Governance & Total Compliance

Similar documents
Compliance Case Studies

ADVANCED COMPLIANCE STRATEGIES: CORPORATE GOVERNANCE AND CORPORATE COMPLIANCE

The following topics will be covered in this course: 1) Don t let pressure influence ethics and reasoning 2) Be careful about rationalizations 3)

2. The name of a private person bringing a civil action in the name of the U.S. is. 3. Medicare Part A pays primarily for.

Managing the Business Associate Relationship: From Onboarding to Breaches. March 27, 2016

Compliance Plans. Kelly S. McIntosh July 20, 2017

a physicians guide to security risk assessment

GUIDELINES. Corporate Compliance. Kenneth D. Gibbs President & Chief Executive. Martin A. Cammer Senior Vice President & Corporate Compliance Officer

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

NEXT GENERATION COMPLIANCE: HOW METRICS SHOULD DRIVE YOUR COMPLIANCE AND ETHICS PROGRAM

HIPAA Compliance. Mandatory for 7 MILLION Covered Entities (CE) & Business Associates (BA) 70% of the market is NOT compliant!

What is Compliance? Compliance Preventative Medicine for Your Practice. Commit to consistency. Commit to correctness. Commit to communication

CORPORATE COMPLIANCE PROGRAM CHARTER

COMPLIANCE AT LARGER INSTITUTIONS. November 11 13, Robert F. Roach Chief Compliance Officer New York University

Corporate Governance Framework

MODULE I: MEDICARE & MEDICAID GENERAL COMPLIANCE TRAINING

Strengthening Your Compliance and Ethics Program By Engaging Your Board Members

LIBERTY Dental Plan General Compliance Training

ANNUAL INTEGRATED REPORT 2016 Rotoplas. In_. Rotoplas. Integrity & leadership CORPORATE GOVERNANCE

FIRST TIER, DOWNSTREAM AND RELATED ENTITY (FDR) COMPLIANCE GUIDE

KEYNOTE ADDRESS ARAB REGULATORS CONFERENCE. By H.E Abdullatif Al Othman. Chairman, Saudi Arabian Industrial Investments Co (SAIIC)

Appendix 4G. Key to Disclosures Corporate Governance Council Principles and Recommendations

SHRINERS HOSPITALS FOR CHILDREN CORPORATE COMPLIANCE PLAN

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Physician Group Case Study: An Effective Approach to Creating a Comprehensive Compliance Program

Living Our Purpose and Core Values CODE. Code of Business Ethics and Conduct for Vendors

Triple C Housing, Inc. Compliance Plan

Effective Compliance Programs How Does Your Program Measure Up?

HIPAA Compliance and Mistakes:

BOARD OF DIRECTORS CHARTER

Ethics and Financial Reporting: Delivering on the Commitment

Strengthening Control and integrity: A Checklist for government Managers

Benchmarking Compliance Programs. Bret S. Bissey, MBA, FACHE, CHC, CMPE, Senior Vice President, Compliance Services, MediTract

HIPAA Demystified: Strategies to Bullet Proof Your Compliance Plan. Chris Apgar, CISSP Ron Moser, CISA, CRISC

THE AUDIT COMMITTEE INTRODUCTION. Composition

Code of Business Conduct & Ethics

The Eight Elements of a Compliance Plan and What Has Changed

Self Assessment Workbook

The hallmarks of an effective charity - Charity Commission (2008)

In-service Education Packet Corporate Compliance

Anti-Bribery Policy. for you for your community not for profit. Date: Head of HR. Author:

RIGHT FROM THE START: RESPONSIBILITIES of DIRECTORS of NOT-FOR-PROFIT CORPORATIONS

2017 The Global ABB Integrity Program.

How to Finish the HIPAA Security Risk Analysis and Meaningful Use Risk Assessment

Environmental Scanning and Risk Assessment

This document contains a summary of the Group s application of all of the principles contained in King III.

