principles of corporate compliance promotes ethical, professional, and legal conduct “doing what...
TRANSCRIPT
Principles of Principles of Corporate ComplianceCorporate Compliance
• Promotes Ethical, Professional, and
Legal conduct
• “Doing what is right”
• Defines Responsibility/Accountability
• Supports CHS Standards
• Assurance of Quality Care
Catholic Health SystemCatholic Health SystemStandardsStandards
Attain Compliance by:
• Embracing our Mission and Values
• Following the Code of Conduct
• Avoiding Conflicts of Interest
• Upholding Patient Rights
• Adherence to Policy and ProceduresFound in Compliance 360
• Maintaining High Standards of Business and Ethical Conduct
False Claims ActFalse Claims Act
It is a crime to knowingly make a false record, file, or submit a false claim with the government for payment
A false claim can include billing for service that:• was not provided or documented• not ordered by a physician• was of substandard quality
It is also unlawful to improperly retain overpayments
Allows for Qui Tam Relator (Whistleblower protection)
Language Language Assistance Program Assistance Program
• Ensures that limited English proficiency, or hearing impaired persons utilizing CHS services are able to understand and communicate with CHS associates and physicians
• Provided FREE of charge to the patient
Language Language Assistance ProgramAssistance Program
Needs to be utilized with Hearing Impaired or Limited English Proficient patient:
• upon initial contact • each and every time medical
information is being provided
Language Language Assistance ProgramAssistance Program
• Mandatory service by law
• Family may NOT routinely interpret
• Documentation is vital to compliance
If it’s not documented, it’s not done.
See Policy for additional information
HIPAAHIPAA
HEALTH
INSURANCE
PORTABILITY
ACCOUNTABILITY
ACT
Privacy and Security Policies are in Compliance 360
What is Protected by HIPAA?What is Protected by HIPAA?
Individually identifiable health information
Also known as
Protected Health Information (PHI)
Transmitted or maintained in any
form or medium
Protected Health Protected Health Information (PHI)Information (PHI)
Biometric Identifiers Full face photos Medical Record Number Health plan Number Account Numbers Certificate/License
Numbers Vehicle identifiers Any other unique
identifying data E-mail and web addresses
Names Geographic subdivisions
smaller than a state All elements of dates
related to birth date, admission, discharge, or date of death, ages over 89
Telephone and fax numbers
SSN
What Information Can What Information Can Providers Share?Providers Share?
• To provide continuity of care
• To others based on need for the information
• Disclose minimum necessary
• Use professional judgment to share information with a patient’s family and friends
• May provide necessary health information with licensing and credentialing agencies(Dept of Health & JACHO)
Minimum Disclosure Necessary of Minimum Disclosure Necessary of Protected Health Information (PHI)Protected Health Information (PHI)
Associates must:
• ID persons who need to access PHI
• Only access portions of PHI necessary to carry out their duties or fulfill request
• Maintain reasonable efforts to restrict access to PHI in accordance with above
• Disclose on “need to know basis” the minimum necessary for your job function(review HIPAA policy PRIV-24 for additional information)
Consent and AuthorizationConsent and Authorization
• Consent is obtained from the patient upon presenting for treatment and allows disclosure for treatment, payment & healthcare operations.
(Consent and Financial Agreement)
• Authorization from the patient is needed for disclose of health information that exceeds the Privacy Rule (release for treatment, payment & healthcare operations)
Disclosure RestrictionsDisclosure Restrictions
The following types of information are protected by federal and/or state statute and may not be faxed or photocopied without specific written patient authorization, unless required by law.
Must obtain signed authorization prior to disclosure with family & friends for restrictions noted below. (see HIPAA policy PRIV-02)
Disclosure restrictions for:• HIV information• Psychotherapy notes (mental health)• Drug and alcohol treatment
HIPAA SafeguardsHIPAA Safeguards
• Be aware of surroundings– Be conscious of who is in the immediate area when
discussing sensitive patient information or at your computer terminal
• Secure area when not attended– Close out of computer screens containing PHI
before leaving the area– Close medical records/chart when not in use– Do not allow other associates to utilize your ID and
password– Don’t leave papers with PHI in plain view
HIPAA Concerns can lead toHIPAA Concerns can lead to
• Privacy & Security violations
• Identity Theft
The World Privacy Forum 2008 estimates between 250,000-500,000 people have their medical identities stolen every year
UNAUTHORIZED ACCESSING AND UNAUTHORIZED ACCESSING AND DISCLOSURE OF PATIENT DISCLOSURE OF PATIENT
INFORMATIONINFORMATIONCuriosity can be a normal human trait
• However accessing health information on yourself, family members, friends, co-workers, persons of public interest or any others that you are not involved in the care of is a …
...VIOLATION of HIPAA
• Disclosing PHI inappropriately is also a violation
• Individuals do NOT have the rights to look up their own health records
Your Computer UsageYour Computer Usagecan be monitoredcan be monitored
Information Technology is able to audit all associate’s internet usage.
