CPCO prep
Seven elements the OIG states are necessary in an effective compliance program:
1-Conducting internal monitoring and auditing 2-Implementing compliance and practice standards 3-Desiginating a compliance officer or contact 4-Conducting appropriate training and education 5-Responding appropriately to detected offenses and develop & implement corrective action 6-Developing open lines of communication 7-Enforcing disciplinary standards through well-publicized guidelines
What year did the GAO identify Medicare claims to be at high risk for fraud and abuse which resulted in the OIG initiating an audit of HCFA (CMS) payment system?
1992
If an internal audit reveals issues, its time to do some interviews and document reviews. How many people should be involved in the interview process of an employee?
2 (an attorney is not required, but you should have 2 people interviewing a single employee)
CLIA certificates are valid for how long?
2 years
If an internal audit reveals issues, it's time to do some interviews and document reviews. How many people should be involved in the interview process of an employee?
2+ the attorney
Comprehensive error Rate Testing Program (CERT) started in what year?
2001
What year was the Patient Protection and Affordable Care Act (PPACA) enacted?
2010
After initial education and training have been implemented, when does the OIG recommend a benchmark audit be performed?
3 months
The typical duration of a Corporate Integrity Agreement (CIA) is?
3-5 years
Changes in ownership must be reported within how many days to the Medicare program?
30
How many days does a medical billing company have to send providers determinations?
30
After enacting CLIA, what percentage did the total number of quality deficiencies decrease by from the first laboratory survey to the second?
40%
How many components are required by the OIG to have an effective Compliance Program?
7
Because it is such a large component of their responsibility, what percentage of resources does OIG dedicate to Medicare and Medicaid?
80%
What is the recommended timeframe for a performance review?
90 days
An initial review of all areas of possible non-compliance within the practice/organization is necessary to reveal what areas of the practice/organization are currently in compliance and which areas are not. This assessment is called what?
Baseline
Why is the annual OIG Work Plan so important to compliance officers when they are developing their risk assessments?
Because it shows results of previous year's audit findings the current year's focus.
Why did OSHA publish a Blood Borne Pathogen standard?
Because of significant exposures to viruses and other microorganisms
Federal and state statutes, regulations and health insurance guidelines
Besides policies & procedures, what other item is important for third parties to integrate into their compliance program?
What timeframe is an employer required to post the OSHA 300?
Between Feb 1 and April 30th
Which of the following is not true regarding how improper payments are categorized?
Billed based on time
What third party plays a critical role in accurate billing and reimbursement?
Billing agencies
What is an important component of the compliance officers responsibility when managing incidents and investigations?
Board of Directors need to be kept apprised of ongoing investigations and results.
What determines exposure?
By reviewing job classifications
CMS is a division of ______.
HHS
What is considered an appropriate start to implementing an effective compliance program for compliance officers of small physician group practice with limited resources?
Adopt only those components which, based on the practice's specific history with billing problems and other compliance issues are most likely to provide and identifiable benefit
When drafting audit protocol in an internal investigation, it should be carefully worded and tied back to the regulatory scope and applicability research. If an attorney does not draft the protocol, one should review it for language. Why?
The government or opposing party may obtain a copy
The two states that have mandatory compliance program certification requirements are ___________
Arkansas and Vermont
RAC's perform what type of review(s)
Automated and complex Automated = no medical record required Complex = medical record required
What does HITECH stand for?
Health Information Technology for Economic and Clinical Health
What is a OSHA 300 form used for?
It provides a total of job-related injuries for the year
How does a GFCI function?
It will shut off in the event of a ground fault.
Medicare Fraud is ___________
Knowingly submitting a false statement to obtain federal healthcare payment
Which of the following is not an example of PPE?
Lab coat
Should laboratories develop standards of conduct for employees?
Laboratories SHOULD develop standards of conduct
What are limits of auditor record requests?
Large Groups (16+ individuals): 50 medical records per 45 days per NPI requested. Partnership (2-5 individuals); 20 medical records per 45 days per NPI Group (6-15 individuals) 30 medical records Solo Practitioner: 10 medical records
Key risk areas defined for medical billing companies include:
Unbundling Up-coding Inappropriate balance billing
$2000-$11000, plus the assessment of not more than three times the amount claimed for damage.
Under the CMP law, HIPAA increased the maximum penalty amount per false claim from?
There is no current criminal or civil enforcement action pending
Under the FCA, a person or entity may voluntarily disclose a violation and if they cooperate with any ensuing investigation and satisfy certain other criteria, the damages will be doubled instead of tripled under what circumstances?
Which office is at the top level of concern and usually involved in whistle blower actions and national investigations?
United States Attorney's Office
CLIA is funded by whom?
Users
The referring physician, or an immediate member of the referring physician's family, has a financial relationship with the entity receiving the referral.
Violation of the Stark law occurs when
When can PHI not be disclosed without a patient's consent?
When a neighbor overhears someone may have a STD
How soon are practices or medical organizations required to process record requests?
Within 30 days
Is OIG guidelines for compliance program mandated for third party health care companies?
Yes, but the implementation date hasn't been provided yet. (Mandated by PPACA)
Can providers request an extension for providing records requested by an auditor?
Yes, by sending a valid explanation.
If a person presents to the emergency department and collapses outside the ER doors is EMTALA evoked?
Yes, the 250 yard zone applies in this case
What is the limits of Medicaid Fraud Control Units (MFCU's)?
Limited to investigating Medicaid provider fraud
The Medicare assignment rules contain a number of exceptions governing who can bill the Medicare program. If a group practice is using a billing agent, what type of payment arrangement is necessary?
Lockbox (the agent can't receive payment from Medicare directly).
The Medicare program has program manual instructions on overpayment. Generally, overpayments are returned to the ___________?
MAC
HR policies will need to _______________
Make sense for the needs of the medical facility
All medical facilities must allow people with disabilities to ________?
Maneuver freely with their mobility devices
Third party health care audits should be designated to address the companies _______________.
Marketing services
How long can an employee be off during an approved FMLA?
Maximum 12 weeks
What is the most significant state program for healthcare?
Medicaid
What third-party is in a unique position of fraud discovery?
Medical Billing Companies
Because it is considered the overarching criteria for determining a level of service, the provider must ensure that the documentation supports what?
