Lab Compliance and Anti-Kickback Laws and HIPAA Flashcards
What are the seven primary elements and principals of laboratory compliance plan?
1) Written policies and procedures and standards of conduct that promote labs commitment to compliance. Chief compliance officer and compliance committee
2) Ways to report suspected compliance violations
3) System to respond to allegations of illegal or improper activities and take disciplinary action against employees involved
4) Internal monitoring, audits and evaluative methods to assess compliance efforts
5) investigation and correction of identified problems
What is medical necessity?
Lab should only submit claims to federally funded health care programs for services that lab has reason to believe are medically necessary
Requisition should contain ICD-10 codes
Lab should notify physicians annually regarding medical necessity policies
Lab should monitor test utilization over time to ensure only necessary tests are ordered
What are some required billing policies?
ensure that CPT codes used to bill medicare or medicaid accurately describe services performed
use ICD-10 information from ordering physician
don’t use past information or programs that automatically insert codes without physician information or make up diagnostic information
labs should only submit claims for tests that were both ordered and performed
only bill for appropriate automated multi-channel chemistry tests
tests on list should not be billed individually unless only one test was performed
standing orders are permitted but must be monitored for validity
What is the Stark Law?
Prohibits a physician from making referrals for the furnishing of testing to lab with which the physician or family member has a financial relationship
Group practice destination may allow exceptions
Applies to MEDICARE AND MEDICAID patients only
Allows labs to supply items to be used solely to collect or process specimens with equipment solely to communicate test results
What is the anti-kickback statute?
Penalizes anyone who knowingly solicits, receives, offers or pays renumeration in cash or support for referring patients for laboratory testing (incentives/inducements)
Applies to MEDICARE AND MEDICAID services
What is the Privacy Rule?
Standards for Privacy of Individually Identifiable Health Information (Privacy Rule)
Establishes set of national standards for the protection of health information
Issued by US Dept of Health and Human Services to implement requirements of HIPAA 1996
Privacy Rule Standards address the use and disclosure of individuals’ health information called PHI by organizations subject to the privacy rule - covered entities and standards for individuals privacy rights to understand and control how their health information is used
What are covered entities?
Organizations subject to the privacy rule
Which office within HHS enforces Privacy Rule?
Office for Civil Rights (OCR) implements and enforces Privacy Rule with respect to voluntary compliance activities and civil money penalties
List the 5 sections (Titles) of HIPAA
1) Focus on Health Care Access, Portability and Renewability
2) Preventing Health Care FraudP and Abuse; Administration simplification; medical liability reform = Privacy Rule, Transactions and Code Sets Rule, Security Rule, Unique Identifiers Rule (NPI), Enforcement Rule
3) Tax-related health provisions governing medical savings accounts
4) Application and Enforcement of group health insurance requirements
5) Revenue offset governing tax deduction for employers
What does Title I of HIPAA regulate?
Focuses on health care access, portability and renewability
regulates availability of group and individual health insurance policies
What are the 5 rules carried under title II to enforce Administrative Simplification?
Privacy rule, transactions and code sets rule, security rule, unique identifiers rule and enforcement rule
What is the Privacy Rule?
Regulates the use and disclosure of PHI (protected health information) by covered entities
upon request, covered entities must disclose PHI to an individual within 30 days
must also provide and disclose PHI as required by law enforcement for investigation of suspected child abuse
Provides individuals with general right to access, inspect, obtain copy of PHI in a designated record set
Under what circumstances can PHI be disclosed without written authorization?
PHI may be disclosed to law enforcement when requested by court orders
PHI can be revealed to facilitate treatment, payment or health care operations
What are elements of the 2013 omnibus rule update to the privacy rule?
revised definition of significant harm in analysis of breach provides more investigation to covered entities with intent of disclosing breaches previously not reported
protection of PHI is until 50 years after death
HIPAA privacy rule may be waived during natural disaster
What are the rights to access in the Privacy Rule?
Requires medical prviders to give individuals PHI access when requested by writing within 30 days
one 30 day extension is allowed if reason for delay is provided in writing to the requesting individual
What health information is not required to be accessible to individuals upon request?
Psycotherapy notes of a provider and information gathered by provider to defend against a lawsuit
What are the main requirements of Title I: Focus on Health Care Access, Portability and Renewability?
regulates availability of group and individual health insurance policies
requires coverage of and limits restrictions that group health plan places on benefits for pre-existing conditions
Group health coverage may only refuse benefits that relate to pre-existing conditions for 12 months after enrollment or 18 months for late enrollment
enables individuals to limit exclusion period taking into account how long they were covered before enrolling in the new plan after any breaks in coverage
covers creditable coverage which includes nearly all group and individual health plans, medicare and medicaid
singificant break = any 63 day period that individual goes without creditable coverage
Requires insurers to issue policies without exclusion to those leaving group health plans with creditable coverage exceeding 18 months and renew individual policies for as long as they are offered OR provide alternatives to discontinued plans for as long as insurer stays in the market without exclusion regardless of health condition
What is established by Title II: Preventing Health Care Fraud and Abuse; Admiinistrative Simplification; Medical Liability Reform?
establishes policies and procedures for maintaining privacy and security of individually identifiable health information, outlines offenses and creates civil and criminal penalties for violations
creates programs to control fraud and abuse and administrative simplification rules
requires HHS to increase efficiency of health care system by creating standards
What are examples of covered entities?
health care clearinghouse, health insurer, employer-sponsored health plan, medical provider
Are providers allowed to charge a fee for medical records?
Yes reasonable amount for copying
electronic data must not be charged
Are laboratories that are NOT HIPAA-covered entities required to disclose reports to the patient or personal representative?
not required by CLIA but it is permitted
subject to state law
What is the Relative Disclosure in HIPAA?
hospitals may NOT reveal information over the phone to relatives of admitted patients
What is Title II: Rule 2 - Transactions and Code Sets Rule?
HIPAA created to improve health care system efficiency by standardizing health care transactions
HIPAA added part C titled “Administrative Simplification” that simplifies healthcare transactions by requiring health plans to standardize transactions
for example filing for reimbursements electronically have to file claims using HIPAA standards to be paid
What is Title II: Rule #3 Security Rule?
complements privacy rule
privacy rule pertains to all protected health information
3 types of security safeguards: administrative, physical and technical
