecifi themcally in the, employeesMillennium M areinute not and allowed to release information without must be obtained from the Millennium CEO or designee. Examples of business opportunities include real authorizationEmails!) regarding: estate deals, patents and purchasing options. • Pricing Chief •Compliance, Financial DEthicsata & Risk Officer CompetitorsThe Chief• MarketingCompliance, and Suppliers: Programs Ethics Employees & Risk Officer may acts not asinvest Millennium’s in any company Chief Compliance that is a supplier & Risk orOfficer competitor and is of Millenniumresponsible• Electronic without for overseeing fi rstMedical disclosing Millennium’s Record this T echniquesin cwritingompliance to and the activities. A pplicationsCEO.

Compliance Program Plan & Handbook PagePage 14 10 of of 25 26 ComplianceCompliance ProgramProgram Plan Plan & & Handbook Handbook Page 13 of 25 Hotline: Hotlin 855-517e: 855-8676-517 -8676 Created 10/2018, Revised 5/2019 CreatedCreated 10/2018,10/2018, Revised Revised 5/2019 5/2019

OwnershipThese guidelines of less are than not 5 intendedpercent of to a minimize business’s the publicly importance traded of securities other applicable is not a confl laws,ic regulations,t of interest. Key professionalMillennium standards Privacy or and ethical Security principle Compliances which mayPolicies be covered in more detail under other compliance employees or members of their immediate families may not work for, provide service to or serve as officers documents and policies. While the Compliance Handbook does not address every conceivable situation, it or directors of a competitor or supplier of Millennium without first disclosing it in writing to the CEO. Key doesMillennium’s summarize PrivacyMillennium’ and Security s basic standardsCompliance and Policies expectations are located for employeeon Millennium’s conduct. Compliance Questions 360 or Policyconcern s employees are department heads and above. notModule. specifically This addressed is a desktop in theicon Compliance accessible to Handbook all Millennium may beemployees. covered in These the other policies Compliance provide guidance documents to Millennium staff regarding the use and disclosure of patient information in the medical record, the electronic or maypatient be resolvedrecord, or by in using conversations. the Four Step All newly Communication hired employees Process. are trained personally by the Privacy Officer and ConfidentialSecurity Offi Information:cer . This important Sharing informationtraining gives between employees and the among information employees they is need encourag to knowed where to be compliant itPatient supportswith Rights,the our privacy missionRelationships rules of and improving regulations. and Patient health. Care The use of confidential, non-public information for personal advantageMillennium is is prohibited. committed In to addition, providing the quality release healthcare of confiden to itstial patients. information Assuring is prohibited the quality unless of medical authorized. services is ExamplestheM singleaintaining ofmost authorized secureimportant private releas responsibility espatient include information ofpress each releases, Millennium is imperative advertisements employee. to our organization. Allor Millenniummanagement The employees community, announcements. are stakeholders expected to contributeand members to this of oureffort workforce and to promote depend on exemplary us to provide conduct strict that security complies measures fully with and lawspromise and ofstandards privacy applicableprotections. to the It industry. is paramount Misconduct to our success of any kind, to provide including assurances fabrication to every or falsifi personcation that of we any take medical the privacy services or documents,Outsideand security Employment: masking of his/her incorrect Employment information services, with very or non seriously.any- Millenniumother action companies which might must compromise not interfere the orquality confl icandt with integrity the of theperformance patient’s care, of one’s will dutiesnot be at tolerated. Millennium. Employees who engage in such misconduct will be subject to corrective actionManagement up to and including of the Millennium termination Compliance of employment. Program Loans: Employees and their immediate family members may not loan to or borrow from suppliers or customers. DealingsFreedomThe Compliance with of Choice banks Program and other was fi nancialcreated companiesat the direction which of ariseMillennium’s in the normal Board. course The Board of business Committ areee allowed.oversees Uponthe the operation patient’s of fi therst Complianceappointment Program to a healthcare and receives servic regulare, Millennium reports from must Millennium’s provide him/her Chief with Compliance, a written statementEthics & of Risk patient’s Officer rights.. All Millennium This statement leaders, must from include the Board the rights Chairman of patients to the Seniorto make Leadership decisions in regarding every their medicalPropertyMillennium care of Millennium:and Facility it must, are conform Employees important to all mayto applicable Millennium’s not use state or compliancepermit and federal others efforts. lawsto use andThe Millenni regulations.Complianceum property ProgramPatients or mustis its essential employees be given theon dutyto opportunity Millennium’s for personal to futurebe benefi involved success.t or in the all Therefore, gain aspects of others. of all their employees, Please care andrefer as Millennium towell the as following all persons must policies obtain and entities informedlocated retained on consent the Compliance and for treatment.360authorized Policy As& Procedure applicable,to act on behalf Module each ofpatient desktop:Millennium or patient (“agents”), representative are responsible may be providedfor understanding with a clear and explanation following the of carecompliance including, butpolicies not limitedthat make to, updiagnosis, the Compliance plan of care, Program. right to refuse or accept care, care decision dilemmas, • Meals and Entertainment Policy advanceManagers• directiveReferral and supervisorsoptions, Sources and Policy must an explanation consistently of enforce the risks and and communicate benefit associated Millennium’s with available Compliance treatment Policies to options.all employees• PatientsBusiness andmay or agents be Pers referredonal within Gifts to their specialty from business Outside providers areas. Business; Finally, the patientsAssociates every willemployee be provided and agent choice ares responsiblein this process for as well.detecting, resolving and reporting to the appropriate Millennium management unlawful conduct that may violate the Compliance Program or Millennium’s Compliance Policies. Employees should not solicit personal gifts, services or entertainment of any kind ConfidentialGifts and Entertainment: Information fromThereCertain any are patient, two persons general customer and types departments or of company confiden within tialdoing Minformation:illennium or seeking have patient to dobeen business medical charged withinformation with Millennium. management, and , business of the Complianceinformation. InformationProgram. aboutThese apersons patient’s and medical departments condition serve is highly as resources sensitive to andall employees its confiden totiality ensure must that be the maintained. Compliance NoEmployees Programemployee, and and physician m Millennium’sembers or of other their Compliance healthcare immediate Policies provider family are may hasimplemented accept the right non to and-monetary any enforced patient gifts informationconsistently. or services other T fromhey arethan any the: what company doing or seeking to do business with Millennium as long as it is clear that no attempt is being made is necessary• toChief perform Compliance, his or her Ethics job. No & Riskemployee Officer should ever release or discuss patient-specific information to influence any business decision. with others• unlessCompliance it is necessary Committee to provide appropriate medical care to the patient; it is with the patient’s written consent• Compliance; or, it is required Data Auditor or permitted by law. Finally, all employees are expected to maintain the cIfonfidentiality employees• are ofCompliance offeredprotected and Analyst health accept information gifts or services, (“PHI”) they as that should term report is defi itned if it byarise thes inStandards the normal for coursePrivacy of of Individuallya business •relationship. IdentifiPrivacyable Offi ExamplesHealthcer Information of reasonable (commonly and customary known asentertainment the “HIPAA Privacy include Regulations”). restaurant meals, tickets to sporting• Chief or Information cultural events & Security or other Offi outings.cer Employees should obtain written approval from their supervisorConfidential • prior businessCornelius to accepting information Compliance any offer is and any of Patty information entertainment Privacy (Tabouthey that help a is presentshar note r messageseasonable or planned and business customary matter or does that not has arise not inbeen the releasednormal andcoursepublicly training of by a tbusinessMillennium.o our staff relationship. look Specifi for themcally in the, employees Millennium are Min utenot and allowed to release information without authorization regarding:Emails!) It is helpful• Pricingto divide this issue into two general categories: (a) personal gifts and gratuities (money, merchandise, Chief• Compliance,Financial products, D ataEthics use of & products, Risk Officer facilities or equipment, etc.); and (b) personal entertainment (meals, sportingThe •Chief or Marketingcultural Compliance, events, Programs Ethics etc.). & Regardless Risk Officer of acts category, as Millennium’s the Chief ChiefCompliance Compliance, Ethic s& & Risk Risk Officer Officer and generally is recommendsresponsible• Electronic that for overseeing the Medical employee Millennium’s Record first Tdiscussechniques compliance the matterand Aactivities.pplications with his or her supervisor and obtain the supervisor’s permission.

Compliance Program Plan & Handbook PagePage 13 10 of of25 26 Compliance Program Plan & Handbook Page 15 of 25 Hotline: 855Hotlin-517e: -8558676-517 -8676 Created 10/2018, Revised 5/2019 Hotline: 855-517-8676 Created 10/2018, Revised 5/2019

PrincipalPrincipal D Documenocumentsts of of the the M Millenniumillennium Physician Physician G Grouproup // MMillenniumillennium Healthcar Healthcaree Complianc Compliancee Pr Proogrgramam (Continued(Continued) (Continued)) These guidelines are not intended to minimize the importance of other applicable laws, regulations, professionalPersonalMillennium Gifts standards Privacy and Gratuities: and or ethical Security principle Compliances which Policies may be covered in more detail under other compliance documents and policies. While the Compliance Handbook does not address every conceivable situation, it Millennium’s• Employees Privacy andshould Security not solicit Compliance personal Policies gifts from are located patients, on customers, Millennium’s companies Compliance doing 360 business Policy does summarizewith Millennium’Millennium, s or basic companies standards seeking and expectations to do business for with employee Millennium. conduct. Questions or concerns notModule. specifi cThisally isaddressed a desktop in icon the accessible Compliance to Handbookall Millennium may employees. be covered Thesein the policiesother C omplianceprovide guidance documents to Millennium• Employees staff regarding are discouraged the use and from disclosure accepting of patient gifts in information general. in the medical record, the electronic or may be resolved by using the Four Step Communication Process. patient• record,Cash andor in cash conversations. equivalents All may newly never hired be employeesaccepted. Cash are trained and cash personally equivalents by the must Privacy either Offi bec er and

Security Offireturnedcer . This to importantthe gifting training person givesor entity employees or, in the the rare information circumstances they needwhere to this know is notto be possible, compliant Patient Rights, Relationships and Patient Care with the privacymust be rules surrendered and regulations. to a Millennium affiliated charitable foundation for its unrestricted use. Millennium is committed to providing quality healthcare to its patients. Assuring the quality of medical services is • Employees may accept from outside entities or persons a non-monetary gift of nominal value theM singleaintaining most secure important private responsibility patient information of each Millenniumis imperative employee. to our organization. All Millennium The community,employees stakeholdersare expected toand contribute memberswhich to ofthis is our a effort tokenworkforce and of torespect depend promote or on friendship exemplary us to provide and conduct isstrict consistent thatsecurity complies with measures the fully following andwith promise laws guidelines: and of standardsprivacy applicableprotections. to the It is industry. paramount Misconduct to our success of any to kind, provide including assurances fabrication to every or falsifi personca tionthat ofwe any take medical the privacy services or documents,Nominaland security value masking of means his/her incorrect $50 information or less services, for very any or seriously.single any other gift, i.e. actio fruitn whichbasket, might bottle compromise of wine, etc. the quality and integrity of the patient’s care, will not be tolerated. Employees who engage in such misconduct will be subject to corrective actionAllManagement gifts up accepted to and of including from the Millenniuma single termination person Compliance orof entityemployment. duringProgram a rolling three-month period may not exceed $50.

