Screening and Evaluation Flashcards

1
Q

Discuss job descriptions: Overview

A

While a job description is not a legal document, it must comply with federal and state labor, wage, and employment regulations as well as the laws regarding disabilities (ADA) and discrimination and may be reviewed in legal proceedings. When preparing the job description, it’s important to determine whether the position is governed by the National Labor Relations Act (NLRA) and whether it is exempt from overtime requirements under the Fair Labor Standards Act (FLSA). Salary analysis should be conducted to reduce the risk of liability related to compensation issues. The job description may not indicate preferred gender or age.

Job descriptions should include:

  • Job Summary: Narrative description of the job.
  • Accurate description of duties, essential job functions (excluding marginal functions), and skills needed for the position. (These are especially important in the event an employee asks for ADA reasonable accommodations).
  • Compliance responsibilities.
  • Minimum qualifications, including experience, skills, education, or knowledge as well as necessary certifications and/or licensure.
  • Explanation of performance assessments.
  • Expected behaviors: Travel, overtime, timeliness, cooperation, compliance, ability to carry.
  • Additional nonessential job responsibilities.
  • Status related to overtime: Exempt or non-exempt.
  • Any disclaimers: Right to revise, at-will employment, additional functions.
  • Statement of receipt of job description and signature of the applicant.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Discuss job descriptions: Benefits

A

Job benefits may vary widely but are often as important as salary in determining whether a person chooses employment. Benefits can include:

  • Leave time: May include holiday time (usually 8 to 10 days per year) sick time (usually 8 to 10 days per year) and vacation time (usually 5 to 20 days) or a combination of paid time off that can be utilized for either vacation or sick days.
  • Insurance coverage: An organization may have group insurance policies available that the employees can pay for or may provide all or part of the cost of insurance. Insurance may include health, dental, eye coverage, and long-term care and may cover only the individual or the individual and immediate family.
  • Childcare: Reimbursement for cost or on-site childcare facility.
  • Retirement policy: May include profit-sharing plans, traditional pensions, 401K plans with employer contribution, stock ownership, and stock bonus plans.
  • Student loan forgiveness: Often offered as a hiring incentive.
  • Transportation: May provide transportation to work or transit passes.
  • Credit unions.
  • Employee assistance programs.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Discuss performance evaluation

A

Performance evaluation is a supervisory function that is used to confirm the hiring, promotion, training, or rewarding of staff. It may be done on an annual basis. Those who perform the appraisal should use objective data and standards and should know and have observed the person being appraised. As part of the appraisal, the role the person has in processes should be determined and evaluation should include findings from performance improvement measures. The job description should include expectations and goals related to performance, and the written appraisal should indicate compliance with these performance expectations, regulations, policies, and procedures. The appraisal may include a rating scale, checklist, productivity studies, and narrative. The appraisal should be discussed with the individual so the person is able to respond. As part of the appraisal process, the individual should establish new goals, based on findings from performance improvement measures and related to strategic plans of the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Discuss job descriptions: Compensation

A

A number of decisions must be made when determining compensation for a position, and the extent and cost of benefits must always be considered as part of the compensation package. Salary may be somewhat dependent on supply and demand but should reflect industry and/or geographic standards. The salary should be included in the job description.

The four usual choices are:

  • Salary in exact dollar amounts: This is clear and unbiased but leaves no room for negotiation or reward for the experience or special skills.
  • Salary range: A rubric should clearly outline the requirements for each level of the salary range (such as years of experience, continuing education, special skills) to avoid bias.
  • Incentive compensation: A bonus at hire or higher than the usual salary range may be provided in order to attract candidates when there is a shortage of eligible hires.
  • Negotiable salary: This can result in wide ranges of salaries for similar positions and can appear biased.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Discuss job descriptions: Employee assistance and counseling

A

An employee assistance program (EAP) is part of the benefits package offered to employees in many organizations. The purpose of the program is to assist employees with personal or work-related problems that interfere with their ability to carry out their jobs. While EAPs vary, they usually include counseling services and referrals. Supportive services may be available for PTSD, workplace violence, substance abuse, domestic violence, occupational stress, emotional stress, financial issues, legal concerns, and life events (births, deaths, illness, disability).

