Test Flashcards

1
Q

Compliance Program primary concern

A

rules and regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Integrity Program primary concern

A

values; doing the right thing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Who needs a compliance program?

A
Physicians Practices
Medicare + Choice Organizations 
Ambulance Suppliers
Third Party Billing Companies
Pharmaceutical Manufacturers
Hospitals
Laboratories
Teaching Institutions/Research 
DME Distributors
Home Health/Hospice/SNF
Others
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Defense Industry Initiative

A

Voluntary self-regulatory guidelines developed by defense industries suppliers
GOAL: Eliminate waste and bring prices into line

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Who is responsible for enforcing the rules and regulations under the Medicare and Medicaid laws

A

HHS OIG in conjunction with the Justice Department

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An effective compliance program:

A

safeguards the organization’s legal responsibility to abide by applicable laws ad regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Three strikes and you’re out

A

Balanced Budget Act of 1997

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Qui Tam

A

whistle blower

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

This act provides financial incentives for private citizens to come forward in qui tam suite

A

False Claims Act (FCA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

He who brings the action for the king as well as for himself

A

Qui tam pro domino rege quam pro se ipso in hac parte sequitur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Qui tam pro domino rege quam pro se ipso in hac parte sequitur

A

He who brings the action for the king as well as for himself

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Healthcare whistle blowers can be eligible to receive X of government’s total award if DOJ decides to assume the case

A

15-25%

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Healthcare whistle blowers can be eligible to receive X of government’s total award if DOJ declines the case

A

25-30%

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Who can impose a CIA (corporate integrity agreement)

A

The government

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

CIA characteristics

A
negotiated in order to avoid litigation 
admits no fault or liability 
submits to government for corrective action 
3-5 year duration 
extensive reporting requirements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Fine for organizations are calculated using:

A

Culpability score

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Possible sanctions include

A

fines, restitution, forfeiture, and probation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Factors that might mitigate an organization’s punishment

A

effective ethics program and self reporting, cooperation or acceptance of responsibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Four aggravating factors to a culpability score

A

if upper level employee has “participated in, condoned, or was willfully ignorant of the offence”
if the violation is a repeat offense
if the government was hindered during its investigation
if awareness of and tolerance of the violation were pervasive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Four mitigating factors in a culpability score

A

If the organization had an effective compliance program, even though there was a violation
If the organization reported the violation promptly
If the organization cooperated with the government investigators
If the organization accepted responsibility for the violation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Seven Elements of an effective compliance program

A
  1. Written standards of conduct
  2. Designating a chief compliance officer and other appropriate bodies
  3. effective education and training
  4. Audits and evaluation techniques to monitor compliance
  5. Reporting processes and procedures for complaints
  6. Appropriate disciplinary mechanisms
  7. Investigation and remediation of systemic problems
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Ten Obstacles to Effective compliance Implementation

A
  1. Commitment and buy-in
  2. Lack of funding
  3. Too many roles for compliance professional
  4. Interpreting laws and regulations
  5. Lack of resources and staff
  6. Lack of education and training
  7. Resistance to change
  8. Lack of or poor communication
  9. Fear of retaliation/retribution
  10. No internal enforcement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

which two documents become tools to build compliance program

A

the standards or code of conduct and the polices and procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

When a patient requests access to PHI, the covered entity can:

    a. Take up to 120 days to respond 
    b. Charge for retrieving the record 
    c. Require that the request be in writing 
    d. Request the patient accept a summary of the record
A

c. Require that the request be in writing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q
Changes to the Privacy and Security provisions of the HIPAA and its regulations were enacted in which of the 
    following acts? 
        a. GINA 
        b. FERA 
        c. FACTA 
        d. HITECH
A

D. HITECH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Appropriate progressive discipline policies associated with a compliance program should be:

    a. Defined by role 
    b. Enforced consistently 
    c. Applied to physicians 
    d. Reported to the government
A

b. Enforced consistently

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q
At which level of the Medicare Part A or Part B appeals process is the appeal reconsidered by a qualified independent contractor?
A. first level of appeal 
b. second level of appeal
c. third level of appeal 
d. fourth level of appeal
A

b. second level of appeal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

True or False:

An oral request by law enforcement may delay notifications related to a breach for up to 60 days.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

True or False:

An individual has the right of access all information maintained in that individual’s Designated Record Set.

A

False
An individual has the right of access to the PHI maintained within a Designated Record Set (DRS), not all of the information maintained in the DRS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

True or False:

Minimum necessary requirements under HIPAA does not apply to uses or disclosures required by law.

A

Answer: True

Disclosures required by law are subject to the minimum necessary requirement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

True or False:

A CE must accommodate reasonable requests by an individual to receive communications of PHI by alternative means.

A

Answer: True

This is directly from the regs…if reasonable, then the CE must accommodate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

True or False:
Privacy means the property that data or information is not made available or disclosed to unauthorized persons or processes.

