Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Compliance & Privacy Education
Together we can support our Mission,
protect our Values and achieve our Vision.
all together better
OSF CORP 2014 Compliance Education
Who is Compliance?
JOHN EVANCHOSenior VP, Chief Compliance Officer
Ministry Compliance and Risk Division consists of:‐ Audit Team‐ Compliance Officers‐ Privacy Officers‐ Conflicts of Interest Team
*Each facility has a Compliance and Privacy Officer that works on‐site.
2
OSF CORP 2014 Compliance Education
What is Compliance?
• Doing the RIGHT thing, the RIGHT way – the first time and every time
• Following the RULES
3
OSF CORP 2014 Compliance Education
The Rules include…
• Policies and procedures,
• Accreditation standards, and
• Government health care regulations.
The focus of this training session is onthe government regulations.
4
OSF CORP 2014 Compliance Education
Why Should I Care about Compliance?
Goals:
• Reduce the risk of exclusion
• Reduce financial penalties and
• Ensure public trust
5
OSF CORP 2014 Compliance Education
OSF Compliance Program Elements
Elements of an Effective Compliance ProgramPolicies and Procedures
Compliance Officer and CommitteeTraining and EducationLines of CommunicationDisciplinary GuidelinesAuditing & MonitoringResponding to Offenses
Risk Assessment
6
OSF CORP 2014 Compliance Education
The OSF Compliance Program
• Help employees follow government regulations so we prevent Fraud and Abuse.
• If errors occur, we want to respond immediatelyto resolve any problems.
• OSF Compliance Plan provides guidance:http://www.osfhealthcare.org/compliance/
7
OSF CORP 2014 Compliance Education
Government Regulators
CMS=Centers for Medicare & Medicaid ServicesOIG=Office of the Inspector General
Government (Federal and State) agencies thataudit and monitor us to make sure we’refollowing the rules.
8
OSF CORP 2014 Compliance Education
False Claims Act (FCA)• Government tool to fight Medicare and Medicaid fraud and abuse
• Fraud – charging Medicare or Medicaid for services that were not provided
• Abuse – charging Medicare or Medicaid for unnecessary costs, such as tests or exams that were not really needed
9
OSF CORP 2014 Compliance Education
Penalties for Violating FCA(Committing Fraud and Abuse)
Potential penalties include:
• monetary damage$,
• exclusion from Medicare/Medicaid programs, and
• misdemeanor & felony convictions
10
OSF CORP 2014 Compliance Education
Fraud and AbuseClinical Documentation
Lack of medical necessity is a leading area of healthcare fraud and abuse in the Medicare system.
Poor medical record documentation can lead to allegations of false claims.
11
OSF CORP 2014 Compliance Education
Real ExampleClinical Documentation
Facts: OIG audit of NJ Urologist‐ overpaid by $14,734
Problem: 90% claims lacked sufficient documentation:– to determine if services were actually provided (fraud)– to determine if services were medically necessary (abuse)
Result: Doctor owed Medicare $350,000 (24 x amount paid to him) after all fines
and penalties were assessed.
12
OSF CORP 2014 Compliance Education
Anti‐Kickback Statute
Paying for patient referrals
• Includes anything of value, not just money
13
OSF CORP 2014 Compliance Education
Anti‐Kickback StatutePenalties
• Criminal and civil penalties:
– fines, jail terms, and exclusion from participation in the Federal health care programs
– up to $50,000 per kickback plus three times the amount of the payment for the referral
14
OSF CORP 2014 Compliance Education
Anti‐Kickback StatuteExample
Facts: A California doctor received $100 from a home health facility for each patient she referred to them.
Problem: She received about $30,000 from the home health facility for referring patients to them, and this is illegal under the Anti‐kickback statute.
Result: This physician was sentenced to one year in federal prison and was ordered to pay $1.088 million in restitution to Medicare. *Anybody can be guilty of violating AKS, not just doctors.
15
OSF CORP 2014 Compliance Education
Conflicts of Interest• Conflicts of Interest = any relationship which is or appears to
be not in the best interest of OSF.
• Examples of Potential Conflicts of Interest: Having a financial interest in a vendor’s company or business
Receiving discounts or personal gifts from actual or potential suppliers
• If you have any questions, you may talk to your supervisor , refer to OSF’s Ministry Compliance Conflict of Interest Policies, and/or speak with someone in the Ministry Compliance and Risk Division.
16
OSF CORP 2014 Compliance Education
HIPAA Privacy Rule• The Health Insurance Portability & Accountability Act (HIPAA) ‐ Federal law requiring healthcare providers to protect the privacy and security of patients’ protected health information (PHI).
17
OSF CORP 2014 Compliance Education
HIPAA Privacy Rule
• Protected Health Information (PHI)‐any information that could reasonably identify an individual
• Ministry Privacy Officer‐Mary Anne Nieukirk
18
OSF CORP 2014 Compliance Education
Laptops!
• No Protected Health Information (PHI) on hard drive— save to OSF network
• If need to take laptop away from work, always lock it in the trunk of your car until you arrive at your destination. – It is your responsibility to keep your computer secure– Most privacy breaches reported in the news involve laptops lost or stolen from an employee’s car or home.
