Corporate Responsibility Program

advertisement
Corporate Responsibility
Program
FY 2013
Corporate Responsibility Program
Ascension Health, its local health ministries, associates,
and agents are committed to carrying out their health care
ministry in a manner consistent with the Ascension Health
Mission, Vision, and Values. Integrity is one of Ascension
Health’s Core Values. The essence of integrity is a
workplace in which we follow ethical and legal business
practices.
In support of these commitments, the Board of Trustees of
Ascension Health has formally established a Corporate
Responsibility Program.
Corporate Responsibility Program
• Associates of St. Mary’s receive detailed
information regarding the Corporate
Responsibility Program at the beginning of their
employment during Organizational (General)
Orientation.
• This module is your ongoing review and
recommitment to the program.
Corporate Responsibility Program
After completing this module, you will be able to:
• Review the Corporate Responsibility Program Standards
of Conduct.
• Recall the action to take to report suspected violations.
• Be familiar with the False Claims Act.
• Identify your Corporate Responsibility Officer and
HIPAA Privacy & Security Officer.
• Pledge your recommitment to the Corporate Responsibility
Program.
The Corporate Responsibility Program is the:
Shared accountability among all
Associates of Ascension Health
and St. Mary’s Health System
to perform work ethically,
responsibly, and legally.
Standards of Conduct
The following five Standards of Conduct
(SOC) describe the behavior and conduct
expected of all Health Ministry
associates, medical staff members, Board
and Board Committee members, and
contractors.
Standards of Conduct
•
•
•
•
•
Standards of Conduct (SOC):
Follow Ethical and Religious Directives
Deliver Clinically Excellent and Safe Patient
Care
Foster a Model Community of Inspired
Associates
Be Honest and Fair in our Business Conduct
Comply with Laws and Regulations
Standards of Conduct
To make sure you understand the
Standards of Conduct,
let’s look a little more in depth
at each standard.
Standards of Conduct
SOC: Follow Ethical and Religious Directives
The Ethical and Religious Directives express
the Catholic Church’s teaching on the dignity
of the human person and the common good.
They are made up of principles that guide our
response to ethical issues in health care.
Standards of Conduct
•
•
•
•
SOC: Ethical and Religious Directives
These principles include:
Promoting the dignity of all, care for persons who are
poor, and contribute to the good of the community
Respect for the sacredness of human life from
conception to death
Providing compassionate care and relief of pain and
suffering for the dying
Treating our patients with respect, trust, honesty, and
confidentiality
Standards of Conduct
•
•
•
•
Ethical and Religious Directives
What is expected of me?
To be familiar with and follow the Ethical and Religious
Directives
To be familiar with and participate in ethics education
programs offered, as appropriate
To talk with someone if you have a question about the Ethical
and Religious Directives
To respect the Health Ministry’s religious identity and
promote its commitment to the Catholic Church’s moral
teaching.
Standards of Conduct
SOC: Deliver Clinically Excellent and Safe Patient Care
Clinically excellent and safe care requires an organization that
is highly reliable and dependent on each associate’s and
medical staff member’s participation in a culture of High
Reliability.
A High Reliability Organization is one that delivers on what it
intends to do, putting in place systems, processes and
behaviors to build strong teams that will prevent errors and
improve all areas of safety and experience for patients and
associates.
Standards of Conduct
Delivering Clinically Excellent and Safe Patient Care
What is expected of me?
• To follow the behaviors of a High Reliability Organization that provides
our patients, visitors, and associates with a safe environment that is free of
preventable injury.
• To follow policies and procedures that promote a safe environment for
patients, visitors, and associates.
• To deliver services with compassion and respect for the dignity of every
patient.
• To encourage patients to participate in decisions about their care in a
manner that they can understand and will enable them to make free and
informed decisions.
Standards of Conduct
Delivering Clinically Excellent and Safe Patient Care
Associates are expected to:
• Not disclose confidential information about patients or their care to any
unauthorized person or organization.
• Not access confidential information about patients unless you have a need
to know the information in order to perform your job.
• Have a positive, courteous and customer-service-oriented attitude and
approach to all persons you meet.
• Maintain complete, timely and accurate medical records.
• Maintain current professional licenses, certifications and other credentials
in accordance with professional standards and regulations that apply to
your position.
Standards of Conduct
SOC: Foster a Model Community of Inspired
Associates
Associates are at the core of our service as a Catholic health
ministry
Model community is our mutual commitment: Ascension
Health’s organizational commitment to Associates for their
full flourishing – personally and professionally – and
Associates’ personal commitment to the Ministry and one
another, all in service of our Mission.
