Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
RHIA Domain two
RHIA Domain Two
| Question | Answer |
|---|---|
| What is the freedom of information act of 1967, AKA FOIA | federal law where individuals can seek access to info without authorization of the person whom the info apply .FOLA is government accountability and transparency,exceptions exist for medical records to protect privacy.Applies to federal agencies. |
| freedom of information act-continue | this act is applicability to healthcare organizations is generally limited to those owned and operated by the veterans health administration and defense department.Medicare participation requires procedures inplace for protection confidentially |
| What is the privacy act of 1974? | right to privacy,gives individuals control over the large amounts of info collected about them by federal government and its contractors,does not apply to private sector,people have to right to learn what info has been collected about them |
| Privacy act 1974-continue | act only applies to federal healthcare organizations such as veterans health administration,the indian health service and their contractors. |
| What is workforce training? | The HIPAA privacy and security rules require formal education and training of workforce ensure ongoing accountability for the privacy and security of PHI. Rule defines workforce as employees,volunteer,trainees HHS2013 |
| Workforce training-continue | The Omnibus rule modified to include business associates-business associate is under direct control of such covered entity or business associate,whether or not they are paid by the covered entity or business associate AHIMA 2013A |
| What are medicare participations? | To become eligible for Medicare and Medicaid providers must become certified by demonstrating compliance with conditions of participation by which government and nongovernmental organizations evaluate educational programs,healthcare facilities |
| Participation with CMS -continue | Certification is responsibility of the state under HHS,1865 SS act specifies facilities by the joint commission,CMS develop COPs for safety standards to improve the quality of care and protecting the health and safety of PT,TJC operates voluntary accredit |
| What is public law? | Involves relationship between government at ANY level with individuals or organizations, purposes is to defining, regulating,enforcing rights where government is a party. |
| What is private law? | Relationship between private entities or individuals government is not a party includes torts,contracts.Torts are civil wrongs that result in injury basis for malpractices cases. |
| What is civil law? | Relationship between individuals corporations, government entities and other organizations,most actions encountered in healthcare.Most actions in HC is civil law,may include carrying out or stopping action. |
| What are the federal drug laws? Such as Comprehensive drug abuse prevention and control act 1970? | Control substance act controls use of narcotics, depressant and stimulants,this act affects dispensing/admin of drugs according to 1-1V controls,despensed upon DR order. |
| Other federal drug acts? | The federal food cosmetic act which covers medical device amendments of 1976 covers distributed products in federal territory,most equipment/supplies used in hospitals for PT are regulated under this,DR must sign prescription and must be registered DEA |
| What is ARRA of 2009? | American recovery reinvestment act of 2009 ARRA signed by the United States Congress by president Obama effort to jump start economy, improve affordable healthcare,provide tax relief, education opportunities,protect those in greatness need. |
| What is HITECH act? | The part of ARRA that is meant to increased the momentum of developing/implemented by 2014.HITECH include mandatory reporting, enforcement responsibilities, privacy requirements such as new accounting for EHR, requirements to business assc cover entities |
| What is the HIPPA law? | The federal enated to provide continuity of health coverage,control fraud,abuse in healthcare, reduce cost and guarantee security/policy of health information. |
| What is HITECH-HIPPA or Omnibus rule? | 2013 Rule strengthen the privacy and security of patient health information,modifies the breach notification rule, strengthen privacy protection by prohibiting health plans disclosing info,make business associate liable for compliance |
| Continue HIPPA/Omnibus rule | Disclosure of PHI for marketing, research and fundraising and allows patients increased restriction rights.The ominous rule does not address all of the HITECH privacy requirements such as accounting disclosures and access to EHR audit logs. |
| What is preemption? | In law,the principal that a statute at one level supercedes or is applied over the same or similar statute at a lower level, example federal HIPPA privacy provisions Trump the same or similar state law with certain exception.State law is more stringent |
| Continue preemption | It affords a patient more access to his or her medication or more control over the disclosure of his or her medical information to an insurance company for the purpose of payment would take precedence over the HIPPA rules. |
| What is CAPTA? | Child Abuse Prevention and Treatment Act provides federal funding to states in support of prevention, assessment, investigation, prosecution and treatment. CAPTA provides a minimum definition of child abuse and neglect. |
| What is the difference between subpoena duces tecum and subpoena duces? | A subpoena duces tecum, or subpoena for production of evidence, is a court summons ordering the recipient to appear before the court and produce documents or other tangible evidence for use at a hearing or trial. |
| What is the difference between access, confidentially,privacy and security? | Privacy is the right of an individual to be let alone,right to control over certain personal and health information, freedom from observation into one's private affairs |
| Continue privacy-HIM must know standards,rules,and regulations,both state national,what is the privacy rule? | Three major purposes to privacy rule are protect/enhance the rights of healthcare consumers by access to their health information, improve quality of healthcare by restoring trust in the healthcare system, improve efficiency/efficiency by creating privacy |
| Continue privacy rule | Protection that builds on efforts of state, health systems, organization and individuals. |