• If a laptop or smart phone contains any PHI, it must be encrypted. Contact the OSF IT Service Center for information on encryption.
19
OSF CORP 2014 Compliance Education
Real Example
American researcher visiting South Korea (2010)– Backpack with unencrypted laptop left in public place and stolen
– PHI for about 3,500 patients & research subjects
Result: – $1.5 million settlement with US government
20
OSF CORP 2014 Compliance Education
Email Attachments
• Email and Internet only for work‐related business
• Don’t click on links from unknown senders or inappropriate websites– Could infect computer with malware, spyware, or viruses
• Never open an executable file (.exe suffix, such as “doefile.exe”) unless you know and trust the sender and are expecting the file. Delete upon receipt and don’t open attachment.
• Please exercise extreme caution and if you discover that you have opened a malicious file, contact the OSF Service Center immediately to report it.
21
OSF CORP 2014 Compliance Education
Minimum Necessary• Minimum Necessary standard:
–when you need to use or disclose PHI, you must limit the information to the smallestamount necessary to accomplish the intended purpose.
22
OSF CORP 2014 Compliance Education
Minimum Necessary• Only access PHI if you need the information toperform your job.
• “Do I really need access to this information to do my job?”
• Share PHI with as few individuals as needed to ensure patient care – and then only to the extent required by their roles.
23
OSF CORP 2014 Compliance Education
Snooping
24
• Snooping= Inappropriately accessing PHI not needed to perform your job (it’s illegal!)
• Disciplinary action if you access PHI – including your own or that of a family member or a fellow employee – that you do not need to know to do your job.
OSF CORP 2014 Compliance Education
Snooping
25
• OSF audits & monitors PHI accessed by employees
• OSF must report serious violations to patientsinvolved and to the federal government.
OSF CORP 2014 Compliance Education
Snooping Example• Employee’s neighbor was in a car accident and is in surgery.
• The employee is concerned about his neighbor’s condition and accesses the neighbor’s electronic medical record.
• Is this a violation of HIPAA?
26
OSF CORP 2014 Compliance Education
Snooping ExampleYES:
Even if the employee doesn’ttell anyone else what he has learned, he has violated HIPAA by accessing his neighbor’s protected health information(PHI).
27
OSF CORP 2014 Compliance Education
Social Networking• Do NOT post anything about your patients – even if you do not use their name.
• Could accidentally disclose patient’s PHI.
• PHI includes any informationthat could be used to identify a patient – such as a diagnosis, a procedure or a room number.
28
OSF CORP 2014 Compliance Education
Social Networking ExampleFacts: Hospital employee commented on Twitter about her ex‐husband’s new girlfriend.
Problem: The information came from girlfriend’s medical record. The girlfriend called the hospital’s compliance hotline after seeing this.
Result: Investigation = employee did access the girlfriend’s records inappropriately. The employee was disciplined accordingly.
29
OSF CORP 2014 Compliance Education
Social Networking ExampleFacts: Physician posted emergency room experiences
Problem: No patient names and no intent to disclose PHI, but others still figured out the identity of one of the patientsResult: The physician was fined for violating HIPAA, was cited for unprofessional conduct, lost hospital privileges.
30
OSF CORP 2014 Compliance Education
Penalties for Employees• Employees are OSF’s biggest HIPAA violation offenders.
• Employees who inappropriately access, use or disclose PHI may personally be subject to penalties of up to $1.5 millionand up to 10 years in federal prison.
• Disciplinary action taken up to and including terminating employment – as specified in theOSF Positive Discipline Policy HR 601
31
OSF CORP 2014 Compliance Education
Report Suspected Compliance Violations
You have a duty to report suspected compliance violations (e.g. improper billing, unlawful disclosure of PHI, fraud or abuse)
• Contact your supervisor,
• Contact your local Compliance or Privacy Officer, or
• Contact the OSF Integrity Line by calling 1‐800‐547‐2822 or by logging on to https://OSFIntegrityLine.alertline.com
32
OSF CORP 2014 Compliance Education
OSF Integrity LineThe OSF Integrity Line is a confidential method to report serious compliance
concerns such as –
HIPAA Violations Billing Fraud and Abuse Illegal Conduct Conflicts of Interest
Theft of OSF Property Workplace Violence Violations of Laws and OSF Policies Harassment or Discrimination
33
OSF CORP 2014 Compliance Education
OSF Integrity Line• Call or log on: you’ll get ID # and contact date
• Investigation and a response that you can access on your contact date
• Not a substitute for communication with your supervisor
34
OSF CORP 2014 Compliance Education
Employee Protection
A “whistleblower” = an employee who tells someone in authority about alleged dishonest or illegal activities.
The FALSE CLAIMS ACT and OSF policies protect whistleblowers from being fired, demoted, threatenedor harassed by their employer for speaking up.
35
OSF CORP 2014 Compliance Education
We’re All Together Better When We…
• Continue to treat those we serve with the greatest care and love, each and every time
• Reduce risk of exclusion
• Help ensure that OSF complies with all the rules and avoids fines and other penalties
36