B&C Chapter 5: Legal Aspects of Health Insurance and Reimbursement Flashcards
abuse
actions inconsistent with accepted, sound medical business, or fiscal practices.
ANSI ASC X12N 837
electronic format supported for health care claim transactions
audit
objective evaluation to determine the accuracy of submitted financial statements
authorization
document that provides official instruction, such as the customized document that gives covered entities permission to use specified protected health information (PHI) for specified purposes or to disclose PHI to a third party specified by the individual.
black box edit
nonpublished code edits, which were discontinued in 2000.
breach of confidentiality
unauthorized release of patient information to a third party.
case law
also called common law; based on a court decision that establishes a precedent.
civil law
area of law not classified as criminal.
Clinical Data Abstracting Center (CDAC)
requests and screens medical records for the Payment Error Prevention Program (PEPP) to survey samples for medical review, DRG validation, and medical necessity.
CMS Internet-only manual (IOM)
includes program issuances, day-to-day operating instructions, policies, and procedures that are based on statutes, regulations, guidelines, models, and directives; used by CMS program components, providers, contractors, Medicare Advantage organizations, and state survey agencies to administer CMS programs; also called CMS Online Manual System.
CMS Online Manual System
see CMS Internet-only manual.
CMS quarterly provider update (QPU)
an online CMS publication that contains information about regulations and major policies currently under development, regulations and major policies completed or cancelled, and new or revised manual instructions.
CMS transmittal
document published by Medicare containing new and changed policies and/or procedures that are to be incorporated into a specific CMS program manual (e.g., Medicare Claims Processing Manual); cover page (or transmittal page) summarizes new and changed material, and subsequent pages provide details; transmittals are sent to each Medicare administrative contractor.
common law
also called case law; is based on a court decision that establishes a precedent.
compliance program
internal policies and procedures that an organization follows to meet mandated requirements.
Comprehensive Error Rate Testing (CERT) program
assesses and measures improper Medicare fee-for-service payments (based on reviewing selected claims and associated medical record documentation).
Conditions for Coverage (CfC)
health and safety regulations that health care organizations, such as end-stage renal disease facilities, must meet in order to begin and continue participating in the Medicare and Medicaid programs.
Conditions of Participation (CoP)
health and safety regulations that health care organizations, such as hospitals, must meet in order to begin and continue participating in the Medicare and Medicaid programs.
confidentiality
restricting patient information access to those with proper authorization and maintaining the security of patient information.
criminal law
public law governed by statute or ordinance that deals with crimes and their prosecution.
Current Dental Terminology CDT
medical code set maintained and copyrighted by the American Dental Association.
decrypt
to decode and encoded computer file so that it can be viewed.
deeming
CMS recognition of accreditation organization (e.g., The Joint Commission) standards that meet or exceed CoP and CfC requirements.
Deficit Reduction Act of 2005
Created Medicaid Integrity Program (MIP), which increased resources available to CMS to combat abuse, fraud, and waste in the Medicaid program. Congress requires annual reporting by CMS about the use and effectiveness of funds appropriated for the MIP.
deposition
legal proceeding during which a party answers questions under oath (but not in open court).
digital
application of a mathematical function to an electronic document to create a computer code that can be encrypted (encoded).
electronic Clinical Quality Measure (eCQM)
processes, observations, treatments, and outcomes that quantify the quality of care provided by health care systems; measuring such data helps ensure that care is delivered safely, effectively, equitably, and timely.
electronic transaction standards
also called transactions rule; a uniform language for electronic data interchange.
encrypt
to convert information to a secure language format for transmission.
False Claims Act (FCA)
passed by the federal government during the Civil War to regulate fraud associated with military contractors selling supplies and equipment to the Union Army.
Federal Claims Collection Act (FCCA)
requires Medicare administrative contractors (previously called carriers and fiscal intermediaries), as agents of the federal government, to attempt the collection of overpayments.
Federal Register
legal newspaper published every business day by the National Archives and Records Administration (NARA).
First-look Analysis for Hospital Outlier Monitoring (FATHOM)
data analysis tool, which provides administrative hospital and state-specific data for specific CMS target areas.
fraud
intentional deception or misrepresentation that could result in an unauthorized payment.
