Connecting the Dots A Practical Approach to Integrating Compliance, Risk and Quality Jody Ann Noon RN, JD Partner Health Care Regulatory Practice.

Slides:

Advertisements

Similar presentations

Managing Compliance Related to Human Subjects Research Review Joseph Sherwin, Ph.D. Office of Regulatory Affairs University of Pennsylvania Fourth Annual.

Advertisements

Electronic Medical Records: Implications of HIPAA for Selecting and Implementing an EMR Todd Frech Senior Partner

Internal Control–Integrated Framework

Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.

INTRODUCTION TO ISO Joan Kithika. OUTLINE DEFINITIONS WHY ENVIRONMENTAL MANAGEMENT? LEGAL OVERVIEW HOW TO MANAGE THE ENVIRONMENT-AN ENVIRONMENTAL.

HIPAA Privacy Rule Training

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna

More CMM Part Two : Details.

ISO 9001 : 2000.

PwC and Medical Necessity Issues and Concerns Emerging OIG scrutiny on medical necessity; nearly 500 hospitals on national target list for Medicare compliance.

2010 Region II Conference Corporate Compliance Panel June 3, 2010

Security Controls – What Works

© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 8: Developing an Effective Ethics Program.

First Practice - Information Security Management System Implementation and ISO Certification.

Purpose of the Standards

Supplier Ethics: Program Checklist

THE PRINCIPLES OF QUALITY MANAGEMENT. DEFINING QUALITY Good Appearance? High Price? The Best? Particular Specification? Not necessarily, but always: Fitness.

Internal Auditing and Outsourcing

Effectively applying ISO9001:2000 clauses 5 and 8

HCCA HIPAA Readiness Survey Results Jody Noon Principal Deloitte & Touche Portland, OR November, 2002 John Steiner Esq. Chief Compliance Officer Cleveland.

Staff Structure Support HCCA Special Interest Group New Regulations: A Strategy for Implementation Sharon Schmid Vice President, Compliance and.

SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.

HIPAA PRIVACY AND SECURITY AWARENESS.

CORPORATE COMPLIANCE Tim Timmons Vice President Compliance and Regulatory Services Health Future, LLC.

Compliance and Quality Bringing It Together for Your Board Kristin Jenkins, J.D., FACHE October 2008.

Colorado Springs Utilities Environmental Services Functional Assessment Presentation for the American Public Power Association’s 2001 Engineering & Operations.

DSDS Quality Assurance Unit State of Alaska, Dept. of Health and Social Services Division of Senior and Disabilities Services (DSDS) Quality Assurance.

Compliance Issues for Medical Research at Healthcare Systems Jerry Castellano, Pharm.D., CIP Corporate Director Institutional Review Board Christiana Care.

Integrating HIPAA Into Your Compliance Program Fifth Annual National Congress on Health Care Compliance February 7, 2002 Glenna S. Jackson Vice President.

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

1 The Auditor’s Perspective Division of Sponsored Research Research Administration Training Series Presented by: Joe Cannella Audit Manager,

Joint Research & Enterprise Office Training The team, the procedures, the monitor and the Sponsor Lucy H H Parker Clinical Research Governance Manager.

Corporate Responsibility and Compliance A Resource for Health Care Boards of Directors By Debbie Troklus, CHC and Michael C. Hemsley, Esq.

©2004 Deloitte Development LLC. All rights reserved Pharmaceutical Regulatory and Compliance Congress Compliance Auditing & Monitoring 3.02 Auditing.

CERTIFICATION In the Electronics Recycling Industry © 2007 IAER Web Site - -

Health Care Compliance Association Region VII Compliance Conference August 1, 2003.

The Third Annual Medical Device Regulatory, Reimbursement and Compliance Congress How to establish a Compliance Program that will Minimize the Impact of.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Privacy Project Framework & Structure HIPAA Summit Brent Saunders

ISO GENERAL REQUIREMENTS. ISO Environmental Management Systems 2 Lesson Learning Goals At the end of this lesson you should be able to: 

Environmental Management System Definitions

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

Conducting Clinical Risk Assessments And Implementing Compliance Practices Jane L. Stratton Chiron Corporation VP/Associate General Counsel Chief Compliance.

Auditing and Monitoring for HIPAA Compliance

MA. EXPORT CENTER COMPLIANCE EXPORT EXPO Presented by : Paul Divecchio –DiVecchio & Associates Phone: (617) , Fax: (508)

Understanding the EHS Management System Development Process David Downs President EHS Management Partners,Inc.

How to Operationalize the Guidance In A Pharmaceutical Company OIG Guidance Pharma Audioconference Doug Lankler May 21, 2003.

U.S. Department of Education Safeguarding Student Privacy Melanie Muenzer U.S. Department of Education Chief of Staff Office of Planning, Evaluation, and.

Guidance Training (F520) §483.75(o) Quality Assessment and Assurance.

Confidential 1 HIPAA Compliance at Blue Cross Blue Shield of Minnesota: A Case Study Tim Wittenburg Director of Corporate Architecture & Data Management.

