July 200114Steven W. Ortquistinvolved in operating Rush’s complianceprogram. The reason that I say ourstaff is at about 12 FTEs is becausemany individuals on the internal auditstaff work both on compliance auditand on internal audit issues.OG:Is Rush’s compliance programstructured to provide an independentreporting obligation to the Board?<strong>SO</strong>:Cathy Jacobson, the Chief<strong>Compliance</strong> Officer, makes quarterlyreports to the Finance and AuditCommittee of the Board of Trustees,and has direct access to the Board andto the CEO for any matter that sheneeds to report to them outside of thesequarterly reports.OG:I’m interested in your hotline.Do you find that you get a number ofhotline calls? Also, do you find that thehotline calls are not germane to compliance?<strong>SO</strong>:You know, our hotline actuallydoes get used fairly frequently. We have,probably, an equal number of calls thatjust come in directly to one of the threeof us, to Cathy, Kelly Bireley, theDirector of Internal Audit, or to myself.Now, like most hotlines, the majority ofthe calls are issues that don’t get handledin the compliance office. They getturned over to other areas like humanresources for follow-up.OG: Is there a structured system ofinvestigating those reports for allegationsthat come to the hotline?<strong>SO</strong>:Yes. As calls come in that arenot directly related to compliance theyare forwarded to other departments,like human resources. These otherdepartments then conduct any investigationthat may be necessary andaddress the concerns expressed in thecall. I receive a closing memo on theissue, and on the actions they havetaken to resolve it.For those that are truly complianceissues, we take a similar approach.Either Kelly or I or one of our managerswill take the call and investigateit, figure out what’s going on and then,when necessary, formulate a correctiveaction plan. All substantive complianceissues are discussed with the compliancecommittee, and all call reports that arenot substantive compliance issues arereviewed by the committee on a quarterlybasis.OG: You mentioned that you have350 employed physicians at Rush.Working with physicians on compliance-relatedmatters may sometimes bedifficult. Have you developed any specialway of handling those issues?<strong>SO</strong>:The thing that we have foundmost important in winning physiciansover is to really know what we’re talkingabout when we assist a group ofphysicians. When we do a training sessionor work with doctors on an issuewe try in preparation to become knowledgeableabout the issue and aboutrelated laws, regulations, and rules.Usually, once they have spent sometime with us and see that we have doneour research, and have thought aboutthe issues and know what we are talkingabout, most physicians comearound relatively easily.The majority of physicians I workwith understand the risks of non-compliance.They want to do the rightthing. So when they know that theycan trust us to tell them correctly whatthe right thing is, they are generallywilling to come around.OG: Academic medical centershave unique problems. Could you tellour readers the types of things that theRush compliance program may bedoing to address those unique problems.<strong>SO</strong>:One of the biggest problemsthat many academic medical centers arehaving right now is figuring out how tohandle the financial pinch that they arein. I really think that for a billing complianceprogram to be valuable duringtight times it needs to be finding, notonly the situations where errors may beresulting in more reimbursement thanis proper, but also situations where aprovider is missing reimbursement towhich it is entitled. The Rush compliancedepartment usually ends upspending a significant amount of timeassisting departments in fixing problemsin both directions, so that hopefullyin the end Rush is getting paid foreverything that it is entitled to andnothing more.OG:Well, in terms of compliance,as a compliance officer in an academicmedical center myself, one of the keyareas is focusing on the seven sentencingguidelines and getting people receptiveto, let’s say, the codes of conduct orto the idea of compliance in whateverform it takes. Does Rush have an identifiedcode of conduct?<strong>SO</strong>:You know, we have not titledour compliance manual as a code ofconduct. The Rush compliance manualand policies serve the same function asa “code of conduct”, but we have notused that terminology.Our compliance manual walksthrough each employees’ obligations asit relates to the compliance program, toRush policy, and to the law. Rush’s
Board of Trustees has adopted a policyon business ethics that is the basis ofour compliance program and is set outinitially in the compliance manual.Then the compliance manual walksthrough the various elements of thecompliance program and explains them.For example, the ability to confidentiallyor anonymously report problemsto the compliance office either directlyor using the hotline is explained in thecompliance manual. Rush’s policyagainst retaliation is also explained inthe manual, along with other complianceprogram activities like auditingand monitoring. We also have includedparagraph summaries of each of Rush’scompliance policies, and a section thatsummarizes some of the most importantlaws.Our hope is that people will walkaway from reading the compliancemanual with a good idea of what isexpected of them, and a good understandingof the compliance program,how it operates, and how to use it as aresource.OG:One of the components of theseven sentencing guidelines, is to havehigh level oversight of the compliancefunction. Does your compliance committeeperform that high level oversight?And if so, what types of peopledo you have serving on the compliancecommittee?<strong>SO</strong>:The compliance committee atRush really does help with meeting thissentencing guideline’s requirement.Rush’s compliance committee is madeup primarily of associate and assistantvice presidents from around the organization.People who are in roles that arekey to the compliance function. Forinstance, our Associate Vice Presidentfor Patient Finance sits on the compliancecommittee. An assistant VP fro mhuman re s o u rces is a member of thecommittee, as are several AV Ps from diffe rent operational areas of the hospital.Because of the high level positions ourcompliance committee members hold,they are very effective in keeping thecompliance function on track and inassisting the compliance office inresolving issues and conducting investigations.OG: Well, the new HIPAA privacyregulations create a number of issuesfor academic medical centers. Has Rushthought through some of these issues?And if so, how are you handling those?<strong>SO</strong>:Like many hospitals we are inthe initial stages of figuring out howwe’re going to handle HIPAA. We haveput together a high-level working groupwith key stakeholders from our generalcounsel’s office, from information services,and from the compliance office.We have not appointed a privacy officeryet, but it appears that what will probablyhappen is that the privacy officerrole will be assigned to our Chief<strong>Compliance</strong> Officer, with the complianceoffice managing the complianceprogram-likeelements of HIPAA privacy.I think this is probably the mostsensible way of handling privacy, especiallyfor organizations with well-developedcompliance functions.OG:The sentencing guidelines talkabout proactive measures in compliance;could you tell us about some ofthe proactive measures that you haveimplemented at Rush.<strong>SO</strong>:One way that our Chief<strong>Compliance</strong> Officer assured we weremeeting this sentencing guidelinesrequirement was to make internal auditan official part of Rush’s compliancefunction. Rush’s internal audit staffconducts a large portion of the auditingand monitoring functions of compliance.They work very effectively from arolling three-year auditing and monitoringplan that the Director of InternalAudit does a fantastic job of maintaining.Many of the internal audit staffhave been at Rush in other roles andContinued on page 1615July 2001