And The Question Is: What are the Key AMC Compliance Focus Areas in the Current Regulatory Environment?

Transcription

1 And The Question Is: What are the Key AMC Compliance Focus Areas in the Current Regulatory Environment? Panel Members: Joan Podleski, Duke University Luanna Putney, University of California Kristen West, Emory University Facilitator: Lynda Hilliard, University of California Session Agenda 1:30-2:30pm The Basics: Structure & Scope of the 3 Compliance Programs 2:40-4:30pm A. Key Regulatory Risks Impacting AMCs 1. Privacy Concerns 2. Clinical Trial Billing 3. ACA: Accountable Care Organizations B. Questions of Panel 1. Questions On How the 3 AMCs are dealing with their potential risk areas 1

2 Section 1 The Basics: Structure and Scope of Compliance Programs Compliance Matters* Impacting Academic Medical Centers (AMC) Federal and State Laws University Policy Research Clinical Research Enforcement Activity Billing RACs (Medicare, CT.Gov Medicaid, ZPICs) Human & Animal Increased provider Research Protection data/reporting ; OIG COI/COC use of data analytics Principal Investigator AMC University Guidance Data Security and Privacy OCR Audits Mobile Devices BAAs Breach Response & Notifications Business Operations EHRs Physician Arrangements Sunshine Act Provisions Outcomes Reporting *Not all inclusive Federal and State Regulations 2

3 University of California Office of Ethics, Compliance and Audit Services Lynda Hilliard, MBA, CHC, CCEP System Deputy Compliance Officer Luanna Putney, PhD, CHC, CCEP Director of Research Compliance Program Overview and Structure Established in 2008 under Regental Resolution to facilitate system-wide compliance with applicable laws, regulations and policies Assures compliance infrastructure is in place to address and mitigate risk priorities Oversees comprehensive reporting mechanisms which allow employees to report suspected violations of UC policies or regulatory obligations Oversees the policy-making process in all areas for which the President has authority Reports high priority and sensitive compliance and/or audit matters to senior leadership and Regents; and tracks matters to completion 3

4 Ethics and Compliance Program Reporting Structure Campus System The Board of Regents UC Chief Compliance and Audit Officer UC Ethics & Compliance Risk Council* (co-chaired by President and SVP/Chief Compliance Officer) Chancellor Campus Oversight and Accountability Campus Ethics & Compliance Risk Committee* (co-chaired by EVC and CECO) Campus Ethics & Compliance Officer (CECO) (Vice Chancellor or above level) Employee Training Reporting Policies & Procedures Corrective Action Monitoring & Auditing Academic Senate Collaboration *Membership to include representation from academic senate and administrative leaders of compliance risk areas; campus refers to UC locations including LBNL, UCOP and ANR *Academic Medical Centers are included in campus definition Office of Ethics, Compliance and Audit Services Organization Chart UC Board of Regents Chief Compliance & Audit Officer (Senior Vice President) Ethics and Compliance Office AMC Chief Health Sciences Compliance Officers have a dotted line reporting relationship to SVP/CCAO Internal Audit General Compliance Research Compliance Health Care & HIPAA Privacy Compliance Investigations Systemwide Policy Function Systemwide Internal Audit UCOP Internal Audit 4

5 Duke University Institutional Compliance Program Joan Podleski, CHC, CHRC Director, Institutional Ethics and Compliance Duke University Institutional Compliance Governance Duke University Board of Trustees Audit Committee Chief Audit Executive Institutional Compliance Steering Committee (President, Chancellor, Provost, EVP, General Counsel, University Secretary, Medicine and Academic Dean) Director, Institutional Ethics and Compliance Program Compliance Liaisons manage specific risks 5

6 Duke University: Compliance Organization Duke University Board of Trustees Duke University Health System Board of Directors DU Audit Committee Chief Audit Executive DUHS Audit Committee Chief Compliance Officer School of Medicine Director, Institutional Ethics and Compliance Program Chief Compliance Officer DUHS Duke University Compliance Program Standards & Responsibilities Governance: Institutional Compliance Steering Audit Committee/Board Program Development & Oversight: Institutional Ethics & Compliance Program Risk Ownership: Senior Leadership / Operational Management Compliance Liaisons Audit: OIA, DUHS & SOM Compliance 6

