Principles of Principles of Corporate ComplianceCorporate Compliance

• Promotes Ethical, Professional, and

Legal conduct

• “Doing what is right”

• Defines Responsibility/Accountability

• Supports CHS Standards

• Assurance of Quality Care

Catholic Health SystemCatholic Health SystemStandardsStandards

Attain Compliance by:

• Embracing our Mission and Values

• Following the Code of Conduct

• Avoiding Conflicts of Interest

• Upholding Patient Rights

• Adherence to Policy and ProceduresFound in Compliance 360

• Maintaining High Standards of Business and Ethical Conduct

False Claims ActFalse Claims Act

It is a crime to knowingly make a false record, file, or submit a false claim with the government for payment

A false claim can include billing for service that:• was not provided or documented• not ordered by a physician• was of substandard quality

It is also unlawful to improperly retain overpayments

Allows for Qui Tam Relator (Whistleblower protection)

Language Language Assistance Program Assistance Program

• Ensures that limited English proficiency, or hearing impaired persons utilizing CHS services are able to understand and communicate with CHS associates and physicians

• Provided FREE of charge to the patient

Language Language Assistance ProgramAssistance Program

Needs to be utilized with Hearing Impaired or Limited English Proficient patient:

• upon initial contact • each and every time medical

information is being provided

Language Language Assistance ProgramAssistance Program

• Mandatory service by law

• Family may NOT routinely interpret

• Documentation is vital to compliance

If it’s not documented, it’s not done.

See Policy for additional information

HIPAAHIPAA

HEALTH

INSURANCE

PORTABILITY

ACCOUNTABILITY

ACT

Privacy and Security Policies are in Compliance 360

What is Protected by HIPAA?What is Protected by HIPAA?

Individually identifiable health information

Also known as

Protected Health Information (PHI)

Transmitted or maintained in any

form or medium

Protected Health Protected Health Information (PHI)Information (PHI)

Biometric Identifiers Full face photos Medical Record Number Health plan Number Account Numbers Certificate/License

Numbers Vehicle identifiers Any other unique

identifying data E-mail and web addresses

Names Geographic subdivisions

smaller than a state All elements of dates

related to birth date, admission, discharge, or date of death, ages over 89

Telephone and fax numbers

SSN

What Information Can What Information Can Providers Share?Providers Share?

• To provide continuity of care

• To others based on need for the information

• Disclose minimum necessary

• Use professional judgment to share information with a patient’s family and friends

• May provide necessary health information with licensing and credentialing agencies(Dept of Health & JACHO)

Minimum Disclosure Necessary of Minimum Disclosure Necessary of Protected Health Information (PHI)Protected Health Information (PHI)

Associates must:

• ID persons who need to access PHI

• Only access portions of PHI necessary to carry out their duties or fulfill request

• Maintain reasonable efforts to restrict access to PHI in accordance with above

• Disclose on “need to know basis” the minimum necessary for your job function(review HIPAA policy PRIV-24 for additional information)

Consent and AuthorizationConsent and Authorization

• Consent is obtained from the patient upon presenting for treatment and allows disclosure for treatment, payment & healthcare operations.

(Consent and Financial Agreement)

• Authorization from the patient is needed for disclose of health information that exceeds the Privacy Rule (release for treatment, payment & healthcare operations)

Disclosure RestrictionsDisclosure Restrictions

The following types of information are protected by federal and/or state statute and may not be faxed or photocopied without specific written patient authorization, unless required by law.

Must obtain signed authorization prior to disclosure with family & friends for restrictions noted below. (see HIPAA policy PRIV-02)

Disclosure restrictions for:• HIV information• Psychotherapy notes (mental health)• Drug and alcohol treatment

HIPAA SafeguardsHIPAA Safeguards

• Be aware of surroundings– Be conscious of who is in the immediate area when

discussing sensitive patient information or at your computer terminal

• Secure area when not attended– Close out of computer screens containing PHI

before leaving the area– Close medical records/chart when not in use– Do not allow other associates to utilize your ID and

password– Don’t leave papers with PHI in plain view

HIPAA Concerns can lead toHIPAA Concerns can lead to

• Privacy & Security violations

• Identity Theft

The World Privacy Forum 2008 estimates between 250,000-500,000 people have their medical identities stolen every year

UNAUTHORIZED ACCESSING AND UNAUTHORIZED ACCESSING AND DISCLOSURE OF PATIENT DISCLOSURE OF PATIENT

INFORMATIONINFORMATIONCuriosity can be a normal human trait

• However accessing health information on yourself, family members, friends, co-workers, persons of public interest or any others that you are not involved in the care of is a …

...VIOLATION of HIPAA

• Disclosing PHI inappropriately is also a violation

• Individuals do NOT have the rights to look up their own health records

Your Computer UsageYour Computer Usagecan be monitoredcan be monitored

Information Technology is able to audit all associate’s internet usage.