Medical Necessity.
What third-party health care provider is becoming a vital part of the health care indsutry?
Medical billing companies
What can result in imprisonment and penalties for providers and covered entities
Medical fraud
What can result in imprisonment and penalties for providers and covered entities?
Medical fraud
A majority of the OIG's resources goes to oversight of which programs?
Medicare and Medicaid
The bulk of federal regulations in 42 CFR part 4 covers the _________ and _____________programs
Medicare and Medicaid
What is a key concept of the privacy rule?
Minimum necessary
If I am only drawing blood, do I need a CLIA number?
NO, a CLIA number is not required if the facility only collects specimens and performs no testing.
What can providers review that will help them understand the compliance requirements of a clinical lab?
OIG's Clinical Lab Guidance
When can patients instruct their provider not to share information about their treatment with their health plan?
Only when the patient tells the secretary when scheduling an appointment that he or she is paying cash for the visit and does not want his or her information to be given to the health plan.
When a hospital sends a patient home, or transfers the patient, without providing care is called what?
Patient dumping
20 years
Penalties for mail fraud include fines and imprisonment of up to?
What defines and limits the circumstances in which an individual's PHI may be used or disclosed by covered entities?
Privacy Rule
Which organization publishes CLIA rules and regulations?
CMS
____________provides opinions for Stark law
CMS
What is a CCA?
Certification of Compliance Agreement in which providers agree to continue to operate their existing compliance program
The guidance provided by the OIG can be incorporated in policies to prevent ____________and _____________errors from occurring.
Coding and billing
The attorney-client privilege protects___________
Communications made to obtain legal advice
What is one way to discourage whistleblowers?
Conduct performance reviews
If a state or federal agent arrives at your office and presents a search warrant, it is best practice to what?
Contact your attorney immediately
What are the requirements for containers used to store waste?
Container must be color-coded
Medical practices should be aware of risks identified in the past and then establish policies and procedures for what?
Continual monitoring
Private or government investigations usually start with a request for __________.
Records
MAC's are responsible for administering the what for Medicare Services?
Refunds
What is a key compliance element for enacting PPACA?
Requiring mandatory compliance programs as a condition of enrollment in federal healthcare programs
Private payers will send letters to providers directly, although some are now turning to third party agencies. These agencies get a percentage of what is recovered and use what kind of techniques to find claims aberrations?
Data mining software
What should not be ignored and ay require policy measures to prevent avoidable recurrence?
Risk areas
Waived and PPM laboratories may apply directly for their certificate as they are not subject to _________?
Routine inspections
Waived and PPM laboratories apply directly for their certificate as they are not subject to ___________?
Routine inspections.
The anti-kickback statute
Routine waiver of co-pays would be considered a violation of which law?
Which one of the following is not considered an engineering control?
Safe medical devices
If a referred patient to your practice has a hearing deficit and needs an appointment, what steps should your practice take when scheduling?
Schedule the appointment a few days ahead to make arrangements for an interpreter.
What establishes the Medicare Integrity Program?
Section 1936 of the Social Security Act
What is EAP?
Employee Assistance Plan
What is ERISA?
Employee Retirement Income Security Act
What employees fall under category III?
Employee not exposed to blood borne pathogens
What is not included in the hazard communications standard?
Employee training on evacuation routes
Why should compliance officers have set disciplinary policies for non-compliance?
Employees should know the consequences for non-compliance of set policies.
Which of the following is considered the primary means of minimizing employee exposure?
Engineering controls
The OIG's ______to Congress keeps the Secretary of HHS and Congress currently informed about OIG's most significant findings, recommendations and activities for specific six-month periods.
Semi-annual report
On what date do all covered entities need to be in compliance with HIPAA Omnibus Rules?
September 22, 2014
The ______addresses compensation paid by laboratories to referring physicians and physician group practices for blood specimen collection, processing and packaging and for submitting patient data to registry or database.
Special Fraud Alert
What is an example of using the process of complete elimination or destruction of all forms of microbial life?
Sterilization
What safeguard is defined as a measure to protect ePHI
Technical safeguards
Under EMTALA a treating physician can consult other physicians in what ways that are not prohibited?
Telephone Video Conferencing Internet
In an internal investigation, if your attorney does the interview, what is important for the employee to know?
That the attorney is not the employee's attorney
One benefit of having an effective compliance program is:
it shows the practice is making a good faith effort to be compliant.
Generally, routine screening procedures done as part of an asymptomatic annual examination for a Medicare patient are ___________?
non-covered services.
Under EMTALA, all Medicare participating hospitals are required to provide at least a medical screening exam to a patient who comes to the emergency department....
regardless of the patient's insurance or ability to pay.
Once a vulnerability or risk has been identified, it is important to determine the risk rating. This is determined by _____________.
the likelihood or probability of occurrence and the severity of impact.
The risk assessment is an essential component of the compliance officer's responsibilities. Once the risks have been identified and prioritized, the next step in the process is to __________.
conduct audits based on the risk assessment findings.
Failure to respond quickly to suspected instances of non-compliance threatens the organization's reputation as trustworthy, law-abiding, and _______.
the organization's ability to participate with federally funded healthcare pans and/or third party payers.
Alerts for Physician's Office labs from Medicare on expired certificate, will cause your Medicare carrier to
deny claims
When a practice identifies that a provider is an outlier, it becomes most important to verify that the billed services are what?
documented and coded accurately
What are the BENEFITS of a compliance program?
help speed and optimize proper payment of claims Help protect patient privacy Reduce chances of an audit Minimize billing mistakes Comply with self-referral and anti-kickback statutes
The purpose of EMTALA is to prevent:
hospitals from rejecting patients in a discriminatory manner to anyone, refusing treatment to patients, or transferring patients to "charity hospitals" or "County hospitals" because they are unable to pay.
Improper advertising can get the physician in trouble with whom?
the state licensing board
What is a typical term of a Certification of Compliance Agreement (CCA)?
three years
A certificate of provider-performed microscopy (PPM) procedure is issued:
to a laboratory in which the provider performs no tests other than waived tests and PPM procedures.
