Welcome….!!!

CORPORATE COMPLIANCE PROGRAM

Presented by

The Office of Corporate Integrity

1

Purpose of a Compliance Program

As defined in the Office of Inspector General (OIG) Compliance Guidance for Hospitals

– “Fundamentally, compliance efforts are designed to establish a culture within a hospital that promotes prevention, detection and resolution of instances of conduct that do not conform to Federal and State law, and Federal and State and private payer health care programs, as well as the hospital’s ethical and business policies.”

2

3

Components of GHS Compliance Program

Structural Elements

Open Communication – Hotline

Compliance Officer

Compliance and Practice Standards

Education and Training

Internal Monitoring and Auditing

Enforcement of Rules and Standards of Conduct

Response, Remedies and Resource Planning

Risk Assessment

Substantive Elements

Laws and Regulations pertaining to Health Care operations

Fraud & Abuse Laws: STARK, Anti-Kickback, CMP (Inducements)

False Claims: Qui – Tam / Whistle-blower

Exclusionary list, HIPAA, Medical Identity Theft, OIG Guidance, COI

Corporate Integrity Office Structure

Corporate Compliance Program Structure

Corporate Compliance is Everyone’s Responsibility

• Board : Duty of Care / Duty of Loyalty

• Executive Staff: Highest Moral Character and Integrity

• Leadership: Exhibit Professionalism and Right Relationships

• All Employees:– Perform duties in a professional and responsible manner– Adhere to all GHS policies– Report any violation of policies or suspected unethical behavior– Read, understand and follow the Code of Excellence

6

7

What is a “Compliance Issue”?

• A compliance issue is a concern that there is a violation of a law, rule, regulation or policy that governs our industry.

►Fraud and Abuse Issue• False Claims: Medical Necessity Reasonableness,

Quality Coding• Improper Inducements

►HIPAA Violation • Privacy Breach • Security Lapse

►Violation of our Code of Excellence and/or related GHS Policies

GHS Policies and Initiatives

• Harassment• Gifts and Gratuities• Social Media• Photography • Proper Use of Property (Information Systems)• Equal Opportunity• Drug-Free Workplace• Conflicts of Interest• Finance and Billing (Coding and Documentation)• Reporting Concerns and Non-Retaliation• Business Ethics and Conduct• Patient Safety and Quality • University Medical Group

8

9

Compliance Reviews

• Documentation of tests/procedures/charges/coding• Charge capture reconciliations• Medical necessity verification• Investigation of employee/patient complaints• Actions of independent contractors (agents)• Privacy/Confidentiality• Auditing and Monitoring (IT, Policies, Payments, Risk Areas)• Conflict of Interest• University Medical Group

Reporting Mechanisms

Your Concerns are Important!

Contact your:• Immediate Supervisor• Department Director • Department Compliance Manager / Liaisons• Human Resources• Other Management • Compliance Office or• Hotline (you can report anonymously)

10

11

Office of Corporate Integrity Compliance Office

Skip Morris - Executive Director of Corporate Integrity797-7720 smorris@ghs.org

J. Scott Pietras - Corporate Compliance Officer797-7712 spietras@ghs.org

Tracy Morris – Privacy Officer 797-7724 tmorris5@ghs.org

Jan Latham, Compliance Analyst / UMG Compliance Liaison797-7725 jlatham@ghs.org

Linda Robinson, Compliance Administrative Assistant 797-7726 lrobinson@ghs.org

Code of Excellence

• The Hotline Reporting Options:

– You may call anonymously– You are protected from retaliation or retribution– All Hotline reports come to the GHS Corporate Integrity Office for investigation and resolution of reported concerns– The GHS Corporate Integrity Office may forward the concern to the

appropriate department manager, depending on the issue (e.g., Human Resources Department) OR depending on the severity of the reported issue, it may require further reporting to authorities for investigation and lawful purposes-

(Examples: Fraud and Abuse, Identify Theft) – GHS does not tolerate employees, contractors or other persons who

retaliate against a person who makes a good faith report under this policy. We make every effort to handle reports confidentially.

13

Code of Excellence

• Hotline Numbers–1-888-243-3611 –1-800-297-8592 (en español)–Go to GHSNet main page under Employee

Reference, Employee Hotline & HIPAA Privacy Line

http://www.ComplianceResource.com/Hotline. 14

HIPAA

Health Insurance Portability and Accountability Act of 1996

Department of Health and Human Services (HHS) established national standards for electronic health care transactions. HIPAA also established the rules for the security and privacy of health data.

The Office of Civil Rights is the enforcement agency for HIPAA.

15

HIPAA Privacy Rule

Protected health care information (PHI) may not be disclosed without the authorization of the patient unless permitted by one the several exceptions.

• Major exception is for “TPO”– TPO = treatment, payment or operations

• PHI includes (but is not limited to):– Patient demographics– Clinical or health information– Images or photographs– Financial information

If it identifies a patient, it is likely considered to be PHI!16

HIPAA Security Rule

Covered Entities must use specific administrative, technical, and physical security procedures to assure the confidentiality of electronic protected health information.

Important components include:• Encryption• Protection of electronic devices• Access rules

17

The American Recovery and Reinvestment Act of 2009 (Recovery Act), among other things, expanded HIPAA Privacy and Security protections.

Important components include:• Electronic access to records• New fines for violations• Breach reporting• Business Associate requirements

18

HITECH

Health Information Technology for Economic and Clinical Health Act

Applying the Rules

• Reasonableness- Don’t Delay Treatment• Minimum Necessary & Need-to-Know

– Audits • Duty to Protect & Report

– Maintain Reasonable Safeguards– Protect Your User ID & Password – No Sharing!

• Attention to Detail– Social Media

• Privacy Violations = Civil Rights or Criminal Violations• Accessing Your Own Medical Records

When in doubt, don’t give out contact the Compliance Office.

19

20

Remember……

Corporate Compliance

is

Everyone’s

Responsibility

Thank you!