FARMER BROS. CO. CORPORATE GOVERNANCE GUIDELINES (Adopted February 1, 2017)

2016 Medicare-Medicaid Plan Compliance Plan

Sharp HealthCare s 2017 Compliance Education. Compliance and Ethics Module 1

Audit and Risk Management Committee Charter

Audit and Risk Committee Charter

Audit Committee Charter for XL Group Ltd

Corporate Governance Statement 2017

WELLS FARGO & COMPANY AUDIT AND EXAMINATION COMMITTEE CHARTER

ACO Compliance Your First Audit is Sooner Than You Think

VIRTUA DATE OF LAST REVIEW 5/11; 4/14, 8/16

TERMS OF REFERENCE OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

CORPORATE GOVERNANCE STATEMENT

Long Island Association for AIDS Care, Inc. Corporate Compliance Plan

Demonstrating the Effectiveness of Your Medicare or Medicaid Compliance Program

The Relationship Between HIPAA Compliance and Business Associates

7/27/2011. What are the Drivers to Governance? Governance

COMPLIANCE PROGRAM MANUAL

ABCANN GLOBAL CORPORATION CORPORATE GOVERNANCE POLICIES AND PROCEDURES

Applicant Data Privacy Notice

Board Charter. Values Statement for IDCARE

GOVERNANCE GUIDELINES OF THE NATIONAL ASSOCIATION OF CORPORATE DIRECTORS

Shenandoah Telecommunications Company. Corporate Governance Guidelines. 1. Composition of the Board and Board Membership Criteria

Shenandoah Telecommunications Company. Corporate Governance Guidelines

KING IV GOVERNANCE PRINCIPLES APPLICATION BY MURRAY & ROBERTS FY The governing body should lead ethically and effectively (Leadership)

BOARD OF DIRECTORS CHARTER

MACQUARIE TELECOM GROUP LIMITED CORPORATE GOVERNANCE

SMITH & NEPHEW PLC TERMS OF REFERENCE OF THE AUDIT COMMITTEE

DISCLAIMER. Remember! Please Be Respectful of Other Attendees by Turning Off Ringers on your Cell Phones/Pagers! AAPC Regional Conference

The Company seeks to comply with both the letter and spirit of the laws and regulations in all countries in which it operates.

CODE OF ETHICS AND CONDUCT

View the Recording. Webinar: Accounting of Disclosures: Practical Approaches & Enforcement Update. November 17 th, FairWarning, Inc.

MESSAGE FROM LEADERSHIP

Non-SEC Regulated Charter. Organization. Statement of Policy. Responsibilities

Corporate Compliance Plan

Standards for Excellence Program Organizational Self-Assessment Checklist

AUDIT COMMITTEE CHARTER AS AMENDED AS OF MAY 6, 2015

WANGLE TECHNOLOGIES LIMITED CORPORATE GOVERNANCE STATEMENT

Board Charter. Page. Contents

F5 NETWORKS, INC. AUDIT COMMITTEE CHARTER AS AMENDED AND RESTATED BY THE BOARD OF DIRECTORS OF F5 NETWORKS, INC. APRIL 21, 2017

TERMS OF REFERENCE FOR THE GOVERNANCE COMMITTEE Approved by the Board of Directors on June 7, 2018

F5 NETWORKS, INC. CORPORATE GOVERNANCE GUIDELINES (as of July 10, 2015)

4/21/2017. Compliance Simplified: A True Story. Dixon Davis, MBA,MHSA,CMPE Laurie K. Brown, MBA, COMT, COE Senior Consultants with BSM Consulting

BOARD OF DIRECTORS CHARTER

FAU COMPLIANCE AND ETHICS PROGRAM

Governance Webinar #2 LSC Leadership: Legal, Ethical, and other Really Important Stuff Required by Board Leaders

SAMPLE COMPLIANCE PLAN. Last revised. Sample only for educational purposes/does not constitute legal advice

RETURN ON INVESTMENT (ROI): DOCUMENTING AND SUPPORTING THE VALUE-ADD FOR A COMPLIANCE PROGRAM

CORPORATE GOVERNANCE GUIDELINES

AICPA CITP Credential Examination Series

Schedule of Matters Reserved for the Board

POSITION DESCRIPTION

SHAW COMMUNICATIONS INC. BOARD OF DIRECTORS MANDATE

Privacy and Information Security Sanction Policy

BOD Minute:. Oversight Committee Mandate: Governance Committee

Transcription:

Governance & Total Compliance Regulators Expectations & Best Practices to Meet Them Presented by: David M. Rottkamp, CPA Partner, Not-for-Profit Practice Leader Alfonso P. Conti, MPA Manager, Healthcare Management Consulting

Opening Remarks The year ahead will be a pivotal one for Boards and audit committees Many of the larger companies that failed: o Were sabotaged by Board negligence; o Were too optimistic; o Had ill-informed Boards; o Had Boards that spent too much time looking backwards than towards the road ahead.

