corporate compliance it’s the right thing to do!!! · joint commission hfap clia chap dol ... Ø...
TRANSCRIPT
Corporate Compliance Overview
vOurComplianceProgramvHIPAAPrivacyandSecurityvTeamMemberResponsibilitiesvReportingaConcern
WhatisCompliance?
Complying with regulations and laws that govern our operations.
Compliance is:Doing the Right Thing!
ProviderUSA
OCR
FCC
IRS
ADA
HRSA
EPA
FDA
NRC
DOT
OSHA
FBI
HHS
..more
CMSCenterforMedicareMedicaidServices
Congress FederalCircuitCourts
SupremeCourt
MedicareContractors
DMERegionalContractors
RegionalOffices
OIG/DOJ
RegionalIntermediaries
LocalGovernment
AccreditationBodies
StateSurveys
StateMedicaid
State Licensure CONs
StateAttorneyGeneral
StateDeptofHealth
StateNursingBoards
StateMedicalBoards
STATE
JointCommission
HFAP CLIA CHAP
DOLAATB CAP
..more
OCR DEA
..more
StateProfessionalBoards
Pharm PT/OT EMS
LAB RT .more
Healthcareis2ndmostregulatedindustry
FEDERAL
OIG SevenElementsofanEffectiveComplianceProgram
1. Policies&Procedures2. Officer&Committees3. Training&Education4. EffectiveLinesof
Communication5. AuditingandMonitoring6. SystemofResponse&
DisciplinaryProcedure7. EnforcingDisciplinary
Standards
CodeofEthics“theCode”
Ø FrameworkforethicalandlegalprinciplesthatreflectthephilosophyofourOrganization
Ø HighstandardsofintegrityforourselvesandourOrganization
Ø ActionstakenbyoronbehalfoftheOrganizationmustbeconsistentwiththeCode
Ø CompliancewiththeCodeisrequired;failuretodosomayleadtodisciplinaryactionsuptoandincludingtermination
Fraud: toknowingly,willfullydeceiveormisrepresentfactswithintenttoreceiveanunauthorizedbenefit.Youknewitwaswrongbutyoudiditanyway!
Abuse: actionsthatresultinunauthorizedbenefit,butwerenotcommittedknowingly,willfullyandintentionally.Youmaynothaveknownitwaswrongbutyoureceivedanunauthorizedbenefitthusyouareguiltyofabusingthesystem.
FederalFalseClaimsAct: Anyperson“knowingly”submitsorcausesanothertosubmitafalseorfraudulentclaimforpaymentisliabletoUnitedStatesfor:
Ø 3timesthegovernment’slossPLUSØ Penaltiesto$23,000perclaim
Fraudulent&AbusivePracticesResultin:Ø CivilLiability=MonetaryPenaltiesØ CriminalProsecution=Imprisonment/FinesØ AdministrationSanctions=MoneyPenaltiesandExclusionsfromFederally
FundedPrograms
KeyComplianceTerms
RegulationsrequirehealthcareorganizationstocomplywithFederalcivilrightslaws.Theselawsprohibitdiscrimination,exclusion,orthetreatingofindividualsdifferentlybecauseofage,race,color,nationalorigin,ethnicity,religion,culture,language,physicalormentaldisability,socioeconomicstatus,sex,sexualorientation,genderidentityorexpression.
CompliancewithNon-DiscriminationRegulations
Example:AmericanswithDisabilitiesAct(ADA)prohibitsdiscriminationagainstindividualswithdisabilities;requiresequalaccesstopatientsandcompanionswithdisabilities.
Interpreters,languageservices,auxiliaryaidsandservicesareprovidedfreeofchargetoourpatientsandcompanions.
Questions/concernsmaybedirectedtofacilityADAAdministrators.
NoRetaliationPhilosophy
Ø ProtectionsprovidedunderFederalandStateFalseClaimsActstopreventwhistleblowersfrombeingdischarged,demoted,suspended,threatened,harassedordiscriminatedagainstasaresultoflawfulactionstakenundertheacts.
Ø Retaliationagainstateammemberwhoingoodfaithreportsacomplianceorethicsconcernisnottolerated.
HIPAAPrivacyandSecurityProgram
HealthInsurancePortabilityandAccountabilityAct(HIPAA)includesthePrivacyRuleandtheSecurityRule
Ø CorporateComplianceServicesisresponsibleforoverseeingcompliancewithlawsprotectingthehealthinformationofourpatients.
