LifeBridge Health Sinai Hospital Orientation

General Corporate Compliance and HIPAA

Need to Know What is compliance and why do we need a compliance program? Basic fraud and abuse regulations HIPAA Code of Conduct Your responsibilities Reporting – What and How!

Why do we need a Compliance Program? Healthcare is one of the most regulated industries in the United States (over 40 Federal agencies) The Government is getting tough!  According to the National Health Care Anti- Fraud Association, estimates that financial losses due to health care fraud are in the tens of billions of dollars per year Health care fraud inevitably translates into higher premiums and out of pocket costs for consumers Self-reporting is expected It is consistent with our Values and the right thing to do!

What does Fraud look Like Billing for services that were not rendered Billing for more expensive services or procedures than were actually provided or performed Performing unnecessary services for the purpose of generating insurance payments Accepting kickbacks for patient referrals Billing a patient more than the copayment amount.

The Government’s Enforcement Toolkit Federal False Claims Act Anti-Kickback Statute Civil Monetary Penalties Exclusions Stark …and then there’s - Health Insurance Portability and Accountability Act (HIPAA) Further defined in your regulatory compliance modules Violation of one can lead to another…. Anti-kickback statute: A CRIMINAL offense to knowingly, intentionally offer, pay or receive anything of value (money, gifts, etc.) to induce referrals of items or services paid by Federal health care programs. Max. fine of $25K, imprisonment for up to five years. Can also result in Civil monetary penalties and exclusion from participation in Federal health care programs. CMP: Fines can be imposed against any person who offers or gives anything of value to a Medicare or Medicaid beneficiary that is known to likely influence the beneficiary’s selection of that provider. Can also initiate proceedings to exclude that party from Federal health care programs. Exclusions: Approximately half of revenue comes from Medicare.

Protected Health Information (PHI) We All See It! PHI is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual: Name Address DOB Diagnosis Medications Insurance information Social Security or Medical Record Number Discussions between patient and provider Notes written by providers and other staff

HIPAA Privacy - Dealing With Common Issues Guiding Principle: Think “WHY and HOW” does this information need to be shared! Conversations- with another patient - NO Sign-in sheets- left in a public place- NO Sharing information with family/friends- NO Social Media- identifies the facility and/or patient-NO Leaving detailed messages on a voice mail- NO Sharing patient information is only acceptable when the information is needed to provide a service.

HIPAA Security – Basic Tips Never share your login/password Don’t write down passwords Do log off your computer when you walk away! Don’t open email attachments unless it is from a trusted source Forward suspicious emails to spam@lifebridgehealth.org Don’t click on links! Don’t download software or utilize unencrypted flash drives Utilize secure method to send PHI Verify fax numbers (and verify again…) Note: Digital fraud is on the rise

Code of Conduct Policy & Expectations The Code addresses: Our commitment to our patients, employees, and the community Safeguarding information Our commitment to fair and accurate billing Personal accountability and use of corporate assets Conflicts of interest How and when to report

What do I Report? Identify - Have you identified a situation that you believe is a violation of a law, regulation, policy, procedure or the Code of Conduct? Instinct - Do you have a suspicion that something that you have been asked to do or some thing that you have witnessed just doesn’t seem right? Follow your intuition...and, Inform - Don’t look the other way! Tell someone about it!

Who Do I Tell? Talk to your manager or supervisor Call the Compliance Officer (Joyce Romans) 410-871-6807 Call the anonymous Compliance Hotline (1-844-732-6233) or file a confidential report via the web (link found on the intranet) To discuss a privacy matter – call the Privacy Officer (Darlene Skinner) 410-601-1554 (privacy hotline)

Compliance is EVERYONE’S Responsibility! Complete assigned training – fraud & abuse, general compliance (IT’S REQUIRED!!) Read and understand the Code of Conduct Read and understand Human Resources and Departmental Policies and Procedures Pay attention to Compliance articles/emails Inform - know what to report and how to report concerns!!