To:LHS Medical Staff

From:Barbara A. Holfelner, VP Risk Management, Patient Safety and Compliance

Re:LHS Medical Staff Corporate Compliance Training

The role of the Medical Staff is crucial to an effective Corporate Compliance program. We have compiled a Corporate Compliance document to serve as a learning and resource packet; this packet is now part of the appointment and reappointment process.

Please find the following documents included in this LHS Medical Staff Corporate Compliance packet:

Agreements:

  1. Medical Staff Access and Confidentiality Agreement Tab A
  2. Privacy Acknowledgment and Non-Disclosure AgreementTab B

Mandatory Compliance, HIPAA and False Claims Act Training:

  1. Annual Healthcare Compliance EducationTab C

Policies:

  1. Medical Staff Corporate Compliance Code of Conduct,

Policy AS0045CCPTab D

  1. Prohibition against Contracting with Sanctioned

Individuals or Companies, Policy AS0036CCPTab E

Attestation Sheets:

  1. LHS Medical Staff Attestations Regarding Corporate ComplianceTab F

Please review each of the above listed documents.

Once all documents have been reviewed, please:

  1. Remove the Medical StaffAttestations Regarding Corporate Compliance document (Tab F) from your packet;
  2. Sign the last page of the Attestation Sheets;
  3. Make notations as appropriate;
  4. Return both pages of the Attestation Sheets to a Medical Affairs Office listed below.

Return onlythe Medical Staff Attestations Regarding Corporate Compliance document to either:

Our Lady of Lourdes Medical CenterLourdes Medical Center of Burlington Co.

1600 Haddon Avenue218 Sunset Road

Camden, NJ 08103Willingboro, NJ 08046

Attn:Patricia McCurdy, Attn:Karen Morales,

Medical Affairs OfficeMedical Affairs Office

Fax: 856.580.6343Fax:609.835.3093

Scan & Email: Scan & Email:

Thank you for your support.

Barbara A. Holfelner,

VP Risk Management, Patient Safety and Compliance

LHS Corporate Compliance Department

Lourdes Health System

Phone: 856.757.3642

TAB A

Medical Staff Access and Confidentiality Agreement

Our Lady of Lourdes Health Care Services, Inc.

MEDICAL STAFF ACCESS AND CONFIDENTIALITY AGREEMENT


As a member of the Medical Staff with privileges at Our Lady of Lourdes Health Care Services, Inc. and Affiliates (OLLHCS, Inc.)(hereafter referred to as "Medical Staff Member"), you may have access to what this agreement refers to as "confidential information." You may learn of or have access to some or all of this confidential information through a computer system or through your professional care of patients. The purpose of this agreement is to confirm your understanding of your duties regarding confidential information.

Confidential information is valuable, sensitive and protected by law and OLLHCS, Inc.’spolicies. As a Medical Staff Member, you are required to conduct yourself in strict conformance to applicable laws and OLLHCS, Inc.’spolicies and to abide by the duties described below governing confidential information.

You will be responsible for your misuse or wrongful disclosure of confidential information and for your failure to safeguard your access code or other authorization access to confidential information. You understand that your failure to comply with the duties described below and this Agreement may also result in loss of privileges to access confidential information, loss of Medical Staff privileges and to legal liability.

As a Medical Staff Member, you must understand that you will have access to confidential information that may include, but is not limited to, information relating to:

  • Patients (e.g., records, conversations, admittance information, patient financial information, etc);
  • Associates (e.g., salaries, employment records, disciplinary actions, etc.);
  • OLLHCS, Inc. (e.g., financial and statistical records, strategic plans, internal reports, memos, contracts, peer review information, communications, proprietary computer programs, source code, proprietary technology, etc.); and
  • Third parties (e.g., computer programs, client and vendor proprietary information source code, proprietary technology, etc.).