Health Care Fraud Prevention and Enforcement Action Team (HEAT)
joint effort between the Department of Health and Human Services and the Department of Justice to fight health care fraud by increasing coordination, intelligence sharing, and training among investigators, agents, prosecutors, analysts, and policymakers; implemented as a result of the Patient Protection and Affordable Care Act (also called Obamacare).
Hospital Inpatient Quality Reporting (Hospital IQR) program
developed to equip consumers with quality of care information so they can make more informed decisions about health care options; requires hospitals to submit specific quality measures data about health conditions common among Medicare beneficiaries and that typically result in hospitalization; eligible hospitals that do not participate in the Hospital IQR program will receive an annual market basket update with a 2.0 percentage point reduction; part of the Medicare Prescription Drug, Improvement, and Modernization Act (MMA) of 2003.
Hospital Outpatient Quality Reporting Program (Hospital OQR)
a “pay for quality data reporting program” that was implemented by CMS for outpatient hospital services (as part of the Tax Relief and Health Care Act of 2006).
Hospital Payment Monitoring Program (HPMP)
measures, monitors, and reduces the incidence of Medicare fee-for-service payment errors for short-term, acute care, inpatient PPS hospitals.
hospital value-based purchasing (VBP) program
health care reform measure that promotes better clinical outcomes and patient experiences of care; effective October 2012, hospitals receive reimbursement for inpatient acute care services based on care quality (instead of the quantity of the services provided).
Improper Payments Information Act of 2002 (IPIA)
established the Payment Error Rate Measurement (PERM) program to measure improper payments in the Medicaid program and the Children’s Health Insurance Program (CHIP); Comprehensive Error Rate Testing (CERT) program to calculate the paid claims error rate for submitted Medicare claims by randomly selecting a statistical sample of claims to determine whether claims were paid properly (based on reviewing selected claims and associated medical record documentation); and the Hospital Payment Monitoring Program (HPMP) to measure, monitor, and reduce the incidence of Medicare fee-for-service payment errors for short-term, acute care at inpatient PPS hospitals.
interrogatory
document containing a list of questions that must be answered in writing.
listserv
subscriber-based question-and-answer forum that is available through e-mail.
Medicaid integrity contractor (MIC)
CMS-contracted entities that review provider claims, audit providers and others, identify overpayments, and educate providers, managed care entities, beneficiaries and other with respect to payment integrity and quality of care.
Medicaid Integrity Program (MIP)
increased resources available to CMS to combat fraud, waste, and abuse in the Medicaid program; Congress requires annual reporting by CMS about the use and effectiveness of funds appropriated for the MIP.
medical identity theft
occurs when someone uses another person’s name and/or insurance information to obtain medical and/or surgical treatment, prescription drugs, and medical durable equipment; it can also occur when dishonest people who work in a medical setting use another person’s information to submit false bills to health care plans.
medical review (MR)
defined by CMS as a review of claims to determine whether services provided are medically reasonable and necessary, as well as to follow up on the effectiveness of previous corrective actions.
Medicare administrative contractor (MAC)
an organization (e.g., third-party payer) that contracts with CMS to process claims and perform program integrity tasks for Medicare Part A and Medicare Part B, home health and hospice, and DMEPOS; each contractor makes program coverage decisions and publishes a newsletter, which is sent to providers who receive Medicare reimbursement. Medicare transitioned fiscal intermediaries and carriers to create Medicare administrative contractors (MACs).
Medicare Drug Integrity Contractors (MEDIC) Program
implemented in 2011 assists with CMS audit, oversight, anti-fraud, and anti-abuse efforts by identifying cases of Medicare Part D fraud, thoroughly investigating the cases, and taking appropriate action.
Medicare Integrity Program (MIP)
authorizes CMS to enter into contracts with entities to perform cost report auditing, medical review, anti-fraud activities, and the Medicare Secondary Payer (MSP) program.
