R E G I S T E R O N L I N E A T W W W . A H I A . O R G

H O U S T O N • T E X A S • N O V 1 0 , 2 0 1 5

FULL DAY REGISTRATION: AHIA Member $150

Non-AHIA Member $195See registration form for a group discount!

Purpose: The AHIA Regional Seminars provide a forum for Healthcare internal auditors and finance professionals to network and interact with their peers, to share best practices, and to strengthen the profession of Healthcare internal

auditing.

Who Should Attend? Internal Auditors, IT Auditors, Compliance Auditors and Finance Healthcare Professionals.

Education Objectives: Sessions are designed to be highly interactive to promote attendee participation and sharing of internal audit best practices. Attendees will learn about current healthcare issues, internal audit topics, audit approaches, techniques and best practices. This event will feature presentations from local healthcare-based professionals that cover a variety of current healthcare hot topics.20

15 A

HIA

REG

ION

AL

SEM

INA

R

AHIAREGIONALSEMINAR

Sponsored by:

and Breach Notification Rules. As OCR conducts more targeted compliance reviews and audits it is imperative that HIPAA covered entities and business associates have the tools to prepare. The scope and complexity of today’s healthcare regulations make it hard to keep up with the challenges posed by an ever-changing business environment while remaining vigilant for meeting health information privacy and security requirements. In this presentation, industry expert will highlight lessons learned from firsthand experiences and identify tools that can help you prepare for a HIPAA audit. The presentation will provide attendees with examples and guidance on how to create an OCR audit tool kit. Attendees will be empowered with the knowledge and tools to prepare for an OCR HIPAA performance audit.

Field of Study: Auditing CPE: 1 Level: All

1:20 - 1:30 pm BREAK

1:30 - 2:20 pmEmerging Information Technology Risks in HealthcareTom Tharp, Director, Internal Audit, Baylor Scott & White HealthHealthcare providers are rapidly deploying Information Technology (IT) systems to improve patient care, streamline/optimize business processes, create new opportunities, maintain compliance and reduce costs. While the adoption of new technology offers a number of benefits and gives health-care providers the opportunity to gain a competitive advantage, it also introduces new risks into the environment that must be managed appropriately. This session will include a discussion of the most significant emerging IT risks affecting the healthcare industry and what internal auditors need to know about these risks. In addition, the session will include proven audit approaches that can be used to assess these risks.

Field of Study: Computer Science CPE: 1 Level: All

2:20 - 2:40 pm BREAK

2:40 - 3:30 pmPatient Revenue Risk, Control and Security ConsiderationsNicole Pledger, CISA, Enterprise Systems Risk & Controls: Health Solutions Manager, PwC; Quang Nguyen 10 Epic certifications across multiple modules: Security, Reporting, Outpatient, Infrastructure and Change Management Enterprise Systems Risk & Controls: Health Solutions Manager, PwC As the number of organizations with Electronic Health Records functionality grows, there has been a shift focusing on risk management with three key trends are emerging: - Risk of inappropriate access to patient and financial information has added extra scrutiny on application security design to maintain a controlled environment - The need for IT and risk management groups to work together to leverage EHR technology to mitigate risks associates with evolving EHR software - Risk management is emerging as a strategic activity – integrated with performance measurement and rewards tied to revenue reimbursementLearn key factors to leverage analytics, security data and design principals to define, manage and monitor a controlled environment over an EHR’s Revenue cycle including security controls, which includes: - Critical Access Risks (Definition and Detection) - Segregation of Duties Risks (Definition and Detection)