Participation in an employee assistance program is usually voluntary and free of cost (although there may be costs associated with referrals), and participation remains confidential in order to encourage those with problems to take advantage of the program. With some programs, the services are also available to immediate family members. EAPs are available in federal and state agencies as well as in the private sector.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Discuss screening procedures: Credentialing and privileging (Overview)

A

Credentialing is the process by which a person’s credentials to provide that is used to patient care are obtained, verified, and assessed in accordance with organizational bylaws, which may vary from one organization to another. Privileging follows the credentialing process and grants the individual authority to practice within the organization. Decisions regarding credentialing and privileging are usually done by members of a credentials committee although some organizations use Internet services to verify credentials. Part of credentialing and privileging is to determine what credentials are necessary for different positions, based on the following:
Professional standards, such as those of the American Nurses Association.
Licensure.
Regulatory guidelines, such as state requirements.
Accreditation guidelines.

Other considerations include best practices, economic considerations, malpractice insurance coverage, disciplinary actions, and organizational needs. Policies for privileging should be in place to allow for temporary staff privileges for special circumstances or for emergencies. State regulations may vary from one state to another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Who should you sanction screen?

A

Employees, physicians, contractors, vendors and agents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Name two sources you should review when conducting sanction screening.

A

OIG list of excluded individuals and GSA list of debarred contractors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

True/False: Compliance obligations should be included in role descriptions.

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

True/False: Compliance accountabilities should be included in performance evaluations.

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

True/False: Compliance questions should be asked during exit interviews.

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What should you check before conducting background checks on individuals?

A

State and federal laws governing requirements for background checking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Name some laws that govern background checks.

A

Consumer Credit Reporting Act (Fair Credit Reporting Act)
Fair and Accurate Credit Transaction Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What rights does an individual have when discrepancies are discovered?

A

Right to discuss and resolve any discrepancy
Right to request another investigation or present clarifying information if a third party was used to conduct the investigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Should organizations establish policies for background investigations for internal transfers and promotions?

A

Yes, when the employee is being promoted to management, into a corporate position or into a patient care position.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What type of background investigation should be conducted on vendors and contractors supplying goods and services to an organization?

A

Reference checks, OIG/GSA sanction screening, site visits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the effect of an OIG exclusion?

A

No federal health care program payment may be made for any items or services (1) furnished by an excluded individual or entity or (2) directed or prescribed by an excluded physician

18
Q

True/False: Negligent credentialing could result in legal liability

A

TRUE

19
Q

What is the name of the independent, not-for-profit organization whose primary purpose is to provide voluntary accreditation to hospitals?

A

Joint Commission on Accreditation of Hospitals (JCAH)

20
Q

True/False: Hospitals accredited by JCAH are “deemed” to be in compliance with most of the Medicare Conditions of Participation for Hospitals

A

TRUE

21
Q

Name 3 key components of the Health Care Quality Improvement Act

A

1) Immunity for peer review
2) Establishment of National Practioner Data Bank
3) Medical staff credentialing

22
Q

What law made credentialing of providers mandatory upon application and re-credentialing every three years

A

Medicare Prescription Drug, Improvement and Modernization Act of 2003

23
Q

What is a Corporate Integrity Agreement (CIA)?

A

A government-imposed best practices agreement for organizations that violate guidelines and regulatory laws.

24
Q

Discuss screening procedures: Credentialing and privileging (core criteria)

A

There are many considerations for credentialing and privileging. Some of the considerations are internal organizational considerations that do not involve the quality of the applicant. However, some considerations focus only on the applicant.

There are 4 primary core criteria:

  • Licensure: This must be current through the appropriate state board, such as the state board of nursing.
  • Education: This includes training and experience appropriate for the credential and may include technical training, professional education, residencies, internships, fellowships, doctoral and post-doctoral programs, and board and clinical certifications.
  • Competence: Evaluations and recommendations by peers regarding clinical competence and judgment provide information about how the person applies knowledge.
  • Performance ability: The person should have demonstrated the ability to perform the duties to which the credentialing/privileging applies.
25
Q

Discuss screening procedures: Practitioner profiling

A

Practitioner profiling provides practitioner-specific data information summary as part of reappraisal for re-credentialing or
re-privileging. This may be an ongoing process (the ideal) or done every 1-2 years as required for credentialing. Profiling should document not only areas of concern but also positive outcomes and must remain confidential, and released only according to the bylaws of the organization and for peer review. Reviews must be signed by appropriate management/supervisory staff, such as medical directors.