Associates should have no expectations of

privacy while using CHS computer resources.

Compliance ConcernsCompliance Concerns• Lack of integrity and improper billing (coding & billing)• Conflicts of Interest• Ethical concerns• Theft or misuse of services• Inappropriate Gifts/Services• Improper Political Activity• Breech of Corporate Confidentiality• Improper use of Proprietary Info.• Environmental Health and Safety Issues• Dishonest Communication (spoken, or documents etc.)• Improper Business Arrangements• Failure to follow Record Retention policy• Documentation Concern (false or lacking documents)

Example ofExample of

Compliance Concern of Fraud & Abuse

““If you bill these If you bill these services services individually, the individually, the hospital will hospital will receive more receive more reimbursement”reimbursement”

Example ofExample of

Improper Use of Proprietary Information Compliance Concern

Jack, I have a list of the patients Jack, I have a list of the patients that were seen at the hospital. I am that were seen at the hospital. I am sure these names would be helpful sure these names would be helpful for your pharmaceutical company for your pharmaceutical company mailing list.mailing list.

Example of Example of HIPAA VIOLATION

Faxing PHI to the Incorrect Physician or Office

“…let’s see there are four different MD’s with the same name… I’m sure the first one must be the right one, if not I’m sure they will forward it to the right office…

Example of Example of HIPAA VIOLATION

Unauthorized Accessof Medical Record

““Joe, I just thought I’d Joe, I just thought I’d give you a call and let give you a call and let you know that our you know that our neighbor Mrs. Smith neighbor Mrs. Smith had heart surgery last had heart surgery last week – I am looking at week – I am looking at her record now. You her record now. You might want to go over might want to go over and check on her and check on her later.”later.”

Example of Example of HIPAA VIOLATION

Inappropriate Computer Blogs & Face Book Entries Regarding

Events at Work

“…“…at our nursing at our nursing home a confused home a confused patient got patient got dressed and dressed and wandered out of wandered out of the building…it the building…it took the staff 4 took the staff 4 hours to find her – hours to find her – she was 10 blocks she was 10 blocks away...”away...”

“…“…a guy came a guy came into the lab into the lab today and stole today and stole one of the one of the laptops with laptops with patient patient information information from the from the workstation. workstation. The guards The guards were unable to were unable to find him...”find him...”

Example of Example of HIPAA and Compliance VIOLATION

Sale of Patient Information to Outside Vendor

“…“…It was no It was no problem...anytime problem...anytime you need this you need this information I’ll information I’ll provide it … of provide it … of course I’m course I’m assuming you’ll still assuming you’ll still be providing me $5 be providing me $5 for every referral”for every referral”

“…“…thank you for thank you for supplying that supplying that list of pregnant list of pregnant patients...we patients...we would be happy would be happy to send them to send them information on information on our new child our new child care products”care products”

Associate’s ResponsibilityAssociate’s Responsibility• Upholding CHS mission and values • Adhering to code of conduct,

policies & procedures, and the law• Constant monitoring for concerns• Duty to Report Concerns

3 Step process of Reporting

• During an investigationo be truthful o participate in good faith with investigatorso preserve documentation or records

relevant to ongoing investigations

3 Steps for Reporting3 Steps for ReportingCompliance ConcernsCompliance Concerns

Immediate supervisor or appropriate department

Higher level manager

Compliance Officer

Also available 24 hours a day/ 7days a week Compliance Line1-888-200-5380

Non-Retaliation PolicyNon-Retaliation Policy

•Protects associates from adverse action when they do the right thing and report a genuine concern

• Reckless or intentional false accusations by CHS associates are prohibited

• Reporting the possible violation does not protect the constituent from the consequences of their own violation or misconduct

Possible Consequences Possible Consequences for Non-Compliance for Non-Compliance

• For the Associate and CHS Managers/Supervisors/Administrators

• Fines and Prison sentences

• Corrective Action (including possible termination of employment) for violations or failure to report

concerns• For Catholic Health System

• Exclusion from government insurance funded programs

• Fines

Things to RememberThings to Remember

• Adhere to CHS code of conduct,policies & procedures, and other standards

• Duty to report Compliance/HIPAA concernsas soon as aware of situation

• Do the right thingapply ethical decision making

• If uncertain…Use Corporate Compliance Booklet as a reference and … Always Seek Knowledge (A.S.K.)