A search warrant, State or federal (or both) allows the agents the right to what?
to enter and seize documents
The final CLIA regulations were published on February 28, 1992 and are based on the complexity of the test method; thus, the more complicated the test, the more stringent the requirements. What are the three categories of tests that have been established?
waived, moderate-microscopy (PPM), and high complexity
A serious danger for compliance programs is _______
when they are developed and not implemented.
Because of the changing nature of healthcare regulation, the compliance program _______
will be a "work in progress"
The Office of Civil Rights (OCR) has enforcement power for violations occurring as a result of willful neglect. OCR can now impose civil monetary penalties of up to how much per HIPAA privacy regulations violation.
$50,000
Hospitals with over 100 beds that violate EMTALA also may be subject to civil penalties and civil monetary penalties of up to how much?
$50,000 per violation
The OIG requires that documentation relating to the CIA be kept for how long after the CIA term?
1 year
What is the OIG's Five-Principle Strategy to combat healthcare fraud, waste, and abuse?
1-Enrollment = scrutinize individuals and entities that WANT to participate PRIOR to enrollment 2-Payment = Establish payment methodologies that are reasonable and responsive to changes in the marketplace 3-compliance = Assist providers and suppliers in adopting practices that promote compliance with program requirements, including quality and safety standards 4-Oversight=Vigilantly monitor programs for evidence of fraud, waste, and abuse 5-Response=respond swiftly to detect fraud, impose sufficient punishment and promptly remedy program vulnerabilities
What steps should a billing company take if they find credible evidence of provider misconduct, fraudulent or abusive conduct?
1. Refrain from submitting any false or inappropriate claims 2. Terminate the contract 3. Report the misconduct to the appropriate Federal and State authorities within 60 days.
CMS is headquartered in Baltimore and has _________regional offices around the country, which primarily oversee enrollment and certification issues.
10
CMS is headquartered in Baltimore and has _____regional offices.
10
How many states require nursing facilities to perform a FBI check on employees?
10
How many months of coverage does COBRA provide?
18 months
Franklin D. Roosevelt signed social security into law in __________.
1935
What year did OSHA publish the Bloodborne Pathogens standard?
1991
Hospital compliance guidance was published by the OIG in February of what year?
1998
When did the Needle Stick Safety and Prevention Act become effective?
2001
The Medicare learning network (MLN) began in _________.
2004
When was the supplemental compliance guidance for hospitals published?
2005
The nationwide network of MAC's date back to ________.
2006
What year was the ADA amendment enacted?
2008
Medicare requires physician and mid-level providers to certify the need for physical, occupational or speech therapy. The first certification is needed within how many days of starting therapy?
30
Which Code of Federal Regulation section is important to Compliance Officers and why?
42, it covers the Medicare and Medicaid programs
How many states currently require nursing facilities to perform a background check of state records for direct-access employees?
43
How many employees does an employer need to be held to FMLA policies?
49 years
In general , the OIG recommends auditing how many medical records per federal payer?
5 or more
In general, the OIG recommends auditing how many medical records per federal payer?
5 or more
How many regions are part of the Medicaid Fraud Control Unit?
6
How many days after determining that there is a credible evidence of fraudulent conduct should la billing company take to notify federal and sate authorities regarding the violation?
60 days
How many percutaneous injuries that involve contaminated sharps occur annually?
600,000
Physicians needs to report any change in their name, taxpayer ID, and bank arrangements within how many days?
90
When is the recommended timeframe for a performance review?
90 days
Skilled nursing facilities are Medicare certified facilities that provide extended skilled nursing or rehab care under Medicare Part _____-
A and B
fair market value
A basic concept in the anti-kickback safe harbors and Stark exceptions is that financial transactions between potential referring parties be conducted under what conditions?
Employees have ____________to report erroneous conduct, without repercussion, so that it may be corrected immediately.
A duty
What is OSHA?
A federal agency in charge of employee safety
What could constitute an occupational exposure?
A needle stick A cut with a sharp object A percutaneous injury
A patient is considered new if they meet which of the following criteria?
A patient who has not received any professional services from the physician of the same specialty who belongs to the same group practice within the past 3 years
Fraud waste and abuse are all areas that must be controlled when providing services to beneficiaries. Fraudulent billing:
A willful act.
What safeguard covers maintenance of security measures to protect ePHI, and to manage the conduct of the covered entity's workforce in relation to the protection of ePHI?
Administrative safeguards
Form CMS-R-131 is better known as?
Advanced beneficiary notice of non-coverage
Monthly
After hiring, how often should providers check to make sure employees are not on the OIG list of excluded individuals?
What should be readily accessible to all coding staff?
All essential coding resources
The 250-yeard zone rule does not apply to:
All hospital-owned physician practices
When there is notice of an investigation, employees must know that it is against policy to __________
Alter, destroy or remove any documentation from a patient's medical record
If a compliance problem is not detected, or detected too slowly, the compliance program may require modification. What steps should the compliance officer take to determine what is necessary to prevent future violations?
Analyze the situation
Routine waiver of Medicare deductibles or copayments is a violation of which statute?
Anti-kickback
What two laws relate primarily to the relationships between referral sources, such as physicians and hospitals?
Anti-kickback and Stark Laws.
Some joint ventures may violate the Medicare and Medicaid ______________.
Anti-kickback statute
For billing companies that provide marketing services, percentage arrangements may implicate the ________ statute.
Anti-kickback.
Which law governs relationships between competitors?
Antitrust
What employees should get Hep B vaccines?
Any employee exposed to blood borne pathogens
If a patient walks into your practice with a leashed dog, what should you do?
Ask the patient if the dog is a service animal and, if the patient states ye, allow the animal on the premises.
Attorney-client privilege protects communications that you have with your attorney and ____________
Attorney-client work-product
Work the attorney does in creating reports, interview memos, or research is called what?
Attorney-client-work-product.
What is the process that determines if the compliance program is effective?
Audit
The entire organization should be included in the initial, audit to identify current compliance and areas of non-compliance. What type of audit is this?
Baseline
Why did OSHA publish a Bloodborne pathogens standard?
Because of significant exposures to viruses and other microorganisms
The guidance from OIG can be incorporated into policies to prevent _______and _________errors from occurring
Billing and coding (help prevent false claims)
What is not a typical way that providers try to defraud Medicaid?
