4/2/2010

1

The World According to the (Should-be) All Knowing and

Omnipresent Compliance Gurus

HCCA Annual Compliance InstitutePost-Conference Session – W9

8:00 – 12:00 pm

Wednesday, April 21, 2009

2

Agenda

• Introduction to AHA and AHA Solutions

• Operational Alignment

• Panel Discussion Healthcare Compliance Scenarios

• Q&A and Wrap-up

4/2/2010

2

3

Presenters

Brad Hunter, Director and ModeratorAHA Solutions

Robert Tietjen, President & CEOPolicyTech International, Inc.

Steven Greenspan, Director Govt. Appeals & Regulatory Affairs Executive Health Resources

Steve Bearak, President & CEOIdentity Force

AHA Solutions, Inc.

Overview

4/2/2010

3

Principle Areas of Focus

• AHA has 100+ year history

• 5,000 member hospitals, health

care systems, networks, other

providers of care

• 38,000 individual members

March 16, 2010

In a letter, 249 members of the U.S. House of Representatives strongly urged

the Centers for Medicare & Medicaid Services to revise its proposed

definition and requirements for hospitals to qualify for Medicare and Medicaid

incentive payments as “meaningful users” …

“The EHR rule goes against the intent of Congress to reward those hospitals that already have taken important steps toward implementing EHR systems and to provide incentives to encourage further development,” …

4/2/2010

4

AHA Solutions is focused on improving the operational performance of our nation’s

hospitals. Through a broad variety of services, we provide hospitals with field leadership, education

and research.

Roundtables &

Focus Groups

Audio conferences

& WebinarsAHA-Endorsed

Products & Services

Focused on Five Underlying Strategic Drivers– Capacity – Financial Performance – Informatics/IT

– Workforce – Patient Engagement

Serving Our Members & Providing Information

Best Practices in Health Systems

1. Establish a system-wide Strategic Plan with Measurable Goals

2. Create Alignment Across the Health System with Goals and Incentives

3. Leverage Data and Measurement Across the Organization

4. Standardize and Spread Best Practices Across the Health System

Source: A Guide to Achieving High Performance

in Multi-Hospital Health Systems

March 2010

HRET and The Commonwealth Fund

4/2/2010

5

Increasingly mobile environment

• Enhance clinical productivity, reduce redundant and wasted efforts

and enable faster time-to-treatment

• Enable secure access to the latest medical and patient data; mobile

point-of-care solutions can help clinicians deliver better, more efficient

care

• Help clinicians collaborate efficiently and make fact-based decisions,

supported by more accurate, timely, and comprehensive patient data

and access to evidence-based treatment guidelines

Please rank the value of including the following features in a mobile user management tool.

Source: Managing And Securing Mobile Healthcare Data And Devices – Q3 2009 – Forrester Consulting

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Data Security (ability to poll for and enforce on-device encryption)

Enabling wireless conectivity

Policy violation event alerts / management (device antivirus file out of date, etc.)

52%

38%

33%

38%

37%

42%

10%

21%

23%

2%

2%

2%

6 = Required Component Five Four Three Two 1 - Provides no value

4/2/2010

6

Building on “Meaningful Use” Requirements

Meet short-term financial objectives

And position for long-term strategic objectives*

• While we still have a lot of work to do we are moving from a time in which we

focus on implementing clinical systems to a time where we focus on

leveraging these systems

• This next phase will center on:

– Continuous improvement of processes

– Leveraging of data

– System extensions*John Glaser, PhD Vice President

and CIO Partners HealthCare

February 25, 2008

12

Enable Growth & Improve Governance

Board of Directors

Corporate Governance and Due

Diligence

Right Sizing & Growth

Mergers, Acquisitions, and Divestiture Support

Activities

Compliance Cost Reduction

Preparation &

Remediation

Data Loss Prevention:

Client Information,

Partner Connections,

and Joint Development

Collaboration

Business Drivers

4/2/2010

7

AHA Endorsement Process

Evaluation Criteria• Mission and Vision

• Financial and Operational Stability

• Dedication to Healthcare

• Executive Commitment

• Scalability

• Cultural Fit

• Market Differentiation/Leadership of Product

• Robust Customer Satisfaction

• Solution Functionality

• Current Market Share

• Strong Reference Accounts

• General Company Information

• Customer Service

• Management

• Awards/Press Releases

• Technical Questions

• Overview of product

• Systems

• Staffing

• Interface/Integration

• Reporting

• Implementation

• Training

• Support

• Performance

• Compliance

• Security

4/2/2010

8

Exclusively Endorsed by the AHA for…

• Executive Health Resources (EHR) for “Concurrent & Retrospective Clinical Denials Management, Medicare & Medicaid Compliance Management & Length of Stay Management

• Identity Force for “Identity Theft Protection, Compliance & Data Breach”

• PolicyTech for “Policy & Procedure Management Software and Services”

Healthcare Industry Expert Panel –

Compliance ScenariosRobert Tietjen, President & CEO

PolicyTech International, Inc.