| Continue privacy rule #1,broken into eight primary sections. | 1-uses/disclosures of PHI indentifies how /for what purposes PHI can be used and disclosed, minimum necessary standard (HHS 2013) BA unnecessary/inappropriate access disclosure PHI to carry out functions for treatment/payment |
| Continue privacy rule #2 | Establishes requirements for BA /business associate agreements BAA-contracts between a cover entity and BA this allows uses and disclosures of PHI |
| Continue privacy rule #3 | Notice of privacy practices for protected health information,requires facility a notice of privacy practices NPP,must give to patients to inform how PT health information is shared/rights |
| Continue privacy rule #4 | Right to request privacy protection for protected health information,PT rights to communicate request /restrictions to disclosure of their PHI |
| Continue privacy #5 | Access individuals to protected Heath information,PT right to access their health information by allowing them to inspect/obtain copy of their PHI in designated record set/records maintained by a covered entity |
| Continue privacy #6 | Amendment of protected health information,PT rights to request amendment to PHI in the designated record set. |
| Continue privacy #7 | Accounting of disclosures of PHI,PT right to receive an accounting of disclosures of PHI made by covered entity. |
| Continue privacy rule #8 | Administrative requirements of privacy official, training of the workforce, implemented of privacy safeguards,process to make complaints,anti-retaliatory standard for no intimidation filing complaint |
| What is security? | The means to control,access and protect info,designed to protect confidentially info, purpose of the security standards for protection of electronic protection health information AKA security rule |
| Continue security rule | Administrative safeguards such as policies/procedures to manage administrative actions,policies ,dectect,contain and correct security violations |
| Continue security rule | Physical safeguards such as surveillance cameras and indentification badges,to identify measures to protect info systems, buildings, equipment from national environmental hazards. |
| Continue security rule | Technical safeguards such as automatic log offs and unique user identification,protect access and control of ePHI |
| Continue security rule | Organizational safeguards such as BAA arrangements are made to protect ePHI between organization. |
| What is confidentiality? | Legal/ethical concept that establishes healthcare provider responsibility for protecting health records / private information,data or info is not made available or disclosed to unauthorized person, establishes how records should be protected |
| What are the patient rights under HIPPA? | HIPPA 8/21/96 initially focus employees retain health coverage when changed jobs,also waste, fraud and abuse in the healthcare system, Congress added administration simplification that created format for electronic data interchange. |
| Continue HIPPA rights to | Congress express concern privacy and security of pt info in a electronic environment. HIPPA required department of health and human services (HHS) to develop regulations to protect privacy and security of individually indentifiable health information. |
| What is the definition of protected health information? | Is information specifically protected by HIPPA, important to know organization own PT records PT has a right to access the record |
| Continue protected health information | if state law doesn't provide same degree of access that HIPPA allows,state law will be superseded by HIPPA through principal preemption that gives federal law precedence over state law. |
| What are the 18 HIPPA indentifiers? | Name,address,all elements except years of dates related to an individual such as admission date, discharge date,birthday,date of death, exact age if over 89, telephone number, fax number, email address, social security number, MRN,ins info,account#, |
| Continue of 18 HIPPA identifiers | License number,vechicle/device serial number,web url,IP address,finger/voice print, photographic images,any character uniquely identify the individual. |
| What are the definitions of treatment, payment and healthcare operations as it relates to HIPPA policy rule? What are the components in the HIPPA privacy rule overview? | permits a health care provider to disclose protected health info about an individual, without the individual's authorization, to another health care provider for that provider's treatment or payment purposes |
| What are tech, physical, administration, organization requirements from security rule? | Administration safegards-policies and procedures to manage administrative actions, policies,and procedures to prevent,detect,contain and correct security violations |
| Continue physical safeguards? | Such as surrvellance cameras and identification badges to identify measures to protect information systems,buildings and equipment from natural and environmental hazards. |
| Continue technical safeguards? | Such as automatic log off and unique user identification to protect access and control of ePHI. |
| Continue orangizational safeguards? | Such as BAA so that arrangements are made to protect ePHI between organizations |
| What are the definition of firewall | Firewalls originated from 80s ,are hardware and software security devices situated between the router of private and public network,design to protect the computer networks from unauthorized outsiders,proxy/filtering services that permit/deny applications. |
| What is criminal law? | addresses crimes which are wrongful acts against public health, safety and welfare,also includes punishment for those persons violating the law.crimes are felony or misdemeanor. |
| What is the definition of encryption? | code digital data and info,this is info can be transmitted over communications media and sender on the info can be sure only recipient has an authorize decoding key.Signal key-two computers decode/mess same key.Public key PKI-one key computer/computer |
| What is cryptography? | applied science in which mathematics transforms intelligible data and information into unintelligible strings of characters and back again. |
| What is bio metrics technology? | Bio-metrics technology verifies a person's identify by measuring,comparing different mathematical representations of biological / physical features,unique traits example hand signature,fingerprint,iris,voice.HIPPA requires authentication of user |
