Medical Insurance

Stark Rules, Antikickback Statute, and 2010 Affordable Care Act

all laws which regulate fraud and abuse.

Health Information Exchange (HIE)

an electronic system that allows physicians, nurses, pharmacists, other health care providers, and patients to appropriately access and securely share a patient's vital medical information

Informed Consent

an ethical principle that research participants be told enough to enable them to choose whether they wish to participate

Designated Record Set (DRS)

any item, collection, or grouping of info that includes PHI and is maintained by a CE

Office of E-Health Standards and Services (OESS)

part of CMS that helps to develop and coordinate the implementation of a comprehensive e-health strategy

Business Associates (BAs)

person or organization that performs a function or activity for a covered entity

Relator

person who makes an accusation of fraud or abuse

Abuse

physical or emotional harm to someone

DRS (designated record set)

protected health info and maintained by a covered entity - physicians use this when inputing info into chart

HIPAA Privacy Rule

regulations for protecting individually identifiable information about a patient's health and payment for healthcare that is created or received by a healthcare provider

A ____________ is a person who makes an accusation of fraud or abuse.

relator

HIPAA Electronic Health Care Transactions and Code Sets (TCS)

rule governing the electronic exchange of health information

Operating Rules

rules that improve interoperability between the data systems of different entities

Medical Standards of Care

state-specified performance measures for the delivery of health care

A court order to appear and testify is a

subpoena

Electronic Data Interchange (EDI)

the computer-to-computer exchange of business documents from a retailer to a vendor and back

The authorization to release information must specify...

the entity to whom the information is to be released

Centers for Medicare and Medicaid Services (CMS)

the federal government agency that administers Medicare and Medicaid

The provider owns the actual medical records, but the information in a record belongs to:

the patient

Minimum Necessary Standard

the uses/disclosures must be no more than the minimum required for the described research purpose

Audit

to check the accuracy of financial accounts and records

Code Set

under HIPAA, terms that provide for uniformity and simplification of health care billing and record keeping

National Provider Identifier (NPI)

unique ten-digit identifier assigned to each provider

OESS

Office of E-Health Standards and Services

OIG

Office of Inspector General

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a law designed to:

--ensure health insurance coverage for workers and their families when they change or lose their jobs --uncover fraud and abuse --protect peoples' private health information

Transaction

A business activity that changes assets, liabilities, or owner's equity

Medical Record

A collection of data recorded when a patient seeks medical treatment.

Password

A safeguard for access to a computer or computer program.

Notice of Privacy Practices (NPP)

A written document detailing a health care provider's privacy practices.

Disclosure of which of the following conditions requires a specific authorization from the patient other than for TPO?

AIDS

_____ is an action that improperly uses another's resources.

Abuse

ACO

Accountable Care Organization

ARRA

American Recovery and Reinvestment Act of 2009

Clearinghouse

An independent organization that receives insurance claims from the physician's office, performs software edits, and redistributes the claims electronically to various insurance carriers.

Accountable Care Organization (ACO)

An organization of healthcare providers accountable for the quality, cost, and overall care of Medicare beneficiaries who are assigned and enrolled in the traditional fee-for-service program

BA

BUSINESS ASSOCIATES

The HIPAA Privacy Rule is enforced by

Department of Justice - Office of Civil Rights

CE

COVERED ENTITY

CMS

Centers for Medicare and Medicaid Services

CMS stands for

Centers for Medicare and Medicaid Services

A(n) ______________ can be used by providers to transmit claims in the proper format for carriers.

Clearinghouse

Medical Documentation and Billing Cycle

Combination of the billing cycle and medical documentation cycle of a practice.

Which of the following is a systematic, logical, and consistent recording of a patient's health status in a medical record?

Documentation

Differences between EHR's, EMR's, and PHR'

EHR are Electronic Health Records that is are a computerized lifelong healthcare records for an individual that incorporate data from all sources that treat the individual. EMR's are Electronic Medical Records that are computerized records of one physicians encounters of a patient over time that are the physicians legal record of a pt's care. PHR's are Personal Health Records that are private, secure electronic files that are created, maintained, and controlled by pt.

EDI

Electronic Data Interchange

Malpractice

Failure by a health professional to meet accepted standards

_____________ is deception with intent to benefit from the behavior.

Fraud

Office for Civil Rights (OCR)

Government agency that enforces the HIPAA Privacy Act.