Billing under several NPI's at a time
Records associated with an inquiry will include the nature of the inquiry or report, the investigation procedures and outcomes, and all actions taken by the Compliance Officer and/or the organization to rectify any non-compliance uncovered. What is an important component of the compliance officers responsibility when managing incidents and investigations?
Board of Directors need to be kept apprised of ongoing investigations and results.
What is not a definition of occupational exposure?
Bruised skin
Some of the largest breaches reported to HHS have involved __________
Business associates
How are RAC auditors paid?
By a contingency fee basis
What department monitors the MAC's?
CERT
To avoid a conflict of interest, the OIG specifically states that the compliance officer should not report directly to whom?
CFO (may be fiscal conflict of interest) Would be acceptable to report to Board or CEO
What is required on all CMS-1500 forms when billing for laboratory testing?
CLIA number Date of service NPI number
A participating hospital is required to keep a ______on each individual who comes to the emergency department seeking assistance, whether or not that person refused treatment, was refused treatment, admitted and treated, stabilized and transferred or discharged
Central Log
Which certificate is issued to a laboratory that enables the entity to conduct moderate- to high-complexity laboratory testing until the entity is determined by survey to be in compliance with the CLIA regulations?
Certificate of registration
To enroll in the CLIA program, laboratories must first register by completing an application, pay fees, be surveyed, and if applicable become what?
Certified
To enroll in the CLIA program, laboratories must first register by completing an application, pay fees, be surveyed, if applicable and become what?
Certified
Primary safety concerns in the medical setting include bloodborne pathogens, radiation, bio-hazardous waste, and __________.
Chemicals
Qui Tam
Civil actions may be brought in federal district court under the FCA by the Attorney General, or by a person known as a relator, in what type of action?
Every third party health care company should designate someone to serve as the focal point for compliance activities. This position is called a ___________.
Compliance Coordinator.
What will show a third parties good faith towards remediation?
Compliance Program
What will show a third party's good faith toward remediation?
Compliance Program
Every third party health care company should designate someone to serve as the focal point for compliance activities. This position is called a _________.
Compliance officer
What are corrective actions resulting from an audit?
Conducting educational sessions for providers (NOT clinical staff) Improving system edits Updating coverage policies and manuals Refining improper payment rate measurements
Under EMTALA, the following requirements must be met when transferring an unstable patient:
Consent of receiving hospital Patient's consent must be documented Physician must attest the medical benefits outweigh the risk of the transfer in writing
What is it called when the OIG waives its exclusion authority concurrent with resolution of monetary liability under the False Claims Act and the CMP law?
Corporate Integrity Agreement
OIG integrity agreements have been a catalyst for change in ___________.
Corporate culture
The HITECH Act revisions significantly increased the penalty amounts the Secretary may impose for violations of the HIPAA rules and encourage prompt _________?
Corrective action
The compliance officer is responsible to find areas of non-compliance and then formulate solutions to rectify the problem. This is known as what?
Corrective action plan
Which of these responsibilities is not one of a compliance officer?
Create all policies and procedures
Health information that does not identify an individual is called ______.
De-identified information
Alerts for Physician's office labs from Medicare on expired certificate will cause your Medicare carrier to
Deny claims
Clinical laboratory services Physical Therapy services Home health services Radiology services Radiation therapy Parenteral and enteral nutrients Prosthetics Outpatient prescription drugs Inpatient and outpatient hospital services
Designated health services include
If the practice uses an outsourced compliance officer, the OIG recommends________?
Designating a liaison from the practice to communicate with the outside compliance officer That the practice have a business service agreement with the outside compliance officer (HIPAA)
A review and analysis of all the applicable documents in a specific area is what type of audit?
Desk
How do nursing facilities accomplish compliance?
Development of protocols with a system that reviews and analyzes patient outcomes with the protocols.
LCD's and NCD's provide information for converge limited to certain what?
Diagnosis codes
A lab's requisitions should include the following:
Diagnosis codes need to be on the order for any test requested by the provider (diagnosis information for all tests ordered)
What should never be tolerated by an employer?
Discrimination
During an internal investigation, the nest step after the regulatory scope and applicability are researched is?
Draft an audit protocol
A physician who is on call and who fails or refuses to appear after being called by an ER physician (or other physician) is in violation of what?
EMTALA
If physician recruitment arrangements are not properly structured, it can result in ________________
EMTALA violations
One of the most important elements of an effective compliance program is to have a compliance officer or committee who is _________.
Empowered.
What is one way to discourage whistleblowers?
Encouraging open communication during performance reviews (in order to do this, annual performance reviews should be conducted)
What would require a high-level disinfection?
Endoscope
OSHA was created to assure safe and healthful working conditions for working men and women by?
Enforcing standards Providing training Outreach, education and assistance
What employees do not fall under Category II?
Environmental services personnel
A physician who negligently violate EMATALA also are subject to civil monetary penalties and. for repeated or gross and flagrant violations risk __________?
Exclusion from Medicare
Medicare has Part E. T/F
F, the parts to Medicare are A, B, C, and D.
False Claims Act
FERA expands the grounds for liability under which Act?
What Acts have oversight by the Dept. of Labor?
Fair Labor Standards Act (FLSA) Employee Retirement and Income Safety Act (ERISA) Occupational Safety and Health Act (OSHA)
Clinical Laboratories should charge physicians a price for ordered tests at ____________
Fair Market Value
Clinical laboratories should charge physicians a price for ordered tests at _________
Fair market value
T/F: Exempt employees must be paid overtime
False
A billing company's written policies and procedures should reflect current ________.
Federal and state statutes
Besides policies and procedures what other item is important for third parties to integrate into their compliance program?
Federal and state statutes, regulations and health insurance guidelines.
What law does not require that nursing facilities conduct state or Federal (FBI) criminal background checks?
Federal law
A compliance officer does not have to be a lawyer, but your chances of implementing a successful compliance program increases when you are familiar with:
Federal regulations
According to the OIG, an effective compliance program can create what?
Financial success Customer loyalty Community support Employee satisfaction
When drafting audit protocol in an internal investigation it should be carefully worded and tied to the regulatory scope and applicability research. If an attorney doe snot draft the protocol, one should review it for language, Why?
