packet -corporate compliance /privacy and internal audit ... · corporate compliance committee 5:01...
TRANSCRIPT
A copy of the agenda for the Regular Committee Meeting will be posted and distributed at least seventy-two (72) hours prior to the
meeting. In observance of the Americans with Disabilities Act, please notify us at 650-988-7504 prior to the meeting so that we
may provide the agenda in alternative formats or make disability-related modifications and accommodations.
AGENDA Corporate Compliance /Privacy and Internal Audit Committee Meeting
of the El Camino Hospital Board
Thursday, June 19, 2014, 5:00 – 7:00 p.m.
El Camino Hospital, Conference Room F, ground floor
2500 Grant Road, Mountain View, California
and via teleconference
330 East Strawberry Drive, Mill Valley, CA 94941
Purpose: The Corporate Compliance/Privacy and Internal Audit Committee is responsible for providing direction for both the
Corporate Compliance and Internal Audit programs at all locations of El Camino Hospital (ECH). Responsibilities include
providing oversight on compliance issues requiring executive-level interaction, assessing physician relationship risk as it relates
to compliance, reviewing HIPAA/Privacy laws as they relate to compliance and directing ECH on compliance strategies. The
Committee also serves as the ad-hoc mobilization team for any external investigations and/or actions. Further, additional
responsibilities include providing direction and oversight to ongoing internal audit activity and determining appropriate
organizational response in order to identify and mitigate organizational risk.
AGENDA ITEM PRESENTED BY
1. CALL TO ORDER/ROLL CALL John Zoglin, Chair,
Corporate Compliance
Committee
5:00 – 5:01 p.m.
2. POTENTIAL CONFLICT OF
INTEREST DISCLOSURES
John Zoglin, Chair,
Corporate Compliance
Committee
5:01 – 5:02
3. PUBLIC COMMUNICATION John Zoglin, Chair,
Corporate Compliance
Committee
5:02 – 5:07
4. CONSENT CALENDAR ITEMS
Any Committee Member may pull an item
for discussion before a motion is made.
Approval:
a. Minutes of Corporate Compliance
Meeting, April 10 2014
ATTACHMENT 4
John Zoglin, Chair,
Corporate Compliance
Committee
public
comment motion required
5:07 – 5:10
5. ERM RISK PROFILE
Discussion regarding how Board/Committee
discuss overall risk profile and what is
recommended structure regarding other board
committee risk tolerance discussions
John Zoglin, Chair,
Corporate Compliance
Committee
information
5:10 – 5:40
6. KEY PERFORMACE INDICATORS
SCORECARD AND TRENDS
a. KPI Scorecard
b. Trends
ATTACHMENT 6
Diane Wigglesworth,
Corporate
Compliance/ Privacy
Officer
information
5:40 – 5:45
Agenda: El Camino Hospital Corporate Compliance/Privacy and Internal Audit Committee Meeting June 19, 2014 Page 2
