dtccsanna edh schlhnenho s dhtledtch naehcatl tnena · biomedical device risk management —...

50
A H I A 3 8 T H A N N U A L C O N F E R E N C E Scan to download the AHIA Conference App SPONSORED BY www.ahia.org ONSITE GUIDE

Upload: others

Post on 28-Jun-2020

0 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

������������������������������������������������������ ������

�����������������������������������������������������������

AHIA 38TH ANN

UA

L C

ON

FE

RE

NC

E

Scan to download the AHIA Conference App

SPONSORED BY

www.ahia.org

ONSITE GUIDE

Page 2: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3
Page 3: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

3SEPTEMBER 15 –18, 2019 www.ahia.org

TABLE OF CONTENTS AHIA MISSION & VISION

TAB

LE

OF

CO

NT

EN

TS

AH

IA M

ISS

ION

& V

ISIO

N

AHIA Mission and Vision . . . . . . . . . . . . . . . . . . . . . 3

Hotel Floor Plan & Site Map . . . . . . . . . . . . . . . . 4-5

Welcome . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Schedule of Events by Day . . . . . . . . . . . . . . . . 6-15

AHIA Board of Directors & Conference Planning Committee . . . . . . . . . . . . . . . . . . . . . . . 17

Exhibit Hall Hours & Social Events Schedule . . . 18-19

AHIA Conference Tracks . . . . . . . . . . . . . . . . . 20-21

2020 Save the Date . . . . . . . . . . . . . . . . . . . . . . . 21

Conference Schedule

Sunday, September 15 . . . . . . . . . . . . . . . 22-30

Monday, September 16 . . . . . . . . . . . . . . . 31-44

Tuesday, September 17 . . . . . . . . . . . . . . . 45-59

Wednesday, September 18 . . . . . . . . . . . . 61-67

Sponsors . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68-69

Exhibitor Hours & Drawing . . . . . . . . . . . . . . . . . . . 70

Exhibitor Floor Plan . . . . . . . . . . . . . . . . . . . . . . . 71

Exhibitor Listing . . . . . . . . . . . . . . . . . . . . . . . 72-82

CPE Certification . . . . . . . . . . . . . . . . . . . . . . . . . 85

CHIAP™ Certificants . . . . . . . . . . . . . . . . . . . . 86–88

FAQs & Policies . . . . . . . . . . . . . . . . . . . . . . . 89-91

Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

WIFIWifi is provided to all conference attendees and covers all breakout and conference rooms.

Network Name: AHIA2019Access Code: ahia2019 (case sensitive)

MISSION STATEMENT

The Association of Healthcare Internal Auditors provides leadership

and advocacy to advance the healthcare internal audit profession

globally by facilitating relevant education, resources, certification

and networking opportunities.

VISION STATEMENT

To be the premier association for healthcare internal auditing.

Founded in 1981, the Association of Healthcare Internal Auditors

(AHIA) is a network of experienced healthcare internal auditing

professionals who come together to share tools, knowledge and

insight on how to assess and evaluate risk within a complex and

dynamic healthcare environment. AHIA is an advocate for the

profession, continuing to elevate and champion the strategic

importance of healthcare internal auditors with executive

management and the Board. If you have a stake in healthcare

governance, risk management and internal controls, AHIA is

your one-stop resource. The Association of Healthcare Internal

Auditors (AHIA) is an international organization dedicated to the

advancement of the healthcare internal auditing profession, which includes auditing disciplines such as operational, compliance, clinical/medical, financial and information technology. Healthcare

leadership and the healthcare internal auditing profession recognize

AHIA as the catalyst for continually elevating the quality of healthcare

internal auditing and advancing the profession and its members.

AHIA embodies ‘excellence through sharing’ and is the healthcare

auditors’ first choice for education, certification and leadership

specific to this multi-disciplined profession and for information on best

practices and industry and professional trends. AHIA is a leader in

partnering with other organizations to expand professional resources.

Page 4: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

5SEPTEMBER 15 –18, 2019 www.ahia.org

LEVEL FOUR

Acoustic

Electric

Bass

Balc

ony

BroadwayBallroom

East

BroadwayBallroom

West

w m

Country MusicHall of Fame

Theater

GrandStairs

Country MusicHall of Fame

Lobby

WM

W

M

6

5

4

3

2

1

1 2 3 4Old

Hickory GibsonBoardroom

LEVEL TWO

LEVEL THREE

Cum

berla

nd (1

-6)

Mockingbird (1-4)

Terrace

Grand ViewTerrace

LEVEL THREE

www.ahia.org AHIA 38TH ANNUAL CONFERENCE4

HOTEL FLOOR PLAN & SITE MAP

LEVEL TWO

OMNI NASHVILLE HOTEL

WE

LCO

ME

Welcome!

It is our pleasure to welcome you to the 38th AHIA Annual Conference. The Board of Directors and the AHIA Annual Conference Committee members are confident that you will find the conference curriculum thought provoking, educational, and even inspiring.

This year’s theme “Harmonizing the Complexities of Healthcare Internal Auditing,” has tuned the Committee in to develop a balanced program of foundational knowledge and advanced topics to help healthcare auditors navigate through the extraordinary operational, fiscal and compliance related challenges that our organizations face.

Please accept our sincerest appreciation for your attendance at this conference — because truly without you the Conference could not happen. Enjoy your Conference experience, as you learn new things and share your own knowledge!

Online Post-Conference EvaluationFollowing the conference, you will receive an email directing you the AHIA Annual Conference evaluation. Please take time to complete this evaluation and let us know about your 2019 experience. Your participation will help us identify how to best serve your future needs; and may be required for CPE verification.

About Your CPE CertificateYou received your official CPE tracking and certificate forms (NASBA/CCB/AAPC) in your registration welcome bag. In order to receive continuing education credit, follow the directions and submit to your licensure and/or credentialing bodies. You must place your name on the session sign-in sheet (located outside of each session room) to verify attendance at each presentation you indicate you have attended. Before leaving the conference, leave the white copy of the NASBA carbon copy form at the registration desk. Retain the yellow copy as your certificate of attendance. See page 85 for continuing education requirements for this conference.

LEVEL FOUR

Acoustic

Electric

Bass

Balc

ony

BroadwayBallroom

East

BroadwayBallroom

West

w m

Country MusicHall of Fame

Theater

GrandStairs

Country MusicHall of Fame

Lobby

WM

W

M

6

5

4

3

2

1

1 2 3 4Old

Hickory GibsonBoardroom

LEVEL TWO

LEVEL THREE

Cum

berla

nd (1

-6)

Mockingbird (1-4)

Terrace

Grand ViewTerrace

Page 5: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

5SEPTEMBER 15 –18, 2019 www.ahia.org

WE

LCO

ME

Welcome!

It is our pleasure to welcome you to the 38th AHIA Annual Conference. The Board of Directors and the AHIA Annual Conference Committee members are confident that you will find the conference curriculum thought provoking, educational, and even inspiring.

This year’s theme “Harmonizing the Complexities of Healthcare Internal Auditing,” has tuned the Committee in to develop a balanced program of foundational knowledge and advanced topics to help healthcare auditors navigate through the extraordinary operational, fiscal and compliance related challenges that our organizations face.

Please accept our sincerest appreciation for your attendance at this conference — because truly without you the Conference could not happen. Enjoy your Conference experience, as you learn new things and share your own knowledge!

Online Post-Conference EvaluationFollowing the conference, you will receive an email directing you the AHIA Annual Conference evaluation. Please take time to complete this evaluation and let us know about your 2019 experience. Your participation will help us identify how to best serve your future needs; and may be required for CPE verification.

About Your CPE CertificateYou received your official CPE tracking and certificate forms (NASBA/CCB/AAPC) in your registration welcome bag. In order to receive continuing education credit, follow the directions and submit to your licensure and/or credentialing bodies. You must place your name on the session sign-in sheet (located outside of each session room) to verify attendance at each presentation you indicate you have attended. Before leaving the conference, leave the white copy of the NASBA carbon copy form at the registration desk. Retain the yellow copy as your certificate of attendance. See page 85 for continuing education requirements for this conference.

Page 6: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

6 7www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

SC

HE

DU

LE O

F E

VEN

TS B

Y D

AY

SCHEDULE OF EVENTS BY DAY

SUNDAY, SEPTEMBER 15 | 2019 7:00 am – 5:30 pm Registration Broadway Ballroom Foyer 22

Pre-Conference Workshops Track Session Room Page

8:00 am – 5:30 pm Advanced ACL Concepts: Functions & Scripts Pre-Conference ACL1 Gibson Boardroom 22

10:00 am – 2:00 pm Internal Audit Strategic Fitness Pre-Conference WS01 Old Hickory 23

10:00 am – 2:00 pm Construction Project Governance Myths and Facts Pre-Conference WS02 Cumberland 2 24

1:00 pm – 3:00 pm Engaging with Your Audience — How to Speak the Language of Participants Pre-Conference WS03 Cumberland 3 25

1:00 pm – 5:00 pm Power Excel with MrExcel Pre-Conference WS04 Mockingbird 3 26

1:00 pm – 5:00 pm EHR Auditor User Group Workshop — Epic Focus Pre-Conference EHR1 Cumberland 1 27

CAE and Audit Roundtables — INVITE ONLY

9:30 am – 12:30 pm Chief Audit Executive Roundtable (Protiviti) CAE1 Cumberland 4 29

12:30 pm – 3:30 pm Chief Audit Executive Roundtable (Deloitte) CAE2 Mockingbird 1 29

Audit Director/Manager Roundtable (Moss Adams) MDRT1 Mockingbird 2 30

12:30 pm – 4:30 pm IT Audit Roundtable (Eminere Group) ITRT1 Cumberland 4 30

3:00 pm – 6:00 pm Chief Audit Executive Roundtable (Crowe) CAE3 Cumberland 2 30

MONDAY, SEPTEMBER 16 | 2019 7:00 am – 6:00 pm Registration Broadway Ballroom Foyer 31

7:00 am – 8:00 am First Time Attendee Breakfast Grandview Terrace 31

7:00 am – 8:00 am Attendee Continental Breakfast Broadway Ballroom East 31

7:00 am – 7:15 pm Exhibit Hall Open Broadway Ballroom East 31

7:00 am – 8:00 am BL1: Early-bird Breakfast Session Cumberland 1 31

8:00 am – 9:30 am Keynote Presentation (Sponsored by Eide Bailly) Broadway Ballroom West 32

9:30 am – 10:00 am Mid-Morning Networking Break in Exhibit Hall Broadway Ballroom East 32

10:00 am – 11:40 am Breakout Sessions Track Session Room Page

Developing an Audit Plan — Step by Step Core Auditor A1 Cumberland 1 33

The Opioid Epidemic: An Important Auditor Update Care Settings B1 Cumberland 2 33

Auditing Privacy and Security Compliance Issues in Research: Why is This So Complex? Compliance C1 Cumberland 3 33

Understanding and Applying COBIT 2019 Information Technology/Security D1 Cumberland 4 34

Clinical Trial Billing Audits — The “Rocky Top” of Reimbursement Revenue Cycle E1 Cumberland 5 34

How to Help your Organization Stay in Compliance via Auditing and Monitoring Health Plan F1 Mockingbird 1 34

Catch Me If You Can: Today’s Pink Collar Criminal Emerging Topics & Practices G1 Broadway Ballroom West 35

11:50 am – 1:00 pm Conference Attendee Luncheon Broadway Ballroom East 35

11:50 am – 1:00 pm AHIA Certification Volunteer Appreciation Lunch — Invitation Only Cumberland 6 35

SC

HE

DU

LE O

F EVE

NTS

BY D

AY

SCHEDULE OF EVENTS BY DAY

Page 7: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

8 9www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

SCHEDULE OF EVENTS BY DAY

MONDAY, SEPTEMBER 16 | 2019 cont.

SC

HE

DU

LE O

F E

VEN

TS B

Y D

AY

SCHEDULE OF EVENTS BY DAY

11:50 am – 1:10 pm Breakout Sessions Track Session Room Page

The Cloud, its Risk and Implications Lunch and Learn LL1 Cumberland 1 35

Using Data to Enhance Audit Coverage and Drive Value Lunch and Learn LL2 Cumberland 4 36

1:10 pm – 2:00 pm Breakout Sessions Track Session Room Page

Don’t Fall Prey to Rookie Mistakes: Scoring Points as a New Auditor Core Auditor A2 Cumberland 1 36

Prescription Practices and Drug Utilization Monitoring Systems Care Settings B2 Cumberland 2 36

Effective Risk Assessment Collaboration Between Internal Audit and Compliance Compliance C2 Cumberland 3 37

The Bots Are Coming…Man Your Risk Battle Stations Information Technology/Security D2 Cumberland 4 37

Revenue Analytics Revenue Cycle E2 Cumberland 5 37

Auditing: Lessons Learned from the Field Health Plan F2 Mockingbird 1 38

Stressed? How to Keep it Together Emerging Topics & Practices G2 Mockingbird 2 38

2:10 pm – 3:00 pm Breakout Sessions Track Session Room Page

Building Control Risk Matrix and Audit Program from the Ground Up Core Auditor A3 Cumberland 1 38

Planning and Conducting Physician Office Site Assessments Care Settings B3 Cumberland 2 39

ADRs, Prepayment Reviews and Postpayment Audits of Pain Management Practices. How Should You Respond if Your Healthcare Practice is Targeted? Compliance C3 Cumberland 3 39

Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3 Cumberland 4 39

Back to Basics: Evaluation & Management (E/M) Code Training Revenue Cycle E3 Cumberland 5 40

Provider Owned Health Plans — Regulatory Risks, Issues, and Lessons Learned Health Plan F3 Mockingbird 1 40

Business Continuity — Will You Be Open? Emerging Topics & Practices G3 Mockingbird 2 40

3:00 pm – 3:30 pm Mid-Afternoon Networking Break with Exhibitors Broadway Ballroom East 41

3:30 pm – 5:10 pm Breakout Sessions Track Session Room Page

Launching a Successful Audit through Concluding the Audit, Effective Report Writing and Successful Follow-up Core Auditor A4 Cumberland 1 41

Clinical Research Audits — Planning for Success Care Settings B4 Cumberland 2 41

Assessing Departmental Risk, The Importance of Data Analytics Compliance C4 Cumberland 3 42

Auditing Network Security — Practical Experiences from the Field and What You Should Audit Information Technology/Security D4 Cumberland 4 42

Smart E&M Auditing Tips for Smart EHRs Revenue Cycle E4 Mockingbird 2 43

The Value Internal Audit Provides in Preparing for the CMS Program Audit Health Plan F4 Mockingbird 1 43

Agile Auditing: Transforming Internal Audit Emerging Topics & Practices G4 Cumberland 5 43