| What are audit trails? | chronological sets of records that provide evidence of computer system utilization. Data collected from every system event such as logins,logouts,file accesses,used to determine security violations.Track-date/time,user/pt identification,access device used |
| What are workforce HIPPA training components? | There are three distinct components of a compliant HIPAA training program. The privacy rule indicates that training on policy and procedures related to protected health information needs to take place within a reasonable period from employment. |
| What is workforce HIPPA training component One? | The first category training should include core training of general privacy and security principles such as purpose,background,definitions. include info on police/procedures,PHI,should based on employee job,as necessary. |
| What is workforce HIPPA training component Two? | Second component of HIPPA training program includes ongoing training and awareness building. The security rule specifies a training program to include privacy for continued workforce compliance. Includes core concepts,polices,procedures. |
| What is workforce HIPPA training component Three? | Third component of HIPPA training address the inevitable changes that occur on a regular basis.New laws and regulations are enacted,job duty change,employees be kept apprised of these changes |
| What are workforce HIPPA training principles and strategies? | The are nine best practice guidance is recommended regarding HIPPA privacy and security training procedures. |
| What are HIPPA training principle and strategies 1 thur 3 | Provider training to all workforce,including contract workers. Establish timelines for training new employees by hire date before their first day work. Require training for all employees. |
| What are HIPPA training principle and strategies 4 thur 5 | Develop training/awareness program that becomes part of the culture.include in dept education/ongoing awareness including training on PHI in all forms,including verbal, written and electronic. |
| What are HIPPA training principle and strategies 6 thur 8 | Develop regular communication process to address questions that arise after training,update reference materials of policies and procedures. evaluate training program effectiveness,validity and reliability. |
| What are HIPPA training principle and strategies 9 | Develop a policy that employees have completed privacy and security training before they receive access to paper and electronic PHI |
| What is a valid patient authorization? | A valid authorization for use and disclosure of PHI is needed prior to releasing the information unless its permitted without an authorization under HIPPA privacy regulation. |
| What includes info of metadata? | electronic data and data that include information about data, include info not previously available in paper documents such as time stamps show when and by whom a document/entry was created,accessed or changed. |
| What does highly sensitive information include? | Certain types of health info has stigma and sensitivity associated with require protections,not address separately by HIPPA,other laws come into play sensitive info include behavorial health,substance abuse,HIV /AIDS,genetic testing and adoption records. |
| Why is behavioral health information sensitive? | because nature and stigma associated with it,should consult relevant law in order to know of any safeguards,best practice authorizations info provide a designated area for individuals to authorize disclosure of info. |
| What is The confidentially of alcohol and drug abuse patient records federal regulation of 42 CFR 2 part 2 ? | 1987 describe the situations when substance abuse info disclosed either with or without the PT authorization,protects identity,diagnosis,prognosis. specifies which info can be released without PT auth,redisclose prohibit,except medical or court order. |
| Why is HIV/AIDS information highly safeguarded? | sensitive and stigmatic nature,its protective by state law, familiar with state law,become aware of special safeguards for this type of info,best practice authorizations info provide a designated area for individuals to authorize disclosure |
| What is the federal genetic information non discrimination act of 2008? | serves to protect individuals from being discriminated against by health users and employers based on genetic information.State laws in place for protection,authorize disclose genetic info. |
| Why does adoption records have historically been sensitive? | where closed adoptions took place info must receive special protections.protected by individual state laws unless court order mandates,HR isn't location for birth parents or PT identity request 4 info refer to state dept health,vital statistics, agency. |
| What is wrongful disclosure? | Individuals are liable for their own acts of unauthorized disclosure of confidential health info,individual liability is based on fault because she did something wrong/failed to do something.Employers may be liable for job relate acts of employees/agent |
| What is the doctrine of respondeat superior? | let the master answer, organizations are less likely found liable for breach confidentially by medical staff because they aren't employees/agents,organizations may be liable for consequences unauthorized disclosure under doctrine corporate negligence. |
| What is medical identity theft? | It's the inappropriate or unauthorized misrepresentation of another identity to do 2 things 1)obtain medical services /goods or falsify claims for medical services to obtain money. |
| What are the two types of medical theft? | External/internal, eternal medical identity is committed by individuals from outside such as using victim ins,internal is individuals inside an organization with access to vast amount PT info cause breach duty to maintain info confidential |
| What are the two types of medical theft? | The injured person benefits from these concepts of faults because she can sue employer/employee.provisions subject professional to discipline by licensing agency for breach of confidentiality/unprofessional conduct. |
| What is conclusion of care? | At the time of discharge physician must summarize the patient condition at the beginning of treatment and basic info about tests,exams,procedures and results occurring during treatment. conclusion of care is called discharge summary. |
| What is a discharge summary? | also called clinical resume, Hospital discharge summaries serve as primary documents communicating a PT care plan to post-hospital care team. the discharge summary is the only form of communication that accompanies the patient to the next setting of care |
