Chapter 1 Test Flashcards
According to the Privacy Rule, what health information may NOT be de-identified?
(A) Patient social security number.
(B) Medical record number.
(C) Patient home address.
(D) Physician provider number.
(D) Physician provider number.
To de-identify health information, any information that could help identify the patient is removed.
Which of the following actions is considered under the False Claim Act?
(A) Submitting claims for drugs.
(B) Filing Incident-to claims.
(C) Releasing records without authorization.
(D) Upcoding or unbundling services.
(D) Upcoding or unbundling services.
Claims can be submitted for drugs unless the drugs were expired or were provided free to the entity. Incident-to claims are legal when the guidelines are adhered to. Releasing of records inappropriately are covered under the Privacy Rule. Relative to healthcare services, examples of fraud or misconduct subject to the False Claims Act include:
- Falsifying a medical chart notation
- Submitting claims for services not performed, not requested, or unnecessary
- Submitting claims for expired drugs
- Upcoding and/or unbundling services
- Submitting claims for physician services performed by a non-physician provider (NPP) without regard to Incident-to guidelines
A claim is submitted for a patient on Medicare with a higher fee than a patient on Insurance ABC. What is this considered by CMS?
(A) Fraud.
(B) Abuse.
(C) False claim.
(D) Malpractice.
(B) Abuse.
CMS considers abuse to be actions that cause unnecessary costs to a federal healthcare program, either directly or indirectly. CMS examples of abuse:
- Misusing codes on a claim
- Charging excessively for services or supples
- Billing for services that were not medically necessary
- Failure to maintain adequate medical or financial records
- Improper billing practices
- Billing Medicare patients a higher fee schedule than non-Medicare patients
In addition to the standardization of the codes (ICD-10, CPT, HCPCS, and NDC) what other identifier is used on all claims?
(A) Unique passcode.
(B) Unique identifier for employers and providers.
(C) Social Security number of the provider.
(D) Social Security number of the office manager.
(B) Unique identifier for employees and providers.
Providers of service have a unique provider identifier that is used on all claims called an NPI number.
Health plans, clearinghouses, and any entity transmitting health information is considered by the Privacy Rule to be a:
(A) Health entity.
(B) Business entity.
(C) Covered entity.
(D) Protected entity.
(C) Covered entity.
The Privacy Rule defines these as Covered entities.
A records request is received from a health plan for three dates of service in a chart months apart. What should the biller do?
(A) Copy the entire chart and send it to make sure that the health plan has everything they need and will not request more records.
(B) Copy everything from the first date through the third date, even if it is not included to cover the timeframe the health plan is looking at for the request.
(C) Copy each date of service and black out all identifying information in the copies before sending to the health plan.
(D) Copy each date of service individually and send to the health plan.
(D) Copy each date of service individually and send to the health plan.
The minimum necessary standard requires covered entities to take reasonable steps to limit the disclosure of PHI. Only the dates of service requested should be sent. The PHI would not need to be redacted.
A practice sets up a payment plan with a patient. If more than four installments are extended to the patient, what regulation is the practice subject to that makes the practice a creditor?
(A) Truth in Lending Act.
(B) False Claims Act.
(C) HIPAA
(D) Social Security Act.
(A) Truth in Lending Act.
Truth in Lending Act (TILA) states practices who offer payment plans extending past four installments are considered lending institutions.
All the following are considered Fraud, EXCEPT:
(A) Billing every new patient at the highest level E/M visit no matter what.
(B) Falsifying documentation to support a service that was billed to receive payment.
(C) Failure to maintain adequate medical records.
(D) Reporting a diagnosis code that the patient does not have, but is payable by Medicare.
(C) Failure to maintain adequate medical records.