Steven Greenspan, Director Govt. Appeals & Regulatory Affairs

Executive Health Resources

Steve Bearak, President & CEO

Identity Force

4/2/2010

9

Compliance Scenario 1

A Medicare Administrative Contractor (“MAC”) does a

probe audit of 250 stent claims. Your hospital is involved

in the Audit and the MAC has determined that 19 out of

the 20 cases (95% error rate) they looked at for your

facility were incorrectly billed as inpatient rather than

outpatient. What can you do to prevent the above from

happening again?

Compliance Scenario 1 - Recommendations

• Implement a Utilization Review process to meet Conditions of

Participation (42 CFR 482.30) to get the Status Correct

• Why is it Important to get the Status Correct

• Reimbursement – Make sure that you are being reimbursed

properly for your services

• Incorrect overuse of Inpatient

• Incorrect overuse of Observation

• Extrapolation following Self-Audit (Caveat under new Reform Bill with

respect to timing of repayment)

• Removes claims from RAC scrutiny

• Possible DOJ expansion of timeframe

4/2/2010

10

Compliance Scenario 2

So you have an employee who is terminated for failing to

abide by the company’s sexual harassment policy. And the

employee turns around and submits a suit against the

company for failure to inform him/her of the policy. What

would you suggest they do to protect themselves from

litigation?

Compliance Scenario 2 - Recommendations

• Review your processes for timeframes of initial hire.

• Communicate to management the need

• Make sure this necessity is adequately addressed in manager

orientations,

• Have QA track metrics of how quickly signatures are being collected

by managers, and provide monthly reports showing compliance status

• Recognize that this task may require a part-time to full-time assistant

• Document and communicate effectively to managers the need to

review employee records before termination, to ensure they have

signed-off on critical policies or procedures related to termination cause.

• Ensure that you have a robust archival system so you can quickly

access past procedures that may have been relevant when the

employee was hired.

4/2/2010

11

Compliance Scenario 3

I work at a mid-sized hospital and learn that in late

March 2010 a hospital-owned laptop was stolen from

one of the organization’s health centers. The laptop

contains medical and personally-identifiable

information on 785 patients. The data was not

encrypted, but the computer is password protected.

What are the steps we must take immediately, and

what should we be prepared for in the future?

Compliance Scenario 3 - Recommendations • Best Practice approach includes response plan & service contracts in

place

• Incident investigation, tracking and assessment

• Evaluation of “Harm Threshold”

• Determine appropriate response and id theft prevention/protection

services

• Notification to affected individuals

• Notification to HHS

• Management of ongoing id theft prevention/protection services

• Prepare for media inquiries

• Prepare for patient inquiries

• Prepare for HHS Audit

4/2/2010

12

Compliance Scenario 4 A Medicare Administrative Contractor (“MAC”) does a probe

audit of 250 stent claims. Your hospital is involved in the

Audit and the MAC has determined that 19 out of the 20

cases (95% error rate) they looked at for your facility were

incorrectly billed as inpatient rather than outpatient. What

are the consequences and what can I do about it after the

fact?

Compliance Scenario 4 - Recommendations • Pre-Payment Review and other Scrutiny (Additional Post-Payment Audits

RAC – DOJ expansion of MAC findings)

• Negative publicity based upon Metrics – “killing more people”

• Discussion with Medicare Administrative Contractor if you believe you are

being improperly targeted and/or to get a better understanding of the

criteria they are using for determining medical necessity.

• Appeal when Appropriate

• Favorable determinations – use to hold MAC accountable

• Use all arguments, both legal and clinical

• If UR process in place, argue Limitation on Liability (Section 1879 of

Social Security Act)

• Depending on length of look-back period and knowledge of provider,

argue Waiver of Liability (Section 1870 of Social Security Act)

•Prepare for other Audits

4/2/2010

13

Compliance Scenario 5

You are the manager of the Human Resources Department,

and because your assistant is fairly new and lacks

knowledge of company policy, the questions that would

normally go to him regarding benefits and payroll issues are

coming to you instead. And you don’t see him being able to

get enough experience and knowledge for several months

still. How do you ensure that he gets trained fast enough to

divert these time wasting questions from the work you

desperately need to accomplish?

Compliance Scenario 5 - Recommendations• Create and keep updated a mind-map hierarchy of your policy system so you can quickly see what policies and procedures you have, and be able to flag which ones need enhancement, as well as which still need to be created.

• Ensure that policies and procedures are readily accessible in every department, and are updated immediately

• Review table of contents often to make sure they correlate with what is actually published.

4/2/2010

14

Compliance Scenario 5 - Recommendations• Review process that oversees communication of policy to ensure that employees that have a “need to know” are signing off their understanding and/or proving comprehension.

• Provide a simple way for employees to provide feedback on each procedure, as well as a way to keep those comments with the original document for consideration during periodic reviews.

