Download code of conduct

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
Document related concepts

Adherence (medicine) wikipedia , lookup

Transcript 
COMPLIANCE
PROGRAM
QUALITY MANAGEMENT
COMPLIANCE DEPARTMENT
COMPLIANCE PROGRAM- FWA - HIPAA- CODE OF CONDUCT
QM/Compliance Program – why?
• Ensure ongoing education & monitoring related to all aspects
of the compliance program - ANNUALLY
• Oversee and monitor the implementation of the compliance
program.
• Develop policies and programs that encourage managers and
employees to report suspected fraud and other improprieties
without fear of retaliation.
• Investigate and act on matters related to compliance,
including the coordination of internal investigations and any
resulting corrective action with all departments, and
providers where applicable.
Compliance Program Elements & Training
Requirements
 Quality Management/ Compliance Department
 Compliance Plan



Compliance Program
Training & Education
Audit & Monitor
 Code of Conduct
 HIPAA
 Fraud, Waste, and Abuse
 SNP
 Medi-Cal & Medicare Regulatory Requirements
Compliance Program
•
Promote an environment that encourages employees to report
potential problems.
•
Increase likelihood of identification and prevention of unlawful and
unethical conduct.
•
Develop procedures that allow prompt, thorough investigation of
possible misconduct
•
Develop disciplinary mechanisms to consistently enforce standards
•
Early detection and reporting, and thereby reducing employee and
organizational exposure to civil damages and penalties, criminal
sanctions, and administrative remedies, such as program exclusion.
Training and Education
• All employees are required to attend compliance training.
• Each employee is required to sign an attestation that
reflects the employee’s knowledge of, and commitment to,
PPMC’s Code of Conduct, FWA & HIPAA Compliance.
• Documentation and data submission requirements
Code of Conduct
What is it?
• Overarching principles & values by which PPMC operates;
defines underlying framework for compliance P&Ps
• Expected performance in each area of operations
• As such, each member of the PPMC staff is responsible for
compliance with the Code of Conduct.
• Applies to all employees, managers, directors,
administrators, Medical Directors and officers of PPMC
• Responsible and accountable for compliance with state and
federal laws and regulations, including laws governing MediCal and Medicare
Code of Conduct
Expectations ?
• Support the mission, vision and values of PPMC as
articulated in PPMC’s Mission, Vision and Values Statement.
• Comply with state, federal and organization policies as
applicable to their respective role and job responsibilities.
• Conduct business in a professional and ethical manner.
• Attend applicable educational sessions related to compliance
and fraud and abuse.
Code of Conduct
More Expectations?
• Know PPMC policies and procedures as they relate to
compliance, including notification of suspected noncompliance or fraud and abuse.
• Participate in compliance monitoring and auditing activities
as appropriate and identify potential non-compliance issues
within their respective work environment.
• Report suspected or potential non-compliance or fraud and
abuse to their respective supervisor or the QM/Compliance
Dept. in a timely fashion.
Code of Conduct
And even more expectations…?
• Cooperate and assist, as appropriate, with investigations
and corrective actions.
• Maintain confidentiality as relates to members,
practitioners, organizational business, and
communications. – Confidentiality Agreement
• Keep licensure and certification current as applicable.
What is - HIPAA ?
 HIPAA applies to the protection of individual’s
health information
 Protected Health Information (PHI) means
individually identifiable health information

names, email addresses, phone numbers, medical record
numbers, photos, drivers license numbers, etc.
 It gives patients the right to their records and the
right to know who's seen their records. – Notice of
Privacy
Privacy and Security Rule
what is required ..?
Security Standards

Administrative Safeguards
Risk Management
 Sanction Policy
 Information Systems Activity Reviews


Physical safeguards
Facility access controls
 Contingency operations
 Facility security plan
 Access control & validation procedures
 Maintenance records
 Workstation use & security
 Data backup and storage