5:10 pm – 7:15 pm Welcome Reception Broadway Ballroom West 44

SC

HE

DU

LE O

F EVE

NTS

BY D

AY

Page 8: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

10 11www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

SCHEDULE OF EVENTS BY DAY

TUESDAY, SEPTEMBER 17 | 2019 7:00 am – 6:00 pm Registration Broadway Ballroom Foyer 45

7:00 am – 8:00 am Attendee Continental Breakfast Broadway Ballroom East 45

7:00 am – 6:30 pm Exhibit Hall Open Broadway Ballroom East 45

7:00 am – 8:00 am BL2: Early-bird Breakfast Session Cumberland 1 45

8:00 am – 9:30 am Keynote Presentation Broadway Ballroom West 46 9:30 am – 10:00 am Mid-Morning Networking Break with Exhibitors Broadway Ballroom East 46

10:00 am – 11:40 am Breakout Sessions Track Session Room Page

Application Auditing: What Business Auditors Should Know about IT Core Auditor A5 Cumberland 1 46

Drug Diversion Care Settings B5 Broadway Ballroom West 47

Auditing Healthcare Focus Arrangements for Regulatory Compliance: Physicians, Management Services, Post- Discharge Care, Ambulance Services, Specialty Care, Etc. Compliance C5 Cumberland 3 47

The IT Analysis Paralysis Information Technology/Security D5 Cumberland 4 47

How to CUT the Risk Out of Surgical Billing: Do You Need a Nip & Tuck or a Complete Overhaul? Revenue Cycle E5 Cumberland 5 48

Attacking Managed Care Denials Health Plan F5 Mockingbird 1 48

Hitting the High Notes when Auditing the Middle of the Revenue Cycle Emerging Topics & Practices G5 Cumberland 2 49

11:40 am – 1:10 pm Conference Attendee Luncheon Broadway Ballroom East 49

11:40 am – 1:10 pm Breakout Sessions Track Session Room Page

Addressing Priorities for Internal Auditors in Healthcare Delivery Organizations Lunch and Learn LL3 Mockingbird 2 49

Are You a Cyber Risk Target? A Non-Technical Hands-on View of Tools and Methods Commonly Used that Any Auditor Should Know about Cyber Security Lunch and Learn LL4 Broadway Ballroom West 50

12:00 am – 1:00 pm AHIA Committee Leadership Luncheon —Invitation Only Mockingbird 3 50

Breakout Sessions Track Session Room Page

1:10 pm – 2:00 pm De-constructing Construction Auditing: From a Healthcare Auditor’s Perspective Core Auditor A6 Cumberland 2 50

Implementation of Clinical Equipment Review Team Process Care Settings B6 Cumberland 3 51

The Current Regulatory Environment and Auditing of Urine Drug Testing Compliance C6 Mockingbird 1 51

The Secure Software Development Lifecycle (SSDLC) and How to Co-Source an Effective Audit Assessment Information Technology/Security D6 Cumberland 1 51

Auditing Overlapping Surgeries & Teaching Physician Rule Compliance Revenue Cycle E6 Cumberland 5 52

Data Analytics and ‘Real World’ Applications: Leveraging D&A for Health Plans Health Plan F6 Cumberland 4 52

Designing a Fraud Risk Management Program Emerging Topics & Practices G6 Broadway Ballroom West 52

SC

HE

DU

LE O

F E

VEN

TS B

Y D

AY

SCHEDULE OF EVENTS BY DAY

SC

HE

DU

LE O

F EVE

NTS

BY D

AY

Page 9: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

12 13www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

SCHEDULE OF EVENTS BY DAY

SC

HE

DU

LE O

F E

VEN

TS B

Y D

AY

SCHEDULE OF EVENTS BY DAY

2:10 pm – 3:00 pm Healthcare Internal Auditing — Music to Our Ears Core Auditor A7 Cumberland 1 53

Understanding Patient Engagement and Experience Initiatives and What They Mean for Internal Audit Care Settings B7 Cumberland 2 53

Auditing the Locum Tenen Process Compliance C7 Cumberland 3 54

Auditing the Configuration and Use of Telehealth Devices Information Technology/Security D7 Cumberland 4 54

Mitigating Medicare Reimbursement Denials: Real-Time Alerts for Mis-coding and Broken Work Flows Regains Lost Reimbursements and Increases Patient Satisfaction Revenue Cycle E7 Cumberland 5 54

Telemedicine and Verification of Services Health Plan F7 Mockingbird 1 55

Improve Your Processes, Improve Your Organization Emerging Topics & Practices G7 Cumberland 6 55

3:00 pm – 3:30 pm Mid-Afternoon Networking Break with Exhibitors Broadway Ballroom East 55

3:30 pm – 5:10 pm Breakout Sessions Track Session Room Page

Facilities Audit in the Healthcare World: Construction, Operations and Maintenance Core Auditor A8 Cumberland 1 56

340B Auditing — Where Do I Begin and How to Leverage Data Analytics Care Settings B8 Cumberland 2 56

Disruptions that Impact Healthcare Compliance Compliance C8 Cumberland 3 56

The Rise of Robotics Process Automation (RPA) and the Role of Internal Audit Information Technology/Security D8 Cumberland 4 57

Auditing Ground Ambulance Transportation Services: Driving a Comprehensive Audit Approach Revenue Cycle E8 Cumberland 5 57

Driving Business Value in Denials Management with Data Analytics Health Plan F8 Mockingbird 1 57

Billing Utilization Data Analysis for Focused Investigations Emerging Topics & Practices G8 Mockingbird 2 58

5:20 pm – 6:20 pm AHIA Business Meeting — All Are Invited To Attend Broadway Ballroom West 58

7:00 pm – 10:00 pm Social Events (advanced ticket purchase required) Various 19, 59

SC

HE

DU

LE O

F EVE

NTS

BY D

AY

TUESDAY, SEPTEMBER 17 | 2019 cont.

Page 10: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

14 15www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

SC

HE

DU

LE O

F EVE

NTS

BY D

AYS

CH

ED

ULE

OF

EVE

NTS

BY

DA

Y

SCHEDULE OF EVENTS BY DAYSCHEDULE OF EVENTS BY DAY

WEDNESDAY,SEPTEMBER 18 | 2019 7:00 am – 12:00 pm Registration Broadway Ballroom Foyer 61

7:00 am – 8:00 am Attendee Continental Breakfast Broadway Ballroom East 61

8:00 am – 9:40 am Breakout Sessions Track Session Room Page

Healthcare Compliance Auditing for Zones of Risk Core Auditor A9 Cumberland 1 61

Quality Assurance and Improvement Program (QAIP) — How to Build Quality into Internal Audit Activities Care Settings B9 Cumberland 2 61

How Does Your Organization’s Compliance Program Stack Up in the Healthcare versus Financial Services Industries? Compliance C9 Cumberland 3 62

Vendor Management in the Era of Big Data and Machine Learning Information Technology/Security D9 Cumberland 4 62

Revenue at Risk: From the Bed-side to the Business-side Revenue Cycle E9 Cumberland 5 63

Health Plan Strategy: Proactive Auditing vs Reactive Auditing Health Plan F9 Mockingbird 1 63

Navigating Risk While Mitigating the Three-Headed Monster Emerging Topics & Practices G9 Mockingbird 2 63

9:40 am – 10:00 am Mid-Morning Refreshment Break Broadway Ballroom East 64

10:00 am – 10:50 am Breakout Sessions Track Session Room Page

Top 10 HR Audit Risks Core Auditor A10 Cumberland 1 64

Top Home Health Compliance Risks and Monitoring Opportunities Care Settings B10 Cumberland 2 64

Credit Balance Report Auditing and Regulatory Considerations Compliance C10 Cumberland 3 65

Top 10 Emerging Healthcare IT Audit Issues Information Technology/Security D10 Cumberland 5 65

Epic Operational Audits for Non-technical Auditors Revenue Cycle E10 Cumberland 4 65

Auditing Health Plan Benefit Administration for Company Employees Health Plan F10 Mockingbird 1 66

Provider Compliance: It’s Not a Mission Impossible Emerging Topics & Practices G10 Mockingbird 2 66

11:00 am – 1:00 pm Keynote Presentation Broadway Ballroom West 67

Page 11: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

17SEPTEMBER 15 –18, 2019 www.ahia.org

2019 AHIA BOARD OF DIRECTORSMary Jane Schroeder, ChairMary Jo Flynn, Vice ChairCavell Alexander, TreasurerJim Passey, Immediate Past ChairAlicia Capps, DirectorAmy Greenhoe, DirectorTodd Havens, DirectorEric Kristofic, DirectorDeborah Pazourek, DirectorDavid Richstone, DirectorScott Stevenson, Director

2019 CONFERENCE PLANNING COMMITTEEThe 2019 Planning Committee has been working since October 2018 to develop a program that will be interesting and addresses relevant topics facing each of us in our daily challenges. We have listened to our members’ feedback which is a driving factor in the development of this year’s program. Special thanks to our dedicated committee members, without their hard work and tireless efforts, this conference would not be possible:

Jackye Thompson, ChairTerri Allen, PreconferenceMichelle Elliott, Compliance Track Leader; Social EventsKatherine Fore, Keynote Presentations; Social EventsAmy Greenhoe, Board LiaisonLisa Litwiller, Care Settings Track LeaderGinger Manwell, Revenue Cycle Track LeaderGreg Newton, Health Plan Track Leader; Social EventsMichelle Piranio, Core Skills Track LeaderMary Jane Schroeder, AHIA Board ChairDarryl Rhames, Emerging Topics & Practices Track LeaderJonathan West, IT & Security Track Leader

Online registration, complete session descriptions,

learning objectives, field-of-study classifications,

prerequisites and more are available at

www.ahia.org

AH

IA B

OA

RD

OF D

IRE

CTO

RS

&

CO

NFE

RE

NC

E P

LAN

NIN

G C

OM

MITTE

E

AHIA BOARD OF DIRECTORS & CONFERENCE PLANNING COMMITTEE

Page 12: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

18 19www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

EX

HIB

IT H

AL

L H

OU

RS

&

SO

CIA

L E

VE

NT

S S

CH

ED

UL

E EXHIBIT HALL HOURSExhibitor Set-upSunday, September 15 2:00 pm – 5:00 pm

Exhibit Viewing HoursMonday, September 16 7:00 am – 7:15 pm (Welcome Reception in progress until 7:15pm) Tuesday, September 17 7:00 am – 6:30 pm

Exhibitor TeardownTuesday, September 17 6:30 pm – 8:30 pmPlease note: Exhibitors are not required to staff booths during times attendees are in educational sessions.

Registration HoursSunday, September 15 7:00 am – 5:30 pmMonday, September 16 7:00 am – 6:00 pmTuesday, September 17 7:00 am – 6:00 pmWednesday, September 18 7:00 am – 12:00 pm

SOCIAL EVENTS HOURS First Time Attendee Breakfast Monday, September 16 7:00 am – 8:00 amGrandview Terrace

Welcome Reception (SPONSORED BY PROTIVITI)Monday, September 16 5:10 pm – 7:15 pmBroadway Ballroom East

AHIA Certification Volunteer LuncheonMonday, September 16 12:00 pm – 1:00 pmCumberland 6 AHIA Committee Leadership LuncheonTuesday, September 17 12:00 pm – 1:00 pmMockingbird 3 Advanced Fee Registration/Ticketed EventsTuesday, September 17Limited amount of tickets are available per offering. Visit the registration deck to check availability. See next page for details.

EXHIBIT HALL HOURS & SOCIAL EVENTS SCHEDULE

EX

HIB

IT H

AL

L H

OU

RS

&

SO

CIA

L E

VE

NT

S S

CH

ED

UL

E

SOCIAL EVENTS HOURS, CONT. • Big Machine Distillery Tour & Tasting 7:00 pm – 9:00 pm $55 per person

Big Machine Distillery is located in the heart of downtown Nashville. Boasting the only working distillery on Nashville’s famous Broadway strip, the Big Machine Store is the perfect unique experience incorporating a taste of the city through their very own Big Machine Platinum Filtered Premium Vodka.

Guests will experience a 30 minute guided tour of the facility to learn about the history and processes that make this distillery unique. After the tour, guests will have the opportunity to sample four of Big Machine’s most popular products. Guests will also leave with a Big Machine Distillery goodie bag!

• Nashville Hearse Ghost Tour 8:00 pm – 9:00 pm / 9:30 pm – 10:30 pm $50 per person

Depart on a journey to some of Nashville’s most eerie sites in a converted New Orleans hearse. Sit back and relax (if you can) while your driver uncovers the hauntings surrounding the ghosts of Union Station, the infamous “Murder on Music Row,” Nashville’s oldest cemetery, and more. Written by the authors of Haunted Nashville, this unique tour is an experience sure to haunt your memory for years. Nashville Ghost Tours Haunted Hearse Tours are a great way to see the haunted side of Nashville!

• Grand Ole Opry Show 7:00 pm – 9:30 pm $65 per person

What began as a simple radio broadcast in 1925 is today a live entertainment phenomenon. Dedicated to honoring country music’s rich history and dynamic present, the Grand Ole Opry showcases a mix of country legends and the contemporary chart-toppers who have followed in their footsteps. The Opry, an American icon and Nashville, Tennessee’s number-one attraction, is world-famous for creating one-of-a-kind entertainment experiences for audiences of all ages. It’s been called the “home of American music” and “country’s most famous stage.” Every year, hundreds of thousands of people make pilgrimages across town or around the world to the Grand Ole Opry to see the show live.

EXHIBIT HALL HOURS & SOCIAL EVENTS SCHEDULE

Page 13: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

20 21www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

AHIA CONFERENCE TRACKS

AH

IA C

ON

FE

RE

NC

E T

RA

CK

S

AHIA CONFERENCE TRACKS

AH

IA C

ON

FE

RE

NC

E T

RA

CK

S

The AHIA Annual Conference features seven educational tracks so that you can pick and choose, in order to capture the information, skills and resources most relevant to you.

CORE SKILLS (TRACK A) The Core Skills track includes topics that will supplement the “auditor’s toolkit” with fundamental audits and audit tools from a healthcare perspective. The sessions will walk

us through the audit life cycle from IIA Standards overview, strategic risk assessment techniques, planning/information gathering, audit execution, healthcare industry audit tips and reports that get results.

CARE SETTINGS (TRACK B) Recent and proposed healthcare reform legislation has increased the focus on clinical quality. This track will include topics that impact clinical quality, and increase

understanding of related issues facing the healthcare industry today.

COMPLIANCE (TRACK C)The Compliance track sessions focus on increasing the healthcare auditor’s understanding of compliance risk areas. Healthcare audit professionals will improve their

skills in developing risk based compliance audit plans, evaluating key compliance risk areas, and identifying control improvements.

