«CALL TO ORDER Ms. Emily A. Youssouf Adoption of Minutes December 4, 2014 Ms. Emily A. Youssouf • INFORMATION ITEMS Audits Update Mr. Chris A. ...»
Telano to the next meeting of the Contract Review Committee. The scanner is important because there are too many manual things happening in this process. Once you have a scanner, then the manual things that you have to do are much more limited. In the interim we are now bringing the Coler time sheets to Bellevue to be scanned to make this work better. Our network has the most employees, which is why we need additional scanners.
Mr. Page asked how many scanners are you talking about? Mr. Cohen responded that we have one right now. We asked for two more and we were turned down.
Mr. Page asked if this kind of thing you buy from your local store on Broadway. Mr. Cohen answered that it is a bigger deal than that. It is one for HHC’s payroll system and probably each network has one.
Mr. Page asked if it is literally wired into the payroll system? Mr. Cohen answered that that is correct.
Mr. Martin stated that he was not aware that they had come and he will speak to the Senior Vice President of the network to make sure that happens.
Mr. Telano then continued and stated that on page nine of my briefing is the audits we are currently working, and on page ten is the status of our follow-up audits and if there are no further comments or questions, I conclude my presentation.
Mrs. Bolus then turned to Mr. McNulty for an update of Corporate Compliance.
Mr. McNulty saluted everyone and began his update on page three of the Corporate Compliance Report (the “Report”) by discussing the HHC Compliance Program Certification. Mr. McNulty informed the Audit Committee (the “Committee”) that under the Social Services Law and its implementing regulations, HHC is required to annually certify, establish and maintain an effective corporate compliance program aimed at detecting fraud, waste and abuse and to put in place a system of controls to deter and detect fraudulent and criminal conduct. Mr. McNulty explained that to be an effective compliance program, the compliance program must cover the following seven key core areas: (i) billings;
(ii) payments; (iii) medical necessity and quality of care; (iv) corporate governance; (v) mandatory reporting, such as overpayments; (vi) credentialing; and (vii) other risk areas that are or should be with due diligence identified by HHC.
Mr. McNulty further explained that an effective compliance program must also consist of eight elements and continued by listing seven of the eight elements: (i) the development of written policies and procedures on corporate compliance issues that include a code of conduct and a code of ethics; (ii) the designation of a chief corporate compliance officer;
(iii) the development of a training and education program on compliance issues; (iv) the establishment of direct communication lines between the corporate compliance officer and the workforce members throughout the organizations including the establishment of a toll-free hotline; (v) the implementation of a system designated to routinely identify risks; (vi) the establishment of a system to respond to compliance issues as they are identified: and (vii) the creation of a policy that prohibits the intimidation or retaliation of individuals who participate in the compliance program in good faith.
Mr. McNulty continued by discussing the certification program further. In summary, he stated that every year the Office of Corporate Compliance (“OCC”) has to certify through the Office of the Medicaid Inspector General’s (“OMIG”) website that HHC has an effective corporate compliance program. In summary, he stated that the certification is performed by the President and Chief Executive of the Corporation, Dr. Raju, advising that the certification would be performed at the end of December. He informed the Committee that documentation of the eight elements must be kept. He stated that the eight elements may be audited by OMIG. In summary, he added that, because OMIG generally audits a handful of hospitals throughout the State every year, OCC maintains documentation that HHC satisfies all of the elements.
Mr. McNulty continued to page four of the Report and updated the Committee on the previously reported data breach at the East New York Diagnostic Treatment Center (“East New York”). He reminded the Committee that the subject breach occurred when medical records were stored in an employee garage in East New York, stating that these records came from five previously closed clinics. He informed the Committee that breach notification was provided to the 10, 058 affected patients, as well as the Office of Civil Rights of the United States Department of Health and Human services. In summary, he stated that notice of the breach was provided on HHC’s website and to major media outlets throughout New York State. He informed the Committee that the cost of the breach to provide patient notification and credit monitoring and identity theft services to all affected patients totaled $53, 376.
Mrs. Bolus asked who that is charged to? Mr. McNulty responded that it comes from the OCC budget.
Mrs. Bolus asked that if the breach occurred at East New York, why is it then you have to pay for it. Mr. McNulty answered that historically we handle the data-breach vendors, and therefore we respond to data breach and we make the evaluation of the types of services that have to be provided to the patient because it is not every HIPAA incident that results in actual breach that we would have to provide these notifications, so historically it is budgeted every year that we have a certain amount of money allocated to respond to data breaches.
Mr. Page asked what is our obligation to maintain records when we close? Mr. McNulty said that when you a close a clinic, you have to establish a facility closure plan with the Department of Health, and the Department of Health outlines where those records should go and how they should be stored. In this particular process, that was not followed when this facility closed. We have to store depending on the type of records. If a record is related to a minor, we have to keep them until the minor is 21 years old. If it is a record pertaining to any other patient, we have to keep it six years. If it is a record that was dealing with the billing of Medicaid or Medicare, we have to keep it for ten years.
Mr. Russo added that generally, the closure plan focuses on two things: one, transition of patients to another setting and two, the maintenance of records.
Mr. McNulty continued by advising the Committee that, in addition to the closure plan, a procedure was developed that the facility executive directors must now follow. He stated that the procedure should be out by the end of the month, and it designates a specific person who would be responsible to make sure the records get from point A to point B, explaining that, in sum and substance, the records would either go to the facility medical records department or to HHC’s offsite vendor, City Storage. He advised the Committee that he would be personally visiting all of the diagnostic treatment centers, citing that in the past month he visited Gouverneur, Renaissance, and Belvis by performing a walkthrough of the medical records departments at those sites.