Privacy and Security Rule
PHI - Examples
 Direct Individual Identifiers
 name
 date of birth
 postal address , zip code
 telephone number
 fax number
 electronic mail address
 social security number
 medical record number
 health plan beneficiary number
 account number
 certificate/license number
 vehicle identifiers and serial numbers, including license plate numbers
 device identifiers and serial numbers
 web universal resource locators
 internet protocol address numbers
 biometric identifiers including finger and voice prints
 full face photographic image and any comparable images
Breach Notification Rule
Health Information Technology for Economic and
Clinical Health Act (HITECH Act)
 Under HITECH, "business associates," or third parties such as
a billing company, now must follow the HIPAA privacy laws by
protecting patient information and reporting data breaches,
 The Act provides for substantial penalties for failures
to certify or comply with the new standards and operating
rules.
 Requires HIPAA covered entities and their business
associates to provide notification following a breach of
unsecured protected health information
Breach Notification Rule
Definition of a Breach
A breach is, generally, an impermissible use or disclosure under
the Privacy Rule that compromises the security or privacy of
the protected health information such that the use or
disclosure poses a significant risk of financial, reputational, or
other harm to the affected individual.
Breach Notification Rule
Breach Notification Requirements
 Following
a breach of unsecured protected health
information covered entities must provide notification of
the breach to affected individuals, the Health Plan, Secretary of
Health and Human Services, and, in certain circumstances, to
the media.
 In addition, business associates must notify covered entities
that a breach has occurred.
Breach Notification Rule
Individual Notice
 Must provide this individual notice in written form by firstclass mail, or alternatively, by e-mail if the affected individual
has agreed to receive such notices electronically.
 Must be provided without unreasonable delay and in no case
later than 60 days following the discovery of a breach
and must include:
 A description of the breach, a description of the types of
information that were involved in the breach,
 The steps affected individuals should take to protect themselves
from potential harm,
 A brief description of what the covered entity is doing to
investigate the breach, mitigate the harm, and prevent further
breaches, as well as contact information for the covered entity.
Breach Notification Rule
Notice to Health Plan & State - TAT
 Report to Health Plans per their policies
 Will notify the State by visiting the HHS web site and filling
out and electronically submitting a breach report form, if a
breach affects 500 or more individuals without unreasonable
delay and in no case later than 60 days following a breach.
 Reports of breaches affecting fewer than 500 individuals are
due to the State no later than 60 days after the end of the
calendar year in which the breaches occurred.
Breach Notification Rule
Burden of Proof
 The IPA and business associates have the burden of proof to
demonstrate that all required notifications have been provided
or that a use or disclosure of unsecured protected health
information did not constitute a breach.
IPA/MSO Breach PREVENTION
Examples of PHI Safeguards to Prevent a Breach
 Securing of Lap Top with PHI, to prevent loss or stolen
 Not giving unauthorized personnel access to PHI
 Not giving employee access codes
 Not using unsecure emails when sending PHI(gmail, aol, yahoo.)
 Not using unsecure emails when sending PHI (not encrypted or
password protected)
 Not using Blackberry for emails with PHI
 Not sending faxes without the disclosure statement
 Not leaving documents with PHI in unsecured areas
 Not having open discussions outside of work about members
Fraud, Waste & Abuse Defined

Fraud: The intentional misrepresentation of data for financial gain.
Fraud occurs when an individual knows or should know that something is false
and makes a knowing deception that could result in some unauthorized benefit to
themselves or another person.¹

Waste: Is overutilization: the extravagant, careless or needless expenditure of
healthcare benefits or services that results from deficient practices or decisions.¹

