Regulatory Compliance Oversight

Transcription

1 Regulatory Compliance Oversight The Commercial Business Perspective February 7, 2011 Lisa White Vice President, Corporate Compliance & Advocacy The Lifetime Healthcare Companies (315) Overview Who We Are - The Lifetime Healthcare Companies Our Guiding Principles The Elements of Our Compliance Program Closed Loop Process Front-End Process Compliance Oversight Committee Back-End Surveillance Monitoring Auditing Compliance 360 o Reporting Connecting the Dots Summary 2 Lifetime Board of Directors 1

2 The Lifetime Healthcare Companies A family of companies that provide health coverage and health care services to 1.7 million people. Our $5 billion nonprofit company is headquartered in Rochester, N.Y., and employs more than 6,000 workers throughout Upstate New York through nationally recognized businesses. Excellus BlueCross BlueShield New York State's largest not-for-profit health plan Univera Healthcare Managed care, indemnity and dental plan options to groups and individuals MedAmerica Insurance Company Long-term care insurance for individuals and employer groups EBS-RMSCO, Inc. Employee benefit programs with consulting, administrative services and risk management solutions Lifetime Care Home health services, hospice, durable medical equipment, and nursing services Lifetime Health Medical Group Comprehensive health care services through health centers and medical offices Support Services Alliance, Inc. Group insurance products and business services for small businesses 3 Guiding Principles The Lifetime Healthcare Companies are committed to full compliance with all applicable laws, rules, regulations and mandates. The resulting regulatory implementations and internal policies form the foundation of the Corporate Ethics and Compliance Program. To achieve regulatory compliance, a demonstration of commitment and adherence to all applicable laws and regulations is required to maintain the integrity of the program. The principle focus of regulatory compliance within the Corporation is on the identification of broken processes resulting in non-compliance, new implementations, tracking remedial activities, measuring change and reporting outcomes. 4 Lifetime Board of Directors 2

3 (Contracts) 1/21/2011 Elements Regulatory Compliance (Incidents/Documents/Projects) Regulatory Inquiry Surveillance/Risk Identification Implementation/Corrective Action Monitoring and Examination Ethical Compliance (Incidents/Documents) Ethics Inquiry/Investigation Conflict of Interest Code of Conduct Organizational Education Contract Management Vendor/Business Associate Human Resources Privacy Office Other Privacy Tracking Accounting Of Disclosure Inquiries Investigations (Incidents) Policy Development (Policies) Organizational Education (Incidents, Documents) Ethics Advisory Committee Compliance Oversight (Incidents) Data Review Corporate Policy (Policies) Policy Acknowledgement Surveys (Surveys) 5 Closed Loop Process Identify Issues Internal & External Sources Broke/Fix Front-End Front End Repository Compliance Committee Corrective Action Back-End Monitoring & Auditing Re-identification Reporting 6 Lifetime Board of Directors 3

4 Front-End Process Identify Issues Internal & External Sources Broke/Fix New Regulatory Implementations Legal counsel provides interpretation Front-End Intake & Triage Risk Assessment Determination of Compliance Program Involvement Assign Ownership to Appropriate Business Area Business Area resolves; Compliance oversees Front-End Repository or Compliance Oversight Committee? 7 Compliance Oversight Committee Issues that may raise compliance-related questions, or have significant risk, are brought to the Compliance Oversight Committee for management and resolution. Chaired by the Compliance Officer or designee monthly Ensures all new and modified state and federal laws, including mandates, rules and regulations impacting the health plan are identified, assessed, implemented and monitored Addresses and analyzes areas of risk for identified issues within the health plan, determines an accountable individual, monitors progress to resolution and conducts ongoing risk-assessment Serves as a forum for resolution for issues or concerns around existing laws and regulations 8 Lifetime Board of Directors 4

5 Back-End Surveillance Corrective Action / Completed Implementation Business area provides evidence to demonstrate that the problem has been corrected or the regulation has been implemented Risk Re-assessment Surveillance efforts are defined by the needs of the organization and those issues with the greatest known risk are the areas of focus Surveillance / Risk - Critical Questions 1. Related to an existing Regulatory issue? 2. Repeat violation? 3. Appropriate internal controls in place? 4. Issue corrected or implementation done with a manual workaround? 5. Anyone else providing oversight? Risk determines back-end process: Monitoring or Auditing 9 Monitoring Long Term Risk Mitigation Initiatives Promises -commitments made to the organization internally and to regulatory agencies Promise Process -surveillance activities to validate on-going compliance with supporting evidence and mitigate repeat issues New Items -such as those coming off Compliance Oversight Committee Monitored Annually unless risk requires more frequency Business Owner Attestation 10 Lifetime Board of Directors 5

6 I attest that I have examined the promises assigned to my area, and have appropriately indicated whether or not there were significant changes in internal controls, or in other factors that could significantly affect internal controls, subsequent to the initial date of the promise. This includes any corrective actions with regard to significant deficiencies and material weaknesses. I have also immediately reported to appropriate levels of management any significant control failings or weaknesses that have been identified, together with the details of the corrective action being undertaken. 11 Auditing Performed on promises related to high-risk issues as well as other examinations determined by management. Auditing may be selected if one or more of the following parameters are satisfied: Corrective or implementation activities of high risk issues have been completed Repeat Statement of Deficiency Exam has been recommended by management or the Compliance Oversight Committee Evidence of a lack of established internal controls External audits have not been performed Compliance conducts or supervises audits of department activities as appropriate, to assure compliance with Compliance Program standards and goals, or in response to specific reports of possible non-compliance. 12 Lifetime Board of Directors 6

7 Regulators Customers Business Partners Providers Legislators Front-End Repository Intake & Triage Monitoring & Auditing Compliance Committee 13 Compliance 360 o Compliance 360 o is a web based software application that: Enables the organization to assess corporate risk Forces accountability to the business owner Facilitates identification of best practice solutions Provides a mechanism to track and respond to regulatory implementations/changes Manages user access based on predetermined security settings Provides the capacity for one module to interface with another, facilitating the closed-loop process Uploads electronic documentation to facilitate the tracking and storage of historical documentation Manages long-term compliance and enhances our collaborative efforts Compliance 360 o has enabled our organization to achieve a risk-driven, closedloop of continuous surveillance, measurement, evaluation, remediation, re-measurement, and reporting. 14 Lifetime Board of Directors 7

8 Executive Summary Monthly report of key regulatory concerns and resolved issues Promise Summary Global overview of the types of promises reviewed and those that have not been attested to or validated, delivered at the close of the quarter Audit Reports Generated on both a preliminary and final basis A final exam report is distributed following response from the Compliance Delegate Board of Directors (BOD) Regulatory Reporting The Compliance Officer reports on regulatory matters to the Audit Committee of the BOD at every BOD meeting BOD Committees review details of most significant issues Full BOD receives statistical report copies and periodic reports on key legal, audit and compliance issues 15 Connecting the Dots Compliance and Risk Functions Ongoing Dedicated Staff and Resources Linked to Strategic and Operations Activities Direct Access to CEO Direct Access to the Board of Directors Attend All Board Meetings Periodic Routine Reports Additional Reports As Needed Engaging Delegates Collaboration with Corporate Audit 16 Lifetime Board of Directors 8

9 Summary Closed Loop Process: Find and Track Risk Assessment and Triage Research and Prioritize Remediation Determination/Oversight Reassess, Monitor and Audit Report Lifetime Board of Directors 9