Transcript Slide 1
Principles of Corporate Compliance • • • • • Promotes Ethical, Professional, and Legal conduct “Doing what is right” Defines Responsibility/Accountability Supports CHS Standards Assurance of Quality Care Catholic Health System Standards Attain Compliance by: • Embracing our Mission and Values • Following the Code of Conduct • Avoiding Conflicts of Interest • Upholding Patient Rights • Adherence to Policy and Procedures Found in Compliance 360 • Maintaining High Standards of Business and Ethical Conduct False Claims Act It is a crime to knowingly make a false record, file, or submit a false claim with the government for payment A false claim can include billing for service that: • • • was not provided or documented not ordered by a physician was of substandard quality It is also unlawful to improperly retain overpayments Allows for Qui Tam Relator (Whistleblower protection) Language Assistance Program • Ensures that limited English proficiency, or hearing impaired persons utilizing CHS services are able to understand and communicate with CHS associates and physicians • Provided FREE of charge to the patient Language Assistance Program Needs to be utilized with Hearing Impaired or Limited English Proficient patient: • upon initial contact • each and every time medical information is being provided Language Assistance Program • Mandatory service by law • Family may NOT routinely interpret • Documentation is vital to compliance If it’s not documented, it’s not done. See Policy for additional information HIPAA HEALTH INSURANCE PORTABILITY ACCOUNTABILITY ACT Privacy and Security Policies are in Compliance 360 What is Protected by HIPAA? Individually identifiable health information Also known as Protected Health Information (PHI) Transmitted or maintained in any form or medium Protected Health Information (PHI) Biometric Identifiers Names Full face photos Geographic subdivisions smaller than a state Medical Record Number Health plan Number Account Numbers Certificate/License Numbers Vehicle identifiers Any other unique identifying data E-mail and web addresses All elements of dates related to birth date, admission, discharge, or date of death, ages over 89 Telephone and fax numbers SSN What Information Can Providers Share? • To provide continuity of care • To others based on need for the information • Disclose minimum necessary • Use professional judgment to share information with a patient’s family and friends • May provide necessary health information with licensing and credentialing agencies (Dept of Health & JACHO) Minimum Disclosure Necessary of Protected Health Information (PHI) Associates must: • ID persons who need to access PHI • Only access portions of PHI necessary to carry out their duties or fulfill request • Maintain reasonable efforts to restrict access to PHI in accordance with above • Disclose on “need to know basis” the minimum necessary for your job function (review HIPAA policy PRIV-24 for additional information) Consent and Authorization • Consent is obtained from the patient upon presenting for treatment and allows disclosure for treatment, payment & healthcare operations. (Consent and Financial Agreement) • Authorization from the patient is needed for disclose of health information that exceeds the Privacy Rule (release for treatment, payment & healthcare operations) Disclosure Restrictions The following types of information are protected by federal and/or state statute and may not be faxed or photocopied without specific written patient authorization, unless required by law. Must obtain signed authorization prior to disclosure with family & friends for restrictions noted below. (see HIPAA policy PRIV-02) Disclosure restrictions for: • HIV information • Psychotherapy notes (mental health) • Drug and alcohol treatment HIPAA Safeguards • Be aware of surroundings – Be conscious of who is in the immediate area when discussing sensitive patient information or at your computer terminal • Secure area when not attended – Close out of computer screens containing PHI before leaving the area – Close medical records/chart when not in use – Do not allow other associates to utilize your ID and password – Don’t leave papers with PHI in plain view HIPAA Concerns can lead to • Privacy & Security violations • Identity Theft The World Privacy Forum 2008 estimates between 250,000-500,000 people have their medical identities stolen every year UNAUTHORIZED ACCESSING AND DISCLOSURE OF PATIENT INFORMATION Curiosity can be a normal human trait • However accessing health information on yourself, family members, friends, co-workers, persons of public interest or any others that you are not involved in the care of is a … ...VIOLATION of HIPAA • Disclosing PHI inappropriately is also a violation • Individuals do NOT have the rights to look up their own health records Your Computer Usage can be monitored Information Technology is able to audit all associate’s internet usage. Associates should have no expectations of privacy while using CHS computer resources. Compliance Concerns • • • • • • • • • • • • • Lack of integrity and improper billing (coding & billing) Conflicts of Interest Ethical concerns Theft or misuse of services Inappropriate Gifts/Services Improper Political Activity Breech of Corporate Confidentiality Improper use of Proprietary Info. Environmental Health and Safety Issues Dishonest Communication (spoken, or documents etc.) Improper Business Arrangements Failure to follow Record Retention policy