FreedomEmployeesThe Compliance of may Choice accept Program unsolicited was created non at-monetary the direction gifts of if Millennium’sit is clear that Board. the acceptance The Board Committdoes notee raise oversees an Uponobligationthe operationthe patient’s on the of partthe first Compliance ofappointment the recipient. Program to Ina healthcare anyand event,receives servic the regular acceptinge, Millennium reports of fromany must gifts Millennium’s provide must followhim/her Chief Millennium’s Compliance,with a written BusinessstatementEthics & Gift Riskof policy.patient’s Officer . Allrights. Millennium This statement leaders, must from include the Board the Chairman rights of patients to the Senior to make Leadership decisions in regardingevery their medicalMillennium care andFacility it must, are conform important to toall Millennium’s applicable state compliance and federal efforts. laws The and Compliance regulations. Program Patients is must essential be given theto opportunity Millennium’s to future be involved success. in Therefore,all aspects allof employees,their care and as wellMillennium as all persons must obtain and entities informed retained consent and for Personal Entertainment: treatment.authorized As to applicable, act on behalf each of patient Millennium or patient (“agents”), representative are responsible may be for provided understanding with a clear and followingexplanation the of carecompliance including• Employees policies, but not that shouldlimited make notto, up diagnosis,solicit the Compliance personal plan of entertainment Program.care, right to fromrefuse patients, or accept customers, care, care companies decision dilemmas, doing business with Millennium or companies seeking to do business with Millennium. advanceManagers directive and supervisors options, and must an consistentlyexplanation enforceof the risks and andcommunicate benefit associated Millennium’s with C availableompliance treatment Policies to options.all employees• PatientsEmployees and may agents be may referred withinaccept theirto unsolicited specialty business providersoffers areas. of Finally, reasonable; the patients every and employee will customary be provided and agententertainment choice are responsibles in this if it processis for asdetecting, well. infrequent resolving and; it reportingis in the ordinary to the appropriate course of the Millennium business relationshipmanagement; and unlawful, the settin conductg is thatreasonable, may violate theappropriate Compliance and Program fitting or. Millennium’s Compliance Policies. Confidential Information ThereCertain are persons two general and departmentstypes of confi withindential M information:illennium have patient been medicalcharged informationwith management, and, business of the Compliance information. Conflict Disclosure Statement InformationProgram. These about persons a patient’s and medicaldepartments condition serve is as highly resources sensitive to all and employees its confi dento tialityensure must that bethe maintained. Compliance Upon hire and on an annual basis, a Conflict of Interest Attestation is completed by all employees of NoProgram employee, and physician Millennium’s or other Compliance healthcare Policies provider are implemented has the right and to any enforced patient consistently. information T otherhey are than the: what isMillennium, necessary toadministrators, perform his or employed her job. Nophysicians employee and should other everemployees release and or discuss individua patientls designated-specific byinformation their supervisor,• theChief Chief Compliance, Compliance Ethics, Ethics & Risk& Risk Officer Offic er or the Chief Financial Officer. All potential Conflicts of with others• unlessCompliance it is necessary Committee to provide appropriate medical care to the patient; it is with the patient’s writtenInterest consentare to be; or described, it is required during or the permitted hiring process, by law. includedFinally, all into employees any contract are expected and approved to maintain by the t CEO.he Required •to beCompliance submitted Data annually, Auditor the Attestation affirms that the individual has -- confidentiality• Compliance of protected Analyst health information (“PHI”) as that term is defined by the Standards for Privacy of Individually• • received IdentifiPrivacyable aOffi copy Healthcer of the Information Conflict of (commonly Interest policy known; as the “HIPAA Privacy Regulations”). • • readChief and Information understands & Security the policy Offi; cer Confident• •ial agreed businessCornelius to complyinformation Compliance with theandis any policy Patty information ;Privacy and, (T heyabout help a shar presente messages or planned business matter that has not been released• respondedand publicly training fully, by to Millennium.our accurately staff look and forSpecifi them completelycally in the, employeesM illenniumto all que M arestionsinute not and in allowed the disclosure to release form. information without authorizationEmails!) regarding: New disclosures• Pricing or disclosures covering changed circumstances related to matters previously disclosed must be Chief disclosed •Compliance, Financial in writing DEthicsata to consult & Risk others, Officer when the officer, director or employee becomes aware of the new or changeThe Chiefd• circumstances. MarketingCompliance, Programs TheEthics Chief & Risk Compliance Officer acts, Ethics as Millennium’s & Risk Officer Chief reports Compliance all such & disclosures Risk Officer to and the is Complianceresponsible• Electronic Board for overseeing Committee. Medical Millennium’s Record Techniques compliance and activities. Applications

Page 10 of 26 ComplianceCompliance ProgramProgram Plan Plan & & Handbook Handbook Page 1613 of 25 Hotline: Hotlin 855-517e: 855-8676-517 -8676 CreatedCreated 10/2018,10/2018, Revised Revised 5/2019 5/2019

PrincipalPrincipalPrincipal D Documen ocumenDocumentsts tsof of of the the the M M Millenniumillenniumillennium Physician Physician Physician G G Grouprouproup / / / MMillenniumMillenniumillennium HealthcarHealthcar Healthcaree Complianc eComplianc Compliancee Pre Pr Proogrogrgramamam (Continued) (Continued) (Continued) These guidelines are not intended to minimize the importance of other applicable laws, regulations, AntitrustprofessionalMillennium Matters standards Privacy andor ethical Security principle Compliances which Policies may be covered in more detail under other compliance Andocumentstitrust laws and forbid policies. companies While thefrom Compliance doing business Handbook in a way does that not gives address them every too much conceivable control situation,in the it marketplace.doesMillennium’s summarize The Privacy Millennium’purpose and of Security these s basic laws Compliancestandards is to preserve and Policies expectations competition. are located for These on employee Mill lawsennium’s mayconduct. affectCompliance Questions employees’ 360 or Policy concerndealings s Module. This is a desktop icon accessible to all Millennium employees. These policies provide guidance to withnot specifipatients,cally doctors, addressed payers, in the suppliers Compliance and coHandbookmpetitors may of Millennium. be covered inFor the purposes other C ofompliance the antitrust documents laws, Millennium staff regarding the use and disclosure of patient information in the medical record, the electronic membersor patientmay be of record,resolved Millennium or by in usingconversations. are thenot Fourcompetitors StepAll newly Communication of hired one another. employees Process. Hospitals are trained and healthcarepersonally byproviders the Privacy who Offi arec noter and controlledSecurity by Offi Millenniumcer . This importantshould be trainingconsidered gives competitors employees ofthe Millennium. information they need to know to be compliant Patientwith the Rights, privacy Relationships rules and regulations. and Patient Care TheMillennium antitrust is la committedws are violated to providing if competitors quality agree healthcare to: to its patients. Assuring the quality of medical services is theM singleaintaining most secure important private responsibility patient information of each Millennium is imperative employee. to our organization. All Millennium The employeescommunity, arestakeholders expected to andcontribute •members Fix pricesto thisof our oreffort pricingworkforce and methods. to dependpromote on exemplary us to provide conduct strict that security complies measures fully withand promiselaws and of standards privacy applicableprotections.• Allocateto the It industry.is patients,paramount Misconduct payer to our contracts success of any or tokind, regions. provide including assurances fabrication to every or falsifi personcation that of we any take medical the privacy services or documents,and •security Boycott masking of his/her or incorrectrefuse information to services,do business very or seriously. any with other a payer, actio physician,n which might provider compromise or other party. the quality Such refusalsand integrity may of the patient’sinclude care, thewill denialnot be or tolerated. canceling Employees of medical who staff engage memberships in such misconductor privileges. will be subject to corrective actionManagement up to and ofincluding the Millennium termination Compliance of employment. Program Antitrust violations can occur even without a written or oral agreement. It is possible to conclude that a violationFreedomThe Compliance of of the Choice antitrust Program laws was has created occurred at the if two direction competitors of Millennium’s have had Board. an opportunity The Board to Committ consultee with oversees each otherUponthe and theoperation patient’sappear of to fithe berst Compliance cooperatingappointment Program to to control a healthcare and the receives marketplace. servic regulare, Millennium reports from must Millennium’s provide him/her Chief withCompliance, a written statementEthics & ofRisk patient’s Officer .rights. All Millennium This statement leaders, must from include the Board the Chairmanrights of patients to the Senior to make Leadership decisions in regarding every their Formedical Millenniumthis reason, care and Facility employees it must, are conform shouldimportant avoid to allto discussionsapplicableMillennium’s state with compliance andour competitorsfederal efforts. laws The andconcerning: Compliance regulations. Program Patients is must essential be given theto opportunity Millennium’s to future be involved success. in all Therefore, aspects ofall their employees, care and as Millenniumwell as all persons must obtain and entities informed retained consent and for • Prices or payer rates; treatment.authorized As to applicable, act on behalf each of patient Millennium or patient (“agents”), representative are responsible may be for provided understanding with a clear and explanationfollowing the of • Our desire to deal with a particular payer or group of payers, or patient or group of patients; or, carecompliance including, policies but not that limited make to, up diagnosis, the Compliance plan of care,Program. right to refuse or accept care, care decision dilemmas, • The granting of memberships, privileges, or, managed care participation status concerning any advance directive options, and an explanation of the risks and benefit associated with available treatment Managersphysician, and supervisors healthcare must provider consistently or group enforce of providers. and communicate Millennium’s Compliance Policies to options.all employees Patients and may agents be referred within to their specialty business providers areas. Finally,; the patients every employee will be provided and agent choice ares responsible in this process for as detecting,well. resolving and reporting to the appropriate Millennium management unlawful conduct that may Employmentviolate the MattersCompliance - Employee Program Rightsor Millennium’s Protected Compliance Policies. Employees’Confidential rights Information are best protected by open communication and a spirit of cooperation. Millennium is committeThereCertain ared two personsto providing general and types departmentsequal of employment confi withindential opportunitM information:illenniumies have patientin thebeen workplace. medical charged information with The Organizationmanagement, and, fosterbusiness of thes a Compliance working information. environmentInformationProgram. These aboutfree of persons a prejudice patient’s and ormedical departments harassment condition serve on theis ashighly grounds resources sensitive of torace, all and employeescolor, its confi religion,den totiality ensuresex or must gender,that be the maintained. gender Compliance orientation,NoProgram employee, andage, physician Millennium’s disability, or national other Compliance healthcare origin Porolicies anyprovider other are implemented has legally the prohibitedright andto any enforced factor. patient Millennium consistently.information is expected Totherhey are than the:to whatabide byis necessaryall federal,• to stateChief perform and Compliance, local his or laws her Ethics dealing job. &No Risk withemployee Officer employment should ever matters. release or discuss patient-specific information with others• unlessCompliance it is necessary Committee to provide appropriate medical care to the patient; it is with the patient’s written consent• Compliance; or, it is required Data Auditor or permitted by law. Finally, all employees are expected to maintain the Workplace Harassment confidentiality• Compliance of protected Analyst health information (“PHI”) as that term is defined by the Standards for Privacy of Workplace harassment is belittling, or threatening behavior directed at an individual worker or a group of Individually• IdentifiPrivacyable Offi Healthcer Information (commonly known as the “HIPAA Privacy Regulations”). workers. Workplace harassment is unwelcome conduct from a boss, coworker, group of coworkers, vendor, or • Chief Information & Security Officer customer whose actions, communication, or behavior mocks, demeans, puts down, disparages, or ridicules an Confident•ial businessCornelius information Compliance isand any Patty information Privacy (T abouthey help a sharpresente messages or planned business matter that has not employee. Physical assaults, threats, and intimidation are severe forms of harassment and bullying. been releasedand publicly training by t oMillennium. our staff look Specififor themcally in the, employees Millennium Mareinute not and allowed to release information without

