And The Question Is:
What are the Key AMC Compliance Focus Areas
in the Current Regulatory Environment?
Panel Members:
Joan Podleski, Duke University Luanna Putney, University of California
Kristen West, Emory University
Facilitator:
Lynda Hilliard, University of California
Session Agenda
1:30-2:30pm –
The Basics: Structure & Scope of the 3 Compliance Programs 2:40-4:30pm –
A. Key Regulatory Risks Impacting AMCs 1. Privacy Concerns
2. Clinical Trial Billing
3. ACA: Accountable Care Organizations B. Questions of Panel
1. Questions On How the 3 AMCs are dealing with their potential risk areas
Section 1
The Basics:
Structure and Scope of Compliance
Programs
Compliance Matters* Impacting Academic Medical Centers (AMC)
Principal Investigator
Data Security and Privacy
• OCR Audits • Mobile Devices • BAAs
• Breach Response &
Notifications Enforcement Activity • RACs (Medicare, Medicaid, ZPICs) • Increased provider data/reporting ; OIG use of data analytics
Business Operations
• EHRs
• Physician Arrangements • Sunshine Act Provisions • Outcomes Reporting
Research
• Clinical Research
Billing
• CT.Gov • Human & Animal
Research Protection
• COI/COC
AMC
Federal and State Laws
Federal and State University
Policy
University Guidance
University of California
Luanna Putney, PhD, CHC, CCEP Director of Research Compliance
[email protected] Lynda Hilliard, MBA, CHC, CCEP System Deputy Compliance Officer
Office of Ethics, Compliance and Audit Services
Program Overview and Structure
• Established in 2008 under Regental Resolution to facilitate system-wide compliance with applicable laws, regulations and policies
• Assures compliance infrastructure is in place to address and mitigate risk priorities
• Oversees comprehensive reporting mechanisms which allow employees to report suspected violations of UC policies or regulatory obligations
• Oversees the policy-making process in all areas for which the President has authority
• Reports high priority and sensitive compliance and/or audit matters to senior leadership and Regents; and tracks matters to completion
*Membership to include representation from academic senate and administrative leaders of compliance risk areas; “campus” refers to UC locations including LBNL, UCOP and ANR
*Academic Medical Centers are included in “campus” definition
Campus Sy stem A cademic Senate Collaboration
The Board of Regents
Policies & Procedures Corrective Action
Monitoring & Auditing Employee
Training Reporting
Campus Ethics & Compliance Risk Committee*
(co-chaired by EVC and CECO)
Campus Ethics & Compliance Officer (CECO)
(Vice Chancellor or above level)
UC Ethics & Compliance Risk Council*
(co-chaired by President and SVP/Chief Compliance Officer)
UC Chief Compliance and Audit Officer
Chancellor – Campus Oversight and Accountability
Ethics and Compliance Program
Reporting Structure
Office of Ethics, Compliance and Audit Services
Organization Chart
AMC Chief Health Sciences Compliance Officers have a dotted line reporting relationship
to SVP/CCAO UC Board of
Regents
Chief Compliance & Audit Officer (Senior Vice President) Ethics and Compliance Office General Compliance Research Compliance
Health Care & HIPAA Privacy
Compliance
Investigations Systemwide Policy Function Internal Audit Systemwide Internal Audit UCOP Internal Audit
Duke University
Institutional Compliance Program
Joan Podleski, CHC, CHRC Director, Institutional Ethics and Compliance
919.613.7627
Duke University
Institutional Compliance Governance
Duke University Board of Trustees
Institutional Compliance Steering Committee (President, Chancellor, Provost, EVP, General Counsel,
University Secretary, Medicine and Academic Dean)
Audit
Committee Chief Audit Executive
Director, Institutional Ethics and Compliance Program
Compliance Liaisons – manage specific
Duke University: Compliance Organization
Duke University
Board of Trustees Health System Board Duke University
of Directors DU Audit
Committee DUHS Audit Committee
Chief Audit Executive Chief Compliance Officer DUHS Chief Compliance Officer School of Medicine Director, Institutional Ethics and Compliance Program
Duke University
Compliance Program Standards & Responsibilities
Governance:
Institutional Compliance Steering Audit Committee/Board
Program Development & Oversight: Institutional Ethics & Compliance
Program
Audit: OIA, DUHS & SOM
Compliance Risk Ownership:
Senior Leadership / Operational Management
Duke University Compliance
Resource Management Strategies
• On-going risk assessment is key
• Risk levels should drive resources
– Automate what you can (COI process)
– Assess effectiveness of monitoring and training activities - more does not always equal better
• Management is accountable
– Defines risk tolerance – Drives operational processes – Removes barriers to compliance
Emory University
Compliance Program Structure
Kris West, J.D., M.S.
