POLICIES AND PROCEDURES POLICIES AND PROCEDURES 101101

HCCA ANNUAL COMPLIANCE INSTITUTECHICAGO, ILLINOIS

APRIL 22, 2007

Clive HortonRe-Soft International, LLC

New Canaan, CT

Al JosephsSenior Director, Policies And Training

Tenet Healthcare CorporationDallas, Texas

Heidi KocherDirector, Policy & Procedure Management

Tenet Healthcare CorporationDallas, Texas

WHAT ARE SOME OF THE WHAT ARE SOME OF THE QUESTIONS?QUESTIONS?

Where can I find that procedure?How do I know this is accurate and up-to-date? Did employees receive the policy?Has everyone read acknowledged, and understood?How can I prove to auditors that we are following our procedures?Is there a better, faster way to document procedures?

WHAT ARE SOME OF THE WHAT ARE SOME OF THE QUESTIONS?QUESTIONS?

Is this the most current version?

How do I get feedback to the procedure owner in a manner where it won’t get lost?

How can I manage my policies and procedures globally?

Has this procedure changed since the last time I used it? What is different?

POLICYPOLICY LIFE CYCLELIFE CYCLE

Author

Review

Evaluate

Communicate

Publish

Revise

Periodic Review

Comply

Train

POLICY AND PROCEDURE

MANAGEMENTArchive

CONTROL / OVERSIGHTCONTROL / OVERSIGHT

POLICY COMMITTEEPOLICY COMMITTEECONTROL/ISSUINGCONTROL/ISSUING

AUTHORITYAUTHORITY

SUBJECT MATTER SUBJECT MATTER EXPERTSEXPERTS

DevelopmentDevelopment

SUBJECT MATTER SUBJECT MATTER EXPERTSEXPERTS

DevelopmentDevelopment

SUBJECT MATTERSUBJECT MATTEREXPERTSEXPERTS

DevelopmentDevelopment

POLICY CYCLEPOLICY CYCLE

EVALUATE POLICY NEED• Laws, regs• Risk areas

AUTHOR• Designate • Train• Empower

REVIEW• Policy committee• Control

POLICY CYCLEPOLICY CYCLE

PUBLISH• Electronic• Paper

COMMUNICATE• Designate audience• Method

TRAIN• Method

COMPLY• Auditing & monitoring• Test

POLICY CYCLEPOLICY CYCLE

PERIODIC REVIEW– Frequency

REVISE

ARCHIVE- Version control

CONSIDERATIONSCONSIDERATIONS

• Keep It Simple• Involve Employees That Will Live By

The Policies And Procedures• Consistent Format• Allow For Feedback• Track Questions• Reference Materials• Forms

WHAT POLICIES?WHAT POLICIES?

BUILD A FOUNDATION• General Policies

BUILD WALLS• Industry / Area Policies

BUILD A ROOF• Policies For Risk Areas

SOURCES / REQUIREMENTSSOURCES / REQUIREMENTS

• OIG Disclosure Guidances• Deficit Reduction Act• Sarbanes-Oxley• US Sentencing Guidelines• Corporate Integrity Agreements• Laws – Stark, Anti-kickback, Civil Monetary

Penalties, etc.• CMS Manuals and publications• Fiscal Intermediary/Carrier billing

requirements• Other companies

BUILD A FOUNDATIONBUILD A FOUNDATION

Code Of Conduct• Commitment To Compliance• Expectation For Employee Compliance• Encourage Reporting Of Suspected Violations• Outline Consequences For Failure To Comply• Right Of Employees To Report Concerns Without

Retribution Or Retaliation

Deficit Reduction Act• Fraud Control Program Policies • Avoid False Claims• Describe Whistleblower Protections• Non-retaliation

BUILD A FOUNDATIONBUILD A FOUNDATION

OIG/GSA Screening• Pre-hire or -contract• Medicaid • Annual screening• Remove from position / ensure no harm to

patients• Self-report requirement• Outline consequences for failure to comply• Contracting ban!