AGENDA ITEM PRESENTED BY
7. FY: 15 COMMITTEE GOALS
ATTACHMENT 7
John Zoglin, Chair, Corporate Compliance Committee
information 5:45 – 5:46
8. ADJOURN TO CLOSED SESSION 5:46
9. POTENTIAL CONFLICT OFINTEREST DISCLOSURES
John Zoglin, Chair, Corporate Compliance Committee
5:46 – 5:47
10. CONSENT CALENDARAny Committee Member may pull an itemfor discussion before a motion is made.
John Zoglin, Chair, Corporate Compliance Committee
5:47 – 5:50
ApprovalClosed Session Minutes (4/10/14)Govt. Code Section 54957.2
InformationConference with legal counsel –pending or threatened litigation –Gov’t. Code Section 54956(d)(2)
- Compliance and Privacy Logs - Internal Audit Follow Up
motion required
information
11. Conference with legal counsel – pending or threatened litigation - Gov’t. Code Section 54956.9(d)(2)- Report on Internal Audit Activity
Diane Wigglesworth, Corporate Compliance/ Privacy Officer
information 5:50 – 6:10
12. Health and Safety Code Section 32106(b) for a report involving health care facility trade secrets- Discussion on IT Security
Greg Walton, CIO information 6:10 – 6:35
13. Conference with legal counsel – pending or threatened litigation - Gov’t Code Section 54956.9(d)(2)- Discussion on Compliance & Privacy
Program Activity
Diane Wigglesworth, Corporate Compliance/ Privacy Officer
information 6:35 – 6:40
14. Health and Safety Code Section 32106(b) for a report involving health care facility trade secrets- Discussion on Pacing Calendar
John Zoglin, Chair Corporate Compliance Committee
information 6:40 – 6:50
15. RECONVENE OPEN SESSIONTo report any required disclosures regardingpermissible actions taken during ClosedSession.
John Zoglin, Chair, Corporate Compliance Committee
6:50
Agenda: El Camino Hospital Corporate Compliance/Privacy and Internal Audit Committee Meeting June 19, 2014 Page 3
AGENDA ITEM PRESENTED BY
16. STATUS OF FY:14 COMMITTEE GOALS
ATTACHMENT 16
John Zoglin, Chair, Corporate Compliance Committee
information 6:50 – 7:00
17. ADJOURNMENT John Zoglin, Chair,
Corporate Compliance Committee
7:00 p.m.
Upcoming Corporate Compliance Committee Meetings: August 21, 2014 September 23, 2014 November 13,2014 January 15, 2015 March 19, 2015 May 21, 2015
Separator Page
Attachment 4 Corp Compliance Open Minutes 4-10-14
(Final).docx
DRAFT: Subject to Corporate Compliance
Committee Consideration
EL CAMINO HOSPITAL
BOARD of DIRECTORS
CORPORATE COMPLIANCE/PRIVACY and INTERNAL AUDIT COMMITTEE
Open Session Meeting – April 10, 2014
MINUTES
The Meeting of the Compliance/Privacy and Internal Audit Committee of the Board of Directors
of El Camino Hospital (the “Committee”) was called to order by Chair John Zoglin at 5:00 p.m.
on Thursday, April 10, 2014, in Conference Room A at El Camino Hospital.
I. CALL TO ORDER
A silent roll call was taken. Committee members John Zoglin, Wesley Alles, Christine
Sublett, Sharon Anolik-Shakked, Dennis Chiu and Ramy Houssaini (via teleconference) were in
attendance.
II. POTENTIAL CONFLICT OF INTEREST DISCLOSURES
Chair Zoglin asked if there were any conflicts of interest among Committee members.
None were reported.
III. PUBLIC COMMUNICATIONS
Chair Zoglin asked if there were any public communications to be announced. There
were none.
IV. CONSENT CALENDAR
Chair Zoglin asked if there were any consent calendar item changes or corrections to the
minutes of February 20, 2014. None were proposed.
Action: A motion was made by Committee member Anolik-Shakked, seconded by
Committee member Sublett and adopted by a vote of five Committee members in favor, and one
abstention, to approve the minutes of the February 20, 2014 meeting.
V. REVIEW OF KEY PERFORMANCE INDICATORS SCORECARD
Diane Wigglesworth reviewed the current Key Performance Indicators scorecard, stating
that there has been an increase in self-reporting of compliance risks by staff in the past month
over any previous month, via the hotline or directly. She felt that this speaks to the successful
development of the program and the hospital staff’s improved comfort level in reaching out to
Compliance to self-report and correct identified risks. It was noted that there were also four
open investigations which rolled over from the previous month, which is unusual, but again
demonstrates the increase in volume of reported concerns that are being evaluated. Ms.