Patrick Sulzberger, CPA, CHC Compliance & The Board A Guide to Excellence.

The Second Annual Medical Device Regulatory, Reimbursement and Compliance Congress Presented by J. Glenn George Thursday, March 29, 2007 Day II – Track.

Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.

ISO CONCEPTS Is a management standard, it is not performance or product standard. The underlying purpose of ISO 1400 is that companies will improve.

Building A Pharmaceutical Compliance Program Presentation to the Sixth Annual Congress on Health Care Compliance February 7, 2003 Janice Toran Fujisawa.

0 Due Diligence Monitoring and Auditing of Third Party Vendors October 28, 2008 Pharmaceutical Regulatory and Compliance Congress and Best Practices Forum.

Compliance at the Crossroads: How can the Compliance Profession Move to the Second Generation? A Practical Approach to Integrating Compliance, Risk and.

Shared Services and Third Party Assurance: Panel May 19, 2016.

HIPAA Privacy Rule Training

Corporate Responsibility

The Most Important Element to Assure That Your Sales and Marketing Compliance Program is Working Effectively: Monitoring and Auditing Kelly B. Freeman,

Privacy Project Framework & Structure

Disability Services Agencies Briefing On HIPAA

HIPAA Policy & Procedure Strategies

HIPAA Security A Quantitative and Qualitative Risk Assessment

Presentation transcript:

Connecting the Dots A Practical Approach to Integrating Compliance, Risk and Quality Jody Ann Noon RN, JD Partner Health Care Regulatory Practice

2 The Role of Compliance The effectiveness of Senior Management’s oversight is typically limited because: –Limited linkage between governance and control activities –Existing internal control structures do not address the full range of risks –Key risks are managed by separate groups (e.g., FDA compliance, clinical trials, manufacturing quality) The “missing link” is a compliance program and infrastructure to measure and monitor the effectiveness and alignment between corporate governance and business unit / functional risk management, compliance and quality activities. Compliance

3 Finance SEC (e.g., Sarbanes) Service Delivery FDA Privacy False Claims CoPs Sales & Marketing Kickbacks Privacy Accounts Receivable False Claims SEC Compliance Traditional Model Quality, compliance and business risks managed by silo - difficult to track all of the moving parts

4 Quality, compliance and business risks managed in a coordinated manner - easier to see key interrelationships and interdependencies Emerging Model Boar d Chief Compliance Officer Day-to-Day Operations Financial Risk Regulatory Risk Systems/IT Risks Operational Risks

5 The Compliance Program Design Dilemma Compliance-related risks touch every aspect of the organization’s business & are difficult to “compartmentalize” The design should be based upon the organization’s business structure The design should result in a set of organization-wide compliance processes Medicare Billing Requirements? Privacy? What else?

6... Create a Compliance “Crosswalk” Business Process Will be impacted by many regulations Regulations apply to more than one business process Customer Billing Code the claim False Claims The Compliance Program Design Solution...

7 Step One: Characterize the organization’s business structure

8 Step Two: Establish the Standards for Each Risk Area Define the risk areas –Financial –Regulatory –Systems/IT –Operational Define the standards –The criteria for compliance –Groupings for Score Card purposes Cite the authority –Helpful to identify the source –Allows for translation Standard to Operations Operations to Standards

9 Step Three: Create the crosswalk Document Services Generate Service Code Bill Responsible Parties Receive And Post Payments Identify the compliance risks associated with each department and business process Coding & Billing

10 Step Four: Create a uniform process for review Frequency of reviews Scope of the review –Are their policies and procedures for the standard? –Have employees been trained on the policies and procedures? –Is there evidence that the policies and procedures are being followed? Are employees aware of them? Perform audits of certain requirements to evaluate compliance

11 Step Five: Establish a Uniform Metric How is compliance evaluated? –Points? –Stoplights? What criteria will be used to “score” the finding? –Presence of policies –Presence of SOPs –Employee Education –Employee Awareness –Formal Audits of documentation Sarbanes-Oxley OIG HIPAA

12 Step Six: Develop the Report Card Admissions Customer Service Marketing Medical Records Privacy Inducements By Department By Risk Area Privacy Privacy Notice Employee Training Complaints Employee Discipline Authorizations Minimum Necessary Access to Records Amendment of Records Confidential Communications Facility Directory Business Associate Agreements This allows the organization to identify areas of overlap and areas upon which to focus its efforts

13 The Compliance Documentation Process Standards –Each area of risk has a defined set of standards Gap Assessment –Policies and SOPs are compared to the standards –Implementation of policies and SOPs is assessed via observation, surveys, focus groups and interviews Findings –The standards are summarized in a Score Card or Status Board –The findings following a review are summarized on a dashboard –The Findings can be placed into a database or knowledge management system for easy reference and reporting Corrective Action Plans –Allow for documentation of specific findings Ongoing Audit Protocol –Utilize the baseline assessment to establish audit metrics and protocol

14 The Key to Compliance is Taking reasonable steps to comply with the regulations. Reasonable compliance can be demonstrated through a thoughtful and well-organized compliance program.