Documentation Concern (false or lacking documents) Example of Compliance Concern of Fraud & Abuse “If you bill these services individually, the hospital will receive more reimbursement” Example of Improper Use of Proprietary Information Compliance Concern Jack, I have a list of the patients that were seen at the hospital. I am sure these names would be helpful for your pharmaceutical company mailing list. Example of HIPAA VIOLATION Faxing PHI to the Incorrect Physician or Office “…let’s see there are four different MD’s with the same name… I’m sure the first one must be the right one, if not I’m sure they will forward it to the right office… Example of HIPAA VIOLATION Unauthorized Access of Medical Record “Joe, I just thought I’d give you a call and let you know that our neighbor Mrs. Smith had heart surgery last week – I am looking at her record now. You might want to go over and check on her later.” Example of HIPAA VIOLATION Inappropriate Computer Blogs & Face Book Entries Regarding Events at Work “…a guy came into the lab today and stole one of the laptops with patient information from the workstation. The guards were unable to find him...” “…at our nursing home a confused patient got dressed and wandered out of the building…it took the staff 4 hours to find her – she was 10 blocks away...” Example of HIPAA and Compliance VIOLATION Sale of Patient Information to Outside Vendor “…thank you for supplying that list of pregnant patients...we would be happy to send them information on our new child care products” “…It was no problem...anytime you need this information I’ll provide it … of course I’m assuming you’ll still be providing me $5 for every referral” Associate’s Responsibility • Upholding CHS mission and values • Adhering to code of conduct, policies & procedures, and the law • Constant monitoring for concerns • Duty to Report Concerns 3 Step process of Reporting • During an investigation o o o be truthful participate in good faith with investigators preserve documentation or records relevant to ongoing investigations 3 Steps for Reporting Compliance Concerns Immediate supervisor or appropriate department Higher level manager Compliance Officer Also available 24 hours a day/ 7days a week Compliance Line 1-888-200-5380 Non-Retaliation Policy • Protects associates from adverse action when they do the right thing and report a genuine concern • Reckless or intentional false accusations by CHS associates are prohibited • Reporting the possible violation does not protect the constituent from the consequences of their own violation or misconduct Possible Consequences for Non-Compliance • For the Associate and CHS Managers/Supervisors/Administrators • • Fines and Prison sentences Corrective Action (including possible termination of employment) for violations or failure to report concerns • For Catholic Health System • • Exclusion from government insurance funded programs Fines Things to Remember • Adhere to CHS code of conduct, policies & procedures, and other standards • Duty to report Compliance/HIPAA concerns as soon as aware of situation • Do the right thing apply ethical decision making • If uncertain… Use Corporate Compliance Booklet as a reference and … Always Seek Knowledge (A.S.K.) CHS Corporate Compliance Contacts Compliance/HIPAA Privacy Officer Anne Mason 821-4469 HIPAA Security Analyst Sally O’Brien 862-1938 CHS HIPAA Line 862-1790 Corporate Compliance Line 1-888-200-5380 All calls are confidential New York State Patient Bill Of Rights 19 Bill of Rights They are posted in all patient care areas They are available in Spanish as well as English If they don’t understand their rights, someone needs to explain them Receive treatment without discrimination Receive considerate and respectful care in a clean safe environment free from unnecessary restraints Receive needed emergency care Know the names and positions of people caring for them, and refuse their treatment Know who the MD is who is in charge of your hospital care A non smoking room Receive complete information about their diagnosis, treatment and progress Receive all information for informed consent Receive all information to give informed consent regarding do not resuscitate Refuse treatment and be informed of effect Refuse to take part in research Privacy in the hospital and confidentiality of all information and records of your care Participate in decision making about their care, including discharge Review of their medical record Receive an itemized bill with explanation of charges Complain without fear of reprisal Authorize family members to visit Make known your wished regarding anatomical gifts Catholic Health RISK MANAGEMENT 32 1 What is “Risk Management”? Risk Management is the systematic review of events that present a potential for harm and could result in loss for the hospital system. FOUR ELEMENTS OF RISK MANAGEMENT Risk Identification Review Occurrence Reports Review Patient/Visitor Complaints Participate in Root Cause Analysis Review concerns expressed by CHS staff FOUR ELEMENTS OF RISK MANAGEMENT Loss Prevention Educational Programs through CHS University Department specific inservices FOUR ELEMENTS OF RISK MANAGEMENT Claims Management Investigating & reporting occurrences and claims made Assist with Summons & Complaints and Subpoenas *** REMEMBER TO NOTIFY RISK MANAGEMENT IMMEDIATELY UPON RECEIPT OF SUMMONS OR SUBPOENA Assist with discovery requests for lawsuits FOUR ELEMENTS OF RISK MANAGEMENT Risk Financing Obtaining & maintaining