Ø DesignatedindividualsoverseeHIPAAcompliance:ü MSHAHIPAAComplianceOfficerwhoserves
astheHIPAAPrivacyOfficer&SecurityOfficer
HIPAAPurposeandGoal
Purpose:Toprotectpatientrightstoprivacyandconfidentiality.Ensurethesecurityofelectronictransferofpersonalinformation.
PrivacyRule:Providesprotectionsforhealthinformation;Givespatientsrights;Permitsuse,access,disclosureofinformationforcareandotherpurposes.
SecurityRule:Requiressafeguards,integrity ofelectronicPHI:Administrative(policies); Physical (keypads, locks);Technical (encryption,passwords).
Goal:Toassurehealthinformationisproperlyprotectedwhileallowingtheflowofhealthinformationasappropriate.
Maintainingabalancethatpermitsappropriateusesanddisclosuresofinformationwhileprotectingtheprivacy
ofthosewhoseekcareandhealing.
HIPAAProtectedHealthInformation(PHI)
PrivacyRuleprotectsinformationinanyformwhether……paper,electronicororal.
“MinimumNecessary”:Reasonableeffortstouse,discloseandrequestonlytheminimalPHIneededtoaccomplishanintendedpurpose.Beforeaccessingpatientinformation,askyourself…
“DoIneedtoknowthistodomyjob?”IftheanswerisNO…youshouldNOT
accesstheinformation.
HIPAAPatientRights
ü Rightofaccessandobtainacopyofownmedicalrecord.
ü Righttorequest restrictionsofuse/disclosures.
ü Rightofrestrictionforuse/disclosureofPHIrelatedtoserviceswhichthepatientpays100%outofpocketforserviceandrequeststherestriction.
ü Righttorequest anamendmenttotheirmedicalrecord.
ü Righttoaccountingofdisclosure.
ü Righttoreceiveconfidentialcommunication.
HIPAAFailuretoComply
ü Inappropriateaccess,use,disclosureofpatientinformationresultinginafailuretocomplywithprivacyorsecuritypracticesisreasonfordisciplinaryactions….uptoandincludingtermination.
ü CivilandCriminalfinesforviolationscanrangefrom$1,500,000fororganizations;$250,000forindividualsanduptotenyearsinjail.
TreatPatientInformationthewayyouwouldwantotherstotreatyourInformation.
HIPAAKey PoliciesandProcedures
ReportingofPotentialorActualBreaches:IM-900-026Requires workforcememberstoreportpotentialviolations.
Email: IM-900-018 SendingemailswhichcontainPHI.
Texting: IM-900-028 addressestextingofPHI.
Photos:Patientconsentrequired.Useofpersonaldevices,cellphonestovideoorphotographpatientisprohibited.
HandlingWorkofSomeoneYouMayKnow: IM-900-028Guidancetoavoidconflictofinterestwhenworkinvolvesapatientknowntoteammember.
SeriousSecurityIssue-PhishingEmailsAvoidthePhishHook!
Ø Nevergiveoutyourpassword!!
Ø Neversendpersonaldatasuchasyourbankaccount#s,SSN,etc.
Ø Donotrandomlyclickonlinksinemailsoropenemailattachments
Ø Cybercriminalswillcommunicateasenseofurgencybeforeanegativeresultwilloccur…..
“youraccountwillbelocked”
Ø ContacttheISServiceDesk,immediately ifyoureceiveaphishingemail
Ø Ifyouareavictimtoacybercriminalandclickedonalink,openedafileorprovidedinformation…..Shutyourcomputerdownimmediately andcontacttheISServiceDesk
Notethestrangegrammar
Notesenseofurgency,negativeresult
YourResponsibilities-“CommonSense/GoodJudgement”
ü AbidebytheCodeofEthics,policies,procedures,lawsandregulations.ü Dowhatisrightthefirsttime.ü Useyourbestjudgement- whenindoubt,seekadvice.Ask!ü Immediatelyreportanypotentialnon-compliance.ü PHIisabout thePatient;thePHIbelongs totheOrganization
SocialMediaandPHIDoNotGoTogetherü SilenceisnotalwaysGolden.“SeeSomething- SaySomething”ü BeAlerttoyourSurroundings
Knowwhocanhearwhatyouaresaying
“Integrityisdoingtherightthing,evenwhennooneiswatching”….C.S.Lewis(poet)
ReportaConcern,AskQuestions
ü YourSupervisor,Manager,orDeptDirectorü FacilityComplianceOfficersü SystemComplianceOfficerü HIPAAComplianceOfficerü HumanResourcesRepresentativesü LegalServicesü MedicalEthicsConsultantü Patient/GuestFeedbackSystemü DirectLineü PatientSafetyReporting