1 / 33

Carle Foundation Corporate Compliance

Carle Foundation Corporate Compliance . Contact Information. Julie Houska, Privacy and Security Official (217) 383-7159 Opal Manning, Senior Compliance Administrator (217) 326-0025 Steve Kelly, Corporate Compliance Officer (217) 383-3927. What is Health Care Compliance?.

rittenberry
Download Presentation

Carle Foundation Corporate Compliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Carle FoundationCorporate Compliance

  2. Contact Information • Julie Houska, Privacy and Security Official • (217) 383-7159 • Opal Manning, Senior Compliance Administrator • (217) 326-0025 • Steve Kelly, Corporate Compliance Officer • (217) 383-3927

  3. What is Health Care Compliance? • The detailed, interconnected web of laws and regulations governing health care providers and the effort to behave ethically in our business. • Some laws include HIPAA, Stark, Anti-Kick Back…the list goes on… • Hospital Compliance programs were started because of the Federal Sentencing Guidelines…this is a clue to the seriousness of our mission.

  4. Mission • To maximize compliance with all relevant laws and regulations and to encourage ethical conduct in all of our business activities by: • Promoting a Culture of Compliance • Preventing violations before they occur • Helping to fix problems once they do occur.

  5. Proactive Activities • Ways that we can be proactive • Risk Assessments • Policies/Procedures • Compliance are found in the 600 series on CWeb • Standards of Conduct • Read booklet, sign p.63 in the binder, and return to educator • Education (including annual training) • Departmental Monitoring • Auditing • Open Communication

  6. Open Communication • Suggested actions for reporting • Chain of Command • Any Director level person with which you are comfortable • Call Julie 383-7159, Opal 326-0025 or the Compliance Officer 383-3927 • Confidential Message Line • 1-888-500-5012

  7. Confidential Message Line1-888-500-5012 • Available 24/7 (Pens!) • Answered by compliance staff Monday-Friday 8:00am to 5:00pm • Voice mailbox during non-staffed hours • Callers may remain anonymous • All calls are confidential & cannot be traced

  8. It’s Expected and Protected • Everyone’s Responsibility • Safe Environment • Can remain anonymous when reporting • May reach us by email/phone • Non-retaliation policy • Helps us fix our small problems before they become BIG problems

  9. Reactive • Ways that we are reactive • Investigations • Corrective Action • Discipline • Preference for non-punitive corrective action

  10. Common Carle Issues • Contracts • Relationship with CCA • Billing and Coding • HIPAA (Federal Law)

  11. Consequences of Non-Compliance • May be excluded from Medicare/Medicaid programs • Substantial fines and penalties • Possible imprisonment for serious violations • Loss of trust of our patients and the community • Loss of reputation with our patients and the community

  12. What You Can Do • Follow your departmental policies and procedures • Document accurately and thoroughly • Communicate any concerns, particularly those about poor care or insufficient documentation, to your supervisor, the Compliance Office, or any Director level person • Complete your annual online compliance and HIPAA training

  13. Compliance & HIPAA Training • Compliance & HIPAA training must be completed annually. You will complete 2 parts (compliance & HIPAA) to complete your annual requirement. • The training is mandatory, discipline will be given to employees that do not complete the required training. • The initial training takes approximately 2-3 hours to complete. After the first year, employees will be able to complete the update for the training which usually takes 1-2 hours to complete. • In 2009, Only 1 person didn’t complete the training by the deadline!!!

  14. Compliance & HIPAA Training • Training will be announced through email (including instructions) • You must be paid for the time involved in completing the training • The training is accessible via the cweb or hospital education's website • Please call Opal (326-0025) or the IT Help Desk if you are having any computer issues!

  15. HIPAA • Health Insurance Portability and Accountability Act of 1996 • Federal law which requires health care providers to take reasonable safeguards to prevent the improper use or disclosure of patient information (PHI) • We must protect any: • Verbal, Paper, Electronic information that can be used to identify our patients • Use reasonable safeguards

  16. HIPAA Terms • PHI = protected health information, e.g. name, address, phone numbers, birth date, clinic number, etc. • TPO = Treatment Payment Operations • Anything outside of TPO requires patients’ signatures • If state law is more strict than Federal law, Carle follows the state law • Minimum Necessary • Use only the information necessary to do your job • Use your computer access or facility access only to perform your job duties – no special privileges because you work here • Staff such as Housekeeping, Volunteers and Guest Services can also be affected by HIPAA • Being at Carle gives you physical access to the patients being treated here, which is also private

