RHIT D3 compliance
When did the JC transition its accreditation process to unannounced surveys?
2006
Which is the recommendation for design of forms for an EDMS (electronic documentation management system) to create a document image.
24lb weight paper for double-sided froms
When hospital want to provide transcription service for private patients of physicians and the physicians is a medical staff. Dose physicians need to obtain a business associate agreement with facility?
According to HIPAA Privacy Rule the physicians that dictating information on their private patients, they should obtain a business associate agreement with hospital. It a permission for one covered entity to be a business associate of another covered entity. However if physicians dictating info on hospital patient they do not need to obtain a business associate agreement b/cit considered healthcare operations and it permitted under the HIPAA Privacy Rule.
The goal of coding compliance programs is to prevent___
Accusations of fraud and abuse.
When a service is not considered medically necessary based on the reason for encounter, the patient should be provided with a_____ indicating that medicare might not pay and that the patient might be responsible for the entire charge.
Advance beneficiary notice (ABN)
When patient who is treat with psychiatric request to see his/her own medical record that is not psychotherapy, what should be the best course of action?
Allow the patient to access his record if, after contacting his physician, his physician does not feel it will be harmful to the patient. HIPPA rule "patient have a right to have some control over their health information unless state laws, regulations, or physician stated not to.
The HIM supervisor suspects that a departmental employee is accessing the EHR but has no specific information or data to support this suspicion. what should supervisor do?
Ask the security officer for audit trail data to confirm or disprove the suspicion.
This private, not for profit organization is committed to developing and maintaining practical, customer-focused standards to help organizations measure and improve the quality, value, and outcomes of behavioral health and medical rehabilitation programs.
Commission on Accreditation of Rehabilitation Facilities
Joint Commission standards for medical record delinquency is____.
Completed within 30 days after discharge.
Gatekeepers role of the primary care provider is cost control, they determine the appropriateness of the following components:
appropriateness of the healthcare service, the level of healthcare personnel, and the setting in the continuum of care.
Case management coordinates an individual's care, especially in complex and high cost cases. Goals of case management include the following:
Continuity of care, cost effectiveness quality, and appropriate utilization
What is data security?
Data security is to insure [workstation are protected] from unauthorized access and if workstation is inactive for a period of time it should log itself off automatically to prevent unauthorized person from accessing ePHI.
What is it called when accrediting bodies such as the Joint Commission can survey facilities for compliance with the Medicare conditions of participation for hospitals instead of the government?
Deemed status
What is Encryption?
Encryption is a process that encodes textual material, converting it to scrambled data that must be decoded in order to be understood. The message is a jumble of unreadable characters and symbols as it is transmitted through the telecommunication network. this is part of data security program for electronic health record.
A risk analysis is useful to:
Identify [security threats or risks] Risk management begins by conducting a risk analysis, then identifying security threats or risks determining how likely it is that any given threat may occur.
Audit trails (audit log) is____
Is the way to monitor documented logs of system that tracks every access to data. This is example of an audit control standard. the log will be a chronological set of computerized records that provides evidence of info system activity such as log-in, log-out, file accesses that is used to determine security violations
The permanent RAC program was completely implemented by:
January 2010
What is a good electronic form design?
Keystrokes should be minimized by using pop-up menus. Perform completeness check for all required data, or use text boxes to enter text. Check box are used for multiple selection.
What does the term access control mean?
Mean being able to identify which employees should have access to what data.
Within the context of data security, protecting data privacy means defending of safeguarding:
Mean only those individuals who need to know information should be authorized to [access information].
Who established/created the National Practitioner Data Bank (NPDB)?
The Healthcare Quality Improvement Act (HQIA). The purpose of NPDB is provide info about medical practitioners who have a history of malpractice suits/mutipractic and other quality problems. Hospitals are required to consult the NPDB before granting medical staff privileges to healthcare practitioners.
What states that the Recovery Audit Contractor (RAC) demonstration project conducted(control/direction) was start (2005) and operated initially?
New York, Florida, and California
Community Hospital wants to offer info technology service to City Hospital which is a small hospital. The CEO asks the HIM director if there are any barriers to establishing this relationship with regard to HIPAA.
The smaller hospital should obtain a business associate agreement with the facility providing the information services.