| What is revenue cycle? | The process that begins when a pt comes to a healthcare systems for services and includes those activities that have to occur in order for a provider of care to bill at the end of the patient's service encounter. Broken down to front end, middle back end |
| What is the front end process of revenue cycle? | includes patient access functions such as scheduling the patient for services,registration of the patient, payer negotiation, pre-auth, POS collection and financial counseling. |
| What is the middle process of revenue cycle? | Charge capture, case management, clinical documentation and coding. the key objectives in this phase are to manage clinical practice according to medical deadlines, ensure documentation supports those services. accurate and complete coding. |
| What is back end of revenue cycle? | is the business office or patient financial services process and includes claims processing and payment posting,follow up,customer service, collections of unpaid bills.In this phase organization focus on release of claims to payers. |
| What is insurance verification? front end | is a vital component of pre-arrival process for scheduled patients, occurs at the time of their registration. Validate if the pt is a member, referral needed for service, out of pocket expense, patient demographic and insurance needs to be completed. |
| What is Pre-authozation? front end | requirement that a healthcare provider obtain permission from the health insurer prior to services being provider to the patient. |
| What are financial counselors? front end | fiscal responsibility, FC are responsible for identifying and verifying the method of payment and debt resolution for services, establish payment options, provide discounts on bills, |
| What is Point of service collections? front end | is the collection of the portion of the bill that is the patient's responsibility to pay prior to the provision of service being rendered . |
| What is medical necessity? front end | a determination that a service is reasonable and necessary for the related diagnosis or treatment of illness or injury. The american college of medical quality ACMQ organization focus is providing leadership and education in healthcare quality management. |
| What are NCD and LCD ? front end process | Medicare's national coverage policies known as national coverage determinations , local fiscal intermediary policies known as local coverage determinations. These policies define the specific diagnosis and procedure codes that support medical necessity |
| What is case management? middle process | process of assessment, planning, facilitation ,care coordination, evaluation and advocacy for options and services to meet individual and family health needs |
| What are case managers? middle process | evaluate the appropriateness of hospital admissions according to pre-establish criteria,responsibilities to mange and ensure the appropriate utilization of acute resources focus on improving quality and reducing. |
| What is UM? middle process | is the evaluation of the medical necessary appropriateness and efficiency of the use of healthcare services, procedures and facilities under the provisions of applicable benefits plan. responsible for day to day provision of hospital utilization plan. |
| What is some examples of UM? middle process | review HR to make UM decision, using criteria evaluate admission,resource to hospital departments 24/7,screening admissions,assure compliance to criteria,minimally every 3 days,HR for timeliness,appropriateness and safety,weekly meetings for high dollar |
| What is hospital issued notices of non coverage HINNs? middle process | CMS sends HINN to PT medial beneficiaries prior to admission,at admission or any point during inpatient stay if hospital feels care receive is not covered such as not medical necessary,not delivered most appropriate setting,is custodial in nature. |
| What is adverse determination? middle process | Commercial payers are responsible for providing in writing denials,Adverse determination are when a healthcare insurer denies payment for proposed or already render healthcare services. um UM takes an active role in monitoring,reporting |
| What is charge capture? middle process | is a method of recording services and supplies or items delivered to the patient and directing them to be billed on claims includes documenting,posting and reconciling charges for service render. such as charge tickets,encounter forms,charge entry. |
| What is a claim scrubber software? middle process | Billing service edits designed to detect and correct charge capture errors before claims are submitted to third party payers resulting in denials such as male PT charged for a female procedure,charged for transfusion but no charge for blood.. |
| What is a bill hold period? middle process | Timely submission of charges is critical for revenue cycle success, number of days which accounts will be held from billing charges can be entered after a PT is discharged. bill hold assumes a delay in accumulating the charges incurred by a patient. |
| What is the facility charge? middle process | CMS instructed hospitals to report resources utilized for hospital clinic outpatient ,ER visits using EM codes. Facility charge allows capture of E/M charge not included with CPT. |
| What is charge master CDM? middle process | is an electronic file that represents a master list of all services,supplies,devices and medications charged for inpatient and out patient services. CDM contains elements identifying coding,billing items,services provided to patient. |
| What is charge master CDM? middle process x2 | example of data found in charge description master CDM, Charge code,charge description, CPT or HCPCS code, modifiers,revenue code,price. Must be continually updated, must develop polices for a charge master review to ensure quality of data enter |
| What is clinical documentation? middle process | Complete,accurate ,timely documentation of patient history,assessment,surgical and procedure notes and clinical pan are important aspects of revenue cycle,Clinicians need to document services performed and medical necessity. |
| What is clinical documentation improvement? middle process | CMS regulations require documentation to support the care provided to the patient,hospitals have invested in clinical documentation improvement programs to assure the HR accurately reflects the actual condition of the PT. |