7 Duke University Compliance Resource Management Strategies On-going risk assessment is key Risk levels should drive resources Automate what you can (COI process) Assess effectiveness of monitoring and training activities - more does not always equal better Management is accountable Defines risk tolerance Drives operational processes Removes barriers to compliance Emory University Compliance Program Structure Kris West, J.D., M.S. Assoc. VP for Research Admin & Director, Office of Research Compliance kwest02@emory.edu (404)

8 3 Compliance Domains Research Compliance Administrative Compliance Healthcare Compliance Compliance Reporting Structure Emory University and Emory Healthcare: separate corporate structures with some combined elements and one Board of Trustees University and Healthcare structures overlap in the area of Research Many historical artifacts 8

9 Compliance Reporting Structure Emory Univ. & Emory Health Care Board of Trustees Audit & Compliance Committee Emory Univ. Executive VP & Provost Emory Univ. Executive VP for Finance Emory Univ. Executive VP for Health Affairs Emory Univ. & Emory Health Care General Counsel Emory Univ. VP for Research Admin. Emory Univ.& Emory Healthcare Director Internal Audit CEO, Emory Healthcare Emory Univ. Director Research Compliance Emory Univ. Director Administrative Compliance Chief Compliance Officer Emory Healthcare Healthcare Compliance Domain Emory Healthcare function Established 1990s 3 practice plans; 4 owned hospitals; 2 affiliated hospitals Scope Billing, coding, CT Billing Privacy officer for healthcare Audit of clinical trials in Emory Healthcare facilities 9

10 Research Compliance Domain Emory University function Established 2002 Scope: Basic and clinical research carried out by faculty members in University employee capacity animal & human subjects Privacy officer for research functions Research integrity officer Compliance review for: IRB, IACUC, IBC, Radiation Safety Committee, Conflict of Interest Committee CT Billing Export controls Administrative Compliance Domain Established 2013 New Position for University Covers compliance areas outside of research and healthcare Housed within Internal Audit 10

11 Domain Overlap & Coordination Research and Healthcare Overlap Areas: clinical trials contracting, conduct and billing; HIPAA compliance; FDA/GCP compliance Compliance Oversight Committee = Directors of Administrative Compliance and Internal Audit, Research Compliance & Emory Health Care Compliance Compliance Liaison Committee = representatives from University and Healthcare units with compliance duties Joint Compliance Review Committee = IRB Director, Emory Health Care and Emory Univ. Compliance Officers Section 2: Key Regulatory Risks PRIVACY 11

12 Duke Privacy Oversight Privacy/Security Workgroup includes DUHS, SOM and DU Compliance Officers DUHS and DU IT Security Officers Director of Internal Audits, IT Incident response teams sit within each compliance office Internal Duke Notification Policy defines who is brought into the loop across internal organizational lines Seen as an institutional compliance priority University of California Background & Best Practices ALL UC AMCs have the following: 1. Privacy Officer, with one or more committees that oversee privacy compliance 2. Process in place to review policies and procedures 3. Annual training requirement 4. Privacy auditing and monitoring program Routine monitoring activities : Privacy rounds Automated alerts for system accesses Electronic review of outbound s to screen for restricted information 12

13 University of California System Initiatives and Privacy Challenges Systemwide initiatives include: BAA database across system; Common NPP and breach response process, Campus-based liaison for system Challenges Protection of data on mobile devices OCR increased enforcement OCR Privacy and Security Audit initiative Emory University Privacy Oversight Emory University Privacy Officer Emory Healthcare Privacy Officer Emory University/Emory Healthcare Security Officer Breach Analysis Team = Privacy Officers, Security Officers, Director Risk Mgmt., Vice President for IT, General Counsel 13

14 Section 2: Key Regulatory Risks CLINICAL TRIAL BILLLING Duke Clinical Trials Billing Systems controls to identify Clinical vs investigative treatments Subject enrollment Appropriate billing work flow Dedicated support group to assist with Budget preparation Development of billing matrix Mandatory training 14

15 Emory University Clinical Trial Billing In transition Transition from post-billing adjustment system housed in one office, to pre-billing scrub system housed in two offices. Office of Clinical Research Performs coverage analysis; negotiates some trial budgets; some invoicing Reports to School of Medicine and Vice President for Research Administration Oversees mandatory training for clinical researchers and research coordinators Oversees compliance with CT.gov requirements Coordinates contract and informed consent language Emory University Clinical Trial Billing In transition Office for Clinical Trial Billing Oversees billing for clinical trials Implements coverage analysis on billing end CT subjects flagged and all bills held until properly sorted according to coverage analysis 15