Standards of Conduct
SOC: Foster a Model Community of Inspired
Associates
Model Community is rooted in the belief that associates deserve a
respectful workplace in which their voice is heard and a clear view of how
their work supports the mission. Safe, effective and reverent care can only
be provided by inspired people who:
• Have the required skills, knowledge and equipment to do their jobs,
• Are focused on our Mission, and
• Feel that they are safe, cared about, recognized and appreciated.
Standards of Conduct
SOC: Foster a Model Community of Inspired
Associates
What is expected of me?
• To treat others fairly, honestly and with dignity.
• To treat others respectfully, without regard to race,
religion, national origin, color, age, disability, marital
status, sexual orientation, gender, genetic
information, amnesty, status as a covered veteran or
any other legally protected status in accordance with
applicable federal, state, and local laws.
Standards of Conduct
SOC: Foster a Model Community of Inspired
Associates
What is expected of me?
• To communicate with others openly, honestly and
respectfully
• To be supportive of others and work as a team.
• To be committed to ongoing learning, including
training or educational opportunities.
Standards of Conduct
SOC: Be Honest and Fair in our Business Conduct
We are committed to ethical business conduct and integrity.
We act in the best interest of the Health Ministry, protect the
confidentiality of information and represent the Health
Ministry honestly and accurately.
Standards of Conduct
SOC: Be Honest and Fair in our Business Conduct
What is expected of me?
• Do not engage in any activity, practice or act that conflicts
with the interests of the Health Ministry.
• Seek guidance before accepting gifts from vendors, patients or
others.
• Do not accept employment or consulting arrangements outside
of the Health Ministry, or make personal investments if they
interfere with your job or unduly influence the decisions you
are required to make on behalf of the Health Ministry.
Standards of Conduct
SOC: Be Honest and Fair in our Business Conduct
What is expected of me?
• Do not access information in patient medical records, except
when you have a legitimate need to know the information to
perform your job.
• Do not disclose confidential information related to the Health
Ministry to any outside unauthorized person or organization,
or use such information for your personal benefit.
• Share confidential information about the operations of the
Health Ministry with associates only when they have a
legitimate need to know the information in order to perform
their job.
Standards of Conduct
•
•
•
•
SOC: Be Honest and Fair in our Business Conduct
What is expected of me?
Prepare all documents accurately and timely, including
expense reports, time and attendance records, financial
statements, and accounting records.
Follow Health Ministry policies and procedures to keep
internal financial controls.
Deal with regulatory agencies, insurance companies and
accrediting agencies honestly and accurately.
Do not violate patents, trademarks, copyright and software
licenses.
Standards of Conduct
SOC: Comply with Laws and Regulations
What is expected of me?
Follow all laws and regulations that apply to your work and ask
for assistance if you have questions about how they affect you.
False Claims Act
The False Claims Act is a federal law that makes it a crime for
any person or organization to knowingly make a false record
or file a false claim with the government for payment.
“Knowingly” includes having actual knowledge that a claim is
false, or acting in “deliberate ignorance” or “reckless
disregard” as to whether a claim is false.
Examples of possible false claims include billing Medicare for
services that were not provided, billing for a higher-level
service than the service actually furnished (upcoding), or
billing for services that were not ordered by a physician.
False Claims Act
• The False Claims Act contains provisions that allow
individuals with original information (i.e., information not
already the subject of legal proceedings or activities that have
already been publicly disclosed) concerning fraud involving
government programs to file a lawsuit on behalf of the
government and, if the lawsuit is successful, to receive a
portion of recoveries received by the government.
• The Federal False Claims Act protects employees from being
fired, demoted, threatened, or harassed by his or her employer
for providing information in good faith relative to a False
Claims Act investigation or lawsuit.
False Claims Act
• The Program Fraud Civil Remedies Act ("PFCRA") provides
federal agencies, including the agencies responsible for
federally funded health care programs, with administrative
remedies against individuals and organizations that knowingly
submit a false claim for payment, or knowingly make or use a
false record or statement to get a false claim paid
• The PFCRA is limited to situations where a false claim, or a
group of related false claims, does not exceed $150,000. The
PFCRA provides civil penalties up to $6,000 per false claim,
plus an assessment equal to twice the amount of the false
claim.
False Claims Act
• The Indiana False Claims Act (IC 12-15-23-1 et seq) mirrors
many of the provisions of the Federal False Claims Act.
• The actions that trigger civil penalties are substantially similar
to those of the federal False Claims Act.