Field of Study: Auditing CPE: 1 Level: All

3:30 - 3:40 pm BREAK

3:40 - 4:30 pmVendor Risk Management and Expenditure Data AnalyticsShawn McGee, CPA, CISA, Healthcare Risk Assurance Director, PwC: Kendrick McCleskey, Healthcare Risk Assurance Director, PwC; Jose Gonzalez, Healthcare Risk Assurance ManageLeading organizations leverage data to gain a significant competitive edge. The increasing sophistication of analytics technologies coupled with the access and linkage of traditionally disconnected data sources is providing a level of insight and perspective not seen before in large organizations. Integrating data analytics into your Internal Audit approach can help you achieve your audit objectives in a more reliable and cost-effective way. Healthcare organizations are under increasing pressure to reduce operating expenses and increase revenue. Ineffective vendor management, contract performance, duplicate vendor payments, and non-compliance with procurement and expense policies can impact the bottom line. How can you quickly identify red flags in our own vendor management and expenditure processes? Learn key factors to successful vendor governance and monitoring. Identify trends in your institution’s spend and expense reimbursement. Leverage data analytics to improve coverage, depth and quantification of issues, and provide a more timely identification of current and emerging risks.

Field of Study: Specialized Knowledge and Applications CPE: 1 Level: All

7:30 - 8:30 am Registration, Networking Breakfast & Welcome

8:30 – 9:20 am Conflicts of Interest in a Healthcare EnvironmentCraig Conway, JD, LLM, Senior Compliance Attorney, University of Texas Medical Branch (UTMB); Ryan Ingraham, JD, LLM, Associate Compliance Attorney, University of Texas Medical BranchManaging conflicts of Interest (COIs) is a vital aspect of the current healthcare regulatory system. In the research arena, federal regulations require specific documentation and reporting of conflicts of interest for all research funded by the Public Health Service, while other research sponsors, both public and private, have their own COI requirements that must be maintained. Furthermore, consistent management of conflicts of interests ensures that the validity of research data is not questioned due to investigators’ personal financial interests. In more traditional healthcare settings, the federal government has increasingly focused on the integrity of clinician’s financial relationships in an effort to curb the rising cost of healthcare in our country. The Open Payments program, established as part of the Affordable Care Act, requires all pharmaceutical and device manufacturers to report payments made to licensed physicians. Appropriate documentation and reporting of COIs, even beyond the requirements set by individual sponsors or the federal government, ensures both the integrity of research at one’s institutions and the quality of care provided to patients.

Field of Study: Regulatory Ethics CPE: 1 Level: All

9:20 – 9:30 am BREAK

9:30 – 10:20 amHospital Coding: Risk and RewardJudith K. Sturgeon, CCS, CCDS (Certified Coding Specialist, AHIMA and Certified Clinical Documentation Specialist, ACDIS), Clinical Coding/Reimbursement Compliance Manager, Harris Health SystemThis session will provide an overview of Medical Coding by the Hospital. While several specialties in medical coding will be reviewed briefly, this speaker will focus on inpatient hospital coding. The medical codes reported on hospital claims impact much more than the individual payments from 3rd party payers like Medicare, Medicaid, and commercial insurances. The session will review the impact of inpatient coding on the public perception of quality of care, and the associated financial incentives and penalties created by CMS (Center for Medicare and Medicaid Services) for participating hospitals. Consideration of facility factors won’t be neglected – included also will be various audit methodologies, and examples of the direct financial impact of both ‘overcoding’ and ‘undercoding’.

Field of Study: Specialized Knowledge and Applications CPE: 1 Level: Introductory

10:20 – 10:40 am BREAK

10:40 – 11:30 amLet’s Audit Your Construction ProjectsDale R. Shultz, MBA, BS, CCA (Certified Construction Auditor), CIA (Certified Internal Auditor), Senior Auditor, Baylor Scott & White HealthYour organization is spending money to build or expand. • Can a little effort up front bring savings throughout the project? • Did you receive what was billed? In this discussion we will talk about areas of the project where overcharges, and cost savings may be happening:• Define the monthly application for payment process and required documentation to help speed up the review process. • Ensuring the contract supports your audit with a “Right to audit clause.”• What to look for in a change order.• Auditing change order pricing during the bidding phase can help to identify potential overcharges, avoid excess profit and reduce opportunities for fraud. • Are you paying for extra profit in the change order labor rates of lumpsum contracts?During this presentation, our discussion will look at when and where to audit in the project schedule, examples of audit findings, ways to bring forth your findings and working with the owner and contractor to recover or correct claims.