authorization Emails!)regarding: Harassment may also include offensive jokes, name-calling, offensive nicknames, pornographic images on a • Pricing laptop, and offensive pictures or objects. Interfering with an employee’s ability to do his or her work is also Chief• Compliance,Financial D Ethicsata & Risk Officer considered a form of harassment. The Chief• Marketing Compliance, Programs Ethics & Risk Officer acts as Millennium’s Chief Compliance & Risk Officer and is

responsible• Electronic for overseeing Medical Millennium’s Record Techniques compliance and activities.Applications Demeaning an employee for any aspect of their parental status, appearance, weight, habits, accent, or beliefs can be considered harassment and can add to a claim about a hostile work environment.

Page 10 of 26 ComplianceComplianceCompliance Program Program Plan Plan & & Handbook Handbook PagePage 17 13 of of 25 25 Hotline: Hotline: 855Hotlin 855-517-517e: -8558676-8676-517 -8676 CreatedCreatedCreated 10/2018, 10/2018,10/2018, Revised Revised 5/2019 5/2019

HarassmentThese guidelines creates are a not negative intended environment to minimize affecting the importance not only theof other targeted applicable individuals laws, but regulations, also non- targetedprofessionalMillennium employees. standards Privacy and or ethical Security principle Compliances which Policies may be covered in more detail under other compliance documents and policies. While the Compliance Handbook does not address every conceivable situation, it Millennium’s Privacy and Security Compliance Policies are located on Millennium’s Compliance 360 Policy doesHarassment, summarize as a Millennium’ form of employment s basic standards discrimination, and expectations violates Title for VIIemployee of the Civil conduct. Rights Questions Act of 1964 or, theconcern Age s notModule. specifi cThisally isaddressed a desktop in icon the accessible Compliance to Handbookall Millennium may employees. be covered Thesein the policiesother C omplianceprovide guidance documents to DiscriminationMillennium staff in Employment regarding the Act use of and 1967 disclosure, (ADEA), ofand patient, the Americans information with in theDisabilities medical Actrecord, of 1990, the electronic (ADA). orDependingpatient may be record, resolved on State or byinlaws conversations. using, protected the Four classifications AllStep newly Communication hired of employees Process. aremay trained include: personally by the Privacy Officer and Security Officer . This important training gives employees the information they need to know to be compliant • Patientwith the Rights, privacyAge Relationships rules and regulations. and Patient Care Millennium• Race is committed to providing quality healthcare to its patients. Assuring the quality of medical services is theM singleaintaining• mostReligion secure important private responsibility patient information of each Millenniumis imperative employee. to our organization. All Millennium The community,employees stakeholdersare expected toand contribute members• National to ofthis our Origineffort workforce and to depend promote on exemplary us to provide conduct strict thatsecurity complies measures fully andwith promise laws and of standardsprivacy applicableprotections.• toSex the Itor is industry. Gender paramount Misconduct to our success of any to kind, provide including assurances fabrication to every or falsifi personca tionthat ofwe any take medical the privacy services or documents,and security• Gender masking of his/her Identity incorrect information services, very or seriously. any other action which might compromise the quality and integrity of the patient’s• Sexual care, Orientationwill not be tolerated. Employees who engage in such misconduct will be subject to corrective actionManagement up• toPhysical and of including the or MentalMillennium termination Disability Compliance of employment. Program • Color FreedomThe Compliance• ofPregnancy Choice Program was created at the direction of Millennium’s Board. The Board Committee oversees Uponthe operationthe• patient’sGenetic of the fi Informationrst Compliance appointment Program to a healthcare and receives servic regulare, Millennium reports from must Millennium’s provide him/her Chief Compliance,with a written statementEthics• & RiskofWeight patient’s Officer . Allrights. Millennium This statement leaders, must from include the Board the Chairman rights of patients to the Senior to make Leadership decisions in regardingevery their medicalMillennium care andFacility it must, are conform important to toall Millennium’s applicable state compliance and federal efforts. laws The and Compliance regulations. Program Patients is must essential be given theto opportunity Millennium’s to future be involved success. in Therefore,all aspects allof employees,their care and as wellMillennium as all persons must obtain and entities informed retained consent and for According to the US Equal Employment Opportunity Commission, harassment becomes illegal when: treatment.authorized As to applicable, act on behalf each of patient Millennium or patient (“agents”), representative are responsible may be for provided understanding with a clear and followingexplanation the of carePuttingcompliance including up with policies, but the not offensive that limited make and to, up diagnosis,unwanted the Compliance plan actions, of Program.care, communication, right to refuse or or behavior accept care,becomes care adecision condition dilemmas, of advancecontinued directive employment options, or whenand an the explanation behavior isof severe the risks and and pervasive benefit enassociatedough to create with available a work environment treatment thatManagers any reasonable and supervisors individual must would consistently find intimidating, enforce and hostile, communicate or abusive. Millennium’s Compliance Policies to options.all employees Patients and may agents be referred within theirto specialty business providers areas. Finally,; the patients every employee will be provided and agent choice are responsibles in this process for asdetecting, well. resolving and reporting to the appropriate Millennium management unlawful conduct that may Harassmentviolate the Complianceagainst individuals Program is or also Millennium’s prohibited Compliance in these specific Policies. situations. Confidential Information • ThereCertain are persons twoRetaliation general and departments typesfor filing of confia discrimination withindential M information:illennium charge; have patient been medicalcharged informationwith management, and, business of the Compliance information. • InformationProgram. TheseTestifying, about persons a patient’s or participating and medicaldepartments incon anydition serve way is, asin highly anresources investigation, sensitive to all and employees proceeding, its confi dento or tialityensure lawsuit must that under bethe maintained. Compliancethese laws; or , • NoProgram employee, andOpposing physician Millennium’s employment or other Compliance healthcare practices Policies providerthat are the implemented employeehas the right reasonably and to any enforced patient believe consistently. informations discriminate T otherheys against are than the: what individuals in violation of these laws. is necessary• to perform his or her job. No employee should ever release or discuss patient-specific information Chief Compliance, Ethics & Risk Officer with others• unless it is necessary to provide appropriate medical care to the patient; it is with the patient’s Millennium expectsCompliance staff Committeeto treat each other with respect, fairness, honesty and integrity. Our goal and written consent• Compliance; or, it is required Data Auditor or permitted by law. Finally, all employees are expected to maintain the anticipation is to consciously create a workplace culture free of harassment, with safe and confidential ways to confidentiality• Compliance of protected Analyst health information (“PHI”) as that term is defined by the Standards for Privacy of report it! We have a responsibility to recognize harassment, respond immediately and investigate, and remedy Individually• IdentifiPrivacyable Offi Healthcer Information (commonly known as the “HIPAA Privacy Regulations”). by initiating prevention, detection and to deter any possibility of future misconduct. • Chief Information & Security Officer Confident•ial businessCornelius information Compliance andis any Patty information Privacy (T heyabout help a shar presente messages or planned business matter that has not Health,been released Safetyand publiclyand training the byEnvironment to Millennium.our staff look forSpecifi themcally in the, employeesMillennium M areinute not and allowed to release information without Eauthorizationmployees areEmails!) regarding: expected to:

• LearnPricing the procedures for handling and disposal of any hazardous materials used on the job.

Chief •Compliance, KnowFinancial the DEthics safetyata & procedures Risk Officer that apply to our job. The Chief Compliance, Ethics & Risk Officer acts as Millennium’s Chief Compliance & Risk Officer and is • ShareMarketing with Psupervisorrograms ideas for improving safety and reducing waste. responsible for overseeing Millennium’s compliance activities. • UseElectronic best efforts Medical to Recordensure thatTechniques actions andare carriedApplications out in a safe and healthy manner.