INFORMATION TECHNOLOGY/SECURITY (TRACK D)This track is designed to meet the needs of both the IT specialty auditors and general auditors with responsibilities for IT audit service. The track covers IT hot topics in the

healthcare industry by offering technical sessions providing information on IT specific risks and controls as well as sessions on broader IT topics that will increase understanding for healthcare professionals.

REVENUE CYCLE (TRACK E)The Revenue Cycle track contains education on topics across the entire revenue cycle from charge capture to collections. Sessions included in this track vary from

introductory to specialized information on a specific area of the revenue cycle. Attendees in this track will gain education that can be utilized to conduct valuable reviews in this broad category of operations.

HEALTH PLAN (TRACK F)The Health Plan track will provide insights to the risks, challenges and opportunities facing today’s internal auditor in an environment where the line between payer

and provider is becoming more difficult to discern. Whether you’re a national or regional payer or a provider that is pursuing or already implementing a health plan capability, this track will provide the new auditor and the veteran with greater understanding of payer environment vernacular, will expose you to the risks associated with health plan operations and related compliance challenges, and will enhance your ability to perform effective and efficient audits in the health plan space.

EMERGING TOPICS & PRACTICES (TRACK G)The Emerging Issues Track focuses on topics that are relevant due to current events or trends that impact healthcare. Emerging Issues track topics may be

geographically regional in nature, or more aligned with issues that pertain to specific isolated issues or risks facing healthcare organizations. Participation in the Emerging Issues track will increase your healthcare knowledge base by zeroing in on specialty topics and issues.

September 20–23, 2020 39th AHIA Annual Conference

Seattle Sheraton

Seattle, Washington

SAVE THE DATE

Page 14: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

SUNDAY, SEPTEMBER 15 | 2019 SUNDAY, SEPTEMBER 15 | 2019

SU

ND

AY

, SE

PT

EM

BE

R 15 | 2019S

UN

DA

Y, S

EP

TE

MB

ER

15

| 20

19

22 23www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

7:00 am – 5:30 pm

RegistrationBroadway Ballroom Foyer

PRE-CONFERENCE WORKSHOPS

8:00 am – 5:30 pm

ACL1: PRE-CONFERENCE WORKSHOP (FULL-DAY)

Advanced ACL Concepts: Functions & ScriptsGibson Boardroom

TICKETED EVENT: $469 (lunch included)

Michael Keiffer, CPA, CIA, CISA, ACDA, President, Michael P. Keiffer, CPA, PC

This is an interactive and hands on session designed to give the participants an overview of how to use the different ACL functions and how to design and troubleshoot ACL scripts. During the session, participants will be given an overview of how to write more powerful ACL expressions (both filters and computed fields) using the different ACL functions. Approximately 10 -20 functions will be covered during the class, including some of the more complex Functions such as DICECOEFFICIENT( ) and RECOFFSET ( ). The session will learn the different approaches/methods that the ACL software offers for building basic to more advanced script. Specific best practices for writing and building scripts will be discussed. The appropriate use and rules of ACL command syntax in ACL scripts will also be covered during the session. Participants will learn how to troubleshoot scripts and how to debug scripts for potential syntax errors. The session will also cover how to build more powerful, interactive scripts through the use of dialogue boxes in scripts and also through the use of variable substitution. Participants will learn about the advanced scripting commands such as the GROUP command, the LOOP command, the ASSIGN command and the NOTIFY command. The session will also cover how a master script can be designed and built to run other scripts in the ACL project. The session will also focus on what specific healthcare related audits and test areas will be ideal candidates for possible ACL scripts.

Level: All Field of Study: Auditing Prerequisite: Participants will need to have ACL installed on their computers as this will be a hands-on session CPE(s): 8

10:00 am – 2:00 pm

WS01: PRE-CONFERENCE WORKSHOP (HALF-DAY)

Internal Audit Strategic Fitness Old Hickory

TICKETED EVENT: $209 — Limited to 50 individuals

Jannies Burlingame, CPA, CRMA, Doctoral Researcher, Principal Consultant, SS&B Consulting

Over the past few years, IA has become highly sophisticated. As such, putting an effective IA department in place requires a significant level of investment in skilled resources, methods, training and technical infrastructure. In this workshop, you will learn 5 proven ways, from our experience and studies of multiple research papers by the IIA, to increase the impact and influence of internal audit. How can your internal audit function meet stakeholders’ needs to deliver not only assurance, but also to advise and anticipate risk. Modules:

I. Contemporize your Internal Audit Reporting, Approach, and Strategy

II. Be Emotionally Intelligent

III. Integrate and Collaborate—Integrated Assurance

IV. Be Innovative – Capitalize on Technology and Adopt Smart Analytics

V. Build a Culture of Continuous Improvement

Level: All Field of Study: Auditing Prerequisite: None CPE(s): 4

WIFIWifi is provided to all conference attendees and covers all breakout and conference rooms.

Network Name: AHIA2019Access Code: ahia2019 (case sensitive)

Page 15: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

SUNDAY, SEPTEMBER 15 | 2019 SUNDAY, SEPTEMBER 15 | 2019

SU

ND

AY

, SE

PT

EM

BE

R 15 | 2019S

UN

DA

Y, S

EP

TE

MB

ER

15

| 20

19

24 25www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

10:00 am – 2:00 pm

WS02: PRE-CONFERENCE WORKSHOP (HALF-DAY)

Construction Project Governance Myths and FactsCumberland 2

TICKETED EVENT: $209 — Limited to 50 individuals

Tony Ollman, CPA, CCA, Firm Director, Baker Tilly

Dale Shultz, CIA, CHC, Director Regional Compliance, Baylor Scott White Healthcare

Contractors are frequently excellent business professionals, ethical and dedicated to building the best facility for an owner given the environment that the project is developed in.

However, they are capitalistic and are motivated to maximize profit. Consequently, the owner needs to ensure the project environment empowers open communication and free discussion of project concerns and issues. Owner’s must understand their responsibilities to keep a project on time and on budget.

This workshop will address controls like the bid and award process, change order control, and schedule management. Construction governance is also ripe with myths like the budget will fix itself, or we can make up project delays later in the project. It’s the Owners responsibility to implement a control structure that is staffed with competent project management professionals to mitigate construction project risk. This workshop will outline a successful governance structure and provide checklists for auditing construction project governance.

Level: All Field of Study: Auditing Prerequisite: None CPE(s): 4

Online registration, complete session descriptions,

learning objectives, field-of-study classifications,

prerequisites and more are available at

www.ahia.org

1:00 pm – 3:00 pm

WS03: PRE-CONFERENCE WORKSHOP

Engaging with Your Audience — How to Speak the Language of ParticipantsCumberland 3

TICKETED EVENT: $100

Blaine Little, CNT, DTM, Public Speaker and Corporate Trainer, Momentum Seminars

In this two-hour public speaking workshop, you will put the tips and tricks of audience engagement in your toolbox that will make the difference to truly reaching those listening. You will learn:

• Misconceptions of public speaking

• Rhetorical Devices of Persuasion

• Spice up your presentation with vivid language

• Avoid language that kills your credibility

• Engage your audience with THEIR learning style

• Get the Audience on Your Side

• The Q&A Session

• How to Break Bad News

With time permitting, we will allow a couple of volunteers to present a short idea on a well know subject. Those presentations will then be reviewed.

Level: All Field of Study: Professional Development CPE(s): 2

Page 16: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

SUNDAY, SEPTEMBER 15 | 2019 SUNDAY, SEPTEMBER 15 | 2019

SU

ND

AY

, SE

PT

EM

BE

R 15 | 2019S

UN

DA

Y, S

EP

TE

MB

ER

15

| 20

19

26 27www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

1:00 pm – 5:00 pm

WS04: PRE-CONFERENCE WORKSHOP (HALF-DAY)

Power Excel with MrExcelMockingbird 3

TICKETED EVENT: $100

Bill Jelen, Microsoft MVP, Microsoft Certified Training, Publisher, MrExcel.com

You use Excel 40 hours a week, but do you really know how to unleash the power of Excel? Learn cool secrets and tricks lurking on the Data tab. Learn the ins and outs of Pivot Tables (from the guy who wrote the book on pivot tables!). Create slick charts in a single button click. Add thousands of subtotals in seconds. Learn VLOOKUP tricks. Don’t be tortured by bad data any longer. Participants in the session will receive a copy of Jelen’s book, MrExcel LX — The Holy Grail of Excel Tips, a book written to accompany the live seminar.

Level: All Field of Study: Specialized Knowledge Prerequisite: Basic knowledge of Excel. You should be comfortable navigating through Excel, doing an AutoSum and at least know how to spell “pivot table” CPE(s): 4

1:00 pm – 5:00 pm

EHR1: PRE-CONFERENCE WORKSHOP (HALF-DAY)

EHR Auditor User Group Workshop – Epic FocusCumberland 1

TICKETED EVENT: $199 — Limited to 50 individuals

This session will include three presenters which will focus on the areas of revenue cycle and adding value as internal audit. In addition to the presenters, there will be time set aside in a user group format to knowledge share among peers. The three presentations are:

Mitigating Medicare Denials: Real-Time Alerts for Miscoding and Broken Workflows

Shawn Curtiss, HCISPP, Healthcare Privacy and Data Security Product Manager, Bottomline Technologies

A coding error from an unclear patient status resulting in an Inpatient coded as Outpatient; interns changing Inpatient to Observation; or, a broken workflow that stalls processes. These are among the common root causes of inaccurate billings and millions of dollars in Medicare reimbursement denials. Efforts to identify, alert, remediate, track, and trend these issues is challenging when limited by the lack of visibility inherent in most EMR’s on these topics.

This session will cover how technology, policy, and practice can be combined to keep a real-time pulse of coding errors providing a critical opportunity for correction to secure the Medicare reimbursement due.

Optimizing Epic for Denial Prevention

Jennifer Davis, MBA, System Director – Denial and Audit Management, UNC Healthcare

This session will outline the proven methodology of leveraging denial and revenue loss data to identify high-risk areas, sampling issues in those areas, and employing Lean techniques to implement system solutions creates a framework for sustainable denial and revenue loss prevention. Focusing on a system solution rather than a human solution mitigates human variability and maximizes value for the health care system and the patient.

continued on next page

Page 17: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

SUNDAY, SEPTEMBER 15 | 2019 SUNDAY, SEPTEMBER 15 | 2019

SU

ND

AY

, SE

PT

EM

BE

R 15 | 2019S

UN

DA

Y, S

EP

TE

MB

ER

15

| 20

19

28 29www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

Adding Value to Epic Initiatives as Internal Audit

Matt Jackson, CHIAP, PMP, Managing Director, Protiviti

Kevin Dunnahoo, HCISPP, CISSP, ABCP, ITIL v4 Foundations Certified, HITRUST CSF Practitioner, Associate Director, Protiviti

These are challenging but exciting times for the healthcare industry. When we take into consideration increasing regulatory pressure, disruptive innovation, the ever-changing threat landscape, and enhanced patient awareness…we realize that change is coming at a pace perhaps more rapid than ever before experienced. Healthcare organizations continue to struggle with effective risk mitigation and value realization efforts related to implementation and/or ongoing maintenance efforts associated with large Epic initiatives. In this session, learn how Internal Audit can play a key role in effectively managing your organization’s implementation efforts throughout this journey and how to identify and minimize the impact of the many risks you will undoubtedly f

Level: All Field of Study: Specialized Knowledge and Applications Prerequisite: Must currently be an Epic user with knowledge of the systems and/or have completed some system audits. CPE(s): 4

ROUNDTABLESAHIA Roundtables are for the senior-most leaders of organizations internal audit function and/or specialized members of the audit team. The roundtable format provides the opportunity to discuss common issues, share ideas and best practices and network with peers. The agenda and content is based upon the issues and topics submitted by the attendees in advance of the meeting. Continuing professional education (CPE) credit is provided. Buffet Style meal provided.

ADVANCED REGISTRATION IS REQUIRED.

Learning Objectives: All attendees will have input to the agenda in advance in order to ensure the topics are relevant and meaningful. In these sessions, participants will: 1. Examine topics consistent with the field of healthcare internal auditing 2. Develop recommendations toward best practices in healthcare internal auditing 3. Experience a forum for interaction between experts on topics relevant to the theory and practice of healthcare internal auditing 4. Develop clear consensus statements that define best practices in healthcare internal auditing.

9:30 am – 12:30 pm

Chief Audit Executive RoundtableCumberland 4

SPONSORED BY

Level: Professional Field of Study: Auditing Prerequisites: None CPE(s): 3

12:30 pm – 3:30 pm

Chief Audit Executive Roundtable Mockingbird 1

SPONSORED BY

Level: Professional Field of Study: Auditing Prerequisites: None CPE(s): 3

ARE YOU WORRIED ABOUT AUTOMATING YOUR HIPAA COMPLIANCE AUDIT?

ARE YOU WORRIED ABOUT YOUR HYBRID-CLOUD INFRASTRUCTURE GETTING BREACHED?

Cybersecurity and HIPAA Assurance for the Hybrid Cloud

Unified Single-pane of glass view of your overall Security, Compliance and Risk Posture

Continuous Audit Assurance through Automation, Prioritization and Actionable Intelligence

Comprehensive support for Configuration and Security best practices, Regulatory (HIPAA, PCI, NIST, GDPR etc.) frameworks

Flexible and Scalable SaaS architecture enables enterprise deployments in an hour

To learn more visit us @ Booth #30

www.Spanugo.com

Page 18: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

MONDAY, SEPTEMBER 16 | 2019

MO

ND

AY

, SE

PT

EM

BE

R 16 | 201931SEPTEMBER 15 –18, 2019 www.ahia.org

SUNDAY, SEPTEMBER 15 | 2019

SU

ND

AY

, SE

PT

EM

BE

R 1

5 |

2019

30 www.ahia.org AHIA 38TH ANNUAL CONFERENCE

12:30 pm – 3:30 pm

Audit Director/Manager RoundtableMockingbird 2

SPONSORED BY

Level: Professional Field of Study: Auditing Prerequisites: None CPE(s): 3

12:30 pm – 4:30 pm

IT Audit RoundtableCumberland 4

SPONSORED BY

Level: Professional Field of Study: Auditing Prerequisites: None CPE(s): 4

3:00 pm – 6:00 pm

Chief Audit Executive Roundtable Cumberland 2

SPONSORED BY

Level: Professional Field of Study: Auditing Prerequisites: None CPE(s): 3

7:00 am – 6:00 pm

RegistrationBroadway Ballroom Foyer

7:00 am – 8:00 am

First Time Attendee BreakfastGrandview Terrace

7:00 am – 8:00 am

Attendee Continental Breakfast Broadway Ballroom East

7:00 am – 7:15pm

Exhibit Hall OpenBroadway Ballroom East

7:00 am – 8:00 am

BL1: BREAKFAST AND LEARN SPONSORED BY CROWE

Top Cybersecurity Risks in HealthcareCumberland 1

Jared Hamilton, CISSP, CCSK, MCSE: Security, Managing Director, Crowe

Robert Malarkey, CISSP, CISA, Vice President – IT Audit, Crowe

Level: All Field of Study: Auditing CPE(s): 1

Page 19: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

SUNDAY, AUGUST 30 | 2015MONDAY, SEPTEMBER 16 | 2019 MONDAY, SEPTEMBER 16 | 2019

MO

ND

AY

, SE

PT

EM

BE

R 16 | 2019M

ON

DA

Y, S

EP

TE

MB

ER

16

| 20

19

32 33www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

8:00 am – 9:30 am

WELCOME, OPENING REMARKS AND KEYNOTE PRESENTATION — SPONSORED BY EIDE BAILLY LLP

Work. Laugh. Repeat.Broadway Ballroom West

Greg Schwem, President, Comedy with a Byte

In spite of its therapeutic qualities, laughter is often absent from the business environment. Greg shows it is possible to laugh at work and about work. Audience members will put down their iPads and smart phones and laugh along with Greg as he good-naturedly discusses topics such as Smart Phone abuse, social network overload, never-ending conference calls, “frequently” asked questions, and home office workers. Greg’s show provides a hilarious look

at today’s corporate environment and the latest tools used to conduct business. Greg’s client list includes such corporate heavyweights as McDonald’s, Microsoft, General Motors, IBM, Hyatt Hotels, United Airlines and Cisco Systems and his comedic take on the 21st century workplace and work/life balance has landed him on SIRIUS Radio, FOX News, Comedy Central and the pages of Parents Magazine. More than just a business humorist, Greg is also an author, nationally syndicated humor columnist, award-winning greeting card writer and creator of funnydadinc, voted one of the top Dad humor sites of 2016. He has shared the concert stage with the likes of Celine Dion and Jay Leno.

