Presentation is loading. Please wait.

Presentation is loading. Please wait.

compliance department Compliance program- fwa - hipaa- code of conduct

Published byCoral Snow Modified over 7 years ago

Similar presentations

Presentation on theme: "compliance department Compliance program- fwa - hipaa- code of conduct"— Presentation transcript:

1 compliance department Compliance program- fwa - hipaa- code of conduct
Quality management compliance department Compliance program- fwa - hipaa- code of conduct PPMC

2 QM/Compliance Program – why?
Ensure ongoing education & monitoring related to all aspects of the compliance program - ANNUALLY Oversee and monitor the implementation of the compliance program. Develop policies and programs that encourage managers and employees to report suspected fraud and other improprieties without fear of retaliation. Investigate and act on matters related to compliance, including the coordination of internal investigations and any resulting corrective action with all departments, and providers where applicable.

3 Compliance Program Elements & Training Requirements
Quality Management/ Compliance Department Compliance Plan Compliance Program Training & Education Audit & Monitor Code of Conduct HIPAA Fraud, Waste, and Abuse SNP Medi-Cal & Medicare Regulatory Requirements

4 Compliance Program Promote an environment that encourages employees to report potential problems. Increase likelihood of identification and prevention of unlawful and unethical conduct. Develop procedures that allow prompt, thorough investigation of possible misconduct Develop disciplinary mechanisms to consistently enforce standards Early detection and reporting, and thereby reducing employee and organizational exposure to civil damages and penalties, criminal sanctions, and administrative remedies, such as program exclusion.

5 Training and Education
All employees are required to attend compliance training. Each employee is required to sign an attestation that reflects the employee’s knowledge of, and commitment to, PPMC’s Code of Conduct, FWA & HIPAA Compliance. Documentation and data submission requirements

6 Code of Conduct What is it?
Overarching principles & values by which PPMC operates; defines underlying framework for compliance P&Ps Expected performance in each area of operations As such, each member of the PPMC staff is responsible for compliance with the Code of Conduct. Applies to all employees, managers, directors, administrators, Medical Directors and officers of PPMC Responsible and accountable for compliance with state and federal laws and regulations, including laws governing Medi-Cal and Medicare

7 Code of Conduct Expectations ?
Support the mission, vision and values of PPMC as articulated in PPMC’s Mission, Vision and Values Statement. Comply with state, federal and organization policies as applicable to their respective role and job responsibilities. Conduct business in a professional and ethical manner. Attend applicable educational sessions related to compliance and fraud and abuse.

8 Code of Conduct More Expectations?
Know PPMC policies and procedures as they relate to compliance, including notification of suspected non-compliance or fraud and abuse. Participate in compliance monitoring and auditing activities as appropriate and identify potential non-compliance issues within their respective work environment. Report suspected or potential non-compliance or fraud and abuse to their respective supervisor or the QM/Compliance Dept. in a timely fashion.

9 Code of Conduct And even more expectations…?
Cooperate and assist, as appropriate, with investigations and corrective actions. Maintain confidentiality as relates to members, practitioners, organizational business, and communications. – Confidentiality Agreement Keep licensure and certification current as applicable.

10 What is - HIPAA ? HIPAA applies to the protection of individual’s health information  Protected Health Information (PHI) means individually identifiable health information names, addresses, phone numbers, medical record numbers, photos, drivers license numbers, etc.   It gives patients the right to their records and the right to know who's seen their records. – Notice of Privacy

11 Privacy and Security Rule what is required ..?
Security Standards Administrative Safeguards Risk Management Sanction Policy Information Systems Activity Reviews Physical safeguards Facility access controls Contingency operations Facility security plan Access control & validation procedures Maintenance records Workstation use & security Data backup and storage

12 Privacy and Security Rule PHI - Examples
Direct Individual Identifiers name date of birth postal address , zip code telephone number fax number electronic mail address social security number medical record number health plan beneficiary number account number certificate/license number vehicle identifiers and serial numbers, including license plate numbers device identifiers and serial numbers web universal resource locators internet protocol address numbers biometric identifiers including finger and voice prints full face photographic image and any comparable images

13 Breach Notification Rule
Health Information Technology for Economic and Clinical Health Act (HITECH Act) Under HITECH, "business associates," or third parties such as a billing company, now must follow the HIPAA privacy laws by protecting patient information and reporting data breaches, The Act provides for substantial penalties for failures to certify or comply with the new standards and operating rules. Requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information

14 Breach Notification Rule
Definition of a Breach A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information such that the use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual. 

