packet -corporate compliance /privacy and internal audit ... · corporate compliance committee 5:01...

A copy of the agenda for the Regular Committee Meeting will be posted and distributed at least seventy-two (72) hours prior to the

meeting. In observance of the Americans with Disabilities Act, please notify us at 650-988-7504 prior to the meeting so that we

may provide the agenda in alternative formats or make disability-related modifications and accommodations.

AGENDA Corporate Compliance /Privacy and Internal Audit Committee Meeting

of the El Camino Hospital Board

Thursday, June 19, 2014, 5:00 – 7:00 p.m.

El Camino Hospital, Conference Room F, ground floor

2500 Grant Road, Mountain View, California

and via teleconference

330 East Strawberry Drive, Mill Valley, CA 94941

Purpose: The Corporate Compliance/Privacy and Internal Audit Committee is responsible for providing direction for both the

Corporate Compliance and Internal Audit programs at all locations of El Camino Hospital (ECH). Responsibilities include

providing oversight on compliance issues requiring executive-level interaction, assessing physician relationship risk as it relates

to compliance, reviewing HIPAA/Privacy laws as they relate to compliance and directing ECH on compliance strategies. The

Committee also serves as the ad-hoc mobilization team for any external investigations and/or actions. Further, additional

responsibilities include providing direction and oversight to ongoing internal audit activity and determining appropriate

organizational response in order to identify and mitigate organizational risk.

AGENDA ITEM PRESENTED BY

1. CALL TO ORDER/ROLL CALL John Zoglin, Chair,

Corporate Compliance

Committee

5:00 – 5:01 p.m.

2. POTENTIAL CONFLICT OF

INTEREST DISCLOSURES

John Zoglin, Chair,


Committee

5:01 – 5:02

3. PUBLIC COMMUNICATION John Zoglin, Chair,


Committee

5:02 – 5:07

4. CONSENT CALENDAR ITEMS

Any Committee Member may pull an item

for discussion before a motion is made.

Approval:

a. Minutes of Corporate Compliance

Meeting, April 10 2014

ATTACHMENT 4

John Zoglin, Chair,


Committee

public

comment motion required

5:07 – 5:10

5. ERM RISK PROFILE

Discussion regarding how Board/Committee

discuss overall risk profile and what is

recommended structure regarding other board

committee risk tolerance discussions

John Zoglin, Chair,


Committee

information

5:10 – 5:40

6. KEY PERFORMACE INDICATORS

SCORECARD AND TRENDS

a. KPI Scorecard

b. Trends

ATTACHMENT 6

Diane Wigglesworth,

Corporate

Compliance/ Privacy

Officer

information

5:40 – 5:45

Agenda: El Camino Hospital Corporate Compliance/Privacy and Internal Audit Committee Meeting June 19, 2014


7. FY: 15 COMMITTEE GOALS

ATTACHMENT 7

John Zoglin, Chair, Corporate Compliance Committee

information 5:45 – 5:46

8. ADJOURN TO CLOSED SESSION 5:46

9. POTENTIAL CONFLICT OFINTEREST DISCLOSURES


5:46 – 5:47

10. CONSENT CALENDARAny Committee Member may pull an itemfor discussion before a motion is made.


5:47 – 5:50

ApprovalClosed Session Minutes (4/10/14)Govt. Code Section 54957.2

InformationConference with legal counsel –pending or threatened litigation –Gov’t. Code Section 54956(d)(2)

- Compliance and Privacy Logs - Internal Audit Follow Up

motion required

information

11. Conference with legal counsel – pending or threatened litigation - Gov’t. Code Section 54956.9(d)(2)- Report on Internal Audit Activity

Diane Wigglesworth, Corporate Compliance/ Privacy Officer


12. Health and Safety Code Section 32106(b) for a report involving health care facility trade secrets- Discussion on IT Security

Greg Walton, CIO information 6:10 – 6:35

13. Conference with legal counsel – pending or threatened litigation - Gov’t Code Section 54956.9(d)(2)- Discussion on Compliance & Privacy

Program Activity

Diane Wigglesworth, Corporate Compliance/ Privacy Officer


14. Health and Safety Code Section 32106(b) for a report involving health care facility trade secrets- Discussion on Pacing Calendar

John Zoglin, Chair Corporate Compliance Committee


15. RECONVENE OPEN SESSIONTo report any required disclosures regardingpermissible actions taken during ClosedSession.


6:50

Agenda: El Camino Hospital Corporate Compliance/Privacy and Internal Audit Committee Meeting June 19, 2014


16. STATUS OF FY:14 COMMITTEE GOALS

ATTACHMENT 16



17. ADJOURNMENT John Zoglin, Chair,

Corporate Compliance Committee

7:00 p.m.

