1&2 Flashcards
Intro, insurance models and health plans.
According to CoP medical records services, how long must medical records be retained in their original or legally reproduced form?
At least 5 years.
According to Medicare/Medicaid provisions, how long does a provider have to return an over payment?
60 days from the date the overpayment was identified or the date any corresponding cost report is due.
According to TILA, what makes an entity a creditor and subject to the rules of the act?
If they extend credit payable in more than four installments or for which a finance charge is or may be required.
Covered entities must provide a privacy practice notice. What steps must they take in regards to this?
They must supply the notice on request, make the notice available electronically (websites) and make a good faith effort to obtain written acknowledgement that the notice has been received.
HIPPA allows release of protected information without valid authorization in what three instances?
- Treatment of the patient. 2. Payment of claims 3. Clinical operations
How does CMS differentiate fraud and abuse?
Fraud is making false statements or misrepresenting facts. Abuse is any action that results in unnecessary costs to a federal healthcare program directly or indirectly.
How long should records be retained for a managed care program?
10 years
How much are violator’s of the false claims act fined?
$5,500 to $11,000 before inflation. As of 2023, $13,508 to $27,018 per claim.
How much may a realtor be awarded of a qui tam prosecution?
15 - 25 percent of the dollar amount received through the action increased to 15 - 30 percent if the government declines to intervene.
How often are MIPS payments adjusted based on performance?
Approximately 2 years
How often should the health information disclosure authorization be updated?
At least once a year.
If medical records for a patient are requested by an insurance company or other covered entity, what should be provided according to minimum necessary standard?
Only the information pertinent to the date and service listed in the request.
Individuals have the right to obtain and review copies of their PHI. What areas are excluded from this right of access?
Psychotherapy notes, legal proceedings and certain lab results or information held by research laboratories.
The Federal False Claims act allows for claims to be brought up how long after the incident?
7 years
The HIPPA security rule protects patient data that is stored or transmitted electronically. How long must these be protected?
6 years date of creation or date when last in effect, whichever comes first.
The privacy rule allows business associates to disclose PHI when they have a written contract. If this contract is breached, what is to be done?
Reasonable steps must be taken to cure the breach or end the violation. If not possible, the contract must be terminated and the problem reported to the HHS OCR (Office for Civil Rights)
Under Qui Tam, what is an individual whistleblowing on FCA violations referred to as?
A realtor
Under the Privacy Rule what are considered Covered Entities?
-Health plans -Healthcare clearinghouses -Any healthcare provider who transmits healthcare information in an electronic format.
Under TILA, what 10 information points must be disclosed to the patient for payments installments past four?
- Cash price of the service 2. he amount of any downpayment. 3. The resulting unpaid balance. 4. The total amount financed. 5. The amount of the finance charge. 6. The annual percentage rate of the finance charge. 7. The total price to be paid under the credit plan. 8. The schedule of payments including number, amount and due date of payments. 9. The sum of scheduled payments or total of payments 10. The amount or method of computing the amount of any late payment charges.
What 5 key provisions did the ACA instate for insurance coverage?
- No discrimination or denial of coverage for preexisting conditions. 2. Children under 26 can be included on parents insurance. 3. Lifetime limits on benefits are banned. 4. Appeal rights for denied coverage. 5. Expanded preventative health services.
What are exceptions to the business associate standard which do not require a written agreement to disclose PHI?
-Disclosures by a covered entity to a healthcare provider for treatment of an individual (scheduling surgery, sending lab specimens, transferring to a nursing home) -Disclosures to a health plan sponsor, such as an employer, by a group health plan that provides the health insurance benefits or coverage for the group health plan. -The collection and sharing of PHI by a health plan that is a public benefits plan like Medicare.
What are the 12 national priority purposes where PHI can be disclosed without an individuals authorization?
- Required by law (by statute, regulation or court order). 2. Public health activities (like the FDA) 3. Victims of abuse or domestic violence 4. Health oversight activities (audits and investigations for Medicare/Medicaid included in this) 5. Judicial and administrative proceedings (court order or administrative tribunal, subpoena is allowed if individual is given notice or protective order is provided). 6. Law enforcement purposes (required by law like court order, to identify a suspect or fugitive or material witness or missing person, for a victim, about a death, evidence of a crime on covered entities premises, medical emergency) 7. Decendents (medical examiners, coroners, funeral directors) 8. Cadaveric organ, eye or tissue donation 9. Research (if information is de-identified) 10. Serious threat to health or safety (personal or public) 11. Essential government functions (protecting inmates and correctional officers or the military) 12. Workers compensation
What are the 3 regions of TRICARE?
East, West and overseas
What are the 4 MIPS performance categories that delineate collection types?
- Quality: maximum 10 points 2. Promoting interoperability: maximum 100 points 3. Improvement Activities: maximum 40 points 4. Cost: maximum 100 points
What are the 4 parts of Medicare?
Part A: Hospital insurance Part B: Insurance for non hospital (physicians, medical supplies, etc.) Part C: Medicare Advantage plans which are private plans rub through Medicare that cover A and B. Part D: Prescription drug coverage
What are the 4 types of IDS?
- Physician-Hospital organization (PHO): Owned by hospitals and physician groups that work together. 2. Management Service organization (MSO): A business that provides nonclinical service to providers such as staffing, billing, IT, office space, ETC. 3. Group Practice Without Walls (GPWW): A medical practice formed to share economic risk while maintaining separate offices and finances. 4. Integrated Provider organization: A corporate umbrella for the management of diversified healthcare delivery system.
What are the 5 types of HMO?
- Group Model: HMO contracts with multi-specialty groups but does not pay the physicians directly. 2. Staff Model: HMO owns and runs the facilities and pays the physicians directly. 3. Network Model: HMO contracts with multiple multi-specialty groups, individual practices, etc. to form a provider network. 4. Individual/Independent Practice Association (IPA): HMO contracts with independent physicians who receive a fixed amount per patient (also called open-panel HMO). PCPs can refer out of network but coverage may be less. 5. Mixed Model: HMO combining features of individual practice association and group model. Most choices and largest coverage area.
What are the 6 TRICARE health plans?
- Tricare Prime 2. Tricare Select 3. Tricare for Life 4. Tricare reserve select 5. Tricare retired reserve 6. Tricare young adult
What are the 8 administrative requirements of the privacy rule?
- All covered entities must have written policies that comply with the privacy rule. 2. A privacy official must be designated to be responsible for developing and implementing privacy policies and be the contact point. 3. All members of the covered entities workforce must be trained on privacy policy. 4. Covered entities are required to mitigate any harmful effect that may have been caused by inappropriate use or disclosure of PHI 5. Procedures must be in place to allow an individual to complain about compliance with privacy policy. 6. Covered entities may not retaliate against a person for exercising their rights provided by the privacy rule or require an individual to waive any right to obtain healthcare services. 7. Privacy policies must be maintained for six years after last date of creation or last effective date. 8. Fully insured health group plans have only 2 obligations: refrain from retaliatory acts and waiver of individual rights, and to provide documentation for the disclosure of PHI through documentation.