15 Breach Notification Rule
Breach Notification Requirements Following a breach of unsecured protected health information covered entities must provide notification of the breach to affected individuals, the Health Plan, Secretary of Health and Human Services, and, in certain circumstances, to the media.  In addition, business associates must notify covered entities that a breach has occurred.

16 Breach Notification Rule
Individual Notice Must provide this individual notice in written form by first-class mail, or alternatively, by if the affected individual has agreed to receive such notices electronically. Must be provided without unreasonable delay and in no case later than 60 days following the discovery of a breach and must include: A description of the breach, a description of the types of information that were involved in the breach, The steps affected individuals should take to protect themselves from potential harm, A brief description of what the covered entity is doing to investigate the breach, mitigate the harm, and prevent further breaches, as well as contact information for the covered entity. 

17 Breach Notification Rule
Notice to Health Plan & State - TAT Report to Health Plans per their policies Will notify the State by visiting the HHS web site and filling out and electronically submitting a breach report form,  if a breach affects 500 or more individuals without unreasonable delay and in no case later than 60 days following a breach.  Reports of breaches affecting fewer than 500 individuals are due to the State no later than 60 days after the end of the calendar year in which the breaches occurred.

18 Breach Notification Rule
Burden of Proof The IPA and business associates have the burden of proof to demonstrate that all required notifications have been provided or that a use or disclosure of unsecured protected health information did not constitute a breach. 

19 IPA/MSO Breach PREVENTION
Examples of PHI Safeguards to Prevent a Breach Securing of Lap Top with PHI, to prevent loss or stolen Not giving unauthorized personnel access to PHI Not giving employee access codes Not using unsecure s when sending PHI(gmail, aol, yahoo.) Not using unsecure s when sending PHI (not encrypted or password protected) Not using Blackberry for s with PHI Not sending faxes without the disclosure statement Not leaving documents with PHI in unsecured areas Not having open discussions outside of work about members

20 Fraud, Waste & Abuse Defined
Fraud: The intentional misrepresentation of data for financial gain. Fraud occurs when an individual knows or should know that something is false and makes a knowing deception that could result in some unauthorized benefit to themselves or another person.¹ Waste: Is overutilization: the extravagant, careless or needless expenditure of healthcare benefits or services that results from deficient practices or decisions.¹ Abuse: Involves payment for items or services where there was no intent to deceive or misrepresent but the outcome of poor insufficient methods results in unnecessary costs to the Medicare program.2 Source: CMS Glossary; CMS Medicare Learning Network (MLN) Medicare Physician Guide: A Resource for Residents, Practicing Physicians, & Other Health Care Professionals, Tenth Edition (October 2008)

21 Physician Self Referral Law / Stark Law
Purpose: Prohibit improper referral relationships that can harm the Federal health care programs and program beneficiaries. Improper referral relationships can lead to overutilization can lead to increased costs, & corruption of the medical decision making process Starks Law accomplishes this by prohibiting physician from submitting referrals for Medicare patients to entities where the physician’s immediate family member has a financial relationship example?

22 Anti-Kickback Key Things Every Health Care Provider Should Know About the Anti-Kickback Statute Anti-kickback statute prohibits asking for or receiving anything of value to induce or reward referrals involving federal health care programs.