Accordingly, as a condition of, and in consideration of, your access to confidential information, you promise that:

1)You will use confidential information only as needed to perform your legitimate duties as a Member of the Medical Staff and treater of patients affiliated with OLLHCS, Inc. This means, among other things, that:

a)You will only access confidential information needed to treat your patients or fulfill your responsibilities at OLLHCS, Inc.; and

b)You will not in any way divulge, copy, release, sell, loan, review, alter or destroy any confidential information except as properly authorized within the scope of your professional activities as a Member of the Medical Staff and treater of patients affiliated with OLLHCS, Inc.and

c)You will not misuse or fail to safeguard confidential information.

2)You will safeguard and will not disclose your access code or any other authorization you have that allows you to access confidential information. You accept responsibility for all activities undertaken using your access code and other authorization.

3)You will report activities by any individual or entity that you suspect may compromise the confidentiality of confidential information.

4)You understand that your obligations under this Agreement will continue after termination of your privileges as a Member of the Medical Staff. You understand that your privileges to access and use confidential information are subject to periodic review, revision and if appropriate renewal.

5)You understand that you have no right to ownership interest in any confidential information referred to in this Agreement. OLLHCS, Inc.may at any time revoke your access code, other authorization, or access to confidential information.

6)Medical Staff Members are required to acknowledge their understanding of and compliance with this Medical Staff Access and Confidentiality Agreement as part of the initial appointment and reappointment process. Each medical staff member shall indicate their understanding of the compliance requirements and their recognition of their responsibility to remain knowledgeable about OLLHCS, Inc.’s compliance standards on the “Physician Attestations Regarding Corporate Compliance” document, which is included in the Lourdes Health System Medical Staff Compliance packet (See OLLHCS, Inc.’s Policy AS0024CCP, Corporate Compliance – Physician Training and Education Policy).

TAB B

Privacy Acknowledgment and Non-Disclosure Agreement

Our Lady of Lourdes Health Care Services, Inc.

PRIVACY ACKNOWLEDGMENT AND NON-DISCLOSURE AGREEMENT


Our Lady of Lourdes Health Care Services, Inc. and Affiliates (OLLHCS, Inc.) is committed to protecting the privacy of all patients and protecting the confidentiality of their health care information. While working with patients at or for OLLHCS, Inc., I realize that I may have access to or become aware of confidential patient medical information, whether or not I am directly involved in providing care to that patient.

I understand that I must keep this information in the strictest of confidence. As a condition of my employment or work at OLLHCS, Inc., I agree that I will not verbally or in any written form disclose confidential patient information to any unauthorized person or permit any unauthorized person to examine or make copies of any patient’s records, reports, other documents, or data files prepared, controlled, or accessible by me at any time during or after my employment or work at OLLHCS, Inc. I also agree that I will not examine, use or disclose confidential patient medical information except as needed to perform the duties of my job.

For those Workforce Members who have access to OLLHCS, Inc.’s Computer Information

Each person accessing OLLHCS, Inc.’s data and resources holds a position of trust relative to this information and must recognize the responsibilities entrusted in preserving the security-and confidentiality of this information. Therefore, all persons who are authorized to access data and resources, both through Hospital information systems and through individual department's local area networks and databases, must read and comply with OLLHCS, Inc.’s policy. Violators also may be subject to penalties, including disciplinary action, under policies of OLLHCS, Inc. and under Federal and State laws.

The following specific principles of computer and network systems are applicable to all of OLLHCS, Inc. trustees, officers, leadership associates, managers, supervisors, associates, medical staff, house staff, contractors, volunteers, students and others regardless of their job classification or position. I will:

  • Respect the privacy and rules governing the use of any information accessible through the computer system or network and only utilize information necessary for performance of my job.
  • Respect the ownership of proprietary software. For example, I will not make unauthorized copies of such software for my own use, even when the software is not physically protected against copying.
  • Respect the finite capability of the systems, and limit my own use so as not to interfere unreasonably with the activity of other users.
  • Respect the procedures established to manage the use of the system.
  • Prevent unauthorized use of any information in files maintained, stored or processed by OLLHCS, Inc.
  • Not seek personal benefit or permit others to benefit personally by any confidential information or use of equipment available through my work assignment.
  • Not operate any non-licensed software on any computer provided by OLLHCS, Inc.
  • Not exhibit or divulge the contents of any record or report except to fulfill a work assignment and in accordance with OLLHCS, Inc.’s policy.
  • Not knowingly include or cause to be included in any record or report, a false, inaccurate, or misleading entry.
  • Not remove or copy any record or report from the office where it is kept except in the performance of my duties.
  • Report any violation of this policy.
  • Understand that the information accessed through all OLLHCS, Inc.’s information systems contain sensitive and confidential patient care, business, financial and hospital associate information that should only be disclosed to those authorized to receive it.
  • Not release my authentication code or device to anyone else, or allow anyone else to access or alter information under my identity.
  • Not utilize anyone else's authentication code or device in order to access any OLLHCS, Inc.’s computer systems.
  • Respect the confidentiality of any reports printed from any information system containing patient information and handle, store and dispose of these reports appropriately.
  • Not divulge any information that identifies a patient except as permitted by OLLHCS, Inc.’spolicies and applicable law.
  • Understand that all access to the systems will be monitored.
  • Understand that my obligations under this Agreement will continue after termination of my work at OLLHCS, Inc. I understand that my privileges hereunder are subject to periodic review, revision, and if appropriate, renewal.

TAB C

Annual Healthcare Compliance Education 2010-2011

OLLHCS, Inc.

Annual Healthcare Compliance Education 2010-2011

Corporate Compliance

In response to the government’s increased enforcement of integrity in healthcareand to ensure good business practices, healthcare organizations have developed and implemented Corporate Compliance Programs.

  • These programs protect the financial interests of the federal and state governments (taxpayer dollars) and the financial interests of health insurance payers (premiums paid).
  • Medicare and Medicaid combined constitute the largest single purchaser of healthcare in the world and the outlays continue to rise annually.

Medicare and Medicaid programs are vulnerable to fraud, abuse and waste by virtue of their size, complex reimbursement rules and decentralized operations. Medicare and Medicaid are overburdened and overspent; it should come as no surprise that they seek to reduce fraud, abuse and waste on overbilling and other illegalities by strictly enforcing current laws and regulations.

Why you should care about compliance.

The implementation of an effective corporate compliance program is a commitment by the organization to foresee potential legal problems. All directors, officers, managers, associates, medical staff, house staff, contractors, volunteers, students and others (hereafter referred to as “associates”) from Lourdes Health System (“LHS”) have corporate responsibilities and duties.

Associate failures to abide by compliance directives could result in disciplinary action against associates up to and including termination as well as personal legal liability. Associates may also face criminal charges.

Corporate Compliance Program:

The Deficit Reduction Act of 2005 mandated that providers with $5 million or more in annual Medicaid billing have an effective compliance program.

The seven (7) elements of an effective compliance program include the following:

1. Adequate compliance standards and procedures

2. Effective compliance oversight

3. Careful delegation and due care in hiring/screening employees

4. Effective training and education for roles and responsibilities

5. Monitoring, auditing, and hot-lines

6. Enforcement for violations

7. Corrective action

Compliance is the responsibility of all associates.

  • Associates have a duty to uphold compliance measures and report items of concern.
  • Barbara Holfelner, VP Risk Management, Patient Safety and Compliance (856.757.3642)has oversight responsibility for the compliance status and activities in all LHS organizations.

The LHS Corporate Compliance Program policies are available electronically to LHS associates on the company intranet.

If you would like to review these documents and do not have access, contact your supervisor/manager for assistance or call Barbara Holfelner, VP Risk Management, Patient Safety and Compliance directly at 856.757.3642.