16 University of California Clinical Research Billing Background $ million in clinical research funding (FY ) Nearly 60% of UC patients are covered by Medicare, Medi-Cal or lack health insurance Compliant management of clinical trial billing requires a broad understanding of many fragmented, often disconnected, processes and technology At the UC AMCs clinical research billing programs in varying levels of maturity, with distributed or quasi-hybrid governance structures in place or being considered; no central governance models University of California Clinical Research Billing Challenges Requires knowledge and effective coordination of multiple functional areas Charge Segregation Vetting Feasibility Analysis Requires IT systems to talk with one another Charge Capture Coverage Review Requires governance structure that is effective across multiple silos Registration & Scheduling Compliant Billing Billing Plan Note: While this illustration highlights each step as its own process activity, many of these can be done simultaneously. Enrollment & Informed Consent IRB Approval Contracting Budgeting 16

17 University of California Clinical Research Billing Best Practices Accountable Office? Section 2: Key Regulatory Risks ACA: ACCOUNTABLE CARE ORGANIZATIONS 17

18 An accountable care organization (ACO) is a healthcare organization characterized by a payment and care delivery model that seeks to tie provider reimbursements to quality metrics and reductions in the total cost of care for an assigned population of patients A group of coordinated health care providers forms an ACO, which then provides care to a group of patients. The ACO may use a range of payment models (capitation, fee-for-service, with asymmetric or symmetric shared savings, etc.) The ACO is accountable to the patients and the third-party payer for the quality, appropriateness and efficiency of the health care provided According to the CMS, an ACO is "an organization of health care providers that agrees to be accountable for the quality, cost, and overall care of Medicare beneficiaries who are enrolled in the traditional fee-for-service program who are assigned to it. University of California UC Health 5 AMCs: UC Davis, UC Irvine, UC Los Angeles, UC San Diego, UC San Francisco 10 hospitals with 3,159 licensed beds 4th largest health care delivery system in California 3.9 million outpatient visits in the past year 290,000 emergency room visits 144,000 inpatient admissions 36,000 medical center employees 10,000 nurses 5,000 faculty physicians UC Health: 18

19 University of California ACO Background University of California Participation in ACOs The UC AMCs developing affiliations to facilitate ACO principles: 1. UC Heatlh unique payor-provider partnership (MOU) with all UC AMCs and Anthem Blue Cross Blue Shield Anthem is the largest insurer in CA, with UC AMCs as the second largest client on the provider side Anthem will provide systems, infrastructure and longitudinal medical record; UC will contribute the provider experience Partners will co-develop protocols that increase health quality, access and outcomes and reduce costs Developing joint product for the CA Health Insurance Exchange (sets up ACO infrastructure for all UC AMCs with largest insurer in CA) 19

20 University of California Participation in ACOs (continued) Developing joint product for the CA Health Insurance Exchange (sets up ACO infrastructure for all UC AMCs with largest insurer in CA) 1. UCSF -- Accountable Care Collaborative with Health Net Blue and Gold (UC Beneficiaries) 2. UCSD -- Accountable Care Program for employers in concert with Sterling Health 3. UCLA -- Medicare Shared Savings Program University of California ACO Compliance Challenges Contract compliance Physician relationships Accountability to the federal government under various ACA programs Compliant billing EHR meaningful use Data privacy and security 20

21 Questions of Panel: 1. With increased focus from the Sunshine Act Provisions of the ACA, how is your institution responding to reduce reputational and regulatory risk? This could include coordination, governance (who owns the coordination), tools, etc. Questions of Panel: 2. As an AMC with focus on specialty practices, how is your institution conducting compliance due diligence when recruiting for partnerships with primary care practitioners in light of ACO development? 21

22 Questions of Panel: 3. Have you seen a change in "culture" related to support for, or against, a comprehensive and robust compliance department as a results of the myriad changes brought about by the ACA and other federal initiatives? If so, what are your thoughts on how to either enhance or re-invigorate support for compliance? How do you measure culture? Questions of Panel: 4. What have been the biggest compliance challenges your organization has faced with respect to EMR implementation? 22

23 Questions of Panel: 5. How have your organizations utilized data analytics in identifying areas to monitor and/or provide additional resources for ensuring compliance? Questions of Panel: 6. With potential cut backs and layoffs due to budgetary cuts (e.g., ACA fiscal restraints, decreased federal reimbursements, research cuts due to the sequester, if applicable) how is your compliance departments involved in ensuring that controls are in place to maintain compliance with applicable regulations? What types of specific compliance monitoring efforts 23