Profiles should include the following information:

  • Clinical monitoring, including mortality rates, peer-reviewed events with negative ratings.
  • Practices placing patients at risk, including operative procedures, medication, and blood product administration. Infection rates, healthcare-related.
  • Utilization management findings, including readmissions and the average length of stay (ALOS).
  • Patient safety findings related to root cause analysis.
  • Findings of risk management and medical record review.
26
Q

Discuss screening procedures:

Credentialing/appointment/privileging delineation process

A

The credentialing/appointment/privileging delineation process is increasingly important as clinical guidelines and accountability have become accepted in medical practice. While processes are important, the role of the individual practitioner, especially related to adherence to standards, is a necessary component of credentialing/appointment/privileging. Clinical privileges are delineated based on criteria established by the organization but specific to the individual’s area of expertise. Privilege control sheets are used to delineate the level of competency necessary for each privilege granted, and these competency levels are based on best practices and performance improvement data. Privileges are granted for a period of time not to exceed years. Continuing education requirements may be required, especially in organizations accredited by the Joint Commission, which requires documentation of completion of continuing education courses for credentialing.

27
Q

Discuss screening procedures:

Certification

A

Certification is a form of professional credentialing that is part of role delineation, and is voluntary on the part of the nurse or other healthcare provider but represents increased education and/or clinical expertise. Certification may be acquired from a large number of different organizations. Nursing certification is managed by the American Board of Nursing Specialties. ANCC, for example, offers a wide range of certificates for nurse practitioners and clinical nurse specialists, such as Adult Care Nurse Practitioner, as well as specialty certifications, such as Ambulatory Care Nursing and Cardiac-Vascular Nursing. Some certification boards provide only one type of certification. For example, the Certification Board of Infection Control and Epidemiology, Inc., provides only the Certification in Infection Control (CIC). Each certification has specific requirements that may include educational preparation/degree, clinical experience, and passing a certifying exam. Certification is for a specified period of time and various requirements are in place for recertification, such as completing continuing nursing education and employment in the area of certification. Certification can be verified through the certifying agency.

28
Q

Discuss screening procedures: Workforce clearance policy (45 CFR 164.308)

A

One of the administrative safeguards to prevent breaches of PHI is a workforce clearance policy (45 CFR 164.308), which is essentially a policy for screening workforce members in order to ensure that business assets, PHI, the entity’s reputation, and any confidential information are secure. Basic workforce information that is stored should include the name, address, and contact information (telephone number, email address, emergency contact person), electronic access information (user name, password), results of background checks, a record of required training, and a list of any equipment (including the model and serial number) assigned to the individual.

A minimum of two elements of the following should be verified:

  • Employment History, References: Telephone and speak directly with at least two references, and verify that the business is legitimate.
  • Educations, Training, Certification: Obtain official transcripts, review training records, verify certification information online with the certifying agency
  • Background Check: Fingerprinting, check with Bureau of Criminal Investigations, FBI, Sex Offender Registry, Criminal Offender Record Information, Nurse Aide Registry, or other appropriate agency. Business Associates, Independent Contractors: Conduct business name search through Secretary of State, verify Certification Validation number and National Provider Identifier (NPI). Check exclusion lists.
29
Q

Discuss employment background checks

A

Background checks are often carried out pre-employment and the types of checking may vary with different organizations and different positions. The job description and employment contracts should indicate if employment is contingent on passing a background check, which may require fingerprinting, or verification of credentials. Background checks may also be carried out on companies, consultants, and vendors. Confidential reports (such as Social Security, credit) are usually maintained separately from the individual’s personnel file.

Background checks may include:

  • Verification of education, licensure, certification, credentialing.
  • Criminal convictions (felonies, misdemeanors).
  • Trace of Social Security number.
  • National Sex Offender database search.
  • Motor vehicle records search.
  • Credit history.
  • Review•of social media sites (Twitter, Facebook). Note: some state laws prohibit asking applicants for user names and passwords; and, if protected information, such as ethnicity, is on those sites and considered during hiring, this may lead to a claim of illegal discrimination.

The results of the background check should be carefully reviewed and hiring decisions made based on established guidelines. For example, if guidelines deny employment to those with any felony convictions, then there should be no exceptions unless they are expressly outlined in the guidelines (such as no felony convictions in the previous 10 years).

