Corporate Compliance Program
JOHNSON MEMORIAL MEDICAL CENTER
CORPORATE COMPLIANCE PROGRAM
The Johnson Memorial Medical Center Corporate Compliance Program (“the Program”) is a program with oversight for Johnson Memorial Hospital, Johnson Surgery Center, Home & Community Healthcare Services, and Johnson Professional Associates. Its mandate is to reaffirm quality, superior service and ethical behavior as key organizational themes and to assist employees with and promote proper decision-making, increased awareness of acceptable behavior, and demonstration of the institution’s commitment to the community for being an honest and responsible corporate leader.
The Corporate Compliance Program is led by the following personnel:
1. Board of Directors
2. Corporate Compliance Officer
3. President and CEO of Johnson Memorial Medical Center
4. Corporate Compliance Committee
5. Senior Management Team
All personnel are employees of Johnson Memorial Medical Center. The program reports to the Board of Directors and to the President and CEO of Johnson Memorial Medical Center.
II APPLIES TO:
All members, groups, subsidiaries and all employees, volunteers, directors, officers, vendors, and agents of Johnson Memorial Medical Center.
1. The compliance function covers ethical issues and values, regulatory compliance, including Medicare, Medicaid, HIPAA, OSHA, IRS, OIG, HHS, OCR, Stark, EMTALA, anti-kickback statutes, etc., as well as adherence to internal policies.
2. The Corporate Compliance Officer provides oversight, direction and support for compliance activities. Primary duties include:
i. Overseeing and monitoring the ongoing functions of the compliance program.
ii. Participating in regular, organization-wide risk assessments to understand potential vulnerabilities.
iii. Ensuring adherence to HIPAA mandates regarding protection of patient health information in conjunction with the HIPAA Security Officer.
iv. Reporting on a regular basis to the Johnson Memorial Medical Center governing body, as described below.
v. Periodically revising the program in light of changes in the needs of the institution and the laws and regulations of governmental bodies.
vi. Developing, coordinating and participating in training that focuses on the elements of the program to ensure that all appropriate workforce members are knowledgeable of and comply with pertinent policies, laws and regulations.
vii. Coordinating and overseeing compliance reviews and monitoring activities.
viii. Responding to reports of problems or suspected violations related to compliance by independently investigating these matters, as appropriate, and working with department managers and the Human Resources Department in the determination of corrective action that must be taken.
ix. Ensuring, through consultation with the Human Resources Department, that Johnson Memorial Medical Center’s disciplinary policies and actions are applied fairly, equitably, appropriately and consistently.
x. In coordination with the Departments of Medical Affairs, Human Resources, and Accounts Payable, ensuring that the Cumulative Sanction Report published by the Office of Inspector General (OIG), have been checked with respect to all members of the medical staff, employees and vendors.
xi. Operating the internal, confidential Corporate Compliance Hotline.
xii. Developing policies and programs that encourage managers and employees to report suspected fraud and other improprieties without fear of retaliation.
xiii. Reviewing annual conflict of interest statements from Johnson Memorial Medical Center management staff.
3. The Compliance Department has the authority to review all documentation and other information that is relevant to compliance activities, including, but not limited to, patient records, billing records, employee records, computer audit files, and arrangements between the institutions and other parties, including employees, professionals on staff, independent contractors, suppliers, agents and hospital-based physicians. The Compliance Officer works with the Compliance Committee, made up of representation from Finance, Quality/Risk Management, Administration, Nursing,Medical Affairs, and other pertinent sectors. The Committee’s role is to assist the Compliance Officer with ongoing projects, review of current compliance issues, proactive compliance initiatives, and to be vigilant regarding potential compliance issues at all levels of the Corporation.
1. The Board of Directors has the ultimate responsibility for corporate compliance within the health system. The Compliance Officer reports to the Board of Directors and Senior Management Team regularly., Topics of Report may Include:
i. The Annual Compliance Audit Plan
ii. Summaries of Ongoing Auditing/Monitoring Efforts
iii. Results of Specific Financial, Operational and Compliance Audits
iv. Areas of Compliance Risk Including Patient Privacy (HIPAA)
v. Any Governmental Audits or Activities Undertaken at the Facilities
vi. Brief Descriptions of the Nature of any Hotline Calls
vii. Educational Presentation of Special Concern
V CORPORATE COMPLIANCE COMMITTEE:
The Corporate Compliance Committee meets at least quarterly.
The membership of the Corporate Compliance Committee includes senior executives, JMMC employees and physicians. Representatives include, but are not limited to the following:
Quality Risk Management
Director or Member
1. Functions: The committee’s functions include:
i. Analyzing the healthcare environment, the legal requirements with which it must comply and specific risk areas;
ii. Assessing the organization’s existing policies and procedures that address the risk areas;
iii. Working with the appropriate departments and entities to implement standards of conduct and policies and procedures to promote the Compliance Program;
iv. Recommending and monitoring the development of internal systems and controls to incorporate compliance within the daily operations of the organization;
v. Determining the appropriate strategy/approach to promote compliance and to detect potential violations, as through a hotline and other reporting mechanisms;
vi. Evaluating complaints and issues in light of internal policies and practices;
vii. Developing strategies to keep the compliance message fresh and relevant to the organization;
viii. Record and retain minutes of all committee meetings; and
VI REGULATORY IMPLEMENTATION:
The Governing Board directs the Compliance Officer and the Compliance Committee to be responsible for developing a task force comprised of members of the workforce with various backgrounds who may be organized into specific work groups necessary to implement new regulations that require technical and process changes.