| What is coding? middle process | Upon PT discharge the clinical documentation is reviewed and ICD DX / CPT codes are assigned for in and out PT. Coder must read documentation to arrive at the correct code assignment. When documentation is vague a query is needed for clarification. |
| What is technology tools? middle process | HIMSS revenue cycle improvement task force to support middle process such as CDI must result in codified procedures and dx to support billing, electronic etools to help with maintenance of charge masters, |
| What is claims process? Back end process | Claims process involves accumulating charges for services,submitting claims for reimbursement and ensuring that claims are satisfied. The patient financial services has the responsibility for collection for revenue for the patient encounter. |
| What is accounts receivable A/R day? Back end process. | Goal is to get a complete and accurate claim generated and submitted for payment as quickly as possible. An efficient revenue cycle helps the organization lower the A/R days which in return improves cash flows. |
| How do you calculate A/R days? back end process | The average number of days between the discharge date and the receipt of payment for services rendered as a measure of how successful the revenue cycle. |
| What is clean claims? back end process | Billing systems automatically submit claims to the payers, if the account is not being help for any type of edit resolution these claims are often refer to as clean claims. |
| What is payment posting? back end process | When payments is received from third party payers the payments must be posted to the correct individual patient accounts such as payments, adjustments and discounts.Goal is the balance on PT account to be 0 |
| What is follow up? back end process | When the payment is received from third party payers and the discounts and adjustments are applied to the balance on the account there may still be a portion due by PT, PT financial staff work to collect copays,coins and deductibles. |
| What is denials? back end process | payers refusal to provide payment such as beneficiary not covered,lack of medical necessity, lack of pre-certification,non covered services, incorrect coding, |
| What is denial management? back end process | program requires facilities to seek both prevention and recovery,cross functional team to evaluate reason for the denials and to facilitate changes in the work process to prevent prevent further denials from occurring. |
| What is Revenue audit and recovery, back end process? | after payment has been received it is audit against terms of contract, once payment is received software system generates a weekly report with all account payments, audit detects over and over/underpayments |
| What is clinical documentation improvement? | process to facilitate the accurate representation of a patient's clinical status in the patient health record that is then transformed into code data.reason for excellent documentation is to improve pt care through communication providers/PT condition |
| What coding change occurred in October 2015 | International classification of diseases,10th revision clinical modification (ICD-10-CM) and the ICD-10 procedural coding system (ICD-10-PCS) The ninth revision ensure higher quality of info to make decisions about PT care offering more reimbursement. |
| What is the purpose of a CDI program? | AHIMA states purpose is to initiate concurrent and as appropriate retrospective reviews of health records for conflicting incomplete or nonspecific provider documentation. |
| What is concurrent review of records? | occurs while the patient care is ongoing , often the reviewers are alongside the healthcare providers on the patient care units to facilitate communication. |
| What is retrospective review? | occurs later after PT has been discharged. |
| What decisions must be made before implementing a CDI program to ensure the right people,processes and technology are in place? | Composition of the CDI staff,alignment of the CDI program,Identification of the types of records to review, frequency of chart reviews,budget,training needs, reporting and performance monitoring. |
| What is a query? | is a routine communication and education tool used to advocate for complete and compliant documentation it is referred to as a query,this includes communication for the purpose of correct code assignment. |
| When is a query necessary to use in documentation? | When documentation is conflicting,imprecise,incomplete,illegible,ambiguous or inconsistent. describes clinical indicators without a definitive relationship to an underlying diagnosis. |
| When is a query necessary to use in documentation? x2 | When clinical indicators,diagnostic evaluation or treatment not related to a specific condition or procedure. When documentation provides a DX without supporting clinical validation or is unclear for present on admission indicator assignment. |
| What is some additional about queries? | coders responsibility to determine what the documentation in MR equates to the PCS definitions, Dr is not expected to use terms used in PCS descriptions,nor is coder required to query Dr when correlation between documentation and the defined terms clear |
| What is CMS determination on queries? | CMS do not expert Doctors to be experts in ICD 10PCS terminology and language either, CDI/Coders do not need to ask Doctors to document exact ICD PCS phrasing, aslong as documentation supports DX code, determination should be apart of Dr/CDI staff |
| How do you develop a query? | easy understood reasonable question, including clinical indicators focus on the accuracy, open end questions, support of documentation with question, ,include reasoning for the query, why they asked to clarify,ask for further details,$ is not the focus |
| How do you document a query? | Documentation as a result of query should be included in the PT record in notes,discharge summary or addendum to documentation. Each facility needs to determine if actual query is apart of permanent record in a policy, any info affecting PT billing |
| How do you document a query? x2 | policy and procedure should be created to indicate if the query is a part of MR and how long,where its located, how long it should be open During concurrent review CDI staff can verbally communicate to Dr these queries should be recorded. |
| What is computer assisted coding CAD? | tool intended to improved efficiency of the coding and claims submission process,useful in settings where documentation is structured and has a limited vocabulary. |