30
Q

Discuss exit interviews

A

The Treasury Department, through the Office of Foreign Assets Exit interviews may be conducted by supervisors/managers and/or human
Control (OFAC), administers and enforces sanctions against those who resource personnel. Exit interviews should be conducted in a positive
do business with individuals, groups, and entities on the Specially atmosphere and the employee asked for permission to share information
Designated Nationals and blocked persons (SDN) list, which can gained in the interview. If the information is to be aggregated with that of
include terrorists and those engaged in trafficking narcotics. Trade and other exiting employees, the employee should be so advised, but aggregating
financial or other transactions with those on the list are prohibited is not always possible in smaller organizations or with singular positions.
although licenses can be applied for to allow some exceptions. Names The employee may refuse to participate. The questioner should remain
are added to the SDN list frequently, so it is imperative that a healthcare supportive but neutral during the interview, neither agreeing or disagreeing
institution rescan the exclusions database routinely and ask for email but should note and report any actionable complaints, such as a complaint of
updates; and, when receiving a payment, the names of the payor should sexual harassment or noncompliant practices. Questioning may include:
be checked against the list. Penalties can be significant, even if the • Were you concerned about any violations of regulations or policies
institution is unaware that it is doing business with an individual, group, during your employment?
or entity on the list: • What prompted you to look for outside employment?
• Civil: $250,000 or double the amount of the transaction up to • Why are you leaving your position?
$1,075,000 per violation. • What positive experiences did you have?
• Criminal: $50,000 to $10,000,000, 10 to 30 years in prison. • What could have been done better?
• Would you consider working for this organization in the future?
The OFAC publishes regular lists of those who received sanctions, • Do you feel that your job responsibilities changed from your original job
including the amount of the financial penalty. description?
• Did you feel comfortable sharing concerns about your job with your
supervisor or others?
• Do you feel that the feedback/evaluations you received were
constructive?

31
Q

Discuss the Office of Foreign Assets Control Specially Designated Nationals (OFAC SDN) list

A

The Treasury Department, through the Office of Foreign Assets Exit interviews may be conducted by supervisors/managers and/or human
Control (OFAC), administers and enforces sanctions against those who resource personnel. Exit interviews should be conducted in a positive
do business with individuals, groups, and entities on the Specially atmosphere and the employee asked for permission to share information
Designated Nationals and blocked persons (SDN) list, which can gained in the interview. If the information is to be aggregated with that of
include terrorists and those engaged in trafficking narcotics. Trade and other exiting employees, the employee should be so advised, but aggregating
financial or other transactions with those on the list are prohibited is not always possible in smaller organizations or with singular positions.
although licenses can be applied for to allow some exceptions. Names The employee may refuse to participate. The questioner should remain
are added to the SDN list frequently, so it is imperative that a healthcare supportive but neutral during the interview, neither agreeing or disagreeing
institution rescan the exclusions database routinely and ask for email but should note and report any actionable complaints, such as a complaint of
updates; and, when receiving a payment, the names of the payor should sexual harassment or noncompliant practices. Questioning may include:
be checked against the list. Penalties can be significant, even if the • Were you concerned about any violations of regulations or policies
institution is unaware that it is doing business with an individual, group, during your employment?
or entity on the list: • What prompted you to look for outside employment?
• Civil: $250,000 or double the amount of the transaction up to • Why are you leaving your position?
$1,075,000 per violation. • What positive experiences did you have?
• Criminal: $50,000 to $10,000,000, 10 to 30 years in prison. • What could have been done better?
• Would you consider working for this organization in the future?
The OFAC publishes regular lists of those who received sanctions, • Do you feel that your job responsibilities changed from your original job
including the amount of the financial penalty. description?
• Did you feel comfortable sharing concerns about your job with your
supervisor or others?
• Do you feel that the feedback/evaluations you received were
constructive?