For attorney client privilege.
What is FPS?
Fraud Prevention System
What is the maximum amount of money an employer can charge for personal protective equipment?
Free of charge
What does the term RAT-STATS represent?
Free statistical software used to select a random sample for audit.
Welfare Benefit plans include
Fringe benefits
Accountable care organizations (ACO's) involve different providers, including hospitals and physicians. Members of the ACO share both the gains and losses for certain Medicare fee-for-service beneficiaries with high-risk conditions such as heart failure, COPD, and diabetes. What is this arrangement called?
Gain sharing
Members of the ACO share both the gains and losses for certain Medicare fee-for-service beneficiaries through high-risk conditions such as heart failure, COPD, and diabetes, this arrangement is called what?
Gainsharing
HIPAA established what comprehensive program to combat fraud committed against all health plans, both public and private?
HCFAC (Health Care Fraud and Abuse Control Program) under the joint direction of the Attorney General and Secretary of HHS
HITECH revisions significantly increased the penalty amounts the Secretary may impose for violations of _________
HIPAA
What can be an effective support system of the desired organizational culture?
HR policies & procedures
What is the level 3 of the RAC Claims appeal process?
Hearing by an Administrative Law Judge (ALJ)
In February 1998, the OIG created the first compliance document. What type of provider was the first Compliance Program Guidance issued for?
Hospitals
Which of the following is not part of the annual OSHA employee training?
How to voice concerns about HIPAA
Skilled Nursing Facilities best practice guidelines would have the compliance officer doing which of the following?`
If audit determines claims did not meet medical necessity you should report to CMS within 60 days.
When is it acceptable to bill an office visit based on time?
If over half of the visit is spent counseling the patient.
After an audit reveals areas for improvement, what is the next step a compliance officer should take?
Implement corrective action plans
What is considered the most important aspect of a compliance program?
Implementation
What is the most important aspect of a compliance program?
Implementation
The __________is when an organization offers another organization an incentive referrals.
Improper inducements.
What is considered a significant element in fraud, waste and abuse?
Improper payment
15-30%
In a qui tam action, the relator is entitled to receive a monetary settlement between?
What is not a function of ZPIC's?
Initiate appropriate administrative actions to deny or to suspend payments that should not be made to providers where there is reliable evidence of fraud
How do CMS and contractors categorize improper payments?
Insufficient documentation No documentation Medical necessity
CMS relies on a number of program contractors to identify and respond to fraud, abuse and improper payments in the Medicare and Medicaid programs. these contractors are charged with protecting the programs ____________?
Integrity
CMS relies on a number of program contractors to identify and respond to fraud, abuse, and improper payments in the Medicare and Medicaid programs. these contractors are charged with protecting the programs ____________.
Integrity
What element is a requirement for third party billing?
Integrity in computer systems
What authority has CMS contractors been given?
Interview providers and office personnel
It is important to educate employees o the methods they may utilize to directly notify and communicate issues of suspected areas of non-compliance. What is considered a best practice method of anonymous reporting?
Intra-office or USPS mail
What is the function of ZPIC's?
Investigate allegations of fraud made by beneficiaries, providers, CMS, OIG and other sources Proactively identify incidents of potential fraud that exist outside of its service area Refer cases to OIG/Office of Investigations for consideration of civil and criminal prosecution and/or application of administrative sanctions.
What does the acronym LEP stand for?
Limited English Proficiency
What usually happens next when settlement negotiations are unsuccessful?
Litigation
Under the MSP, the Medicare statute and regulations require all entities that bill Medicare for items or services rendered to Medicare beneficiaries must determine whether ______________.
Medicare is the primary payer for those items or services.
Can an individual provide a verbal authorization to release PHI?
NO, all authorizations must be in writing
When creating handicap parking spaces, which is true with regards to 4 or less spaces
No handicap sign is required as long as there is an access aisle
What foreign language does OSHA mandate the OSHA poster be posted with at each medical facility?
No requirement but also available in Spanish
A person having an asthma attack presented to the physician office on the hospital campus. The office did not have a provider in the office and the patient had to go to the ER around the corner for treatment. Is the physician office in violation of EMTALA?
No, EMTALA does not include physician practices
A person having an asthma attach presented to the physician office on the hospital campus. The office did not have a provider in the office and the patient had to go to the Emergency department around the corner for treatment. Is the physician office in violation of EMTALA?
No, EMTALA does not include physician practices.
Are compliance officers required to know all OSHA laws?
No, but they should know where to find the information
Should all compliance programs be the same?
No, compliance programs need to be tailored to fit the unique needs of every organization or physician practice
A clinical laboratory gets all of their Medicare patients to sign a blank ABN in case Medicare does not pay for a service. This is part of the clinic's written policy, therefore is in compliance Y/N
No, laboratory may never ask a patient to sign a blank ABN
When should a third party health care company start a compliance program?
Now, to be proactive
The OIG also provides a SUPPLEMENTAL compliance program guidance for ________
Nursing facilities, published in 2008
Medicaid Fraud Control Units (MFCU's) operate under the direction of ______________.
OIG
What department monitors and recertifies MFCU's?
OIG
Which office provides guidance to the healthcare industry in the form of Advisory Opinions, Special Fraud Alerts, Special Advisory Bulletins, and Compliance Program Guidance?
OIG
____________ provides advisory opinions on the anti-kickback law.
OIG
_________provides advisory opinions on the anti-kickback law.
OIG
What federal agency is in charge of employee safety?
OSHA
Which office would a compliance officer contact if he or she had questions regarding discrimination in certain healthcare programs?
Office for Civil Rights (OCR)
Which component of the OIG has a duty of conducting audits, which results in reducing waste, abuse and mismanagement?
Office of Audit Services
Who is responsible for administering and enforcing HIPAA's privacy, security and breach notification rules?
Office of Civil Rights
Who is responsible for enforcing the HIPAA Privacy Rule and Security Rule provisions?
Office of Civil Rights (OCR)
What is the Federal agency that provides compliance program guidance to providers and covered entities?
Office of Inspector General
What Federal department will consider self-reporting of misconduct as a mitigating factor?