CHS Corporate ComplianceCHS Corporate ComplianceContactsContacts

Compliance/HIPAA Privacy Officer Anne Mason 821-4469

HIPAA Security Analyst Sally O’Brien 862-1938

CHS HIPAA Line 862-1790

Corporate Compliance Line 1-888-200-5380

All calls are confidential

New York State Patient Bill Of New York State Patient Bill Of RightsRights

19 Bill of Rights19 Bill of Rights

They are posted in all They are posted in all patient care areaspatient care areas

They are available in They are available in Spanish as well as EnglishSpanish as well as English

If they don’t understand their rights, If they don’t understand their rights, someone needs to explain themsomeone needs to explain them

Receive treatment without discriminationReceive treatment without discrimination Receive considerate and respectful care in a Receive considerate and respectful care in a

clean safe environment free from clean safe environment free from unnecessary restraintsunnecessary restraints

Receive needed emergency careReceive needed emergency care Know the names and positions of people Know the names and positions of people

caring for them, and refuse their treatmentcaring for them, and refuse their treatment Know who the MD is who is in charge of Know who the MD is who is in charge of

your hospital careyour hospital care A non smoking roomA non smoking room Receive complete information about their Receive complete information about their

diagnosis, treatment and progressdiagnosis, treatment and progress Receive all information for informed Receive all information for informed

consentconsent Receive all information to give informed Receive all information to give informed

consent regarding do not resuscitateconsent regarding do not resuscitate Refuse treatment and be informed of effectRefuse treatment and be informed of effect Refuse to take part in researchRefuse to take part in research Privacy in the hospital and confidentiality of Privacy in the hospital and confidentiality of

all information and records of your careall information and records of your care Participate in decision making about their Participate in decision making about their

care, including dischargecare, including discharge Review of their medical recordReview of their medical record Receive an itemized bill with explanation of Receive an itemized bill with explanation of

chargescharges Complain without fear of reprisalComplain without fear of reprisal Authorize family members to visitAuthorize family members to visit Make known your wished regarding Make known your wished regarding

anatomical giftsanatomical gifts

132

Catholic Health Catholic Health

RISK MANAGEMEN

T

What is “Risk Management”?

Risk Management is the systematic review

of events that present a potential for harm and could result in loss for the

hospital system..

FOUR ELEMENTS OF RISK MANAGEMENT

Risk Identification

Review Occurrence Reports Review Patient/Visitor Complaints Participate in Root Cause Analysis Review concerns expressed by CHS staff

Loss Prevention

Educational Programs through

CHS University Department specific inservices

FOUR ELEMENTS OF RISK MANAGEMENT

FOUR ELEMENTS OF RISK MANAGEMENT

Claims Management

Investigating & reporting occurrences and claims made

Assist with Summons & Complaints and Subpoenas *** REMEMBER TO NOTIFY RISK MANAGEMENT IMMEDIATELY UPON RECEIPT OF SUMMONS OR SUBPOENA

Assist with discovery requests for lawsuits

FOUR ELEMENTS OF RISK MANAGEMENT

Risk FinancingObtaining & maintaining appropriate

insurance coverage

HPL (Healthcare Professional Liability) GL (General Liability) D&O (Directors & Officers) Property & Casualty Auto CrimeFiduciary (Finance)

What is an Occurrence?

An occurrence is an event that was unplanned, unexpected and unrelated to the natural course of a patient’s disease process or routine care and treatment.

What are sources of an

Occurrence?PatientsPatientsVisitorsVisitorsPatient/Family ComplaintsPatient/Family ComplaintsSecurity reportsSecurity reportsEquipment “failure”Equipment “failure”

What is an Occurrence Report?

An occurrence report is a factual account of the details of an occurrence. It is

prepared and reviewed for the purpose of enhancing the quality of patient care,

providing a safe environment, and identifying potential liability.

Enhance the quality of patient care

Assist in providing a safe environment

Quick notice of potential liability

What is the purpose of an Occurrence Report?

Who can complete an Occurrence Report?

Any associate or physician who discovers, witnesses or to whom

an occurrence is reported, is responsible for documenting the event immediately by means of the Occurrence Report. Anyone who requires assistance should

contact the department manager.DO NOT MAKE COPIES OF AN

OCCURRENCE REPORT

What happens to the Occurrence Report?

