HIPAA

Question 1

What is HIPAA

Answer 1

Health Insurance Portability and Accountability Act of 1996

Question 2

What does HIPAA do?

Answer 2

Protects privacy and security of certain health information

Question 3

HIPAA privacy rule?

Answer 3

establishes national standards for the protection of certain health information.

Question 4

HIPAA security rule?

Answer 4

Establish a national set of security standards for protecting certain health information that is held or transferred in electronic form

Question 5

What did the HITECH act 2009 do?

Answer 5

Expanded rules to business associates

Question 6

HIPAA Privacy rule

Answer 6

Intended to protect privacy of all individually identifiable health information

Question 7

What 2 things does the privacy rule protect?

Answer 7

1. Protects privacy of all individually identifiable health information
2. Protects identifiable health information held or transmitted by a covered entity or associate in any form

Question 8

What 3 specific things does protected health information include? (3)

Answer 8

1. physical or mental health condition
2. provision of health care to the individual
3. payment for the provision of health care to the individual.

Question 9

When is patient authorization not required for disclosure of PHI?? (5)

Answer 9

1. Information sharing needed for treatment
2. Disclosure to family, friends, others involved in care of the individual as well as for notification purposes
3. Information needed to ensure public health and safety
4. Information needed to prevent or lessen imminent danger
5. Disclosure in facility directories

Question 10

What must an adequate privacy notice include? (6)

Answer 10

1. The required heading
2. A statement of uses and disclosures
3. A statement of individual rights
4. A statement of the covered entity’s duties
5. An explanation of how to complain
6. Required contact information

Question 11

What does the security general rule do?

Answer 11

Establishes national standards to protect individuals electronic personal health information that is created, received, used, or maintained by a covered entity.

Question 12

How does the security rule define confidentiality?

Answer 12

To mean that e-PHI is not available or disclosed to unauthorized persons

Question 13

What 4 things must covered entities do under the security rule?

Answer 13

1. Ensure the confidentiality of all e-PHI
2. Protect against reasonably anticipated, impermissible uses
3. Protect against reasonably anticipated threats to security
4. Ensure compliance by workforce

Question 14

What is the breach notification rule?

Answer 14

Requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information

Question 15

What is the definition of breach?

Answer 15

an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information

Question 16

HIPAA considerations for PT practice (5)

Answer 16

1. Patient identification
2. Evaluation procedures
3. Sign in and out processes
4. Physical layout of facility
5. Computer security

Question 17

What are the penalties for violating HIPAA

Answer 17

1. Civil or criminal sanction
2. civil=fines, usually the result of inadvertent violations
3. Criminal involve monetary penalties and jail time

Question 18

What are 3 causes of improper payment?

Answer 18

1. Incorrect coding
2. No documentation or insufficient documentation
3. Medically unnecessary

Question 19

How does the fraud prevention system work?

Answer 19

1. Monitors 4.5 claims each day
2. Alerts generated and consolidated around providers and subsequently prioritized based on risk
3. Regional results are provided to the zone program integrity contractor analyst and investigators
4. Results available yo CPI and law enforcement
5. ZPICs now work the top 100 leads in each zone

Question 20

What is fraud?

Answer 20

Health Care fraud schemes commonly include purposely billing for services that were not provided or were not medically necessary, billing for a higher level of service than what was provided, misreporting costs or other data to increase payments, paying or receiving kickbacks, illegally marketing products, and or stealing providers or beneficiaries’ identities… Basically inappropriate billing practices

Question 21

What is abuse?

Answer 21

Practices that either directly or indirectly result in unnecessary costs to Medicare or Medicaid, including misuse of codes on a claim, charging excessively for services or supplies, and billing for services that were not medically necessary

Question 22

What is the false claims act?

Answer 22

Civil liability for knowingly submitting or causing to be submitted a false or fraudulent claim to the federal government

Question 23

What is the anti-kickback statute

Answer 23

Criminal offense to knowingly and willfully offer, pay, solicit, or receive remuneration or induce or reward referrals of items or Services reimbursable by a federal health care program

Question 24

Stark law or physician self referral law

Answer 24

Prohibits referral for health services to an entity in which the physician (or member of immediate family) has ownership slash investment interest or a compensation arrangement

Question 25

Criminal health care fraud statue

Answer 25

Prohibits knowingly and willfully executing or attempting to execute a scheme or artifice to defraud a healthcare benefit program, or to obtain (by false or fraudulent pretenses) any of the money or property owned by or in the custody of the Health Care Program

Question 26

Whistleblower statue

Answer 26

Provision extended by Affordable Care Act to protect against retaliation

Question 27

What are penalties in general for violating anti-fraud laws/statutes?

Answer 27

Fines, prison, exclusion from federal program

Question 28

What is a compliance program?

Answer 28

Compliance programs enable providers and employers to reduce exposure to penalties and sanctions, and as a results improve efficiency and quality of services

Question 29

What is the benefit of compliance programs? 2

Answer 29

1. Can show track record of following the rules

2. Illustrates that a compliance program is in place to ensure practitioners are acting appropriately

Question 30

What are some of the top compliance issues in physical therapy?

Answer 30

• Services not medically necessary
• Services not provided or documented
• Up-bundling or upcoding
• Time documentation inconsistent with service billed
• Inappropriate personnel
• Provider ID numbers misused
• Care below accepted standards
• Waving of copays o

Question 31

What are types of Medicare/Medicaid fraud and abuse violations?

Answer 31

• Providing and billing for PT services without a PT license and/or without the appropriate supervision of a physician or licensed PT as required by federal and state law
• Billing for PT services when the service performed was unskilled and did not constitute PT
• Billing for PT services that were never performed, only partially performed, or not medically necessary
• Licensee, knowingly or unknowingly, billing the incorrect code for treatment

Question 32

Why is so much effort invested in program integrity by Medicare?

Answer 32

Medicare Integrity Programs (MIP) protect Medicare from improper payments as well as fraud, abuse, and waste

Question 33

Who can deliver PT services that can be billed under medicare?

Answer 33

Physician, Non-Physician practitioner, PT, PTA

Question 34

What is “incident-to” billing?

Answer 34

• “Incident to” services relate to services furnished as an integral, although incidental, part of the physician’s personal professional services in the course of diagnosis or treatment of an injury or illness.
• A licensed healthcare provider such as a PT may provide the required services under the physician’s direct supervision, and these services are billed by the physician.

Question 35

What types of payment for referrals is acceptable under Medicare?

Answer 35

None, you can’t pay anyone for referrals because of the anti-kickback law

Question 36

What is a Corporate Integrity Agreement?

Answer 36

A corporate integrity agreement is negotiated by the Office of the Inspector General (OIG) as part of the settlement of federal health care program investigations into false claim violations

Question 37

What is the look back period for Medicare Recovery Audit Contractors?

Answer 37

3 years

Question 38

What is PHI?

Answer 38

3. “Protected health information” (PHI)- Individually identifiable health information, including demographic information.