Field of Study: Auditing CPE: 1 Level: All

11:30 – 12:30 pm LUNCH

12:30 - 1:20 pmOCR Mock AuditsMac McMillan, FHIMSS, CISM, CEO & Co-Founder, CynergistTekOne thing is for sure. You don’t want to wait until you get a notice from the Office for Civil Rights (OCR) before you start preparing for an audit. OCR has announced it will be revving up its new program to audit healthcare providers, hospitals and employer sponsored group health plans to measure their compliance with the HIPAA Privacy Rule, Security Rule, and breach notification requirements. The second phase of OCR’s audit program promises reviews of business associates to measure their compliance with the Security Rule and how they approach their obligations under the Privacy

Schedule of Events

One registration form per attendee. Copy this form as needed.

Name: _______________________________________________________________________________

Name of Organization: _________________________________________________________________

Title: ________________________________________________________________________________

Mailing Address: ______________________________________________________________________

City: __________________________________________ State: _________ Zip: _________________

Phone: ________________________________________________________ Fax: ________________

Email: _______________________________________________________________________________

Vegetarian Meals? r Yes r No

Special Assistance Required: _____________________________________________________________

Conference Location

System Services Bldg-WestMemorial Hermann Memorial City Hospital

909 Frostwood Houston, TX 77024

Hotel Options

The Westin Houston, Memorial City945 Gessner RoadHouston, TX 77024

(281) 501-4300

Four Points by Sheraton Houston Weston10655 Katy FreewayHouston, TX 77024

(281) 501-4600

Embassy Suites Houston Energy Corridor11730 Katy Fwy,

Houston, TX 77079(281) 531-7300

ContinuingProfessionalEducation Credits

AHIA is registered with the National Association of State Boards of Accountancy as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credits. Complaints regarding registered sponsors may be addressed to the National Registry of CPE Sponsors, 150 Fourth Avenue North, Suite 700, Nashville TN, 37219-2417; 615.880.4200; http://www.nasba.org. In accordance with the standards of the National Registry of CPE Sponsors, CPOE credits have been granted based on a 50-minute hour. National Registry of CPE Sponsors ID Number 103386

A maximum of 7.0 CPE credits will be granted

AHIA Membersr First Registrant $150r Additional Registrants $125 (from the same organization)

Non-Membersr First Registrant $195r Additional Registrants $170 (from the same organization)

Take advantage of the group discount for full day registration - submit the first registration from your organization at regular price and receive $25 off each additional registrant from your company/organization.

Payment Information

Total Amount Enclosed: $ ____________

r Check r MasterCard r Visa r American Express r Discover

Card Number: ________________________________________________________________________

Expiration Date: _______________________________________ 3-Digit CVV Code: ______________

Name of Cardholder: __________________________________________________________________

Signature: ___________________________________________________________________________

Cancellations & SubstitutionsNo refunds will be given for “no shows” or cancellations. You may send a substitute; please call AHIA at 888-275-2442.

Regional Seminar Fees

Return this form with payment to: 10200 West 44th Avenue, Suite 304

Wheat Ridge, CO 80033Phone: 888.275.2442 l Fax: 720.881.6101

Register Online at www.ahia.org

N O V 1 0 , 2 0 1 5 • H O U S T O N , T X • W W W . A H I A . O R G

Registration Form

(e.g., Ascension Health, CHI, Dignity Health, SSM, CHE). Before joining CHAN Tom was Director of Technology Services for Jefferson Wells International, Sr. Consultant in KPMG’s Information Risk Management Practice, and held a variety of IT and Audit positions with the Texas State Auditor’s Office. Tom has performed several malware audits in his career.