Assoc. VP for Research Admin & Director, Office of Research Compliance
[email protected] (404) 727-2398
3 Compliance Domains
• Research Compliance
• Administrative Compliance
• Healthcare Compliance
Compliance Reporting Structure
• Emory University and Emory Healthcare: separate
corporate structures with some combined elements and
one Board of Trustees
• University and Healthcare structures overlap in the area
of Research
Compliance Reporting Structure
Emory Univ. & Emory Health Care Board of Trustees Audit & Compliance Committee
Emory Univ. VP for Research Admin. Chief Compliance Officer Emory Healthcare Emory Univ. Executive VP for Health Affairs Emory Univ.& Emory Healthcare Director Internal Audit Emory Univ. &
Emory Health Care General Counsel Emory Univ. Executive VP & Provost Emory Univ. Executive VP for Finance Emory Univ. Director Research Compliance Emory Univ. Director Administrative Compliance CEO, Emory Healthcare
Healthcare Compliance Domain
• Emory Healthcare function
• Established 1990s
• 3 practice plans; 4 owned hospitals; 2 affiliated
hospitals
• Scope
– Billing, coding, CT Billing – Privacy officer for healthcare
Research Compliance Domain
• Emory University function
• Established 2002
• Scope:
– Basic and clinical research carried out by faculty members in University employee capacity – animal & human subjects – Privacy officer for research functions
– Research integrity officer
– Compliance review for: IRB, IACUC, IBC, Radiation Safety Committee, Conflict of Interest Committee
– CT Billing – Export controls
Administrative Compliance Domain
• Established 2013
• New Position for University
• Covers compliance areas outside of research
and healthcare
Domain Overlap & Coordination
• Research and Healthcare Overlap Areas: clinical trials contracting,
conduct and billing; HIPAA compliance; FDA/GCP compliance
• Compliance Oversight Committee = Directors of Administrative
Compliance and Internal Audit, Research Compliance & Emory Health Care Compliance
• Compliance Liaison Committee = representatives from University
and Healthcare units with compliance duties
• Joint Compliance Review Committee = IRB Director, Emory Health
Care and Emory Univ. Compliance Officers
Section 2: Key Regulatory Risks
PRIVACY
Duke Privacy Oversight
• Privacy/Security Workgroup includes
– DUHS, SOM and DU Compliance Officers
– DUHS and DU IT Security Officers
– Director of Internal Audits, IT
• Incident response teams sit within each
compliance office
• Internal Duke Notification Policy defines who is
brought into the loop across internal
organizational lines
• Seen as an institutional compliance priority
University of California
Background & Best Practices
ALL UC AMCs have the following:
1. Privacy Officer, with one or more committees that oversee privacy compliance
2. Process in place to review policies and procedures 3. Annual training requirement
4. Privacy auditing and monitoring program Routine monitoring activities :
• Privacy rounds
• Automated alerts for system accesses
University of California –
System Initiatives and Privacy Challenges
Challenges
• Protection of data on mobile devices • OCR increased enforcement
• OCR Privacy and Security Audit initiative
Systemwide initiatives include:
• BAA database across system;
• Common NPP and breach response process, • Campus-based liaison for system
Emory University
Privacy Oversight
• Emory University Privacy Officer
• Emory Healthcare Privacy Officer
• Emory University/Emory Healthcare Security Officer
• Breach Analysis Team = Privacy Officers, Security
Officers, Director Risk Mgmt., Vice President for IT,
General Counsel
Section 2: Key Regulatory Risks
CLINICAL TRIAL BILLLING
Duke Clinical Trials Billing
• Systems controls to identify
– Clinical vs investigative treatments
– Subject enrollment
– Appropriate billing work flow
• Dedicated support group to assist with
– Budget preparation
– Development of “billing matrix”
Emory University
Clinical Trial Billing –
In transition
• Transition from post-billing adjustment system housed in one
office, to pre-billing scrub system housed in two offices.