HOT-LINE / REPORTING• Anonymity• Follow-up steps• Non-retaliation

BUILD A FOUNDATIONBUILD A FOUNDATIONPolicy Program• Policy conventions• Policy review cycle frequency• Policy responsibilities• Formatting and numbering conventions

Human Resources• Disciplinary action for compliance issues• Training requirements

Management Oversight• Board committees and charters• Compliance structure

BUILD WALLSBUILD WALLS

General compliance• Expand on DRA fraud control program• HIM documentation/chart completion• Accurate coding• Accurate billing• HIPAASpecific legal policies• Stark• Anti-kickback• Investigations

BUILD WALLSBUILD WALLS

Clinical Quality• JCAHO requirements• Medical Staff / Peer review• Inpatient / Outpatient• Service / Facility specificAuditing & Monitoring• Workplan responsibility• Auditing responsibility• Follow-up / resolution responsibility

BUILD A ROOFBUILD A ROOF

Specific Risk Areas Examples:• Service / unit specific

• Facility specific• Audit results• OIG Workplan• Compliance / legal issue• Identified billing system control issues• Contracts management• Documentation

GENERAL CONSIDERATIONSGENERAL CONSIDERATIONS

• Know who your audience is• Begin with end in mind• Utilize systems approach

• Policy• FAQs• Training, educational materials• Required data gathering, forms

• Delegate, delegate, delegate• Clarity and simplicity in writing• Logical organization

GENERAL CONSIDERATIONSGENERAL CONSIDERATIONS

• Documentation• Resources• Laws, rules and regs

• Centralized vs. distributed• Timely updates• Force periodic reviews• Acknowledgement vs.

comprehension• Don’t reinvent the wheel

DonDon’’t Reinvent the Wheelt Reinvent the WheelSamples of Other OrganizationsSamples of Other Organizations’’ PoliciesPolicies

• HCA - http://ec.hcahealthcare.com• University of Connecticut –

http://www.policies.uchc.edu/area/compliance.html• University of Texas Health Science Center at San Antonio -

http://www.uthscsa.edu/compliance/policies.html• Columbia University Med. Ctr. Billing Compliance Program -

http://cpmcnet.columbia.edu/dept/compliance/plan/index.html• Lourdes Health System - http://www.lourdesnet.org/compliance/• Jefferson Health System Corporate Compliance Program -

http://www.mainlinehealth.org/files/jeffersonhealthcorporatecomplianceprogra_8290.pdf

• University of California San Diego Health Sciences -http://health.ucsd.edu/compliance/index.html

• University of California Davis Health System -http://www.ucdmc.ucdavis.edu/compliance/

• University of Kentucky Medical Center Corporate Compliance Program - http://www.mc.uky.edu/compliance/manual.htm

• Vanderbilt University Medical Center -http://www.mc.vanderbilt.edu/compliance/

THE NEXT PHASE:THE NEXT PHASE:Active Policy Distribution Active Policy Distribution Measuring the acceptance Measuring the acceptance and understanding of and understanding of Corporate PoliciesCorporate Policies

CORE PROPOSITIONCORE PROPOSITIONThe Problem• a tidal wave of regulatory demands driving up the cost of

compliance• a sea change in individual accountabilities and responsibilities• ineffective current approaches give board little visibility of policy

compliance

The Solution: Active Policy Distribution• ensures staff read, understand and sign-up to key policies • in-depth policy life-cycle management, reporting and audit

trails

The Benefits• fundamentally reduces the risks of non-compliance• gives control back to management• demonstrates rigorous processes and drives down

administration costs

EXISTING METHODSRegular events emphasize theimportance of demonstrating sound Policyimplementation as:

• Policy acceptance becomes more important• Policies are changing more frequently

Many companies still use Paper DistributionTraditional Intranet/Email distributioninsufficient

