320 likes | 692 Views
Contact Information. Julie Houska, Privacy and Security Official(217) 383-7159Opal Manning, Senior Compliance Administrator (217) 326-0025Steve Kelly, Corporate Compliance Officer(217) 383-3927. What is Health Care Compliance?. The detailed, interconnected web of laws and regulations governi
E N D
1. Carle FoundationCorporate Compliance
2. Contact Information Julie Houska, Privacy and Security Official
(217) 383-7159
Opal Manning, Senior Compliance Administrator
(217) 326-0025
Steve Kelly, Corporate Compliance Officer
(217) 383-3927
3. What is Health Care Compliance? The detailed, interconnected web of laws and regulations governing health care providers and the effort to behave ethically in our business.
Some laws include HIPAA, Stark, Anti-Kick Back…the list goes on…
Hospital Compliance programs were started because of the Federal Sentencing Guidelines…this is a clue to the seriousness of our mission.
4. Mission To maximize compliance with all relevant laws and regulations and to encourage ethical conduct in all of our business activities by:
Promoting a Culture of Compliance
Preventing violations before they occur
Helping to fix problems once they do occur.
5. Proactive Activities Ways that we can be proactive
Risk Assessments
Policies/Procedures
Compliance are found in the 600 series on CWeb
Standards of Conduct
Read booklet, sign p.63 in the binder, and return to educator
Education (including annual training)
Departmental Monitoring
Auditing
Open Communication This is how we want to be. We want to work on doing the right thing through these means. Go through list
If we aren’t completely successful at the proactive side of things then…next slideThis is how we want to be. We want to work on doing the right thing through these means. Go through list
If we aren’t completely successful at the proactive side of things then…next slide
6. Open Communication Suggested actions for reporting
Chain of Command
Any Director level person with which you are comfortable
Call Julie 383-7159, Opal 326-0025 or the Compliance Officer 383-3927
Confidential Message Line
1-888-500-5012
These are ways that you can help us remain proactive or just compliant in general. Go through list… by using these tools to report issues you help us… next slideThese are ways that you can help us remain proactive or just compliant in general. Go through list… by using these tools to report issues you help us… next slide
7. Confidential Message Line1-888-500-5012
Available 24/7 (Pens!)
Answered by compliance staff
Monday-Friday 8:00am to 5:00pm
Voice mailbox during non-staffed hours
Callers may remain anonymous
All calls are confidential & cannot be traced
Another important number to remember is the confidential message line, maybe the most important is the confidential message line. You can report issues to staff by calling this number and there is no caller id to identify you. You can use this number if you wish to identify yourself. It is your choice. If you call in and would rather leave a message simply ask the person that answers to hang up so you can call back to leave a message. By calling us with issues or stopping in to talk with us at the trailer you help us be avoid being non-compliantAnother important number to remember is the confidential message line, maybe the most important is the confidential message line. You can report issues to staff by calling this number and there is no caller id to identify you. You can use this number if you wish to identify yourself. It is your choice. If you call in and would rather leave a message simply ask the person that answers to hang up so you can call back to leave a message. By calling us with issues or stopping in to talk with us at the trailer you help us be avoid being non-compliant
8. It’s Expected and Protected Everyone’s Responsibility
Safe Environment
Can remain anonymous when reporting
May reach us by email/phone
Non-retaliation policy
Helps us fix our small problems before they become BIG problems
This is our goal, as we are only as effective as the employees allow us to be. We hope to help encourage this by, the list…
You may be wondering, what type of issues do you get? Next Slide…This is our goal, as we are only as effective as the employees allow us to be. We hope to help encourage this by, the list…
You may be wondering, what type of issues do you get? Next Slide…
9. Reactive Ways that we are reactive
Investigations
Corrective Action
Discipline
Preference for non-punitive corrective action
These are ways that we are reactive, go through the list… we don’t want to get to the reactive stage so we need your help…These are ways that we are reactive, go through the list… we don’t want to get to the reactive stage so we need your help…
10. Common Carle Issues Contracts
Relationship with CCA
Billing and Coding
HIPAA (Federal Law) These are some of the biggest topics that we face, explain the list and then after HIPAA Give it to Julie… next SlideThese are some of the biggest topics that we face, explain the list and then after HIPAA Give it to Julie… next Slide
11. Consequences of Non-Compliance May be excluded from Medicare/Medicaid programs
Substantial fines and penalties
Possible imprisonment for serious violations
Loss of trust of our patients and the community
Loss of reputation with our patients and the community Talk about list and then transition into the next slide by saying that is why we try to be proactive… next slideTalk about list and then transition into the next slide by saying that is why we try to be proactive… next slide
12. What You Can Do Follow your departmental policies and procedures
Document accurately and thoroughly
Communicate any concerns, particularly those about poor care or insufficient documentation, to your supervisor, the Compliance Office, or any Director level person
Complete your annual online compliance and HIPAA training
13. Compliance & HIPAA Training Compliance & HIPAA training must be completed annually. You will complete 2 parts (compliance & HIPAA) to complete your annual requirement.
The training is mandatory, discipline will be given to employees that do not complete the required training.
The initial training takes approximately 2-3 hours to complete. After the first year, employees will be able to complete the update for the training which usually takes 1-2 hours to complete.