Office of Inspector General (OIG)
Which government branch was created to fight waste, fraud and abuse in all federal health care programs, especially Medicare and Medicaid?
Office of Inspector General (OIG)
Which office is mainly responsible to investigate health care fraud waste and abuse?
Office of Inspector General (OIG)
When conducting a risk assessment, one of the most important and key sources of information that a compliance office should utilize is ___________.
Office of Inspector General's Annual Audit Plan
Which OIG office conducts criminal, civil and administrative investigations of fraud and misconduct related to HHS programs, operations and beneficiaries?
Office of Investigations
Which component of the OIG has a duty of operating the OIG hotline?
Office of Investigations
Which department of the OIG is responsible for providing mission and administrative support to the OIG?
Office of Management and Policy
During an internal investigation, creating an audit report for negotiation is important. Overpayments (and underpayments) should be included as ______?
Offsets
The compliance Officer is also responsible for the coordinating and/or screening of employees, agents and independent contractors. Why is this important?
Organizations cannot do business with individuals who have been excluded from participating in federally funded healthcare plans.
What area is of concern when patients are referred to home health agencies and/or DME suppliers?
Patients freedom of choice; not allowing patients to choose could violate anti-kickback laws
treble damages, plus a penalty of $5500 to $11000 for each false claim filed.
Penalties under the FCA (False Claims Acct) include how much?
If the main entrance cannot be made handicap accessible, then _______________
People should be detoured to another entrance.
Which serves as a reference source of information about personnel policies and procedures
Personnel Policy Manual
$25,000, imprisonment of up to five years, and exclusion from participation in federal health care programs for up to one year
Persons found guilty of violating the anti-kickback statue may be subject to a fine of up to how much?
What safeguard is defined as measures to protect electronic systems?
Physical safeguards
Medicare Part B pays for what type of services?
Physician
PAR means what?
Physicians agree to take assignment on all Medicare claims.
A high-level statement or plan that embraces an organization's general beliefs, goals, objectives and acceptable procedures for a specified subject area is a ________.
Policy
What are not part of Exit Route requirements for a medical facility?
Posting evacuation routes on company web site
What does Medicare Part D cover?
Prescription drugs
Once the risk levels are identified, what is the next step a compliance officer should take?
Prioritize which risks will be addressed
What is more important to have in place for enforcing and disciplining individuals who violate the practice's compliance or other practice standards?
Procedures
What is the routine cleaning guidelines for BP cuffs?
Provide disposable cuffs to all isolation patients
What does the CMS website say about RAC audits?
Providers billing fee-for-service are subjected to RAC audits
Repay the excess
Providers can give physicians gifts and other benefits up to a set amount each year, adjusted for inflation. Gifts and benefits should be tracked; if the set amount is in exceeded, the physician can ________
When will office notes need to have special security?
Psychotherapy notes
Unless there is a conspiracy with a provider, MFCU cannot ____________.
Pursue recipient fraud
MAC's can initiate an investigation if there is complaint, or if something about the billing profile is triggering flags. If quality concerns are an issue, what type of organization may be involved?
QIO (Quality Improvement Organization) CMS Regional Office State Surveyors
What do CMS regional offices focus on?
Quality initiatives Children's health Health plan standards
What is an essential component for the lawful behavior and success of nursing facilities?
Quality of care
There has been an increased national focus on ______.
Quality of health care.
What was established for all laboratory testing by Congress passing the Clinical Laboratory Improvement Amendments (CLIA) in 1988?
Quality standards
Free statistical software that can be used to select a random sample for audits is called what?
RAT-STATS
Which law increases the severity of penalties for violations involving organized crime?
RICO Act
For larger physician practices, how often does the OIG suggest reporting compliance activities to the board of directors?
Regularly
Incident to rules can be complicated and present additional risks to a practice/organization. If a provider is available only via paper or telephone, incident-to billing _________________
Requirements are not met.
Any contribution and participation of a student to the performance of a billable service must be performed in the physical presence of the teaching physician, except for what?
Review of systems (ROS) or past family or social history (PFSH)
What are types of Engineering controls?
Safer medical devices Needless devices Shielded needle devices Plastic capillary tubes
The OPPS rule require hospitals to include on the same claim all OPPS services provided at the same hospital to the same patient, on the same day, unless certain conditions are met. This is the _________.
Same-day rule.
The OIG recommends a billing company, when establishing a compliance plan to take a _____of the company's operations.
Snapshot
What employees do not fall under Category I?
Social Workers
Physicians sometimes own other health-related businesses, such as physical therapy facilities, CME or home health companies, diagnostic imaging centers, or laboratories. Because these businesses provide designated health services, what may be triggered?
Stark
Which law provides for a civil monetary penalty (up to $15,000 per service) and exclusion from government programs in any case where a person submits an improper claim, which was know to have been, or should have been know to have been, provided through a prohibited referral, and has not refunded the payment?
Stark
The billing manager reports a significant increase of correspondence from the carriers and insurers challenging the medical necessity of claims. What is the next step the compliance officer should take regarding the reported incident?
Start an investigation
Employees should be told that if they are questioned in an investigation they should always what?
Stick to the facts and don't speculate They should also know they have the right to request an attorney
Everyone should be educated in their role in adhering to the Compliance Program including their duty to report_______________.
Suspected misconduct
What should you do when you find out one of your employees has been excluded from government programs?
Suspend the employee, request documentation, and investigate the matter.
Which of the following is not true regarding Audit MIC?
The Audit MIC can only audit a Medicaid provider in its zone (they can audit any provider throughout the country)
Which of the following is a documentation guidelines that will help you avoid overpayment demands and potential False Claim Act violations in the event the organization is audited by a third-party payer.
The CPT and diagnosis codes reported on health insurance claim form or billing statement should be supported by the documentation in the medical record.
$50,000
The Office of Civil Rights (OCR) has enforcement power for violations occurring as a result of willful neglect. OCR can now impose civil monetary penalties of up to how much for HIPAA violations?
What sets ZPIC audits apart from other Medicare audits?
The audits are targeted by potential Medicare fraud
Whose responsibility is it to focus on the key risk areas through education and documented audit improvement?
The compliance officer
If a patient in the emergency department asks to be transferred to another hospital, what is the one condition that must be met so that EMTALA is not evoked?