Compliance Scenario 6I work at a mid-sized hospital in the Great Lakes area. Since last year,

we have experienced a measurable uptick in cases of medical identity

theft and fraud related to the misuse of patient identification (sharing of

IDs, identity theft, etc.). We know that elements of the Red Flags Rule

are meant to help address this issue, but the law is not in full force yet.

We are obviously concerned about this issue from the financial loss

and fraud perspective, and have also realized that (especially as we

move towards EHRs) inaccurate patient medical records is a serious

concern. What can be done to stem the tide of fraud and ID misuse?

4/2/2010

15

Compliance Scenario 6 - Recommendations

• Bring facility in compliance with RFR

• Enable incident reporting and tracking

• Identify and protect against “frequent flyers”

• Ongoing, Web-based training

Compliance Scenario 7 You follow the current healthcare news and see that several

Medicare Administrative Contractors through the country are

focusing on one-day stay Chest Pain admissions, finding that

in the majority of audits that the claim should have been

billed as an outpatient procedure. In addition, you

understand that the DOJ has now begun to look at one-day

chest pain stays; even though they don’t believe there are

necessarily any false claim issues. You know that most of

your physicians are handling their one-day chest pain cases

as inpatients.

4/2/2010

16

Compliance Scenario 7 - Recommendations

• Buy or Build evidence based content to allow for risk stratification ofhigh risk targets

• Begin Concurrent UR process for Chest Pain going forward• Determine from a data analysis – is this error or something more?• Determine whether a repayment strategy or self disclosure is

appropriate• Audit charts using trained Physician Advisors (who understand both

clinical and regulatory guidance pertaining to these procedures) • Use audits to set reserves, make paybacks, extrapolate etc.• A proactive process and cooperation with the MAC may save you a

lot of headaches down the road.

Compliance Scenario 8 You are the Quality Assurance Manager, but because policies and procedures are so important in managing quality, you are put in charge of them as well. Is this really something that an individual can do “on the side?”

4/2/2010

17

Compliance Scenario 8 - Recommendations• Track metrics to make sure documents are moving through the system

in a timely process

• Create organizational charts of how each process ties to each policy,

and each procedure/form to each process

• Maintain a mind-map of all of the documents to decipher which

procedures or processes have not been created

• Track employee comments and ensure that authors are reviewing

them when reviewing documents

• Follow up with managers to get procedures written and approved

quickly

• Keep an updated table of contents

• Make sure there are not duplicate procedures in various departments

• Train managers on how to write policies and procedures

• Make sure procedures are formatted correctly according to the

company’s standardized process

• Create and maintain policies that set forth the company’s

standardized process

• Make sure there are no missing approval signatures

• Examine review and approval dates to guarantee they coordinate

with effective dates

• Review critical procedures to guarantee correct regulatory standards

are referenced

• Track metrics to ensure employee attestations are happening in

timely manner

• Coordinate with Education Department to ensure comprehension of

critical procedure

Compliance Scenario 8 - Recommendations

4/2/2010

18

Compliance Scenario 9

I work at a fairly large West Coast hospital, and we are

investigating what could be our 14th data breach in the

last 12 months. The breaches have been large

(hundreds of records) and small (dozens of records),

paper and digital, and a variety of causes – employee

error, business associate error, and theft. We have lots

of protections in place, but this is as much or more of a

problem than ever. What, if anything, can we do to

address this problem on an organizational basis?

Compliance Scenario 9 - Recommendations

• Build a “Breach-free Culture”

• Identify risks (including those outside IT network)

• Best Practice written policies and procedures… but they only go so far

• The results will come with effective training

• Facility-wide

• Certification process for training

• Initial training for all employees

• Training for all new hires

• Periodic refreshers for employees

4/2/2010

19

Compliance Scenario 10

The floor is open for discussion!

“So, I have heard that another hospital had this issue…”

Plans Monday Night?

AHA Solutions Annual Networking Dinner

Join Us for Dinner, Networking, Learning & Fun

When: Monday, April 19th 7:00-9:00pm

Where: Reunion Tower at Dallas Union Station

Wonderful dinner while overlooking the city skyline!

4/2/2010

20

39

Question & Answer Session and Thank you!To our Expert Panel

Robert Tietjen, President & CEO, PolicyTech International, Inc.

Steven Greenspan, Director Govt. Appeals & Regulatory Affairs, Executive

Health Resources (EHR)

Steve Bearak, President & CEO, Identity Force

Visit AHA Solutions at Booth #510

Visit AHA-Endorsed Solution Provider Booths too!

– Certiphi; Booth #308 – Cyracom; Booth #816

– EHR; Booth #406 – Identity Force; Booth #717

– PolicyTech; Booth #724

40

Contact Information

Brad Hunter, DirectorAHA Solutions – bhunter@aha.org / 312-895-2527

Robert Tietjen, President & CEOPolicyTech International – robert@policytech.com / 208-359-8123

Steven Greenspan, Director Govt. Appeals & Regulatory AffairsEHR – sgreenspan@ehrdocs.com / 484-567-5157

Steve Bearak, President & CEOIdentity Force – sbearak@identityforce.com / 508-788-9400