Nicole Pledger, CISA, Enterprise Systems Risk & Controls: Health Solutions Manager, PwCNicole Pledger has nine years of experience providing systems implementation assurance reviews. She has worked on numerous mid-to-large scale, enterprise wide transformation projects (pre and post implementation) engagements, as well as Sox transformation projects focused on internal control improvement and optimization for top-tier public and private companies. This included advising clients during their internal risk assessment process (specifically their Internal Audit departments, including considerations of evidence of support and efficiencies to be gained within an entity’s control structure), providing support in financial accounting areas, and coordinating with specialists within PwC.

Quang Nguyen 10 Epic certifications across multiple modules: Security, Reporting, Outpatient, Infrastructure and Change Management Enterprise Systems Risk & Controls: Health Solutions Manager, PwC Quang is a manager in the PwC Healthcare Industries Assurance Practice. He is the Electronic Health Record Security, Reporting and Interface subject matter expert with an emphasis on Segregation of Duties (SOD) and IT controls assessment and development. His areas of focus include enterprise risk mitigation, cross-application Epic security configuration and the development of IT controls. He has supported efforts ranging from SOD analysis and remediation plans, Infrastructure Management, Epic Change Management and reporting tools to give organizations, confidence in delivering their core services through technology. Quang has supported clinical operations including population management, usage of clinical operations performance indicators, and predictive analytics in various clinical settings (Inpatient, Outpatient and ED). In addition to his Healthcare IT, he has 10 years of experience in other industries including Hi-tech, Manufacturing and Legal IT.

Shawn McGee, CPA, CISA, Healthcare Risak Assurance Director, PwC Shawn is an information technology and business process internal controls specialist with thirteen years of experience leading control assessments, business process assessments, information technology reviews, and data analytics assessments on management’s behalf, as internal audit and as an external auditor. Shawn’s range of experience provides her with a unique ability to assess the impact of findings from several perspectives. Shawn’s experience also enables her to provide recommendations for process improvements with an understanding of the perspectives of management, the board, and their external auditor.

Kendrick McCleskey, Healthcare Risk Assuraance Direcotr, PwC Kendrick is a Healthcare Risk Assurance Director with a unique skillset that combines data architecture, analytics, and business expertise to transform the way clients manage their risk. Kendrick’s sixteen years of experience lends itself to leading projects that help protect, mitigate, and validate risk for financial or non-financial systems. His experience in the industry ranges from payers, providers, and pharmacy benefit management organizations. Kendrick’s extensive experience with strategic and technology-related risks in the context of financial fraud, operation efficiencies, and technology implementations allow clients to trim costs while increasing quality. His experience ranges from data analytics, data governance, data transitions and strategic transformation programs. He leads a team which works with audit teams and clients to implement analytics and advanced technological solutions related to internal and external audit, compliance, fraud, regulatory assessment and reporting.

Jose Gonzalez, Healthcare Risk Assurance Manager Jose has over 7 years of experience helping large healthcare organizations implement data-driven solutions. Jose specializes in risk, internal audit and compliance data analytics across the healthcare sector serving primarily large providers, payers and pharmaceuticals. Prior to joining PwC, Jose worked for Epic Systems, EHR software company, as a Project Manager, Implementation Consultant and Testing Manager. While at Epic, Jose’s focus was implementing Epic software for large academic and research hospitals as well as providing solutions through data analytics to Finance and Compliance executives. At PwC Jose’s specific areas of focus are: Internal Audit and Real-Time Continuous Monitoring; Risk, Regulatory and Compliance Analytics; Data Mining, Analysis and Reporting; and Forecasting / Predictive Modeling.

Craig Conway, JD, LLM, Senior Compliance Attorney, University of Texas Medical Branch (UTMB) Craig Conway serves as a Senior Compliance Attorney in UTMB’s Office of Institutional Compliance. He holds a bachelor of science in public relations from the University of Florida, a J.D. from the Syracuse University College of Law and an LL.M. (Master of Laws) in Health Law from the University of Houston Law Center. At UTMB, Craig is responsible for all aspects of research compliance, oversees the institution’s conflicts of interest program, and is involved in other general compliance matters.