Ex-CEO admits stealing from prominent NYC charity The politically connected former CEO of a prominent city charity admitted Wednesday he helped steal more than $9 million from the organization in an insurance scheme that authorities linked to campaign contributions. William Rapfogel pleaded guilty to grand larceny, money laundering and other charges in a case that had rattled city and state political circles. Source: The Associated Press, April 23, 2014

Opening Remarks Effective leaders are straight shooters who know that if performance or the ability to fulfill obligations is lacking, they must work to educate, demonstrate expectations, and critique behavior that is below the norm.

Recent Surveys Audit Committees from both the For Profit and Not- For-Profit world agree that the Board: o Cannot sit back and conduct business a usual! o Must engage management to understand current and future challenges of the business. o Must reduce the reactive nature to an issue and be more proactive and o Ensure that the right people and skill sets are on the Board to enable the growth and protection of the organization.

Trends in Governance 60% of Boards surveyed replaced or added a director in the last 12 months. 52% of Boards do not oversee organizations social media strategy and can improve on their technical knowledge 14% of the Boards surveyed have removed a director due to poor performance/ evaluation Boards are focusing on age limits and term limits for Board members

Board Questions Does your Board consider or have in place: o A Board Succession Process o Constantly assess and challenge the members o Optimizing the Board seat and rotate with term limits o Board member recruitment o Board Mentoring

Why all the Concern? Governor Cuomo emphasis on Ethics reform in government, it does not stop with the politicians! Passage Not For Profit Revitalization Act implementation July 1, 2014 Appointment of James Sheehan to head the Charities Bureau - you remember the mantra educate / prosecute Recent Media articles on CEO Kickbacks in NFP and Healthcare organizations! OIG published 52 month average Jail time for Fraud and Abuse conviction. Corporate Integrity Agreements are getting tougher!

Responsibility of the Governing Board Fiduciary Duty: This means that the board member will act for the financial benefit of the organization. Duty of Care: The board member will use a level of care that an ordinarily prudent person would exercise in a similar position when faced with similar circumstances. Duty of Loyalty: This is an expectation that the governing board member will act in a manner he/she reasonably believes to be in the best interests of the organization.

Boards are Targets of the OMIG / OIG Boards are being targeted for their focus on: o Compliance and their direction of the Compliance Officer and Compliance Committee. o Boards in general need to know what the annual compliance efforts Involves. o Boards are ultimately responsible for the ethical conduct of the management.

Boards are Targets of the OMIG / OIG So how does a Board avoid this embarrassment? o The answer is culture, education, and continuous focus o A structure where the Compliance Officer reports to the Board o Getting harder and harder to oversee the challenges

Potential Board Solution A continuous stream of communication Sharing of Compliance efforts The Board assistance of the Compliance Officer

Not For Profit Revitalization Act Passed December 18, 2013 effective date July 1, 2014! Addresses the growing concerns in the NFP industry! (Target) Main Components of the Act: o Mandatory Audit Committee or Board Audit Function Kickbacks. o Mandatory Whistleblower and Conflict of Interest policies o Other areas in the Act involve Document everything

OMIG FAQ s Targets Boards Does the board of directors need to approve ALL policies and procedures? If not, what type of policies MUST have board approval? Is annual compliance training required for the board of directors or is it best practice? What training MUST board receive on an annual basis? Is annual defined as within 365 days or is there some leeway, such as 13 months? In the compliance audits conducted by the OMIG or other regulatory agencies, of which the OMIG is aware, what are some practical tools used by compliance officers /organizations to get board engagement?

How Can Boards Help Management? In successful businesses Boards need to set the What does that mean? Tone from the Top! o Communicate to Management o Insure Ethical behavior o Provide Support

Boards and Their Compliance Officer Where is your Compliance Officer in the Food Chain? Compliance Officer position is more critical in 2014! The Board should know the Compliance Officer! The Board should know the Compliance Committee! A Board members should sit on the Committee!

The Compliance Officer New _ Charities Bureau: o Effective February 1, 2014 the new head of the Charities Bureau (CB) is James Sheehan former head of the Office of the Medicaid Inspector General. One of his many charges will be the implementation of the NFP Revitalization Act. o How does that affect the Board and Compliance Officer relationship?

Chief Compliance Officer Responsibility Facilitate Candid conversation at the Board and C-Suite Develop ethical leaders Build ethical leadership incentives Train everyone in the organization starting with the Board Form a Compliance Committee that will assist the CCO Assess the organization risk areas CCO has an independent voice

Current Practices Governance Involvement Compliance Committee Meetings Continuous Compliance Education of Staff Annual Risk Assessment by Departments Work Plan Update Auditing and Monitoring Program Internally and Externally Reporting to Governance

OMIG Bureau of Compliance The function of the Bureau of Compliance is to insure providers of Medicaid services have an effective Compliance program in place. They enforce the year-end certification of compliance programs. The goal of these reviews is to assess if providers have compliance programs that meet the requirements of applicable laws, regulations, rules and policies of the Medicaid program per their introduction letter.

