AGENDA Corporate Compliance /Privacy and Internal Audit Committee Meeting of the El Camino Hospital Board Thursday, August 21, 2014, 5:00 7:00 p.m. El Camino Hospital, Conference Room F, ground floor 2500 Grant Road, Mountain View, California Purpose: The Corporate Compliance/Privacy and Internal Audit Committee is responsible for providing direction for both the Corporate Compliance and Internal Audit programs at all locations of El Camino Hospital (ECH). Responsibilities include providing oversight on compliance issues requiring executive-level interaction, assessing physician relationship risk as it relates to compliance, reviewing HIPAA/Privacy laws as they relate to compliance and directing ECH on compliance strategies. The Committee also serves as the ad-hoc mobilization team for any external investigations and/or actions. Further, additional responsibilities include providing direction and oversight to ongoing internal audit activity and determining appropriate organizational response in order to identify and mitigate organizational risk. AGENDA ITEM PRESENTED BY 1. CALL TO ORDER/ROLL CALL John Zoglin, Chair, Corporate Compliance Committee 5:00 5:01 p.m. 2. POTENTIAL CONFLICT OF INTEREST DISCLOSURES John Zoglin, Chair, Corporate Compliance Committee 5:01 5:02 3. PUBLIC COMMUNICATION John Zoglin, Chair, Corporate Compliance Committee 5:02 5:07 4. CONSENT CALENDAR ITEMS Any Committee Member may pull an item for discussion before a motion is made. Approval: a. Minutes of Corporate Compliance Meeting, June 19, 2014 Information: b. Relevant Article ATTACHMENT 4 John Zoglin, Chair, Corporate Compliance Committee public comment motion required 5:07 5:10 information 5. KEY PERFORMACE INDICATORS SCORECARD AND TRENDS a. Memo b. KPI Scorecard c. Trends ATTACHMENT 5 Diane Wigglesworth, Corporate Compliance/ Privacy Officer information 5:10 5:15 6. ADJOURN TO CLOSED SESSION 5:15 7. POTENTIAL CONFLICT OF INTEREST DISCLOSURES John Zoglin, Chair, Corporate Compliance Committee 5:15 5:17 A copy of the agenda for the Regular Committee Meeting will be posted and distributed at least seventy-two (72) hours prior to the meeting. In observance of the Americans with Disabilities Act, please notify us at 650-988-7504 prior to the meeting so that we may provide the agenda in alternative formats or make disability-related modifications and accommodations.
Agenda: El Camino Hospital Corporate Compliance/Privacy and Internal Audit Committee Meeting August 21, 2014 Page 2 AGENDA ITEM 8. CONSENT CALENDAR Any Committee Member may pull an item for discussion before a motion is made. Approval Closed Session Minutes (6/19/14), Govt. Code Section 54957.2; Information Conference with legal counsel pending or threatened litigation Gov t. Code Section 54956(d)(2) - Compliance and Privacy Activity Logs (June 2014) - Internal Audit Follow Up 9. Conference with legal counsel pending or threatened litigation - Gov t. Code Section 54956.9(d)(2). - Report on FY:14 Patient Safety/Claims Activity 10. Conference with legal counsel pending or threatened litigation - Gov t. Code Section 54956.9(d)(2). - Report on FY:14 Summary of Physician Arrangements 11. Conference with legal counsel pending or threatened litigation - Gov t. Code Section 54956.9(d)(2). - Review Proposed FY:15 Internal Audit Work Plan 12. Conference with legal counsel pending or threatened litigation - Gov t. Code Section 54956.9(d)(2). - Report on Internal Audit Activity 13. Conference with legal counsel pending or threatened litigation - Gov t Code Section 54956.9(d)(2). - Discussion on Compliance and Privacy Program FY:14 Summary Report 14. Health and Safety Code Section 32106(b) for a report involving health care facility trade secrets. - Discussion on Pacing Calendar PRESENTED BY John Zoglin, Chair, Corporate Compliance Committee Sheetal Shah, Director Risk Management & Patient Safety Diane Wigglesworth, Corporate Compliance/ Privacy Officer Diane Wigglesworth, Corporate Compliance/ Privacy Officer Alex Robison, Managing Director Protiviti Diane Wigglesworth, Corporate Compliance/ Privacy Officer Diane Wigglesworth, Corporate Compliance/ Privacy Officer John Zoglin, Chair Corporate Compliance Committee 5:17 5:20 motion required information information 5:20 5:45 possible motion 5:45 6:00 motion required 6:00 6:10 information 6:10 6:15 possible motion 6:15 6:35 information 6:35 6:50