Upcoming Corporate Compliance Committee Meetings: August 21, 2014 September 23, 2014 November 13,2014 January 15, 2015 March 19, 2015 May 21, 2015

Separator Page

Attachment 4 Corp Compliance Open Minutes 4-10-14

(Final).docx

DRAFT: Subject to Corporate Compliance

Committee Consideration

EL CAMINO HOSPITAL

BOARD of DIRECTORS

CORPORATE COMPLIANCE/PRIVACY and INTERNAL AUDIT COMMITTEE

Open Session Meeting – April 10, 2014

MINUTES

The Meeting of the Compliance/Privacy and Internal Audit Committee of the Board of Directors

of El Camino Hospital (the “Committee”) was called to order by Chair John Zoglin at 5:00 p.m.

on Thursday, April 10, 2014, in Conference Room A at El Camino Hospital.

I. CALL TO ORDER

A silent roll call was taken. Committee members John Zoglin, Wesley Alles, Christine

Sublett, Sharon Anolik-Shakked, Dennis Chiu and Ramy Houssaini (via teleconference) were in

attendance.

II. POTENTIAL CONFLICT OF INTEREST DISCLOSURES

Chair Zoglin asked if there were any conflicts of interest among Committee members.

None were reported.

III. PUBLIC COMMUNICATIONS

Chair Zoglin asked if there were any public communications to be announced. There

were none.

IV. CONSENT CALENDAR

Chair Zoglin asked if there were any consent calendar item changes or corrections to the

minutes of February 20, 2014. None were proposed.

Action: A motion was made by Committee member Anolik-Shakked, seconded by

Committee member Sublett and adopted by a vote of five Committee members in favor, and one

abstention, to approve the minutes of the February 20, 2014 meeting.

V. REVIEW OF KEY PERFORMANCE INDICATORS SCORECARD

Diane Wigglesworth reviewed the current Key Performance Indicators scorecard, stating

that there has been an increase in self-reporting of compliance risks by staff in the past month

over any previous month, via the hotline or directly. She felt that this speaks to the successful

development of the program and the hospital staff’s improved comfort level in reaching out to

Compliance to self-report and correct identified risks. It was noted that there were also four

open investigations which rolled over from the previous month, which is unusual, but again

demonstrates the increase in volume of reported concerns that are being evaluated. Ms.

Wigglesworth pointed out that some calls were made due to misperceptions (for example: what

would qualify as a reportable privacy breach), but emphasized the fact that staff are appropriately

engaging the Compliance department nonetheless. During the month of March there was one

incident which was initiated externally by a patient complaint and resulted in a visit from the

CDPH. The incident was, however, successfully resolved by Risk Management and Compliance

after a review of physician documentation. Committee member Houssaini noted that the number

Minutes: El Camino Hospital Board of Directors Corporate

Compliance/Privacy and Internal Audit Committee Meeting

of April 10, 2014



-2-

of audits appeared to be down from the previous year. Ms. Wigglesworth explained that a total of

eight Internal Audits were on the FY Audit Plan, and as of March the results of four audits had

been reported to the Committee. Results of the remaining audits on the audit plan would be

presented at the June meeting.

VI. PROPOSED ERM PROCESS STRUCTURE

Ken King, Chief Administrative Services Officer and Mick Zdeblick, Chief Operations

Officer, joined the meeting to present the Enterprise Risk Management Initiative proposal to the

Committee and requested feedback in preparation for a full presentation to the Board of

Directors at the June Hospital Board Meeting. Content and presentation format were discussed

at length and it was determined that the presentation should also include : 1) what drove the need

for the ERM process; 2) a macro overview; 3) 7 steps to success, foreshadowing a pacing plan

for the future; 4) high level example demonstrating purpose.

Action: It was agreed that the presentation, with the Committee’s recommended

modifications, would be presented to the Board of Directors at the June 10, 2014 meeting. Mitch

Olejko confirmed that a motion was not necessary to proceed with this plan. Ken King and Mick

Zdeblick left the meeting at 5:50pm.