• Effectiveness is not easily measured• Inflexible and Admin-intensive• Little Executive visibility of policy understanding,

acceptance or compliance auditability• Often overwhelming for the end user• Not time-sensitive• No way to demonstrate that a sound Company Policy

Distribution process is in place

Consequences of getting Policy Distribution wrong

ITInformation security breachLoss of service / networkRemedial action

LEGALCross enterprise liability THE BOARD

Governance obligations Stakeholder value Personal liability

COMPLIANCEIneffective processesUnauditable compliance

FINANCEAdmin costsDirect costs damages & fines

HRAdministrative burdenEmployee confidenceInternal investigation

BRAND/IPRRemedial action and restorative cost

POLICY POLICY MANAGEMENTMANAGEMENT

+ TIME!

WHAT IS WHAT IS ACTIVE POLICY DISTIBUTIONACTIVE POLICY DISTIBUTION

• Getting the right policies to the right person at the right time

• Monitoring and measuring their acceptance and understanding

Conventional and Alternative Shortcomings

Intranet CorpManual

Induction

No No Yes

No Yes Maybe

No No No

No No No

Yes Yes No

Yes Yes Yes

No No No

Maybe No No

Yes No No

E-learning

Workflow

Maybe Maybe

Yes No

Yes Yes

No Yes

No No

No No

No No

No Maybe

No No

Conventional Approaches Potential Alternatives

Active Policy

Distribution

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

The gap in existing approachesThe gap in existing approaches

Policy and compliance system requirements

Effective presentation and accessibility

Understanding and agreement

Detailed reporting and auditing

Automated policy life-cycle management

Ease of adaptability

Heterogeneous environment support

Agility of implementation

Functional integration with key systems

Scalable, sustainable cost

Benefits of Effective Benefits of Effective Active Policy DistributionActive Policy Distribution

• Reduced time and cost of managing policies across the organisation

• True measurement of policy effectiveness• Reduced risk arising from policy breaches• Demonstrable compliance• Management visibility of policy uptake• Positive employee behaviour• Measure clarity of Policy Content for

knowledge gaps• Adaptable to customer business and

technical environment

Who will benefitWho will benefitOrganizational profile

• Regulated organizations where non-compliance with policies has business-threatening consequences

• Compliance “pain sufferers”• Already have experience of the issues

surrounding creating and managing policies

Key FeaturesKey Features• Easy access for all users – no special training

• Easy access to all policies

• Search / cross-referencing facility

• Deliver relevant policies to right people at right time

• Support for users with no computer access

• Collaboration & Version management

• Testing of understanding

Policy Interception Options Policy Interception Options

At network login

Via Email

At Application Login

Testing exampleTesting example

Actionable ConsequencesActionable ConsequencesSequences of Actions can be set based on the importance of the policy

All actions are logged

Policies Failure to Affirm Failing TestInternet Use Policy • Remove internet access

• Alert Line Manager• Alert Network Ops

• Represent with answers and retest• Alert HR for second fail and schedule retraining

Code of Conduct • Alert Line Manager• Alert HR• Issue First Warning

• Link to CBT Training intranet• Represent test without answers• Remove all network access on second fail

Receiving of Gifts Alert Policy Owner No test required

Ease of Use for End User Ease of Use for End User

Support for Support for nonnon--computerised userscomputerised users

two dimensional barcode holds employee, clause and policy-specific data

employees sign and return policies

Reporting & Reporting & MeasurementMeasurement

Auditing/ArchivingAuditing/Archiving

Contact InformationContact Information

Clive HortonReSoft International LLCclive.horton@re-soft.com203 972 8462

Heidi KocherTenet Healthcare Corporationheidi.kocher@tenethealth.com469-893-6244

Al JosephsTenet Healthcare Corporational.josephs@tenethealth.com469-893-2877

QUESTIONS?QUESTIONS?