Agenda: El Camino Hospital Corporate Compliance/Privacy and Internal Audit Committee Meeting August 21, 2014 Page 3 AGENDA ITEM 15. RECONVENE OPEN SESSION To report any required disclosures regarding permissible actions taken during Closed Session. 16. STATUS OF FY:15 COMMITTEE GOALS ATTACHMENT 16 PRESENTED BY John Zoglin, Chair, Corporate Compliance Committee John Zoglin, Chair, Corporate Compliance Committee 6:50 information 6:50 6:55 17. COMMITTEE COMMENTS John Zoglin, Chair, Corporate Compliance Committee 18. ADJOURNMENT John Zoglin, Chair, Corporate Compliance Committee 6:55 7:00 7:00 p.m. Upcoming FY 2015 Corporate Compliance Committee Meetings: September 23, 2014 November 13,2014 January 15, 2015 March 19, 2015 May 21, 2015
Separator Page 4a Corp Compliance Open Minutes 6-19-14 FINAL.docx
DRAFT: Subject to Corporate Compliance Committee Consideration EL CAMINO HOSPITAL BOARD of DIRECTORS CORPORATE COMPLIANCE/PRIVACY and INTERNAL AUDIT COMMITTEE Open Session Meeting June 19, 2014 MINUTES The Meeting of the Compliance/Privacy and Internal Audit Committee of the Board of Directors of El Camino Hospital (the Committee ) was called to order by Chair John Zoglin at 5:00 p.m. on Thursday, June 19, 2014, in Conference Room F at El Camino Hospital. I. CALL TO ORDER A silent roll call was taken. Committee members John Zoglin, Wesley Alles, Christine Sublett, Dennis Chiu (5:42) Sharon Anolik-Shakked(via teleconference) and Ramy Houssaini (via teleconference) were in attendance. II. POTENTIAL CONFLICT OF INTEREST DISCLOSURES Chair Zoglin asked if there were any conflicts of interest among Committee members. None were reported. III. PUBLIC COMMUNICATIONS Chair Zoglin asked if there were any public communications to be announced. There were none. IV. CONSENT CALENDAR Chair Zoglin asked if there were any consent calendar item changes or corrections to the minutes of the April 10, 2014 meeting. None were proposed. ACTION: A motion was made by Committee member Alles, seconded by Committee member Sublett and adopted by a vote of five Committee members in favor, to approve the minutes of the April 10, 2014 meeting. V. DISCUSSION OF ERM RISK PROFILE Chair John Zoglin opened discussion regarding El Camino Hospital s enterprise-wide risk management profile and how it should be structured for presentation to the Board in March 2015. Discussion included the need for a clear determination of what is included in the current profile, defining tolerance by articulating among different domains what is tolerable and how to hold people accountable, identifying what risks can impact our ability to provide health care (i.e. enterprise-wide risks that are not measurable or can t be quantified and, consequently, are not routinely thought about), recommend a structure to receive directions from other Board Committees regarding risk levels, and how to build the EMR into the culture of the enterprise. It was also suggested that we look at examples in place at other hospitals. On Committee member Houssaini s suggestion, it was agreed that a potential start should include the following:
Minutes: El Camino Hospital Board of Directors Corporate Compliance/Privacy and Internal Audit Committee Meeting of June 19, 2014 DRAFT: Subject to Corporate Compliance Committee Consideration Begin with a core mission around delivering care which highlights Patient Safety, and develop from there Provide an overview of all that is currently in place Provide a methodology for pace and direction for the future Identify the top four risks under each domain Provide a process and reporting mechanism for the Board How to proceed with the Quality Committee and the Board on this matter will be determined over the next 12 months. Ms. Ryba asked all to keep in mind that the Committee will be delivering information about the EMR process. It was suggested that an RFP be issued for an