The completed Occurrence Report is to be forwarded to

the Department ManagerWho will investigate the

occurrence and forward to either Quality & Patient Safety Dept or Security as indicated

in the Risk Management process

Risk Management Process

Patient and visitor safety are assessed from both clinical and

environmental perspectives

Notify Quality & Patient Safety of patient occurrences Notify Security of visitor or property occurrences Risk Management will be notified by QPS or Security and will participate in evaluation of occurrence Risk management will report occurrences to insurance carrier in cases of potential liabilityRisk Management will manage claim as indicated

Documenting an Occurrencein the medical record

•Date (MM/DD/YY) and time (military)•State facts, be clear and concise•Your own observations•If event described to writer, use quotes or “according to…”•Do not place blame in the record•DO NOT REFER TO OCCURRENCE REPORT IN THE MEDICAL RECORD

46

EMTALA REGULATIONSEMTALA is the Emergency Medical Treatment and Active Labor Act (aka COBRA)EMTALA provides a guideline for safely and appropriately transferring patients in accordance with Federal regulations. The law provides for a medical screening exam (MSE) to all individuals seeking emergency services on hospital property. Hospital property includes the driveway, parking lot, lobby, waiting rooms and areas within 250 yards of the facility.

EMTALA REGULATIONSIf an emergency medical condition is found, it will be stabilized within the hospital’s ability to do so, prior to the patient’s transfer or discharge.If a patient does not have an emergency medical condition, EMTALA does not apply.

*** IMPORTANT: NEVER SUGGEST THAT A PATIENT GO ELSEWHERE FOR TREATMENT

IDENTITY THEFT

Fair and Accurate Credit Transactions Act of 2003

or“RED Flag Rules”

In effect January, 2008to be enforced November 1, 2009

Hospitals that maintain covered accounts must develop and implement written policies and procedures to identify, detect, prevent, and mitigate identity theft.

IDENTITY THEFT“RED FLAGS”

•Alerts, Notifications, Warnings •Presentation of Suspicious information •Suspicious Activity•Notice from patient, law enforcement, etc

**Patient Access, Health Information, Finance, IT Depts primarily involved

150

Catholic Health Catholic Health RISK MANAGEMENT

DEPARTMENT

Carol Ahrens, RN, BSN 821-4462Director, Risk Management

Joanne Ricotta, RN, BSN 821-4463Risk Management Coordinator

Linda McGavin 821-4467Risk Management Technical Assistant

Valerie Pizarro 821-4468Administrative Assistant

Violence in the Workplace

Introduction According to the Bureau of Labor Statistics

(BLS), 2,637 nonfatal assaults on hospital workers occurred in 1999. Rate in hospitals is 8.3 assaults per 10,000

workers *(2000 statistics report increase to 25 per 10,000)

Rate in private sector industry is 2 per 10,000 workers

Introduction Violence takes place

During times of high activity such as meal time or visiting hours or patient transportation

When service is denied When a patient is involuntarily admitted When limits are set regarding eating, drinking,

tobacco or alcohol use

What is Workplace Violence?? Wide range from offensive or threatening

language to homicide

NIOSH (National Institute for Occupational Safety and Health) defines workplace violence as violent acts (including physical assaults and threats of assaults) directed toward persons at work or on duty.

Examples Threats: Expressions of intent to cause harm,

including verbal threats, threatening body language, and written threats.

Physical assaults: Attacks ranging from slapping and beating to rape, homicide, and use of weapons such as firearms, bombs, or knives.

Muggings: Aggravated assaults, usually conducted by surprise and with intent to rob.

Case Reports An elderly patient verbally abused a nurse and

pulled her hair when she prevented him from leaving the hospital to go home in the middle of the night.

An agitated psychotic patient attacked a nurse, broke her arm, and scratched and bruised her.

A disturbed family member whose father had died in surgery walked into the E.D. and fired a handgun, killing a nurse and an EMT and wounding a physician.

Case Reports Workplace violence in general is most often

related to robbery Workplace violence in hospitals usually

results from patients and occasionally from family members who feel frustrated, vulnerable, and out of control.

Who is at Risk?? Nurses and nursing assistants have the most

direct contact with patients and are at a high risk.

Other hospital personnel includes emergency response personnel, hospital safety officers, and all health care providers.

