• No results found

And The Question Is: What are the Key AMC Compliance Focus Areas in the Current Regulatory Environment?

N/A
N/A
Protected

Academic year: 2021

Share "And The Question Is: What are the Key AMC Compliance Focus Areas in the Current Regulatory Environment?"

Copied!
23
0
0

Loading.... (view fulltext now)

Full text

(1)

And The Question Is:

What are the Key AMC Compliance Focus Areas

in the Current Regulatory Environment?

Panel Members:

Joan Podleski, Duke University Luanna Putney, University of California

Kristen West, Emory University

Facilitator:

Lynda Hilliard, University of California

Session Agenda

1:30-2:30pm –

The Basics: Structure & Scope of the 3 Compliance Programs 2:40-4:30pm –

A. Key Regulatory Risks Impacting AMCs 1. Privacy Concerns

2. Clinical Trial Billing

3. ACA: Accountable Care Organizations B. Questions of Panel

1. Questions On How the 3 AMCs are dealing with their potential risk areas

(2)

Section 1

The Basics:

Structure and Scope of Compliance

Programs

Compliance Matters* Impacting Academic Medical Centers (AMC)

Principal Investigator

Data Security and Privacy

• OCR Audits • Mobile Devices • BAAs

• Breach Response &

Notifications Enforcement Activity • RACs (Medicare, Medicaid, ZPICs) • Increased provider data/reporting ; OIG use of data analytics

Business Operations

• EHRs

• Physician Arrangements • Sunshine Act Provisions • Outcomes Reporting

Research

• Clinical Research

Billing

• CT.Gov • Human & Animal

Research Protection

• COI/COC

AMC

Federal and State Laws

Federal and State University

Policy

University Guidance

(3)

University of California

Luanna Putney, PhD, CHC, CCEP Director of Research Compliance

[email protected] Lynda Hilliard, MBA, CHC, CCEP System Deputy Compliance Officer

[email protected]

Office of Ethics, Compliance and Audit Services

Program Overview and Structure

• Established in 2008 under Regental Resolution to facilitate system-wide compliance with applicable laws, regulations and policies

• Assures compliance infrastructure is in place to address and mitigate risk priorities

• Oversees comprehensive reporting mechanisms which allow employees to report suspected violations of UC policies or regulatory obligations

• Oversees the policy-making process in all areas for which the President has authority

• Reports high priority and sensitive compliance and/or audit matters to senior leadership and Regents; and tracks matters to completion

(4)

*Membership to include representation from academic senate and administrative leaders of compliance risk areas; “campus” refers to UC locations including LBNL, UCOP and ANR

*Academic Medical Centers are included in “campus” definition

Campus Sy stem A cademic Senate Collaboration

The Board of Regents

Policies & Procedures Corrective Action

Monitoring & Auditing Employee

Training Reporting

Campus Ethics & Compliance Risk Committee*

(co-chaired by EVC and CECO)

Campus Ethics & Compliance Officer (CECO)

(Vice Chancellor or above level)

UC Ethics & Compliance Risk Council*

(co-chaired by President and SVP/Chief Compliance Officer)

UC Chief Compliance and Audit Officer

Chancellor – Campus Oversight and Accountability

Ethics and Compliance Program

Reporting Structure

Office of Ethics, Compliance and Audit Services

Organization Chart

AMC Chief Health Sciences Compliance Officers have a dotted line reporting relationship

to SVP/CCAO UC Board of

Regents

Chief Compliance & Audit Officer (Senior Vice President) Ethics and Compliance Office General Compliance Research Compliance

Health Care & HIPAA Privacy

Compliance

Investigations Systemwide Policy Function Internal Audit Systemwide Internal Audit UCOP Internal Audit

(5)

Duke University

Institutional Compliance Program

Joan Podleski, CHC, CHRC Director, Institutional Ethics and Compliance

919.613.7627

[email protected]

Duke University

Institutional Compliance Governance

Duke University Board of Trustees

Institutional Compliance Steering Committee (President, Chancellor, Provost, EVP, General Counsel,

University Secretary, Medicine and Academic Dean)

Audit

Committee Chief Audit Executive

Director, Institutional Ethics and Compliance Program

Compliance Liaisons – manage specific

(6)

Duke University: Compliance Organization

Duke University

Board of Trustees Health System Board Duke University

of Directors DU Audit

Committee DUHS Audit Committee

Chief Audit Executive Chief Compliance Officer DUHS Chief Compliance Officer School of Medicine Director, Institutional Ethics and Compliance Program

Duke University

Compliance Program Standards & Responsibilities

Governance:

Institutional Compliance Steering Audit Committee/Board

Program Development & Oversight: Institutional Ethics & Compliance

Program

Audit: OIA, DUHS & SOM

Compliance Risk Ownership:

Senior Leadership / Operational Management

(7)

Duke University Compliance

Resource Management Strategies

• On-going risk assessment is key

• Risk levels should drive resources

– Automate what you can (COI process)

– Assess effectiveness of monitoring and training activities - more does not always equal better

• Management is accountable

– Defines risk tolerance – Drives operational processes – Removes barriers to compliance

Emory University

Compliance Program Structure

Kris West, J.D., M.S.