outside resource that can step in to educate the Board and sit with Committees and staff to walk through the ERM and provide education. VI. KEY INDICATORS SCORECARD Diane Wigglesworth provided a review of the FY 14 Corporate Compliance Scorecard. She also reviewed trending graphs which addressed policy compliance and related disciplinary action, Hotline activity, and incidents that required reporting to outside agencies. (An error in one of Ms. Wigglesworth s graphs was noted, which she indicated she would correct.) Ms. Wigglesworth took a moment to clarify that the reason for such detailed reporting on the scorecard at the Committee meetings is not just for metrics purposes, but to demonstrate what is being detected to support the Committee s oversight responsibilities. Greg Walton noted that the IT Security laptop policy should clearly include a directive that those who carry laptops in their cars should keep them locked in the car trunk to avoid theft. Ms. Ryba suggested that adding medical malpractice and/or employee claims to the scorecard be considered. VII. FY 15 COMMITTEE GOALS FY 15 Committee Goals were briefly reviewed, and it was determined that there were no changes in content or timing. VIII. ADJOURN TO CLOSED SESSION Upon motion duly made, and approved by a vote of six Committee members in favor, the Open Session of the meeting was adjourned to Closed Session at 5:50 p.m. pursuant to Gov t Code Section 54957.2 to consider and approve the Consent Calendar (the Closed Session minutes of April 10, 2014), pursuant to Health and Safety Code Section 32106(b) for one conference with legal counsel, and pursuant to Gov t Code Section 54956.9(d)(2) for three conferences with legal counsel. IX. CLOSED SESSION The Committee completed its business of the Closed Session at 6:49 p.m. -2-
Minutes: El Camino Hospital Board of Directors Corporate Compliance/Privacy and Internal Audit Committee Meeting of June 19, 2014 DRAFT: Subject to Corporate Compliance Committee Consideration X. RECONVENE OPEN SESSION The Open Session was reconvened at 6:49p.m. XI. CLOSED SESSION REPORTS Chair Zoglin announced that the following actions were taken in closed session: The minutes of the Closed Session of the April 10, 2014 Committee meeting were approved upon motion made by Committee member Alles, seconded by Committee member Chiu, and by a vote of five Committee members (Alles, Anolik-Shakked, Chiu, Sublett and Zoglin); XII. STATUS OF FY 2104 COMMITTEE GOALS All FY:14 committee goals have been accomplished. XI. CLOSING COMMENTS There being no further business, on a motion by Committee member Chiu, seconded by Committee member Alles, and a unanimous vote of five Committee members, the meeting was adjourned at 6:50 p.m. John Zoglin Chair, ECH Compliance/Privacy and Internal Audit Committee Attest as to the approval of the foregoing minutes by the Corporate Compliance/Privacy and Internal Audit Committee and by the El Camino Hospital Board of Directors. Patricia A. Einarson, MD ECH Board Secretary/Treasurer -3-
Separator Page 4b ERM Articles from E&Y and KPMG.pdf
Separator Page 5a Memo - Compliance KPI June 2014.doc
Corporate Compliance Date: August 12, 2014 To: Corporate Compliance/Privacy and Audit Committee From: Diane Wigglesworth, Director Corporate Compliance Re: June 2014 Corporate Compliance Program Activity Attached are the metrics for June along with YTD information. There were an unusually high number of HIPAA reportable incidents for one month however each incident was evaluated and followed up with staff. All incidents involved limited individual patient exposures of personal information and resulted in no significant corrective action plans. Additional privacy concerns were reported by staff and appropriate follow up occurred. Year to date the organization experienced a decrease in anti-kickback or Stark related reports and implemented improvements to the oversight and monitoring of physician arrangements. There was also a decrease in the number of billing or charging concerns brought forth by staff and the organization continued to routinely monitor and validate billings to CMS.