A

Answer: False

The definition listed is verbatim that which applies to security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q
OIG urges the \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_ to assist in the implementation of the compliance program and serves as advisers.
A. Board
B. CEO
C. Compliance Committee
D. Quality Committee
A

C. Compliance Committee

34
Q
The compliance committee should develop objective and goals on
A. monthly basis
B. continuous basis
C. quarterly basis
D. annual basis
A

D. annual basis

35
Q
Who should participate in developing goals and objectives for the compliance program?
A. Compliance Committee
B. Risk Managers
C. The Governing Board
D. Physicians
A

A. Compliance Committee

36
Q

HIPAA Regs: What subpart in Part 164 deals with Privacy

A

Subpart E:

Hint: Privacy….Privac-E

37
Q

HIPAA Regs: What subpart in Part 164 deals with Breach Notifications

A

Subpart D:

“D”arn it! We have a breach!

38
Q

HIPAA Regs: What subpart in Part 164 deals with Security

A

Subpart C:

Hint: “C”-curity

39
Q

What are the 3 components that make up security?

A

Confidentiality
Integrity
Availability

40
Q

What’s wrong with this statement, “We need to identify if this breach is reportable?”

A

All breaches are reportable.

41
Q

When is the deadline for reporting breaches to the Secretary

A
  • For breaches affecting 500 or more: 60 days from discovery.
  • For breaches affecting less than 500: By the 60th day of the year following when the breach was discovered.
42
Q

Covered Entities and their Business Associates must comply with the all of the Security and Privacy Rules – True or False

A

False as Business Associates are not required to comply with all of the Privacy Rules.

43
Q

The designated privacy official and the designated security official under HIPAA must be different individuals.

A

False as the same official may be designated both roles.

44
Q

A health care provider has how long to redistribute its Notice of Privacy Practice to established patients after making a material change to the notice.

A

There is no such requirement for a health care provider as making such a change does not include a requirement to redistribute the Notice of Privacy Practices

45
Q

Encryption is required under HIPAA – True or False

A

False. It is an addressable implementation specification.

46
Q

The difference between an addressable and a required implementation specification

A
  • Required – the specification must be implemented

* Addressable – Either implement the specification or an equivalent alternative measure

47
Q

What are the four impermissibles

A
  • Access
  • Acquisition
  • Use
  • Disclosure
48
Q

When does the 60 day “clock” begin for breach notifications?

A

When the “impermissible” is discovered by the Covered Entity

49
Q

What is the record retention period for HIPAA related work product?

A

6 years

50
Q

A Security Risk Analysis must be done annually for a Covered Entity to comply with the Privacy Rules. – True or False

A

False as the Risk Analysis is not required annually and the risk analysis is part of the Security Rules.

51
Q

PHI stands for

A

Protected Health Information

52
Q

What is the timeframe requirement to train new employees about HIPAA?

A

“within a reasonable period of time after the person joins the covered entity’s workforce”

53
Q

A covered entity may use or disclose PHI for TPO…what does TPO stand for

A

Treatment
Payment
Operations

54
Q

What rights of an individual must be contained in the Notice of Privacy Practices

A
  • The right to request restrictions on certain uses and disclosures of protected health information
  • The right to receive confidential communications of PHI
  • The right to inspect and copy PHI
  • The right to amend PHI
  • The right to receive an accounting of disclosures of PHI
  • The right of an individual to obtain a paper copy of the notice from the covered entity upon request.
55
Q

An individual has the right to access all of the PHI within his or her Designated Record Set – True or False

A

False as the HIPAA rules do identify instances when a covered entity may deny access.

56
Q

After an investigation, it was discovered that the organization’s reputation is a stake. What should a Compliance Professional do next?

a. Report the findings to the board
b. Contact legal counsel
c. Advise the CEO and recommend next steps
d. Self-disclose to the OIG​

A

b. Contact legal counsel

57
Q

What are the effective elements for monitoring and auditing?

A. You have an auditing plan and methodology
B. Your program has gone beyond process audits, proactive and reactive audits
C. You have included an auditing strategy and results reporting
D. Corrective Action and verification
E. All of the above

A

E. All of the above

58
Q

CMS released areas of high-risk fraud, some of those include:

A. Sudden changes in billing and billing inappropriate specialties
B. Billing of inappropriate diagnoses and increased beneficiary complaints
C. Geographical changes in billing and Identity theft (provider and beneficiary)
D. A and B
E. All of the above

A

E. All of the above

59
Q

As a CO, you are tasked with identifying risk. Knowing some document reviews may never apply to your organization, should you review Special Advisory Bulletins?
A. True
B. False

A

A. True

60
Q

The benefits of conducting a Controlled Self-Assessment are:

A. Increases the scope and targets audit work
B. Increases awareness and targets audit work
C. Frees internal audit resources and increases the scope
D. Motivates personnel, targets audit work, and increases awareness
E. Both C and D

A

E. Both C and D

61
Q

You are tasked with creating a risk assessment team. What are the keys to your success?