Assoc. VP for Research Admin & Director, Office of Research Compliance

[email protected] (404) 727-2398

(8)

3 Compliance Domains

• Research Compliance

• Administrative Compliance

• Healthcare Compliance

Compliance Reporting Structure

• Emory University and Emory Healthcare: separate

corporate structures with some combined elements and

one Board of Trustees

• University and Healthcare structures overlap in the area

of Research

(9)

Compliance Reporting Structure

Emory Univ. & Emory Health Care Board of Trustees Audit & Compliance Committee

Emory Univ. VP for Research Admin. Chief Compliance Officer Emory Healthcare Emory Univ. Executive VP for Health Affairs Emory Univ.& Emory Healthcare Director Internal Audit Emory Univ. &

Emory Health Care General Counsel Emory Univ. Executive VP & Provost Emory Univ. Executive VP for Finance Emory Univ. Director Research Compliance Emory Univ. Director Administrative Compliance CEO, Emory Healthcare

Healthcare Compliance Domain

• Emory Healthcare function

• Established 1990s

• 3 practice plans; 4 owned hospitals; 2 affiliated

hospitals

• Scope

– Billing, coding, CT Billing – Privacy officer for healthcare

(10)

Research Compliance Domain

• Emory University function

• Established 2002

• Scope:

– Basic and clinical research carried out by faculty members in University employee capacity – animal & human subjects – Privacy officer for research functions

– Research integrity officer

– Compliance review for: IRB, IACUC, IBC, Radiation Safety Committee, Conflict of Interest Committee

– CT Billing – Export controls

Administrative Compliance Domain

• Established 2013

• New Position for University

• Covers compliance areas outside of research

and healthcare

(11)

Domain Overlap & Coordination

• Research and Healthcare Overlap Areas: clinical trials contracting,

conduct and billing; HIPAA compliance; FDA/GCP compliance

• Compliance Oversight Committee = Directors of Administrative

Compliance and Internal Audit, Research Compliance & Emory Health Care Compliance

• Compliance Liaison Committee = representatives from University

and Healthcare units with compliance duties

• Joint Compliance Review Committee = IRB Director, Emory Health

Care and Emory Univ. Compliance Officers

Section 2: Key Regulatory Risks

PRIVACY

(12)

Duke Privacy Oversight

• Privacy/Security Workgroup includes

– DUHS, SOM and DU Compliance Officers

– DUHS and DU IT Security Officers

– Director of Internal Audits, IT

• Incident response teams sit within each

compliance office

• Internal Duke Notification Policy defines who is

brought into the loop across internal

organizational lines

• Seen as an institutional compliance priority

University of California

Background & Best Practices

ALL UC AMCs have the following:

1. Privacy Officer, with one or more committees that oversee privacy compliance

2. Process in place to review policies and procedures 3. Annual training requirement

4. Privacy auditing and monitoring program Routine monitoring activities :

• Privacy rounds

• Automated alerts for system accesses

(13)

University of California –

System Initiatives and Privacy Challenges

Challenges

• Protection of data on mobile devices • OCR increased enforcement

• OCR Privacy and Security Audit initiative

Systemwide initiatives include:

• BAA database across system;

• Common NPP and breach response process, • Campus-based liaison for system

Emory University

Privacy Oversight

• Emory University Privacy Officer

• Emory Healthcare Privacy Officer

• Emory University/Emory Healthcare Security Officer

• Breach Analysis Team = Privacy Officers, Security

Officers, Director Risk Mgmt., Vice President for IT,

General Counsel

(14)

Section 2: Key Regulatory Risks

CLINICAL TRIAL BILLLING

Duke Clinical Trials Billing

• Systems controls to identify

– Clinical vs investigative treatments

– Subject enrollment

– Appropriate billing work flow

• Dedicated support group to assist with

– Budget preparation

– Development of “billing matrix”

(15)

Emory University

Clinical Trial Billing –

In transition

• Transition from post-billing adjustment system housed in one

office, to pre-billing scrub system housed in two offices.