Ryan Ingraham, JD, LLM, Associate Compliance Attorney, University of Texas Medical Branch Ryan is an Associate Compliance Attorney at UTMB’s Office of Institutional Compliance. He received a bachelor’s degree from Vanderbilt University in Religious Studies and earned a J.D. and an LL.M. in health law from the University of Houston Law Center. At UTMB Ryan focuses on Conflicts of Interest and Research Compliance, along with overseeing UTMB’s gift, ethical interaction with industry, and code of ethics policies. In addition, he also assists with other general compliance issues such as billing, tax compliance, training, and compliance investigations.

Judith K. Sturgeon, CCS, CCDS (Certified Coding Specialist, AHIMA and Certified Clinical Documentation Specialist, ACDIS), Clinical Coding/Reimbursement Compliance Manager, Harris Health System Judy Sturgeon has been in Hospital Coding at major teaching facilities for over 25 years. She is experienced in coding and code auditing, clinical documentation improvement, and the associated billing and appeals. She has written more than seventy nationally-published articles on these topics, and is a contributing editor at “For the Record” magazine. Judy is the Manager of Coding and Billing Compliance at the Harris Health System here in Houston, where her work includes not only auditing the facility work, but auditing the external auditors as well. She validates that Medicare “RAC” payment errors are corrected and appeals the proposed changes when the auditors are in error. Her team was able to identify a consistent pattern of Medicaid auditor errors, and crafted an amendment to the recently-passed Sunset Bill requiring Texas Medicaid auditors to comply with the same federal coding rules that are mandated for hospitals.

Dale R. Shultz, MBA, BS, CCA (Certified Construction Auditor), CIA (Certified Internal Auditor), Senior Auditor, Baylor Scott & White Health Dale joined Baylor Scott & White Health in Temple, Texas in 2011 as the Senior Auditor for construction. He has held leadership roles in internal audit, supply chain and operations, both as consultant and staff, with leading fortune 500 companies, private industry and the US Government that include: AIG, Air Liquide, Chevron, IKON, Kinder Morgan, United Space Alliance and NASA. Dale’s background includes healthcare, aerospace, defense, industrial gases, refinery, oil & gas production and distribution. As an internal auditor for more than 15 years, he brought construction audits in-house to Baylor Scott & White Health where he has developed construction audit programs and led audits of four new hospitals, and key hospital expansions and remodel projects. Dale has led operational consulting teams and completed major system audits gaining a reputation as a resource to call. He brings a wealth of experience including new construction, regulatory compliance, contract negotiations, and contract compliance.

Mac McMillan, FHIMSS, CISM, CEO & Co-Founder, CynergistTek Mac McMillan is co-founder and CEO of CynergisTek, Inc., a top-ranked information security and privacy consulting firm. He is Chair of the HIMSS Privacy & Security Policy Task Force and brings nearly 40 years of experience from both Government and private sector positions. He has worked in the healthcare industry since his retirement from the federal government. McMillan is a thought leader in compliance, security and privacy issues in healthcare, contributing to several industry trade publications, blogs and newsletters. He was recognized in Becker’s Hospital Review’s lists of influential healthcare IT leaders by both its writers and readers in 2015, and was named one of the top ten health information security influencers of 2013.

Tom Tharp, Director, Internal Audit, Baylor Scott & White Health Tom has more than 25 years of Audit experience working in a variety of industries. For the past 12 years he has worked exclusively in the Healthcare Industry. Tom is currently Director, Internal Audit at Baylor Scott and White Health (BSWH) in Temple TX. Prior to joining BSWH, Tom was a Sr. Director with CHAN Healthcare Auditors and led CHAN’s IT Audit and CAAT Teams that provided audit and data analysis services to many of the large Catholic Healthcare Systems across the country

Speaker Biographies