Medicare Shared Savings Program
as mandated by the Patient Protection and Portable Care Act (PPACA), CMS established Medicare shared savings programs to facilitate coordination and cooperation among providers to improve quality of care for Medicare fee-for-service beneficiaries and to reduce unnecessary costs; accountable care organizations (ACOs) were created by eligible providers, hospitals, and supplies to coordinate care, and they are held accountable for the quality, cost, and overall care of traditional fee-for-service Medicare beneficiaries assigned to the ACO.
merit-based incentive payment system (MIPS)
eliminated PQRS, value-based payment modifier, and the Medicare EHR incentive program, creating a single program based on quality, resource use, clinical practice improvement, and meaningful use of certified EHR technology.
message digest
representation of text as a single string of digits, which was created using a formula; for the purpose of electronic signatures, the message digest is encrypted (encoded) and appended (attached) to an electronic document.
National Drug Code (NDC)
maintained by the Food and Drug Administration (FDA); identifies prescription drugs and some over-the-counter products.
National Individual Identifier
unique identifier to be assigned to patients has been put on hold. Several bills in Congress would eliminate the requirement to establish a National Individual Identifier.
National Plan and Provider Enumeration System (NPPES)
developed by CMS to assign unique identifiers to health care providers (NPI).
National Practitioner Data Bank (NPDB)
implemented by Health Care Quality Improvement Act (NCQIA) of 1986 to improve quality of health care by encouraging state licensing boards, hospitals, and other health care entities and professional societies to identify and discipline those who engage in unprofessional behavior; restricts ability of incompetent physicians, dentists, and other health care practitioners to move from state to state without disclosure or discovery of previous medical malpractice payment and adverse action history; impacts licensure, clinical privileges, and professional society memberships as a result of adverse actions; includes Health Integrity and Protection Data Base (HIPDB), originally established by HIPAA, to further combat fraud and abuse in health insurance and health care delivery by serving as a national data collection program for reporting and disclosing certain final adverse actions taken against health care practitioners, providers, and suppliers.
National Provider Identifier (NPI)
unique identifier assigned to health care providers as a 10-digit numeric identifier, including a check digit in the last position.
National Standard Employer Identification Number (EIN)
unique identifier assigned to employers who, as sponsors of health insurance for their employees, need to be identified in health care transactions; it is the federal employer identification number (EIN) assigned by the Internal Revenue Service (IRS) and has nine digits with a hyphen (00-0000000); EIN assignment by the IRS began in January 1998.
National Standard Format (NSF)
flat-file format used to bill provider and noninstitutional services, such as services reported by a general practitioner on a CMS-1500 claim.
overpayment
funds that a provider or beneficiary has received in excess of amounts due and payable under Medicare and Medicaid statutes and regulations.
Part A/B Medicare administrative contractor (A/B MAC)
see Medicare administrative contractor.
Patient Safety and Quality Improvement Act
amends Title IX of the Public Health Service Act to provide for improved patient safety by encouraging voluntary and confidential reporting of events that adversely affect patients; creates patient safety organizations (PSOs) to collect, aggregate, and analyze confidential information reported by health care providers; and designates information reported to PSOs as privileged and not subject to disclosure (except when a court determines that the information contains evidence of a criminal act or each provider identified in the information authorizes disclosure).
Payment Error Prevention Program (PEPP)
required facilities to identify and reduce improper Medicare payments and, specifically, the Medicare payment error rate. The hospital payment monitoring program (HPMP) replaced PEPP in 2022.
payment error rate
number of dollars paid in error out of total dollars paid for inpatient prospective payment system services.
Payment Error Rate Measurement (PERM) program
measures improper payments in the Medicaid program and the Children’s Health Insurance Program (CHIP).
physician self-referral law
see Stark I.
Physicians at Teaching Hospitals (PATH)
HHS implemented audits in 1995 to examine the billing practices of physicians at teaching hospitals; the focus was on two issues: (1) compliance with the Medicare rule affecting payment for physician services provided by residents (e.g., whether a teaching physician was present for Part B services billed to Medicare between 1990 and 1996), and (2) whether the level of the physician service was coded and billed properly.
precedent
standard.
privacy
right of individuals to keep their information from being disclosed to others.
Privacy Act of 1974
forbids the Medicare regional payer from disclosing the status of any unassigned claim beyond the following: date the claim was received by the payer; date the claim was paid, denied, or suspended; or general reason the claim was suspended.
privacy rule
HIPAA provision that creates national standards to protect individuals’ medical records and other personal health information.
privileged communication
private information shared between a patient and health care provider; disclosure must be in accordance with HIPAA and/or individual state provisions regarding the privacy and security of protected health information (PHI).