• Office of Clinical Research

– Performs coverage analysis; negotiates some trial budgets; some invoicing

– Reports to School of Medicine and Vice President for Research Administration

– Oversees mandatory training for clinical researchers and research coordinators

– Oversees compliance with CT.gov requirements – Coordinates contract and informed consent language

Emory University

Clinical Trial Billing –

In transition

• Office for Clinical Trial Billing

– Oversees billing for clinical trials

– Implements coverage analysis on billing end

– CT subjects flagged and all bills held until properly sorted according to coverage analysis

(16)

• $ 227.5 million in clinical research funding (FY 2011-12)

• Nearly 60% of UC patients are covered by Medicare, Medi-Cal or lack

health insurance

• Compliant management of clinical trial billing requires a broad

understanding of many fragmented, often disconnected, processes and technology

• At the UC AMCs clinical research billing programs in varying levels of maturity, with distributed or quasi-hybrid governance structures in place or being considered; no central governance models

University of California –

Clinical Research Billing Background

 Requires knowledge and effective coordination of multiple functional areas  Requires IT systems to talk

with one another  Requires governance

structure that is effective across multiple silos

Note: While this illustration highlights each step as its own process activity, many of these can be done

Compliant Billing Vetting Feasibility Analysis Coverage Review Billing Plan Budgeting Contracting IRB Approval Enrollment & Informed Consent Registration & Scheduling Charge Capture Charge Segregation

(17)

Accountable Office?

Section 2: Key Regulatory Risks

ACA: ACCOUNTABLE CARE

(18)

An accountable care organization(ACO) is a healthcare organization characterized by a payment and care delivery model that seeks to tie provider reimbursements to quality metrics and reductions in the total cost of care for an assigned population of patients

• A group of coordinated health care providers forms an ACO, which then provides care to a group of patients. The ACO may use a range of payment models (capitation, fee-for-service, with asymmetric or symmetric shared savings, etc.)

• The ACO is accountable to the patients and the third-party payer for the quality, appropriateness and efficiency of the health care provided

• According to the CMS, an ACO is "an organization of health care providers that agrees to be accountable for the quality, cost, and overall care of Medicare beneficiaries who are enrolled in the traditional fee-for-service program who are assigned to it.“

University of California – UC Health

5 AMCs: UC Davis, UC Irvine, UC Los Angeles, UC San Diego, UC San Francisco

10 hospitals with 3,159 licensed beds

4th largest health care delivery system in California

3.9 million outpatient visits in the past year

290,000 emergency room visits

144,000 inpatient admissions

36,000 medical center employees

10,000 nurses

(19)

University of California – ACO Background

University of California – Participation in ACOs

The UC AMCs developing affiliations to facilitate ACO principles:

1. UC Heatlh – unique payor-provider partnership (MOU) with all UC

AMCs and Anthem Blue Cross Blue Shield

• Anthem is the largest insurer in CA, with UC AMCs as the

second largest client on the provider side

• Anthem will provide systems, infrastructure and longitudinal

medical record; UC will contribute the provider experience

• Partners will co-develop protocols that increase health quality,

access and outcomes and reduce costs

• Developing joint product for the CA Health Insurance

Exchange (sets up ACO infrastructure for all UC AMCs with largest insurer in CA)

(20)

• Developing joint product for the CA Health Insurance Exchange (sets up ACO infrastructure for all UC AMCs with largest insurer in CA)

1. UCSF -- Accountable Care Collaborative with Health Net Blue and Gold (UC Beneficiaries)

2. UCSD -- Accountable Care Program for employers in concert with Sterling Health

3. UCLA -- Medicare Shared Savings Program

University of California – Participation in ACOs

(continued)

University of California – ACO Compliance Challenges

• Contract compliance

• Physician relationships

• Accountability to the federal government under various

ACA programs

• Compliant billing

• EHR meaningful use

(21)

Questions of Panel:

1. With increased focus from the Sunshine Act Provisions of the

ACA, how is your institution responding to reduce

reputational and regulatory risk?’

This could include coordination, governance (who ‘owns’

the coordination), tools, etc.

Questions of Panel:

2.

As an AMC with focus on specialty practices, how is your

institution conducting compliance due diligence when

recruiting for partnerships with primary care practitioners in

light of ACO development?

(22)

Questions of Panel:

3.

Have you seen a change in "culture" related to support for,

or against, a comprehensive and robust compliance

department as a results of the myriad changes brought about

by the ACA and other federal initiatives?

If so, what are your thoughts on how to either enhance or

re-invigorate support for compliance?

How do you measure “culture”?

4.

What have been the biggest compliance challenges your

organization has faced with respect to EMR

implementation?

(23)

5. How have your organizations utilized data analytics in

identifying areas to monitor and/or provide additional

resources for ensuring compliance?

Questions of Panel:

6. With potential cut backs and layoffs due to budgetary cuts

(e.g., ACA fiscal restraints, decreased federal reimbursements,

research cuts due to the sequester, if applicable) how is your

compliance departments involved in ensuring that controls are in

place to maintain compliance with applicable regulations?

What types of specific compliance monitoring efforts

References

Related documents