Lisa Hancock, RN, MHA


Published on

Compliance Presentation for Zotec

  • Be the first to comment

  • Be the first to like this

Lisa Hancock, RN, MHA

  1. 1. Chief Compliance Officer [email_address] 317-370-4268
  2. 2. The Compliance Officer’s key responsibilities should include: <ul><li>Oversee and monitor the compliance program; </li></ul><ul><li>Report on a regular basis to the company’s governing body, CEO and compliance committee; </li></ul><ul><li>Periodically revise the Compliance program in light of changes in the needs and in the law </li></ul><ul><li>Ensure that employees have received the Code of Conduct </li></ul><ul><li>Developing educational and training program that comply with Federal and State standards; </li></ul><ul><li>Coordinate personnel issues with human resources; </li></ul><ul><li>Assist in internal compliance review and monitoring activities; and </li></ul><ul><li>Disseminate new and upcoming laws and regulations. </li></ul>
  3. 3. While at Zotec Partners have accomplished the following: <ul><li>Established an officially named and documented Compliance Committee. </li></ul><ul><li>Established a formal, written Code of Conduct for all employees. This is now given to all new and existing employees. </li></ul><ul><li>Updated and formalized the written Compliance Plan for all of Zotec Partners. </li></ul><ul><li>Updated the HIPAA Policies and Procedures for the Company. </li></ul><ul><li>Reviewed the annual compliance risk assessment and recommended changes to internal processes. </li></ul>
  4. 4. While at Zotec Partners have accomplished the following: <ul><li>Education </li></ul><ul><ul><li>Developed education for all medical billing employees on compliance, coding, HIPAA, and security. </li></ul></ul><ul><ul><li>Updated the Code of Conduct and included this in the required employee education. </li></ul></ul><ul><ul><li>Updated the </li></ul></ul><ul><li>Policy and Procedure Development </li></ul><ul><li>TeleradiologyPolicies and Procedures developed for clients spanning 10 states. </li></ul><ul><li>Compliance Intranet site developed </li></ul>
  5. 6. An example of initial educational announcement of Red Flag Rules: <ul><li>Under the Red Flags Rules, physicians and other healthcare providers must develop a written program that identifies and detects the relevant warning signs — or “red flags” — of identity theft. These may include, for example, unusual account activity, fraud alerts on a consumer report, or attempted use of suspicious account application documents.  Since we are performing the billing and collections on our clients behalf, we are their partners in this process. Outlined below is our approach to responding the Red Flags Rules requirements </li></ul><ul><li>  </li></ul><ul><li>Our first step is to be proactive, limiting access to Social Security numbers, credit card information and other sensitive data. </li></ul><ul><li>  </li></ul><ul><li>Our second step is for departments handling and coordinating patient data to secure that information and ensure others do the same. </li></ul><ul><li>  </li></ul><ul><li>Therefore, as the third step, we have developed our own policy to assist our clients in the Red Flag Rules process.  In addition to our policy, I have also attached education put together by AHIMA, procedures developed by MGMA for physician practices, and the AMA guidelines for Red Flag Rules.  Please share this information with your staff and clients, as needed, to help educate them on Red Flags Rules.  </li></ul><ul><li>  </li></ul><ul><li>When you see any of the following Red Flags please notify me: </li></ul><ul><li>A complaint or question from a patient based on the patient’s receipt of: </li></ul><ul><li>a. A bill for another individual;  (Jane Doe receives a bill for Bob Smith at her address) </li></ul><ul><li>b. A bill for a product or service that the patient denies receiving; (Jane Doe calls to say that she never had a chest x-ray) </li></ul><ul><li>c. A bill from health care provider that the patient never patronized; (Bob Smith calls to say that he has never seen Dr. Jones) </li></ul><ul><li>d. A notice of insurance benefits (or Explanation of Benefits) for health services never received; (Bob Smith says that he got an EOB for a mammogram that he did not have) </li></ul><ul><li>e. A collection notice for services that the patient never had.  (Jane Doe calls to say that Dr. Jones sent her to collections for something that she never had.) </li></ul><ul><li>  </li></ul><ul><li>I would be more than happy to review this information with you, your employees, or clients if you would like, just let me know.  If you have any questions, please contact me.  Thank you.  </li></ul><ul><li>  </li></ul><ul><li>Lisa Hancock, RN, MHA </li></ul><ul><li>Chief Compliance Officer </li></ul><ul><li>11460 N. Meridian Street </li></ul><ul><li>Carmel, IN  46032 </li></ul><ul><li>317-805-4119 </li></ul><ul><li>[email_address]   </li></ul><ul><li>  </li></ul>