32
Q

Discuss the OIG’s Exclusion Database

A

The purpose of the System for Award Management’s (SAM’s)
exclusion database is to prevent companies and organizations from The OIG’s Exclusion Database, which contains the List of Excluded
engaging in business with individuals/entities who have been Individuals/Entities (LEIE), can be downloaded into an organization’s
sanctioned, excluded, or debarred by a federal agency. SAM brings spreadsheet/database program for ease of checking large numbers of
together a number of different databases to simplify record search: names; or, if checking a limited number of names, a search can be
Central Contractor Registry (CCR), Federal Agency Registration carried out online. The database allows checking of up to 5 names at a
(Fedreg), Online Representations and certifications Application (ORCA), time. When a matching name is found, the individual’s Social Security
Excluded Persons List System (EPLS), Catalog of federal Domestic number or entity’s Employer Identification Number should be checked
Assistance (CFDA), Federal Business Opportunities (FBO), Wage as well. Former names should be checked as well. If a name contain
Determinations Online Performance Information (WDOL), Past punctuation (O’Connor, Parker-Braxton), that punctuation should be
Performance Information Retrieval System/Contractor Performance included in the search. Hyphenated names should be searched in both
Assessment Reporting System/Federal Awardee Performance and orders (Parker-Braxton, Braxton-Parker). Searching can often be done
Integrity Information System (PPIRS/CPARS/FAPIIS), Federal by using only the first few letters of a name, and capitalization is not
Procurement Data System—Next Generation (FPDS-NG), and Electronic necessary; however, the search must begin with the first letters of the
Subcontracting Reporting System/FFATAS Subaward Reporting System individual’s or entity’s name. For example, if the entity’s name is Smith’s
(eSRS/FSRS). A SAM registration is required for those who want to work Devices, the search must begin with smith as beginning with devices will
with federal agencies or to receive federal grants. SAM does not have the not bring up this record. The exclusion Database issues monthly
authority to exclude or fine individuals or entities using their services supplements and periodically updates the database.
but simply provides information. If an individual or entity is found to be
excluded in a SAM search, then further verification is needed to
determine whether the organization can do business with the individual
or entity.

33
Q

Discuss the System for Award Management’s (SAM’s) exclusion database

A

The purpose of the System for Award Management’s (SAM’s)
exclusion database is to prevent companies and organizations from The OIG’s Exclusion Database, which contains the List of Excluded
engaging in business with individuals/entities who have been Individuals/Entities (LEIE), can be downloaded into an organization’s
sanctioned, excluded, or debarred by a federal agency. SAM brings spreadsheet/database program for ease of checking large numbers of
together a number of different databases to simplify record search: names; or, if checking a limited number of names, a search can be
Central Contractor Registry (CCR), Federal Agency Registration carried out online. The database allows checking of up to 5 names at a
(Fedreg), Online Representations and certifications Application (ORCA), time. When a matching name is found, the individual’s Social Security
Excluded Persons List System (EPLS), Catalog of federal Domestic number or entity’s Employer Identification Number should be checked
Assistance (CFDA), Federal Business Opportunities (FBO), Wage as well. Former names should be checked as well. If a name contain
Determinations Online Performance Information (WDOL), Past punctuation (O’Connor, Parker-Braxton), that punctuation should be
Performance Information Retrieval System/Contractor Performance included in the search. Hyphenated names should be searched in both
Assessment Reporting System/Federal Awardee Performance and orders (Parker-Braxton, Braxton-Parker). Searching can often be done
Integrity Information System (PPIRS/CPARS/FAPIIS), Federal by using only the first few letters of a name, and capitalization is not
Procurement Data System—Next Generation (FPDS-NG), and Electronic necessary; however, the search must begin with the first letters of the
Subcontracting Reporting System/FFATAS Subaward Reporting System individual’s or entity’s name. For example, if the entity’s name is Smith’s
(eSRS/FSRS). A SAM registration is required for those who want to work Devices, the search must begin with smith as beginning with devices will
with federal agencies or to receive federal grants. SAM does not have the not bring up this record. The exclusion Database issues monthly
authority to exclude or fine individuals or entities using their services supplements and periodically updates the database.
but simply provides information. If an individual or entity is found to be
excluded in a SAM search, then further verification is needed to
determine whether the organization can do business with the individual
or entity.

34
Q

Discuss the Specially Designated Global Terrorist (SDGT) designation

A

Under the United States Foreign Corrupt Practices Act, those making The Office of Foreign Assets Control (OFAC) maintains lists of
payments to a third party while knowing (or disregarding) that all or part of countries/individual/entities that are considered Specially Designated
the payment will go to a foreign official or that the vendor, consultant, or Global Terrorists (SDGTs), which may include terrorists and narcotic
business is involved in corruption can be held liable. Steps to third party traffickers. Trade or financial transactions (including gift giving) with
due diligence include: those on the SDGT list are prohibited although the OFAC may provide
• Risk assessment: Assess the geographic location of an entity, the type licenses for some types of transactions. Those who are sanctioned may
of industry, and background information about the entity, such as appear on the SDN list as well. All US citizens and permanent resident
reputation and history of regulatory actions. aliens must comply with OFAC regulations. If the sanction policies are
• Gather information: Review should include details about violated, the guilty party may incur both civil and criminal penalties, and
shareholders/beneficiaries, compliance, affiliations, incorporation fines may total in the millions of dollars. OFAC allows self-disclosure of
documents, proof of identity, political influence/links, and financial past violations that were undetected but has no amnesty program. The
sources. Any problem areas should be identified. Data may be collected OFAC website contains the SDN list as well as other sanctions lists. OFAC
through Internet searches and internal and external questionnaires. provides email notification services so that organizations can remain
• Screen against exclusion databases and other watchlists, including law current with all OFAC updates. Property and entities are blocked if a
enforcement and politically exposed persons lists (government officials, blocked individual/company, country has a 50% or greater interest, but
political party officials, senior executives, including family members). even if the interest is less than 50%, there is a risk of future blocking.
• Validate the data: Credit checks, public records review, databases,
media archives.
• Maintain records of the due diligence process and copies of all
relevant documents, findings.
• Monitor the third-party relationship in an ongoing basis.