Level: All Field of Study: Professional Development CPE(s):1

9:30 am – 10:00 am

Mid-Morning Networking Break in Exhibit Hall (Refreshments provided)

Broadway Ballroom East

10:00 am to 11:40 am

A1: CORE AUDIT

Developing an Audit Plan — Step by StepCumberland 1

Renee Wessel Jaenicke, CIA, CFE, CCEP, CHC, CGMA, CHIAP, Director of Internal Audit and Compliance, Salinas Valley Memorial Healthcare System

Level: Introductory Field of Study: Auditing CPE(s): 2

10:00 am – 11:40 am

B1: CARE SETTINGS

The Opioid Epidemic: An Important Auditor UpdateCumberland 2

Angie Caldwell, MBA, CPA , Principal, PYA

Sarah Bowman, MBA, RHIA, CHC, Senior Manager, PYA

Level: All Field of Study: Auditing CPE(s): 2

10:00 am – 11:40 am

C1: COMPLIANCE

Auditing Privacy and Security Compliance Issues in Research: Why is This So Complex?Cumberland 3

Marti Arvin, JD, CHC-F, CCEP-F, CHRC, CHPC, VP Audit Strategy, CynergisTek, Inc.

Level: Professional Field of Study: Auditing Prerequisites: None CPE(s): 2

Target Audience: Everyone

Page 20: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

SUNDAY, AUGUST 30 | 2015MONDAY, SEPTEMBER 16 | 2019 MONDAY, SEPTEMBER 16 | 2019

MO

ND

AY

, SE

PT

EM

BE

R 16 | 2019M

ON

DA

Y, S

EP

TE

MB

ER

16

| 20

19

34 35www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

10:00 am – 11:40 am

D1: INFORMATION TECHNOLOGY/SECURITY

Understanding and Applying COBIT 2019Cumberland 4

Katherine Fore, CISA, PCI ISA, Senior Information Systems Auditor, Atrium Health

Candice Smith, ASCP, Senior IS Auditor, Atrium Health

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 2

Target Audience: IS Auditors, Auditors, Audit Managers, CAEs

10:00 am – 11:40 am

E1: REVENUE CYCLE

Clinical Trial Billing Audits — The “Rocky Top” of Reimbursement Cumberland 5

Kelly Willenberg, DBA, RN, CHRC, CHC, CCRP, President, Kelly Willenberg & Associates

Level: All Field of Study: Auditing – Governmental Prerequisites: None CPE(s): 2

10:00 am – 11:40 am

F1: HEALTH PLAN

How to Help your Organization Stay in Compliance via Auditing and MonitoringMockingbird 1

Jason Haworth, CIA, CPA (inactive), Director, Internal Compliance Audit, UnitedHealthcare

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 2

10:00 am – 11:40 am

G1: EMERGING TOPICS & PRACTICES

Catch Me If You Can: Today’s Pink Collar Criminal Broadway Ballroom West

Kelly Paxton, CFE, PI, Speaker and Fraud Consultant, K Paxton LLC

Level: All Field of Study: Behavioral Ethics Prerequisites: None CPE(s): 2

11:50 am – 1:00 pm

Conference Attendee LuncheonBroadway Ballroom East

11:50 am – 1:00 pm

AHIA Certification Volunteer Appreciation Lunch — Invitation Only

Cumberland 6

11:50 am – 1:10 pm

LL1: LUNCH AND LEARN SPONSORED BY KPMG

Grab and Go: Get your meal in the exhibit hall and join us for a special lunch session.

The Cloud, Its Risk and ImplicationsCumberland 1

Alex Obenauf, CISA, CRISC, CMA, PMP, Lean 6 Sigma, Director – Healthcare, KPMG LLP

Mike Beaty, Director – Healthcare, KPMG LLP

Level: All Field of Study: Information Technology Prerequisites: None CPE(s): 1

Page 21: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

SUNDAY, AUGUST 30 | 2015MONDAY, SEPTEMBER 16 | 2019 MONDAY, SEPTEMBER 16 | 2019

MO

ND

AY

, SE

PT

EM

BE

R 16 | 2019M

ON

DA

Y, S

EP

TE

MB

ER

16

| 20

19

36 37www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

11:50 am – 1:10 pm

LL2: LUNCH AND LEARN SPONSORED BY CROWE

Grab and Go: Get your meal in the exhibit hall and join us for a special lunch session.

Using Data to Enhance Audit Coverage and Drive ValueCumberland 4

Scott Gerard, CPA, Partner, Crowe; Rebecca Welker, FHFMA, CIA, Crowe

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

1:10 pm to 2:00 pm

A2: CORE AUDIT

Don’t Fall Prey to Rookie Mistakes: Scoring Points as a New AuditorCumberland 1

Melissa Buckner, Project Consultant, SelectHealth

Level: Introductory Field of Study: Personal Development Prerequisites: None CPE(s): 1

1:10 pm – 2:00 pm

B2: CARE SETTINGS

Prescription Practices and Drug Utilization Monitoring SystemsCumberland 2

Fran Grabowski, CISA, MBA, Director, PwC

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

1:10 pm – 2:00 pm

C2: COMPLIANCE

Effective Risk Assessment Collaboration Between Internal Audit and ComplianceCumberland 3

John Gaspich, CHIAP, CPA, CFE, ML, MPA, Senior Vice President and Chief Audit Executive, Penn State Health

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

1:10 pm – 2:00 pm

D2: INFORMATION TECHNOLOGY/SECURITY

The Bots Are Coming…Man Your Risk Battle StationsCumberland 4

Terry Corcoran, CISA, CRMA, Advisory Senior Manager, Deloitte & Touche LLP

Bruce Daly, MBA, CISPP, CISA, CIA, CRMA, CBCP, Principal, Deloitte & Touche, LLP

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

1:10 pm – 2:00 pm

E2: REVENUE CYCLE

Revenue AnalyticsCumberland 5

Landon Adkins, CIA, CHIAP, Director, Healthcare Industry Practice, Protiviti

Don Billingsley, Director, Protiviti

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

Page 22: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

SUNDAY, AUGUST 30 | 2015MONDAY, SEPTEMBER 16 | 2019 MONDAY, SEPTEMBER 16 | 2019

MO

ND

AY

, SE

PT

EM

BE

R 16 | 2019M

ON

DA

Y, S

EP

TE

MB

ER

16

| 20

19

38 39www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

1:10 pm – 2:00 pm

F2: HEALTH PLAN

Auditing: Lessons Learned from the Field Mockingbird 1

Amy Baumeister, Manager, Internal Compliance Audit, UnitedHealthcare

Nancy Buck, Manager, Internal Compliance Audit, UnitedHealthcare

Level: Introductory Field of Study: Auditing Prerequisites: None CPE(s): 1

Target Audience: Compliance staff, Internal Audit, Operations Leadership

1:10 pm – 2:00 pm

G2: EMERGING TOPICS & PRACTICES

Stressed? How to Keep it TogetherMockingbird 2

Cindy Glennon, MPH, CIA, RYT-200, Director of Regulatory Compliance Audit, Commonwealth Care Alliance

Level: All Field of Study: Personal Development Prerequisites: None CPE(s): 1

2:10 pm – 3:00 pm

A3: CORE AUDIT

Building Control Risk Matrix and Audit Program from the Ground Up Cumberland 1

John Tsantakis, CPA, Healthcare Internal Audit and Advisory Services

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

2:10 pm – 3:00 pm

B3: CARE SETTINGS

Planning and Conducting Physician Office Site AssessmentsCumberland 2

Margo Lombardi, CPA, Lead Internal Audit Analyst, Highmark Health

Vincent Thomas, CPA, CFE, Director, Audit & Advisory Services – Provider, Highmark Health

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

Target Audience: Internal Audit/Compliance Staff/Management

2:10 pm – 3:00 pm

C3: COMPLIANCE

ADRs, Prepayment Reviews and Postpayment Audits of Pain Management Practices. How Should You Respond if Your Healthcare Practice is Targeted?Cumberland 3

Robert Liles, JD, MBA, MS, Attorney, Liles Parker, Attorneys & Counselors at Law

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

2:10 pm – 3:00 pm

D3: INFORMATION TECHNOLOGY/SECURITY

Biomedical Device Risk Management — Highest Impact and Least Managed Risk in HealthcareCumberland 4

Robert Malarkey, CISSP, CISA, VP, IT Audit, Crowe Healthcare Risk Consulting

Isaak Lerner, CISSP, CISM, CISA, Senior Manager, Crowe Healthcare Risk Consulting

Level: All Field of Study: Information Technology Prerequisites: None CPE(s): 1

Page 23: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

SUNDAY, AUGUST 30 | 2015MONDAY, SEPTEMBER 16 | 2019 MONDAY, SEPTEMBER 16 | 2019

MO

ND

AY

, SE

PT

EM

BE

R 16 | 2019M

ON

DA

Y, S

EP

TE

MB

ER

16

| 20

19

40 41www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

2:10 pm – 3:00 pm

E3: REVENUE CYCLE

Back to Basics: Evaluation & Management (E/M) Code TrainingCumberland 5

Leslie Boles, CCS, CPC, CPMA, CHC, CPC-I, Compliance Audit Manager, Saint Peter’s Healthcare System

Level: Introductory Field of Study: Auditing Prerequisites: None CPE(s): 1

2:10 pm – 3:00 pm

F3: HEALTH PLAN

Provider Owned Health Plans — Regulatory Risks, Issues, and Lessons LearnedMockingbird 1

Matthew Schwanda, Accounting Analyst, Health First Health Plans

James Menck, CPA, CIA, CFE, Senior Manager, Eide Bailly LLP

Level: Introductory Field of Study: Auditing Prerequisites: None CPE(s): 1

2:10 pm – 3:00 pm

G3: EMERGING TOPICS & PRACTICES

Business Continuity — Will You Be Open?Mockingbird 2

Jeannie O’Donnell, CIA, CISA, CPC, CHC, CHIAP, Senior Manager, GlassRatner Advisory & Capital Group LLC

Level: All Field of Study: Specialized Knowledge Prerequisites: None CPE(s): 1

3:00 pm – 3:30 pm

Mid-Afternoon Networking Break with Exhibitors (Refreshments provided)

Broadway Ballroom East

3:30 pm – 5:10 pm

A4: CORE AUDIT

Launching a Successful Audit through Concluding the Audit, Effective Report Writing and Successful Follow-upCumberland 1

Hank Adkinson, Senior Internal Auditor, Piedmont Healthcare

Norma Hicks, Senior Internal Auditor, Piedmont Healthcare

Level: Introductory Field of Study: Auditing Prerequisites: None CPE(s): 2

3:30 pm – 5:10 pm

B4: CARE SETTINGS

Clinical Research Audits — Planning for SuccessCumberland 2

Scott Thompson, CHC, CHPC, Risk Consultant, Crowe Healthcare Risk Consulting

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 2

Online registration, complete session descriptions,

learning objectives, field-of-study classifications,

prerequisites and more are available at

www.ahia.org

Page 24: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

SUNDAY, AUGUST 30 | 2015MONDAY, SEPTEMBER 16 | 2019 MONDAY, SEPTEMBER 16 | 2019

MO

ND

AY

, SE

PT

EM

BE

R 16 | 2019M

ON

DA

Y, S

EP

TE

MB

ER

16

| 20

19

42 43www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

3:30 pm – 5:10 pm

C4: COMPLIANCE

Assessing Departmental Risk, The Importance of Data AnalyticsCumberland 3

Darryl Rhames, CFE, CICA, CHIAP, Director of Compliance Auditing, University Health System

Bradley Wright, MBA/MPH, CVA, Manager, Client Solutions & Business Development, TAG, Inc.

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 2

3:30 pm – 5:10 pm

D4: INFORMATION TECHNOLOGY / SECURITY

Auditing Network Security — Practical Experiences from the Field and What You Should AuditCumberland 4

Johan Lidros, CISA, CISM, CGEIT, CRISC, HITRUST CCSFP, ITIL-F, President, Eminere Group

Fredrik Soderblom, CISA, CISM, Senior Security Architect, XPD AB

Level: All Field of Study: Information Technology Prerequisites: None CPE(s): 2

3:30 pm – 5:10 pm

E4: REVENUE CYCLE

Smart E&M Auditing Tips for Smart EHRsMockingbird 2

Carolyn Whitlock, MBA, CHC, CHA, CPC, CIFHA, AAPC Fellow, Senior Compliance Consultant, Baylor Scott & White HealthTexas Provider Network

Holly Pettigrew, CHC, COC, CPC, Practice Operations Manager, Baylor Scott & White HealthTexas Provider Network

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 2

3:30 pm – 5:10 pm

F4: HEALTH PLAN

The Value Internal Audit Provides in Preparing for the CMS Program AuditMockingbird 1

Jennifer Village, Director, PwC

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 2

3:30 pm – 5:10 pm

G4: EMERGING TOPICS & PRACTICES

Agile Auditing: Transforming Internal Audit Cumberland 5

John Romano, CPA, CIA, CITP, CFE, CSM, Partner, Baker Tilly

Phil Schmoyer, CISA, AES, CFE, CSM, Senior Manager, Baker Tilly

Level: All Field of Study: Specialized Knowledge Prerequisites: None CPE(s): 2

Page 25: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

TUESDAY, SEPTEMBER 17 | 2019

TU

ES

DA

Y, S

EP

TE

MB

ER

17 | 2019

45SEPTEMBER 15 –18, 2019 www.ahia.org

SUNDAY, AUGUST 30 | 2015MONDAY, SEPTEMBER 16 | 2019

MO

ND

AY

, SE

PT

EM

BE

R 1

6 |

2019

44 www.ahia.org AHIA 38TH ANNUAL CONFERENCE

5:10 pm – 7:15 pm

Come Hit the High Notes with AHIA — ReceptionSPONSORED BY PROTIVITIBroadway Ballroom East

The Welcome Reception is just our way of saying “THANK YOU!” This informal gathering, held in the Exhibit Hall, is an excellent opportunity to network and socialize in a relaxed, casual and enjoyable atmosphere. We are excited about the fantastic conference ahead and would love to catch up with all our members and friends in attendance. The Welcome Reception is included as part of your conference registration, and there’s no ticket necessary! Every attendee will receive one complimentary drink ticket, thanks to our friends from Protiviti!

