Code set
Under HIPAA, terms that provide for uniformity and simplification of health care billing and record keeping
American Recovery and Reinvestment Act (ARRA)
A 2009 act that made substantive change to HIPAA's privacy and security regulations
breach
any unauthorized acquisition, access, use, or disclosure of personal health information which compromise the security or privacy of such information
The Right to Privacy is derived from where
First, Third, Fourth, Fifth, Ninth and Fourteenth Amendments to the Constitution
The False Claim Act provides for
making it a criminal offense to defraud any health care benefit program
An entity may have violated the Stark Law if they can answer yes to what 3 questions:
1)has a physician or a member of her family referred a Medicare or Medicaid patient to an entity they own?
2) is the referral for a "designated health service"?
3) Is there a financial relationship between the referring physician or family member and the
Are the Stark Law and the Federal Anti-Kickback Law the same thing?
No, the Stark Law and the Federal Anti-Kickback Law are different laws with distinct differences.
Stark: physician referral to own practice
Anti-Kickback: receive item of value for referral that is paid by the government.
Covered entities
Health care providers and clearinghouses that transmit HIPAA transactions electronically, and must comply with HIPAA standards and rules
Covered transaction
Electronic exchanges of information between two covered-entity business partners using HIPAA-mandated transaction standards.
Criminal Health Care Fraud Statute
A section of the United States Code that prohibits fraud against any health care benefit program.
--------------------------------------------------------
� Prohibits knowingly or willingly executing a scheme, or attempting to execute a scheme, with the i
De-identify
To remove from health care transactions all information that identifies patients
Designated record set
Records maintained by or for a HIPAA-covered entity
Electronic Data Interchange (EDI)
The use of uniform electronic network protocols to transfer business information between organizations via computer networks
Electronic health record (EHR)
A more comprehensive record than the EMR, focusing on the total health of the patient and traveling with the patient
- Comprehensive record focused on total health of the patient
- May contain information from many providers or facilities
Electronic medical record (EMR)
contains all patient medical records for one practice
Contains information from just one provider or facility
Electronic transmission
The sending of information from one network-connected computer to another
Encryption
The scrambling or encoding of information before sending it electronically
Federal Anti-Kickback Law
� Knowingly and willfully receiving or paying anything of value to influence referral of federal health care program business is against the law
� Possible punishment:
- Fines
- Prison term
- Loss of participation in federal programs
Federal False Claims Act
A law that allows for individuals to bring civil actions on behalf of the US government for false claims made to the federal government, under a provision of the law called qui tam ("to bring an action for the king and for oneself")
Work Plans
Released annually by the OIG and identifies areas they will focus on for review and investigations they believe are the most vulnerable programs for possible fraud and abuse.
Office of the Inspector General
� Nationwide network of auditors, investigators, and evaluators
� Responsible for more than 300 federal health care programs
� Oversees enforcement of:
- Federal False Claims Act
- Federal Anti-Kickback Law
- Stark Law
- Criminal Health Care Fraud Statute
CLIA License
Clinical Laboratory Improvement Amendment - this license is required by offices who perform "simple laboratory examinations and procedures that have an insignificant risk of erroneous result." (Tests that most offices are able to perform without sending t
Compliance Plan
A proactive program that ensure fulfillment with all applicable policies, procedures, laws and regulations. It is designed to detect and correct violations, provide employee training, routine physician auditing of documentation and establish standards and
Fiscal Intermediaries
Private insurance companies that serve as the federal government;s agents int he administratioin of the Medicare program.
Firewalls
Hardware, software, or both designed to prevent unauthorized persons from accessing electronic information
Health Information Technology for Economic and Clinical Health Act (HITECH)
A section of the American Recovery and Reinvestment Act (ARRA) the strengthened certain HIPAA privacy and security provisions
Health Insurance Portability and Accountability Act (HIPAA)
A federal law passed in 1996 to protect privacy and other health care rights for patients. This act helps workers keep continuous health insurance coverage for themselves and their dependents when they change jobs, and protects confidential medical inform
What is the primary purpose of the HITECH rule?
To strengthen privacy and security for electronic health information.
Limited data set
Protected health information from which certain patient identifiers have been removed
Minimum necessary
Term referring to the limited amount of patient information that may be disclosed, depending on circumstances
Notice of Privacy Practices (NPP)
A written document detailing a health care provider's privacy practices
Permission
A reason under HIPAA for disclosing patient information
Privacy
Freedom from unauthorized intrusion
Protected Health Information (PHI)
Information that contains one or more patient identifiers
Rule
A document that includes the HIPAA standards or requirements
Security
Policies and procedures that protect PHI from unauthorized access
Standard
A general requirement under HIPAA
Stark Law
� Physicians or members of their immediate family with a financial interest are restricted from referring patients to entities owned by the physician
� Applies to Medicare and Medicaid programs
State preemption
If a state's privacy laws are stricter than HIPAA privacy standards, the state laws take precedence.
Transaction
Transmission of information between two parties for financial or administrative activities
Treatment, Payment, and Health Care Operations (TPO)
A HIPAA term for qualified providers, disclosure of PHI to obtain reimbursement, and activities and transactions among entities. Treatment means that a health care provider can provider care; payment means that a provider can disclosure PHI to be reimburs
Verification
The requirement under HIPAA to verify any request as legitimate before protected health information is released
Basis for Privacy Laws
1. Information collected and stored about individuals should be limited to what is necessary to carry out the functions of the business or government agency collecting the information
2. Once it is collected, access to personal information should be limit
Federal Privacy Laws
� Personal information cannot be released outside the organization without permission of the subject
� The person should know that the information is being collected and should have the opportunity to check the information for accuracy
HIPAA Standards
� Standard 1. Transactions and Code Sets
� Standard 2. Privacy Rule
� Standard 3. Security Rule
� Standard 4. National Identifier Standards
HIPAA Standard 2: Privacy
Protected health information (PHI) must be protected against unauthorized disclosure, whether it is
- Spoken
- Written
- In electronic form
HIPAA Permissions
� 1. Disclosures to patients
� 2. Use or disclosure for treatment, payment, or health care operations
- Covered entities may receive patient information
� 3. Uses and Disclosures with Opportunity to Agree or Object
- Informal permission that clearly allow
HIPAA's Security Rule
� Requirements for maintaining the security of electronic health records
- Transmission - Storage
� Substantial fines if found to be in non- compliance
� Breach
- Unauthorized acquisition
HIPAA Security
� Run a complete risk assessment
� Be prepared for a disaster
� Train all employees in proper computer use
� Buy products with security and compatibility in mind
� Collaborate with all compliance-affected parties
HITECH Rule
� Strengthened HIPAA protections by:
- Extending compliance with rules to business associates
- Prohibiting sale of information without permission
- Expanding individual rights to electronically access PHI
- Prohibiting use of genetic information for insu
Fraud and Abuse in Health Care
� $1.2 trillion a year is wasted or abused in health care
� Fraudulent spending is not always separated from total health care dollars
� Fraud continues to increase
� Fraud is often undetected
Federal False Claims Act
� Allows individuals to bring civil actions on behalf of the Federal government for false claims
� Qui tam is a Latin term that is commonly applied
- Whistleblowers may share in any court- awarded damages
Comparison of Anti-Kickback Law and Stark Law
Patients' Bill of Rights
� Unofficial but effective methods at the federal level exist to provide patients with rights
- HIPAA
� Variety of rights regarding PHI
- Patient Protection and Affordable Care Act
� Phase out annual lifetime limits to coverage
� No longer can limit or de