35
Q

Discuss third party due diligence

A

Under the United States Foreign Corrupt Practices Act, those making The Office of Foreign Assets Control (OFAC) maintains lists of
payments to a third party while knowing (or disregarding) that all or part of countries/individual/entities that are considered Specially Designated
the payment will go to a foreign official or that the vendor, consultant, or Global Terrorists (SDGTs), which may include terrorists and narcotic
business is involved in corruption can be held liable. Steps to third party traffickers. Trade or financial transactions (including gift giving) with
due diligence include: those on the SDGT list are prohibited although the OFAC may provide
• Risk assessment: Assess the geographic location of an entity, the type licenses for some types of transactions. Those who are sanctioned may
of industry, and background information about the entity, such as appear on the SDN list as well. All US citizens and permanent resident
reputation and history of regulatory actions. aliens must comply with OFAC regulations. If the sanction policies are
• Gather information: Review should include details about violated, the guilty party may incur both civil and criminal penalties, and
shareholders/beneficiaries, compliance, affiliations, incorporation fines may total in the millions of dollars. OFAC allows self-disclosure of
documents, proof of identity, political influence/links, and financial past violations that were undetected but has no amnesty program. The
sources. Any problem areas should be identified. Data may be collected OFAC website contains the SDN list as well as other sanctions lists. OFAC
through Internet searches and internal and external questionnaires. provides email notification services so that organizations can remain
• Screen against exclusion databases and other watchlists, including law current with all OFAC updates. Property and entities are blocked if a
enforcement and politically exposed persons lists (government officials, blocked individual/company, country has a 50% or greater interest, but
political party officials, senior executives, including family members). even if the interest is less than 50%, there is a risk of future blocking.
• Validate the data: Credit checks, public records review, databases,
media archives.
• Maintain records of the due diligence process and copies of all
relevant documents, findings.
• Monitor the third-party relationship in an ongoing basis.

36
Q

Discuss third-party due diligence: Screening vendors

A

Vendors pose special problems in compliance because they are external Over half of hospital data breaches result from problems with vendors,
to the organization, but the compliance professional must monitor risk so accurate screening procedures are essential. A large organization
management and compliance issues regarding vendors: dealing with multiple vendors may consider utilizing a vendor risk
• The legitimacy of the vendor to conduct business should be management company to carry out third-party assessments. Important
verified. The Secretary of State in each state provides considerations for screening include:
information about companies doing business in the state. • Policy/Procedures: Clear policies and procedures should be
• The vendor must be checked against exclusion lists and should in place for screening of vendors, including responsibilities for
agree (by contract) to do business with excluded monitoring, enforcing, and checking exclusion lists.
individuals/vendors. Monitoring for exclusion should be • Monitor: Relying on pre-contractual or annual monitoring is
carried out at least monthly. not sufficient. Ongoing monitoring is essential, especially
• Information about the vendor that should be collected include monitoring of exclusion and sanctions lists.
the legal name and Doing-Business-As name, the FEIN (Federal • Risk assessment: Risks should be evaluated and ranked
Employer ID number), company address, list and information according to the degree of threat to the organization and
about owners with 5% or greater ownership in the company, preventive measures taken to minimize risks.
incorporation state, Dunn & Bradstreet Number, information • Audits: Routine audits and audit trails should be conducted to
regarding the entity’s handling of PHI, and any business identify any possible data breaches.
associate agreements. • Standards compliance: Vendors should provide detailed
• Ongoing monitoring should be carried out routinely. Some knowledge and information about compliance with standards.
compliance management software includes compliance • References/Experience: Vendors should be able and willing
tracking of vendors. to provide information about references and experience in the
healthcare field.

