CORPORATE COMPLIANCE PROGRAM The Office of Corporate Integrity Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity

Purpose of a Compliance Program As defined in the Office of Inspector General (OIG) Compliance Guidance for Hospitals “Fundamentally, compliance efforts are designed to establish a culture within a hospital that promotes prevention, detection and resolution of instances of conduct that do not conform to Federal and State law, and Federal and State and private payer health care programs, as well as the hospital’s ethical and business policies.”

Components of GHS Compliance Program Structural Elements Open Communication – Hotline Compliance Officer Compliance and Practice Standards Education and Training Internal Monitoring and Auditing Enforcement of Rules and Standards of Conduct Response, Remedies and Resource Planning Risk Assessment Substantive Elements Laws and Regulations pertaining to Health Care operations Fraud & Abuse Laws: STARK, Anti-Kickback, CMP (Inducements) False Claims: Qui – Tam / Whistle-blower Exclusionary list, HIPAA, Medical Identity Theft, OIG Guidance, COI

Corporate Integrity Office Structure

Corporate Compliance Program Structure

Corporate Compliance is Everyone’s Responsibility Board : Duty of Care / Duty of Loyalty Executive Staff: Highest Moral Character and Integrity Leadership: Exhibit Professionalism and Right Relationships All Employees: Perform duties in a professional and responsible manner Adhere to all GHS policies Report any violation of policies or suspected unethical behavior Read, understand and follow the Code of Excellence

What is a “Compliance Issue”? A compliance issue is a concern that there is a violation of a law, rule, regulation or policy that governs our industry. ►Fraud and Abuse Issue False Claims: Medical Necessity Reasonableness, Quality Coding Improper Inducements ►HIPAA Violation Privacy Breach Security Lapse ►Violation of our Code of Excellence and/or related GHS Policies

GHS Policies and Initiatives Harassment Gifts and Gratuities Social Media Photography Proper Use of Property (Information Systems) Equal Opportunity Drug-Free Workplace Conflicts of Interest Finance and Billing (Coding and Documentation) Reporting Concerns and Non-Retaliation Business Ethics and Conduct Patient Safety and Quality University Medical Group

Compliance Reviews Documentation of tests/procedures/charges/coding Charge capture reconciliations Medical necessity verification Investigation of employee/patient complaints Actions of independent contractors (agents) Privacy/Confidentiality Auditing and Monitoring (IT, Policies, Payments, Risk Areas) Conflict of Interest University Medical Group

Your Concerns are Important! Reporting Mechanisms Your Concerns are Important! Contact your: Immediate Supervisor Department Director Department Compliance Manager / Liaisons Human Resources Other Management Compliance Office or Hotline (you can report anonymously)

Office of Corporate Integrity Compliance Office Skip Morris - Executive Director of Corporate Integrity 797-7720 smorris@ghs.org J. Scott Pietras - Corporate Compliance Officer 797-7712 spietras@ghs.org Tracy Morris – Privacy Officer 797-7724 tmorris5@ghs.org Jan Latham, Compliance Analyst / UMG Compliance Liaison 797-7725 jlatham@ghs.org Linda Robinson, Compliance Administrative Assistant 797-7726 lrobinson@ghs.org

Code of Excellence Are new employees and existing employees (including physicians and contracted employees) required to read and acknowledge the Code of Excellence? A few examples of a violation to the Code of Excellence include, however not limited to: Fraud & Abuse, Misconduct-harassment and disruptive behavior, asking for and accepting gifts, cash/checks or gift certificates from patients or their family members, business vendors, device manufacturers and pharmacy industry. Yes-All GHS employed staff and employed contractors are required to read and sign the COE Acknowledgement form Fraud and Abuse (false documentation in records, improper billing of a known false claim Misconduct and unethical behavior to GHS policies and procedures-harassment and disruptive behavior Solicitation or Accepting gifts, cash or gift certificates is a prohibited practice from both patients, patient family members, business, device manufacturers and pharma vendors HIPAA Privacy and Security Violations (accessing patient records and/or disclosing patient information without a work related reason both inside and outside the workplace) Yes-All GHS employed staff and employed contractors are required to report compliance concerns

Code of Excellence You may call anonymously The Hotline Reporting Options: You may call anonymously You are protected from retaliation or retribution All Hotline reports come to the GHS Corporate Integrity Office for investigation and resolution of reported concerns The GHS Corporate Integrity Office may forward the concern to the appropriate department manager, depending on the issue (e.g., Human Resources Department) OR depending on the severity of the reported issue, it may require further reporting to authorities for investigation and lawful purposes- (Examples: Fraud and Abuse, Identify Theft) GHS does not tolerate employees, contractors or other persons who retaliate against a person who makes a good faith report under this policy. We make every effort to handle reports confidentially.

Hotline Numbers 1-888-243-3611 1-800-297-8592 (en español) Code of Excellence Hotline Numbers 1-888-243-3611 1-800-297-8592 (en español) Go to GHSNet main page under Employee Reference, Employee Hotline & HIPAA Privacy Line http://www.ComplianceResource.com/Hotline.

HIPAA Health Insurance Portability and Accountability Act of 1996 Department of Health and Human Services (HHS) established national standards for electronic health care transactions. HIPAA also established the rules for the security and privacy of health data. The Office of Civil Rights is the enforcement agency for HIPAA.

If it identifies a patient, it is likely considered to be PHI! HIPAA Privacy Rule Protected health care information (PHI) may not be disclosed without the authorization of the patient unless permitted by one the several exceptions. Major exception is for “TPO” TPO = treatment, payment or operations PHI includes (but is not limited to): Patient demographics Clinical or health information Images or photographs Financial information If it identifies a patient, it is likely considered to be PHI!

HIPAA Security Rule Covered Entities must use specific administrative, technical, and physical security procedures to assure the confidentiality of electronic protected health information. Important components include: Encryption Protection of electronic devices Access rules

HITECH Health Information Technology for Economic and Clinical Health Act The American Recovery and Reinvestment Act of 2009 (Recovery Act), among other things, expanded HIPAA Privacy and Security protections. Important components include: Electronic access to records New fines for violations Breach reporting Business Associate requirements

When in doubt, don’t give out contact the Compliance Office. Applying the Rules Reasonableness- Don’t Delay Treatment Minimum Necessary & Need-to-Know Audits Duty to Protect & Report Maintain Reasonable Safeguards Protect Your User ID & Password – No Sharing! Attention to Detail Social Media Privacy Violations = Civil Rights or Criminal Violations Accessing Your Own Medical Records When in doubt, don’t give out contact the Compliance Office.

Corporate Compliance is Everyone’s Responsibility Thank you! Remember…… Corporate Compliance is Everyone’s Responsibility Thank you!