All associates will:

  • Deal openly and honestly with fellow associates, customers, contractors, government entities and others.
  • Maintain high standards of business and ethical conduct in accordance with applicable federal, state and local laws and regulations including fraud, waste and abuse.
  • Adhere to both the spirit and letter of applicable federal, state and local laws and regulations.
  • Practice good faith in transactions occurring during the course of business.
  • Conduct business dealings such that LHS is the beneficiary of such dealings.
  • Preserve patient confidentiality.
  • Refuse offers, solicitations and payments to induce referrals of the people we serve for an item of service reimbursable by a third party.
  • Disclose financial interests/affiliations with outside entities to the Board of Trustees as required by the Conflict of Interest Statement. (See LHS Policy AS0045ADM)
  • Hold vendors to this same Code of Conduct as part of their dealings with LHS.
  • Notify the Director of Compliance of instances of non-compliance.
  • Ensure monitoring and enforcement of billing compliance requirements.
  • Use supplies and services in a manner that avoids waste.
  • Protect and retain records and documents as required by professional standards, governmental regulations and organizational policies.
  • Exercise discretion in the billing of services, regardless of payer source.

EDUCATION AND TRAINING:

For all LHS associates, compliance education takes place at time of hire, annually and on-the-job for specific compliance risk areas. Web-based compliance education is also available.

Promotion of Corporate Compliance policies and other requirements is incorporated into each job description and is a factor in the performance evaluations of all associates including supervisors and managers.

All managers and supervisors will be held accountable for and subject to disciplinary action for failure to adequately:

  • Discuss with all supervised associates and relevant contractors the compliance policies and legal requirements applicable to their function.
  • Inform all supervised personnel that strict compliance with these policies and requirements is a condition of employment.
  • Disclose to all supervised personnel the consequences for violation of these policy requirements.

GOVERNMENT AGENCIES AND POLICIES:

Numerous government agencies govern healthcare organizations with their own rules, regulations and laws.

Major enforcers of health care corporate compliance:

  • Department of Health and Human Services' Office of Inspector General (“DHHS OIG”)
  • Represents Health and Human Services’ enforcement operations
  • OIG representatives investigate suspicions of health care fraud and abuse and negotiate corporate integrity agreements
  • Center for Medicare and Medicaid Services (“CMS”)
  • Recognized primarily for its rulemaking authority
  • As CMS is responsible for Medicare, under its integrity program, CMS has contracted private organizations to review Medicare claims
  • Department of Justice (“DOJ”)
  • Prosecutes health care organizations for health care fraud and abuse
  • Federal Bureau of Investigation (“FBI”)
  • Assists the Department of Justice by investigating suspected health care fraud
  • The FBI's health care fraud unit continues to grow and is well funded under the Health Insurance Portability and Accountability Act of 1996

Health Insurance Portability Accountability Act (“HIPAA”)

Intent of HIPAA:

  • Assure portability of health insurance from employer to employer
  • Guarantee security and privacy by setting standards to protect the healthcare information
  • Assure access to your own medical records

WHO IS COVERED?

Covered Entities:

  • Health Care Providers - Conducting HIPAA Transactions

Physicians

Hospitals

Long term care facilities

Home Care facilities

Ambulatory surgery centers

Managed care organizations

Government health care programs

Health Plans

Insurers

HMOs

Self-insured employers

Health Care Clearinghouses

WHAT IS PROTECTED UNDER HIPAA?

HIPAA protects “Individually Identifiable Health Information”or “Protected Health Information,” i.e., “PHI.”

Protected Health Information (“PHI”) refers to any information about the health status, provision of health care services, or payment for health care services that can be linked to a specific patient or individual.

SPECIFIED IDENTIFIERS:

NameGeographic subdivisions smaller than a state

Telephone and fax numbersE-mail and web site addresses

Social Security Numbers Account numbers

Health plan beneficiary numbersVehicle identifiers and serial numbers

Certificate/license numbers Full face photographic images