Study guide for Chapters 7 & 8

Question 1

• Medicare Fraud Strike Force & Criminal Actions

Answer 1

o Established to combine the resources of federal, state, and local law enforcement entities to prevent and combat health care fraud, waste, and abuse

o These enforcement actions are designed to deter fraud, and abuse investigations for 2016 to 2018 and have recovered more than $4 billion fraudulently billed to Medicare and Medicaid.

Question 2

• HIPAA breach

Answer 2

o HITECH ACT requires HIPAA-covered entities to notify affected individuals, the HHS, and in some cases, the media following the discovery of a breach of unsecured PHI. Business associates are also required to notify covered entities following the discovery of a breach.

o Breach- any unauthorized acquisition, access, use, or disclosure of personal health information that compromises the security or privacy of such information.

o An impermissible use or disclosure of PHI is presumed to be a breach unless the covered entity or business associate, as applicable, demonstrates that there is a low probability that the PHI has been compromised based on a risk assessment that includes an analysis of the nature and extent of PHI, who the unauthorized person is, whether the PHI was actually viewed or acquired, and the extent to which the risk has been mitigated.

o Any Breach more than 500 records requires notification of the media in addition to the patients affected by the breach. This allows the public to learn of the problem early on.

Question 3

• HIPAA Standard 1

Answer 3

o Standard 1- Transactions and Code Sets // a transaction refers to the transmission of the information between two parties to carry out financial or administrative activities.

A code set is any set of codes used to encode data elements, such as

table of terms
medical concepts
medical diagnostic codes
medical procedure codes

Required codes sets for use under Standard 1 include:
 CPT
 ICD-10-CM
 ICD-10-PCS

Question 4

• HIPAA Standard 2

Answer 4

o Standard 2- Privacy Rule // Health Care providers and their business associates must put in place certain policies and procedures to ensure confidentiality of written, electronic, and oral protected health information.

Question 5

• HIPAA Standard 3

Answer 5

o Standard 3- Security Rule // Security refers to those policies and procedures health care providers and their business associates use to protect electronically transmitted and stored PHI from unauthorized access

Question 6

• HIPAA Standard 4

Answer 6

o Standard 4- National Identifier Standards // Provide unique identifiers (addresses) for electronic transmission. All four sets of HIPAA standards have been implemented, and most health care practitioners are familiar with the language and rules that make up the requirements for compliance

Question 7

• Sign in sheets and HIPAA

Answer 7

o You can ask patients to sign in, call patients by name in waiting rooms, or use a public address system to ask patients to come to a certain area. A patient sign-in sheet, however, must not ask for the reason for the visit.

Question 8

• The Security Rule

Answer 8

o HIPAA Standard 3 is the Security Rule

o Security Rule- establishes a national set of security standards for protecting certain health information that is held or transferred in electronic form. Essentially, the Security Rule operationalizes the protections set forth in the Privacy Rule.

o Identifies the technical and nontechnical safeguards that CEs must have in place to secure PHI

o The Security Rule requires CEs (Covered Entities) to

 Ensure the confidentiality, integrity, and availability of all PHI they create, receive, maintain, or transmit

 Identify and protect against reasonably anticipated threats to the security or integrity of the information

 Protect against reasonably anticipated, impermissible uses of disclosures and

 Ensure compliance by their workforce

Question 9

• Subpoena duces tecum

Answer 9

o Subpoena duces tecum – the subpoena commands a witness to appear in court and to bring certain medical records.

o When a Subpoena duces tecum is issued for certain records, the patients written consent to release the records is waved.

Question 10

• Use of social media

Answer 10

o	Used in the Healthcare Industry for 
	Training purposes
	In times of crisis to communicate minute by minute information
	Remind patients about appointments
	Patient portals
	Individuals seeking emotional support or coping mechanisms for particular disease (Virtual Communities)
	Builds awareness of causes
o	Platforms such as Facebook- Twitter // Sermos (Available only to licensed physicians to share information with colleagues and discuss health care policies)
o	Includes the following
	Business networks
	Blogs
	Microblogs
	Collaborative projects
	Social networks
	Forums
	Photo sharing
	Video sharing 
	Products/services reviews
	Social bookmarking
	Social gaming
	Virtual worlds