Abuse: Involves payment for items or services where there was no intent to
deceive or misrepresent but the outcome of poor insufficient methods results in
unnecessary costs to the Medicare program.2
Source:
1.CMS Glossary; CMS Medicare Learning Network (MLN)
2. Medicare Physician Guide: A Resource for Residents, Practicing Physicians, & Other Health Care
Professionals, Tenth Edition (October 2008)
Physician Self Referral Law / Stark Law
Purpose:
Prohibit improper referral relationships that can harm the
Federal health care programs and program beneficiaries.
 Improper referral relationships can lead to
overutilization can lead to increased costs, & corruption
of the medical decision making process
 Starks Law accomplishes this by prohibiting physician
from submitting referrals for Medicare patients to
entities where the physician’s immediate family member
has a financial relationship
---------example?
Anti-Kickback
Key Things Every Health Care Provider Should Know
About the Anti-Kickback Statute
1. Anti-kickback statute prohibits asking for or
receiving anything of value to induce or reward
referrals involving federal health care programs.
Federal Anti-Kickback Statute
2. Know the penalties under the law
 Criminal = Felony = JAILTIME. Conviction can result in
fines up to $25,000 per violation or up to a five year
prison term or both
 Civil & Administrative Penalties: Can lead to False Claims
Act Liability
 Program exclusion from Medicare & Medicaid
 Can lead to penalties under the civil monetary penalties
law up to a $50,000 penalty per violation and an
assessment of up to three times the total amount of the
kickback payment (even if some part of the payment was
for a legitimate purpose).
Conflict of Interest
 An employee must disclose any possible conflicts
so that PPMC may assess and prevent potential conflicts of
interest from arising.
 A potential or actual conflict of interest occurs when an
employee is in a position to influence a decision that
may result in a personal gain for the employee/family
member as a result of the Company’s business dealings.
 An employee/family member may not own or hold any
significant interest in a supplier, customer or competitor of
the company
 Employee must disclose actual/potential conflicts of
interest in writing to supervisor / human resources.
Gifts & Gratuities
 PPMC employees will not solicit or accept gifts of
significant value (i.e., in excess of $25.00), lavish
entertainment or other benefits from potential and
actual customers, suppliers or competitors.
 This policy is provided to all employees upon hire in
the Employee Handbook.
Disciplinary Standards
 Disciplinary action may result where a responsible
employee’s failure to detect a violation is attributable
to his or her negligence or reckless conduct.
 Possible disciplinary actions for improper conduct,
including oral and written warnings, suspension, and
termination.
 PPMC makes reasonable best efforts to see that
disciplinary actions are applied consistently to all
staff and managers. No employee is exempt.
Auditing and Monitoring
Department / Company
• The level of compliance within each functional
area is assessed on an ongoing basis.
• Periodic audits to determine the level of
compliance with federal and state statutes,
regulations and program requirements.
Auditing and Monitoring
 Prohibition of the employment of or contracting with persons known to
have a propensity to engage in inappropriate or improper conduct.
 Efforts to ensure that individuals who have been recently convicted of a
criminal offense related to heath care or who are listed as debarred,
excluded or otherwise ineligible for participation in Federal health care
programs are not hired. - OIG
 Established sanction verification processes for all potential employees
and contracted providers.
Reporting
• Employees are responsible for reporting a concern or potential
misconduct to their supervisor or manager.
• The QM/Compliance Dept. has an “open door” policy to receive
employee reports or concerns regarding potential violations.
• Employees, enrollees and providers may also use the COMPLIANCE
HOTLINE to report any potential misconduct or concerns.
• If an investigation ultimately reveals criminal, civil, or administrative
violations have occurred, the appropriate federal and state officials
will be notified immediately.
Required Reporting
Violations of the code of conduct, ethics or any fraud, waste or abuse must be
reported. Not reporting fraud or suspected fraud can make you a party to a case
by allowing the fraud to continue.
.
 Fraud or suspected fraud may also be reported anonymously
 Everyone has the right and responsibility to report possible fraud, waste, or
abuse.
Remember: You may report anonymously
 Employees may report any suspected compliance issue (HIPAA, FWA,
Clinical, etc.) anonymously, without fear of intimidation and retaliation as this
is prohibited when reporting a concern in good faith.
PPMC Hotline Information
 Suspected Fraud and Abuse
 Suspected HIPAA / Confidentiality violations
 Suspected Compliance violations
(951) 280-7766
Compliance Training Materials
RSD
Compliance Training 2014 (Folder)









Fraud, Waste, and Abuse
HIPAA / HITECH
Code of Conduct
QMProgram
UM Program
CM Program
Health Education / Cultural & Linguistics
Medi-Cal Linked Services
SNP
Related documents
4-1 Feedback_BA-14
4-1 Feedback_BA-14
New Law Requires Businesses in California to Report Electronic Break-Ins
New Law Requires Businesses in California to Report Electronic Break-Ins
File
File
IMPORTANT READ FIRST Module „Environmental Microbiology
IMPORTANT READ FIRST Module „Environmental Microbiology
Ways in which Information can be misused
Ways in which Information can be misused
Consumer Fraud
Consumer Fraud
Highest Standards of Conduct - New York State Teachers
Highest Standards of Conduct - New York State Teachers
Are you looking for an easier way to initiate and
Are you looking for an easier way to initiate and
Contracts 1 Introduction • Contract Definition:
Contracts 1 Introduction • Contract Definition:
A large number of problems in data mining are related to fraud
A large number of problems in data mining are related to fraud