Study guide for Chapters 7 & 8 Flashcards
• Medicare Fraud Strike Force & Criminal Actions
o Established to combine the resources of federal, state, and local law enforcement entities to prevent and combat health care fraud, waste, and abuse
o These enforcement actions are designed to deter fraud, and abuse investigations for 2016 to 2018 and have recovered more than $4 billion fraudulently billed to Medicare and Medicaid.
• HIPAA breach
o HITECH ACT requires HIPAA-covered entities to notify affected individuals, the HHS, and in some cases, the media following the discovery of a breach of unsecured PHI. Business associates are also required to notify covered entities following the discovery of a breach.
o Breach- any unauthorized acquisition, access, use, or disclosure of personal health information that compromises the security or privacy of such information.
o An impermissible use or disclosure of PHI is presumed to be a breach unless the covered entity or business associate, as applicable, demonstrates that there is a low probability that the PHI has been compromised based on a risk assessment that includes an analysis of the nature and extent of PHI, who the unauthorized person is, whether the PHI was actually viewed or acquired, and the extent to which the risk has been mitigated.
o Any Breach more than 500 records requires notification of the media in addition to the patients affected by the breach. This allows the public to learn of the problem early on.
• HIPAA Standard 1
o Standard 1- Transactions and Code Sets // a transaction refers to the transmission of the information between two parties to carry out financial or administrative activities.
A code set is any set of codes used to encode data elements, such as
table of terms
medical concepts
medical diagnostic codes
medical procedure codes
Required codes sets for use under Standard 1 include:
CPT
ICD-10-CM
ICD-10-PCS
• HIPAA Standard 2
o Standard 2- Privacy Rule // Health Care providers and their business associates must put in place certain policies and procedures to ensure confidentiality of written, electronic, and oral protected health information.
• HIPAA Standard 3
o Standard 3- Security Rule // Security refers to those policies and procedures health care providers and their business associates use to protect electronically transmitted and stored PHI from unauthorized access
• HIPAA Standard 4
o Standard 4- National Identifier Standards // Provide unique identifiers (addresses) for electronic transmission. All four sets of HIPAA standards have been implemented, and most health care practitioners are familiar with the language and rules that make up the requirements for compliance
• Sign in sheets and HIPAA
o You can ask patients to sign in, call patients by name in waiting rooms, or use a public address system to ask patients to come to a certain area. A patient sign-in sheet, however, must not ask for the reason for the visit.
• The Security Rule
o HIPAA Standard 3 is the Security Rule
o Security Rule- establishes a national set of security standards for protecting certain health information that is held or transferred in electronic form. Essentially, the Security Rule operationalizes the protections set forth in the Privacy Rule.
o Identifies the technical and nontechnical safeguards that CEs must have in place to secure PHI
o The Security Rule requires CEs (Covered Entities) to
Ensure the confidentiality, integrity, and availability of all PHI they create, receive, maintain, or transmit
Identify and protect against reasonably anticipated threats to the security or integrity of the information
Protect against reasonably anticipated, impermissible uses of disclosures and
Ensure compliance by their workforce
• Subpoena duces tecum
o Subpoena duces tecum – the subpoena commands a witness to appear in court and to bring certain medical records.
o When a Subpoena duces tecum is issued for certain records, the patients written consent to release the records is waved.
• Use of social media
o Used in the Healthcare Industry for Training purposes In times of crisis to communicate minute by minute information Remind patients about appointments Patient portals Individuals seeking emotional support or coping mechanisms for particular disease (Virtual Communities) Builds awareness of causes o Platforms such as Facebook- Twitter // Sermos (Available only to licensed physicians to share information with colleagues and discuss health care policies) o Includes the following Business networks Blogs Microblogs Collaborative projects Social networks Forums Photo sharing Video sharing Products/services reviews Social bookmarking Social gaming Virtual worlds
• The doctrine of professional discretion
o A principle under which a physician can exercise judgment as to whether to show patients who are being treated for mental or emotional conditions their records. Disclosure depends on whether, in the physician’s judgement, such patients would be harmed by viewing the records.
o When an employer requires a job related physical scheduled and paid for by the employer, ownership of the medical records generated is considered the property of the health care practitioner or facility who created them, but the employer is entitled to a copy of that part of the record that is pertinent to the job related exam
• Federal court cases regarding HIPAA preemption
o HIPAA of 1996 was the first federal law to deal explicitly with the privacy of medical records, and to ensure compliance, HIPAA provides for civil and criminal sanctions for violators of the law
o Through state preemption, if a state’s privacy laws are stricter than HIPPAA privacy standards and or guarantee more patients’ rights, the state laws take precedence
• Stark Law
o Prohibits physicians or their family members who own health care facilities from referring patients to those entities if the federal government, under Medicare or Medicaid, will pay for treatment
What Three Questions determine whether or not a request for reimbursement is prohibited by the Stark Law?
- has a physician or member of the physicians family referred a Medicare or Medicaid patient to an entity?
- is the referral for a “designated health service?”
- is there a financial relationship between the referring physician or family member and the entity providing serve?
if any of these three questions is answered “yes,” the referral violates the Stark Law.
What Three Questions determine whether or not a request for reimbursement is prohibited by the Stark Law?
- has a physician or member of the physicians family referred a Medicare or Medicaid patient to an entity?
- is the referral for a “designated health service?”
- is there a financial relationship between the referring physician or family member and the entity providing service?
if any of these three questions is answered “yes,” the referral violates the Stark Law.