Wigglesworth pointed out that some calls were made due to misperceptions (for example: what
would qualify as a reportable privacy breach), but emphasized the fact that staff are appropriately
engaging the Compliance department nonetheless. During the month of March there was one
incident which was initiated externally by a patient complaint and resulted in a visit from the
CDPH. The incident was, however, successfully resolved by Risk Management and Compliance
after a review of physician documentation. Committee member Houssaini noted that the number
Minutes: El Camino Hospital Board of Directors Corporate
Compliance/Privacy and Internal Audit Committee Meeting
of April 10, 2014
DRAFT: Subject to Corporate Compliance
Committee Consideration
-2-
of audits appeared to be down from the previous year. Ms. Wigglesworth explained that a total of
eight Internal Audits were on the FY Audit Plan, and as of March the results of four audits had
been reported to the Committee. Results of the remaining audits on the audit plan would be
presented at the June meeting.
VI. PROPOSED ERM PROCESS STRUCTURE
Ken King, Chief Administrative Services Officer and Mick Zdeblick, Chief Operations
Officer, joined the meeting to present the Enterprise Risk Management Initiative proposal to the
Committee and requested feedback in preparation for a full presentation to the Board of
Directors at the June Hospital Board Meeting. Content and presentation format were discussed
at length and it was determined that the presentation should also include : 1) what drove the need
for the ERM process; 2) a macro overview; 3) 7 steps to success, foreshadowing a pacing plan
for the future; 4) high level example demonstrating purpose.
Action: It was agreed that the presentation, with the Committee’s recommended
modifications, would be presented to the Board of Directors at the June 10, 2014 meeting. Mitch
Olejko confirmed that a motion was not necessary to proceed with this plan. Ken King and Mick
Zdeblick left the meeting at 5:50pm.
VII. PROPOSED HOSPITAL PROCESS OF POLICY OVERSIGHT AND BOARD
APPROVAL
Ms. Wigglesworth reviewed a draft memo summarizing the proposed process for Board
oversight for review of new hospital policies or revisions to existing policies. The proposal is
designed to provide verification and internal controls prior to the submission of policies to the
Hospital Board for approval.
Action: A motion to accept the proposal for presentation to the Board was made by
Committee member Chiu, seconded by Committee member Sublett and adopted by a unanimous
vote of six Committee members.
VIII. DRAFT COMMITTEE CHARTER REVISIONS
Ms. Wigglesworth presented a revised draft of the Corporate Compliance/Privacy and
Audit Committee Charter.
Action: The revisions were accepted upon a motion made by Committee member Anolik-
Shakked, seconded by Committee member Chiu and by a unanimous vote of six Committee
members.
IX. DRAFT FY: 15 COMMITTEE GOALS
A draft of Committee goals and action plan was discussed. Committee member Houssaini
suggested adding to the ERM goal clarification of how identified risks will be monitored. Ms.
Wigglesworth indicated she would include this in the Metrics of Success.
Action: The draft was approved with the recommended modifications, upon a motion
made by Committee member Alles, seconded by Committee member Chiu, and a unanimous
vote of six Committee members.
Minutes: El Camino Hospital Board of Directors Corporate
Compliance/Privacy and Internal Audit Committee Meeting
of April 10, 2014
DRAFT: Subject to Corporate Compliance
Committee Consideration
-3-
X. ADJOURN TO CLOSED SESSION
Upon motion duly made, and approved by a vote of six Committee members in favor, the
Open Session of the meeting was adjourned to Closed Session at 6:13 p.m. pursuant to Gov’t
Code Section 54957.2 to consider and approve the Consent Calendar (the Closed Session
minutes of February 20, 2014), pursuant to Health and Safety Code Section 32106(b) for one
conference with legal counsel, and pursuant to Gov’t Code Section 54956.9(d)(2) for three
conferences with legal counsel.
IX. CLOSED SESSION
The Committee completed its business of the Closed Session at 6:51 p.m.
X. RECONVENE OPEN SESSION
The Open Session was reconvened at 6:51p.m.