Associates should have no expectations of
privacy while using CHS computer resources.
Compliance ConcernsCompliance Concerns• Lack of integrity and improper billing (coding & billing)• Conflicts of Interest• Ethical concerns• Theft or misuse of services• Inappropriate Gifts/Services• Improper Political Activity• Breech of Corporate Confidentiality• Improper use of Proprietary Info.• Environmental Health and Safety Issues• Dishonest Communication (spoken, or documents etc.)• Improper Business Arrangements• Failure to follow Record Retention policy• Documentation Concern (false or lacking documents)
Example ofExample of
Compliance Concern of Fraud & Abuse
““If you bill these If you bill these services services individually, the individually, the hospital will hospital will receive more receive more reimbursement”reimbursement”
Example ofExample of
Improper Use of Proprietary Information Compliance Concern
Jack, I have a list of the patients Jack, I have a list of the patients that were seen at the hospital. I am that were seen at the hospital. I am sure these names would be helpful sure these names would be helpful for your pharmaceutical company for your pharmaceutical company mailing list.mailing list.
Example of Example of HIPAA VIOLATION
Faxing PHI to the Incorrect Physician or Office
“…let’s see there are four different MD’s with the same name… I’m sure the first one must be the right one, if not I’m sure they will forward it to the right office…
Example of Example of HIPAA VIOLATION
Unauthorized Accessof Medical Record
““Joe, I just thought I’d Joe, I just thought I’d give you a call and let give you a call and let you know that our you know that our neighbor Mrs. Smith neighbor Mrs. Smith had heart surgery last had heart surgery last week – I am looking at week – I am looking at her record now. You her record now. You might want to go over might want to go over and check on her and check on her later.”later.”
Example of Example of HIPAA VIOLATION
Inappropriate Computer Blogs & Face Book Entries Regarding
Events at Work
“…“…at our nursing at our nursing home a confused home a confused patient got patient got dressed and dressed and wandered out of wandered out of the building…it the building…it took the staff 4 took the staff 4 hours to find her – hours to find her – she was 10 blocks she was 10 blocks away...”away...”
“…“…a guy came a guy came into the lab into the lab today and stole today and stole one of the one of the laptops with laptops with patient patient information information from the from the workstation. workstation. The guards The guards were unable to were unable to find him...”find him...”
Example of Example of HIPAA and Compliance VIOLATION
Sale of Patient Information to Outside Vendor
“…“…It was no It was no problem...anytime problem...anytime you need this you need this information I’ll information I’ll provide it … of provide it … of course I’m course I’m assuming you’ll still assuming you’ll still be providing me $5 be providing me $5 for every referral”for every referral”
“…“…thank you for thank you for supplying that supplying that list of pregnant list of pregnant patients...we patients...we would be happy would be happy to send them to send them information on information on our new child our new child care products”care products”
Associate’s ResponsibilityAssociate’s Responsibility• Upholding CHS mission and values • Adhering to code of conduct,
policies & procedures, and the law• Constant monitoring for concerns• Duty to Report Concerns
3 Step process of Reporting
• During an investigationo be truthful o participate in good faith with investigatorso preserve documentation or records
relevant to ongoing investigations
3 Steps for Reporting3 Steps for ReportingCompliance ConcernsCompliance Concerns
Immediate supervisor or appropriate department
Higher level manager
Compliance Officer
Also available 24 hours a day/ 7days a week Compliance Line1-888-200-5380
Non-Retaliation PolicyNon-Retaliation Policy
•Protects associates from adverse action when they do the right thing and report a genuine concern
• Reckless or intentional false accusations by CHS associates are prohibited
• Reporting the possible violation does not protect the constituent from the consequences of their own violation or misconduct
Possible Consequences Possible Consequences for Non-Compliance for Non-Compliance
• For the Associate and CHS Managers/Supervisors/Administrators
• Fines and Prison sentences
• Corrective Action (including possible termination of employment) for violations or failure to report
concerns• For Catholic Health System
• Exclusion from government insurance funded programs
• Fines
Things to RememberThings to Remember
• Adhere to CHS code of conduct,policies & procedures, and other standards
• Duty to report Compliance/HIPAA concernsas soon as aware of situation
• Do the right thingapply ethical decision making
• If uncertain…Use Corporate Compliance Booklet as a reference and … Always Seek Knowledge (A.S.K.)