VII. PROPOSED HOSPITAL PROCESS OF POLICY OVERSIGHT AND BOARD

APPROVAL

Ms. Wigglesworth reviewed a draft memo summarizing the proposed process for Board

oversight for review of new hospital policies or revisions to existing policies. The proposal is

designed to provide verification and internal controls prior to the submission of policies to the

Hospital Board for approval.

Action: A motion to accept the proposal for presentation to the Board was made by

Committee member Chiu, seconded by Committee member Sublett and adopted by a unanimous

vote of six Committee members.

VIII. DRAFT COMMITTEE CHARTER REVISIONS

Ms. Wigglesworth presented a revised draft of the Corporate Compliance/Privacy and

Audit Committee Charter.

Action: The revisions were accepted upon a motion made by Committee member Anolik-

Shakked, seconded by Committee member Chiu and by a unanimous vote of six Committee

members.

IX. DRAFT FY: 15 COMMITTEE GOALS

A draft of Committee goals and action plan was discussed. Committee member Houssaini

suggested adding to the ERM goal clarification of how identified risks will be monitored. Ms.

Wigglesworth indicated she would include this in the Metrics of Success.

Action: The draft was approved with the recommended modifications, upon a motion

made by Committee member Alles, seconded by Committee member Chiu, and a unanimous

vote of six Committee members.



of April 10, 2014



-3-

X. ADJOURN TO CLOSED SESSION

Upon motion duly made, and approved by a vote of six Committee members in favor, the

Open Session of the meeting was adjourned to Closed Session at 6:13 p.m. pursuant to Gov’t

Code Section 54957.2 to consider and approve the Consent Calendar (the Closed Session

minutes of February 20, 2014), pursuant to Health and Safety Code Section 32106(b) for one

conference with legal counsel, and pursuant to Gov’t Code Section 54956.9(d)(2) for three

conferences with legal counsel.

IX. CLOSED SESSION

The Committee completed its business of the Closed Session at 6:51 p.m.

X. RECONVENE OPEN SESSION

The Open Session was reconvened at 6:51p.m.

XI. CLOSED SESSION REPORTS

Chair Zoglin announced that the following actions were taken in closed session: The

minutes of the Closed Session of the February 20, 2014 Committee meeting were approved

upon motion made by Committee member Sublett, seconded by Committee member Alles, and

by a vote of five Committee members (Alles, Anolik-Shakked, Houssaini, Sublett and Zoglin)

and one abstention (Chiu); the Management Response to OIG Work Plan was approved for

recommendation to the Board upon motion of Committee member Chiu, seconded by Committee

member Sublett and a unanimous vote of six Committee members.

XII. STATUS OF COMMITTEE GOALS FY 2104

All goals remain on target.

XI. CLOSING COMMENTS

There being no further business, on a motion by Committee Chiu, seconded by

Committee Sublett, and a unanimous vote of six Committee members, the meeting was

adjourned at 6:55 p.m.

John Zoglin

Chair, ECH Compliance/Privacy and

Internal Audit Committee

Attest as to the approval of the foregoing

minutes by the Corporate Compliance/Privacy

and Internal Audit Committee and by the

El Camino Hospital Board of Directors.



of April 10, 2014



-4-

Patricia A. Einarson, MD

ECH Board Secretary/Treasurer

Separator Page

Attachment 6 Key Performane Indicators Scorecard

and Trends.pdf

Corporate Compliance Scorecard FY14El Camino Hospital

Key Performance Indicator

FY:14

Current

Month

Current Year

Actual

Prior Year

Actual

Core Elements

Policies and Procedures May. 2014Jul - May.

FY:2014

Jul - May.

FY: 2013

Number of reported instance when policies not followed 8 38 35

Number of disciplinary actions due to Investigations 3 17 14

Education and Training May. 2014Jul - May.

FY:2014

Jul - May.

FY: 2013

Percentage of new employees trained within 30 days of start date 100% 100% 100%

Investigations May. 2014Jul - May.

FY:2014

Jul - May.

FY: 2013

Total number of investigations 23 131 161

Investigations open 4 9 2

Investigations closed 19 122 143

Hotline concerns substantiated 1 22 22

Hotline concerns not substantiated 4 24 19

Average number of days to investigate concerns 5 5 5

Reporting Trends May. 2014Jul - May.

FY:2014

Jul - May.

FY: 2013

Anti-Kickback/Stark 3 22 33

EMTALA 1 6 5

HIPAA Reports 19 148 172

HIPAA Security Breaches 0 1 2

Billing or Claims 4 18 37

Conflict of Interest 0 0 2

Reported Events to CMS May. 2014Jul - May.

