1. Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1

2. Purpose of a Compliance Program As defined in the Office of Inspector General (OIG) Compliance Guidance for Hospitals – “Fundamentally, compliance efforts are designed to establish a culture within a hospital that promotes prevention, detection and resolution of instances of conduct that do not conform to Federal and State law, and Federal and State and private payer health care programs, as well as the hospital’s ethical and business policies.” 2

3. Components of GHS Compliance Program Structural Elements Open Communication – Hotline Compliance Officer Compliance and Practice Standards Education and Training Internal Monitoring and Auditing Enforcement of Rules and Standards of Conduct Response, Remedies and Resource Planning Risk Assessment Substantive Elements Laws and Regulations pertaining to Health Care operations Fraud & Abuse Laws: STARK, Anti-Kickback, CMP (Inducements) False Claims: Qui – Tam / Whistle-blower Exclusionary list, HIPAA, Medical Identity Theft, OIG Guidance, COI 3

4. Corporate Compliance is Everyone’s Responsibility Board : Duty of Care / Duty of Loyalty Executive Staff: Highest Moral Character and Integrity Leadership: Exhibit Professionalism and Right Relationships All Employees: – Perform duties in a professional and responsible manner – Adhere to all GHS policies – Report any violation of policies or suspected unethical behavior – Read, understand and follow the Code of Excellence 4

5. What is a “Compliance Issue”? A compliance issue is a concern that there is a violation of a law, rule, regulation or policy that governs our industry. ►Fraud and Abuse Issue False Claims: Medical Necessity Reasonableness, Quality Coding Improper Inducements ►HIPAA Violation Privacy Breach Security Lapse ►Violation of our Code of Excellence and/or related GHS Policies 5

6. GHS Policies and Initiatives Harassment Gifts and Gratuities Social Media Photography Proper Use of Property (Information Systems) Equal Opportunity Drug-Free Workplace Conflicts of Interest Finance and Billing (Coding and Documentation) Reporting Concerns and Non-Retaliation Business Ethics and Conduct Patient Safety and Quality University Medical Group 6

7. Reporting Mechanisms Your Concerns are Important! Contact your: Immediate Supervisor Department Director Department Compliance Manager / Liaisons Human Resources Other Management Compliance Office or Hotline (you can report anonymously) 7

8. Code of Excellence The Hotline Reporting Options: – You may call anonymously – You are protected from retaliation or retribution – All Hotline reports come to the GHS Corporate Integrity Office for investigation and resolution of reported concerns – The GHS Corporate Integrity Office may forward the concern to the appropriate department manager, depending on the issue (e.g., Human Resources Department) OR depending on the severity of the reported issue, it may require further reporting to authorities for investigation and lawful purposes- (Examples: Fraud and Abuse, Identify Theft) – GHS does not tolerate employees, contractors or other persons who retaliate against a person who makes a good faith report under this policy. We make every effort to handle reports confidentially. 8

9. Code of Excellence Hotline Numbers – 1-888-243-3611 – Go to GHSNet main page under Employee Reference, Employee Hotline & HIPAA Privacy Line http://www.ComplianceResource.com/Hotlinehttp://www.ComplianceResource.com/Hotline. 9

10. HIPAA Health Insurance Portability and Accountability Act of 1996 Department of Health and Human Services (HHS) established national standards for electronic health care transactions. HIPAA also established the rules for the security and privacy of health data. The Office of Civil Rights is the enforcement agency for HIPAA. 10

11. HIPAA Privacy Rule Protected health care information (PHI) may not be disclosed without the authorization of the patient unless permitted by one the several exceptions. Major exception is for “TPO” – TPO = treatment, payment or operations PHI includes (but is not limited to): – Patient demographics – Clinical or health information – Images or photographs – Financial information If it identifies a patient, it is likely considered to be PHI! 11

12. HIPAA Security Rule Covered Entities must use specific administrative, technical, and physical security procedures to assure the confidentiality of electronic protected health information. Important components include: Encryption Protection of electronic devices Access rules 12

13. The American Recovery and Reinvestment Act of 2009 (Recovery Act), among other things, expanded HIPAA Privacy and Security protections. Important components include: Electronic access to records New fines for violations Breach reporting Business Associate requirements 13 HITECH Health Information Technology for Economic and Clinical Health Act

14. Applying the Rules Reasonableness- Don’t Delay Treatment Minimum Necessary & Need-to-Know – Audits Duty to Protect & Report – Maintain Reasonable Safeguards – Protect Your User ID & Password – No Sharing! Attention to Detail – Social Media Privacy Violations = Civil Rights or Criminal Violations Accessing Your Own Medical Records When in doubt, don’t give out contact the Compliance Office. 14

15. Office of Corporate Integrity Compliance Office Skip Morris - Executive Director of Corporate Integrity 797-7720smorris@ghs.org J. Scott Pietras - Corporate Compliance Officer 797-7712 spietras@ghs.org Tracy Morris – Privacy Officer 797-7724tmorris5@ghs.org Jan Latham, Compliance Analyst / UMG Compliance Liaison 797-7725jlatham@ghs.org Linda Robinson, Compliance Administrative Assistant 797-7726lrobinson@ghs.org 15

16. Remember…… Corporate Compliance is Everyone’s Responsibility Thank you! 16