37
Q

Discuss third-party due diligence: Compliance issues regarding vendors

A

Vendors pose special problems in compliance because they are external Over half of hospital data breaches result from problems with vendors,
to the organization, but the compliance professional must monitor risk so accurate screening procedures are essential. A large organization
management and compliance issues regarding vendors: dealing with multiple vendors may consider utilizing a vendor risk
• The legitimacy of the vendor to conduct business should be management company to carry out third-party assessments. Important
verified. The Secretary of State in each state provides considerations for screening include:
information about companies doing business in the state. • Policy/Procedures: Clear policies and procedures should be
• The vendor must be checked against exclusion lists and should in place for screening of vendors, including responsibilities for
agree (by contract) to do business with excluded monitoring, enforcing, and checking exclusion lists.
individuals/vendors. Monitoring for exclusion should be • Monitor: Relying on pre-contractual or annual monitoring is
carried out at least monthly. not sufficient. Ongoing monitoring is essential, especially
• Information about the vendor that should be collected include monitoring of exclusion and sanctions lists.
the legal name and Doing-Business-As name, the FEIN (Federal • Risk assessment: Risks should be evaluated and ranked
Employer ID number), company address, list and information according to the degree of threat to the organization and
about owners with 5% or greater ownership in the company, preventive measures taken to minimize risks.
incorporation state, Dunn & Bradstreet Number, information • Audits: Routine audits and audit trails should be conducted to
regarding the entity’s handling of PHI, and any business identify any possible data breaches.
associate agreements. • Standards compliance: Vendors should provide detailed
• Ongoing monitoring should be carried out routinely. Some knowledge and information about compliance with standards.
compliance management software includes compliance • References/Experience: Vendors should be able and willing
tracking of vendors. to provide information about references and experience in the
healthcare field.

38
Q

Discuss taking corrective action based on the healthcare background/sanctions findings

A

If an applicant fails a background/sanctions test, the organization should Healthcare background/sanctions screenings include checking
adhere to an adverse action plan that complies with regulations. against state and federal licensing boards, such as the state medical
• In compliance with the Fair Credit Reporting Act, the applicant should board or the state board of nursing and certification agencies, such as
be notified by letter (standard or email) of any findings that may affect the ANCC, to determine if individuals have had actions taken against
hiring and allowed the opportunity to challenge the accuracy or provide them, such as loss or suspension of a license, are on probation, or have
context. Some state laws require that the applicant be provided received complaints or letters of reprimand. Once the background ?
information about the applicant’s rights. report is received, the organization must take corrective action
• The letter should include a copy of the background report itself, a copy immediately to reduce risk, and this may vary depending on the findings.
of “A Summary of Your Rights under the Fair Credit Reporting Act Because individuals are allowed by law (Fair Credit Reporting Act 15
(FCRA), and (if a screening company is used) the name, address, and USC. sec 1682) to have access to the information, they have to right to
contact information. challenge the accuracy, so a further investigation may need to be carried
• Note, different states may require different waiting periods to allow the out. Additionally, the law requires that an individual who is not hired as
applicant time to challenge findings. Hiring another person without a result of failing a background check must be so notified. Organizations
allowing an appropriate waiting period may result in civil action. often use third parties, such as GoodHire®, to conduct background
• The report and any challenge or correction the applicant provides checks.
should be carefully evaluated.
• If a decision is made to not hire the applicant based on the findings, the
applicant should be sent an adverse action notice along with an
explanation indicating that the screening company makes no decisions
regarding hiring and that the applicant my request a free copy of
records related to the applicant from the screening company within 60
days and can challenge the accuracy of the findings.

39
Q

Discuss the adverse action plan to follow if an applicant fails a background/sanctions screening