TUESDAY, SEPTEMBER 17, 2019

7:00 am – 6:00 pm

RegistrationBroadway Ballroom Foyer

7:00 am – 8:00 am

Attendee Continental BreakfastBroadway Ballroom East

7:00 am – 6:30 pm

Exhibit Hall OpenBroadway Ballroom East

7:00 am – 8:00 am

BL2: BREAKFAST AND LEARN SPONSORED BY PLANTE MORAN

Uncompensated Care Reporting: Managing Risk and Maximizing ReimbursementCumberland 1

Katy Dettman, CPA, Principal, Risk and Accounting Advisory Services, Plante Moran

Sue Marr, Principal, Healthcare Strategy and Operations, Plante Moran

Level: All Field of Study: Auditing CPE(s): 1

Page 26: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

TUESDAY, SEPTEMBER 17 | 2019 TUESDAY, SEPTEMBER 17 | 2019

TU

ES

DA

Y, S

EP

TE

MB

ER

17 | 2019TU

ES

DA

Y, S

EP

TE

MB

ER

17

| 20

19

46 47www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

8:00 am – 9:30 am

AWARDS/VOLUNTEER RECOGNITION PRESENTATION AND KEYNOTE PRESENTATION

The Economics of Healthcare: Driving Health ValueBroadway Ballroom West

Healthcare is a very complex, highly regulated industry. Accordingly, the industry is faced with a myriad of challenge that must be addressed to achieve health sustainability. This session will provide insight into the challenges from the provider perspective through the lens of risk and risk mitigation.

Bill Rutherford, CFO & Executive Vice President, HCA

Level: Professional Field of Study: Management Services CPE(s): 1

9:30 am – 10:00 am

Mid-Morning Networking Break in the Exhibit Hall (Refreshments provided)

Broadway Ballroom East

10:00 am – 11:40 am

A5: CORE AUDIT

Application Auditing: What Business Auditors Should Know about ITCumberland 1

Scott Collins, CISA, CRISC, CIA, IT Audit Consultant/Trainer

Level: Introductory Field of Study: Auditing Prerequisites: None CPE(s): 2

10:00 am – 11:40 am

B5: CARE SETTINGS

Drug DiversionBroadway Ballroom West

Kimberly New, JD, BSN, RN, Partner, Diversion Specialists, LLC

Level: Intermediate Field of Study: Auditing Prerequisites: Basic understanding of controlled substance dispensing and administration workflows in healthcare institution CPE(s): 2

Target Audience: Coding Compliance Auditors

10:00 am – 11:40 am

C5: COMPLIANCE

Auditing Healthcare Focus Arrangements for Regulatory Compliance: Physicians, Management Services, Post-Discharge Care, Ambulance Services, Specialty Care, etc.Cumberland 3

Susan Thomas, MHSA, CHC, CIA, CRMA, CPC, Consulting Manager, PYA

Tynan Kugler, MBA/MPH, CVA, Principal, PYA

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 2

10:00 am – 11:40 am

D5: INFORMATION TECHNOLOGY/SECURITY

The IT Analysis ParalysisCumberland 4

Barry Matthis, Principal, PYA

Level: All Field of Study: Information Technology Prerequisites: None CPE(s): 2

Page 27: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

TUESDAY, SEPTEMBER 17 | 2019 TUESDAY, SEPTEMBER 17 | 2019

TU

ES

DA

Y, S

EP

TE

MB

ER

17 | 2019TU

ES

DA

Y, S

EP

TE

MB

ER

17

| 20

19

48 49www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

10:00 am – 11:40 am

E5: REVENUE CYCLE

How to CUT the Risk Out of Surgical Billing: Do You Need a Nip & Tuck or a Complete Overhaul?Cumberland 5

Catherine Hicks, RN, MHS, CHC, Compliance Director, UCHealth

Lisa Caldwell, Senior Internal Auditor, UCHealth

Level: All Field of Study: Specialized Knowledge Prerequisites: None CPE(s): 2

10:00 am – 11:40 am

F5: HEALTH PLAN

Attacking Managed Care DenialsMockingbird 1

Day Egusquiza, President, AR Systems, Inc.

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 2

Target Audience: This presentation is for those that conduct internal audits as well as those that must respond to findings from either an internal audit or external audit.

Online registration, complete session descriptions,

learning objectives, field-of-study classifications,

prerequisites and more are available at

www.ahia.org

10:00 am – 11:40 am

G5: EMERGING TOPICS & PRACTICES

Hitting the High Notes when Auditing the Middle of the Revenue CycleCumberland 2

Amy Lee Smith, CIA, CRMA, MBA, CHFP, CPC, COC, CPMA, Director, Internal Audit, Bon Secours Mercy Health

Level: Introductory Field of Study: Auditing Prerequisites: None CPE(s): 2

Target Audience: This session is most appropriate for auditors just beginning to perform revenue cycle audits, or those seeking a refresher on the revenue cycle continuum.

11:40 pm – 1:10 pm

Conference Attendee LuncheonBroadway Ballroom East

11:40 am – 1:00 pm

LL3: LUNCH AND LEARN SPONSORED BY PROTIVITI

Grab and Go: Get your meal in the exhibit hall and join us for a special lunch session.

Addressing Priorities for Internal Auditors in Healthcare Delivery OrganizationsMockingbird 2

Alex Robison, CHC, Internal Audit Accreditation in Quality Assessment and Validation, Managing Director, West Region Healthcare Geography Leader, Protiviti

Matt Jackson, PMP, Managing Director, Healthcare IT & Digital Solutions Leader, Protiviti

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

Page 28: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

TUESDAY, SEPTEMBER 17 | 2019 TUESDAY, SEPTEMBER 17 | 2019

TU

ES

DA

Y, S

EP

TE

MB

ER

17 | 2019TU

ES

DA

Y, S

EP

TE

MB

ER

17

| 20

19

50 51www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

11:50 am – 1:00 pm

LL4: LUNCH AND LEARN SPONSORED BY EMINERE GROUP

Grab and Go: Get your meal in the exhibit hall and join us for a special lunch session.

Are You a Cyber Risk Target? A Non-Technical Hands-on View of Tools and Methods Commonly Used that Any Auditor Should Know about Cyber SecurityBroadway Ballroom West

Johan Lidros, CISA, CISM, CGEIT, CRISC, HITRUST CCSFP, ITIL-F, President, Eminere Group

Fredrik Soderblom, CISM, CRISC, Senior Security Architect, Eminere Group

Level: All Field of Study: Information Technology Prerequisites: None CPE(s): 1

12:00 pm – 1:00 pm

AHIA Committee Leadership Luncheon —

Invitation OnlyMockingbird 3

1:10 pm – 2:00 pm

A6: CORE AUDIT

De-constructing Construction Auditing: From a Healthcare Auditor’s PerspectiveCumberland 2

Susan Fredrick, CPA, CIA, MBA, Senior Director of Financial Auditing, Cleveland Clinic

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

1:10 pm – 2:00 pm

B6: CARE SETTINGS

Implementation of Clinical Equipment Review Team ProcessCumberland 3

Amanda Fleharty, BS, Senior Auditor, WellSpan Health

Mary Thomas, MBA, Senior Director of Internal Audit, WellSpan Health

Level: All Field of Study: Specialized Knowledge Prerequisites: None CPE(s): 1

1:10 pm – 2:00 pm

C6: COMPLIANCE

The Current Regulatory Environment and Auditing of Urine Drug TestingMockingbird 1

Jennifer Bridgeforth, MBA, CPHT, CPC®, CPMA, Senior Consultant, PYA

Jennifer Kastner, CPC, CPMA, CEMC, Senior Consultant, PYA

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

1:10 pm – 2:00 pm

D6: INFORMATION TECHNOLOGY/SECURITY

The Secure Software Development Lifecycle (SSDLC) and How to Co-Source an Effective Audit AssessmentCumberland 1

Antonio Bovoso, CISSP, CISM, Senior Manager, Deloitte

Wendy Feigal, Senior IT Auditor, Mayo Clinic

Stephen Ruzzini, CISSP, Manager, Deloitte

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

Page 29: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

TUESDAY, SEPTEMBER 17 | 2019 TUESDAY, SEPTEMBER 17 | 2019

TU

ES

DA

Y, S

EP

TE

MB

ER

17 | 2019TU

ES

DA

Y, S

EP

TE

MB

ER

17

| 20

19

52 53www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

1:10 pm – 2:00 pm

E6: REVENUE CYCLE

Auditing Overlapping Surgeries & Teaching Physician Rule ComplianceNautilus 1

Henry Greeley, Senior Data Science Analyst, Mayo Clinic

Level: Professional Field of Study: Auditing Prerequisites: None CPE(s): 1

1:10 pm – 2:00 pm

F6: HEALTH PLAN

Data Analytics and ‘Real World’ Applications: Leveraging D&A for Health PlansCumberland 4

Rob Gilmer, Director, KPMG

Ian Flick, Senior Associate, KPMG

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

Target Audience: Healthcare insurance professionals.

1:10 pm – 2:00 pm

G6: EMERGING TOPICS & PRACTICES

Designing a Fraud Risk Management ProgramBroadway Ballroom West

Tom Vincent, CPA, CFE, Director, Audit & Advisory Services, Highmark Health

Level: All Field of Study: Behavioral Ethics Prerequisites: None CPE(s): 1

2:10 pm – 3:00 pm

A7: CORE AUDIT

Healthcare Internal Auditing — Music to Our EarsCumberland 1

Michael Cronin, MBA, Managing Director, Deloitte & Touche LLP

Level: Introductory Field of Study: Auditing Prerequisites: None CPE(s): 1

2:10 pm – 3:00 pm

B7: CARE SETTINGS

Understanding Patient Engagement and Experience Initiatives and What They Mean for Internal AuditCumberland 2

Dee Dee Owens, CPA, CISA, Six Sigma Green Belt, Partner, KPMG

Molly Kohrs, CPA, PMP, Manager, KPMG

Level: All Field of Study: Business Management & Organization Prerequisites: None CPE(s): 1

Target Audience: Chief Audit Executives and Chief Compliance Officers, Vice Presidents / Directors / Managers of Internal Audit, Compliance Managers and Staff, Provider Finance Managers and Departments, Internal Audit Staff

WIFIWifi is provided to all conference attendees and covers all breakout and conference rooms.

Network Name: AHIA2019Access Code: ahia2019 (case sensitive)

Page 30: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

TUESDAY, SEPTEMBER 17 | 2019 TUESDAY, SEPTEMBER 17 | 2019

TU

ES

DA

Y, S

EP

TE

MB

ER

17 | 2019TU

ES

DA

Y, S

EP

TE

MB

ER

17

| 20

19

54 55www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

2:10 pm – 3:00 pm

C7: COMPLIANCE

Auditing the Locum Tenen ProcessCumberland 3

Karissa Reeves, Senior Internal Auditor, Parkview Health

Mitch Evans, ACA, FCA, Vice President of Internal Audit, Parkview Health Systems, Inc.

Level: All Field of Study: Information Technology Prerequisites: None CPE(s): 1

2:10 pm – 3:00 pm

D7: INFORMATION TECHNOLOGY/SECURITY

Auditing the Configuration and Use of Telehealth DevicesCumberland 4

Kevin Groom, CPA, CISA, CISSP, Assistant Vice President, Internal Audit, HCA Healthcare

Danielle DiLuzio, CISA, Manager, HCA Healthcare

Level: All Field of Study: Information Technology Prerequisites: None CPE(s): 1

2:10 pm – 3:00 pm

E7: REVENUE CYCLE

Mitigating Medicare Reimbursement Denials: Real-Time Alerts for Mis-coding and Broken Work Flows Regains Lost Reimbursements and Increases Patient SatisfactionMarina 2

Mark Benoit, Director – Healthcare Privacy Solutions, Bottomline Technologies

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

2:10 pm – 3:00 pm

F7: HEALTH PLAN

Telemedicine and Verification of ServicesMockingbird 1

Holly Atkins, CFE, CGAP, Consultant, KPMG

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

2:10 pm – 3:00 pm

G7: EMERGING TOPICS & PRACTICES

Improve Your Processes, Improve Your OrganizationCumberland 6

Sunshine Prograis, Director of Operations, The Audit Group, Inc.

Amber Fitzgerald, Manager, Quality Assurance, The Audit Group, Inc.

Level: All Field of Study: Specialized Knowledge Prerequisites: None CPE(s): 1

3:00 pm – 3:30 pm

Mid-Afternoon Networking Break (Refreshments

provided) and Announcement of Prize Drawing Winners in Exhibit Hall

Broadway Ballroom East

You must be present to win! Visit each exhibitor with the special card* you will receive at check-in, collect all exhibitor signatures and return your card as specified and be registered to win a $500 American Express Gift Card.

*Disclaimer noted on drawing card.

Page 31: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

TUESDAY, SEPTEMBER 17 | 2019 TUESDAY, SEPTEMBER 17 | 2019

TU

ES

DA

Y, S

EP

TE

MB

ER

17 | 2019TU

ES

DA

Y, S

EP

TE

MB

ER

17

| 20

19

56 57www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

3:30 pm – 5:10 pm

A8: CORE AUDIT

Facilities Audit in the Healthcare World: Construction, Operations and MaintenanceCumberland 1

Daniel Bouldrick, Senior Manager, Protiviti

Ruhtab Sahota, Senior Manager, Protiviti

Level: Introductory Field of Study: Auditing Prerequisites: None CPE(s): 2

3:30 pm – 5:10 pm

B8: CARE SETTINGS

340B Auditing — Where Do I Begin and How to Leverage Data AnalyticsCumberland 2

Chris Wasik, CIA, CFE, Vice President, Internal Audit, Bon Secours Mercy Health

Kathy Langley, CIA, CISA, ACDA, Data Analytics Audit Manager, Crowe Healthcare Risk Consulting

Level: All Field of Study: Specialized Knowledge Prerequisites: None CPE(s): 2

3:30 pm – 5:10 pm

C8: COMPLIANCE

Disruptions that Impact Healthcare ComplianceCumberland 3

Day Egusquiza, President, AR Systems, Inc.