  17. Privacy Tips • Follow the procedure through the Health Information Dept if you would like to access your own or your family’s PHI • Remember, if you’re visiting a family member who is a patient – you are a visitor, not an employee • Find out where to dispose of PHI in your work area – sort your trash appropriately • Be responsible with any materials containing PHI e.g. list of patients, reports containing patient information

  18. Like They Say About Vegas • What Happens at Carle Stays at Carle! • Be careful discussing in public – this includes the shuttle, bars and restaurants, etc. • Be careful discussing when you’re off the clock, even with family members • No pictures please • Best practice is always not discussing specific patient information with others not involved in that patient’s care

  19. HIPAA & Electronic Security • What is HIPAA Security? • The efforts we take to protect patient electronic PHI (ePHI) • How we support the privacy of our patient information – medical information should only be used to treat patients by people who have a need to know that information • ePHI is present in all our major patient oriented information systems – and in smaller systems as well – even on your desk or lap top computers

  20. How Do We Protect Information? • We limit information availability to staff by grouping them and assigning different access levels • We insure the accuracy of the information by having multiple checks in our systems • We track who has looked at information to verify that the access was valid and appropriate

  21. Electronic Security Tips • Protect your passwords and sign out when you’re done! • Report if you see anyone using another’s password • Change your password regularly and use a strong password • Please - • Don’t open unknown email attachments • Don’t download software • Don’t stream audio or video • Secure your office • Don’t look up anyone’s records if there is not a business reason to do so – not allowed!

  22. Consequences of a HIPAAViolation for Staff • Being requested to participate in the investigation process • Any discipline up to and including termination

  23. Stimulus Act of 2009 • American Recovery and Reinvestment Act of 2009 (ARRA); aka Public Law 111-5 • Signed into law February 17, 2009 • Contains numerous provisions affecting patient privacy and health information technology • Many changes to come over the next few months and years which will make HIPAA more strict

  24. Breach Notification • Effective September 23, 2009 • A breach is an event that “compromises the security or privacy of the PHI” – it poses a significant risk of financial, reputational, or other harm to the individual • Applies to covered entities and business associates • Staff must receive training on this new rule

  25. Breach • A breach is defined as “the unauthorized acquisition, access, use, or disclosure of unsecured PHI which compromises the security or privacy of the PHI, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information.”

  26. Unsecured PHI Unsecured PHI is defined as “PHI that is not secured through the use of a technology or methodology that renders the PHI unusable, unreadable, or indecipherable to unauthorized individuals.” Encryption and destruction are the only two methods recognized by the federal govt for making PHI secure

  27. Breach Notification We will now be required • to notify patients in writing of a breach • depending on the number of patients affected by the breach, we may have to post a notice on our website, notify local media and notify the federal government

  28. Red Flag Rule • Effective November 1, 2009 • The Fair and Accurate Credit Transactions Act (“FACTA” – also known as the Red Flag Rule) was passed by the Federal Trade Commission to reduce the risk of identity theft. • It requires various organizations to implement policies and procedures to assist patients when “Red Flags” occur.

  29. Some Examples of Red Flags • Presentation of documents that look to be forged, altered or fake; • A suspicious change of address; • A complaint or question from a patient who - received a bill for another individual; - received a bill for services never rendered; - received a bill from a provider that the patient never patronized; or - received an Explanation of Benefits (EOB) for services never received.

  30. Identity Theft “A fraud committed or attempted using the identifying information of another person without authority.” Both identity theft and the resulting theft of services are felony offenses Non-compliance would put CF at risk for fines and the loss of trust and reputation in the community

  31. Red Flag Program Requirements The Red Flag Rule states that we must have a program that: • describes how Carle Foundation and its affiliates (CF) identify Red Flags • describes how CF detects Red Flags in its operations • describes how CF responds to Red Flags • describes how CF administers its program Corporate Compliance Policy CF610 Red Flag Identity Theft Program on the CWeb describes our Red Flag Program in its entirety.

  32. Patient Privacy & The Golden Rule • Treat patient information that way you want your own information to be treated • Patient Rights/Patient Choice • To whom does the patient want information released – is it you?

  33. Quick Reference Guides • Privacy • Security • Good to keep these reference materials along with your employee handbook easily accessible!

More Related