CMS defines fraud as making false statements or misrepresenting facts to obtain an undeserved benefit or payment from a federal healthcare program. CMS defines abuse as an action that results in unnecessary costs to a federal healthcare program, either directly or indirectly. CMS lists examples of abuse as: Misusing codes on a claim, charging excessively for services or supplies, billing for services that were not medically necessary, failure to maintain adequate medical or financial records, improper billing practices, and billing a Medicare patient a higher fee schedule than non-Medicare patients.
A physician office (covered entity) discovers that the billing company (Business Associate) is in breach of their contract. What is the first steps to be taken?
(A) Contact HHS and report the billing company.
(B) Terminate the contract.
(C) Take steps to correct the problem and end the violation.
(D) Contact your attorney.
(C) Take steps to correct the problem and end the violation.
The covered entity should take steps to rectify the problem and end the violation. When it is not possible to rectify the problem, HHS Office of Civil Rights should then be contacted.
A health plan sends a request for medical records to adjudicate a claim. Does the office have to notify the patient or have them sign a release to send the information?
(A) No, since the information is used for payment activities it is not necessary to notify or obtain authorization from the patient.
(B) Yes, since PHI is being sent, the patient must be notified and approve of the release.
(C) No, because the office owns the medical record.
(D) Yes, since it involves payment of a claim.
(A) No, since the information is used for payment activities it is not necessary to notify or obtain authorization from the patient.
According to the Privacy Rule, PHI may be used by a covered entity for treatment, payment, and healthcare operation activities. Payment includes a variety of activities for a provider to be reimbursed for their services and for a health plan to obtain premiums and provide benefits.
A private hires a consultant to come in and audit some medical records. Under the Privacy Rule, what is this consultant considered?
(A) An employee.
(B) A business associate.
(C) A covered entity.
(D) A clearinghouse.
(B) A business associate.
Business associates perform certain functions or activities, which involve the use or disclosure of individually identifiable health information, on behalf of another person or organization. These services include claims processing or administration, data analysis, utilization review, billing, benefit management, and re-pricing. Because the consultant will be auditing medical records, PHI will need to be shared from the practice. The practice would be the covered entity.
What is the purpose of the Privacy Rule?
(A) To keep provider information private.
(B) To keep payment amounts private.
(C) To protect patient privacy.
(D) To protect facility information.
(C) To protect patient privacy.
The purpose of the Privacy Rule is to protect individual privacy, while promoting high quality healthcare and public health and well-being.
Medicare was passed into law under the Title XVIII of what Act?
(A) HMO.
(B) Stabilization Act.
(C) HIPAA
(D) Social Security Act.
(D) Social Security Act.
Medicare was passed into law on July, 30 1965 by President Lyndon B. Johnson under Title XVIII of the Social Security Act. Beneficiaries were able to sign up for the program on July 1, 1966. U.S. citizens were automatically enrolled in Part A Medicare at age 65, which covered hospital stays; and had an option to choose to enroll in Part B Medicare, which covered physician services.
HIPAA is an abbreviation for?
(A) Health Insurance Portability and Accountability Act.
(B) Health Insurance Plans and Accountability Act.
(C) Health Initiative Plans and Accessibility Act.
(D) Health Insurance Portability and Accountability Action.
(A) Health Insurance Portability and Accountability Act.
If a provider is excluded from federal health plans, what does that mean?
I. They may not participate in Medicare, but may participate in Medicaid to help the needy.
II. They may not participate in Medicare, Medicaid, VA programs or TRICARE.
III. The cannot bill for services, provide services, order services, or prescribe medication to any beneficiary of a federal plan.
IV. They cannot bill for services or provide services, but may give Medicare patients referrals to receive services somewhere else.
(A) II, IV.
(B) I, III.
(C) II, III.
(D) I, III, IV.
(C) II, III.
One of the most severe penalties associated with the Social Security Act is the ability of the Office of Inspector General (OIG) to exclude an entity or an individual from participation in any and all federal healthcare programs. This includes Medicare, Medicaid, VA programs, and TRICARE. An excluded individual cannot bill for services, provide referrals, prescribe medications or order services for any beneficiary of a federally administered health plan.