Separator Page 5b Corporate Compliance Scorecard FY14 Totals June 2014.xlsx
El Camino Hospital Key Performance Indicator Core Elements Corporate Compliance Scorecard FY14 FY:14 Current Month Policies and Procedures Jun. 2014 Current Year Actual Jul - Jun. FY:2014 Prior Year Actual Jul - Jun. FY: 2013 Number of reported instance when policies not followed 2 40 39 Number of disciplinary actions due to Investigations 0 17 15 Education and Training Jun. 2014 Jul - Jun. FY:2014 Jul - Jun. FY: 2013 Percentage of new employees trained within 30 days of start date 100% 100% 100% Investigations Jun. 2014 Jul - Jun. FY:2014 Jul - Jun. FY: 2013 Total number of investigations 13 149 174 Investigations open 2 2 3 Investigations closed 11 147 171 Hotline concerns substantiated 1 24 25 Hotline concerns not substantiated 1 27 19 Average number of days to investigate concerns 4 5 5 Reporting Trends Jun. 2014 Jul - Jun. FY:2014 Jul - Jun. FY: 2013 Anti-Kickback/Stark 1 24 36 EMTALA 0 6 6 HIPAA Reports 12 161 188 HIPAA Security Breaches 0 1 2 Billing or Claims 1 19 40 Conflict of Interest 0 0 2 Reported Events to CMS Jun. 2014 Jul - Jun. FY:2014 Number of total events self reported by ECH 0 0 1 Number of self reported events followed up by CMS 0 0 1 CMS initiated visits (separate from ECH self reported events) 0 4 0 Number of statement of deficiencies issued to ECH 0 30 5 FY:13 Actual Number of Actual Sanctions, fines or penalties 0 0 $ - Reported Events to CDPH Jun. 2014 Jul - Jun. FY:2014 Number of total regulator events self reported by ECH 2 10 21 Number of self reported events followed up by CDPH 2 6 7 Number of total privacy breaches self reported by ECH 6 46 25 CDPH initiated visits (separate from ECH self reported events) 0 6 9 Number of statement of deficiencies issued to ECH 1 5 4 FY:13 Actual Number of Actual/Realized Sanctions, fines or penalties 0 0 $ 100.00 Monitoring and Audit Findings Jun. 2014 Jul - Jun. FY:2014 Total number of Audit Findings 2 17 96 Number of findings identified has high severity 0 8 14 FY:13 Actual 1 of 1
Separator Page 5c KPI Trends FY 2013-2014.xlsx
Number of Instances Number of Instances Number of Instances Number of Instances 10 8 6 4 2 0 30 25 20 15 10 5 0 8/14/2014 35 28 21 14 7 0 2 1 1 2 2 1 1 7 3 2 1 6 8 5 2 2 2 Corporate Compliance Policies & Procedures Non-Compliance with Policies / Disciplinary Action Following Investigation of Non-Compliance 1 4 1 2 2 1 1 2 2 2 8 3 2 8 4 4 3 3 1 3 2 1 1 Jul -12 Aug -12 Sep -12 Oct -12 Nov -12 Dec -12 Jan -13 Feb -13 Mar -13 Apr -13 May -13 Jun -13 Jul -13 Aug -13 Sep -13 Oct -13 Nov -13 Dec -13 Jan -14 Feb -14 Mar -14 Apr -14 May -14 Jun -14 12 13 # Reports of Non-Compliance with Policies # Disciplinary Actions Following Investigation of Non-Compliance 7 13 11 23 14 14 Investigations: Total Investigations / Hotline Activity 16 23 15 13 2 2 5 3 3 4 3 3 1 2 2 2 1 3 1 1 4 2 2 2 3 5 1 5 4 1 2 4 4 1 2 1 1 3 3 1 1 1 Jul -12 Aug -12 Sep -12 Oct -12 Nov -12 Dec -12 Jan -13 Feb -13 Mar -13 Apr -13 May -13 Jun -13 Jul -13 Aug -13 Sep -13 Oct -13 Nov -13 Dec -13 Jan -14 Feb -14 Mar -14 Apr -14 May -14 Jun -14 