Page 10 of 26 ComplianceCompliance ProgramProgram Plan Plan & & Handbook Handbook Page 1813 of 25 Hotline: Hotlin 855-517e: 855-8676-517 -8676 CreatedCreated 10/2018,10/2018, Revised Revised 5/2019 5/2019

PrincipalPrincipalPrincipal D Documen ocumenDocumentsts tsof of of the the the M M Millenniumillenniumillennium Physician Physician Physician G G Grouprouproup /– / / M illennium MMillenniumMillenniumillennium HealthcarHealthcar HealthcarHealthcaree Complianc eComplianc Compliancee Pre ePr PrProogrogrogrgramamamam (Continued) (Continued) (Continued) (Continued) OurTheseThese commitment guidelines guidelines are toare health,not not intended intended safety toand to minimize minimize environmental the the importance importance protection of of canother other be applicable applicableseen in our laws, laws, efforts regulations, regulations, to reduce the generationprofessionalprofessionalMillennium of standards standards waste. Privacy Waste or andor ethical ethical shouldSecurity principle principle be Compliance recycledss which which or mayPoliciesreused may be be whenever covered covered in in possi more moreble. detail detail Waste under under that other other cannot compliance compliance be recycled or reuseddocumentsdocuments should and and be policies. policies. discarded While While in a the thesafe Compliance Compliance manner. Handbook Handbook does does not not address address every every conceivable conceivable situation, situation, it it Millennium’s Privacy and Security Compliance Policies are located on Millennium’s Compliance 360 Policy doesdoes summarize summarize Millennium’ Millennium’ s s basic basic standards standards and and expectations expectations for for employee employee conduct. conduct. Questions Questions or or concern concernss notnotModule. specifi specificcally Thisally addressed addressedis a desktop in in theicon the Compliance accessibleCompliance to Handbook Handbook all Millennium may may be employees.be covered covered in inThese the the other otherpolicies C Complianceompliance provide guidance documents documents to Millennium staff regarding the use and disclosure of patient information in the medical record, the electronic orDutiesor may patientmay Concerningbe be resolved record,resolved or byFinancial by in using usingconversations. the theMatters Four Four Step StepAll newly Communication Communication hired employees Process. Process. are trained personally by the Privacy Officer and EmployeesSecurity are Offi requiredcer . This to important maintain trainingthe financial gives recordsemployees of Millennium the information in an they accurate need and to know complete to be manner.compliant PatientPatientwith Rights,the Rights, privacy Relationships Relationships rules and regulations. and and Patient Patient Care Care MillenniumAccountingMillennium controlsis is committed committed must tobe to providing suffiprovidingcient quality toquality provide healthcare healthcare reasonable to to its its assurance patients. patients. Assuringthat: Assuring the the quality quality of of medical medical services services is is thetheM single singleaintaining most most secureimportant important private responsibility responsibility patient information of of each each Millennium Millennium is imperative employee. employee. to our organization. All All Millennium Millennium The employees employeescommunity, are arestakeholders expected expected • Financial contracts are carried out with management’s approval. toto contribute andcontribute members to to this thisof oureffort effort workforce and and to to promote dependpromote on exemplary exemplary us to provide conduct conduct strict that that security c compliesomplies measures fully fully with withand laws promiselaws and and of standardsstandards privacy • All transactions are recorded to help prepare financial statements and to account for assets. applicableapplicableprotections. to to the the It industry. industry.is paramount Misconduct Misconduct to our success of of any any kind, tokind, provide including including assurances fabrication fabrication to every or or falsifi falsifi personcacationtion that of of we any any take medicalmedical the privacy services services or or • documents,documents,and security Access masking masking of his/herto assetsincorrect incorrect information is permitted services, services, very or onlyor seriously.any any with other other managemen actio actionn which whicht’s approval.might might compromise compromise the the quality quality and and in integritytegrity of of • thethe patient’s patient’s Recorded care, care, will will assets not not be be are tolerated. tolerated. periodically Employees Employees compared who who with engage engage existing in in such such assets. misconduct misconduct Any differences will will bebe should subject subject be to to reported corrective corrective to management. actionactionManagement up up to to and and including ofincluding the Millennium termination termination Compliance of of employment. employment. Program

FreedomTheFreedomThe financial Compliance of of Choice Choicematters Program of Millennium, was created its employees, at the direction physicians of Millennium’s and patients Board. are The very Board private Committ and mustee oversees not be revealedUponUponthe the theoperation to patient’s patient’s outsid ofe fi parties.fitherstrst Compliance appointmentappointment Program to to a a healthcare healthcare and receives servic servic regulare,e, Millennium Millennium reports from must must Millennium’s provide provide him/her him/her Chief with withCompliance, a a written written statementstatementEthics & of ofRisk patient’s patient’s Officer rights. .rights. All Millennium This This statement statement leaders, must must from include include the Board the the rights Chairmanrights of of patients patients to the Seniorto to make make Leadership decisions decisions in regarding regarding every their their Millennium Facility, are important to Millennium’s compliance efforts. The Compliance Program is essential medicalDutiesmedical Concerning care care and and it it mustGovernment must conform conform- Fundedto to all all applicable applicable Programs state state and and federal federal laws laws and and regulations. regulations. Patients Patients must must be be givengiven thetheto opportunity opportunity Millennium’s to to futurebe be involved involved success. in in all all Therefore, aspects aspects of ofall their their employees, care care and and as Millennium Millenniumwell as all persons must must obtain obtain and entities informed informed retained consent consent and for for Millenniumauthorized receive to acts monieson behalf from of Millenniumgovernment (“agents”),-funded programs. are responsible Contracts for withunderstanding the government and following require the treatment.specialtreatment. care As As because applicable, applicable, of strict each each legal patient patient requirements or or patient patient representative andrepresentative complex language. may may be be provided providedFailure to with with observe a a clear clear government explanation explanation of of carecarecompliance including including, , butpolicies but not not limitedthat limited make to, to, updiagnosis, diagnosis, the Compliance plan plan of of care, care,Program. right right to to refuse refuse or or accept accept care, care, care care decision decision dilemmas, dilemmas, rules and regulations can result in the loss of funds or grants and civil and criminal penalties. For example, advanceadvance directive directive options, options, and and an an explanation explanation of of the the risks risks and and benefi benefit tassociated associated with with available available treatment treatment it isManagers a federal andcrime supervisors to make a must false consistently statement to enforce a federal and official communicate. Millennium’s Compliance Policies to options.options. Patients Patients may may be be referred referred to to specialty specialty providers providers; ;the the patients patients will will be be provided provided choice choicess in in this this processprocess all employees and agents within their business areas. Finally, every employee and agent are responsible for asas well. well. Millenniumdetecting, work resolvings with andgovernment reporting funds, to the Medicare appropriate and Millennium Medicaid; managementtherefore, employees unlawful must conduct know that the may rules

relatedviolate to thatthe Compliance work. Ignorance Program is not or Millennium’s an excuse. Employees Compliance are P olicies.to contact their supervisors or consult the ConfidentialConfidential Information Information ThereComplianceThereCertain are are two twopersons Department general general and types typesdepartments if they of of confi haveconfiden withindenanytial tialquestions Minformation: information:illennium regarding have patient patient been these medical medical charged rules. information information with management, ,and and, ,business business of the Complianceinformation. information. InformationInformationProgram. aboutThese about apersons a patient’s patient’s and medical medical departments con conditiondition serve is is highly ashighly resources sensitive sensitive to andall and employees its its confi confidenden totialitytiality ensure must must that be be the maintained. maintained. Compliance NoOccasionally,No Programemployee, employee, and payments physician physician Millennium’s fromor or other other researchCompliance healthcare healthcare grant Policies sprovider providerand areother hasimplemented has government the the right right to andto contracts any any enforced patient patient are information consistently. informationbased on costs. other Totherhey Only arethan than the:costs what what allowed by a contract may be billed to the government. Costs should be recorded in an accurate and consistent isis necessary necessary• to toChief perform perform Compliance, his his or or her her Ethics job. job. No &No Riskemployee employee Officer should should ever ever release release or or discuss discuss patient patient-specifi-specificc informationinformation manner. If Millennium is responsible for charging costs to a government contract or grant, or clinical trial, withwith others others• unless unlessCompliance it it is is necessary necessary Committee to to provide provide appropriate appropriate medical medical care care to to the the patient patient; ;it it is is with with the the patient’s patient’s employees are expected to do so in a reasonable and honest manner. writtenwritten consent consent• Compliance; ;or or, ,it it is is required required Data Auditor or or permitted permitted by by law. law. Finally, Finally, all all employees employees are are expected expected to to maintain maintain t hethe cconfidentialityonfidentiality• ofCompliance of protected protected Analyst health health information information ( “PHI”)(“PHI”) as as that that term term is is defi definedned by by the the Standards Standards for for Privacy Privacy of of IndividuallyIntellectualIndividually• Identifi PropertyIdentifiPrivacyableable Offi Health Healthcer Information Information (commonly (commonly known known as as the the “HIPAA “HIPAA Privacy Privacy Regulations”). Regulations”). Intellectual• propertyChief Information includes patents, & Security trademarks, Officer service marks, trade secrets, copyrights, proprietary informationConfiConfidentdential•ial andbusiness businessCornelius inventions information information Compliance or techniques. is isand any any Patty information informationIntellectual Privacy (T aboutproperty abouthey help a a present shar presentis protectede messages or or planned planned by federal business business and state matter matter laws. that that has has not not beenbeen released released andpublicly publicly training by by tMillennium. oMillennium. our staff look Specifi Specififor themcallycally in the, ,employees employees Millennium are Marein utenot not and allowed allowed to to release release information information without without Violationsauthorizationauthorization of the regarding: Emails!)regarding: intellectual property laws may result in personal civil damages or criminal charges. In addition, the entire• • MillenniumPricingPricing organization may be held responsible for the actions of individual employees who break intellectual Chief• • Compliance, FinancialpropertyFinancial D laws.D ataEthicsata & Risk Officer The •Chief • MarketingMarketing Compliance, P Programsrograms Ethics & Risk Officer acts as Millennium’s Chief Compliance & Risk Officer and is responsible• • ElectronicElectronic for overseeing Medical Medical Millennium’s Record Record T Techniquesechniques compliance and and A activities.Applicationspplications