Bureau of Compliance Request Contact information of the Compliance Officer Contact Information Senior Administrative Official Document Request Compliance Officer information Copy of the Organization Chart

Bureau of Compliance Reporting The turn around time is usually 1 week. They want to see: o Minutes of the Compliance Committee o Training conducted with staff o A work plan that identifies the risks identified o A summary of reviews performed o Reporting to Governance

Bureau of Compliance Follow-Up Schedule a site-visit Purpose: o Meet with a member of Governance o Speak with Management o Discuss with the Compliance Officer what their role is o Perform a walk around

What Happens If? Year-end Certification is backed up The Bureau in their review always finds something A Discussion Draft is issued No submission, a final letter is issued The Bureau suspects lax and non-adherence to compliance

Compliance Summary Review existing Compliance Plan Documentation Conduct a review of all supporting policies and procedures Conduct a comprehensive self-assessment of the program Prepare an updated work plan on the risk areas identified Report on a quarterly basis on reviews performed

Other Piece of Compliance HIPAA The Final HITECH Regulations went into effect on March 26, 2013. DHHS is allowing Covered Entities ( CEs ) and Business Associates 180 days to come into compliance. This means, unless otherwise noted, CEs and Business Associates must be compliant by September 23, 2013. The Date has Passed!

Nervous Yet or Relieved? So now you see the Circle of Life as seen by the OMIG! o Governance o Management o Compliance Officers You know we are there for You

MEGA Rule - Impact The Breach Notification Requirements Business Associates Privacy Notice Changes Marketing / Fundraising / Sale of Protected Health Information (PHI) Various Miscellaneous Privacy Provisions Enforcement and Penalties

OCR Study on Breaches 46% loss is of laptops with PHI 42% loss due to employee mistakes or unintentional action. Effectiveness training is questionable

Mobil Devices Do you have a Social Media Policy? Limit access from devices to critical systems Require the user to read/sign an acceptable use policy Limit or restrict the download of PHI Scan devices for viruses/malware software Require anti-virus/anti malware prior to connection Scan devices removing apps that present a security threat

Compliance with HIPAA Standards Steps to prepare for it: o Conduct a security risk assessment and privacy review o Identify PHI locations throughout the organization o Create a work plan to mitigate top risks identified o Ensure Business Associate agreements up to date o Update policies and procedures for HITECH rule o Appropriately assign an Officer to oversee

OCR Corrective Action Plan Recently Skagit County signed off on the CAP after paying $215,000 settlement: A three year program HHS must approve policies and procedures o Breach Notification policy o Accounting for Disclosures o Hybrid Entity Business Associate Documentation o Security Management Process o Update all policies for Federal compliance o Provide Training for all workforce and certify performance o Reportable events if any workforce member does not comply with these requirements

OCR Corrective Action Plan Annually a Report is submitted NLT 60 days after signing date of CAP containing summary of security mgt., reportable events and attestation by an officer of the County Institute a document retention requirement for 6yrs.

HIPAA Goals / Questions What are your HIPAA goals? Meet compliance Mitigate risk Improve your security posture Evaluate your team s response capabilities, all good responses.

HIPAA Goals / Questions However, pretend for a moment you have completed an assessment what are some questions to ask yourself: What do you hope to show management when reporting results? Is there something you are trying to prove? Do you need to test your external network devices? Are you looking for a thorough review of your web applications? Do you want to test the security culture of your organization? Do you have a specific technical area of your environment you need to evaluate that you don t have the right skillset in-house for?

Summary Forward looking Boards must remain: o Vigilant o Energetic, o Wary of bad habits. o Objective o Built on Ethics and Culture Successful boards will be those that work in the spirit of continuous improvement at every meeting, while always keeping the long range goals in mind. By creating forward thinking Boards, organizations can avoid the failures and potholes discussed today.

Summary Building a real, substantive compliance and ethics program will demonstrate to the government, shareholders, employees, rating agencies, and others that your company is indeed, committed to integrity.

VACCINE

For more information David M. Rottkamp Partner, Not-for-Profit Practice Leader 516-918-5942 drottkamp@grassicpas.com Alfonso P. Conti Healthcare Management Consulting Manager Grassi & Co. 516-336-2471 aconti@grassicpas.com

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback