Chapter 15- Ethics and Legal Issues
Which is a person chosen to decide a dispute or settle differences.
Arbitrator
Health Insurance Portability and Accountability Act (HIPAA)
The first objective is portability, The second, accountability,
What are the three major goals of ARRA?
The three major goals of ARRA are to create and save jobs; spur economic activity and invest in long-term growth; and support accountabilities and transparency in recovery spending.
Administrative Simplification Compliance Act (ASCA) also known as HIPPA title
Title II, Subtitle F
the most important title of HIPPA to the healthcare professional
Title II, Subtitle F
As a healthcare professional, you cannot release any medical information unless it is to an authorized person because the information is confidential
True
Ethical guidelines are often spelled out in a document called a code of ethics
True
The two main objectives of HIPAA are portability and accountability
True
resolution agreement
a contract signed by HHS and a covered entity in which the covered entity agrees to perform certain obligations (eg, staff training) and make reports to HHS, generally for a period of three years.
subpoena
a legal document issued by the court requiring the person named on the subpoena to appear in court or to supply certain documents or both.
arbitrator
a person chosen to decide a dispute or settle differences
business associate
a person that performs, or assists in the performance of, a function or activity involving the use or disclosure of individually identifiable health information
Fraud includes inaccurate information that is used to wrongfully gain
compensation.
Unique Identifier Standards
establish the implementation specifications for obtaining and using the standard unique health identifier for healthcare providers.
Compliance plans
formalizations of processes that identify, investigate and prevent violations in various healthcare services.
release of information (ROI)
gives healthcare providers and facilities the authority to disclose patient-specific health information to persons not otherwise authorized to receive this information
legacy numbers
identifiers were known as UPIN, OSCAR and PIN, and are now referred
Medical ethics
include confidentiality, accuracy, integrity and completeness of medical records and the proper storage of these records.
accountability
increases the effectiveness of the healthcare system while protecting health data integrity, confidentiality and availability, as well as preventing fraud and abuse.
Unsecured
means the information hasn't been encrypted
Always have a(n) _____ release form on file before sending any patient records via fax.
original
Transaction and Code Sets Standards
outline the format and codes used for electronic transmissions.
recovery audit contractors (RACs
paid on a contingency fee basis, receiving a percentage of the improper payments they collect from providers. RACs may review the last three years of provider claims for the following types of services: hospital inpatient and outpatient, skilled nursing facility, physician, ambulance and laboratory, as well as durable medical equipment.
When a person lies during testimony, he can be charged with
perjury
consent
permission is for treatment, payment or healthcare operations
notice of privacy practices
• How the covered entity may use and disclose PHI about an individual. • The individual's rights with respect to the information and how the individual may exercise these rights, including how the individual may complain to the covered entity. • The covered entity's legal duties with respect to the information, including a statement that the covered entity is required by law to maintain the privacy of PHI. • Whom individuals can contact for further information about the covered entity's privacy policies.
The Security Standards have two primary purposes:
• Require appropriate security safeguards to protect ePHI that may be at risk • Promote access and use of ePHI while protecting an individual's health information
Administrative Simplification Compliance Act (ASCA)
• Transaction and Code Sets Standards • Privacy Standards • Security Standards • Unique Identifier Standards
False Claims Act (FCA)
1863 by Abraham Lincoln and is the basis for prosecution of healthcare fraud and abuse claims. The FCA prohibits anyone from presenting a false or fraudulent claim to be paid by the government, using a false record or statement to conceal or avoid paying money to the government or conspiring to defraud the government.
Which would be considered fraud?
A receptionist alters a patient's file by changing the date of treatment so insurance will cover the visit.
Which does not trigger an insurance audit?
Accurate codes applied to a claim
What does a company have that lists specific behaviors and efforts expected of employees?
Code of ethics
How are compensatory and punitive damages different?
Compensatory damages are damages directly related to the fraud, while punitive damages are damages awarded to the plaintiff to punish the defendant and, theoretically, deter the defendant from repeating the fraud in the future.
prohibits anyone from presenting a false or fraudulent claim to be paid by the government.
FCA
A compliance plan is a thorough review by the insurance company of a claim and all related documentation.
False
A resolution agreement is a contract signed by OCR and a covered entity in which the covered entity agrees to perform certain obligations and make reports to OCR.
False
Business associates are healthcare professionals who transmit any health information in electronic form
False
Electronic data interchange simply outlines the format and codes used for electronic transmissions
False
TPO stands for transfers, payment and healthcare operations
False
The NPPES is a 10-position, numeric identifier that does not carry other information about healthcare providers
False
You should always fax sensitive test information
False
Which is a true statement of medical liability insurance?
Medical liability insurance is usually carried by the doctor and covers everyone who works for the doctor.
In which arbitration is the ruling merely a suggestion from an objective person.
Nonbinding
Fraud and abuse can be reported to the
OIG.
This entity enforces the Privacy and Security Standards.
Office for Civil Rights
Damages awarded to the plaintiff to punish the defendant's actions are what type of damages?
Punitive
The purpose of this is to require appropriate security safeguards to protect ePHI that may be at risk.
Security Standard
Which can authorize the legal release of confidential medical records
Subpoena
This is the sworn statement of witnesses and experts given while on the witness stand in court.
Testimony
titles
The different sections of HIPAA
What are the possible penalties for fraud and abuse?
The penalty can be monetary, criminal, administrative or a combination of any of the three.
American Recovery and Reinvestment Act (ARRA)
The three major goals of ARRA are to create and save jobs; spur economic activity and invest in long-term growth; and support accountability and transparency in recovery spending.
If you see a very unusual, interesting medical file during the course of your duties, what should you do?