| What is the overarching goal of CDI? | to ensure specific and accurate documentation that reflects the true cost of care,severity of illness,complexity of care and resource utilization. |
| What does an organization need to understand CDI to be successful? | many uses of documentation,benefit of specfic and accurate documentation,need for multiple stakeholder involvement,need talent staff, need predetermine policies and procedures for record / query review, metrics building business case for CDI initiatives |
| What does compliance mean in terms of coding? | means complying with rules,laws,standards or regulations expected practices in regard to coding is of particular interest since coding data is used for many purposes. professional ethics and accepted practice are to comply with rules government programs |
| What is fraud? | is an intentional or deliberate deception or misrepresentation that an individual makes in order to receive benefits.Example billing for services not provided or providing a lesser service than what was provided. |
| What is abuse? | describes practices or incidents that are not done deliberately even though they may result in improper payments for MCR, abuse is defined as unintentional, however person or organization should know better, example is unbundling of codes, |
| What is the federal false claims act? | is a federal law that seeks to protect government programs from fraud by individuals and companies,outlines how deliberate ignorance and reckless disregard to the truth or fasity of a claim having knowledge of the false information. |
| What is qui tam relators? sometimes referred to whistleblowing | in a qui tam action, a private party called a relator brings an action on the government's behalf. The government, not the relator, is considered the real plaintiff. relators receive 15% of fraudulent monies |
| what is whistle blowing? | anyone who brings lawsuit based on their knowledge of fraud. |
| What is deficit reduction act of 2005? | is a multifaceted law concerning the nations budget, one section aims at fighting medicaid fraud and abused, action requires any program receives or makes payments over 5,000,000 annually to provide education to employees details false claim. |
| What is deficit reduction act of 2005? continued | including the organization process for reporting and correcting inaccuracies,whistle blower protections, the prevention and detection of waste,fraud and abuse. |
| What is health insurance portability and accountability act? | law regarding many aspects of the healthcare system, attention provided to preventing healthcare fraud and abuse is major focus of the legislation. Providing medical unnecessary services,billing for services not provided. |
| What is health insurance portability and accountability act? continue | unbundling and up coding misrepresentations lead to inaccurate and undeserved reimbursements, investigated by the department of health and human services HHS office of inspector general OIG |
| What does the department of health and human services HHS office of inspector general OIG do? | to enhance and protect the health and well-being of all Americans. We fulfill that mission by providing for effective health and human services and fostering advances in medicine, public health, and social services. |
| What is Office of Inspector General's (OIG) mission? | Office of Inspector General's (OIG) mission is to protect the integrity of Department of Health & Human Services (HHS) programs as well as the health and welfare of program beneficiaries. |
| What is extrapolation method? | looks at a small sample of records and applies the correction in payment /reimbursement across a large number of claims in a time period or service area. Healthcare providers should review the selected records ahead of time to prepare for financial adj. |
| What's some additional information about OIG office inspector general? | The office of inspector general OIG was created in 1976 with the mission to protect integrity of the health and human services HHS. The HHS OIG is larger than any other governmental OIG. The OIG gives advice to providers on complaince |
| What's some additional information about OIG office inspector general? continue | OIG developed written standards of conduct,promote hospital commitment to compliance, designation of chef compliance officer/other appropriate bodies. develop of regular effective education and training. maintenance such as hotline for complaints. |
| What's some additional information about OIG office inspector general? continue | Develop system for improper/illegal activities enforce of disciplinary actions against violated employees. use of audits to monitor compliance. The investigation and remediation of identified systematic problems , development of policies sanctioned. |
| What is a OIG workplan and why is it important for an organization to use a OIG plan? | Yearly HHS OIG published projects are planned areas identified for review. These Workplans cover CMS/children family administration on gaining addressing compliance, high risk areas,billing,claim forms,duplicate bills,overpayments,unbundling, overcoding. |
| What is unbundling? and why is it important to know? | is the reporting of multiple of codes to describe a service or procedure when according to coding convention one code would describe procedure or components for one code are bundled results in more reimbursement considered fraud/abuse |
| What is upcoding? and why is it important to know? | using diagnosis or procedure codes selected specifically because result in higher payment from third party payers. |
| What is maximization? | Unbundling and upcoding are examples of attempting to maximize reimbursement to the highest possible amount through coded data. this is called maximization. |
| What is optimization? | seeks the most accurate documentation,coded data and resulting payment in the amount of the provider is rightly and legally entitled to receive. |
| What components should be included in a coding compliance plan? | Policy statement regarding commitment organization to correctly assign codes, official coding guidelines used to direct code section.Identify who responsible for coding section, procedure to follow when clinical info is not clear, |
| What components should be included in a coding compliance plan? continue | specification of policies and procedures by care setting such as inpat,outpt, ER. process. The most important part of coding plan are the standards supporting it. All coding compliance should reference AHIMA standards of ethical coding. |