appropriate insurance coverage HPL (Healthcare Professional Liability) GL (General Liability) D&O (Directors & Officers) Property & Casualty Auto Crime Fiduciary (Finance) What is an Occurrence? An occurrence is an event that was unplanned, unexpected and unrelated to the natural course of a patient’s disease process or routine care and treatment. What are sources of an Occurrence? Patients Visitors Patient/Family Complaints Security reports Equipment “failure” What is an Occurrence Report? An occurrence report is a factual account of the details of an occurrence. It is prepared and reviewed for the purpose of enhancing the quality of patient care, providing a safe environment, and identifying potential liability. What is the purpose of an Occurrence Report? Enhance the quality of patient care Assist in providing a safe environment Quick notice of potential liability Who can complete an Occurrence Report? Any associate or physician who discovers, witnesses or to whom an occurrence is reported, is responsible for documenting the event immediately by means of the Occurrence Report. Anyone who requires assistance should contact the department manager. DO NOT MAKE COPIES OF AN OCCURRENCE REPORT What happens to the Occurrence Report? The completed Occurrence Report is to be forwarded to the Department Manager Who will investigate the occurrence and forward to either Quality & Patient Safety Dept or Security as indicated in the Risk Management process Risk Management Process Patient and visitor safety are assessed from both clinical and environmental perspectives Notify Quality & Patient Safety of patient occurrences Notify Security of visitor or property occurrences Risk Management will be notified by QPS or Security and will participate in evaluation of occurrence Risk management will report occurrences to insurance carrier in cases of potential liability Risk Management will manage claim as indicated Documenting an Occurrence in the medical record •Date (MM/DD/YY) and time (military) •State facts, be clear and concise •Your own observations •If event described to writer, use quotes or “according to…” •Do not place blame in the record •DO NOT REFER TO OCCURRENCE REPORT IN THE MEDICAL RECORD EMTALA REGULATIONS EMTALA is the Emergency Medical Treatment and Active Labor Act (aka COBRA) EMTALA provides a guideline for safely and appropriately transferring patients in accordance with Federal regulations. The law provides for a medical screening exam (MSE) to all individuals seeking emergency services on hospital property. Hospital property includes the driveway, parking lot, lobby, waiting rooms and areas within 250 yards of the facility. 46 EMTALA REGULATIONS If an emergency medical condition is found, it will be stabilized within the hospital’s ability to do so, prior to the patient’s transfer or discharge. If a patient does not have an emergency medical condition, EMTALA does not apply. *** IMPORTANT: NEVER SUGGEST THAT A PATIENT GO ELSEWHERE FOR TREATMENT IDENTITY THEFT Fair and Accurate Credit Transactions Act of 2003 or “RED Flag Rules” In effect January, 2008 to be enforced November 1, 2009 Hospitals that maintain covered accounts must develop and implement written policies and procedures to identify, detect, prevent, and mitigate identity theft. IDENTITY THEFT “RED FLAGS” •Alerts, Notifications, Warnings •Presentation of Suspicious information •Suspicious Activity •Notice from patient, law enforcement, etc **Patient Access, Health Information, Finance, IT Depts primarily involved Catholic Health RISK MANAGEMENT DEPARTMENT Carol Ahrens, RN, BSN Director, Risk Management 821-4462 Joanne Ricotta, RN, BSN Risk Management Coordinator 821-4463 Linda McGavin Risk Management Technical Assistant 821-4467 Valerie Pizarro Administrative Assistant 821-4468 50 1 Violence in the Workplace Introduction According to the Bureau of Labor Statistics (BLS), 2,637 nonfatal assaults on hospital workers occurred in 1999. Rate in hospitals is 8.3 assaults per 10,000 workers *(2000 statistics report increase to 25 per 10,000) Rate in private sector industry is 2 per 10,000 workers Introduction Violence takes place During times of high activity such as meal time or visiting hours or patient transportation When service is denied When a patient is involuntarily admitted When limits are set regarding eating, drinking, tobacco or alcohol use What is Workplace Violence?? Wide range from offensive or threatening language to homicide NIOSH (National Institute for Occupational Safety and Health) defines workplace violence as violent acts (including physical assaults and threats of assaults) directed toward persons at work or on duty. Examples Threats: Expressions of intent to cause harm, including verbal threats, threatening body language, and written threats. Physical assaults: Attacks ranging from slapping and beating to rape, homicide, and use of weapons such as firearms, bombs, or knives. Muggings: Aggravated assaults, usually conducted by surprise and with intent to rob. Case Reports An elderly patient verbally abused a nurse and pulled her hair when she prevented him from leaving the hospital to go home in the middle of the night. An agitated psychotic patient attacked a nurse, broke her arm, and scratched and bruised her. A disturbed family member whose father had died in surgery walked into the E.D. and fired a handgun, killing a nurse and an EMT and wounding a physician. Case Reports Workplace violence in general is most often related to