VII CODE OF CONDUCT:
Johnson Memorial Medical Center maintains a Code of Conduct that provides policies and guidelines for all employees, medical staff, volunteers, students, and vendors of Johnson Memorial Medical Center institutions. The Code of Conduct is distributed to new staff at orientation sessions and at other appropriate venues.
VIII ROLE OF MANAGEMENT:
Managers and supervisors are integral to the Compliance Program. Managers must be aware of the rules, regulations, policies and procedures that govern their work activities. By providing their employees with a means of communicating their questions and concerns and receiving answers and assurances, managers offer an opportunity for openness and dialogue that encourages ethical decisions.
The Corporate Compliance Officer or designee facilitates this important role by being available to consult on compliance or HIPAA privacy matters; by providing information on new rules and regulations as they become effective; and by monitoring compliance with rules, regulations and policies within Johnson Memorial Medical Center.
Annual Corporate Compliance and HIPAA training is mandatory and is organized to ensure material compliance with the Program and applicable laws and regulations. The training program covers topics described in the Code of Conduct and specific training, depending on the employee’s role in the organization.
Training takes several forms. There is standard computer based training, as well as training provided by the Compliance Department and other discussion leaders. Administrators and certain management personnel are provided with regular updates on compliance matters.
Corporate Compliance is a featured topic during new employee orientation which covers the values and mission of Johnson Memorial Medical Center as well as its commitment to corporate responsibility.
Other venues for education include: articles in the employee and physician newsletters, posters, and presentations of specific subject matter at departmental meetings.
X INTERNAL REPORTING:
There are a number of ways that compliance issues reach the Corporate Compliance Officer or designee:
1. Hotline (Ext. 8504 - Password Protected)
i. The Corporate Compliance Hotline is monitored internally by a member of the Compliance Department. A confidential voice mail message can also be left. Calls may be anonymous, as determined by the caller. Investigations are completed by the Compliance Department in collaboration with the Corporate Compliance Officer and other departments as appropriate. The results of these investigations are reported to the Senior Management Team as well as appropriate personnel. Johnson Memorial Medical Center has a non-retaliation policy for protecting employees who report an issue or concern in good faith.
ii. Hotline calls can range from a personnel issue (not a compliance issue) to a serious allegation. Personnel issues are referred to the Human Resources staff as appropriate. A hotline call may result in a decision to proceed with a formal investigation as determined by the Compliance Officer.
iii. Hotline activity, including the number of calls during a time period, the issues uncovered, and any resulting investigations, are reported by the Corporate Compliance Officer to Senior Management and the governing board.
2. Issues Reported Directly
i. Issues are often reported directly to the Compliance Officer, who has an open-door policy. After obtaining as much information about the issue as possible, a decision to conduct an investigation is made. Issues deemed compliance issues are logged, prioritized and tracked by the Compliance Officer..
3. Issues Resolved by Human Resources that are Compliance Issues
i. The Corporate Compliance Officer tracks all incidents that violate HIPAA privacy and other regulatory matters. Tracking is needed in order to focus on areas requiring increased employee training; identify and correct systemic problems through policy revisions, changes to software, or increased internal controls; and to prove the efficacy of the Compliance Program to outsiders, including the government.
ii. The Human Resource Department often handles employee matters that are the result of a breach of a policy or regulation. When these issues are discovered, they will report the nature of the issue and its resolution to the Compliance Officer and include any disciplinary action or corrective actions that were taken.
Violations of internal policies and Federal and State laws can threaten Johnson Memorial Medical Center’s status as a reliable and honest provider. Reports of suspected noncompliance must be responded to promptly. The Compliance Officer or designee investigates allegations of misconduct to determine whether a violation has actually occurred, assess the seriousness of the offense, and suggest corrective actions that need to be taken. Human Resources will determine and oversee disciplinary action.
An internal investigation includes interviews and examination of records and other documentation. Outside counsel or other experts may be consulted. Records of the investigation contain all notes by the investigator, lists of personnel interviewed, pertinent documentation, and the results or conclusions, including any disciplinary action taken and corrective action implemented.
If the Compliance Officer believes that the misconduct may have violated criminal, civil or administrative law, then Johnson Memorial Medical Center is committed to promptly reporting the matter to the appropriate governmental authority. In cases of inadvertent overpayments to a Federal or State healthcare program, Johnson Memorial Medical Center will contact the fiscal intermediary or the carrier to self-disclose the situation and cooperate fully with the repayment of funds. Results of investigations are reported to the governing board and to Senior Management.
XII CONTINUAL AUDITING AND MONITORING:
Risk assessment is ongoing. Changes in regulation or other outside factors, as well as procedural, program or policy changes within Johnson Memorial Medical Center, must be analyzed as they emerge to determine whether such changes have the potential to alter the degree of vulnerability to adverse outcomes within Johnson Memorial Medical Center. Risk assessment provides direction for determining the areas to be addressed by the audit program. Potential risk areas may be identified by reviewing the Office of the Inspector General’s Annual Work Plan; governmental audits or inspections of other organizations; independent reviews conducted by outside consultants; employee surveys; patient satisfaction surveys; compliance-related literature; and professional journals. (This is not all-inclusive.) Input from the Senior Management Team is continually solicited.
XIII PERIODIC ASSESSMENT:
It is the intention of Johnson Memorial Medical Center to have a periodic assessment of the Corporate Compliance Program to ensure it is up-to-date, accurately assesses the risk areas facing Johnson Memorial Medical Center and devotes the appropriate amount of resources to address challenges.
CORPORATE COMPLIANCE PROGRAM HOTLINE PROCESS