| What components should be included in a coding compliance plan? continue | The guidelines are used to determine coding process should be American hospital Association AHA coding clinic,America medical association AMA CPT assistant and additional guidance from CMS. |
| What is an incident plan and why is it important to know? | form used to record unplanned or unusual occurrences in detail. i important to capture dates,times, location.use for unplanned occurrences. Each incident report review individually or create report data for tends,patterns.Risk management develop polices |
| What is a contingency plan and why is it important to know? | Some incidents require risk management plans strategic level known contingency plan. C-plan is component of broader emergency preparedness process includes business practices,operational continuity,disaster recovery planning. |
| What are the components needed of contingency plan according to AHIMA? and what are the tree major categories or types of threats? | AHIMA C-plan record management such as protect PT safety,secure health info, ensure continue of care and provide recovery info. natural threats-floods,Technical/man-made-mechanical,Intentional acts-terrorism or commuter security. |
| What are the seven components to contingency planning according to NIST? | 1)identify regulatory requirements C-plan 2) conduct business analysis/business process 3) preventive controls and measures. 4) Develop recovery strategies 5) Develop C-pan with guidance / process. 6) test train prepare staff 7) maintain/update c-pan |
| What is NIST? | The national Institute of standards and technology- special publication defines steps to a viable contingency planning program. |
| What are goal planning for downtime and disaster recovery? | The overall goal of the plan is to reduce interruptions while lessening impact on organization and remain compliance with laws. |
| What are the key elements in implementing c-plan for downtime and disaster? | proactive governance process to define / align plans with strategic priorities,use of data to understand risks their impacts, plan design and integration of strategies. |
| How does HITECH-HIPPA Ominibus act of 2013 defined a breach? | impermissible use or disclose under privacy rule that compromises security or privacy of protected health information. An impermissible use /discloser of PHI is presumed to be a breach unless proven low probability compromised based on a risk assessment |
| What is breach notification rule? | entails notifying patients if their PHI has been breach, unauthorized uses and disclosers of any PHI at anytime maybe consider a data breach. |
| What is a risk assessment with a breach? | A assessment that is conducted if a beech has occurred,consists of nature and extent of PHI involved in breach including identifiers/likelihood of re-identification. The unauthorized person who used the PHI or whom it was disclosed. |
| What is a risk assessment with a breach? continue | Whether PHI was viewed,acquired or redisclosed. The extent to which the risk to the PHI has been mitigated. |
| What does the breach notification rule require entries and BA to do if suspect of a breach? | establish policies and procedures to investigate an unauthorized use or disclosure of PHI to determine if breach occurred,notify affected individuals and secretary of department of HHS within 60days of breach discovery. |
| What does the breach notification rule require entries and BA to do if suspect of a breach? continue | based on investigation an organization will make a determination if incident falls into a beach and take proper steps in notifying the affected. if number of individuals exceed 500 organization must notified local media as well individuals. |
| What is the three Ominbus rule exceptions to the breach notification rule requirement? | 1) PHI discloser was not intentional and the individual received info will keep the info confidential. 2) Access to the PHI was unintentional by workforce member and person or persons receiving info has right to keep the info confidential |
| What is the three Ominbus rule exceptions to the breach notification rule requirement? continue | 3) The organization believes in good faith the PHI could not have been retained by the person receiving it. if investigation finds any of 3 to be true than notification requirements of breach is not necessary. |
| if you believe a breach occurred where do you file a compliant? | if any person /organization believes a covered entity or BA has violate HIPPA privacy or security regulations a complaint may be filed to security of HHS. The office of civil rights is the enforce body of HIPPA and reviews all complaints. |
| The Omnibus rule created a new four tier fine structure for civil monetary penalties, CMP, What are the four tiers? | Tier 1 is lowest tier is used for minor violations, tire 2 is based on reasonable cause BA knew but didn't act diligence known the act violate administrative simplification,but didn't act willful neglect |
| The Omnibus rule created a new four tier fine structure for civil monetary penalties, CMP, What are the four tiers? continue | Tier 3 and tier 4 are based on violations determined to be willful neglect defined as conscious intentional failure or reckless indifference to obligation to comply with administrative simplification provision violated HHS 2013, |
| The Omnibus rule created a new four tier fine structure for civil monetary penalties, CMP, What are the four tiers? continue x2 | The difference between tier 3 and tier 4 when violation was corrected after covered entity of BA became aware of violation. If willful neglect is corrected in 30 days from date of discovery it would fall in tier 3, if NOT corrected after 30days tier 4 |
| Example of violation penalty tier | Tier1 Did not know $100-$50,000 ,Tier 2 Reasonable cause $1000-$50,000 , Tier 3 Will full neglect -corrected $10,000-$50,000, Tier 4 will full neglect not corrected $50,000, all calendar year $1500 |
| What is reasonable cause, will-full neglect, CAP mean? | reasonable cause means BA knew or would have known violated administration but did not act willful neglect, will-full neglect is conscious intentional failure or reckless to comply with administrative provision violated. CAP means corrective action plan. |
| The CMP will be based on ? | Nature / extent of violation number of individual affected during violation period, nature and extent of the harm resulting from the violation such as physical harm,financial harm or reputational harm, |
