The World According to the (Should-be) All Knowing and Omnipresent Compliance Gurus

Transcription

1 The World According to the (Should-be) All Knowing and Omnipresent Compliance Gurus HCCA Annual Compliance Institute Post-Conference Session W9 8:00 12:00 pm Wednesday, April 21, 2009 Agenda Introduction to AHA and AHA Solutions Operational Alignment Panel Discussion Healthcare Compliance Scenarios Q&A and Wrap-up 2 1

2 Presenters Brad Hunter, Director and Moderator AHA Solutions Robert Tietjen, President & CEO PolicyTech International, Inc. Steven Greenspan, Director Govt. Appeals & Regulatory Affairs Executive Health Resources Steve Bearak, President & CEO Identity Force 3 AHA Solutions, Inc. Overview 2

3 Principle Areas of Focus AHA has 100+ year history 5,000 member hospitals, health care systems, networks, other providers of care 38,000 individual members March 16, 2010 In a letter, 249 members of the U.S. House of Representatives strongly urged the Centers for Medicare & Medicaid Services to revise its proposed definition and requirements for hospitals to qualify for Medicare and Medicaid incentive payments as meaningful users The EHR rule goes against the intent of Congress to reward those hospitals that already have taken important steps toward implementing EHR systems and to provide incentives to encourage further development, 3

4 AHA Solutions is focused on improving the operational performance of our nation s hospitals. Through a broad variety of services, we provide hospitals with field leadership, education and research. Focused on Five Underlying Strategic Drivers Capacity Financial Performance Informatics/IT Workforce Patient Engagement Roundtables & Focus Groups Serving Our Members & Providing Information Audio conferences & Webinars AHA-Endorsed Products & Services Best Practices in Health Systems 1. Establish a system-wide Strategic Plan with Measurable Goals 2. Create Alignment Across the Health System with Goals and Incentives 3. Leverage Data and Measurement Across the Organization 4. Standardize and Spread Best Practices Across the Health System Source: A Guide to Achieving High Performance in Multi-Hospital Health Systems March 2010 HRET and The Commonwealth Fund 4

5 Increasingly mobile environment Enhance clinical productivity, reduce redundant and wasted efforts and enable faster time-to-treatment Enable secure access to the latest medical and patient data; mobile point-of-care solutions can help clinicians deliver better, more efficient care Help clinicians collaborate efficiently and make fact-based decisions, supported by more accurate, timely, and comprehensive patient data and access to evidence-based treatment guidelines Please rank the value of including the following features in a mobile user management tool. Policy violation event alerts / management (device antivirus file out of date, etc.) 33% 42% 23% 2% Enabling wireless conectivity 38% 37% 21% 2% Data Security (ability to poll for and enforce on-device encryption) 52% 38% 10% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 6 = Required Component Five Four Three Two 1 - Provides no value Source: Managing And Securing Mobile Healthcare Data And Devices Q Forrester Consulting 5

6 Building on Meaningful Use Requirements Meet short-term financial objectives And position for long-term strategic objectives* While we still have a lot of work to do we are moving from a time in which we focus on implementing clinical systems to a time where we focus on leveraging these systems This next phase will center on: Continuous improvement of processes Leveraging of data System extensions *John Glaser, PhD Vice President and CIO Partners HealthCare February 25, 2008 Enable Growth & Improve Governance Board of Directors Corporate Governance and Due Diligence Business Drivers Right Sizing & Growth Mergers, Acquisitions, and Divestiture Support Activities Data Loss Prevention: Client Information, Partner Connections, and Joint Development Collaboration Compliance Cost Reduction Preparation & Remediation 12 6

7 AHA Endorsement Process Evaluation Criteria Mission and Vision Financial and Operational Stability Dedication to Healthcare Executive Commitment Scalability Cultural Fit Market Differentiation/Leadership of Product Robust Customer Satisfaction Solution Functionality Current Market Share Strong Reference Accounts General Company Information Customer Service Management Awards/Press Releases Technical Questions Overview of product Systems Staffing Interface/Integration Reporting Implementation Training Support Performance Compliance Security 7

8 Exclusively Endorsed by the AHA for Executive Health Resources (EHR) for Concurrent & Retrospective Clinical Denials Management, Medicare & Medicaid Compliance Management & Length of Stay Management Identity Force for Identity Theft Protection, Compliance & Data Breach PolicyTech for Policy & Procedure Management Software and Services Healthcare Industry Expert Panel Compliance Scenarios Robert Tietjen, President & CEO PolicyTech International, Inc. Steven Greenspan, Director Govt. Appeals & Regulatory Affairs Executive Health Resources Steve Bearak, President & CEO Identity Force 8