Level: All Field of Study: Business Management & Organization Prerequisites: None CPE(s): 2

Target Audience: Every level of operations should attend. Compliance ripples into many areas of the healthcare culture.

3:30 pm – 5:10 pm

D8: INFORMATION TECHNOLOGY/SECURITY

The Rise of Robotics Process Automation (RPA) and the Role of Internal AuditCumberland 4

Debbie Lew, CISA, CRISC, Vice President, Internal Audit Services, Kaiser Permanente

Kelly Hughes, CISA, CISSP, Director, Internal Audit Services, Kaiser Permanente

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

3:30 pm – 5:10 pm

E8: REVENUE CYCLE

Auditing Ground Ambulance Transportation Services: Driving a Comprehensive Audit ApproachMarina 2

Brandon Berry, CIA, Internal Auditor, Deaconess Health System

Linda Sartore, CPA, CIA, CISA, Chief Audit Executive, Deaconess Health System

Level: All Field of Study: Specialized Knowledge Prerequisites: None CPE(s): 2

3:30 pm – 5:10 pm

F8: HEALTH PLAN

Driving Business Value in Denials Management with Data AnalyticsMockingbird 1

Christine Sullivan, CFE, CGAP, AHFI, Manager, KPMG

Holly Atkins, CFE, CGAP, CHC, AHFI, Manager, KPMG

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 2

Page 32: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

TUESDAY, SEPTEMBER 17 | 2019 TUESDAY, SEPTEMBER 17 | 2019

TU

ES

DA

Y, S

EP

TE

MB

ER

17 | 2019TU

ES

DA

Y, S

EP

TE

MB

ER

17

| 20

19

58 59www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

3:30 pm – 5:10 pm

G8: EMERGING TOPICS & PRACTICES

Billing Utilization Data Analysis for Focused InvestigationsMockingbird 2

Kelly Loya, CPC-I, CHC, CPhT, CRMA, Associate Partner, Pinnacle Enterprise Risk Consulting Services, LLC

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 2

Target Audience: Professionals in internal audit and compliance who are interested in an interactive session to explore the analysis of a billing data-set to identify a ‘clean’ sampling frame for statistical testing leading to extrapolation.

5:20 pm – 6:20 pm

AHIA Business MeetingBroadway Ballroom West

The AHIA business meeting gives members insight into the organization, updates on its state of affairs and a chance to share your input. Members and non-members alike are welcome and are encouraged to attend. We will play Business Meeting Bingo, and you can be entered into a drawing for free registration to the AHIA 2019 Annual Conference. In addition, we will serve champagne to celebrate AHIA’s success over the past year.

7:00 pm – 10:00 pm

Social Events – Advance ticket purchase requiredLimited amount of tickets are available per offering. Visit the registration desk to check availability.

Big Machine Distillery Tour & Tasting — Start Time: 7:00 pmBig Machine Distillery is located in the heart of downtown Nashville. Boasting the only working distillery on Nashville’s famous Broadway strip, the Big Machine Store is the perfect unique experience incorporating a taste of the city through their very own Big Machine Platinum Filtered Premium Vodka.

Guests will experience a 30 minute guided tour of the facility to learn about the history and processes that make this distillery unique. After the tour, guests will have the opportunity to sample 4 of Big Machine’s most popular products. Guests will also leave with a Big Machine Distillery goodie bag! $55 per person

Nashville Hearse Ghost Tour — Start Time: 8:00pmDepart on a journey to some of Nashville’s most eerie sites in a converted New Orleans hearse. Sit back and relax (if you can) while your driver uncovers the hauntings surrounding the ghosts of Union Station, the infamous “Murder on Music Row,” Nashville’s oldest cemetery, and more. Written by the authors of Haunted Nashville, this unique tour is an experience sure to haunt your memory for years. Nashville Ghost Tours Haunted Hearse Tours are a great way to see the haunted side of Nashville! $50 per person

Grand Ole Opry — Start Time: 7:00 pm What began as a simple radio broadcast in 1925 is today a live entertainment phenomenon. Dedicated to honoring country music’s rich history and dynamic present, the Grand Ole Opry showcases a mix of country legends and the contemporary chart-toppers who have followed in their footsteps. The Opry, an American icon and Nashville, Tennessee’s number-one attraction, is world-famous for creating one-of-a-kind entertainment experiences for audiences of all ages. It’s been called the “home of American music” and “country’s most famous stage.” Every year, hundreds of thousands of people make pilgrimages across town or around the world to the Grand Ole Opry to see the show live.

Show details for September 17 can be found online at www.opry.com/calendar. Tickets are Tier 2 level. This price only covers the cost of the show and no additional special events. $65 per person

Page 33: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

WEDNESDAY, SEPTEMBER 18 | 2019

WE

DN

ES

DA

Y, S

EP

TE

MB

ER

18 | 2019

61SEPTEMBER 15 –18, 2019 www.ahia.org60 www.ahia.org AHIA 38TH ANNUAL CONFERENCE

WEDNESDAY, AUGUST 29, 2019

7:00 am – 12:00 pm

Registration Broadway Ballroom Foyer

7:00 am – 8:00 am

Attendee Continental BreakfastBroadway Ballroom East

8:00 am – 9:40 am

A9: CORE AUDIT

Healthcare Compliance Auditing for Zones of RiskCumberland 1

Debi Weatherford, CIA, Executive Director Internal Audit, Piedmont Healthcare

Debra Muscio, CHC, CCE, CHP, CFE, CHP, CHIAP APPROVED, SVP, Chief Audit, ERM, Privacy, Security, Ethics & Compliance Officer, Community Medical Center

Level: All Field of Study: Specialized Knowledge Prerequisites: None CPE(s): 2

8:00 am – 9:40 am

B9: CARE SETTINGS

Quality Assurance and Improvement Program (QAIP)—How to Build Quality into Internal Audit Activities Cumberland 2

James Menck, CPA, CIA, CFE, Senior Manager, Eide Bailly LLP

Scott Sisel, CPA, Partner and Director of Internal Audit Services, Eide Bailly LLP

Level: N/A Field of Study: N/A Prerequisites: N/A CPE(s): 2

AHIA EXPERIENCE SURVEY DRAWING

Fill out our Experience Survey and enter our drawing to win a free

2020 Conference Registration. To be eligible to win the 2019 AHIA

prize drawing you must:

1) Complete the AHIA Experience Survey — provided in your

registration bag.

2) Turn in your completed survey to AHIA Registration NO LATER

THAN 3:00 pm on Tuesday, September 17, 2019

3) Each attendee may enter this drawing only once.

4) Must be present to win.

NO PURCHASE NECESSARY TO ENTER OR WIN. VOID WHERE PROHIBITED. Sponsor: Association of Healthcare Internal Auditors, located at One Oakbrook Plaza, Ste., 800, Oakbrook Terrace, IL 60181, is the sponsor of this promotion (“AHIA”). AHIA reserves the right, at its sole discretion, to cancel, modify or terminate the Drawing at any time. The Drawing will be held on Tuesday, September 17, 2019 immediately following the Exhibitor Drawing in the Exhibit Hall.

Check us out on social media:

https://www.linkedin.com/company/ahia/

https://www.facebook.com/HealthcareInternalAudit/

WIFIWifi is provided to all conference attendees and covers all breakout and conference rooms.

Network Name: AHIA2019Access Code: ahia2019 (case sensitive)

Page 34: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

WEDNESDAY, SEPTEMBER 18 | 2019 WEDNESDAY, SEPTEMBER 18 | 2019

WE

DN

ES

DA

Y, S

EP

TE

MB

ER

18 | 2019WE

DN

ES

DA

Y, S

EP

TE

MB

ER

18

| 20

19

62 63www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

8:00 am – 9:40 am

C9: COMPLIANCE

How Does Your Organization’s Compliance Program Stack Up in the Healthcare versus Financial Services Industries?Cumberland 3

Leyla Erkan, CHC, CHP, Midwest Healthcare Leader, Protiviti

Mitch Evans, ACA, FCA, Vice President of Internal Audit, Parkview Health

Tom Giltrow, CRCM, Director, Protiviti

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 2

8:00 am – 9:40 am

D9: INFORMATION TECHNOLOGY/SECURITY

Vendor Management in the Era of Big Data and Machine LearningCumberland 4

Daniel Fabbri, PhD, Assistant Professor of Biomedical Informatics, Maize Analytics Inc.

Jason Shelton, Founder & CEO, Better IG Consulting

Level: Professional Field of Study: Auditing Prerequisites: None CPE(s): 2

Online registration, complete session descriptions,

learning objectives, field-of-study classifications,

prerequisites and more are available at

www.ahia.org

8:00 am – 9:40 am

E9: REVENUE CYCLE

Revenue at Risk: From the Bed-side to the Business-sideNautilus 3-4

Rebecca Welker, FHFMA, CIA, National Leader, Crowe Healthcare Risk Consulting, LLC

Kelly Smith, CPA, Senior Manager, Crowe Healthcare Risk Consulting, LLC

Level: All Field of Study: Specialized Knowledge Prerequisites: None CPE(s): 2

8:00 am – 9:40 am

F9: HEALTH PLAN

Health Plan Strategy: Proactive Auditing vs Reactive AuditingMockingbird 1

Richard J. Merino, Senior Managing Director, Ankura

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 2

8:00 am – 9:40 am

G9: EMERGING TOPICS & PRACTICES

Navigating Risk While Mitigating the Three-Headed MonsterMockingbird 2

Lori Laubach, CHC, Partner, Moss Adams; Calvin Swartley, CFA, ASA, Managing Director, Moss Adams

Lawrence Vernaglia, Partner, Foley & Lardner LLP

Level: All Field of Study: Compliance & Auditing Prerequisites: None CPE(s): 2

Page 35: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

WEDNESDAY, SEPTEMBER 18 | 2019 WEDNESDAY, SEPTEMBER 18 | 2019

WE

DN

ES

DA

Y, S

EP

TE

MB

ER

18 | 2019WE

DN

ES

DA

Y, S

EP

TE

MB

ER

18

| 20

19

64 65www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

9:40 am – 10:00 am

Mid-Morning Networking Break (Refreshments

provided)Broadway Ballroom East

10:00 am – 10:50 am

A10: CORE AUDIT

Top 10 HR Audit RisksCumberland 1

Sarah McLaughlin, CHRO, Leadership Development Consultant, The Audit Group, Inc.

Level: Introductory Field of Study: Auditing Prerequisites: None CPE(s): 1

10:00 am – 10:50 am

B10: CARE SETTINGS

Top Home Health Compliance Risks and Monitoring OpportunitiesCumberland 2

Shawn Stevison, CPA, CHC, CRMA, CGMA, Director of Internal Audit, Signature HealthCARE, LLC

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

SU

BJE

CT

MA

TT

ER

LE

AD

ER

S

10:00 am – 10:50 am

C10: COMPLIANCE

Credit Balance Report Auditing and Regulatory ConsiderationsCumberland 3

Kathleen Spears, MJ, CHC, CISA, Director, Ankura

Lindsey Lonergan, JD, Vice President and Deputy General Counsel, Navicent Health

Level: Professional Field of Study: Auditing Prerequisites: None CPE(s): 1

10:00 am – 10:50 am

D10: INFORMATION TECHNOLOGY/SECURITY

Top 10 Emerging Healthcare IT Audit IssuesCumberland 5

Glenn Wilson, Enterprise Risk Senior Manager, IAT & Cyber Risk Services, Deloitte & Touche LLP

Level: Professional Field of Study: Auditing Prerequisites: None CPE(s): 1

10:00 am – 10:50 am

E10: REVENUE CYCLE

Epic Operational Audits for Non-technical AuditorsCumberland 4

Robin Cannon, BS, Principal Auditor, WellSpan Health

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

Page 36: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

WEDNESDAY, SEPTEMBER 18 | 2019 WEDNESDAY, SEPTEMBER 18 | 2019

WE

DN

ES

DA

Y, S

EP

TE

MB

ER

18 | 2019WE

DN

ES

DA

Y, S

EP

TE

MB

ER

18

| 20

19

66 67www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

10:00 am – 10:50 am

F10: HEALTH PLAN

Auditing Health Plan Benefit Administration for Company EmployeesMockingbird 1

Karissa Reeves, Senior Internal Auditor, Parkview Health

Level: All Field of Study: Auditing Prerequisites: None CPE(s): 1

10:00 am – 10:50 am

G10: EMERGING TOPICS & PRACTICES

Provider Compliance: It’s Not a Mission ImpossibleMockingbird 2

Niurka Adorno, JD, CHC, AVP, Compliance/Regional Compliance Officer, Molina Healthcare of SC and PR

Jorge Perez-Casellas, JD, LLM, CHC, Managing Director, Ankura

Level: Introductory Field of Study: Compliance Prerequisites: None CPE(s): 1

WIFIWifi is provided to all conference attendees and covers all breakout and conference rooms.

Network Name: AHIA2019Access Code: ahia2019 (case sensitive)

11:00 am – 1:00 pm

CLOSING REMARKS AND KEYNOTE PRESENTATION

Ethical Erosion, Ethical Wisdom and Ethical CultureBroadway Ballroom West

Jack Gilbert, EdD, Clinical Professor, Arizona State University

In this session, we will explore the damaging and pervasive role of ethical erosion in weakening the ability to do the right thing every day and its antidote, ethical wisdom. Then we will examine four ethical pathways (culture, leadership, infrastructure, personal integrity) and take a deep dive into the five everyday disciplines that support an ethical culture and leverage ethical wisdom. Finally, we will explore in depth the three disciplines of personal integrity. All of which will lead participants to the opportunity to determine a small set of actions to take “back home” that will support the ethical health of their organization.

Level: ALL Field of Study: Behavioral Ethics CPE(s): 2

Page 37: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

SUNDAY, SEPTEMBER 15 | 2019

68 69www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

SP

ON

SO

RS

SPONSORSSPONSORS

SP

ON

SO

RS

Thank You to all of our generous sponsors, who contributed financially toward the success of the AHIA 38th Annual Conference. This event would not be possible without their generous sponsor and commitment to the profession of healthcare internal auditing. Sponsorship is vital to continuing AHIA’s programs and services. Without the support of our sponsors, we could not carry out our mission of providing healthcare auditors with high quality, specialized education and vital networking opportunities.