Page 10 of 26 ComplianceComplianceCompliance Program Program Plan Plan & & Handbook Handbook PagePage 1913 13 of of 25 25 Hotline: Hotline: 855Hotlin 855-517-517e: -8558676-8676-517 -8676 CreatedCreatedCreated 10/2018, 10/2018,10/2018, Revised Revised 5/2019 5/2019

PrincipalPrincipalPrincipal D D ocumenDocumenocumentststs of of of the the the M M Millenniumillenniumillennium Physician Physician Physician G G Grouprouproup / // (Continued) MMillenniumillennium Healthcar Healthcaree Complianc Compliancee Pr Proogrgramam (Continued) (Continued) These guidelines are not intended to minimize the importance of other applicable laws, regulations, Inventions or techniques created by Millennium employees during the course of their employment are professionalMillennium standards Privacy and or ethical Security principle Compliances which Policies may be covered in more detail under other compliance the property of Millennium, unless there is a written agreement with Millennium stating differently. If documents and policies. While the Compliance Handbook does not address every conceivable situation, it MillenniumdoesMillennium’s summarize’s patents, Privacy Millennium’ techniques, and Security s basic publications Compliance standards and andPolicies tradeexpectations are secrets located arefor on employeeused Mill,ennium’s employees conduct. Compliance must Questions not 360disclose or Policy concern such s informationnotModule. specifi cThis allyto othe isaddressed a desktoprs. Employees’ in icon the accessible Compliance personal use to Handbook allof Millenniumthis information may employees. be covered is prohibited. Thesein the policiesother C omplianceprovide guidance documents to Millennium staff regarding the use and disclosure of patient information in the medical record, the electronic orpatient may be record, resolved or byin conversations. using the Four AllStep newly Communication hired employees Process. are trained personally by the Privacy Officer and IntellectualSecurity Offi Propertycer . This Not important Owned trainingby Millennium gives employees the information they need to know to be compliant DuringPatientwith thethe Rights, courseprivacy Relationships ofrules employment, and regulations. and the Patient workforce Care may have access to intellectual property owned by other businesses.Millennium isThis committed information to providing is private qualityand should healthcare not be to disclosed its patients. to others. Assuring Licensed the quality computer of medical software services is a is goodtheM singleaintaining example most secureof important intellectual private responsibility patientproperty information owned of each by Millenniumisanother imperative business. employee. to our Copying organization. All Millennium computer The software community,employees or the stakeholdersare materials expected thattoand contribute come members with to it ofthis violates our effort workforce copyright and to depend promote laws andon exemplary us Millennium to provide conduct policy.strict thatsecurity The c useomplies measures of ill egalfully copiesandwith promise laws of software and of standardsprivacy on company protections. It is paramount to our success to provide assurances to every person that we take the privacy hardwareapplicable is to prohibited. the industry. Misconduct of any kind, including fabrication or falsification of any medical services or and security of his/her information very seriously. documents, masking incorrect services, or any other action which might compromise the quality and integrity of Thethe followingpatient’s care,activities will notalso be may tolerated. violate theEmployees intellectual who property engage inlaws: such misconduct will be subject to corrective actionManagement up to and of including the Millennium termination Compliance of employment. Program • Installing software programs on more than one computer when it was sold for only one computer. FreedomThe Compliance ofFind Choice out Program how many was computers created at thecan directionuse a multiple of Millennium’s unit software Board. package The Board before Committ orderingee oroversees Uponthe operationthe patient’sinstalling of the fi rstsoftware. Compliance appointment Program to a healthcare and receives servic regulare, Millennium reports from must Millennium’s provide him/her Chief Compliance,with a written statementEthics• & RiskCopyingof patient’s Officer (by. Allrights.machine Millennium This or statement hand) leaders, an entire must from include issuethe Board of the a journal, Chairman rights of magazine patients to the Senior or to newsletter. make Leadership decisions Unless in regardingevery permission their medicalMillennium carefrom andFacility the it must publisher, are conform important to make to toall suchMillennium’s applicable copies statehas compliance been and obtainedfederal efforts. laws, the The and original Compliance regulations. should Program bePatients circulated is must essential within be given a theto opportunity Millennium’sgroup to orfuture be several involved success. subscriptions in Therefore,all aspects should allof employees,their be purchased. care and as wellMillennium as all persons must obtain and entities informed retained consent and for authorized to act on behalf of Millennium (“agents”), are responsible for understanding and following the treatment.• Copying As applicable, (by machine each patient or hand) or articlespatient fromrepresentative journals or may magazines be provided against with the a clearwishes explanation of the publisher. of carecompliance including policies, but not that limited make to, up diagnosis, the Compliance plan of Program.care, right to refuse or accept care, care decision dilemmas,

advance directive options, and an explanation of the risks and benefit associated with available treatment MedicareManagers and and Medicaid supervisors Fraud must and consistently Abuse enforce and communicate Millennium’s Compliance Policies to options.all employees Patients and may agents be referred within theirto specialty business providers areas. Finally,; the patients every employee will be provided and agent choice are responsibles in this process for Entitiesas well. that receive monies for services provided under Medicare and Medicaid are subject to several laws and regulationsdetecting, designed resolving to and prevent reporting fraud. to Thesethe appropriate laws were Millennium created to ensuremanagement that the unlawful federal conductfunds that that fi nancemay violate the Compliance Program or Millennium’s Compliance Policies. MedicareConfidential and InformationMedicaid are used only for those purposes. Failure to obey these laws can result in fines, jail orThere Certainexclusion are persons two from general Medicare and departmentstypes and of confiMedicaid withindential programs. M information:illennium Some have patient of been the medicalchargedmore important informationwith management laws, and relating, business of theto fraud Compliance information. and abuseInformationProgram. are discussed These about persons a below: patient’s and medicaldepartments condition serve is as highly resources sensitive to all and employees its confi dento tialityensure must that bethe maintained. Compliance NoProgram employee, and physician Millennium’s or other Compliance healthcare Policies provider are implemented has the right and to any enforced patient consistently. information T otherhey are than the: what Billingis necessary and• Claims toChief perform Compliance, his or her Ethics job. & No Risk employee Officer should ever release or discuss patient-specific information Honestywith others and• unless accuracyCompliance it is in necessary billing Committee and to in provide the making appropriate of claims medical for Med careicare to orthe Medicaid patient; itpayment is with the is vital. patient’s It is a federalwritten felony consent• Compliance to ;willfully or, it is required makeData Auditora false or permitted statement by in law. connection Finally, all with employees a claim for are payment expected or to an maintain application the for certificonfidentialitycation• underCompliance of protected Medicare Analyst health and Medicaid. information (“PHI”) as that term is defined by the Standards for Privacy of Individually• IdentifiPrivacyable Offi Healthcer Information (commonly known as the “HIPAA Privacy Regulations”).

The Anti-Kickback• Chief InformationStatute & Security Officer Confident•ial businessCornelius information Compliance andis any Patty information Privacy (T heyabout help a shar presente messages or planned business matter that has not Thebeen anti released-kickback publicly statute by is Millennium.a federal law Specifiprohibitingcally, personsemployees from are willfully not allowed offering, to paying,release seeking information or without receiving anythingand tr ofaining value to to our bring staff laboutook for a them referral in the for M illenniummedical Mservicesinute and or goods payable under Medicare authorization regarding: or Medicaid. FailureEmails!) to obey this law can result in fines, jail or exclusion from the Medicare and Medicaid programs.• ThisPricing law prohibits kickbacks and bribes. It also affects the way healthcare entities carry out a broad range Chief of •Compliance, ordinary Financial business DEthicsata deals. & Risk Officer The Chief• MarketingCompliance, Programs Ethics & Risk Officer acts as Millennium’s Chief Compliance & Risk Officer and is responsible• Electronic for overseeing Medical Millennium’s Record Techniques compliance and activities. Applications

Page 10 of 26 ComplianceCompliance ProgramProgram Plan Plan & & Handbook Handbook PagePage 20 13 of of 25 25 Hotline: Hotlin 855-517e: 855-8676-517 -8676 Compliance Program Plan & Handbook Hotline: 855-517-8676 CreatedCreated 10/2018,10/2018, Revised Revised 5/2019 5/2019 Created 10/2018, Revised 5/2019

PrincipalPrincipalPrincipal D Documenocumen Documentsts of tsof theof the the M Millennium Millenniumillennium Physician Physician Physician G Group Grouproup – / M/ illennium MillenniumMillennium HealthcarHeal Healthcarthcare eCompliance Complianc Compliance ePre Pr Proogrogrgramamam (Continued) (Continued) (Continued)

TheThese following guidelines activities are not are intended illegal under to minimize the anti -thekickback importance statute: of other applicable laws, regulations, professionalMillennium standards Privacy or and ethical Security principle Compliances which mayPolicies be covered in more detail under other compliance documents • Routine and policies. waivers While of co the-insurance Compliance or deductibles Handbook for does reasons not address other than every real conceivable financial hardship. situation, it doesMillennium’s summarize• Offer or PrivacyMillennium’ acceptance and Security s of basic payment standardsCompliance other and than Policies expectations at fair are mar locatedket for value employeeon Mill forennium’s healthcare conduct. Compliance services Questions as 360 aor way Policyconcern of s notModule. specifigettingcally This addressed is morea desktop business. in theicon Compliance accessible to Handbook all Millennium may beemployees. covered in These the other policies Compliance provide guidance documents to Millennium staff regarding the use and disclosure of patient information in the medical record, the electronic • Acceptance of prizes, gifts, cash payments, coupons or bonuses offered to physicians or purchasers or maypatient be resolvedrecord, or by in using conversations. the Four Step All newly Communication hired employees Process. are trained personally by the Privacy Officer and Securityfor Offi pushingcer . This certain important products. training gives employees the information they need to know to be compliant Patientwith• Rights,theFinancial privacy Relationships incentivesrules and regulations.given and Patientto physicians Care that are based on number of referrals or levels of billing. Millennium is committed to providing quality healthcare to its patients. Assuring the quality of medical services is Thethe followingM singleaintaining most activities secureimportant must private responsibility be patientcarefully information monitored of each Millennium isto imperative assure compliance employee. to our organization. Allwith Millennium the anti The-kickback employees community, statute: are stakeholders expected to contributeand members to this of oureffort workforce and to promote depend on exemplary us to provide conduct strict that security complies measures fully with and lawspromise and ofstandards privacy • Space and equipment leasing applicableprotections. to the It industry. is paramount Misconduct to our success of any kind, to provide including assurances fabrication to every or falsifi personcation that of we any take medical the privacy services or • Discounts on goods and services documents,and security masking of his/her incorrect information services, very or seriously.any other action which might compromise the quality and integrity of • the patient’s Management care, will not and be personal tolerated. services Employees contracts who engage in such misconduct will be subject to corrective • Physician practice purchases actionManagement up to and including of the Millennium termination Compliance of employment. Program • Physician recruitment and retention