Treat it as confidential
A conscious, intentional failure or reckless indifference to the obligation to comply with the administrative simplification provision is willful neglect.
True
Recovery audit contractors are paid on a contingency fee basis, receiving a percentage of the improper payments they collect from providers.
True
The Employer Identification Number is issued by the IRS to identify employers on standard transactions.
True
The Privacy Rule addresses the use and disclosure of patients' health information
True
The Security Rule does not apply to PHI transmitted orally or in writing.
True
The term breach refers to a violation or infraction of a standard.
True
Which is not included in a notice of privacy practices?
When the information will be used for treatment, payment and healthcare operations
complied
When you follow the directions contained in the subpoena
NPI
a 10-position, intelligence-free numeric identifier (10-digit number). seeks to eliminate multiple identifiers
insurance audit
a thorough review by the insurance company of a claim and all related documentation.
Security Standards
also called the Security Rule, establishes a national set of security standards for protecting health information that is held or transferred in electronic form.
transaction
an electronic exchange involving the transfer of information between two parties for a specific purpose.
National Plan and Provider Enumeration System (NPPES)
collects identifying information on healthcare providers and assigns each a unique National Provider Identifier (NPI)
Damages directly related to fraud are termed _____ damages.
compensatory
willful neglect
conscious, intentional failure or reckless indifference to the obligation to comply with the administrative simplification provision violated.
portability
continuation of health insurance coverage for workers and their families during times of job change or loss
Punitive damages
damages awarded to the plaintiff to punish the defendant and, theoretically, deter the defendant from repeating the fraud in the future. Punitive damages can far exceed compensatory damages.
Compensatory damages
damages directly related to the fraud.
Health Information Technology for Economic and Clinical Health (HITECH) Act
effective in 2010, revised the original HIPAA legislation, expanding responsibilities for securing and making other changes relating to disclosure of health information and enforcement.
Civil money penalties
for willful neglect can extend up to $250,000, with repeat or uncorrected violations extending up to $1.5 million.
Covered entities
health plans, healthcare clearinghouses and healthcare providers who transmit any health information in electronic form.
Employer Identification Number (EIN)
identify employers on standard transactions, including all electronic transmissions of claims
Fraud
inaccurate information is used to wrongfully gain compensation.
code of ethics
is a document that outlines specific ethical guidelines.
Protected Health Information (PHI)
is individually identifiable health information, or information that can be used to identify an individual, that is held or transmitted by a covered entity or its business associate in any form, whether electronic, paper or oral.
Electronic data interchange (EDI)
is the electronic transfer of information in a standard format between trading partners. EDI is the process of submitting a claim electronically in a standard format to an insurance company for reimbursement for the provider's services.
Minimum necessary
limits unnecessary or inappropriate access to and disclosure of PHI.
Encryption
means the electronic information is put into a coded form while transmitted.
version 5010
replaced version 4010 with improvements, such as correcting technical issues, accommodating new business needs and eliminating inconsistencies in reporting requirements.
authorization
required when using or disclosing protected health information for reasons other than for treatment, payment or healthcare operations
confidential
secret, private, concealed
perjury
serious crime
eFaxing
the document is sent from the computer without activating the fax machine and it prints out on a traditional fax machine at its destination.
defendant
the person named in the claim or charged with the crime
plaintiff
the person who files the claim and initiates a lawsuit
binding arbitration
the ruling is final and must be obeyed
nonbinding arbitration
the ruling is merely a suggestion from an objective person.
Testimony
the sworn statements of witnesses and experts given while on the witness stand in court.
breached
there was a violation or infraction of a standard.
American Medical Association (AMA)
to advance the science of medicine, improve the standards for medical education, develop a program of medical ethics and improve the health of the public.
When protected health information is unsecured it means the information hasn't been encrypted
true
arbitration
two disputing parties meet with an arbitrator, or a person chosen to decide a dispute or settle differences.
It's important that all the policies and procedures that relate to confidentiality and release of all patient medical records are _____ and available for reference.
written down
Procedures that help ensure the confidentiality of faxed medical records include the following:
• Always follow the rules set out by the provider or client with whom you are working. If there is a policy that prohibits sending records by fax, then do not do it. If there are no such restrictions, follow the next guidelines. • Always have an original release form on file before sending any patient records via fax. Do not accept a faxed copy of a patient release form; although the form appears to be signed, you have no way of knowing if that signature is valid because you are looking at a copy of the form and not the form itself. • Send faxes only to a secure fax machine. This means you have to verify with the receiving person that the fax either will be picked up immediately or that the fax is in a secure area away from people who are not authorized to see what you are sending. • Never send sensitive test information via fax. This includes HIV and pregnancy test results. • Always use a fax cover sheet. The cover sheet must list your name, company name, telephone number, fax number and the number of pages sent.
Review the following security procedures that help ensure confidentiality of medical records and information:
• Employees are prohibited from working on records of acquaintances. • New employees are required to sign confidentiality pledges before they can access confidential information, and a system must be in place to ensure that such statements are signed. • Security procedures are in place for accessing medical record storage areas that aren't under continuous supervision by authorized staff. • All computerized patient information must only be accessible with a unique password, and information system users must not share their passwords. • A written plan is developed to deal with suspected breaches of confidentiality. • All physicians who use the computer system should agree, in writing, to keep their ID codes confidential and be responsible for authenticating their dictation.
A medical facility must consider a wide range of factors to ensure confidentiality of patient records. These factors include:
• Hiring trustworthy, responsible staff • Ensuring information stored on computerized systems is secure and available only to authorized individuals • Having standardized, secured procedures in place for transferring patient information within the facility, between facilities and to outside individuals