The consent of the receiving hospital must be received.
What types of time record keeping policies is not required?
The employee's illness when taking sick time
The compliance officer will report directly to
The managing physicians and board
What does the term "Disclosure" mean?
The release or transfer of information to an outside entity
What is a requirement of MFCU's?
They must employee attorneys
Which is the underlying principal of the Equal Employment Opportunity law?
This law requires all persons to be entitled to equal employment opportunity regardless of race, color, religion, sex, national origin, age, disability, or any other characteristic protected by law.
How many agencies oversee ERISA?
Three
RAC's can look back how many years from date of service?
Three
Why is it important for nursing facilities to track patient outcomes?
To accomplish compliance
Why must an employer implement an Exposure Control Plan?
To ensure proper employee protection measures
What is one of the responsibilities CMS has under the Medicaid Integrity Program?
To hire contractors to audit Medicaid provider claims
According to the OIG, medically unnecessary services can be billed to Medicare for what purpose?
To receive a denial so a claim can be submitted to a secondary payer.
A pertinent component of an effective compliance program include____________
Training and educating employees
Anti-dumping statutes do not require what?
Transfer to another hospital if emergency room is busy.
PHI may be disclosed without the patient's authorization for _________-
Treatment, payment and operations
Penalties under the FCA include how much
Treble damages, plus a penalty of $5500 to $11,000 for each false claim filed.
T/F: Hourly employees must be paid overtime per federal law
True
OIG's Clinical Lab Guidance
What can providers review that will help them understand the compliance requirements of a clinical lab?
Which of the following is not a requirement for MSDS sheets?
What quantity the medical facility purchases yearly
Billing agencies
What third party plays a critical role in accurate billing and reimbursement?
Anti-kickback and Stark laws
What two laws relate primarily to the relationships between referral sources, such as physicians and hospitals?
ABN's should be presented:
When a service is not a covered benefit/service of Medicare
Temporarily remove them providing services Review all paperwork and return them to service only after documented governmental reinstatement Assess to determine if they were properly excluded
When it is discovered that an employee is excluded from federal programs, what steps should be taken?
When can a covered entity disclose PHI without a patient's consent?
When providing in cases of suspected abuse.
Why wouldn't a medical facility need an ionizing Radiation policy?
When they do not have an X-ray machine
When does an employee's declination of Hep B expire?
Whenever the employee decides to get the vaccine
The Balanced Budget Act (BBA)
Which act authorized the imposition of civil monetary penalties against health care provider and entities that employ or enter into contracts with excluded individuals or entities to provide items or services to federal program beneficiaries?
Stark
Which law provides for a civil monetary penalty (up to $15,000 per service) and exclusion from government programs in any case where a person submits an improper claim, which was known to have been, or should have known to have been, provided through a prohibited referral, and has not refunded the payment?
Personal services
Which safe harbor can shelter physician independent contractor-type agreements with hospitals or other providers, such as skilled nursing facilities (SNF's)
The US Dept. of Health & Human Services (HHS)
Who is responsible for the oversight of the Medicare and Medicaid Programs?
What is one of the main responsibilities of the CMS regional office?
Work on quality initiatives
The practice/organization should have a clear directive to the staff on the consequences of not attending the required training sessions. What is the best method of communication assuring all employees understand the directive?
Written policies
Are there certain rules for PHI disclosure in cases of an emergency?
YEs, PHI can be released for emergency treatement
Should employees be allowed to download software?
Yes, as long as it is authorized
Can an employee transfer a chemical to another container?
Yes, as long as the secondary container label is used and meets regulatory requirements.
Can patients request amendments to their PHI?
Yes, but the provider does not have to make the amendment based on his or her professional opinion.
Can a provider disregard an auditor's request for records?
Yes, however it will result in a "no documentation" finding
Is it acceptable for practices to call and remind patients of their appointments?
Yes, if it is stated in the Notice of Privacy Practices
Should American taxpayers be concerned about Medicaid fraud?
Yes, it costs taxpayers hundreds of millions of dollars a year
If a person presents to the emergency department and collapses outside the ER doors, is EMTLA evoked?
Yes, the 250 yard zone applies in this case.
Can a billing companies compliance officer work with provider offices?
Yes, the OIG recommends this action and a BAA Is NOT required.
If a provider does not bill Medicare or Medicaid, do they still need CLIA certification?
Yes, the conditions of enrollment are regardless of whom payment is received from.
Does a provider who is only providing waived tests need a CLIA number?
Yes, the law requires that no matter what type of testing is performed, a CLIA number is required
Can the government take back monies from a nursing facility for failure of a patient's care?
Yes, there is a direct link to quality of care and billing for services.
Did the HIPAA Omnibus Rule affect business associates?
Yes, they are more accountable for their client's PHI
Should providers learn about Medicare guidelines?
Yes, they are obligated under law
Can CMS take back monies without reviewing a patient record?
Yes, through the use of data mining
Can CMS take back monies without reviewing a patient's record?
Yes, through the use of data mining.
What is a ZPIC?
ZPIC's are PRIVATE companies contracted by CMS, used to conduct audits for Medicare and Medicaid overpayments
Which of the following best describes ZPIC's?
ZPIC's are private companies contracted by CMS
What key item(s) can protect a medical practice from harassment liability
Zero tolerance policy for harassment
If a physician signs a participating (PAR) agreement with Medicare, they agree to what?
accept Medicare's allowed charge as payment in full
In addition to keeping a training log, and records, to make sure employees understand the training content compliance officers should also obtain what from employees?
an attestation
A hospital may satisfy their on-call coverage obligations by ___________per HHS
approved community call/regional call program
Billing companies should never use ____coding.
assumption
What is the target of Physician at Teaching Hospitals (PATH) audits?
documentation of physician involvement in services performed by residents and documentation for level of service provided
In an internal investigation it is important to communicate to employees that it is against policy to destroy or remove any documentation from a patient's medical record. Document reviews can be extensive and may include:
emails, mobile phone calendars and notes
Any laboratory performing testing on specimens derived from a human being for purposes of providing diagnosis, prevention, treatment, or assessment of health, regardless of whether they participate in Medicare, must:
enroll in the CLIA program
The Patient Protection and Affordable Care Act of 2010 (ACA) requires that all providers adopt a compliance plan as a condition of what with Medicare, Medicaid ad CHIP?
enrollment
What is the term of a CIA
five years
As specified in t he Coe of Conduct, no employee or agent of the practice/organization may have a relationship of they have a criminal conviction related to health care or _________?
have been excluded from participating in federally funded healthcare plans.