9 Compliance Scenario 1 A Medicare Administrative Contractor ( MAC ) does a probe audit of 250 stent claims. Your hospital is involved in the Audit and the MAC has determined that 19 out of the 20 cases (95% error rate) they looked at for your facility were incorrectly billed as inpatient rather than outpatient. What can you do to prevent the above from happening again? Compliance Scenario 1 - Recommendations Implement a Utilization Review process to meet Conditions of Participation (42 CFR ) to get the Status Correct Why is it Important to get the Status Correct Reimbursement Make sure that you are being reimbursed properly for your services Incorrect overuse of Inpatient Incorrect overuse of Observation Extrapolation following Self-Audit (Caveat under new Reform Bill with respect to timing of repayment) Removes claims from RAC scrutiny Possible DOJ expansion of timeframe 9

10 Compliance Scenario 2 So you have an employee who is terminated for failing to abide by the company s sexual harassment policy. And the employee turns around and submits a suit against the company for failure to inform him/her of the policy. What would you suggest they do to protect themselves from litigation? Compliance Scenario 2 - Recommendations Review your processes for timeframes of initial hire. Communicate to management the need Make sure this necessity is adequately addressed in manager orientations, Have QA track metrics of how quickly signatures are being collected by managers, and provide monthly reports showing compliance status Recognize that this task may require a part-time to full-time assistant Document and communicate effectively to managers the need to review employee records before termination, to ensure they have signed-off on critical policies or procedures related to termination cause. Ensure that you have a robust archival system so you can quickly access past procedures that may have been relevant when the employee was hired. 10

11 Compliance Scenario 3 I work at a mid-sized hospital and learn that in late March 2010 a hospital-owned laptop was stolen from one of the organization s health centers. The laptop contains medical and personally-identifiable information on 785 patients. The data was not encrypted, but the computer is password protected. What are the steps we must take immediately, and what should we be prepared for in the future? Compliance Scenario 3 - Recommendations Best Practice approach includes response plan & service contracts in place Incident investigation, tracking and assessment Evaluation of Harm Threshold Determine appropriate response and id theft prevention/protection services Notification to affected individuals Notification to HHS Management of ongoing id theft prevention/protection services Prepare for media inquiries Prepare for patient inquiries Prepare for HHS Audit 11

12 Compliance Scenario 4 A Medicare Administrative Contractor ( MAC ) does a probe audit of 250 stent claims. Your hospital is involved in the Audit and the MAC has determined that 19 out of the 20 cases (95% error rate) they looked at for your facility were incorrectly billed as inpatient rather than outpatient. What are the consequences and what can I do about it after the fact? Compliance Scenario 4 - Recommendations Pre-Payment Review and other Scrutiny (Additional Post-Payment Audits RAC DOJ expansion of MAC findings) Negative publicity based upon Metrics killing more people Discussion with Medicare Administrative Contractor if you believe you are being improperly targeted and/or to get a better understanding of the criteria they are using for determining medical necessity. Appeal when Appropriate Favorable determinations use to hold MAC accountable Use all arguments, both legal and clinical If UR process in place, argue Limitation on Liability (Section 1879 of Social Security Act) Depending on length of look-back period and knowledge of provider, argue Waiver of Liability (Section 1870 of Social Security Act) Prepare for other Audits 12

13 Compliance Scenario 5 You are the manager of the Human Resources Department, and because your assistant is fairly new and lacks knowledge of company policy, the questions that would normally go to him regarding benefits and payroll issues are coming to you instead. And you don t see him being able to get enough experience and knowledge for several months still. How do you ensure that he gets trained fast enough to divert these time wasting questions from the work you desperately need to accomplish? Compliance Scenario 5 - Recommendations Create and keep updated a mind-map hierarchy of your policy system so you can quickly see what policies and procedures you have, and be able to flag which ones need enhancement, as well as which still need to be created. Ensure that policies and procedures are readily accessible in every department, and are updated immediately Review table of contents often to make sure they correlate with what is actually published. 13