FY:2014

FY:13

Actual

Number of total events self reported by ECH 0 0 1

Number of self reported events followed up by CMS 0 0 1

CMS initiated visits (separate from ECH self reported events) 0 4 0

Number of statement of deficiencies issued to ECH 0 30 5

Number of Actual Sanctions, fines or penalties 0 0 $ -

Reported Events to CDPH May. 2014Jul - May.

FY:2014

FY:13

Actual

Number of total regulator events self reported by ECH 0 10 21

Number of self reported events followed up by CDPH 1 6 7

Number of total privacy breaches self reported by ECH 5 40 25

CDPH initiated visits (separate from ECH self reported events) 1 6 9

Number of statement of deficiencies issued to ECH 4 5 4

Number of Actual/Realized Sanctions, fines or penalties 0 0 $ 100.00

Monitoring and Audit Findings May. 2014Jul - May.

FY:2014

FY:13

Actual

Total number of Audit Findings 8 36 96

Number of findings identified has high severity 2 2 14

1 of 1

Separator Page

Attachment 6b Corporate Compliance Scorecard

Trends.pdf


2

1

2

1

7

2

6

8

5

1

4

2

1

2 2

8

2

4 4

8

2

3

1

2

1

3

1

2 2 2

1

2

1

2

3

1

3 3

1 1

0

2

4

6

8

10

Jul -12 Aug -12 Sep -12 Oct -12 Nov -12 Dec -12 Jan -13 Feb -13 Mar -13 Apr -13 May -13 Jun -13 Jul -13 Aug -13 Sep -13 Oct -13 Nov -13 Dec -13 Jan -14 Feb -14 Mar -14 Apr -14 May -14

Nu

mb

er

of

Inst

an

ces

Policies & Procedures

Non-Compliance with Policies / Disciplinary Action Following Investigation of Non-Compliance

# Reports of Non-Compliance with Policies # Disciplinary Actions Following Investigation of Non-Compliance

14

2 2 2 13

1 2 2 2 31

52

51 1

3 31

3 0

53

31

31 4

2

1

2

41

1 24

1 2

12 13

7

1311

23

14 1416

23

1513

97 7 8

23

7

1210

23

13 12

0

5

10

15

20

25

30

Jul -12 Aug -12 Sep -12 Oct -12 Nov -12 Dec -12 Jan -13 Feb -13 Mar -13 Apr -13 May -13 Jun -13 Jul -13 Aug -13 Sep -13 Oct -13 Nov -13 Dec -13 Jan -14 Feb -14 Mar -14 Apr -14 May -14

Nu

mb

er

of

Inst

an

ces

Investigations: Total Investigations / Hotline Activity

Hotline Reports Substantiated Hotline Reports Not Substantiated Total # of Investigations

14 15 13 17 15 18 13 14 19 19 15 16 8 14 10 14 19 11 13 14 19

2 1 12 1 3 2

3 33 4

15

11

10

1

63

5

07

14212835

Jul -12 Aug -12 Sep -12 Oct -12 Nov -12 Dec -12 Jan -13 Feb -13 Mar -13 Apr -13 May -13 Jun -13 Jul -13 Aug -13 Sep -13 Oct -13 Nov -13 Dec -13 Jan -14 Feb -14 Mar -14

Nu

mb

er

of

Inst

an

ces

Incidents Requiring Report to Outside Entity

HIPPA Reports Privacy Breaches Self Reported by ECH to CDPH

0

4

8

12

16

Nu

mb

er

of

Inst

an

ces

Anti-Kickback/Stark EMTALA Billing or Claims Conflict of Interest HIPPA Security Breaches

6/10/2014 F:\Clineff\ANNE\Ad Hoc Projects\Diane W\Corporate Compliance Scorecard FY14 Totals/Graphs

Separator Page

Attachment 7 - Goals for Compliance Committee

CCPIAC FY 15.doc

Corporate Compliance/Privacy and Audit Committee

Goals FY 2015

Purpose

The purpose of the Corporate Compliance/Privacy and Audit Committee (“Compliance and Audit Committee”) is to advise and assist the El Camino Hospital (ECH) Hospital Board of Directors (“Board”) in its exercise of oversight by monitoring the compliance policies, controls and processes of the organization and the engagement, independence and performance of the internal auditor and external auditor. The Compliance and Audit Committee assists the Board in oversight of any regulatory audit and in assuring the organizational integrity of ECH in a manner consistent with its mission and purpose.