23 Federal Anti-Kickback Statute
Know the penalties under the law Criminal = Felony = JAILTIME. Conviction can result in fines up to $25,000 per violation or up to a five year prison term or both Civil & Administrative Penalties: Can lead to False Claims Act Liability Program exclusion from Medicare & Medicaid Can lead to penalties under the civil monetary penalties law up to a $50,000 penalty per violation and an assessment of up to three times the total amount of the kickback payment (even if some part of the payment was for a legitimate purpose).

24 Conflict of Interest An employee must disclose any possible conflicts so that PPMC may assess and prevent potential conflicts of interest from arising. A potential or actual conflict of interest occurs when an employee is in a position to influence a decision that may result in a personal gain for the employee/family member as a result of the Company’s business dealings. An employee/family member may not own or hold any significant interest in a supplier, customer or competitor of the company Employee must disclose actual/potential conflicts of interest in writing to supervisor / human resources.

25 Gifts & Gratuities PPMC employees will not solicit or accept gifts of significant value (i.e., in excess of $25.00), lavish entertainment or other benefits from potential and actual customers, suppliers or competitors. This policy is provided to all employees upon hire in the Employee Handbook.

26 Disciplinary Standards
Disciplinary action may result where a responsible employee’s failure to detect a violation is attributable to his or her negligence or reckless conduct. Possible disciplinary actions for improper conduct, including oral and written warnings, suspension, and termination. PPMC makes reasonable best efforts to see that disciplinary actions are applied consistently to all staff and managers. No employee is exempt.

27 Auditing and Monitoring
Department / Company The level of compliance within each functional area is assessed on an ongoing basis. Periodic audits to determine the level of compliance with federal and state statutes, regulations and program requirements.

28 Auditing and Monitoring
Prohibition of the employment of or contracting with persons known to have a propensity to engage in inappropriate or improper conduct. Efforts to ensure that individuals who have been recently convicted of a criminal offense related to heath care or who are listed as debarred, excluded or otherwise ineligible for participation in Federal health care programs are not hired. - OIG Established sanction verification processes for all potential employees and contracted providers.

29 Reporting Employees are responsible for reporting a concern or potential misconduct to their supervisor or manager. The QM/Compliance Dept. has an “open door” policy to receive employee reports or concerns regarding potential violations. Employees, enrollees and providers may also use the COMPLIANCE HOTLINE to report any potential misconduct or concerns. If an investigation ultimately reveals criminal, civil, or administrative violations have occurred, the appropriate federal and state officials will be notified immediately.

30 Required Reporting Violations of the code of conduct, ethics or any fraud, waste or abuse must be reported. Not reporting fraud or suspected fraud can make you a party to a case by allowing the fraud to continue. . Fraud or suspected fraud may also be reported anonymously Everyone has the right and responsibility to report possible fraud, waste, or abuse. Remember: You may report anonymously Employees may report any suspected compliance issue (HIPAA, FWA, Clinical, etc.) anonymously, without fear of intimidation and retaliation as this is prohibited when reporting a concern in good faith.

31 PPMC Hotline Information
Suspected Fraud and Abuse Suspected HIPAA / Confidentiality violations Suspected Compliance violations (951) PPMC

32 Compliance Training Materials
RSD Compliance Training 2014 (Folder) Fraud, Waste, and Abuse HIPAA / HITECH Code of Conduct QMProgram UM Program CM Program Health Education / Cultural & Linguistics Medi-Cal Linked Services SNP

Download ppt "compliance department Compliance program- fwa - hipaa- code of conduct"

Similar presentations

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
Our Goals Today To help you feel comfortable with asking questions.

Our Goals Today To help you feel comfortable with asking questions.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Corporate Compliance Instructor Notes:

Corporate Compliance Instructor Notes:
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.

Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Walking Through the Breach Notification Process - Beginning to End HIPAA COW Presentation and Panel April 8, 2011.

Walking Through the Breach Notification Process - Beginning to End HIPAA COW Presentation and Panel April 8, 2011.
2010 Region II Conference Corporate Compliance Panel June 3, 2010

2010 Region II Conference Corporate Compliance Panel June 3, 2010
Sales & Marketing Compliance Training

Sales & Marketing Compliance Training

Similar presentations

Ads by Google