For potential criminal violations, a practice should have immediate discussions with a criminal attorney who
is well versed in Healthcare Fraud and Abuse law
Requirements for transferring an unstable patient include all but ____________
making sure the patient has either Medicare or Medicaid
The OIG acknowledges that full implementation of all components of a compliance program for physician practices________-
may not be feasible
What is the mission of the OIG?
protect the integrity of Department of Health & Human Services (HHS) programs as well as the health and welfare of program beneficiaries
If a provider is available only through pager or telephone, incident-to billing ___________?
requirements are not met (the provider has to be in the office and readily available)
An emergency medical condition is defined as having symptoms such that the absence of immediate medical attention could result in:
serious impairment of bodily functions, and/or serious dysfunction of any bodily organ or part
How many years should providers keep track of disclosures?
six or more years
The OIG compliance program guidance acknowledges patient care as:
the first priority of a physician practice.
When would an employer need to complete an OSHA 300 form?
when there is a work-related contaminated needle stick or sharps injury
If an employer doesn't meet requirements for FMLA, do they still need Leave of Absence policy?
yes, they should still address leaves of absence requests
When did MMA become a law?
2003
What year did HITECH Act get implemented?
2009
Federal and state statutes
A billing company's written policies and procedures should reflect current _________
60
A qui tam complaint is initially sealed for how many days?
What should the compliance officer do to ensure standing orders are medically necessary and within compliance of the laboratory?
Have a policy in place to monitor standing orders periodically.
According to Inspector General Daniel Levinson, what can help reduce enforcement on a provider from a CIA to a CCA?
Have a robust and effective compliance program
What goes together with compliance issues?
Human Resources
Which of these statements is true?
IRS, DOL, PBGC all have separate penalty assessments
Anti-kickback statute
If a group pays a hospital monthly rent for office space that is one-half the going rate or fair market value, this is a violation of?
Most CIA's require an IRO. What does this stand for?
Independent Review Organization (IRO)
Which screening exam does not require an order, in any setting?
Mammogram
Does Medicare pay for all tests ordered by Providers?
No, they need to determine if it's covered and medically necessary.
What policy is important in dealing with employee concerns?
Non-Retaliation policy
What policy is written to encourage communication?
Non-retaliation policy
How long does the privacy rule state that a practice or covered entity needs to retain medical records?
Not stated - it would follow state or other applicable law
Which one of the following is not an administrative sanction?
Revocation of Aetna enrollment
Modifier 25 is used to allow additional payment for E/M services performed by a provider on the same day as a procedure, as long as _____________.
The E/M service is significant, separately identifiable and above and beyond usual pre or post-operative care of the procedure.
HHS
The OIG works within which agency?
The mission statement of the healthcare organization and a statement of why they are in business are also know as ___________?
The code of conduct.
What rights do patients have when paying cash?
They can restrict the use of their PHI
When can an employer do a drug screen on employees?
When the employer has reasonable concerns of addiction
All expenses related to developing and implementing a compliance program are considered the cost of doing business and are tax deductible for the organization, except:
When the expenses are a result of the imposition of a penalty.
Which statement is true?
All businesses should educate employees about ADA
Which area would not be considered during a performance review?
An employee's attendance at a company party
The compliance program should be monitored and updated at least _______.
Annually
Which of the following is not an example of sexual harassment?
Asking another employee to date
A standard boiler plate clause in a CIA includes language on the rights of the OIG to inspect any aspect of the provider's business under what circumstance?
At any time
Who is responsible for providing analysis, research and technical assistance and conducts laboratory quality improvements for CLIA?
CDC
What must a Personnel Policy Manual adhere to?
Civil Rights Act
The risk assessment is an essential component of the compliance officer's responsibilities. Once risks have been identified and prioritized, the next step in the process is to________?
Conduct audits based on the risk assessment findings
What are the key functions of the compliance officer with regard to planning, implementing and monitoring the compliance program?
Coordination and communication
Audit MIC's can audit a Medicaid provider throughout his or her __________.
Country
What can employers do to increase employee engagement?
Employers should hold management accountable for engagement
One of the most important elements of an effective compliance program is to have a compliance office or committee who is
Empowered
What are key responsibilities of a compliance officer?
Ensure internal controls are capable of preventing and detecting significant instances or patterns of illegal, unethical or improper conduct. Monitor the performance of the practice's compliance program on an ongoing basis and take steps to improve effectiveness. Identify and assess areas of compliance risk.
A physician who fails to respond to an emergency situation when she is assigned as the on-call physician:
is in violation of EMTALA and may subject herself and the hospital to a penalty.
What covered entity as the most HIPAA breaches?
Business Associates
Hourly employee overtime pay is dictated by state or federal law?
Federal
HHS, CMS and the OIG publish regulations in the __________
Federal Register
The OIG has described seven basic components of an effective compliance program for a small physician practice that are based off of the _______-.
Federal Sentencing Guidelines.
What type of software process identifies potential claim errors?
data mining
What year was the Civil Rights Act implemented?
1964
Which of the following is not an example of safety measures?
A security alarm system with same access ID for everyone
Providers need to have a _____signed by the patient prior to services if they believe that Medicare will not cover the services
ABN Form
If the patient presents to an ER, the provider must not delay the screening process to ask about what?
Insurance
What does NIOSH stand for?
National Institute for Occupational Safety & Health
Two states that have mandatory compliance program certification requirements are ________________
New York and Arkansas
What is a function ZPIC's do NOT perform?
Proactive identify incidents of potential fraud that exist outside its service area (they proactively identify incidents within its service area and take appropriate action on each case)
A compliance program is the _________each organization implements to achieve their stated goals.
Process
e-prescribing
The Medicare Modernization Act (MMA) of 2003 gave momentum to what movement?
Snapshot
The OIG recommends a billing company, when establishing a compliance plan to take a ______ of the company's operations.