New Hire: The Compliance
ProgramVCU Medical Center
Caitlin Cornellier
Purpose Define Ethical Standards Define Principles Define Values Provide guidance in complying with laws
and regulations Help employees understand legal and
ethical obligations to patients
Code of Ethics Respect: We will respect individuals, diversity, and the rights
of others. Honesty: We will act and communicate honestly and
candidly. We will not mislead others. Excellence: We will strive for excellence in all that we do. Responsibility and Accountability: We will be responsible
and accountable for our decisions and actions and will comply with the laws, regulations, policies, and procedures that govern our Health System activities.
Stewardship: We will be good stewards of the resources entrusted to the Health System.
Compliance: We will understand and comply with the codes, laws, regulations, policies, and procedures that govern our Health System activities.
Principles Dignified Patient Care - Treat all patients with dignity and
respect recognizing the diverse cultures and communities served by the Health System.
Compliance with Laws and Regulations - Adhere to all applicable standards of professional practice, all applicable federal and state laws and regulations, and demonstrate ethical behavior in all aspects of business.
Responsibility for Actions and Behaviors - Report any concern you may have that a patient’s care may be at risk or that staff are not meeting ethical or legal standards.
Accuracy and Accountability - Provide and maintain accurate and reliable financial records and raise any questions or concerns related to compensation, expenses, or patient billing and reimbursement to your supervisor or other members in the chain of command.
Values Service: We will execute every customer interaction
with a caring attitude, honesty and respect, putting our customer’s needs first to yield exceptional customer service.
Trust: Through our integrity, respect of individual and diversity and commitment to privacy and safety, we achieve trust from those we serve and from those with whom we work.
Attitude: Our attitude is that in the pursuit of excellence, we display kindness, concern, compassion and appropriate charity to those in our care.
Respect: We respect the dignity of each individual and the collective diversity of the communities we serve.
Basic Responsibilities as an Employee
Know the policies Ask questions Think before you act Report concerns Seek resolution Cooperate Attend training sessions
What is HIPAA? The Privacy Rule
The Security Rule
The Electronic Transactions and Code Sets Rule
The Privacy Rule A set of national standards protecting
health information Addresses the use and disclosure of
patient health information Standards for individual’s privacy rights
on how to control and use their health information
The Security Rule National set of standards to protect
health information that is held or transferred electronically.
operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards of the organization
The Electronic Transactions and Code Sets Rule
standardizes electronic data interchange (EDI) transactions for submitting, processing, and paying claims.
This rule includes any electronic transmissions using all media
This rule also standardized the diagnosis coding for patients.
Violations The law allows two kinds of fines and penalties—civil and criminal.
Some examples of fines and penalties for breaking the HIPAA law are:
Fines of $100 per violation per person (can’t be more than $25,000 total per calendar year) for anyone who knew or should have known about this law (this means you);
Fines of up to $50,000, or going to prison for up to one year, or both if a person’s health information was knowingly used inappropriately (the violation was not a mistake);
Fine of up to $100,000, or going to prison for up to five years, or both for inappropriately accessing a person’s health information by falsely claiming a reason to have it; and,
Fines of up to $250,000, or going to prison for up to 10 years, or both for any worker or health care business that knowingly discloses (gives to another person or business) or obtains a person’s health information so they can harm the person or so they can get something they want (like money in exchange for the information).
Safeguards for Privacy Using lowered voices in reception, registration, or
other common areas Setting up curtains or temporary wall dividers to
create semi-private spaces in common areas for discussion;
Physicians dictating notes in a private location, such as an office, rather than in a hall or other common area;
Properly getting rid of PHI on paper not kept in paper medical records (for example, patient name and dietary information on food tray cards, or lab containers with patient names
Safeguards Cont.. Provide HIPAA information to all patients Obtain written authorization when necessary Keep your sign-in information secret The above identifiers apply to health information in forms such
as: Electronic records Paper records Spoken words (including telephone and voice-mail), Faxed documents voice-messages on answering machines
Abuse The abuse of electronic health
information leads to immediate termination.
If you witness or believe abuse is occurring you are obligated to report this to a supervisor.
Please continuously stay updated on patient privacy and regulations.
References New employee compliance and privacy manual .
(2008, December). Retrieved from http://www.vcuhealth.org/upload/docs/NEO Manual Short Version 12-08.pdf
Top Related