CHS Corporate ComplianceCHS Corporate ComplianceContactsContacts
Compliance/HIPAA Privacy Officer Anne Mason 821-4469
HIPAA Security Analyst Sally O’Brien 862-1938
CHS HIPAA Line 862-1790
Corporate Compliance Line 1-888-200-5380
All calls are confidential
New York State Patient Bill Of New York State Patient Bill Of RightsRights
19 Bill of Rights19 Bill of Rights
They are posted in all They are posted in all patient care areaspatient care areas
They are available in They are available in Spanish as well as EnglishSpanish as well as English
If they don’t understand their rights, If they don’t understand their rights, someone needs to explain themsomeone needs to explain them
Receive treatment without discriminationReceive treatment without discrimination Receive considerate and respectful care in a Receive considerate and respectful care in a
clean safe environment free from clean safe environment free from unnecessary restraintsunnecessary restraints
Receive needed emergency careReceive needed emergency care Know the names and positions of people Know the names and positions of people
caring for them, and refuse their treatmentcaring for them, and refuse their treatment Know who the MD is who is in charge of Know who the MD is who is in charge of
your hospital careyour hospital care A non smoking roomA non smoking room Receive complete information about their Receive complete information about their
diagnosis, treatment and progressdiagnosis, treatment and progress Receive all information for informed Receive all information for informed
consentconsent Receive all information to give informed Receive all information to give informed
consent regarding do not resuscitateconsent regarding do not resuscitate Refuse treatment and be informed of effectRefuse treatment and be informed of effect Refuse to take part in researchRefuse to take part in research Privacy in the hospital and confidentiality of Privacy in the hospital and confidentiality of
all information and records of your careall information and records of your care Participate in decision making about their Participate in decision making about their
care, including dischargecare, including discharge Review of their medical recordReview of their medical record Receive an itemized bill with explanation of Receive an itemized bill with explanation of
chargescharges Complain without fear of reprisalComplain without fear of reprisal Authorize family members to visitAuthorize family members to visit Make known your wished regarding Make known your wished regarding
anatomical giftsanatomical gifts
What is “Risk Management”?
Risk Management is the systematic review
of events that present a potential for harm and could result in loss for the
hospital system..
FOUR ELEMENTS OF RISK MANAGEMENT
Risk Identification
Review Occurrence Reports Review Patient/Visitor Complaints Participate in Root Cause Analysis Review concerns expressed by CHS staff
Loss Prevention
Educational Programs through
CHS University Department specific inservices
FOUR ELEMENTS OF RISK MANAGEMENT
FOUR ELEMENTS OF RISK MANAGEMENT
Claims Management
Investigating & reporting occurrences and claims made
Assist with Summons & Complaints and Subpoenas *** REMEMBER TO NOTIFY RISK MANAGEMENT IMMEDIATELY UPON RECEIPT OF SUMMONS OR SUBPOENA
Assist with discovery requests for lawsuits
FOUR ELEMENTS OF RISK MANAGEMENT
Risk FinancingObtaining & maintaining appropriate
insurance coverage
HPL (Healthcare Professional Liability) GL (General Liability) D&O (Directors & Officers) Property & Casualty Auto CrimeFiduciary (Finance)
What is an Occurrence?
An occurrence is an event that was unplanned, unexpected and unrelated to the natural course of a patient’s disease process or routine care and treatment.
What are sources of an
Occurrence?PatientsPatientsVisitorsVisitorsPatient/Family ComplaintsPatient/Family ComplaintsSecurity reportsSecurity reportsEquipment “failure”Equipment “failure”
What is an Occurrence Report?
An occurrence report is a factual account of the details of an occurrence. It is
prepared and reviewed for the purpose of enhancing the quality of patient care,
providing a safe environment, and identifying potential liability.
Enhance the quality of patient care
Assist in providing a safe environment
Quick notice of potential liability
What is the purpose of an Occurrence Report?
Who can complete an Occurrence Report?
Any associate or physician who discovers, witnesses or to whom
an occurrence is reported, is responsible for documenting the event immediately by means of the Occurrence Report. Anyone who requires assistance should
contact the department manager.DO NOT MAKE COPIES OF AN
OCCURRENCE REPORT
What happens to the Occurrence Report?