• The Indiana False Claims Act provides civil penalties up to
$500 per false claim, plus an assessment equal to three times
the amount of the false claim and the repayment of reasonable
costs of the attorney general’s investigation and enforcement
actions.
• The Indiana False Claims Act also has a whistleblower
provision. Like the federal False Claims Act, the Indiana law
includes provisions to prevent employers from retaliating
against employees who report their employer’s false claims.
False Claims Act
Our Corporate Responsibility Program supports
compliance with these federal and state laws by:
• Monitoring and auditing to prevent or detect errors in
coding or billing.
• Educating our associates that they are responsible to
report any concern about a possible false claim.
• Investigating all reported concerns and correcting any
billing errors discovered.
• Protecting our associates who report concerns in good
faith.
Excluded Providers
It is the policy of the Hospital that it will not
knowingly employ, with or without pay, an individual
or entity that is listed by a federal agency as excluded,
suspended, or otherwise ineligible for participation in
federal programs.
If you are notified by a Federal agency that you have
been EXCLUDED FROM PARTICIPATION IN THE
FEDERAL HEALTH PROGRAMS, you must contact
the St. Mary’s Health System CRO immediately.
Corporate Responsibility Program
As a responsible associate, it is your right and
duty to find help and report situations that you
believe may potentially violate laws, the
Standards of Conduct or applicable policies.
Corporate Responsibility Program
There are several ways in which you can ask a question or share a
concern:
• Your Supervisor
• Higher-Level Manager
• Human Resources
• Corporate Responsibility Officer – Michael Klueh, VP of
Regulatory Compliance, Risk and Accreditation/CRO
If you are not comfortable contacting any of these associates or if
these associates have not fully resolved your concern, you can
call the Values Line phone number or use the Values Line
Web site.
Values Line
.
What is the Values Line?
The Values Line is an additional means of
communication available to all Ascension Health
associates. You can call this toll-free telephone service or
access the website 24 hours a day, seven days a week, to
report information you may have regarding a possible
violation of laws or our Standards of Conduct.
Values Line
• Values Line phone number (1-800-707-2198) and Values
Line website (www.AscensionHealthValuesLine.org) have
been established to report any questionable improper conduct.
• Your call is received by an independent organization (Ethics
Point) that will maintain strict confidentiality. The calls are not
recorded and the line is not caller ID capable.
• Your information may lead to a confidential investigation and
follow-up of the matter you raise. They will assign you an
identification number, and you can check back with them
regarding the matter.
Health Insurance Portability and
Accountability Act (HIPAA)
The primary purpose of HIPAA was to ensure
an individual could continue to maintain their
health insurance benefits when they changed
employers. HIPAA also included rules to
reduce healthcare fraud and abuse, to improve
the efficiency and effectiveness of the health
care system, and to protect the privacy and
security of all health information.
HIPAA Privacy and Security Rules
HIPAA Privacy and Security Rules work together to
ensure the protection of health information. The
Privacy rule covers what is protected and who is
permitted to use, disclose, or access information. The
Security rule refers to how health information is
protected, including controlling access to information
and protecting it from inappropriate disclosure and
accidental or intentional destruction or loss.
HIPAA Reminders
• All activities on St. Mary’s information systems are
subject to monitoring. Associates are responsible for
activities occurring on their system IDs.
• To maintain the integrity of our information systems,
associates should refrain from opening files attached
to an email from an unknown sender, suspicious, or
untrustworthy source, which may contain viruses.
• Passwords are the front line of protection for our
computer systems. A poorly chosen password may
result in the compromise of St. Mary’s corporate
network. All associates are responsible for taking the
appropriate steps to select and secure their passwords.
HIPAA Reminders
E-mails containing protected health information
(PHI) or having attachments containing PHI must
have -PHI- or -Secure- in the subject line (no
spaces between the hyphens and the word -PHIor -Secure-).
-PHI- and -Secure- in the subject line will
“trigger” encryption for e-mails being sent outside
St. Mary’s e-mail domain. Using this process for
all e-mails containing PHI will help ensure the
security of all confidential information.
HITECH Act
The Health Information Technology for
Economic and Clinical Health (HITECH) act
was signed into law in 2009. One of
HITECH’s goals was to strengthen Federal
privacy and security laws to protect
individuals’ health information from misuse as
the health care sector increases use of Health
Information Technology.
HITECH Act
HITECH Improves and Expands Existing HIPAA
Privacy and Security Rules by:
• Establishing a breach notification requirement for health
information that is not encrypted or otherwise made
unreadable. It requires that we notify patients if there is an
unauthorized disclosure or use of their health information.