XI. CLOSED SESSION REPORTS
Chair Zoglin announced that the following actions were taken in closed session: The
minutes of the Closed Session of the February 20, 2014 Committee meeting were approved
upon motion made by Committee member Sublett, seconded by Committee member Alles, and
by a vote of five Committee members (Alles, Anolik-Shakked, Houssaini, Sublett and Zoglin)
and one abstention (Chiu); the Management Response to OIG Work Plan was approved for
recommendation to the Board upon motion of Committee member Chiu, seconded by Committee
member Sublett and a unanimous vote of six Committee members.
XII. STATUS OF COMMITTEE GOALS FY 2104
All goals remain on target.
XI. CLOSING COMMENTS
There being no further business, on a motion by Committee Chiu, seconded by
Committee Sublett, and a unanimous vote of six Committee members, the meeting was
adjourned at 6:55 p.m.
John Zoglin
Chair, ECH Compliance/Privacy and
Internal Audit Committee
Attest as to the approval of the foregoing
minutes by the Corporate Compliance/Privacy
and Internal Audit Committee and by the
El Camino Hospital Board of Directors.
Minutes: El Camino Hospital Board of Directors Corporate
Compliance/Privacy and Internal Audit Committee Meeting
of April 10, 2014
DRAFT: Subject to Corporate Compliance
Committee Consideration
-4-
Patricia A. Einarson, MD
ECH Board Secretary/Treasurer
Separator Page
Attachment 6 Key Performane Indicators Scorecard
and Trends.pdf
Corporate Compliance Scorecard FY14El Camino Hospital
Key Performance Indicator
FY:14
Current
Month
Current Year
Actual
Prior Year
Actual
Core Elements
Policies and Procedures May. 2014Jul - May.
FY:2014
Jul - May.
FY: 2013
Number of reported instance when policies not followed 8 38 35
Number of disciplinary actions due to Investigations 3 17 14
Education and Training May. 2014Jul - May.
FY:2014
Jul - May.
FY: 2013
Percentage of new employees trained within 30 days of start date 100% 100% 100%
Investigations May. 2014Jul - May.
FY:2014
Jul - May.
FY: 2013
Total number of investigations 23 131 161
Investigations open 4 9 2
Investigations closed 19 122 143
Hotline concerns substantiated 1 22 22
Hotline concerns not substantiated 4 24 19
Average number of days to investigate concerns 5 5 5
Reporting Trends May. 2014Jul - May.
FY:2014
Jul - May.
FY: 2013
Anti-Kickback/Stark 3 22 33
EMTALA 1 6 5
HIPAA Reports 19 148 172
HIPAA Security Breaches 0 1 2
Billing or Claims 4 18 37
Conflict of Interest 0 0 2
Reported Events to CMS May. 2014Jul - May.
FY:2014
FY:13
Actual
Number of total events self reported by ECH 0 0 1
Number of self reported events followed up by CMS 0 0 1
CMS initiated visits (separate from ECH self reported events) 0 4 0
Number of statement of deficiencies issued to ECH 0 30 5
Number of Actual Sanctions, fines or penalties 0 0 $ -
Reported Events to CDPH May. 2014Jul - May.
FY:2014
FY:13
Actual
Number of total regulator events self reported by ECH 0 10 21
Number of self reported events followed up by CDPH 1 6 7
Number of total privacy breaches self reported by ECH 5 40 25
CDPH initiated visits (separate from ECH self reported events) 1 6 9
Number of statement of deficiencies issued to ECH 4 5 4
Number of Actual/Realized Sanctions, fines or penalties 0 0 $ 100.00
Monitoring and Audit Findings May. 2014Jul - May.