• Employment relationships FreedomThe Compliance of Choice Program was created at the direction of Millennium’s Board. The Board Committee oversees Uponthe the• operation patient’sManaged of fi thecarerst Complianceappointment initiatives Program to a healthcare and receives servic regulare, Millennium reports from must Millennium’s provide him/her Chief with Compliance, a written statementEthics & of Risk patient’s Officer rights.. All Millennium This statement leaders, must from include the Board the rights Chairman of patients to the Seniorto make Leadership decisions in regarding every their Inmedical additionMillennium care to theand Facility federal it must, are anti conform important-kickback to all tostatute, applicable Millennium’s there state may compliance and be statefederal efforts.anti laws-kickback andThe regulations.Compliance laws that apply.ProgramPatients mustis essential be given theto opportunity Millennium’s to futurebe involved success. in all Therefore, aspects of all their employees, care and as Millennium well as all persons must obtain and entities informed retained consent and for Bantreatment. authorizedon Self- AsReferrals applicable,to act on behalf each ofpatient Millennium or patient (“agents”), representative are responsible may be providedfor understanding with a clear and explanation following the of Generally,carecompliance including a physici, butpoliciesan not who limitedthat receives make to, updiagnosis, payment the Compliance plandirectly of care, orProgram. indirectly right to refusefrom, or or has accept an investment care, care decision interest dilemmas,in, a

healthcare business should not refer patients to that business for services paid by Medicare or Medicaid. There advanceManagers directive and supervisorsoptions, and must an explanation consistently of enforce the risks and and communicate benefit associated Millennium’s with available Compliance treatment Policies to areoptions. certainall employees Patients exceptions. andmay agents beIn addition, referred within tounder their specialty businessFlorida providers stat areas.utes,; Finally, thethe patientsphysician every willemployee self be-referral provided and law agent choice may are apply.s responsiblein this Therefore, process for any potentialas well.detecting, relationship resolving must and bereporting reviewed to theand appropriate approved by Millennium Millennium’s management Chief Compliance unlawful Offi conductcer and/or that mayLegal Counsel.violate Claims the Compliance should not Program be submitted or Millennium’s for services Compliance performed P olicies.as a result of improper referrals. Confidential Information ThereCertain are two persons general and types departments of confiden withintial Minformation:illennium have patient been medical charged information with management, and, business of the Complianceinformation. FederalInformationProgram. and State aboutThese False apersons patient’s Claims and medical Acts departments condition serve is highly as resources sensitive to andall employees its confiden totiality ensure must that be the maintained. Compliance TheNo FederalProgramemployee, False and physician Millennium’sClaim Act or (“FCA”)other Compliance healthcare was originally Policies provider enacted are hasimplemented theby President right to and any Lincoln enforced patient in 1863 informationconsistently. to combat other They contractor arethan the: what fraud against the Union Army during the Civil War. It imposes civil liability on any person or entity that knowingly is necessary• to perform his or her job. No employee should ever release or discuss patient-specific information submits, or causes Chief to Compliance,be submitted, Ethics a false & Risk or fraudulent Officer claim for payment to the U.S. government. It also with others• unless it is necessary to provide appropriate medical care to the patient; it is with the patient’s penalizes anyone Compliance who knowingly Committee uses, or causes to be used, a false record or statement to conceal, avoid, or written consent• Compliance; or, it is required Data Auditor or permitted by law. Finally, all employees are expected to maintain the decrease an obligation to pay money or transmit property to the U.S. government. The FCA covers fraud involving confidentiality• ofCompliance protected Analyst health information (“PHI”) as that term is defined by the Standards for Privacy of any federally funded contract or program such as Medicaid and Medicare. The term “knowingly” is defined to Individually• IdentifiPrivacyable Offi Healthcer Information (commonly known as the “HIPAA Privacy Regulations”). mean that a person: • Chief Information & Security Officer Confident• ialhas• business actualCornelius knowledge information Compliance of isthe and any falsity Patty information of Privacy the information, (Tabouthey help a presentshar e messages or planned business matter that has not been released• acts andinpublicly deliberate training by tMillennium.o ignorance our staff look of Specifi forthe them truthcally in theor, employees falsity Millennium of the are M ininformation, utenot and allowed or to release information without authorization• acts regarding: Emails!)in reckless disregard of the truth or falsity of the information, • Pricing For purposes Chief• Compliance,Financial of the FCA, D ataEthics a “claim” & Risk includes Officer any request or demand for money that is submitted to the U.S. governmentThe •Chief Marketing or Compliance, its contractors Programs Ethics (Fiscal & Risk Intermediaries Officer acts as orMillennium’s Carriers). HealthcareChief Compliance providers & Risk who Officer are convicted and is of violatingresponsible• theElectronic FCA for can overseeing be Medical subject Millennium’s Record to civil Techniques monetary compliance andpenalties Aactivities.pplications ranging from $10,781.40 and $21,562.80 per claim. In addition to these civil penalties, the government is entitled to recover treble damages, or triple the amount of any money it may have lost due to a false claim. Page 10 of 26 ComplianceCompliance Program Program Plan Plan & & Handbook Handbook PagePage 21 13 of of 25 25 Hotline: 855Hotlin-517e: -8558676-517 -8676 Compliance Program Plan & Handbook Hotline: 855-517-8676 CreatedCreated 10/2018, 10/2018, Revised Revised 5/2019 5/2019 Created 10/2018, Revised 5/2019

In addition, providers can also be required to pay three times the amount of damages sustained by the U.S. government.Millennium If Privacy a provider and is Security convicte Complianced of a FCA violation, Policies the Office of the Inspector General may seek to exclude the provider from participating in federal healthcare programs. Millennium’s Privacy and Security Compliance Policies are located on Millennium’s Compliance 360 Policy

Module. This is a desktop icon accessible to all Millennium employees. These policies provide guidance to ThMillenniume FCA include staffs a regarding whistlebl owthee user pro andvision disclosure, or a“qu ofi tampatient.” T hiinformations provision inall theow smedical any person record,, calle thed electronica “relator ,” withpatient actual record, knowledge or in conversations. of false claims All activity newly to hired file aemployees lawsuit on are behalf trained of the personally U.S. government. by the Privacy To qualify Officer as and a whistleblower,Security Officer individual . This importants must meet training certain gives conditions. employees the information they need to know to be compliant with the privacy rules and regulations. First, they must be the “original source” of the information reported to the federal government. If the matter is alreadyMaintaining the subject secure of private an investigation, patient information or if the healthcare is imperative provider to our hasorganization. already disclosed The community, the problem stakeholders to the government,and members the of whistleblower our workforce may depend be barred on us tofrom provide recovery. strict security measures and promise of privacy protections. It is paramount to our success to provide assurances to every person that we take the privacy Theand whistleblower security of his/her must informationalso file the very lawsuit seriously. in a fed eral court. The suit is kept “under seal,” meaning that it is kept confidential while the government reviews the case and decides whether or not to join in the case. If theManagement government ofdecides the Millennium to join (“intervene”), Compliance the Program prosecution is directed by the Department of Justice. If the government decides not to intervene, the whistleblower can continue with the lawsuit on his or her own. The Compliance Program was created at the direction of Millennium’s Board. The Board Committee oversees If thethe operationlawsuit is ofsuccessful, the Compliance the relator Program may andreceive receives an award regular ranging reports from from 15 Millennium’s to 30 percent Chief of Compliance,the amount recoveredEthics & Riskby the Officer government.. All Millennium The whistleblower leaders, from themay Board also Chairmanbe entitled to tothe reasonable Senior Leadership expenses in everyincluding attorney’sMillennium fees Facility and costs, are for important bringing to the Millennium’s lawsuit. compliance efforts. The Compliance Program is essential to Millennium’s future success. Therefore, all employees, as well as all persons and entities retained and authorized to act on behalf of Millennium (“agents”), are responsible for understanding and following the Undercompliance the federal policies False that Claims make Act, up theif an Compliance employee initiatesProgram. a qui tam claim and is then demoted, suspended, threatened, harassed or in any other manner discriminated against because he or she filed the claim, he/she mayManagers be entitled and supervisors to double back must pay, consistently interest on enforce the back and pay, communicate plus special Millennium’s damages including Compliance litigation Policies costs to and reasonableall employees attorneys’ and agents fees. within their business areas. Finally, every employee and agent are responsible for detecting, resolving and reporting to the appropriate Millennium management unlawful conduct that may Thviolatee Progr theam ComplianceFraud Civil R Programemedies or A ctMillennium’s of 1986 “PFC ComplianceRA,” provide Policies.s administ rative remedies against any person who makes, or causes to be made, a false claim or written statement to various federal agencies, including the DepaCertainrtme personsnt of Healt andh departments and Human Swithinervice Ms “HHSillennium.” The have PFCR beenA gene chargedrally applie with smanagement to lower dolla ofr thefrau Complianced, usually bills orProgram. claims under These $150,000. persons and Under departments the Act, anyone serve aswho resources submits to or all causes employees to be submittedto ensure thata claim the that Compliance he or she knowsProgram or should and Millennium’s know is false, Compliance fictitious, Porolicies fraudulent are implemented can be forced and to enforced pay civil consistently.money penalties They of are up the: to $11,001 per• falseChief claim. Compliance, The HHS Ethics Offic &e Riskof the Officer Inspector General investigates these violations and enforcement actions must• Compliancebe approved Committee by the Attorney General. Enforcement can begin with an administrative law judge hearing and• penalComplianceties can Data be recovered Auditor by offsetting the penalty amount against “clean” claims. • Compliance Analyst States may• alsoPrivacy have Offi theircer own False Claims Acts. The Deficit Reduction Act of 2005 (“DRA”) is designed to encourage• statesChief to Information enact legislation & Security that Offiis comparablecer to the federal False Claims Act to have consistent enforcement• Corneliusthroughout Compliance the country. and Under Patty Privacythe DRA, (They states help may shar ekeep messages an additional 10% of any recoveries obtained if theyand have training a state to our law staff that: look for them in the Millennium Minute and • EstablishesEmails!) liability for the same type of false claims prohibited under the federal False Claims Act; • Contains incentives that are at least equal to the federal whistleblower incentives; Chief •Compliance, Provides for Ethics qui &tam Risk lawsuits Officer to be filed under seal; and, The Chief• ProvidesCompliance, for civilEthics penalties & Risk Officerat least acts as high as Millennium’s as the federal Chief penalties. Compliance & Risk Officer and is responsible for overseeing Millennium’s compliance activities.