14 Compliance Scenario 5 - Recommendations Review process that oversees communication of policy to ensure that employees that have a need to know are signing off their understanding and/or proving comprehension. Provide a simple way for employees to provide feedback on each procedure, as well as a way to keep those comments with the original document for consideration during periodic reviews. Compliance Scenario 6 I work at a mid-sized hospital in the Great Lakes area. Since last year, we have experienced a measurable uptick in cases of medical identity theft and fraud related to the misuse of patient identification (sharing of IDs, identity theft, etc.). We know that elements of the Red Flags Rule are meant to help address this issue, but the law is not in full force yet. We are obviously concerned about this issue from the financial loss and fraud perspective, and have also realized that (especially as we move towards EHRs) inaccurate patient medical records is a serious concern. What can be done to stem the tide of fraud and ID misuse? 14

15 Compliance Scenario 6 - Recommendations Bring facility in compliance with RFR Enable incident reporting and tracking Identify and protect against frequent flyers Ongoing, Web-based training Compliance Scenario 7 You follow the current healthcare news and see that several Medicare Administrative Contractors through the country are focusing on one-day stay Chest Pain admissions, finding that in the majority of audits that the claim should have been billed as an outpatient procedure. In addition, you understand that the DOJ has now begun to look at one-day chest pain stays; even though they don t believe there are necessarily any false claim issues. You know that most of your physicians are handling their one-day chest pain cases as inpatients. 15

16 Compliance Scenario 7 - Recommendations Buy or Build evidence based content to allow for risk stratification of high risk targets Begin Concurrent UR process for Chest Pain going forward Determine from a data analysis is this error or something more? Determine whether a repayment strategy or self disclosure is appropriate Audit charts using trained Physician Advisors (who understand both clinical and regulatory guidance pertaining to these procedures) Use audits to set reserves, make paybacks, extrapolate etc. A proactive process and cooperation with the MAC may save you a lot of headaches down the road. Compliance Scenario 8 You are the Quality Assurance Manager, but because policies and procedures are so important in managing quality, you are put in charge of them as well. Is this really something that an individual can do on the side? 16

17 Compliance Scenario 8 - Recommendations Track metrics to make sure documents are moving through the system in a timely process Create organizational charts of how each process ties to each policy, and each procedure/form to each process Maintain a mind-map of all of the documents to decipher which procedures or processes have not been created Track employee comments and ensure that authors are reviewing them when reviewing documents Follow up with managers to get procedures written and approved quickly Keep an updated table of contents Make sure there are not duplicate procedures in various departments Train managers on how to write policies and procedures Compliance Scenario 8 - Recommendations Make sure procedures are formatted correctly according to the company s standardized process Create and maintain policies that set forth the company s standardized process Make sure there are no missing approval signatures Examine review and approval dates to guarantee they coordinate with effective dates Review critical procedures to guarantee correct regulatory standards are referenced Track metrics to ensure employee attestations are happening in timely manner Coordinate with Education Department to ensure comprehension of critical procedure 17

18 Compliance Scenario 9 I work at a fairly large West Coast hospital, and we are investigating what could be our 14 th data breach in the last 12 months. The breaches have been large (hundreds of records) and small (dozens of records), paper and digital, and a variety of causes employee error, business associate error, and theft. We have lots of protections in place, but this is as much or more of a problem than ever. What, if anything, can we do to address this problem on an organizational basis? Compliance Scenario 9 - Recommendations Build a Breach-free Culture Identify risks (including those outside IT network) Best Practice written policies and procedures but they only go so far The results will come with effective training Facility-wide Certification process for training Initial training for all employees Training for all new hires Periodic refreshers for employees 18

19 Compliance Scenario 10 The floor is open for discussion! So, I have heard that another hospital had this issue Plans Monday Night? AHA Solutions Annual Networking Dinner Join Us for Dinner, Networking, Learning & Fun When: Monday, April 19 th 7:00-9:00pm Where: Reunion Tower at Dallas Union Station Wonderful dinner while overlooking the city skyline! 19

20 Question & Answer Session and Thank you! To our Expert Panel Robert Tietjen, President & CEO, PolicyTech International, Inc. Steven Greenspan, Director Govt. Appeals & Regulatory Affairs, Executive Health Resources (EHR) Steve Bearak, President & CEO, Identity Force Visit AHA Solutions at Booth #510 Visit AHA-Endorsed Solution Provider Booths too! Certiphi; Booth #308 Cyracom; Booth #816 EHR; Booth #406 Identity Force; Booth #717 PolicyTech; Booth # Contact Information Brad Hunter, Director AHA Solutions / Robert Tietjen, President & CEO PolicyTech International / Steven Greenspan, Director Govt. Appeals & Regulatory Affairs EHR / Steve Bearak, President & CEO Identity Force /