DIAMOND LEVEL SPONSORS

Crowe LLCcrowe.com

Deloitte & Touchewww.deloitte.com/us/ia

Protivitiprotiviti.com/US-en/healthcare

PLATINUM LEVEL SPONSOR

Protenusprotenus.com

SpendMendwww.spendmend.com

GOLD LEVEL SPONSORS

KMPG LLP kpmg.com

Galvanize www.wegalvanize.com

Spanugowww.Spanugo.com

KEYNOTE / SILVER SPONSOR

Eide Baillywww.eidebailly.com/healthcare

SILVER LEVEL SPONSORS

Baker Tillywww.bakertilly.com/

Eminere Groupemineregroup.com

GlassRatnerwww.glassratner.com

Kit Check kitcheck.com

Moss Adammossadams.com

Plante Moran, LLP plantemoran.com

PwC pwc.com/internalaudit

Talson Solutions, LLC www.talsonsolutions.com

SP

ON

SO

RS

Page 38: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

SUNDAY, AUGUST 30 | 2015

70 71www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

EXHIBITOR HOURS & DRAWING

EX

HIB

ITO

R H

OU

RS

& D

RA

WIN

G

EXHIBITOR DRAWINGVisit each exhibitor and enter our drawing to win a $500 VISA gift card. To be eligible to win the 2019 AHIA prize drawing you must:

1) Visit each exhibitor’s booth and receive a signature on the corresponding square on the EXHIBITOR DRAWING CARD — provided in your registration bag .

2) Complete the contact information on the EXHIBITOR DRAWING CARD

3) Turn in your completed card to AHIA Registration NO LATER THAN 2:30 pm on Tuesday, September 17, 2019

4) Each attendee may enter this drawing only once .

5) Must be present to win .

NO PURCHASE NECESSARY TO ENTER OR WIN. VOID WHERE PROHIBITED. Sponsor: Association of Healthcare Internal Auditors, located at One Oakbrook Plaza, Ste., 800, Oakbrook Terrace, IL 60181, is the sponsor of this promotion (“AHIA”). AHIA reserves the right, at its sole discretion, to cancel, modify or terminate the Drawing at any time. The Drawing will be held on Tuesday, September 17, 2019 at 3:15 pm in the Exhibit Hall.

Exhibitor Set-up:Sunday, September 152:00 pm – 5:00 pm

Exhibit Viewing Hours:Monday, September 167:00 am to 7:00 pm

Tuesday, September 177:00 am – 6:30 pm

Exhibitor Teardown: Tuesday, September 176:30 pm – 8:30 pm

Please note: Exhibitors are not

required to staff booths during

times attendees are in educational

sessions. The AHIA Annual

Conference Prize Drawing will be

held on Tuesday, September 17, 2019 at 3:15 pm in the Exhibit Hall. Exhibitors are welcome to do

any prize drawings at that time.

EX

HIB

ITOR

FLOO

R P

LAN

EXHIBITOR FLOOR PLAN

Broadway BallroomEast

30

29

28

27

26 25 24 23 22 21 20 16

15

14

13

12

11

7654321

21 Auditboard

5 Baker Tilly

7 Bottomline Technologies

26 Crowe LLP

28 Deloitte

20 Deloitte Ask a Hacker

1 Eide Bailly LLP

25 Eminere Group LLC

23 Fort Hill Associates, LLC

12 Galvanize

3 GlassRatner

6 HelioMetrics

24 Kit Check

22 Maize Analytics Inc.

13 Momentum Seminars Training & Coaching

16 Plante Moran

11 Playback Now

29 Protenus

27 Protiviti

2 PwC

14 RSM US LLC

15 SpendMend

30 Spanugo

4 Talson Solutions LLC

Page 39: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

SUNDAY, AUGUST 30 | 2015EXHIBITORS EXHIBITORS

EX

HIB

ITOR

SEX

HIB

ITO

RS

72 73www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

EX

HIB

ITOR

S

During the Annual Conference, be sure to visit the Exhibit Hall the latest information on the products and services you need to do your job more effectively and efficiently. Don’t miss this opportunity to speak one-on-one with representatives from the following organizations. THANK YOU to all our exhibitors, who provide an important service to our conference and the healthcare internal auditing profession.

AuditboardBooth #21

12900 Park Plaza Dr., Suite 200Cerritos, CA [email protected]

AuditBoard is the leading cloud-based platform transforming the way enterprises automate, collaborate and report in real-time on critical risk, audit and compliance workflows. AuditBoard offers a full suite of easy-to-use audit management and compliance solutions for SOX, controls management, operational audits, ERM and workflow management. AuditBoard’s clients include industry-leading pre-IPO to Fortune 50 companies looking to streamline their accounting and audit functions. For more information: www.auditboard.com.

Baker TillyBooth #5

777 E. Wisconsin Ave.Milwaukee, WI 53202414-777-5500lindsey.johnson@bakertilly.comwww.bakertilly.com

Baker Tilly is a leading advisory and accounting firm, providing assurance, tax, internal audit and consulting services to healthcare providers, higher education systems and research institutions. In addition to financial statement audit and tax services, we collaboratively address strategic areas such as risk management, research compliance, construction, managed care contracting, revenue cycle optimization, community health and needs assessments, cybersecurity, fraud and other strategic and operational issues. Visit us at bakertilly.com/healthcare to learn more.E

XH

IBIT

OR

S

Bottomline TechnologiesBooth #7

325 Corporate Dr.Portsmouth, NH [email protected]

Create, manage, deliver, and present electronic forms. Capture discrete data, eSignature, images, and annotations across platforms and devices. Protect healthcare information, prevent fraud, and meet HIPAA and HITECH mandates.

Crowe LLPBooth #26

231 South Bemiston, Suite 300Clayton, MO [email protected]

Crowe LLP healthcare services is focused on providing healthcare internal audit, compliance and risk consulting services. Our deep industry knowledge and “Next Generation” internal audit approach identify opportunities to tailor innovative solutions to manage risk and solve complex issues in today’s changing healthcare climate.

Deloitte & Touche Booth #28

111 S. Wacker Dr.Chicago, IL [email protected]/us/ia

Internal audit functions are evolving their approaches to not only deliver assurance to stakeholders, but to advise on critical business issues and better anticipate risk. We can help you develop a strategy to modernize your internal audit program; enhance your IT internal audit program; and incorporate Agile Internal Audit.

Page 40: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

SUNDAY, AUGUST 30 | 2015EXHIBITORS EXHIBITORS

EX

HIB

ITOR

SEX

HIB

ITO

RS

74 75www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

Eide Bailly LLPBooth #1

U.S. Bancorp Center800 Nicollet Mall, Suite 1300Minneapolis, MN [email protected]/healthcare

Eide Bailly is a CPA and business advisory firm with 44 offices across the nation. By embracing change and innovation, we’ve grown along with our clients to become one of the top 20 accounting firms in the U.S.

We pride ourselves on being leaders in the healthcare industry, offering valuable perspectives beyond our core strength of accounting and tax compliance. We’re business advisors who want to help guide the strategy and operations of our clients, by bringing them sustainable solutions that help improve their organizations.

Accounting is about numbers, but our business is about relationships.

Learn more at www.eidebailly.com/healthcare.

Eminere Group LLCBooth #25

2909 West Bay to Bay BoulevardTampa, FL 33629813-832-6672johan.lidros@emineregroup.comwww.emineregroup.com

Eminere Group is a premium assurance and management consulting firm providing IT Risk Management, IT Governance, IT Auditing and Cybersecurity services. We help organizations assess and manage their business risks associated with the deployment and use of information technology. Our teams are made up of the most senior resources in the field, with all the relevant certifications and industry expertise. We take pride in delivering thorough and detailed deliverables which immediately improve our customers’ compliance and risk posture. We are highly responsive and flexible — working with customers to design the exact project they require.

Fort Hill Associates, LLCBooth #23

37 Villa Road, Suite 106Greenville, SC 29615864-250-9065contact@forthillassociates.comwww.forthillassociates.com

Specialists in healthcare construction contract auditing – Fort Hill provides personal customer service to satisfy its client’s needs from pre-construction contract reviews though to periodic and closeout audits.

GalvanizeBooth #12

980 Howe St., Suite 1500Vancouver, BC V6Z [email protected]

Galvanize builds security, risk management, compliance, and audit software to drive change in some of the world’s largest organizations. We unite and strengthen individuals and entire companies through the integrated HighBond software platform. Visit our booth or wegalvanize.com to learn more.

Page 41: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

SUNDAY, AUGUST 30 | 2015EXHIBITORS EXHIBITORS

EX

HIB

ITOR

SEX

HIB

ITO

RS

76 77www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

GlassRatnerBooth #3

3445 Peachtree Rd NE, Suite 1225Atlanta, GA [email protected]

GlassRatner is a national specialty financial advisory services firm providing solutions to complex business problems and Board level agenda items. The firm applies a unique mix of skill sets and experience to address matters of the utmost importance to an enterprise such as managing through a business crisis or bankruptcy, pursuing a fraud investigation or corporate litigation, planning & executing a major acquisition or divestiture, unraveling a challenging healthcare issue and other business challenges.

HelioMetricsBooth #6

3440 Belt Line Blvd., Suite 208St. Louis Park, MN [email protected]

HelioMetrics is the industry’s leading advanced drug diversion analytics software platform. Its proprietary Diversion Triangulation™ methodology, along with behavior analytics, gives healthcare systems and pharmacies a closed loop process for the precise monitoring, detection and investigation of drug diversion, while validating compliance to medication handling policies and helping with process improvement.

Kit CheckBooth #24

1875 Connecticut Ave., #300Washington, DC [email protected]

Kit Check designs solutions to help hospitals deal with issues of diversion, standardization, inventory control, data analytics, and operational efficiencies. The flagship Kit Check product is an RFID-based automated medication tray management system, designed to help hospital pharmacies gain better visibility into medication usage and lifespan, increase efficiencies, and free up staff to focus on patient care. Kit Check’s Bluesight for Controlled Substances platform helps hospitals combat drug diversion by pinpointing outlier behavior patterns.

Maize Analytics Inc.Booth #22

Nashville, TN 37203339-222-9019cmurphy@maizeanalytics.comwww.maizeanalytics.com

Maize Analytics provides the only patented, peer-reviewed and published machine-learning technology on the market, working with compliance teams to audit EMR accesses, database accesses, and external data feeds. By removing false positive alerts and providing full vision into all accesses to ePHI, teams are able to maximize efficiency, increase productivity and protect patient privacy.

Page 42: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

SUNDAY, AUGUST 30 | 2015EXHIBITORS EXHIBITORS

EX

HIB

ITOR

SEX

HIB

ITO

RS

78 79www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

Momentum Seminars Training & CoachingBooth #13

139 Barley Dr.Christiana, TN 37037615-513-6443momentumseminars@gmail.comwww.momentumseminars.com

Momentum Seminars Training & Coaching helps organizations become more effective and profitable by investing in its people. Whether it’s leadership, team building or better communication skills, give your group the tools necessary to be successful. Turnover is high in all industries right now, but people don’t leave because they are underpaid. They LEAVE because they are underappreciated, underutilized and under trained. It’s no secret people want a sense of satisfaction at work. If the climate is one of bad management, lack of understanding or even toxic, good employees seek meaningful work elsewhere. Momentum Seminars helps you KEEP your best employees!

Plante MoranBooth #16

10 S Riverside PlazaChicago, IL [email protected]

Plante Moran serves hospitals and health systems across the nation with high-touch client service and strategic partnerships that provide long-lasting value and long-term success. In addition to internal audit solutions, Plante Moran professionals deliver financial and accounting services, strategic planning, reimbursement, operations consulting, risk management, IT consulting, M&A support, and real estate strategy services.

ProtenusBooth #29

1629 Thames St.Baltimore, MD [email protected]

The Protenus healthcare compliance analytics platform uses artificial intelligence to audit every access to patient records for the nation’s leading health systems. Providing healthcare leaders full insight into how health data is being used, and alerting privacy, security and compliance teams to inappropriate activity, Protenus helps our partner hospitals make decisions about how to better protect their data, their patients, and their institutions. Learn more at Protenus.com and follow us on Twitter @Protenus.

ProtivitiBooth #27

13727 Noel Road, Suite 800Dallas, TX [email protected]/healthcare

Protiviti’s healthcare industry team helps leaders make better decisions by managing the risks they face today, as well as illuminating the risks and unforeseen consequences inherent in their strategies for growth and opportunity in the future. Whether the top concern is payment reform, regulatory compliance, improving revenue, managing costs, evaluating and safeguarding protected health information, or leveraging new technology, Protiviti brings deep industry knowledge and skills to help healthcare organizations manage risks and maintain their financial health across all acute and post-acute specialty areas through the project and/or advisory services we provide.

Page 43: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

SUNDAY, AUGUST 30 | 2015EXHIBITORS EXHIBITORS

EX

HIB

ITOR

SEX

HIB

ITO

RS

80 81www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

PwCBooth #2

300 Madison AvenueNew York NY 10017646-471-3000www.pwc.com/internalaudit

PwC understands that most significant risks have a wide-ranging impact across the organization. As a result, PwC’s Risk Assurance practice has developed a holistic approach to risk that protects business, facilitates strategic decision-making and enhances efficiency. PwC firms help organizations and individuals create the value they’re looking for. We’re a network of firms in 158 countries with over 250,000 people with one goal: to help your business thrive. Find out more by visiting us at http://www.pwc.com/internalaudit.

RSM US LLPBooth #14

615 Channelside Dr., Suite 201Tampa, FL [email protected]

RSM is the leading provider of audit, tax and consulting services to the middle market. From financial services, to tax reimbursement and technology solutions, our professionals have deep health care experience and a breadth of resources to deliver effective solutions to the nearly 3,000 health care organizations across the nation.

SpendMendBooth #15

2680 Horizon Dr. SEGrand Rapids, MI [email protected]

In 2018, SpendMend saved health systems over $100 Million through recovery audit efforts in Procure-to-Pay, Pharmacy, Medical Device, Tax, and Wireless Device spend. SpendMend is focused on stopping Financial Leakage.

SpanugoBooth #30

3120 Scott Blvd.Santa Monica, CA [email protected]

Spanugo protects your IT assets across the enterprise hybrid cloud by delivering real-time cybersecurity assurance, risk, and compliance management. It accomplishes this by automating resource discovery, configuration management, and implementing security best practices.

Spanugo provides a unified single pane of glass view with comprehensive fine-grained visibility for all resources spanning the on-premises data center infrastructure and multi-cloud environments.