Compliance Program Plan & Handbook PagePage 22 10 of of 25 26 Compliance Program Plan & Handbook Hotline:Hotline: 855-517-8676 Created 10/2018, Revised 5/2019 Created 10/2018, Revised 5/2019

PhysicianMillennium Recruitment Privacy and SecurityRetention Compliance Policies Entities that operate on a for-profit basis are subject to additional rules relating to the recruitment and retentionMillennium’s of physicians. Privacy Forand example, Security Compliancethese rules prohibitPolicies are private located inurement. on Millennium’s Private inurement Compliance occurs 360 Policy when a for-Module.profit business This is a desktop pays an iconindividual accessible or group to all of Millennium individuals employees. more than Thesethe market policies price provide for services guidance provided to to theMillennium business. staff In some regarding cases, the the use rules and gove disclosurerning recruitment of patient information and retention in the also medical may require record, that the the electronic communitypatient record, benefit or from in conversations. the decision Allto hirenewly a physicianhired employees or buy aare physician’s trained personally practice. by the Privacy Officer and Security Officer . This important training gives employees the information they need to know to be compliant with the privacy rules and regulations. Keeping a written record of community benefit is an important part of all physician recruitment activities. TheM antiaintaining-kickback secure statute private and thepatient self- informationreferral ban isare imperative subject to to numerous our organization. exceptions. The These community, exceptions, stakeholders as welland as themembers proper of application our workforce of these depend laws, on can us tobest provide be handled strict security by the Compliance measures and Department promise of who privacy consults withprotections. outside counsel. It is paramount If an employee’s to our success job involves to provide these assurances issues and tothe every employee person has that questions we take concerningthe privacy them,and he/she security should of his/her consult information the Chief very Compliance seriously. Offi cer.

PoliticalManagement Activity of the Millennium Compliance Program Employees are encouraged to take part in community and political affiliations and to vote in elections. The Compliance Program was created at the direction of Millennium’s Board. The Board Committee oversees Employees who participate in such activities must make it clear that they are acting as private citizens and the operation of the Compliance Program and receives regular reports from Millennium’s Chief Compliance, notEthics as a representative & Risk Officer. Allof MillenniumMillennium. leaders, from the Board Chairman to the Senior Leadership in every Millennium Facility, are important to Millennium’s compliance efforts. The Compliance Program is essential Campaignto Millennium’s Contributions future success. Therefore, all employees, as well as all persons and entities retained and authorized to act on behalf of Millennium (“agents”), are responsible for understanding and following the Generally, not-for-profit businesses may not make political contributions of any sort. However, Millennium can compliance policies that make up the Compliance Program. make political contributions with a few exceptions, although advance approval from the Board and CEO are requiredManagers for any and such supervisors activity. must consistently enforce and communicate Millennium’s Compliance Policies to all employees and agents within their business areas. Finally, every employee and agent are responsible for Employee’sdetecting, Duty resolving When andTaking reporting Part in toPolitical the appropriate Activities asMillennium Representatives management of unlawful conduct that may Millenniumviolate the As Compliance representatives Program of Millennium, or Millennium’s we should:Compliance Policies.

Certain• personsComply andwith departments all laws relating within to politicalMillennium activities. have been charged with management of the Compliance Program.• Conduct These persons all relationships and departments with public serve offi ascials resources, candidates to all and employees government to ensure employees that the in anCompliance ethical Programand and honestMillennium’s manner. Compliance Policies are implemented and enforced consistently. They are the: • Provide complete and correct information to government agencies. • Chief Compliance, Ethics & Risk Officer • •Avoid Compliance using his/her Committee position with Millennium to gain any personal benefit or to benefit Millennium. • Compliance Data Auditor Other Laws• andCompliance Millennium Analyst Policies and Procedures Although this• CompliancePrivacy Offi cHandbooker covers many areas, some jobs may involve specific legal rules not explained here. For example,• Chief a Informationdditional laws & maySecurity apply Offi toc pharmacyer employees or to accounts receivable personnel. Questions or• concernsCornelius not Compliance specifically and addressed Patty Privacy in the (T heyCompliance help share Handbook messages may be resolved by examining the other complianceand training documents to our staff or bylook contacting for them in yourthe M supervisor,illennium Min theute Chiefand Compliance Officer or the Legal Counsel. Emails!)

The Chief guidelines Compliance, set forth Ethics in this & Compliance Risk Officer Handbook are intended to reaffirm Millennium’s longstanding commitmentThe Chief Compliance,to compliance. Ethics They & areRisk not Officer intended acts as to Millennium’s replace other Chief Millennium Compliance policies & Risk and Officer procedures. and is All of us mustresponsible comply for with overseeing the applicable Millennium’s Millennium compliance facility activities.and departmental policies and procedures as well as the guidelines in the Compliance Handbook.

Compliance Program Plan & Handbook PagePage 23 10 of of25 26 Compliance Program Plan & Handbook Hotline: Hotline: 855 855-517-517-8676-8676 Created 10/2018, Revised 5/2019 Created 10/2018, Revised 5/2019

PrincipalPrincipal D Documenocumentsts of of the the M MillenniumConclusionillennium Physician Physician G Grouproup / / (Continued)(Continued) You canMM illenniumhelpillennium prevent the HealthcarHealthcar mistakes thate elead Complianc Complianc to complianceee Pr problems.Proogrgramam

These PreventionThese guidelines guidelines begins are are with not not education. intended intended to to minimize minimize the the importance importance of of other other applicable applicable laws, laws, regulations, regulations, professionalprofessional standards standards or or ethical ethical principle principless which which may may be be covered covered in in more more detail detail under under other other compliance compliance

documentsdocuments and and policies. policies. While While the the Compliance Compliance Handbook Handbook does does not not address address every every conceivable conceivable situation, situation, it it Each employee is expected to know and understand Millennium’s Compliance Policies and the basic laws and doesdoes summarize summarize Millennium’ Millennium’ s s basic basic standards standards and and expectations expectations for for employee employee conduct. conduct. Questions Questions or or concern concernss regulations that affect his or her job. Knowledge is the most powerful weapon used to prevent compliance notnot specifi specificcallyally addressed addressed in in the the Compliance Compliance Handbook Handbook may may be be covered covered in in the the other other C Complianceompliance documents documents ormistakesor may may be be. If resolved resolvedyou are by notby using using knowledgeable the the Four Four Step Step about Communication Communication Millennium’s Process. complianceProcess. policies and the basic laws and regulations that affect your job, you must educate yourself. PatientPatient Rights, Rights, Relationships Relationships and and Patient Patient Care Care MillenniumStartMillennium by reading is is committed committed the Compliance to to providing providing Handbook quality quality and healthcare healthcare any other to tocompliance its its patients. patients. documen Assuring Assuringts the thethat quality quality contain of of medicalthe medical policies services services is is thatthethe single mostsingle mostdirectly most important important impact your responsibility responsibility job. Study of ofthose each each policies Millennium Millennium and talkemployee. employee. to your All supervisorAll Millennium Millennium if you employees employees do not areare expected expected tounderstandto contribute contribute how to to this theythis effort effort apply and andto yourto to promote promote job. If your exemplary exemplary supervisor conduct conduct cannot that that resolve c compliesomplies your fully fully problem, with with laws lawsfollow and and the standardsstandards “Four Step applicableCommunicationapplicable to to the the Proce industry. industry.ss” and Misconduct Misconduct keep asking of of any yourany kind, kind, questions including including until fabrication fabrication you get an or or answerfalsifi falsificaca tionthattion of makesof any any medicalsensemedical to services servicesyou. or or documents,documents, masking masking incorrect incorrect services, services, or or any any other other actio actionn which which might might compromise compromise the the quality quality and and in integritytegrity of of theWiththe patient’s patient’s the assistance care, care, will will of notevery not be be employee, tolerated. tolerated. MillenniumEmployees Employees who willwho fulfiengage engagell its in commitmentin such such misconduct misconduct to provide will will medicalbebe subject subject services to to corrective corrective of the actionhighestaction up upquality to to and and to including includingits patients termination termination in full compliance of of employment. employment. with all applicable laws and regulations.

FreedomFreedom of of Choice Choice UponUpon the the patient’s patient’s fi firstrst appointmentappointment to to a a healthcare healthcare servic service,e, Millennium Millennium must must provide provide him/her him/her with with a a written written statementstatement of of patient’s patient’s rights. rights. This This statement statement must must include include the the rights rights of of patients patients to to make make decisions decisions regarding regarding their their medicalmedical care care and and it it must must conform conform to to all all applicable applicable state state and and federal federal laws laws and and regulations. regulations. Patients Patients must must be be givengiven thethe opportunity opportunity to to be be involved involved in in all all aspects aspects of of their their care care and and Millennium Millennium must must obtain obtain informed informed consent consent forfor treatment.treatment. As As applicable, applicable, each each patient patient or or patient patient representative representative may may be be provided provided with with a a clear clear explanation explanation of of carecare including including, ,but but not not limited limited to, to, diagnosis, diagnosis, plan plan of of care, care, right right to to refuse refuse or or accept accept care, care, care care decision decision dilemmas, dilemmas, advanceadvance directive directive options, options, and and an an explanation explanation of of the the risks risks and and benefi benefit tassociated associated with with available available treatment treatment options.options. Patients Patients may may be be referred referred to to specialty specialty providers providers; ;the the patients patients will will be be provided provided choice choicess in in this this processprocess asas well. well.