The completed Occurrence Report is to be forwarded to
the Department ManagerWho will investigate the
occurrence and forward to either Quality & Patient Safety Dept or Security as indicated
in the Risk Management process
Risk Management Process
Patient and visitor safety are assessed from both clinical and
environmental perspectives
Notify Quality & Patient Safety of patient occurrences Notify Security of visitor or property occurrences Risk Management will be notified by QPS or Security and will participate in evaluation of occurrence Risk management will report occurrences to insurance carrier in cases of potential liabilityRisk Management will manage claim as indicated
Documenting an Occurrencein the medical record
•Date (MM/DD/YY) and time (military)•State facts, be clear and concise•Your own observations•If event described to writer, use quotes or “according to…”•Do not place blame in the record•DO NOT REFER TO OCCURRENCE REPORT IN THE MEDICAL RECORD
46
EMTALA REGULATIONSEMTALA is the Emergency Medical Treatment and Active Labor Act (aka COBRA)EMTALA provides a guideline for safely and appropriately transferring patients in accordance with Federal regulations. The law provides for a medical screening exam (MSE) to all individuals seeking emergency services on hospital property. Hospital property includes the driveway, parking lot, lobby, waiting rooms and areas within 250 yards of the facility.
EMTALA REGULATIONSIf an emergency medical condition is found, it will be stabilized within the hospital’s ability to do so, prior to the patient’s transfer or discharge.If a patient does not have an emergency medical condition, EMTALA does not apply.
*** IMPORTANT: NEVER SUGGEST THAT A PATIENT GO ELSEWHERE FOR TREATMENT
IDENTITY THEFT
Fair and Accurate Credit Transactions Act of 2003
or“RED Flag Rules”
In effect January, 2008to be enforced November 1, 2009
Hospitals that maintain covered accounts must develop and implement written policies and procedures to identify, detect, prevent, and mitigate identity theft.
IDENTITY THEFT“RED FLAGS”
•Alerts, Notifications, Warnings •Presentation of Suspicious information •Suspicious Activity•Notice from patient, law enforcement, etc
**Patient Access, Health Information, Finance, IT Depts primarily involved
150
Catholic Health Catholic Health RISK MANAGEMENT
DEPARTMENT
Carol Ahrens, RN, BSN 821-4462Director, Risk Management
Joanne Ricotta, RN, BSN 821-4463Risk Management Coordinator
Linda McGavin 821-4467Risk Management Technical Assistant
Valerie Pizarro 821-4468Administrative Assistant
Introduction According to the Bureau of Labor Statistics
(BLS), 2,637 nonfatal assaults on hospital workers occurred in 1999. Rate in hospitals is 8.3 assaults per 10,000
workers *(2000 statistics report increase to 25 per 10,000)
Rate in private sector industry is 2 per 10,000 workers
Introduction Violence takes place
During times of high activity such as meal time or visiting hours or patient transportation
When service is denied When a patient is involuntarily admitted When limits are set regarding eating, drinking,
tobacco or alcohol use
What is Workplace Violence?? Wide range from offensive or threatening
language to homicide
NIOSH (National Institute for Occupational Safety and Health) defines workplace violence as violent acts (including physical assaults and threats of assaults) directed toward persons at work or on duty.
Examples Threats: Expressions of intent to cause harm,
including verbal threats, threatening body language, and written threats.
Physical assaults: Attacks ranging from slapping and beating to rape, homicide, and use of weapons such as firearms, bombs, or knives.
Muggings: Aggravated assaults, usually conducted by surprise and with intent to rob.
Case Reports An elderly patient verbally abused a nurse and
pulled her hair when she prevented him from leaving the hospital to go home in the middle of the night.
An agitated psychotic patient attacked a nurse, broke her arm, and scratched and bruised her.
A disturbed family member whose father had died in surgery walked into the E.D. and fired a handgun, killing a nurse and an EMT and wounding a physician.
Case Reports Workplace violence in general is most often
related to robbery Workplace violence in hospitals usually
results from patients and occasionally from family members who feel frustrated, vulnerable, and out of control.
Who is at Risk?? Nurses and nursing assistants have the most
direct contact with patients and are at a high risk.
Other hospital personnel includes emergency response personnel, hospital safety officers, and all health care providers.