FY:2014
FY:13
Actual
Total number of Audit Findings 8 36 96
Number of findings identified has high severity 2 2 14
1 of 1
Separator Page
Attachment 6b Corporate Compliance Scorecard
Trends.pdf
Corporate Compliance
2
1
2
1
7
2
6
8
5
1
4
2
1
2 2
8
2
4 4
8
2
3
1
2
1
3
1
2 2 2
1
2
1
2
3
1
3 3
1 1
0
2
4
6
8
10
Jul -12 Aug -12 Sep -12 Oct -12 Nov -12 Dec -12 Jan -13 Feb -13 Mar -13 Apr -13 May -13 Jun -13 Jul -13 Aug -13 Sep -13 Oct -13 Nov -13 Dec -13 Jan -14 Feb -14 Mar -14 Apr -14 May -14
Nu
mb
er
of
Inst
an
ces
Policies & Procedures
Non-Compliance with Policies / Disciplinary Action Following Investigation of Non-Compliance
# Reports of Non-Compliance with Policies # Disciplinary Actions Following Investigation of Non-Compliance
14
2 2 2 13
1 2 2 2 31
52
51 1
3 31
3 0
53
31
31 4
2
1
2
41
1 24
1 2
12 13
7
1311
23
14 1416
23
1513
97 7 8
23
7
1210
23
13 12
0
5
10
15
20
25
30
Jul -12 Aug -12 Sep -12 Oct -12 Nov -12 Dec -12 Jan -13 Feb -13 Mar -13 Apr -13 May -13 Jun -13 Jul -13 Aug -13 Sep -13 Oct -13 Nov -13 Dec -13 Jan -14 Feb -14 Mar -14 Apr -14 May -14
Nu
mb
er
of
Inst
an
ces
Investigations: Total Investigations / Hotline Activity
Hotline Reports Substantiated Hotline Reports Not Substantiated Total # of Investigations
14 15 13 17 15 18 13 14 19 19 15 16 8 14 10 14 19 11 13 14 19
2 1 12 1 3 2
3 33 4
15
11
10
1
63
5
07
14212835
Jul -12 Aug -12 Sep -12 Oct -12 Nov -12 Dec -12 Jan -13 Feb -13 Mar -13 Apr -13 May -13 Jun -13 Jul -13 Aug -13 Sep -13 Oct -13 Nov -13 Dec -13 Jan -14 Feb -14 Mar -14
Nu
mb
er
of
Inst
an
ces
Incidents Requiring Report to Outside Entity
HIPPA Reports Privacy Breaches Self Reported by ECH to CDPH
0
4
8
12
16
Nu
mb
er
of
Inst
an
ces
Anti-Kickback/Stark EMTALA Billing or Claims Conflict of Interest HIPPA Security Breaches
6/10/2014 F:\Clineff\ANNE\Ad Hoc Projects\Diane W\Corporate Compliance Scorecard FY14 Totals/Graphs
Separator Page
Attachment 7 - Goals for Compliance Committee
CCPIAC FY 15.doc
Corporate Compliance/Privacy and Audit Committee
Goals FY 2015
Purpose
The purpose of the Corporate Compliance/Privacy and Audit Committee (“Compliance and Audit Committee”) is to advise and assist the El Camino Hospital (ECH) Hospital Board of Directors (“Board”) in its exercise of oversight by monitoring the compliance policies, controls and processes of the organization and the engagement, independence and performance of the internal auditor and external auditor. The Compliance and Audit Committee assists the Board in oversight of any regulatory audit and in assuring the organizational integrity of ECH in a manner consistent with its mission and purpose.
Staff: Diane Wigglesworth, Director of Corporate Compliance
The Director, Corporate Compliance/Privacy and Audit Committee shall serve as the primary staff support to the Committee and is responsible for drafting the Committee meeting
agenda for the Committee Chairs consideration. Additional members of the executive team or outside consultants may participate in the Committee meetings upon the
recommendation of the Director, Corporate Compliance/Privacy and Internal Audit Committee and at the discretion of the Committee Chair.
Goals Timeline by Fiscal Year
(Timeframe applies to when the Board approves the recommended action from the Committee, if applicable.)