Page 44: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

SUNDAY, AUGUST 30 | 2015EXHIBITORS

EX

HIB

ITO

RS

Talson Solutions LLCBooth #4

41 N. 3rd St.Philadelphia, PA 19106215-592-9634, ext. [email protected]

Founded in 2001, Talson Solutions, LLC is 100% dedicated to providing capital project consulting services helping clients reduce capital program risk by improving financial controls and project execution. Talson offers specialized services in the areas of construction audit, litigation avoidance, project management, and risk assessment. Talson is aware of the many risks to investors, owners, public agencies, and real estate developers who undertake a significant investment of capital for design and construction. We have developed a successful track record of engagements by identifying cost recovery opportunities and creating risk awareness for organizations with extensive capital programs. Our professionals apply a forward thinking approach to capital projects while effectively utilizing lessons learned to benefit engagement outcomes.

Visit www.crowe.com/disclosure for more information about Crowe LLP, its subsidiaries, and Crowe Global. © 2019 Crowe LLP. HC2004-003D

CAUTIONMajor risks aheadCrowe can help you steer clear of common challenges to healthcare organizations

• Internal audit • Clinical audit• Cybersecurity and IT audit • Coding compliance

Contact us to learn more about our risk management offerings for healthcare.

crowe.com/hc-risk

Page 45: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

85SEPTEMBER 15 –18, 2019 www.ahia.org

CPE CERTIFICATION

National Association of State Boards of Accountancy (NASBA)

AHIA is registered with the National Association of State Boards of Accountancy as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credits. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website, www.NASBARegistry.org.

*All attendees receive a Certificate of Continuing Professional Education form in their registration packets upon registration check-in. In order to receive continuing education credit, complete this form by circling the session and number of CPE credits for each session attended. You must place your name on the session sign-in sheet to verify attendance at each presentation you circle. Before leaving the conference, leave the white copy of this form at the registration desk. Retain the yellow copy as your certificate of attendance.

American Academy of Professional Coders (AAPC)

*This program has the prior approval of AAPC for 31.0 continuing education hours. Granting of prior approval in no way constitutes endorsement by AAPC of the program content or the program sponsor.

Compliance Certification Board (CCB)

The Compliance Certification Board (CCB)® has approved this event for up to 29.0 CCB CEUs. Continuing Education Units are awarded based on individual attendance records. Granting of prior approval in no way constitutes endorsement by CCB of this event content or of the event sponsor.

Attendees seeking CPE credit through CCB must request a certificate from AHIA. Contact us at [email protected] [email protected] and we will assist you.

CP

E C

ER

TIF

ICA

TIO

N

Session Recordings Available

Recording Packages Include:Online Access

Playback Now Player AppPreloaded USB Flash Drive

Free Domestic Shipping!

$295

To order stop by the Playback AHIA booth

 or visit www.playbackahia.com

$395Special On Site Pricing

Visit Booth 12 for more information!

www.ahia.org

������������������������ ����� ������

������ � ������������� � ���������������� ���������� � ��

Page 46: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

86 87www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

CHIAP™ CERTIFICANTS

Linda GreerJulie GriffinKevin GroomOlga S. GrullonNataliya HammondRussell HarderDebra A. HarrisTodd M. HavensLois HelmsAlan HentonKaren HillAlice HoElizabeth HoffmannSheila A. HollandJerod HollowayLaura L. HooperJennifer HornyakApril J. HuletteTheresa IronsJill R. JacksonMatt JacksonTonya JacksonVictoria L. JacobyRenee W. JaenickeOlufunmilola O. JemilugbaJJ JenkinsKelley A. JeromeLisa S. JohnsonMelissa JollyChandra JonesJill W. JonesDexter JumamoyVeronica KasdorfLawrence KatzmanNatasha KellyWendy KempKristina KendallYungjin KimBruce D. KincaidRobert KinsmanMardelle KlausMichael Schaaf Klueh Alton KnightShirley A. KomotoPhilippa D. KraussKenny H. KumataSharon KurtzWendy A. LaBarbera

Vida LabradorKen E. LafataDavid LancasterDan LandsbergBrenda LarijaniMichelle LaToucheCarolyn LaunerJerry LearRussell A LeBlancJanie LeeKenton LeForeLori LehnLoran LermaDebbie LewDiana LockmanMelinda LokeyAnn LoveladyKelly LoyaRobert LundIrene MaSherri MagnusWilliam L. Malm Ginger M. ManwellJoyce A. Massott-BurnettCharles McDonaldPegeen E. McGowanCynthia McIntoshJamie McKayMichael P. McKeever Adam T. McKeneryJamie McKnightSherry D. McLendonSharon MeraroRobert R. MichalskiRhonda MillsAnn Marie MiltonAhmed Shawky MohammedMaria G. MojicaGregory MooreSandra R. Mozee-SmithCynthia Mullen-Gartland Debra A. MuscioMary MussariLorette NagelJodi NayoskiAfua NealGreg NewtonClaire E. Norwood

CHIAP™ CERTIFICANTS

CERTIFICATION TRAILBLAZERS

AHIA is proud to introduce the inaugural class of CHIAP™ Certificants.Congratulations and thank you for setting the standard for your peers in the healthcare internal audit industry.

Kelly L. AbrahamowiczLandon AdkinsCavell L. AlexanderMark AlexanderNiloufar AlianNadine Alliance EstiverneAnthony AlmedaAlice Anne AndressJason AnsteadSuzanne ApplegateSusan J. ArpeiHolly Atkins Jarod S. BaccusBernice Jill BaronMichael P. BathkeGrant D. BaumgartnerStephanie BeckmanCynthia L. BennettRodney V. BennettDavid E. BickettJulie A. BillingtonCynthia L. BishopMary BondurantJackie BonnyCathy BordelonKaren BradyKyle BrewsterSummer BuchananKimberly A. ButlerJohn H. Byrd JrLori CantrellTonya CarriganCalece CassBrian J. CathcartLaDonna M. CavinessLisa R. CavittKatherine P. ChambersLori ChapinSabine CharlesAmber Coleman Meghan D. ConcepcionGeorgia Conroy

Vikki C. CookTerry CorcoranJanet M. CoxStephanie J. CoxAstara N. CrewsAnna L. CusonMary E. DavisGennadiy DaychRosario P. de LeonChristy DeckerSusan DellTanya DenyesMegan DeVriesCheryl DoneganPamela DuncanEdward DuranSharon EagleburgerMark J. EddyMatthew R. EdmanClyde H. Efird IIIMichelle ElliottMichael P. FabriziusMariana FaustinelliHeather FinchCarol S. FitzgeraldDarlene FitzPatrickDeneen FlowersMary Jo FlynnStephen Ford Jr.Jim FrankTroy J. FranklinSusan FredrickKristin FreitasSamantha FrostSandi FuerstDarrick B. FullerAmy GargusJohn P. Gaspich Jr.Evan Gatian Angelle GranierMary Jo GrayAmy Greenhoe

Page 47: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

89SEPTEMBER 15 –18, 2019 www.ahia.org88 www.ahia.org AHIA 38TH ANNUAL CONFERENCE

FA

QS

& P

OL

ICIE

S

FAQS & POLICIES

Who do I ask if I have questions?Please visit us at the AHIA Registration Desk. AHIA volunteers and staff would be delighted to answer any questions you may have about the conference, your membership or the organization. Just ask! Registration is open from 7:00am until the close of activities each day.

Room Seating/Capacity PolicySeating in all sessions is on a first-come, first-served basis, so WE ENCOURAGE YOU TO ARRIVE EARLY TO SECURE A SEAT IN THOSE SESSIONS YOU WISH TO ATTEND. Several of our sessions are very popular this year and we have made every effort to accommodate all pre-registration requests. To ensure adequate seating, we ask that you attend those sessions indicated on your pre-conference itinerary. If you alter your itinerary (which you may do at any time), please select perimeter seating in those sessions, when available, in consideration of those attendees who pre-registered. PLEASE NOTE: Due to fire code restrictions, no one will be permitted to enter a session wherein the room reaches maximum capacity.

Access to Presentations/HandoutsONLINE: Attendees can reference and print session presentations and handouts at www.ahia.org — during and after the conference. We strive to provide the most complete information to you as early as possible and appreciate your patience as we continue to receive and update this content. You must be registered for the conference in order to have access to the website. In support of AHIA’s commitment to sustainability, printed copies of session presentations and handouts will NOT be provided this year. Conference attendees will receive unlimited access to posted session handouts online. Be sure to check www.ahia.org periodically to review newly uploaded handouts.

* AHIA executes speaker agreements with all presenters stipulating that session handouts belong to the presenters and can be distributed only as reference materials for registered conference attendees. AHIA prohibits sharing and distribution of handouts to non-attendees. Duplication of this product and its content in print or digital form for the purpose of sharing with others is prohibited without permission from the Association of Healthcare Internal Auditors.

Cyber CaféThe Cyber Café offers attendees quick, convenient and complimentary access to the Internet. Located near the Exhibit Hall stop by access conference presentations, check email or catch up on the latest headlines. Limited printing capabilities are available.

CHIAP™ CERTIFICANTS

CH

IAP

™ C

ER

TIF

ICA

NT

S

Roger NovoaJeannie O’DonnellPatricia J. OlenickMaria C. OrtegaTerence OuSusan E. PalmerDaniel Pantera Cynthia PapasApril PattersonKathryn PattersonDeborah PazourekKaren PercentChrista PerkinsChristina PerlisApril PetersDeanna M. PichonPaul E. PlataSusan PlummerCharles F. Price IVDerek QuinnDeborah RadkeJoanna RakersRandall B. RayTammy RehmAngela RewaDarryl RhamesTammy RiceTravis RichmondDavid E. RichstoneBradley I. RichterAlex RobisonSusana RodriguezKimberly K. RogersWilliam RushtonShyla RussellLaura Sak-CastellanoCarol ScangaBeth SchindlerHope SchofieldMary Jane R. SchroederMelissa H. ScottMichael W. ShaferNina ShahLatha SharmaShawn ShelleyDale ShultzRachel SimonsDora Sirakova

Darren SkolnickAmy Lee SmithBogumila L. SmolenSteve SokolDana StarckShawn A. StevisonAngela M. StuckeyJudith A. SwanstonEdwin L. Taliaferro Kristen R. TaylorSteve TaylorChristopher TelanoSenh ThaiSusan ThomasJackye R. ThompsonScott Thompson Beth TimmermanJohn TinkerThomas J. TocashLeAnna TorresKristen A. TranmalJohn TsantakisAmy TurnerStarr TurnerElise UeokaElizabeth UhlrichLisabeth VilchesMargaret Von SehrwaldLaurie S. WardDebi WeatherfordHeather WelchRebecca M. WelkerBarry WhiteKim WhitesideCharie WicklundJerylyn A WilliamsRichard WilliamsDevon L. WilsonKimberly H. WilsonValla F. WilsonStacy WoodLaura WrayAmy J. YatesKevin YatesKyle YermalovichYiya YuanGuillermo Zegarra

Page 48: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

90 91www.ahia.org AHIA 38TH ANNUAL CONFERENCE SEPTEMBER 15 –18, 2019 www.ahia.org

FAQS & POLICIES

FA

QS

& P

OL

ICIE

S

EnforcementParticipants asked to stop any harassing behavior are expected to comply immediately.

Exhibitors in the expo hall, sponsor or vendor booths, or similar activities are also subject to the anti-harassment policy. In particular, exhibitors should not use sexualized images, activities, or other material.

If a participant engages in harassing behavior, event organizers retain the right to take any actions to keep the event a welcoming environment for all participants. This includes warning the offender or expulsion from the conference [with no refund].

Event organizers may take action to redress anything designed to, or with the clear impact of, disrupting the event or making the environment hostile for any participants.

We expect participants to follow these rules at all event venues and event-related social activities. We think people should follow these rules outside event activities too!

ReportingIf someone makes you or anyone else feel unsafe or unwelcome, please report it to AHIA management as soon as possible. Harassment and other code of conduct violations reduce the value of our event for everyone. We want you to be happy at our event. People like you make our event a better place.

You can make a report either personally or anonymously.

ExpulsionA participant may be expelled by the decision of any of the above listed entities for whatever reasons they deem sufficient. However, here are some general guidelines for when a participant should be expelled:

• A [first/second/third/seventeenth] offense resulting in a warning from staff

• Continuing to harass after any “No” or “Stop” instruction

• A pattern of harassing behavior, with or without warnings

• A single serious offense (e.g., punching or groping someone)

• A single obviously intentional offense (e.g., taking up-skirt photos)

Hotel/venue security and local authorities should be contacted when appropriate.

FA

QS

& P

OL

ICIE

S

FAQS & POLICIES

What meals are provided at the conference?Breakfast, lunch and twice daily snack breaks are included with your registration fee. The Welcome Reception on Monday evening provides heavy hors d’oeuvres, dessert, beverages and a cash bar. Each attendee has received a complimentary drink ticket in the registration/welcome bag.

What happens at the Annual Business Meeting and should I attend?As a member of AHIA, you are a stakeholder of this organization. This is your opportunity to receive an update on the state of the organization and to give AHIA leadership input on how we can best serve your needs. We encourage you to show your support and take part in this informative event. Members and non-members are welcomed.

Lost and FoundIf you have lost an item — please check with the front desk and security will be contacted to assist you. AHIA is not responsible for lost or stolen items.

Anti-harassment PolicyThe AHIA Annual Conference is dedicated to providing a harassment-free conference experience for everyone, regardless of gender, gender identity and expression, sexual orientation, disability, physical appearance, body size, race, age or religion. We do not tolerate harassment of conference participants in any form. Conference participants violating these rules may be sanctioned or expelled from the conference, without a refund, at the discretion of the conference organizers.

Harassment includes, but is not limited to:

• Verbal comments that reinforce social structures of domination [related to gender, gender identity and expression, sexual orientation, disability, physical appearance, body size, race, age, religion.]

• Sexual images in public spaces

• Deliberate intimidation, stalking, or following

• Harassing photography or recording

• Sustained disruption of talks or other events

• Inappropriate physical contact

• Unwelcome sexual attention

• Advocating for, or encouraging, any of the above behavior

Page 49: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

NOTES

NO

TE

S

92 www.ahia.org AHIA 38TH ANNUAL CONFERENCE

Page 50: dtCcSanna edh ScHlhnenho S dhtledtCh naehCatl tnena · Biomedical Device Risk Management — Highest Impact and Least Managed Risk in Healthcare Information Technology/Security D3

© 2019 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. PRO-0718

protiviti.com

• High-value specialty audits or subject-matterexpertise across areas such as operations, revenuecycle, finance, compliance and IT

• Transformation and reorganization to coincide withsenior leadership’s needs

• Effectiveness evaluation of internal audit-relatedactivities

• Risk assessment and audit plans to ensure IA isaligned as a strategic partner with senior leadership

With a dedicated healthcare team and a Center of Excellence dedicated to gathering insights and determining industry best practices, Protiviti is a leading voice in internal audit.

Some of our key healthcare internal audit offerings include:

A Global Leader In HealthcareInternal Audit