Chapter 5

Question 1

compliance

Answer 1

adherence to rules-for instance, regulations and standards; also refers to the culture of an organization to provide high-quality, cost-effective, efficient healthcare that operates within the requirements of regulatory, accreditation, and other requirements

Question 2

covered entity

Answer 2

any health-care provider or contractor that transmits in electronic form any individually identifiable health information

Question 3

business associate

Answer 3

an individual or organization with which a covered entity contracts to perform functions or duties that involve the use or disclosure of individually identifiable health information

Question 4

clearinghouse

Answer 4

an organization or entity (public or private) that processes data into a standardized billing format and checks for inconsistencies or other errors in the claims data

Question 5

individually identifiable health information

Answer 5

data that identify a patient, such as name, address, date of birth and gender

Question 6

privacy

Answer 6

the right to be left alone and to expect that one’s health information is available only to those who have a need to access it

Question 7

protected health information (PHI)

Answer 7

any piece of data that identifies a patient as well as the clinical data tied to the patient

Question 8

Notice of privacy practices (NPP)

Answer 8

written notification, which must be signed by the patient/legal representative, that communicates how PHI is used, disclosures made without the need for authorization, the patient’s rights regarding PHI, the persons to whom PHI may be released, and the covered entity’s legal duties with respect to that information.

Question 9

security rule

Answer 9

the HIPAA rule that protects PHI through standard procedures and methods of storage, access, and transmission, as well as through auditing for security breaches

Question 10

National Provider Identifier (NPI) number

Answer 10

a unique 10-diget number that identifies each care provider on all administrative or financial transactions-for instance, claim forms.

Question 11

Health plan identifier (HPID)

Answer 11

a unique identifier assigned to every health plan that controls its own business activities, actions, or policies or that is controlled by entities that are not health plans’ the effective dates for use of HPID are November 5, 2015, for small plans

Question 12

Omnibus Final Rule to the HITECH Act

Answer 12

legislation that updates and clarifies the requirements in the HITECH Act.

-increases the requirements for protecting patient privacy, adds to patients’ rights, and strengthens enforcement ability of law enforcement

Question 13

Accounting of disclosures

Answer 13

a listing of all disclosures of a patient’s PHI, including those for treatment, payment, and health-care operations

Question 14

Deemed status

Answer 14

be virtue of achieving accreditation status, a facility is also in compliance with CoP.

Question 15

Critical Access Hospital

Answer 15

a hospital that has no more than 25 inpatient beds’ maintains an annual average length of stay of 96 hours or less for acute inpatient care; offers 24-hour, 7-day a week emergency care’ and is located in a rural area at least 35 miles drive away from any other hospital or other critical access hospital; the CoP regulations for CAHs differ from those for hospitals that are not CAHs.

Question 16

accreditation

Answer 16

voluntary assessment by an accrediting agency that proves a health care facility exceeds the minimum requirements set by licensing agencies

-more stringent than licensure requirements

Question 17

Licensing requirements

Answer 17

all states, and federal government, have mandatory licensing requirements for health care providers and facilities

Question 18

What does health information prove?

Answer 18

whether organizations are maintaining standards and regulations or not

Question 19

Regulatory Agencies

Answer 19

• state requirements
• federal regulations
• Medicare and Medicaid
• licensure for medical professionals
• mandatory

Question 20

Accrediting Bodies

Answer 20

• voluntary standards
• apply to organizations, rather than individuals
• often more stringent than mandatory regulations and requirements

Question 21

Third-party payers

Answer 21

• insurers
• managed care plans
• apply to both facilities and providers
• meet goals to qualify for special status
• certain level of compliance mandatory

Question 22

If there is a state requirement and a federal requirement for regulations, which do you follow?

Answer 22

the more stringent law on holding that

Question 23

Health Information Management Professionals (HIM Professionals)

Responsible for-

Answer 23

knowing the regulations and standards that apply to healthcare organizations and specialties

Question 24

Most common state regulations for medical records

Answer 24

-record must be kept for all services provided
-record must be available at all times
-policies and procedures pertaining to record completion and content are in place
(TJC- says it must be complete in 30 days. EMR day - 24-48 hours)
-only authorized individuals can access records
-records are safely stored and preserved

Question 25

The Conditions of Participation (CoP)

Answer 25

apply to all facilities that diagnose or treat Medicare and Medicaid patients and, in turn, expect payment from either.

• the CoP regulations apply to the entire facility, not just the care, treatment, and resulting health records of that patient population
• organizations that treat Medicare and Medicaid patients must adhere to the conditions of participation (CoP) regulations
• CoP guidelines should be used during internal reviews as well as on-site visits
• health records for all patients not just Medicare and Medicaid, must comply with CoP
• HIM Personnel are responsible for making sure that the organization knows and complies with all CoP

Question 26

Conditions and Standards of the CoP impacting health information processes

Answer 26

• the governing body
• care of patients
• emergency services
• patients rights
• privacy and safety
• confidentiality of patient records
• restraint or seclusion
• death reporting requirements
• quality assessment and performance improvement
• composition of the medical staff
• medical staff organization and accountability
• medical staff by-laws
• nursing services
• medical record services
• utilization review
• discharge planning
• the organization, staffing and delivery of services for individual services

Question 27

Health Insurance participation and accountability act (HIPPA)

Answer 27

-commonly referred to as “the privacy law”

• health care coverage
• privacy and security
• code set rule
• unique identifier rule
• enforcement and compliance

HIPPA applies to covered entities that process, store, transmit, or received records, claims, and remittance advices

Question 28

Health Information Technology for Economic and Clinical Health (HITECH) Act’s intent-

Answer 28

is to increase the quality and efficiency of healthcare

Question 29

HITECH introduced meaningful use. Describe the 3 stages

Answer 29

stage 1- focus on the collection of data the will improve patient care and outcomes

stage 2- focus on advancing clinical process and sharing patient information

stage 3- focus on improved patient outcomes through the use of technology

Question 30

Office for Civil Rights (OCR)

Answer 30

enforces compliance with HIPPA, and failure to comply could result in monetary and/or criminal penalties

Question 31

What are patients entitled to?

Answer 31

-request a copy of every disclosure of PHI and all individuals who have accessed their information

Question 32

When a breach of security happens-

Answer 32

• it needs to be reported to the impacted individuals, HHS, and the covered entity if the breach occurred by a business associate
  
  • includes description of breach, steps for patients to protect themselves, and description of the investigation and actions being taken to mitigate harm and prevent future breaches
• when the breach involves 500 or more residents of a state or jurisdiction, the previously mentioned measures must be taken and the media outlets that serve that area must be notified as well
• when the breach involves less than 500 residents the secretary of HHS ay be notified annually, but no later than 60 days following the end of the calendar year in which the breaches occurred

Question 33

Voluntary Accrediting Agencies

Answer 33

• most healthcare organizations choose to work with an accreditation agency to be more competitive
• accreditation is voluntary but if an organization decides to participate, then a small fee is involved
• accreditation agencies award “deemed status” which enables the health care organization to obtain reimbursement from Medicare without a separate application and review process

Question 34

What is the most common accreditation agency?

Answer 34

the joint commission (TJC)

Question 35

the joint commission (TJC)

Answer 35

provides benchmarking data so that organizations can compare themselves to other similar organizations

Question 36

Standards related to health information include:

Answer 36

• record of care
• treatment and services
• information management