16 12 8 4 0 9 7 7 Hotline Reports Substantiated Hotline Reports Not Substantiated Total # of Investigations Privacy Breaches Requiring Report to Outside Entity HIPAA Reports Privacy Breaches Self Reported by ECH to CDPH 10 2 1 2 3 3 5 1 1 3 2 3 4 5 6 1 3 1 1 1 4 3 6 14 15 13 17 15 18 13 14 19 19 15 16 8 14 10 14 19 11 13 14 19 13 14 12 Jul -12 Aug -12 Sep -12 Oct -12 Nov -12 Dec -12 Jan -13 Feb -13 Mar -13 Apr -13 May -13 Jun -13 Jul -13 Aug -13 Sep -13 Oct -13 Nov -13 Dec -13 Jan -14 Feb -14 Mar -14 Apr -14 May -14 Jun -14 HIPAA Security Breaches Anti-Kickback/Stark EMTALA Billing or Claims Conflict of Interest 8 23 7 12 10 23 13 17 2 0 13
Separator Page 16 - Goals for Compliance Committee CCPIAC FY 15.doc
Purpose Corporate Compliance/Privacy and Audit Committee Goals FY 2015 The purpose of the Corporate Compliance/Privacy and Audit Committee ( Compliance and Audit Committee ) is to advise and assist the El Camino Hospital (ECH) Hospital Board of Directors ( Board ) in its exercise of oversight by monitoring the compliance policies, controls and processes of the organization and the engagement, independence and performance of the internal auditor and external auditor. The Compliance and Audit Committee assists the Board in oversight of any regulatory audit and in assuring the organizational integrity of ECH in a manner consistent with its mission and purpose. Staff: Diane Wigglesworth, Director of Corporate Compliance The Director, Corporate Compliance/Privacy and Audit Committee shall serve as the primary staff support to the Committee and is responsible for drafting the Committee meeting agenda for the Committee Chairs consideration. Additional members of the executive team or outside consultants may participate in the Committee meetings upon the recommendation of the Director, Corporate Compliance/Privacy and Internal Audit Committee and at the discretion of the Committee Chair. Goals Review and evaluate Hospitals proposed FY 2015 Internal Audit Work Plan based on the current risk assessment. Timeline by Fiscal Year (Timeframe applies to when the Board approves the recommended action from the Committee, if applicable.) Q1 2015 Metrics of Success Achieved Committee Reviews FY 2015 Internal Audit Work Plan Developed by Staff in August and provides report to the Board in September 2014. Participate in staff developed education session regarding Government Audit Programs. (i.e. MIC, MAC, ZPIC and RAC) Q2 2015 Committee to receive education by 12/31/14. Review Enterprise-Wide Risk Assessment and action plan for identified risks and validate the top four risks under each domain. Review and evaluate Hospital s risk mitigation plan for Research Compliance. Q3 2015 Q4 2015 Committee Reviews ERM Risk Assessment and approves Hospital s action plan for identified risks and recommends plan to the Board for approval in March 2015 Committee presents risk mitigation plan to the Board by June 2015. Submitted by: John Zoglin, Chair, Corporate Compliance/Privacy and Compliance Committee Diane Wigglesworth, Executive Sponsor, Corporate Compliance/Privacy and Compliance Committee