Chpt 9

Question 1

HIPAA Title 1

Answer 1

Protect consumers changing jobs

Question 2

HIPAA Privacy rule

Answer 2

Protects the type of data that is communicated

Question 3

HIPAA Security rule

Answer 3

Protects the databases and data for security

Question 4

HIPAA enforcement rule

Answer 4

Indicates procedures for enforcement and procedures for hearings and penalties

Question 5

HIPAA Breach notification rule

Answer 5

Requires healthcare providers to notify individuals when there has been a breach of protected information

Question 6

Preexisting condition

Answer 6

A condition for which a patient received treatment in a certain period before beginning coverage with a new insurance plan

Question 7

HIPAA preexisting conditions

Answer 7

Limit preexisting condition periods to 12 to 18 months
Clause may be avoided in the new plan for patients who have proof of coverage that was not interrupted by a period of 63 days or more and had a full year of coverage at a previous job

Question 8

HIPAA Title II

Answer 8

Prevention of healthcare fraud and abuse and simplification of administrative processes in the deliverance of healthcare

Question 9

PHI

Answer 9

Protected health information
Any patient information that includes identifiers that could be used to identify the patient

Question 10

Title II privacy rule portion

Answer 10

Regulates how PHI may be transmitted from one place to another
Applies to any healthcare provider who transmits patient information electronically

Question 11

Entities exempt from complying with HIPAA regulations

Answer 11

Genetic testing companies that consumers contact directly
Mobile apps used for health and fitness
Law enforcement agencies
Schools
Employers
State agencies
Insurance companies
Alternative medicine providers

Question 12

Disclosure of patient information to the patient upon request
Privacy rule

Answer 12

Within 30 days

Question 13

Patient disclosure to others
Privacy rule

Answer 13

Patient’s written consent to transfer records from one provider to another
May happen without consent- child abuse must be reported

Question 14

Minimum necessary rule
Privacy rule

Answer 14

States that only the minimum amount of information necessary is to be shared
Release of all information in a patient’s file is not necessary
Also applies to employees performing their jobs in a medical office

Question 15

Correction of a health record

Answer 15

If patient disagrees with what is in their health record, they may submit a written statement requesting that information be changed. Becomes a part of the health record but the original information also remains
Not required to change it

Question 16

Outlining disclosures to a patient
Privacy rule

Answer 16

Upon request, provide a list of occasions that information was shared along with details of the information shared and to whom it was provided

Question 17

Violation of privacy rule

Answer 17

File complaint with Department of Health and Human Services, Office for Civil Rights

Question 18

Improper disclosure
Privacy rule

Answer 18

Accidental or unintended
Notify patient of details of information disclosed and to whom, as well as details as to what the privacy officer did to retrieve or destroy the information disclosed

Question 19

Privacy officer
Privacy rule

Answer 19

An employee in a healthcare facility charged with the duty of educating others on HIPAA compliance
Point person for complaints
Trains staff on HIPAA regulations
Maintains a log of improper disclosures
Discloses to the patient any improper privacy violations

Question 20

Electronic billing ml
Privacy rule

Answer 20

The process of sending medical claims to insurance carriers electronically
Both claim and payment may be made electronically

Question 21

HIPAA Security rule

Answer 21

2005
Safekeeping of electronic information within the healthcare facility
3 parts: administrative, physical and technical

Question 22

Administrative safeguards
Security rule

Answer 22

Written privacy practices and given to patients- signed by each patient
Alerts the patient to the existence of privacy practices and their right to a copy

Question 23

Access to records
security rule

Answer 23

Which employee type should be permitted access to records
Minimum necessary rule applies

Question 24

Proper training regarding PHI
Security rule

Answer 24

Written policies on training of personnel on handling of PHI

Question 25

Physical safeguards under the security rule

Answer 25

Erase and dispose of old computer equipment
Access to electronic equipment safeguarded-password protection, block physical access, keep patient information out of view

Question 26

Technical safeguards under the security rule

Answer 26

Information sent electronically must be encrypted and only sent over private networks
Use of firewalls

Question 27

Encrypted

Answer 27

To mathematically scramble information in a way that keeps unauthorized persons from viewing it

Question 28

Firewalls

Answer 28

A software program or hardware device designed to work with the computer to add a layer of security between the data on the computer and the network to which it is connected

Question 29

Unique identifier
National provider identifier

Answer 29

A unique number issued by Medicare to each individual provider
Prior to HIPAA the provider would have a separate number for each insurer
Follows the provider throughout their career

Question 30

Numbers needed for providers

Answer 30

NPI
DEA number
State license number
Federal tax ID number

Question 31

HIPAA Enforcement rule

Answer 31

Civil penalties
Unintentional violation: $100-$50,000
Max $25,000-1.5 million
Violation due to reasonable cause but not willful neglect:
$1,000-50,000
Max $100,000-1.5 million
Willful neglect but corrected in allotted time:
$10,000-50,000
Max $250,000-1.5 million
Willful neglect but not corrected: $50,000-50,000
Max 1.5 million-1.5 million

Question 32

HIPAA violations carry criminal penalties in rare instances

Question 33

The business associate agreement

Answer 33

Written form that outlines the expectations of the healthcare provider or organization with regard to the business associate

Question 34

Business associates

Answer 34

Janitorial staff
Transcription employees
Healthcare students performing an internship
Equipment manufacturers or sales staff
Computer repair persons

Question 35

The red flags rule

Answer 35

Compiled by Federal Trade Commission (FTC) in 2007
Government legislation requiring all healthcare facilities to implement a written Identity Theft Prevention Program designed to detect the warning signs of identity theft in their day-to-day operations
Planned for November 1, 2008; pushed back to December 31, 2010
Medical facilities must have procedures in place