robbery Workplace violence in hospitals usually results from patients and occasionally from family members who feel frustrated, vulnerable, and out of control. Who is at Risk?? Nurses and nursing assistants have the most direct contact with patients and are at a high risk. Other hospital personnel includes emergency response personnel, hospital safety officers, and all health care providers. Where May Violence Occur?? Anywhere in the hospital but it is most frequent in the following areas: Psychiatric wards Emergency rooms Waiting areas Geriatric units What are the Effects of Violence?? Effects can range in intensity and include: Minor physical injuries Serious Physical injuries Temporary and permanent physical disabilities Psychological trauma Death Effects of Violence Violence can have a negative organizational outcome reflected by: Low morale Increased job stress Increased worker turnover Reduced trust of management or co-workers Hostile working environment Risk Factors Working directly with violent people; those under the influence of drugs, alcohol or have a history of violence or psychotic diagnosis Working when understaffed Transporting patients Long wait for service Overcrowded, uncomfortable waiting rooms Working alone Risk Factors Poor environmental design Inadequate security Lack of guidelines for preventing and managing crisis Drug and alcohol abuse Access to firearms Unrestricted movement of the public Poorly lit corridors, rooms, parking lots General Prevention Strategies Environmental: Alarms Security devices Escorts to parking lots at night Good lighting Design waiting areas Staff restrooms and exits Enclosed nurses’ stations General Prevention Strategies Administrative controls: Staffing patterns to prevent personnel from working alone Prevent patient waiting time Restrict movement of public in hospitals Security personnel alert system General Prevention Strategies Behavioral Modifications recognizing and managing assaults resolving conflicts maintaining hazard awareness Dealing with violence Provide open communication Develop written procedures for reporting and responding to violence Offer and encourage counseling Safety Tips Watch for signals of impending violence: Verbally expressed anger and frustration Body language such as threatening gestures Signs of drug or alcohol use Presence of weapons Diffusing Anger Present a calm, caring attitude Don’t match the threats Don’t give orders Acknowledge a person’s feelings Avoid behavior that may be interpreted as aggressive Be Alert Evaluate when you enter a room or begin to relate to a patient or visitor Be vigilant throughout the encounter Don’t isolate yourself with a potentially violent person Keep an open path for exiting To Diffuse the Situation QUICKLY.. Remove yourself from the situation Call security for HELP Report any violent incidents to management Strategies that have worked… Metal detector in a Detroit hospital during a 6 month period prevented entry of: 33 handguns 1,324 knives 97 mace sprays Strategies that have worked… Violence reporting program in Portland Oregon identified patients with history of violence in a computer database. Reduced violent attacks by 91.6% by alerting staff to take additional safety measures when serving these patients Strategies that have worked… New York City hospital: Restricted movement of visitors using ID badges and color-coded passes to limit each visitor to a specific floor Enforced a limit of two visitors per patient Over 18-months, reduction of reported violent crimes by 65% Summary No universal strategy exists to prevent violence All hospital workers should be alert and cautious when interacting with patients and visitors Staff participation in safety programs regarding violence prevention ‘The process of transforming CHS into an organization with a superior ability to deliver patient-centered, quality, compassionate healthcare through outstanding professionals and innovative technology.’ Welcome to Equinox • Equinox - Why? – Four Hospitals – “grew-up” with their own process, culture, technology – Need to establish Electronic Medical Record • Equinox – How? – Comprehensive system-wide effort to standardize and improve processes • Standardized Clinical Practices – Getting the right tools in the hands of our associates – Nurses, Doctors, Administrators Welcome to Equinox • Equinox - When? – Now! Process started in 2004 and is ongoing – Strategic Alliance with Siemens Medical Solutions – 10 year agreement • Equinox – Who? – Everyone – directly and indirectly! Welcome to Equinox • Managing The Process – The TMO – Multidisciplinary Team Dedicated to Transformation Initiatives (Transformation Management Office) • • • • • Clinicians Finance/Patient Access Technology/Project Management Communications Administrative Leadership Welcome to Equinox • Function of the TMO Team: – Articulates Existing Processes/Workflows & Recommends Improvements – Coordinates Disparate & Intersecting Projects – Collaborates with Siemens – Manages Strategic Alliance – Communicates With All Stakeholders – Provides Counsel to Stakeholders Welcome to Equinox • Examples of Equinox in Action: – Soarian Clinicals – Clinical Standardization – Financial Process Redesign – St. Joseph Campus Emergency Room • Process • Culture • Technology Welcome to Equinox • Your Role… – Stay informed – Ask questions – Identify ways to “do it better” always with the patient in mind – Embrace change! Welcome to Equinox • Questions - contact…. [email protected]