Program for Evaluating Payment Patterns Electronic Report (PEPPER)
contains hospital-specific administrative claims data for a number of CMS-identified problem areas (e.g., specific DRGs, types of discharges); a hospital uses PEPPER data to compare its performance with that of other hospitals.
protected health information (PHI)
information that is identifiable to an individual (or individual identifiers) such as name, address, telephone numbers, date of birth, Medicaid ID number, medical record number, medical record number, Social Security Number (SSN), and name of employer.
qui tam
abbreviation for the Latin phrase qui tam pro domino rege quam pro sic ipso in hoc parte sequitur, which means “who as well for the king as for himself sues I this matter.” It is a provision of the False Claims Act that allows a private citizen to file a lawsuit in the name of the U.S. government, charging fraud by government contractors and other entities.
record retention
storage of documentation for an established period of time, usually mandated by federal and/or state law; its purpose is to ensure the availability of records for use by government agencies and other third parties.
Recovery Audit Contractor (RAC) program
mandated by the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) to find and correct improper Medicare payments paid to health care providers participating in fee-for-service Medicare.
regulations
guidelines written by administrative agencies (e.g., CMS)
release of information (ROI)
ROI by a covered entity (e.g., provider’s office) about protected health information (PHI) requires the patient (or representative) to sign an authorization to release information, which is reviewed for authenticity (e.g., comparing signature on authorization form to documents signed in the patient record) and processed within a HIPAA-mandated 60-day time limit; requests for ROI include those from patients, physicians, and other health care providers; third-party payers; Social Security Disability attorneys; and so on.
release of information log
used to document patient information released to authorized requestors; data is entered manually (e.g., three-ring binder) or using ROI tracking software.
security
involves the safekeeping of patient information by controlling access to hard copy and computerized records; protecting patient information from alteration, destruction, tampering, or loss; providing employee training in confidentiality of patient information; and requiring employees to sign a confidentiality statement that details the consequences of not maintaining patient confidentiality.
security rule
HIPAA standards and safeguards that protect health information collected, maintained, used, or transmitted electronically; covered entities affected by this rule include health plans, health care clearinghouses, and certain health care providers.
Stark I
responded to concerns about physician’s conflicts of interest when referring Medicare patients for a variety of services; prohibits physicians from referring Medicare patients to clinical laboratory services in which the physician or a member of the physician’s family has a financial ownership/investment interest and/or compensation arrangement; also called physician self-referral law.
statutes
also called statutory law; laws passed by legislative bodies (e.g., federal Congress and state legislatures).
statutory law
see statutes.
subpoena
an order of the court that requires a witness to appear at a particular time and place to testify.
subpoena duces tecum
requires documents (e.g., patient record) to be produced.
Tax Relief and Health Care Act of 2006 (TRHCA)
created the Hospital Outpatient Quality Reporting Program (Hospital OQR) that is a “pay for quality data reporting program” implemented by CMS for outpatient hospital services.
UB-04 flat file
series of fixed-length records used to bill institutional services, such as services performed in hospitals.
unique bit string
computer code that creates an electronic signature message digest that is encrypted (encoded) and appended (attached) to an electronic document (e.g., CMS-1500 claim).
upcoding
assignment of an ICD-10-CM diagnosis code that does not match patient record documentation for the purpose of illegally increasing reimbursement (e.g., assigning the ICD-10-CM code for heart attack when angina was actually documented in the record).
whistleblower
individual who makes specified disclosures relating to the use of public funds, such as Medicare payments. ARRA legislation prohibits retaliation (e.g., termination) against such employees who disclose information that they believe is evidence of gross mismanagement of an agency contract or grant relating to covered funds, and so on.
Zone Program Integrity Contractor (ZPIC)
program implemented in 2009 by CMS to review billing trends and patterns, focusing on providers whose billings for Medicare services are higher than the majority of providers in the community. ZPICs are assigned to the Medicare administrative contractor (MAC) jurisdictions, replacing Program Safeguard Contracts (PSCs).