A. Select team members based on skills and experience and knowledge of risk areas and make sure they know why they were selected
B. Utilize risk assessment tools
C. Develop team ground rules and the risk assessment process
D. Both A and B
E. Both A and C
F. A, B, and C

A

F. A, B, and C

62
Q

The Physician Payment Sunshine Act must report ______to a covered recipient which is defined as a ______or teaching_____.

A

payments, physician, hospital

63
Q

The PHRMA CODE is an adopted voluntary code and is considered a law.
A. True
B. False

A

B. False

64
Q

The OIG requests that you post on your website whether or not the PHRMA CODE is followed.
A. True
B. False

A

A. True

65
Q

PHS regulations define a significant financial interest as:
Income which when aggregated for the investigator, and investigator’s spouse or dependent children exceeds $10,000 over twelve months
A. True
B. False

A

B. False

66
Q

STARK indicates no Medicare payments may be made for DHS referred by the physician, and the Entity must refund all money collected for DHS referred by the physician.
A. True
B. False

A

A. True

67
Q

When we anticipate what the government will measure if our compliance program is under review, we should assume the following:

A. The FSG is the basis of the assessment
B. What determines “effectiveness?”
C. Are there specific resources on what it is we need to demonstrate?
D.Resource: Corporate Integrity Agreements/Settlement Letters
E. All of the above

A

E. All of the above

68
Q

Since 1981, ____ has had the authority to levy administrative penalties and assessments against providers as punishment for filing false or improper claims or as a collateral consequence of prior bad acts.

A. DHS
B. OIG
C. HHS
D. SSA
E. USC
A

C. HHS

69
Q

What are the effective elements for monitoring and auditing?
A. You have an auditing plan and methodology
B. Your program has gone beyond process audits, proactive and reactive audits
C. You have included an auditing strategy and results reporting
D. Corrective Action and verification
E. All of the above

A

E- All of the Above

70
Q

CMS released areas of high-risk fraud, some of those include:
A. Sudden changes in billing and billing inappropriate specialties
B. Billing of inappropriate diagnoses and increased beneficiary complaints
C. Geographical changes in billing and Identity theft (provider and beneficiary)
D. A and B
E. All of the above

A

E- All of the Above

71
Q

TRUE or FALSE: As a CO, you are tasked with identifying risk. Knowing some document reviews may never apply to your organization, should you review Special Advisory Bulletins?

A

True

72
Q

The benefits of conducting a Controlled Self-Assessment are:
A. Increases the scope and targets audit work
B. Increases awareness and targets audit work
C. Frees internal audit resources and increases the scope
D. Motivates personnel, targets audit work, and increases awareness
E. Both C and D

A

E- Both C and D

73
Q

You are tasked with creating a risk assessment team. What are the keys to your success?
A. Select team members based on skills and experience and knowledge of risk areas and make sure they know why they were selected
B. Utilize risk assessment tools
C. Develop team ground rules and the risk assessment process
D. Both A and B
E. Both A and C
F. A, B, and C

A

F- A,B, and C

74
Q

TRUE or FALSE: PHS regulations define a significant financial interest as:
Income which when aggregated for the investigator, and investigator’s spouse or dependent children exceeds $10,000 over twelve months

A

False (?)

75
Q

TRUE or FALSE: STARK indicates no Medicare payments may be made for DHS referred by the physician, and the Entity must refund all money collected for DHS referred by the physician.

A

True

76
Q

When we anticipate what the government will measure if our compliance program is under review, we should assume the following:
A. The FSG is the basis of the assessment
B. What determines “effectiveness?”
C. Are there specific resources on what it is we need to demonstrate?
D. Resource: Corporate Integrity Agreements/Settlement Letters
E. All of the above

A

E- All of the Above

77
Q
OIG urges the \_\_\_\_\_\_\_\_\_\_\_\_ to assist in the implementation of the compliance program and serves as advisors.
A.	Board
B.	CEO
C.	Compliance Committee
D.	Quality Committee
A

C. Compliance Committee

78
Q
When a medical record is not consistent with the selected diagnosis code, the coder should contact the
A.	attending nurse.
B.	attending physician.
C.	billing supervisor.
D.	compliance auditor
A

B- Attending Physician.

79
Q

Covered entities participating in an Organized Health Care Arrangement are permitted to
A. act as a single covered entity.
B. utilize a single notice of privacy practices.
C. share psychotherapy notes.
D. operate as a hybrid entity

A

B- Utilize a single notice of privacy practices.

80
Q
When creating and implementing a compliance plan, the compliance officer should have
A.	no approval
B.	board approval and resolution.
C.	patient approval.
D.	legal approval
A

B- Board approval and resolution.

81
Q
Which of the following elements is included in the Anti-Kickback Statute?
A.	whistleblower provisions
B.	exclusions
C.	safe harbors
D.	compliance guidance
A

C. safe harbors