Compliance Services
New Employee Orientation
2009
Compliance Services
Learning objectives
• Understand the basics of compliance efforts
at VCUHS
• Be aware of reporting obligations &
mechanisms
• HIPAA overview & application at VCUHS
• Next Steps
What is Compliance?
• To comply with rules and regulations
• Oversight function ensuring proper conduct
• Outlines our goals and responsibilities in
relation to our organization
• The Plan and The Program
Compliance Services
• Internal Investigations
• Audits and Reviews
• Advise all departments within the Healthsystem
• HIPAA Privacy and Security Issues
• Helpline Maintenance 1-800-620-1438
• Educational Efforts
– New Employee Orientation
– New Provider Education / Annual Provider Updates
– Audio Conferences throughout the year for CEUs
But “WHY?”
• It is the right way to do business
• And because…
• Organizations receiving more than $5
million in federal funds a year must have a
Compliance Program in place
7 Elements required by the OIG
• Standards and Procedures
• Oversight
• Education and Training
• Monitoring and Auditing
• Reporting
• Enforcement and Discipline
• Response to Prevention
VCUHS Code of Ethics
• Respect:
– We will respect individuals, diversity, and the rights of others
• Honesty:
– We will act and communicate honestly and candidly
– We will not mislead others
• Excellence:
– We will strive for excellence in all that we do
•
Stewardship:
– We will be good stewards of the resources entrusted to the Health
System
• Compliance:
– We will understand and comply with the codes, laws, regulations,
and policies & procedures that govern our Health System activities
Standards of Professional Conduct
• All Standards reflect these 4 Foundation Principles
–
–
–
–
1. Dignified Patient Care
2. Compliance with Laws & Regulations
3. Responsibility for Actions & Behaviors
4. Accuracy & Accountability
• 9 Standards cover:
1) Patient Care
2) Workplace Responsibilities
3) Business Information & Records
4) Conflicts of Interest
5) Competitive Behavior
6) Coding and Billing of Patient
Services & Cost Reporting
7) Cost Reporting to the Gov’t & Third Party
Payors
8) Contact with External Entities
9) Compliance
Online Activities
• Bill is a VCUHS employee and has had a MySpace page
for years. His personal page is complete with his own
daily blog. Recently, Bill has been commenting on his
work activities and what he thinks are his interesting
patients and co-workers. He is careful to never mention
VCUHS by name or name any of his patients.
• Are these online activities ok?
•Do they violate the Code of Ethics or Standards of
Professional Conduct?
New Challenges in these Modern Times
– Internet and personal websites, blogs and chat
rooms
• Placing photos of patients on these sources is a
HIPAA violation and a VCUHS policy violation
• Communicating in any way over the Internet about
patients can easily lead to violations
– Remember: The best practice for compliance is
to “keep your work stuff at work and your
home stuff at home.”
What to report?
• VIOLATIONS of any kind
– Violations of The Code of Ethics
– Violations of The Standards of Professional Conduct
– Violations of Policies or Procedures
• FRAUD of any kind
VCUHS has a ZERO TOLERANCE POLICY for any retaliation
The Federal
FALSE CLAIMS ACT
• A federal act making it a crime, with heavy financial
penalties, to submit any fraudulent claim to a federal
payor or to participate in fraudulent activity
– For example:
• Knowingly using a false record to get a claim paid by the federal
government
• Billing for work or tests not performed
• Double-Billing
• Kickbacks or bribes
• Fraudulent costs reports
• Built-in protection for all whistleblowers
A Sticky Situation
Your manager asks you to change his sister’s record so that
she can get an operation covered by her insurance
company that otherwise would not be covered.
He explains that this will be between the two of you and that
no one else will be able to find out.
As an employee,
what are your
concerns?
What should
you do?
How do I report?
• Call us: 828-0500
• Email us: info@complianceservices.com
– Link located via Intranet Compliance Services
page
• Visit us in Old City Hall
– 1001 E. Broad St.
– Suite 205, 2nd Floor
• Use the Helpline
Confidential Reporting
24 hours a day / 7 days a week
1-800-620-1438
If it concerns you,
it concerns us!
Helpline web-based reporting:
https://www.compliancehelpline.com/welcomePageVCU
HS.jsp
HIPAA
The Health Information Portability &
Accountability Act
Health Information Portability and
Accountability Act: HIPAA
• We focus on the Administration Simplification
section
• Establishes a single national standard for the
format of electronic health care claims to facilitate
data interchange
• Concerns with confidentiality and security of
individuals’ health care information
• Must protect the privacy and security of
individually identifiable health information
Two Important Acronyms
•
•
•
•
•
•
•
•
PHI
Protected
Health
Information
Names
Telephone & Fax #s
Medical Records Numbers
Device/Serial Numbers
TPO
Treatment
Payment
Other Health Care
Operations
Email Addresses
SSN #s
Health Plan #s
URL Addresses
Certificate/License Web Numbers
All Dates
Photos
IP Addresses
Vehicle ID #s
Biometric Identifiers
Geographic Identifiers
Any Other Identifying Number, Characteristic, or Code
Account #s
Fact or Fiction?
• One doctor’s office can send medical
records of a patient to another doctor’s
office without the patient’s consent?
FACT!
Allowable because this is considered “treatment”
within permitted TPO uses and disclosures.
Some Privacy Considerations
• CONVERSATIONS:
– Use The Minimum Necessary Rule
– A private, semi-private, out-of-the-way area, or low
traffic area
– “Inside Voices” are best for addressing sensitive
information
– NOT in the cafeteria
– NOT in elevators
– Be mindful of roommates or visitors
– Always be aware of where you are and be discreet
The Media
• HIPAA does prohibit releasing anything
more than directory information without the
patient’s authorization
• Here, we refer all media inquiries to
University News Services at 828-6057
Viewing Medical Records
Do you have the right to look at
your own medical record?
• Alicia is a VCUHS
employee and saw her 14
year old daughter leaving
a clinic building this
morning. On her lunch
break, Alicia decides to
look up her daughter in
Cerner to see who she saw
here and why. Alicia
figures she has a right to
see her minor child’s
medical record.
• Any issues with this?
Other Privacy Considerations
• Do you know how to respond to an “investigator”?
• Do you know where the shredders are?
• Phone messages left on patients’ answering machines
• Are verification questions being used when patients
call for their results? (Ex: D.O.B. and address)
• Are calls being made to confirm faxes to new
recipients?
Some Security Considerations
• WHAT IS “IN VIEW”?
– What does your screen face?
– What do you do with your
screen when you leave, just
for a minute?
• Have you implemented
“Lock Down”?
– Time your screen saver after
short idling to lock;
requiring a password to
unlock
– Where do you keep charts?
– How do you carry files
throughout the environment?
– What is written on
whiteboards?
– Physical locks on equipment
– Encryption of file and
folders when saving PHI
Two most important rules
• Only email PHI from your mcvh-vcu.edu
email account to another mcvh-vcu.edu
email account!
• Confidentiality of your password!
**Abuses result in disciplinary action**
VCUHS Chief Compliance &
Privacy Officer
• Cynthia H. Earnhardt, CC&PO
• Contact her by
– Visiting our office (Old City Hall Suite 205)
– Calling our office 828-0500
– Email info@complianceservices.com
Are you obligated to report unethical or improper conduct?
Your Next Steps
1. Read, Sign & Return your Employee
Integrity Agreement
[Located in the NEO Manual, page 26]
2. Complete the online HIPAA Training
[Located on VCU’s Blackboard site]
[https://blackboard.vcu.edu/]
Complete this within 30 days of start date
HIPAA Training: blackboard.vcu.edu