| The CMP will be based on ? | covered entity or BA prior compliance with HIPPA regulations such as previous violations,previous CAP, financial condition of CE or BA CMP would jeopardize ability to continue business, other such matters as justice may require |
| What is the term USE, Dis-closer, Authorization mean? | Use is defined as sharing,employment,application, utilization analysis with cover entity create and maintains PHI, dis-closer is release,transfer,provision of access in any manner of Info outside the entity holding the information. |
| What is the term USE, Dis-closer, Authorization mean? continue | Authorization is a document that gives covered entities permission to use protected health information for specified purposes or to disclose protected health information to a third party specified by the individual |
| What is designated record set ? | A group of records maintained by a covered entity that may include patient medical and billing records,enrollment,payment,claims record system maintained by health plan,or information used in whole or in part to make care-related decisions. |
| What is a designated record set used for? | a DRS is used to support a variety of patients' access to PHI,electronic copy of PHI and amendment of a record HHS 2013 |
| What is a valid authorization for used? | A valid authorization for use and disclosure of protected health information unless permitted without auth under HIPPA privacy regulation. |
| What is a valid authorization under HIPPA privacy rule? | A valid authorization of dis-closer of health information must be review and valuated for each specific request received not a covered entity. |
| What information requires a valid authorization? | HIPPA requires a valid authorization be completed for dis-closer of information such as dis-closer of PHI not permitted to be released without authorization, psychotherapy notes,marketing and sale of protected health information. |
| How long does a covered entity have to respond to release of info? | A covered entity has 30 days to respond and disclose the information from the date the authorization was received. All auths should be evaluated by organization to assure all requirement pieces of info are present and appropriate. |
| What is considered to be defective authorization under the HIPAA privacy rule? | The expiration data has passed or expiration event has occurred. Authorization is not completely filed out. Authorization has been revoked. Any required elements defined in core elements missing. |
| What is considered to be defective authorization under the HIPAA privacy rule? continued | Authorization is combined with any other documentation to create a compound authorization except where permitted. The facility knows material information included in the authorization is false. |
| What are the core elements of a valid authorization? | A description of the information to be used or disclosed that identifies the information in a specific and meaningful way. The name or other identification of the person or class of persons,authorized to make the requested use or disclosure. |
| What are the core elements of a valid authorization? continued | Name or identification of person,class or persons to whom covered entity may make the requested use or disclosure. description of each purpose of requested use or disclosure. |
| What are the core elements of a valid authorization? continued x2 | An expiration date or an expiration event that relates to the individual or the purpose of the use or disclosure. Signature of the individual and data. |
| What are the required statements a valid authorization must contain to notify individuals of? | The individual right to revoke the authorization in writing and either- exceptions to the right to revoke and description of how the individual may revoke the authorization or extent to which the information is included in the notice of privacy practices. |
| What are the required statements a valid authorization must contain to notify individuals of? continue | The ability / inability for auth to place conditions on treatments ,payments,enrollment or eligibility for benefits. The potential for info disclosed pursuant to auth to be subject to redisclosure by the recipient and no longer be protected by subpart. |
| How should a requester be notified if a authorization is defective? | If a authorization is consider defective the requester of information should be notified in writing indicating why the authorization is defected and the process for correcting and resubmitting the authorization for discloser. |
| What is compound authorization? | combines use of discloser of PHI with other legal permissions such as consent of treatment, which is prohibited by HIPPA, however amended by Ominbus rule that permits PHI and authorization for research study for both condition/unconditioned on one form. |
| How long are authorizations maintained? and how do organization regulate use and disclose of patient information without patient authorization? | Six years, HIPPA privacy rule allows covered entity to use and disclose protected health information for the purpose of treatment,payments and healthcare operations. |
| What are some examples of authorizations that don't need an authorization? | uses and disclosers to business associates,required by law,for public health reporting, audits and inspections,corners,medical examiners,funeral directors,organ donations,threat to health and safety,workers comp, |
| What is accounting of disclosers? | Under HIPPA privacy rule a pT has the right to receive a accounting of disclose for the past 6years at anytime. If an entity receives request from PT for accounting discloser a entity has 60 days to repond. |
| What is deidentification? | health information that has had identifiers removed so there is not a capability to reasonable identify the individual to which the information belongs. |
| What is expert determination method? | HIPPA regulations define two methods in which information can be deidentified to meet the standard, in this method data elements are removed from the data then expert such as statistician applies methodology to determine likelihood identified. |
| What is harbor method? | second method of HIPPA , requires cover entity or BA to removed 18 data elements from the health information such as name,DOB, geographic, telephone, SS#, account number,photographs, any unique identifiers. |
Created by:
Lclarey