A

If an applicant fails a background/sanctions test, the organization should Healthcare background/sanctions screenings include checking
adhere to an adverse action plan that complies with regulations. against state and federal licensing boards, such as the state medical
• In compliance with the Fair Credit Reporting Act, the applicant should board or the state board of nursing and certification agencies, such as
be notified by letter (standard or email) of any findings that may affect the ANCC, to determine if individuals have had actions taken against
hiring and allowed the opportunity to challenge the accuracy or provide them, such as loss or suspension of a license, are on probation, or have
context. Some state laws require that the applicant be provided received complaints or letters of reprimand. Once the background ?
information about the applicant’s rights. report is received, the organization must take corrective action
• The letter should include a copy of the background report itself, a copy immediately to reduce risk, and this may vary depending on the findings.
of “A Summary of Your Rights under the Fair Credit Reporting Act Because individuals are allowed by law (Fair Credit Reporting Act 15
(FCRA), and (if a screening company is used) the name, address, and USC. sec 1682) to have access to the information, they have to right to
contact information. challenge the accuracy, so a further investigation may need to be carried
• Note, different states may require different waiting periods to allow the out. Additionally, the law requires that an individual who is not hired as
applicant time to challenge findings. Hiring another person without a result of failing a background check must be so notified. Organizations
allowing an appropriate waiting period may result in civil action. often use third parties, such as GoodHire®, to conduct background
• The report and any challenge or correction the applicant provides checks.
should be carefully evaluated.
• If a decision is made to not hire the applicant based on the findings, the
applicant should be sent an adverse action notice along with an
explanation indicating that the screening company makes no decisions
regarding hiring and that the applicant my request a free copy of
records related to the applicant from the screening company within 60
days and can challenge the accuracy of the findings.

40
Q

Discuss dissemination of regulatory guidance materials

A

The Sarbanes-Oxley (SOX) Act pertains to financial practices and Methods to disseminate regulatory guidance materials include:
governance structures in business and applies to for-profit healthcare • Post information on the organization’s website per the employee
organizations, such as hospitals, but non-profit hospitals and other portal, highlight information that is new or no longer applicable.
healthcare organizations may also choose to be SOX compliant in order Simplify material and avoid posting on different websites. Use
to improve internal auditing and management controls and to improve metrics to monitor access.
management of finances. SOX compliance requires that financial officers • Discuss compliance issues during routine staff meetings and at
certify the accuracy of financial reports and that they contain no false or special meetings called in response to compliance issues.
misleading information. Requirements of SOX compliance include • Provide information about regulations and compliance issues in
internal controls, evaluation of those controls within 90 days, and written form, such as through FAQ sheet and posters. Regulations
assessment of effectiveness of controls. SOX compliance also requires should be summarized in easily understood language and means of
disclosure of conflicts of interest. Violations of SOX compliance through meeting the regulations outlined.
any falsification/alterations/mutilations of records with the intent to • Target information to appropriate personnel rather than providing
interfere with investigation may result in fines and up to 20 years in information to all, even those not involved, to avoid overload and to
prison. Two provisions of the act apply to both for-profit and non-profit help focus attention.
healthcare organizations: nonretaliation against whistleblowers and • Utilize key informants/champions to spread the information among
document retention. staff members.
• Ensure that all supervisory personnel are well-versed in regulations
and able to provide guidance and monitor compliance.
• Provide information in a variety of formats: telephone, messaging,
email, postal mail.
• Emphasize how the organization may benefit from compliance.

41
Q

Discuss regulatory guidance: Sarbanes-Oxley (SOX) Act compliance

A

The Sarbanes-Oxley (SOX) Act pertains to financial practices and Methods to disseminate regulatory guidance materials include:
governance structures in business and applies to for-profit healthcare • Post information on the organization’s website per the employee
organizations, such as hospitals, but non-profit hospitals and other portal, highlight information that is new or no longer applicable.
healthcare organizations may also choose to be SOX compliant in order Simplify material and avoid posting on different websites. Use
to improve internal auditing and management controls and to improve metrics to monitor access.
management of finances. SOX compliance requires that financial officers • Discuss compliance issues during routine staff meetings and at
certify the accuracy of financial reports and that they contain no false or special meetings called in response to compliance issues.
misleading information. Requirements of SOX compliance include • Provide information about regulations and compliance issues in
internal controls, evaluation of those controls within 90 days, and written form, such as through FAQ sheet and posters. Regulations
assessment of effectiveness of controls. SOX compliance also requires should be summarized in easily understood language and means of
disclosure of conflicts of interest. Violations of SOX compliance through meeting the regulations outlined.
any falsification/alterations/mutilations of records with the intent to • Target information to appropriate personnel rather than providing
interfere with investigation may result in fines and up to 20 years in information to all, even those not involved, to avoid overload and to
prison. Two provisions of the act apply to both for-profit and non-profit help focus attention.
healthcare organizations: nonretaliation against whistleblowers and • Utilize key informants/champions to spread the information among
document retention. staff members.
• Ensure that all supervisory personnel are well-versed in regulations
and able to provide guidance and monitor compliance.
• Provide information in a variety of formats: telephone, messaging,
email, postal mail.
• Emphasize how the organization may benefit from compliance.