  6. 7. Policy Development Example <ul><li>IDENTITY THEFT: RED FLAG RULES COMPLIANCE </li></ul><ul><li>  </li></ul><ul><li>PURPOSE </li></ul><ul><li>The purpose of this policy is to formalize Zotec Partners’s Red Flag Rules program and set forth </li></ul><ul><li>guidelines to prevent, detect, investigate, and respond to patterns, practices, and specific </li></ul><ul><li>activities that indicate the risk of or existence of identity theft. </li></ul><ul><li>  </li></ul><ul><li>SCOPE </li></ul><ul><li>This policy applies to all Zotec Partners covered accounts and all employees, temporary workers </li></ul><ul><li>and other workers at the organization, including consultants and contractors, and other </li></ul><ul><li>third parties who may work with Zotec Partners’s covered accounts. </li></ul><ul><li>EXCEPTIONS </li></ul><ul><li>Any exceptions to this policy must have the written approval of the General Counsel. </li></ul><ul><li>DEFINITIONS </li></ul><ul><li>Covered Accounts – an account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes that involves or is designed to permit multiple payments or transactions. </li></ul>
  7. 8. Policy Change Management <ul><li>An example of the type of educational information that was shared with our employees and clients: </li></ul><ul><li>The ABN-G and ABN-L will no longer be valid beginning March 1, 2009.  </li></ul><ul><li>CMS implemented use of the revised Advance Beneficiary Notice of Noncoverage (ABN) (CMS-R-131). This form replaces the General Use ABN (CMS-R-131-G), and the Lab ABN (CMS-R-131-L) for physician-ordered laboratory tests. The form (English and Spanish versions) and notice instructions are now posted on the Beneficiary Notice Initiative web page ( www.cms.hhs.govni ). Detailed manual instructions, including the official implementation date will be posted on the BNI webpage in the near future. </li></ul><ul><li>Some key features of the new form are that it: </li></ul><ul><ul><li>Has a new official title, the “Advance Beneficiary Notice of Noncoverage (ABN)”, in order to more clearly convey the purpose of the notice; </li></ul></ul><ul><ul><li>Replaces the ABN-G and ABN-L; </li></ul></ul><ul><li>May also be used for voluntary notifications, in place of the Notice of Exclusion from Medicare Benefits (NEMB) (CMS Form 20007); </li></ul><ul><ul><li>Has a mandatory field for cost estimates of the items/services at issue; and </li></ul></ul><ul><ul><li>Includes a new beneficiary option, under which an individual may choose to receive an item/service, and pay for it out-of-pocket, rather than have a claim submitted to Medicare. </li></ul></ul>
  8. 9. HITECH To Do List for Covered Entities and Business Associates <ul><li>Revise existing privacy and security policies and procedures to ensure compliance within the timeframes listed below. Business Associates that do not currently have written policies and procedures must promptly take steps to draft and implement them. Covered Entities & Business Associates Breach Notification Rules - effective approximately September 2009 Prohibition on Sale of EHR or PHI, New Marketing Rules - effective approximately February 2011 Accounting of Disclosures of Electronic Health Records - effective between 2011-2014 Enforcement Provisions – effective immediately Covered Entities Disclosure Restrictions – effective February 17, 2010 Business Associates Application of Security and Privacy Rules – effective February 17, 2010 </li></ul><ul><li>Review existing Business Associate Agreements to ensure that the HITECH Act requirements are incorporated. </li></ul><ul><li>Conduct training for employees and other staff members, focusing specifically on time sensitive issues, such as breach notifications </li></ul>
  9. 10. While at IU Medical Group Specialty Care <ul><li>IU Medical Group – Specialty Care is the faculty practice plan for the IU School of Medicine. This includes 900 specialty physicians. </li></ul><ul><li>My position was primarily responsible for Compliance, Privacy and Quality for the specialty physicians of the IU School of Medicine. </li></ul><ul><ul><li>This was inclusive of 26 individual practice plans, each with separate tax ids and covered entity status. </li></ul></ul><ul><li>My position was closely integrated with our affiliated hospital systems, Clarian (Methodist, IU, Riley, West, and North,) Wishard and the local VA. </li></ul><ul><ul><li>If an OCR Privacy Complaint was received for our physicians I was the person primarily responsible for the investigation and response. </li></ul></ul><ul><ul><li>All patient complaints and investigations for our physicians, regardless of the location was my responsibility. </li></ul></ul><ul><li>The Compliance function also had to involve integration with Indiana University. </li></ul><ul><ul><li>My position had to work closely with University Council when an issue involved physician employment or University policy. </li></ul></ul>
  10. 11. While at Clarian Health Partners <ul><li>Was designated at Director of HIPAA Compliance and was responsible for Privacy and Security implementation for the following locations: </li></ul><ul><ul><li>3 Acute Care Hospitals (Methodist, IU, Riley) </li></ul></ul><ul><ul><li>4 Surgery Centers </li></ul></ul><ul><ul><li>1 owned physician practice (MMG) </li></ul></ul><ul><ul><li>Health Net Clinic (free clinic) </li></ul></ul><ul><ul><li>Occupational Health </li></ul></ul><ul><ul><li>Home Care </li></ul></ul><ul><ul><li>Hospice </li></ul></ul><ul><ul><li>Research Institute </li></ul></ul><ul><ul><li>Fundraising Institution </li></ul></ul>