Staff: Diane Wigglesworth, Director of Corporate Compliance

The Director, Corporate Compliance/Privacy and Audit Committee shall serve as the primary staff support to the Committee and is responsible for drafting the Committee meeting

agenda for the Committee Chairs consideration. Additional members of the executive team or outside consultants may participate in the Committee meetings upon the

recommendation of the Director, Corporate Compliance/Privacy and Internal Audit Committee and at the discretion of the Committee Chair.

Goals Timeline by Fiscal Year

(Timeframe applies to when the Board approves the recommended action from the Committee, if applicable.)

Metrics of Success Achieved

Review and evaluate Hospitals proposed FY 2015 Internal Audit Work Plan based on the current risk assessment.

Q1 2015

Committee Reviews FY 2015 Internal Audit Work Plan Developed by Staff in August and provides report to the Board in September 2014.

Participate in staff developed education session regarding Government Audit Programs. (i.e. MIC, MAC, ZPIC and RAC)

Q2 2015 Committee to receive education by 12/31/14.

Review Enterprise-Wide Risk Assessment and action plan for identified risks and validate the top four risks under each domain.

Q3 2015 Committee Reviews ERM Risk Assessment and approves Hospital’s action plan for identified risks and recommends plan to the Board for approval in March 2015

Review and evaluate Hospital’s risk mitigation plan for Research Compliance.

Q4 2015 Committee presents risk mitigation plan to the Board by June 2015.

Submitted by: John Zoglin, Chair, Corporate Compliance/Privacy and Compliance Committee Diane Wigglesworth, Executive Sponsor, Corporate Compliance/Privacy and Compliance Committee

Separator Page

Attachment 16 - Goals for Compliance Committee

CCPIAC FY 14.doc

Corporate Compliance/Privacy and Audit Committee

Revised Goals FY 2014

Purpose

The purpose of the Corporate Compliance/Privacy and Audit Committee (“Compliance and Audit Committee”) is to advise and assist the El Camino Hospital (ECH) Hospital Board of Directors (“Board”) in its exercise of oversight by monitoring the compliance policies, controls and processes of the organization and the engagement, independence and performance of the internal auditor and external auditor. The Compliance and Audit Committee assists the Board in oversight of any regulatory audit and in assuring the organizational integrity of ECH in a manner consistent with its mission and purpose.

Staff: Diane Wigglesworth, Director of Corporate Compliance

The Director, Corporate Compliance/Privacy and Audit Committee shall serve as the primary staff support to the Committee and is responsible for drafting the Committee meeting

agenda for the Committee Chairs consideration. Additional members of the executive team or outside consultants may participate in the Committee meetings upon the

recommendation of the Director, Corporate Compliance/Privacy and Internal Audit Committee and at the discretion of the Committee Chair.




Review and evaluate Hospitals proposed FY 2014 Internal Audit Work Plan based on the current risk assessment for recommendation to Hospital Board.

Q2 2014 - Completed – Board approved 10/2013

Committee Reviews FY 2014 Internal Audit Work Plan Developed by Staff in September and Recommends Plan to Board for Approval at October Board meeting.

Review FY: 2014 OIG Work Plan and evaluate suitability of Hospitals proposed response plan to the report.

Q2 2014 – Completed – Board approved 5/2014 Committee Reviews Hospital’s Proposed Response Plan to OIG Work Plan in February and Recommends Plan to the Board for Approval at March Board Meeting.

Develop ERM Guidance for Board on Structure, Reporting and Governance Oversight

Q3- Q4 2014 – On target to complete with Presentation to the Board on June 11, 2014

Committee Recommends Process for Evaluation of ERM to the Board for Approval Not Later Than May 2014 Board Meeting.




Develop a Process for Oversight of New Policies and Changes to Existing Policies

Q4 2014 – Complete – Approved by the Board 5/2014

Committee Recommends Process for Policy Oversight to Board for Approval Not Later Than June 2014.

Submitted by: John Zoglin, Chair, Corporate Compliance/Privacy and Compliance Committee Diane Wigglesworth, Executive Sponsor, Corporate Compliance/Privacy and Compliance Committee Status to Complete as of 5.22.14

packet -corporate compliance /privacy and internal audit ... · corporate compliance committee 5:01...

Documents