Mr. McNulty moved on to the next item on the Report – the Compliance Reporting Index for the Third Quarter of Calendar Year 2014. He advised the Committee that for the third quarter, July 1 to September 30, 2014, there were 110 compliance-based reports. He noted that one was classified as a Priority A report, 51 were Priority B reports and 58 were Priority C reports. He elaborated that, of the 110 reports, 55 were received by the OCC through its anonymous tell-free compliance hotline. He stated that 19 reports were also received through e-mails, and 11 were through face to face. He added that 11 were received directly through telephone call to OCC. He stated that, with regard to the different categories of complaints received, the majority, 36 or 32% pertained to policy and process integrity - - mainly violation of corporate OPs or violations of statutes and regulations.
Mr. McNulty continued on to section IV, the Privacy Reporting Index for the Third Quarter, explaining that 29 incidents were reported through the HIPAA Complaint Tracking System. He further explained that, out of those, 12 were found to be actual violations of the HHC HIPAA Privacy Operating Procedures (“OPs”) and 13 were found not to be a violation of said OPs. He advised that, out of the 12 that were found to be violations, 3 were determined to be breaches of protected health information, which he informed the Committee he would detail in the executive session.
He noted that one of those breaches was the East New York breach that we discussed earlier.
Mr. McNulty moved along to page six of the Report advising the Committee that there were no reports of excluded providers since the last time the Committee convened on October 2, 2014. Mr. McNulty then concluded the Report.
Mrs. Bolus then stated that they going into executive session.
Mrs. Bolus stated that they are back from the Executive Session; they discussed matters that were confidential and related to patient care and quality assurance as well as ongoing investigations.
There being no further business, the meeting was adjourned at 11:43 A.M.
Completion of Compliance Program Certification ….……..….……..…..…Pages 3-4 I.
II. Completion of Deficit Reduction Act Certification
Report on HHC’s Compliance with HIPAA Security Rule Risk Analysis III.
Requirements..………………………………………………………………Pages 7-12 IV. Compliance Reporting Index for the Fourth Quarter of Calendar Year 2014 (“CY2014”) …………………………………………………….…………...Pages 12-13 Privacy Reporting Index for the Fourth Quarter of CY2014..…..…….Pages 13-14 V.
Monitoring of Excluded Providers ……………………………….…….......….Page 14 VI.
April 2015 Audit Committee – Report on Ongoing Compliance Matters….......
I. Completion of Compliance Program Certification Background
1) Pursuant to Social Services Law § 363-d and 18 NYCRR part 521, HHC is required to establish and maintain an effective compliance program that covers the following seven areas: (i) billings; (ii) payments; (iii) medical necessity and quality of care: (iv) governance; (v) mandatory reporting; (vi) credentialing; and (vii) other risk areas that are or should with due diligence be identified by HHC.
Required Elements of an Effective Compliance Program
2) In addition to the above, an effective compliance program must contain the following eight elements: (i) the development of written policies and procedures that, among other things, describe compliance expectations as embodied in a code of conduct or code of ethics, implement the operation of the compliance program, and provide guidance to employees and others on dealing with potential compliance issues; (ii) the designation of an employee vested with responsibility for the day-to-day operation of the compliance program; (iii) the development and implementation of a training and education program concerning the compliance program, its expectations, and its scope of operation - such training and education must reach the governing body; (iv) establishment of direct communication lines to the employee vested with the day-today direction of the compliance program that are accessible to workforce members, including executives and the governing body, as well as persons associated with the provider; (v) establishment of disciplinary policies to encourage the good faith participation in the compliance program; (vi) implementation of a system designed to routinely identify, evaluate, and address corporate vulnerabilities and risks; (vii) establishment of a system designed to respond to compliance issues as they are raised and/or identified; and (viii) the creation of a policy that prohibits intimidation or retaliation for the good faith participation in the compliance program.
Certification Completed on December 2014
3) On December 22, 2014, HHC President and Chief Executive Officer Ramanathan Raju, M.D., through the New York State Office of the Medicaid Inspector General’s (“OMIG”) website, certified that HHC has an effective compliance program. Specifically, Dr. Raju
certified that HHC has done the following:
established routine training and education of all affected employees and persons associated with the provider, including executives and governing body members, on compliance issues, expectations and the compliance program;
provided all employees and persons associated with the provider access to the compliance officer to allow for compliance issues to be reported, including a method for anonymous reporting;
established disciplinary policies been implemented and enforced to encourage good faith participation in the compliance program by all affected individuals;
established a system for routine identification of compliance risk areas specific to your provider type and do you conduct audits of those risk areas;
established a system for investigating and responding to compliance issues as they are raised, including reporting compliance issues to DOH or OMIG and refunding overpayments;
implemented a policy of non-intimidation and non-retaliation for good faith participation in the compliance program;
II. Completion of Deficit Reduction Act Certification Background Pursuant to the Deficit Reduction Act (“DRA”) of 2005, the New York City Health and 1) Hospitals Corporation (“HHC”) is required, as a condition of its participation in the Medical Assistance Program (“Medicaid”), to establish written policies and procedures that inform its
employees, contractors, agents, and other persons about the following1:
HHC’s internal policies covering the prevention and detection of fraud, waste, and abuse;
the federal False Claims Act and any similar law under the State of New York that governs false claims and statements; and whistleblower protections under federal and State laws.