Laws & Statutes Flashcards
What entities does HIPAA apply to?
Health plans
Health care clearinghouses
Health care providers
What information does HIPAA protect?
Protected Health Information or Individually Identifiable Health Information
What is “individually identifiable health information” under HIPAA?
Information, including demographic information, that is created or received by a Covered Entity and relates to the past, present or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for health care; and that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify an individual
Who is responsible for investigating HIPAA complaints?
The Secretary of the Department of Health and Human Services
and the Office for Civil Rights
What are the penalties for HIPAA violations?
(1) C.E. Did Not Know: $100-$50,000
(2) Violation due to reasonable cause, not willful neglect: $1000-$50K
(3) Violation due to willful neglect and timely corrected: $10,000-$50K
(4) Willful neglect, not corrected: $50,000
Calendar year maximum for violations of same provision: $1.5M
What is a HIPAA “breach”
A breach is an acquisition, access, use, or disclosure of PHI in a manner not permitted under HIPAA that compromises the security or privacy of the PHI. All unallowed acquisition, access, use, or disclosures are presumed to be a breach unless the C.E. can demonstrate there is a low probability that the PHI has been compromised based on a risk assessment of 4 factors:
- Nature and extent of PHI
- An unauthorized person who received the PHI
- Whether the PHI was actually acquired or viewed
- The extent to which the risk was mitigated
What does the Anti-Kickback law prohibit?
Asking for or receiving anything of value for the referral of business to a government-funded health care program.
For example, offering bribes or rebates
What are the penalties for Anti-Kickback violations?
- *Criminal penalties**: Felony. $25K per violation and up to 5 years in prison
- *Civil penalties under False Claims Act**: Up to 3x the loss plus $11,000 per claim
- *Civil Monetary Penalty**: $50K per violation and up to 3x value of kickback
What does the Stark law prohibit?
Improper referrals to entity with which you have a financial relationship
What is another term for the Stark law?
Phsyician self-referral law
What are the penalties for a Stark/Physician self-referral violation?
Owe back amount of claim
Civil penalties under False Claims Act: Up to 3x the loss plus $11,000 per claim
Civil Monetary Penalty: $15K per service/$100K per scheme
Exclusion from federal health programs
How do you determine if there is a Stark/Physician self-referral violation?
1) Is there a referral from a physician for a health service
2) Does physician have a financial relationship with the entity that received the referral (e.g. an ownership interest)
3) Does the relationship fit into an exception? (e.g. employment, space, and equipment lease)
What are the 2 main differences between Stark and Anti-kickback?
1) Stark has civil liability only whereas Anti-Kickback has both civil and criminal liability
2) Stark applies only to physicians whereas Anti-Kickback applies to physicians and other providers
What governmental agencies enforce the Stark, Anti-Kickback and False Claims Act?
Office of Inspector General (OIG)
US Department of Justice
What are the two types of exclusion authorities that the OIG has?
- *Mandatory**: Conviction of program-related crime; felonies for controlled substances
- *Permissive**: failure to repay school loans, etc.