Metrics of Success Achieved
Review and evaluate Hospitals proposed FY 2015 Internal Audit Work Plan based on the current risk assessment.
Q1 2015
Committee Reviews FY 2015 Internal Audit Work Plan Developed by Staff in August and provides report to the Board in September 2014.
Participate in staff developed education session regarding Government Audit Programs. (i.e. MIC, MAC, ZPIC and RAC)
Q2 2015 Committee to receive education by 12/31/14.
Review Enterprise-Wide Risk Assessment and action plan for identified risks and validate the top four risks under each domain.
Q3 2015 Committee Reviews ERM Risk Assessment and approves Hospital’s action plan for identified risks and recommends plan to the Board for approval in March 2015
Review and evaluate Hospital’s risk mitigation plan for Research Compliance.
Q4 2015 Committee presents risk mitigation plan to the Board by June 2015.
Submitted by: John Zoglin, Chair, Corporate Compliance/Privacy and Compliance Committee Diane Wigglesworth, Executive Sponsor, Corporate Compliance/Privacy and Compliance Committee
Separator Page
Attachment 16 - Goals for Compliance Committee
CCPIAC FY 14.doc
Corporate Compliance/Privacy and Audit Committee
Revised Goals FY 2014
Purpose
The purpose of the Corporate Compliance/Privacy and Audit Committee (“Compliance and Audit Committee”) is to advise and assist the El Camino Hospital (ECH) Hospital Board of Directors (“Board”) in its exercise of oversight by monitoring the compliance policies, controls and processes of the organization and the engagement, independence and performance of the internal auditor and external auditor. The Compliance and Audit Committee assists the Board in oversight of any regulatory audit and in assuring the organizational integrity of ECH in a manner consistent with its mission and purpose.
Staff: Diane Wigglesworth, Director of Corporate Compliance
The Director, Corporate Compliance/Privacy and Audit Committee shall serve as the primary staff support to the Committee and is responsible for drafting the Committee meeting
agenda for the Committee Chairs consideration. Additional members of the executive team or outside consultants may participate in the Committee meetings upon the
recommendation of the Director, Corporate Compliance/Privacy and Internal Audit Committee and at the discretion of the Committee Chair.
Goals Timeline by Fiscal Year
(Timeframe applies to when the Board approves the recommended action from the Committee, if applicable.)
Metrics of Success Achieved
Review and evaluate Hospitals proposed FY 2014 Internal Audit Work Plan based on the current risk assessment for recommendation to Hospital Board.
Q2 2014 - Completed – Board approved 10/2013
Committee Reviews FY 2014 Internal Audit Work Plan Developed by Staff in September and Recommends Plan to Board for Approval at October Board meeting.
Review FY: 2014 OIG Work Plan and evaluate suitability of Hospitals proposed response plan to the report.
Q2 2014 – Completed – Board approved 5/2014 Committee Reviews Hospital’s Proposed Response Plan to OIG Work Plan in February and Recommends Plan to the Board for Approval at March Board Meeting.
Develop ERM Guidance for Board on Structure, Reporting and Governance Oversight
Q3- Q4 2014 – On target to complete with Presentation to the Board on June 11, 2014
Committee Recommends Process for Evaluation of ERM to the Board for Approval Not Later Than May 2014 Board Meeting.
Goals Timeline by Fiscal Year
(Timeframe applies to when the Board approves the recommended action from the Committee, if applicable.)
Metrics of Success Achieved
Develop a Process for Oversight of New Policies and Changes to Existing Policies
Q4 2014 – Complete – Approved by the Board 5/2014
Committee Recommends Process for Policy Oversight to Board for Approval Not Later Than June 2014.
Submitted by: John Zoglin, Chair, Corporate Compliance/Privacy and Compliance Committee Diane Wigglesworth, Executive Sponsor, Corporate Compliance/Privacy and Compliance Committee Status to Complete as of 5.22.14