Question 11

• The doctrine of professional discretion

Answer 11

o A principle under which a physician can exercise judgment as to whether to show patients who are being treated for mental or emotional conditions their records. Disclosure depends on whether, in the physician’s judgement, such patients would be harmed by viewing the records.

o When an employer requires a job related physical scheduled and paid for by the employer, ownership of the medical records generated is considered the property of the health care practitioner or facility who created them, but the employer is entitled to a copy of that part of the record that is pertinent to the job related exam

Question 12

• Federal court cases regarding HIPAA preemption

Answer 12

o HIPAA of 1996 was the first federal law to deal explicitly with the privacy of medical records, and to ensure compliance, HIPAA provides for civil and criminal sanctions for violators of the law

o Through state preemption, if a state’s privacy laws are stricter than HIPPAA privacy standards and or guarantee more patients’ rights, the state laws take precedence

Question 13

• Stark Law

Answer 13

o Prohibits physicians or their family members who own health care facilities from referring patients to those entities if the federal government, under Medicare or Medicaid, will pay for treatment

Question 14

What Three Questions determine whether or not a request for reimbursement is prohibited by the Stark Law?

Answer 14

1. has a physician or member of the physicians family referred a Medicare or Medicaid patient to an entity?
2. is the referral for a “designated health service?”
3. is there a financial relationship between the referring physician or family member and the entity providing serve?

if any of these three questions is answered “yes,” the referral violates the Stark Law.

Question 15

What Three Questions determine whether or not a request for reimbursement is prohibited by the Stark Law?

Answer 15

1. has a physician or member of the physicians family referred a Medicare or Medicaid patient to an entity?
2. is the referral for a “designated health service?”
3. is there a financial relationship between the referring physician or family member and the entity providing service?

if any of these three questions is answered “yes,” the referral violates the Stark Law.

Question 16

• Federal False Claims Act

Answer 16

o A law that allows for individuals to bring civil actions on behalf of the US government for false claims made to federal government, under a provision of the law called qui tam (from Latin meaning “to bring an action for the king and for oneself”).

• commonly known as whistle blowers, are referred to as qui tam relators and can share in any court- awarded damages
• suites brought under the False Claims Act are most often related to the health care and defense industries’

Question 17

What does the Federal False Claims Act Prohibit?

Answer 17

• making a false record or statement to get a false claim paid by government
• conspiring to have a false claim paid by the government
• withholding government property with the intent to defraud or willfully conceal it from the government
• making or delivering a receipt for government property that is false
• buying government property from someone who is not authorized to sell it
• making a false statement to avoid or deceive an obligation to pay money or property to the government
• causing someone else to submit a false claim by giving false information

Question 18

• Federal Anti-Kickback Law

Answer 18

o Prohibits knowingly and willfully receiving or paying anything of value to influence the referral of federal health care program business, including Medicare and Medicaid, can be held accountable for a felony.

-Violations of the law, which excludes from prosecution some designated “safe harbor” arrangements, are punishable by up to 5 years in prison, fines from $25,000 to $50,000 and exclusion from participation in federal health care programs

Question 19

• HIPAA breaches of over 500 records

Answer 19

o Requires notification of the Media in addition to the patients affected by the breach.

Question 20

• Confidentiality of Alcohol & Drug Abuse Patient Records

Answer 20

o A federal statue that protects patients with histories of substance abuse regarding the release of information about treatment.

Question 21

• Who owns the information within the medical records?

Answer 21

o According to the law, once a patient discloses information that becomes part of a health care provider’s medical record, that information is now owned by the provider-essentially because the information has then become part of the health care providers business records.

Question 22

• Who owns the medical record?

Answer 22

o The physical ownership falls on the health care practitioner/facility that the created them because patients generally do not have the storage capacity or security measures in place to store paper or electronic records as legally required.

Question 23

• Know what the 3rd amendment to the US Constitution protects

Answer 23

o Soldiers cannot be quartered in private homes without the consent of the owner.

• patients have a right to privacy

Question 24

• American Recovery and Reinvestment Act

Answer 24

o A 2009 Act that made substantive change to HIPAA’s privacy and security regulations. Including

 Privacy and security regulations

 Changes in HIPAA enforcement,

 Provisions about health information held by
entities not expressly covered by HIPAA

 Other miscellaneous changes

o Commonly referred to the Stimulus Bill