HIE

HEALTH INFORMATION EXCHANGE

TCS

HIPAA Electronic Health Care Transaction and Code Sets

Under which act can a patient restrict the access of health plans to their medical records if they pay for the service in full at the time of visit?

HITECH

HITECH

Health Information Technology for Economic and Clinical Health Act

HIPAA

Health Insurance Portability and Accountability Act

HIPAA is the abbreviation for the

Health Insurance Portability and Accountability Act

Covered Entity (CE)

Health plan, clearinghouse, or provider that transmits any health information in electronic form.

Protected Health Information (PHI)

Information that contains one or more patient identifiers.

HIPAA Security Rule

Law that requires covered entities to establish administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of health information.

The importance of accurate documentation when working with medical records

Medical records are created based on a variety of different types of documentation for pt's encounters to provide the best possible care

NPI

National Provider Identifier

NPP

Notice of Privacy Practices

OCR

Office of Civil Rights

Releasing protected health information for other than treatment, payment, or healthcare operations requires

Patient's signed authorization

Minimum Necessary Standard

Principle that individually identifiable health information should be disclosed only to the extent needed to support the purpose of the disclosure.

PHI

Protected Health Information

In a SOAP format, which of the following is information from the patient?

Subjective

SOAP is the abbreviation for which of the following?

Subjective/Objective/Assessment/Plan

Evaluation and Management (E/M)

The CPT codes used to capture the face-to-face time between a patient and the care provider; takes into consideration the extent of the history, extent of the physical exam, and the level of medical decision making required.

Documentation

The act of creating citations to identify resources used in writing a work.

Department of Justice (DOJ)

The department within the executive branch of the federal government that is headed by the Attorney General and staffed by U.S. Attorneys.

Authorization

The process of giving someone permission to do or have something

TPO

Treatment, Payment & Operations

Compliance Plan

a medical practice's written plan for complying with regulations

Encryption

a process of encoding messages to keep them secret, so only "authorized" parties can read it.

Meaningful Use

a set of government mandated criteria that must be obtained for every patient

Breach

a violation; a gap or break

An impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of PHI and also that could pose a significant risk of financial, reputational, or other harm to the affected person is called a

breach

A vendor such as a software firm that does business with a covered entity is called a(n)

business associate

How have most privacy complaints under HIPAA been resolved?

by voluntary compliance

compliance plan contains...

consistent written policies and procedures

The American Recovery and Reinvestment act (ARRA) of 2009

contains additional provisions concerning the standards for electronic transmission of health care data.

Under HIPAA, an organization that electronically transmits patients' protected health information is a(n)

covered entity

When personal identifiers have been removed, protected health information is called

de-identified --De-identified health information has had the personal identifiers removed--

Breach Notification

document used by a covered entity to notify individuals of a breach in their PHI required under the new HITECH breach notification rules

Account of Disclosure

documentation of the disclosure of a patient's PHI in that person's medical record in unauthorized cases

EHR is the abbreviation for

electronic health record

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

federal act with guidelines for standardizing the electronic date interchange of administrative and financial transaction, exposing fraud and abuse, and protecting PHI

Office of the Inspector General (OIG)

government agency that investigates and prosecutes fraud

Health Care Fraud and Abuse Control Program

government program to uncover misuse of funds in federal health care programs run by the Office of the Inspector General

The Health Care Fraud and Abuse Control Program

government program to uncover misuse of funds in federal health care programs run by the Office of the Inspector General

HIPAA National Identifiers are for ?

health care providers, employers, and patients

HIPAA identifies three types of covered entities:

health plans, clearinghouses, and providers

HIPAA National Identifiers

identification systems for employers, healthcare providers, health plans, and patients

Health Information Technology for Economic and Clinical Health Act (HITECH)

law promoting the adoption and use of health information technology (HIT)

American Recovery and Reinvestment Act of 2009 (ARRA)

law with provisions concerning the standards for the electronic transmission of healthcare data

Treatment, Payment, and Healthcare Operations (TPO)

legitimates reasons for the sharing of patient's PHI without authorization

De-identitfied Health Information

medical data from which individual identifiers have been removed

Encounter

meeting

Patients always have the right to...

withdraw their authorization to release information

Fraud

wrongful or criminal deception intended to result in financial or personal gain