Where May Violence Occur?? Anywhere in the hospital but it is most

frequent in the following areas: Psychiatric wards Emergency rooms Waiting areas Geriatric units

What are the Effects of Violence?? Effects can range in intensity and include:

Minor physical injuries Serious Physical injuries Temporary and permanent physical disabilities Psychological trauma Death

Effects of Violence Violence can have a negative organizational

outcome reflected by: Low morale Increased job stress Increased worker turnover Reduced trust of management or co-workers Hostile working environment

Risk Factors Working directly with violent people; those

under the influence of drugs, alcohol or have a history of violence or psychotic diagnosis

Working when understaffed Transporting patients Long wait for service Overcrowded, uncomfortable waiting rooms Working alone

Risk Factors Poor environmental design Inadequate security Lack of guidelines for preventing and

managing crisis Drug and alcohol abuse Access to firearms Unrestricted movement of the public Poorly lit corridors, rooms, parking lots

General Prevention Strategies Environmental:

Alarms Security devices Escorts to parking lots at night Good lighting Design waiting areas Staff restrooms and exits Enclosed nurses’ stations

General Prevention Strategies Administrative controls:

Staffing patterns to prevent personnel from working alone

Prevent patient waiting time Restrict movement of public in hospitals Security personnel alert system

General Prevention Strategies Behavioral Modifications

recognizing and managing assaults resolving conflicts maintaining hazard awareness

Dealing with violence Provide open communication Develop written procedures for reporting and

responding to violence Offer and encourage counseling

Safety Tips Watch for signals of impending violence:

Verbally expressed anger and frustration

Body language such as threatening gestures

Signs of drug or alcohol use

Presence of weapons

Diffusing Anger Present a calm, caring attitude

Don’t match the threats

Don’t give orders

Acknowledge a person’s feelings

Avoid behavior that may be interpreted as aggressive

Be Alert Evaluate when you enter a room or begin to

relate to a patient or visitor Be vigilant throughout the encounter Don’t isolate yourself with a potentially

violent person Keep an open path for exiting

To Diffuse the Situation QUICKLY.. Remove yourself from the situation

Call security for HELP

Report any violent incidents to management

Strategies that have worked… Metal detector in a Detroit hospital during a 6

month period prevented entry of: 33 handguns 1,324 knives 97 mace sprays

Strategies that have worked… Violence reporting program in Portland

Oregon identified patients with history of violence in a computer database.

Reduced violent attacks by 91.6% by alerting staff to take additional safety measures when serving these patients

Strategies that have worked… New York City hospital: Restricted movement of visitors using ID

badges and color-coded passes to limit each visitor to a specific floor

Enforced a limit of two visitors per patient Over 18-months, reduction of reported violent

crimes by 65%

Summary No universal strategy exists to prevent violence

All hospital workers should be alert and cautious when interacting with patients and visitors

Staff participation in safety programs regarding violence prevention

‘‘The The process of transformingprocess of transforming CHS into an CHS into an

organization with a organization with a superior abilitysuperior ability to to

deliver deliver patient-centeredpatient-centered, quality, , quality,

compassionate healthcare through compassionate healthcare through

outstanding outstanding

professionals and innovative technology.’professionals and innovative technology.’

Welcome to EquinoxWelcome to Equinox

• Equinox - Why?– Four Hospitals – “grew-up” with their own

process, culture, technology– Need to establish Electronic Medical Record

• Equinox – How?– Comprehensive system-wide effort to

standardize and improve processes• Standardized Clinical Practices

– Getting the right tools in the hands of our associates – Nurses, Doctors, Administrators

Welcome to EquinoxWelcome to Equinox

• Equinox - When?– Now! Process started in 2004 and is

ongoing– Strategic Alliance with Siemens Medical

Solutions – 10 year agreement

• Equinox – Who?– Everyone – directly and indirectly!

• Managing The Process – The TMO– Multidisciplinary Team Dedicated to

Transformation Initiatives (Transformation Management Office)

• Clinicians• Finance/Patient Access• Technology/Project Management• Communications• Administrative Leadership

Welcome to EquinoxWelcome to Equinox

• Function of the TMO Team:– Articulates Existing Processes/Workflows &

Recommends Improvements– Coordinates Disparate & Intersecting

Projects– Collaborates with Siemens – Manages

Strategic Alliance– Communicates With All Stakeholders– Provides Counsel to Stakeholders

Welcome to EquinoxWelcome to Equinox

Welcome to EquinoxWelcome to Equinox

• Examples of Equinox in Action:– Soarian Clinicals– Clinical Standardization– Financial Process Redesign– St. Joseph Campus Emergency Room

• Process• Culture• Technology

Welcome to EquinoxWelcome to Equinox

• Your Role…– Stay informed– Ask questions– Identify ways to “do it better” always

with the patient in mind– Embrace change!

Welcome to EquinoxWelcome to Equinox

• Questions - contact….

EQInfo@CHSBuffalo.org