Confidential Confidential Information Information TThereThereina T olliare arev etwo twor, M general generalJ, CCEP ,types CHPCtypes of, of CH confi confiCQMdenden-RMtialtial information: information: patient patient medical medical information information, ,and and, ,business business information. information. InformationChiefInformation Complianc about aboute, Ethics a a patient’s patient’s & Risk medical medicalOfficer /Privacycon conditiondition Officer is is highly highly sensitive sensitive and and its its confi confidendentialitytiality must must be be maintained. maintained. NoOffiNo employee,c employee,e phone number: physician physician 855 or or other- 674other-7400 healthcare healthcare Ext. 110107 provider provider has has the the right right to to any any patient patient information information other other than than what what isis necessary necessary to to perform perform his his or or her her job. job. No No employee employee should should ever ever release release or or discuss discuss patient patient-specifi-specificc informationinformation withCellwith phone others others number: unless unless it it is239 is necessary necessary-284-2505 to to provide provide appropriate appropriate medical medical care care to to the the patient patient; ;it it is is with with the the patient’s patient’s writtenEmailwritten address: consent consent [email protected]; ;or or, ,it it is is required required or or permitted permitted by by law. law. Finally, Finally, all all employees employees are are expected expected to to maintain maintain t hethe cComplianceconfidentialityonfidentiality Hotline: of of protected protected 855-517 health health-8676 information information ( “PHI”)(“PHI”) as as that that term term is is defi definedned by by the the Standards Standards for for Privacy Privacy of of IndividuallyIndividually Identifi Identifiableable Health Health Information Information (commonly (commonly known known as as the the “HIPAA “HIPAA Privacy Privacy Regulations”). Regulations”).

ConfiConfidentdentialial business business information information is is any any information information about about a a present present or or planned planned business business matter matter that that has has not not beenbeen released released publicly publicly by by Millennium. Millennium. Specifi Specificallycally, ,employees employees are are not not allowed allowed to to release release information information without without authorizationauthorization regarding: regarding: • • PricingPricing • • FinancialFinancial D Dataata • • MarketingMarketing P Programsrograms • • ElectronicElectronic Medical Medical Record Record T Techniquesechniques and and A Applicationspplications

Page 24 of 25 ComplianceComplianceCompliance Program Program Program Plan Plan Plan & Handbook& & Handbook Handbook PagePage 13 13 of of 25 25 Hotline: Hotline: Hotline: 855 855-517-517 855-8676-8676-517 -8676 CreatedCreatedCreated 10/2018, 10/2018, 10/2018, Revised Revised Revised 5/2019 5/2019 5/2019

Notes

THE CODE OF ETHICS AND CODE OF CONDUCT HANDBOOK

Commitment

Instructions Please read the statement(s) below and affirm your commitment with your signature. Please understand that we take compliance with all company policies and the law very seriously. By attesting to this statement, you confirm your commitment to the Millennium Physician Group culture of ethics, conduct and compliance.

Compliance Code of Conduct and Code of Ethics Handbook I have read our Compliance Code of Conduct and Code of Ethics Handbook and acknowledge I am familiar with its contents.

Signature

Print Name

Department/Location

Date

Page 25 of 25 Compliance Program Plan & Handbook Hotline: 855-517-8676 Created 10/2018, Revised 5/2019

Principal Documents of the Millennium Physician Group / Principal Documents of the Millennium Physician Group / Millennium Healthcare Compliance Program (Continued) Millennium Healthcare Compliance Program (Continued) These guidelines are not intended to minimize the importance of other applicable laws, regulations, professionalMillennium standards Privacy and or ethical Security principle Compliances which Policies may be covered in more detail under other compliance documents and policies. While the Compliance Handbook does not address every conceivable situation, it doesMillennium’s summarize Privacy Millennium’ and Security s basic Compliance standards andPolicies expectations are located for on employee Millennium’s conduct. Compliance Questions 360 orPolicy concern s notModule. specifi Thiscally is addressed a desktop in icon the accessible Compliance to allHandbook Millennium may employees. be covered These in the policies other C provideompliance guidance documents to orMillennium may be resolved staff regarding by using thethe useFour and Step disclosure Communication of patient Process. information in the medical record, the electronic patient record, or in conversations. AllTHE newlyTHE CODE hired CODE employees OF OF ETHICS ETHICS are trained personally by the Privacy Officer and Security Officer . This important training gives employees the information they need to know to be compliant Patientwith the Rights, privacy Relationships rules andAND regulations.AND and CODE Patient CODE CareOF OF CONDUCT CONDUCT HANDBOOK HANDBOOK Millennium is committed to providing quality healthcare to its patients. Assuring the quality of medical services is theM aintainingsingle most secure important private responsibility patient information of each isMillennium imperative employee. to our organization. All Millennium The community, employees stakeholdersare expected toand contribute members to of this our effort workforce and to depend promote on exemplary usC ommitmentoC provideommitmen conduct strict securitythatt t complies measures fully and with promise laws and of privacystandards applicableprotections. to theIt is industry. paramount Misconduct to our success of any to kind, provide including assurances fabrication to every or falsifipersonca thattion weof any take medical the privacy services or and security of his/her information very seriously. Instructionsdocuments,Instructions masking incorrect services, or any other action which might compromise the quality and integrity of the patient’s care, will not be tolerated. Employees who engage in such misconduct will be subject to corrective PleasePlease read read the the statement(s) statement(s) below below and and affi affirmr yourm your commitment commitment with with your your signature. signature. Please Please und understanderstand that that actionManagement up to and of including the Millennium termination Compliance of employment. Program wewe take take compliance compliance with with all allcompany company policies policies and and the the law law very very seriously. seriously. By Byattesting attesting to thisto this statement, statement, you you conficonfiFreedomThermr yourCompliancem your of commitment Choice commitment Program to wastheto the Millenniumcreated Millennium at the Physician directionPhysician Group of Group Millennium’s culture culture of ethics,ofBoard. ethics, conductThe conduct Board and Committand compliance. compliance.ee oversees Uponthe operation the patient’s of the first Compliance appointment Program to a healthcare and receives servic regulare, Millennium reports from must Millennium’s provide him/her Chief Compliance, with a written statementEthics & Risk of patient’s Officer. Allrights. Millennium This statement leaders, must from includethe Board the Chairman rights of patientsto the Senior to make Leadership decisions in everyregarding their CompliancemedicalComplianceMillennium care Code CodeandFacility of it Conductof must, Conductare conform important and and C odeto C to odeall ofMillennium’s applicable Ethicsof Ethics Handbook stateHandbook compliance and federal efforts. laws The and Compliance regulations. Program Patients is mustessential be given I havetheI haveto readopportunityMillennium’s read our our Compliance Compliance to future be involved success.Code Code ofin Therefore,Conductofall Conductaspects and all of and employees,Codetheir Code ofcare Ethicsof andEthics as well HandbookMillennium Handbook as all persons and must and acknowledge obtainandacknowledge entities informed I amretained I am familiar consent familiar and with for with treatment.authorized As to applicable, act on behalf each of patientMillennium or patient (“agents”), representative are responsible may be for provided understanding with a clearand following explanation the of its itscontents.compliance contents. policies that make up the Compliance Program. care including, but not limited to, diagnosis, plan of care, right to refuse or accept care, care decision dilemmas,

advance directive options, and an explanation of the risks and benefit associated with available treatment Managers and supervisors must consistently enforce and communicate Millennium’s Compliance Policies to options. Patients may be referred to specialty providers; the patients will be provided choices in this process all employees and agents within their business areas. Finally, every employee and agent are responsible for X asX well. detecting, resolving and reporting to the appropriate Millennium management unlawful conduct that may SignatureSignatureviolate the Compliance Program or Millennium’s Compliance Policies.

Confidential Information There are two general types of confidential information: patient medical information, and, business information. Certain persons and departments within Millennium have been charged with management of the Compliance InformationProgram. These about persons a patient’s and departmentsmedical condition serve is as highly resources sensitive to all and employees its confi dento ensuretiality must that thebe maintained. Compliance No employee, physician or other healthcare provider has the right to any patient information other than what X XProgram and Millennium’s Compliance Policies are implemented and enforced consistently. They are the: is necessary to perform his or her job. No employee should ever release or discuss patient-specific information PrintPrint Name Name • Chief Compliance, Ethics & Risk Officer with others unless it is necessary to provide appropriate medical care to the patient; it is with the patient’s • Compliance Committee written consent; or, it is required or permitted by law. Finally, all employees are expected to maintain the • Compliance Data Auditor confidentiality of protected health information (“PHI”) as that term is defined by the Standards for Privacy of • Compliance Analyst Individually Identifiable Health Information (commonly known as the “HIPAA Privacy Regulations”). • Privacy Officer X X • Chief Information & Security Officer Department/LocationConfiDepartment/Locationdential business information is any information about a present or planned business matter that has not • Cornelius Compliance and Patty Privacy (They help share messages been released publicly by Millennium. Specifically, employees are not allowed to release information without and training to our staff look for them in the Millennium Minute and authorization regarding: Emails!) • Pricing X X Chief Compliance,• Financial EthicsData & Risk Officer

DateDate The Chief• Compliance,Marketing P rogramsEthics & Risk Officer acts as Millennium’s Chief Compliance & Risk Officer and is responsible• Electronic for overseeing Medical Millennium’s Record Techniques compliance and activities. Applications

PagePagePage 25 1325of10 25 ofof 2526 ComplianceComplianceComplianceCompliance Program Program Program Program Plan Plan Plan &Plan Handbook & & Handbook& Handbook Handbook Hotline: Hotline: HotlinHotline: 855 -855e:517 855855--5178676--517517-8676 --86768676 CreatedCreatedCreatedCreated 10/2018, 10/2018, 10/2018, 10/2018, Revised Revised Revised Revised 5/2019 5/2019 5/2019 5/2019

The Code of Ethics & Code of Conduct Handbook 2019-2020

COMPLIANCE, ETHICS, RISK & PRIVACY COMPLIANCE, ETHICS, RISK & PRIVACY

11x17 Cares Cover only.indd 1 6/3/2019 2:51:33 PM