• Strengthening the requirement that providers obtain patient’s
authorization before using their health information for
marketing and fundraising activities.
• Increasing the penalties for violations and providing greater
resources for enforcement and oversight activities.
• Ensuring Business Associates, entities that work on providers’
behalf, are subject to the same privacy and security rules as
providers.
HITECH Act
HITECH’s requirements re-emphasize the importance
of employees reporting all actual and potential breaches
in a timely manner.
Examples of possible breaches include:
• Faxing PHI to the incorrect number;
• Mailing statements or a medical report to the
incorrect patient;
• An associate who is not authorized to access PHI
looks through patient files in order to learn of a
friend’s treatment.
What can you do?
• Speak in low tones and be aware of people in your
surroundings. Do not discuss patients in elevators,
hallways, or the cafeteria.
• Do not share patient information on personal internet
sites (Facebook, MySpace, Twitter, etc.).
• Select strong passwords.
• Log off computers when not in use and do not leave
computers displaying PHI unattended.
• Verify publicity indicators.
• Verify fax numbers.
• Only access information that you need to know in
order to perform your job duties.
Points to Remember
• Each associate has a personal responsibility to understand and
adhere to SMMC policies and procedures to maintain
confidentiality.
• HIPAA regulations require that we minimize the risk that
protected health information (PHI) will be disclosed to
individuals who do not have a need to know.
• All activities on SMMC information systems are subject to
monitoring. Users are responsible for all activities occurring
on their user ids.
• Report possible/actual breaches such as faxing to the incorrect
number, co-workers inappropriately accessing patient
information, improper disposal of PHI.
• HIPAA Privacy & Security Officer, Michael S. Klueh at (812)
485-6550, privacyofficer@stmarys.org
Let’s review some of the key ideas of
the Corporate Responsibility Program.
Confidential Patient Information
HIPAA’s
“Minimum Necessary Standard”
• This means you may only access confidential
patient information that you need to know to
perform your job duties. You are subject to
disciplinary action, up to and including
termination, if you violate this standard.
Conflicts of Interest
Associates may not use their positions to profit
personally or to assist others in profiting at the
expense of the organization.
Violating the Conflict of Interest Guidelines
would be grounds for dismissal.
Conflicts of Interest
We need to ensure that our actions represent
the best interest of our patients and our
organizations.
If you believe that you may have a conflict of
interest, please contact the Corporate
Responsibility Officer at 812-485-6550 upon
completion of this program to discuss the
specifics of the activity in question.
Responsibility to Report and Protections
Associates are obligated to report in good faith all
alleged violations of:
– The Standards of Conduct
– Policies and procedures
– Federal and State laws
Any such violations have the potential to impair
St. Mary’s Health System’s status as a reliable,
honest, and trustworthy healthcare provider.
Responsibility to Report and Protections
If associates believe that they will be subject to
retaliation, retribution, or harassment for reporting
their concern(s), they may not report them; therefore,
guidelines have been established.
These guidelines serve to reassure associates who wish
to report concerns through the VALUES LINE,
directly to the Corporate Compliance & Risk
Management Services (ext. 6500), or to Human
Resources and Development (ext. 4386) that a nonharassment/non-retaliation/non-retribution policy
has been established.
Responsibility to Report and Protections
Anyone who is involved in any act of
harassment, retaliation, or retribution against
an associate who has reported suspected
misconduct in good faith, will be subject to
disciplinary action, including dismissal, on
the first offense.
Corporate Responsibility Officer
HIPAA Privacy & Security Officer
If you have questions and/or concerns about
improper conduct, contact:
Michael S. Klueh, PhD, EJD, CPA
Vice President, Regulatory Compliance, Risk, and
Accreditation/Corporate Responsibility Officer
HIPAA Privacy & Security Officer
812-485-6550
msklueh@stmarys.org
Receipt and Acknowledgement
As an associate or agent employed by or associated with St. Mary’s Health System,
I am committed to upholding the highest standard of individual ethical and legal
business practices. I will not tolerate illegal or questionable activity and promise to
take whatever steps are required by the Corporate Responsibility Program to
identify, report, and prevent such activity.
I acknowledge that I have reviewed the Standards of Conduct Booklet below and
agree to follow them. I understand that compliance with the Standards of Conduct
and the Corporate Responsibility Program is a condition of my continued
employment or association with St. Mary’s Health System.
Click here to review the Standards of Conduct Booklet:
http://www.stmarys.org/body.cfm?ID=2172
The Standards of Conduct are also available on the St. Mary’s Intranet for your
reference.
Download