Question 36

Red flags rule implementation

Answer 36

Show photo id
Take photo of patient for record

Question 37

Corporate compliance plan

Answer 37

Establish how the organization will comply with federal, state and local regulations
Address:
Employees don’t read other employees medical records
Employees don’t share computer passwords
Employees don’t discuss patient care with anyone without permission
Employees are trained in proper disposal of sensitive medical records

Question 38

HITECH

Answer 38

Health Information Technology for Economic and Clinical Health Act
Part of American Recovery and Reinvestment Act of 2009
Federal legislation that addresses the privacy and security concerns associated with the electronic transmission of health information
Extended possible penalties to business associates of covered providers or organizations
Required to notify patients of any potential breach of information and to create new rules for disclosures

Question 39

The Joint Commission

Answer 39

Federal organization that bestows accreditation status to healthcare facilities after a thorough inspection and passage of safety and quality measures
Not-for-profit
Accredited organizations are committed to meeting certain standards

Question 40

The joint commission in ambulatory settings

Answer 40

Performance areas reviewed:
Environment of care
Emergency management
Human Resources
Infection prevention and control
Information management
Leadership
Life safety
Medication management
National patient safety goals
Performance improvement
Provision of care, treatment and services
Record of above
Reporting of sentinel events
Rights and responsibilities of the individual
Transplant safety
Waived testing
1. Apply for accreditation-funded by healthcare organization

Question 41

Sentinel event

Answer 41

Any incident in a healthcare facility when a patient is injured or could have been injured
Must be reported to the joint commission as part of the accreditation standards

Question 42

OSHA

Answer 42

Occupational Safety and Health Act, passed in 1970
Legislation that affects safety for employees in all occupational settings, not just healthcare
Regulates working conditions in all states
Part of US Department of Labor
Administrator is the assistant secretary of labor for occupational safety and health
Pertains to materials employees exposed to and necessary protections if they work with harmful substances
Inspectors have a right to inspect any facility

Question 43

Bloodborne pathogens rule

Answer 43

OSHA, 1983
Enacted into law, Bloodborne pathogens act of 1992
Healthcare employees must have an exposure control plan (written) in place -updated each year, use controls for reducing exposure-sharps containers and retracting needles, provide appropriate measures for reducing exposures-includes training, provide employees with necessary protective equipment, provide hep B vaccine to employees within 10 days of exposure, provide needed follow-up after exposure, label any items that contain hazardous materials , provide proper training on possible hazards in the workplace to all employees, maintain a record of all training

Question 44

Bloodborne pathogens

Answer 44

Any infectious material in blood that can cause disease in humans

Question 45

Hazard Communication Safe Data Sheet
HCSDS

Answer 45

Formerly the material safety data sheet
A sheet that outlines the potential risks associated with a chemical, required by OSHA for any potentially dangerous chemical
Label all chemicals with a potential for harm

Question 46

HCS forms

Answer 46

Available from manufacturer or created by healthcare employer
Keep all together in a binder

Question 47

OSHA Exposure Control Plan

Answer 47

Plan to prevent exposure to Bloodborne pathogens
Update every year
Must outline OSHA regulations
Available for OSHA inspection if requested
Outline OSHA regulations, the ways in which the employer is working to protect the employees, and more
Templates found at OSHA.gov

Question 48

Labeling biohazards

Answer 48

Use red bags or containers
Available in any room where activity takes place

Question 49

Personal Protective Equipment

Answer 49

Wear when there is any occasion to come into contact with bodily fluids
Must have gloves , latex-free if necessary
Gown, eye and face protection if splatter possible
All at employer expense

Question 50

Other OSHA Mandated care

Answer 50

Fire extinguishers
Class A: ordinary combustibles - wood, paper, cloth
Class B: flammable liquids-grease, paint, oil, gasoline
Class C: electrical equipment-wiring appliances, electronics

Question 51

PASS

Answer 51

Pull pin
Aim at base of fire
Squeeze handle
Sweep side to side

Question 52

CLIA

Answer 52

Clinical Laboratory Improvement Amendments Act of 1988; implemented in 1992
Guides the rules and regulations associated with operating a laboratory
Comply regardless of size and pay a fee
State regulations as well
Tests of low, medium or high complexity
Standardized laboratory testing so patient receives the same results from any lab

Question 53

Fraud

Answer 53

An intentional deception or misrepresentation made by a person with the knowledge that the deception could result in a benefit to oneself or another
Laws on state and federal level

Question 54

Abuse

Answer 54

A practice that is inconsistent with sound fiscal, business or medical practices and results in unnecessary costs to the Medicare or Medicaid program or in reimbursement for services that are not medically necessary ; improper behavior and billing practices that result in financial gain but are not fraudulent.

Question 55

Upcoding

Answer 55

Choosing to use a higher level of service code than is appropriate for the actual level of service provided

Question 56

Unbundling

Answer 56

Billing for services (typically lab services) separately instead of as a bundled group

Question 57

Penalties for fraud and abuse

Answer 57

Exclusion from Medicare and Medicaid

Question 58

False claim

Answer 58

Billing for services that were not provided to the patient, billing for services that were different from those actually rendered , and billing for services provided to the patient that were not medically necessary
Penalty: fines -$250,000 and up to 5 years in jail

Question 59

False statements

Answer 59

Up to $10,000 in fines and up to 5 years in jail

Question 60

Bring to attention of your supervisor if you feel the insurance carrier is being billed incorrectly

Question 61

Patient Protection and Affordable Care Act

Answer 61

March 23, 2010
Elimination of lifetime monetary limits on healthcare
Removal of preexisting conditions clauses
Provision of care to more American children
Access to preventive services without copayments
Extends Medicaid eligibility
Tax penalties for those without insurance
Exemptions for financial hardship
Dependents covered until 26