Where May Violence Occur?? Anywhere in the hospital but it is most
frequent in the following areas: Psychiatric wards Emergency rooms Waiting areas Geriatric units
What are the Effects of Violence?? Effects can range in intensity and include:
Minor physical injuries Serious Physical injuries Temporary and permanent physical disabilities Psychological trauma Death
Effects of Violence Violence can have a negative organizational
outcome reflected by: Low morale Increased job stress Increased worker turnover Reduced trust of management or co-workers Hostile working environment
Risk Factors Working directly with violent people; those
under the influence of drugs, alcohol or have a history of violence or psychotic diagnosis
Working when understaffed Transporting patients Long wait for service Overcrowded, uncomfortable waiting rooms Working alone
Risk Factors Poor environmental design Inadequate security Lack of guidelines for preventing and
managing crisis Drug and alcohol abuse Access to firearms Unrestricted movement of the public Poorly lit corridors, rooms, parking lots
General Prevention Strategies Environmental:
Alarms Security devices Escorts to parking lots at night Good lighting Design waiting areas Staff restrooms and exits Enclosed nurses’ stations
General Prevention Strategies Administrative controls:
Staffing patterns to prevent personnel from working alone
Prevent patient waiting time Restrict movement of public in hospitals Security personnel alert system
General Prevention Strategies Behavioral Modifications
recognizing and managing assaults resolving conflicts maintaining hazard awareness
Dealing with violence Provide open communication Develop written procedures for reporting and
responding to violence Offer and encourage counseling
Safety Tips Watch for signals of impending violence:
Verbally expressed anger and frustration
Body language such as threatening gestures
Signs of drug or alcohol use
Presence of weapons
Diffusing Anger Present a calm, caring attitude
Don’t match the threats
Don’t give orders
Acknowledge a person’s feelings
Avoid behavior that may be interpreted as aggressive
Be Alert Evaluate when you enter a room or begin to
relate to a patient or visitor Be vigilant throughout the encounter Don’t isolate yourself with a potentially
violent person Keep an open path for exiting
To Diffuse the Situation QUICKLY.. Remove yourself from the situation
Call security for HELP
Report any violent incidents to management
Strategies that have worked… Metal detector in a Detroit hospital during a 6
month period prevented entry of: 33 handguns 1,324 knives 97 mace sprays
Strategies that have worked… Violence reporting program in Portland
Oregon identified patients with history of violence in a computer database.
Reduced violent attacks by 91.6% by alerting staff to take additional safety measures when serving these patients
Strategies that have worked… New York City hospital: Restricted movement of visitors using ID
badges and color-coded passes to limit each visitor to a specific floor
Enforced a limit of two visitors per patient Over 18-months, reduction of reported violent
crimes by 65%
Summary No universal strategy exists to prevent violence
All hospital workers should be alert and cautious when interacting with patients and visitors
Staff participation in safety programs regarding violence prevention
‘‘The The process of transformingprocess of transforming CHS into an CHS into an
organization with a organization with a superior abilitysuperior ability to to
deliver deliver patient-centeredpatient-centered, quality, , quality,
compassionate healthcare through compassionate healthcare through
outstanding outstanding
professionals and innovative technology.’professionals and innovative technology.’
Welcome to EquinoxWelcome to Equinox
• Equinox - Why?– Four Hospitals – “grew-up” with their own
process, culture, technology– Need to establish Electronic Medical Record
• Equinox – How?– Comprehensive system-wide effort to
standardize and improve processes• Standardized Clinical Practices
– Getting the right tools in the hands of our associates – Nurses, Doctors, Administrators
Welcome to EquinoxWelcome to Equinox
• Equinox - When?– Now! Process started in 2004 and is
ongoing– Strategic Alliance with Siemens Medical
Solutions – 10 year agreement
• Equinox – Who?– Everyone – directly and indirectly!
• Managing The Process – The TMO– Multidisciplinary Team Dedicated to
Transformation Initiatives (Transformation Management Office)
• Clinicians• Finance/Patient Access• Technology/Project Management• Communications• Administrative Leadership
Welcome to EquinoxWelcome to Equinox
• Function of the TMO Team:– Articulates Existing Processes/Workflows &
Recommends Improvements– Coordinates Disparate & Intersecting
Projects– Collaborates with Siemens – Manages
Strategic Alliance– Communicates With All Stakeholders– Provides Counsel to Stakeholders
Welcome to EquinoxWelcome to Equinox
Welcome to EquinoxWelcome to Equinox
• Examples of Equinox in Action:– Soarian Clinicals– Clinical Standardization– Financial Process Redesign– St. Joseph Campus Emergency Room
• Process• Culture• Technology
Welcome to EquinoxWelcome to Equinox
• Your Role…– Stay informed– Ask questions– Identify ways to “do it better” always
with the patient in mind– Embrace change!