In 2009, Only 1 person didn’t complete the training by the deadline!!!
14. Compliance & HIPAA Training Training will be announced through email (including instructions)
You must be paid for the time involved in completing the training
The training is accessible via the cweb or hospital education's website
Please call Opal (326-0025) or the IT Help Desk if you are having any computer issues!
15. HIPAA Health Insurance Portability and Accountability Act of 1996
Federal law which requires health care providers to take reasonable safeguards to prevent the improper use or disclosure of patient information (PHI)
We must protect any:
Verbal, Paper, Electronic information that can be used to identify our patients
Use reasonable safeguards
16. HIPAA Terms PHI = protected health information, e.g. name, address, phone numbers, birth date, clinic number, etc.
TPO = Treatment Payment Operations
Anything outside of TPO requires patients’ signatures
If state law is more strict than Federal law, Carle follows the state law
Minimum Necessary
Use only the information necessary to do your job
Use your computer access or facility access only to perform your job duties – no special privileges because you work here
Staff such as Housekeeping, Volunteers and Guest Services can also be affected by HIPAA
Being at Carle gives you physical access to the patients being treated here, which is also private
17. Privacy Tips Follow the procedure through the Health Information Dept if you would like to access your own or your family’s PHI
Remember, if you’re visiting a family member who is a patient – you are a visitor, not an employee
Find out where to dispose of PHI in your work area – sort your trash appropriately
Be responsible with any materials containing PHI e.g. list of patients, reports containing patient information
18. Like They Say About Vegas What Happens at Carle Stays at Carle!
Be careful discussing in public – this includes the shuttle, bars and restaurants, etc.
Be careful discussing when you’re off the clock, even with family members
No pictures please
Best practice is always not discussing specific patient information with others not involved in that patient’s care
19. HIPAA & Electronic Security What is HIPAA Security?
The efforts we take to protect patient electronic PHI (ePHI)
How we support the privacy of our patient information – medical information should only be used to treat patients by people who have a need to know that information
ePHI is present in all our major patient oriented information systems – and in smaller systems as well – even on your desk or lap top computers
20. How Do We Protect Information? We limit information availability to staff by grouping them and assigning different access levels
We insure the accuracy of the information by having multiple checks in our systems
We track who has looked at information to verify that the access was valid and appropriate
21. Electronic Security Tips Protect your passwords and sign out when you’re done!
Report if you see anyone using another’s password
Change your password regularly and use a strong password
Please -
Don’t open unknown email attachments
Don’t download software
Don’t stream audio or video
Secure your office
Don’t look up anyone’s records if there is not a business reason to do so – not allowed!
22. Consequences of a HIPAAViolation for Staff Being requested to participate in the investigation process
Any discipline up to and including termination
23. Stimulus Act of 2009 American Recovery and Reinvestment Act of 2009 (ARRA); aka Public Law 111-5
Signed into law February 17, 2009
Contains numerous provisions affecting patient privacy and health information technology
Many changes to come over the next few months and years which will make HIPAA more strict
24. Breach Notification Effective September 23, 2009
A breach is an event that “compromises the security or privacy of the PHI” – it poses a significant risk of financial, reputational, or other harm to the individual
Applies to covered entities and business associates
Staff must receive training on this new rule
25. Breach A breach is defined as “the unauthorized acquisition, access, use, or disclosure of unsecured PHI which compromises the security or privacy of the PHI, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information.”
26. Unsecured PHI Unsecured PHI is defined as “PHI that is not secured through the use of a technology or methodology that renders the PHI unusable, unreadable, or indecipherable to unauthorized individuals.”
Encryption and destruction are the only two methods recognized by the federal govt for making PHI secure
27. Breach Notification We will now be required
to notify patients in writing of a breach
depending on the number of patients affected by the breach, we may have to post a notice on our website, notify local media and notify the federal government
28. Red Flag Rule Effective November 1, 2009
The Fair and Accurate Credit Transactions Act (“FACTA” – also known as the Red Flag Rule) was passed by the Federal Trade Commission to reduce the risk of identity theft.
It requires various organizations to implement policies and procedures to assist patients when “Red Flags” occur.
29. Some Examples of Red Flags Presentation of documents that look to be forged, altered or fake;
A suspicious change of address;
A complaint or question from a patient who
- received a bill for another individual;
- received a bill for services never rendered;
- received a bill from a provider that the patient never patronized; or
- received an Explanation of Benefits (EOB) for services never received.
30. Identity Theft “A fraud committed or attempted using the identifying information of another person without authority.”
Both identity theft and the resulting theft of services are felony offenses
Non-compliance would put CF at risk for fines and the loss of trust and reputation in the community
31. Red Flag Program Requirements The Red Flag Rule states that we must have a program that:
describes how Carle Foundation and its affiliates (CF) identify Red Flags
describes how CF detects Red Flags in its operations
describes how CF responds to Red Flags
describes how CF administers its program
Corporate Compliance Policy CF610 Red Flag Identity Theft Program on the CWeb describes our Red Flag Program in its entirety.
32. Patient Privacy & The Golden Rule
Treat patient information that way you want your own information to be treated
Patient Rights/Patient Choice
To whom does the patient want information released – is it you?
33. Quick Reference Guides Privacy
Security
Good to keep these reference materials along with your employee handbook easily accessible!