Compliance, Ethics, and Audit Board Orientation Compliance, Ethics, and Audit January 29, 2019 PRESENTED BY Renée Jaenicke, CIA, CFE, CGMA, CCEP, CHC Director of Internal Audit and Compliance

Compliance, Ethics, and Audit: why is this important? Roles and relationships throughout healthcare system Elements of effective compliance programs Ethics Hotline Resources Q & A

Why is this topic important? U.S. Department of Justice, Office of the Deputy Attorney General, September 9, 2015 (Yates Memo): Individuals may be held liable as well as the organization. “One of the most effective ways to combat corporate misconduct is by seeking accountability from the individuals who perpetrated the wrong doing.” “To be eligible for any cooperation credit, corporations must provide to the Department all relevant facts about the individuals involved in the corporate misconduct.” “Both criminal and corporate investigations should focus on individuals from the inception of the investigation.” “Department lawyers should not agree to a corporate resolution that includes an agreement to dismiss charges against, or provide immunity for, individual officers and employees.” Tuomy Healthcare, September 2016 Entered into contracts with certain physicians to obtain certain referrals. $72.4 million settlement between Tuomy and US DOJ for Stark Law violations. $1 million liability and four-year exclusion from participating in federal healthcare programs for CEO. North American Health Care, Inc. (NAHC) 2016 Billed government healthcare programs for medically unnecessary rehabilitation therapy services. $28.5 million settlement and corporate integrity agreement between NAHC and US DOJ for false claims. $1 million liability for chairman of the board. $500 thousand liability for senior vice president. “Pull Quote could go here from a key clinician.”

Why is this topic important (cont’d.)? Caremark International Inc. Litigation (1996): Boards are responsible to ensure that a compliance program is in place and effective. Held that directors violated a standard of good faith to establish director oversight and “… utterly failed to implement any sort of statutorily required monitoring, reporting, or information controls that would have enabled them to learn of problems requiring their attention.” Boards must assure themselves “… that information and reporting systems exist in the organization that are reasonably designed to provide Senior Management and the Board itself timely, accurate information to allow Management and the Board each within its scope, to reach informed judgements concerning both the corporation’s compliance with law and its business performance.” (emphasis added) Business Judgement Rule: Directors are entitled to rely in good faith on officers and employees, as well as consultants in whom such confidence is merited. Duty to make reasonable inquiry where facts warrant. “Pull Quote could go here from a key clinician.”

Why is this topic important (cont’d.)? U.S. Federal Sentencing Guidelines Section 8B2.1(b)(2): Boards must exercise reasonable oversight. “The organization’s governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.” American Association of Certified Public Accountants, AU-C-250: Board’s responsibilities as they relate to financial statements “It is the responsibility of management, with the oversight of those charged with governance, to ensure that the entity’s operations are conducted in accordance with the provisions of laws and regulations that determine the reported amounts and disclosures in an entity’s financial statements.” “Pull Quote could go here from a key clinician.”

Why is this topic important (cont’d.)? Institute of Internal Auditors: Interaction with Internal Audit and the Board. Standard 1111: The chief audit executive must communicate and interact directly with the board. Standard 2060: The chief audit executive must report periodically to senior management and the board on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan and on its conformance with the Code of Ethics and the Standards. Reporting must also include significant risk and control issues, including fraud risks, governance issues, and other matters that require the attention of senior management and the board. “Pull Quote could go here from a key clinician.”

Roles and relationships throughout healthcare system “Compliance” involves many areas of the organization. Quality Privacy Coding Billing/revenue integrity Financial Risk Management Contracting Case Management Human Resources Business Development And others Internal Compliance and Ethics Committee incorporates representatives from all these areas.

Roles and relationships (cont’d.) Legal: Provides advice and counsel about relevant laws and regulations. Defends organization in legal proceedings. Compliance: Promotes the prevention, detection, and resolution of actions that do not conform to legal, policy, or business standards. Ethics: Hand in hand with compliance, provides education about legal and regulatory areas and facilitates dialogue in areas where the law is not clear. Internal Audit: Provides an objective evaluation of existing risk and internal controls systems. Ensures monitoring functions are working as intended. Quality Improvement: Promotes consistent, safe, and quality practices within healthcare organizations. Human Resources: Manages the recruiting, screening, and hiring of employees. Coordinates employee benefits. Provides training and development opportunities.

Example: Emergency Medical Treatment & Active Labor Act (EMTALA) Legal: What does the Emergency Medical Treatment and Active Labor Act require? Compliance: Do our policies and procedures match the law? Do we follow them? Ethics: Why is this law important and why should we comply? Internal Audit: How do we approach risks that we are not following the law? Do we have effective oversight? Do our policies, procedures, and processes result in the outcome we expect? Quality Improvement: What is the impact on the patient? Human Resources: What training do we need in this area? Is discipline required? Operations: Responsible for implementing process to ensure compliance with the law and our policies and procedures.

Elements of an Effective Compliance Program AICPA Policies & Procedures Governing Structure Oversight Hiring & Promoting Practices Communication & Education Monitor & Audit Consequences are Promoted and Enforced Investigate and Remediate “Pull Quote could go here from a key clinician.”

And more….

Ethics Hotline http://secure.ethicspoint.com

Resources Resources are available to you that: Provide further detail about your role Advise what questions you should be prepared to answer Recommend questions for you to ask your Compliance Officer and your Chief Audit Executive Just ask! 759-1958, rjaenicke@svmh.com

Questions? Answers!