Law & Ethics for the Health Professions: Chapter 08

Code set

Under HIPAA, terms that provide for uniformity and simplification of health care billing and record keeping

American Recovery and Reinvestment Act (ARRA)

A 2009 act that made substantive change to HIPAA's privacy and security regulations

breach

any unauthorized acquisition, access, use, or disclosure of personal health information which compromise the security or privacy of such information

The Right to Privacy is derived from where

First, Third, Fourth, Fifth, Ninth and Fourteenth Amendments to the Constitution

The False Claim Act provides for

making it a criminal offense to defraud any health care benefit program

An entity may have violated the Stark Law if they can answer yes to what 3 questions:

1)has a physician or a member of her family referred a Medicare or Medicaid patient to an entity they own?
2) is the referral for a "designated health service"?
3) Is there a financial relationship between the referring physician or family member and the

Are the Stark Law and the Federal Anti-Kickback Law the same thing?

No, the Stark Law and the Federal Anti-Kickback Law are different laws with distinct differences.
Stark: physician referral to own practice
Anti-Kickback: receive item of value for referral that is paid by the government.

Covered entities

Health care providers and clearinghouses that transmit HIPAA transactions electronically, and must comply with HIPAA standards and rules

Covered transaction

Electronic exchanges of information between two covered-entity business partners using HIPAA-mandated transaction standards.

Criminal Health Care Fraud Statute

A section of the United States Code that prohibits fraud against any health care benefit program.
--------------------------------------------------------
� Prohibits knowingly or willingly executing a scheme, or attempting to execute a scheme, with the i

De-identify

To remove from health care transactions all information that identifies patients

Designated record set

Records maintained by or for a HIPAA-covered entity

Electronic Data Interchange (EDI)

The use of uniform electronic network protocols to transfer business information between organizations via computer networks

Electronic health record (EHR)

A more comprehensive record than the EMR, focusing on the total health of the patient and traveling with the patient
- Comprehensive record focused on total health of the patient
- May contain information from many providers or facilities

Electronic medical record (EMR)

contains all patient medical records for one practice
Contains information from just one provider or facility

Electronic transmission

The sending of information from one network-connected computer to another

Encryption

The scrambling or encoding of information before sending it electronically

Federal Anti-Kickback Law

� Knowingly and willfully receiving or paying anything of value to influence referral of federal health care program business is against the law
� Possible punishment:
- Fines
- Prison term
- Loss of participation in federal programs

Federal False Claims Act

A law that allows for individuals to bring civil actions on behalf of the US government for false claims made to the federal government, under a provision of the law called qui tam ("to bring an action for the king and for oneself")

Work Plans

Released annually by the OIG and identifies areas they will focus on for review and investigations they believe are the most vulnerable programs for possible fraud and abuse.

Office of the Inspector General

� Nationwide network of auditors, investigators, and evaluators
� Responsible for more than 300 federal health care programs
� Oversees enforcement of:
- Federal False Claims Act
- Federal Anti-Kickback Law
- Stark Law
- Criminal Health Care Fraud Statute

CLIA License

Clinical Laboratory Improvement Amendment - this license is required by offices who perform "simple laboratory examinations and procedures that have an insignificant risk of erroneous result." (Tests that most offices are able to perform without sending t

Compliance Plan

A proactive program that ensure fulfillment with all applicable policies, procedures, laws and regulations. It is designed to detect and correct violations, provide employee training, routine physician auditing of documentation and establish standards and

Fiscal Intermediaries

Private insurance companies that serve as the federal government;s agents int he administratioin of the Medicare program.

Firewalls

Hardware, software, or both designed to prevent unauthorized persons from accessing electronic information

Health Information Technology for Economic and Clinical Health Act (HITECH)

A section of the American Recovery and Reinvestment Act (ARRA) the strengthened certain HIPAA privacy and security provisions

Health Insurance Portability and Accountability Act (HIPAA)

A federal law passed in 1996 to protect privacy and other health care rights for patients. This act helps workers keep continuous health insurance coverage for themselves and their dependents when they change jobs, and protects confidential medical inform

What is the primary purpose of the HITECH rule?

To strengthen privacy and security for electronic health information.

Limited data set

Protected health information from which certain patient identifiers have been removed

Minimum necessary

Term referring to the limited amount of patient information that may be disclosed, depending on circumstances

Notice of Privacy Practices (NPP)

A written document detailing a health care provider's privacy practices

Permission

A reason under HIPAA for disclosing patient information

Privacy

Freedom from unauthorized intrusion

Protected Health Information (PHI)

Information that contains one or more patient identifiers

Rule

A document that includes the HIPAA standards or requirements

Security

Policies and procedures that protect PHI from unauthorized access

Standard

A general requirement under HIPAA

Stark Law

� Physicians or members of their immediate family with a financial interest are restricted from referring patients to entities owned by the physician
� Applies to Medicare and Medicaid programs

State preemption

If a state's privacy laws are stricter than HIPAA privacy standards, the state laws take precedence.

Transaction

Transmission of information between two parties for financial or administrative activities

Treatment, Payment, and Health Care Operations (TPO)

A HIPAA term for qualified providers, disclosure of PHI to obtain reimbursement, and activities and transactions among entities. Treatment means that a health care provider can provider care; payment means that a provider can disclosure PHI to be reimburs

Verification

The requirement under HIPAA to verify any request as legitimate before protected health information is released

Basis for Privacy Laws

1. Information collected and stored about individuals should be limited to what is necessary to carry out the functions of the business or government agency collecting the information
2. Once it is collected, access to personal information should be limit

Federal Privacy Laws

� Personal information cannot be released outside the organization without permission of the subject
� The person should know that the information is being collected and should have the opportunity to check the information for accuracy

HIPAA Standards

� Standard 1. Transactions and Code Sets
� Standard 2. Privacy Rule
� Standard 3. Security Rule
� Standard 4. National Identifier Standards

HIPAA Standard 2: Privacy

Protected health information (PHI) must be protected against unauthorized disclosure, whether it is
- Spoken
- Written
- In electronic form

HIPAA Permissions

� 1. Disclosures to patients
� 2. Use or disclosure for treatment, payment, or health care operations
- Covered entities may receive patient information
� 3. Uses and Disclosures with Opportunity to Agree or Object
- Informal permission that clearly allow

HIPAA's Security Rule

� Requirements for maintaining the security of electronic health records
- Transmission - Storage
� Substantial fines if found to be in non- compliance
� Breach
- Unauthorized acquisition

HIPAA Security

� Run a complete risk assessment
� Be prepared for a disaster
� Train all employees in proper computer use
� Buy products with security and compatibility in mind
� Collaborate with all compliance-affected parties

HITECH Rule

� Strengthened HIPAA protections by:
- Extending compliance with rules to business associates
- Prohibiting sale of information without permission
- Expanding individual rights to electronically access PHI
- Prohibiting use of genetic information for insu

Fraud and Abuse in Health Care

� $1.2 trillion a year is wasted or abused in health care
� Fraudulent spending is not always separated from total health care dollars
� Fraud continues to increase
� Fraud is often undetected

Federal False Claims Act

� Allows individuals to bring civil actions on behalf of the Federal government for false claims
� Qui tam is a Latin term that is commonly applied
- Whistleblowers may share in any court- awarded damages

Comparison of Anti-Kickback Law and Stark Law

Patients' Bill of Rights

� Unofficial but effective methods at the federal level exist to provide patients with rights
- HIPAA
� Variety of rights regarding PHI
- Patient Protection and Affordable Care Act
� Phase out annual lifetime limits to coverage
� No longer can limit or de