• Office of Clinical Research
– Performs coverage analysis; negotiates some trial budgets; some invoicing
– Reports to School of Medicine and Vice President for Research Administration
– Oversees mandatory training for clinical researchers and research coordinators
– Oversees compliance with CT.gov requirements – Coordinates contract and informed consent language
Emory University
Clinical Trial Billing –
In transition
• Office for Clinical Trial Billing
– Oversees billing for clinical trials
– Implements coverage analysis on billing end
– CT subjects flagged and all bills held until properly sorted according to coverage analysis
• $ 227.5 million in clinical research funding (FY 2011-12)
• Nearly 60% of UC patients are covered by Medicare, Medi-Cal or lack
health insurance
• Compliant management of clinical trial billing requires a broad
understanding of many fragmented, often disconnected, processes and technology
• At the UC AMCs clinical research billing programs in varying levels of maturity, with distributed or quasi-hybrid governance structures in place or being considered; no central governance models
University of California –
Clinical Research Billing Background
Requires knowledge and effective coordination of multiple functional areas Requires IT systems to talk
with one another Requires governance
structure that is effective across multiple silos
Note: While this illustration highlights each step as its own process activity, many of these can be done
Compliant Billing Vetting Feasibility Analysis Coverage Review Billing Plan Budgeting Contracting IRB Approval Enrollment & Informed Consent Registration & Scheduling Charge Capture Charge Segregation
Accountable Office?
Section 2: Key Regulatory Risks
ACA: ACCOUNTABLE CARE
An accountable care organization(ACO) is a healthcare organization characterized by a payment and care delivery model that seeks to tie provider reimbursements to quality metrics and reductions in the total cost of care for an assigned population of patients
• A group of coordinated health care providers forms an ACO, which then provides care to a group of patients. The ACO may use a range of payment models (capitation, fee-for-service, with asymmetric or symmetric shared savings, etc.)
• The ACO is accountable to the patients and the third-party payer for the quality, appropriateness and efficiency of the health care provided
• According to the CMS, an ACO is "an organization of health care providers that agrees to be accountable for the quality, cost, and overall care of Medicare beneficiaries who are enrolled in the traditional fee-for-service program who are assigned to it.“
University of California – UC Health
5 AMCs: UC Davis, UC Irvine, UC Los Angeles, UC San Diego, UC San Francisco
• 10 hospitals with 3,159 licensed beds
• 4th largest health care delivery system in California
• 3.9 million outpatient visits in the past year
• 290,000 emergency room visits
• 144,000 inpatient admissions
• 36,000 medical center employees
• 10,000 nurses
University of California – ACO Background
University of California – Participation in ACOs
The UC AMCs developing affiliations to facilitate ACO principles:1. UC Heatlh – unique payor-provider partnership (MOU) with all UC
AMCs and Anthem Blue Cross Blue Shield
• Anthem is the largest insurer in CA, with UC AMCs as the
second largest client on the provider side
• Anthem will provide systems, infrastructure and longitudinal
medical record; UC will contribute the provider experience
• Partners will co-develop protocols that increase health quality,
access and outcomes and reduce costs
• Developing joint product for the CA Health Insurance
Exchange (sets up ACO infrastructure for all UC AMCs with largest insurer in CA)
• Developing joint product for the CA Health Insurance Exchange (sets up ACO infrastructure for all UC AMCs with largest insurer in CA)
1. UCSF -- Accountable Care Collaborative with Health Net Blue and Gold (UC Beneficiaries)
2. UCSD -- Accountable Care Program for employers in concert with Sterling Health
3. UCLA -- Medicare Shared Savings Program
University of California – Participation in ACOs
(continued)
University of California – ACO Compliance Challenges
• Contract compliance
• Physician relationships
• Accountability to the federal government under various
ACA programs
• Compliant billing
• EHR meaningful use