The Medicare Integrity Program was established as part of Title II of HIPAA to battle fraud and abuse and it charged and responsibility with_____
Payment determinations and audit(checkup,inspection) of cost reports. They review provider for potential fraudulent activity, audit of cost reports, payment determinations, education of providers and beneficiaries on health care fraud and abuse issues.
What kind of control is use for security safeguards that protect equipment, media, and facilities?
Physical access controls
A secretary in the Nursing Office was requests HIM department to review her health record, what is the best course of action?
Review of records by the patient is [permitted after the authorization for use and disclosure is verified].
List of elements for an Effective Compliance Program.
They are:1)Implementing written policies, procedures and standards of conduct; 2)Designating a compliance officer and compliance committee 3) Conducting effective training and education 4)Developing effective lines of communication 5) Enforcing standards through well publicized disciplinary guidelines 6) Conducting internal monitoring and auditing 7) Responding promptly to detected offenses and developing corrective action.
What should be avoided when designing forms for an EDMS?
Shading of bars or lines that contain text. b/c is difficult to read as a image.
What is Single sign-on for multiple software systems mean.
Single Sign-on is an access control for EHR system that allows a user access to all disparate applications through one authentication procedure, thus reducing the number and variety of passwords a user must remember and enforcing and centralizing access control.
Minors are basically deemed legally incompetent to access, use or disclose their health information. What resource should be consulted in terms of who may authorize access, use or disclose the health records of minors?
State law since HIPAA defers to state laws on matters related to minors. minors is who under 18 years old.
What is HHS and OIG?
The U.S. Department of Health and Human Services, Office of Inspector General's (OIG) Compliance Program Guidances identify seven elements that should be included in every Compliance Program, which adopted by the US federal sentencing guidelines.
Who can be a Medicare Conditions of participation?
The providers who participating in Medicare program to receive Medicare and Medicaid reimbursement. They much prove that they follow the rules and regulations by CMS for participation.
How Federal sentencing guidelines related to OIG?
The seven elements are based on criteria adopted by the Federal Government in the Federal sentencing guidelines. The sentencing guidelines set forth criteria by which courts determine corporate culpability and impose appropriate sanctions for organizations that are found, through the actions of their employees and agents, to have violated criminal law. Significantly, if an organization is determined to have in place an effective program to prevent and detect violations of law, the court may impose a reduced fine.
What is steps in medical necessity and utilization review.
Three steps are clinical review, peer review, and appeals consideration.
With JC survey methodology involves an evaluation that follows the hospital experiences of past or current patients?
Tracer methodology
How often are healthcare facilities required to practice their emergency preparedness plan annually?
Twice a year
What is not true of good electronic forms design?
Use radio buttons to select multiple items from a set of options. This buttons can only select one item from options.
Defines utilization management.
Utilization review (UR) is the set of process that used to determine whether the medical care provided to a specific patient is [necessary]. So Pre-established objective screening criteria are used and performed according to [time frames (episodes of care)] specified in the organizations UM plan.
In what situation must a covered entity provide an appeals process for denials to requests from individuals to see their own health information?
When a licensed healthcare profession has determined that access to PHI would likely endanger the life or safety of the individual.
Is there any fees for individuals to access to their PHI?
Yes. the cost-based fee may be charged for making a copy of the PHI, or agrees to accept summary, or explanatory information. the fee may include the cost of: copying this include supplies, labor and postage, when the copy need to be mailed. NO charged for retrieval of the PHI except non-patient requests.
What is the HIPAA standards required organizations establish_____.
[ A written contingency plan] to developed and tested. this will ensure that procedures are in place to handle an emergency response in the event of an untoward event.
Coding policies should include _____ elements.
[AHIMA Standards of Ethical Coding]
There are a number of legal issues facing the EHR. State laws vary as to what is and is not acceptable in a court of law regarding EHRs. What is a legal concern regarding the EHR?
[Ability to subpoena audit trails]. Healthcare providers frequently receive subpoenas requesting the production of the medical record.
An EHR system can provide better security than a paper record for protected health information system due to____.
[Access controls, audit trails, and authentication systems]
The act of granting approval to healthcare organization based on whether the organization has met a set of voluntary standards of accreditation agency is called:
[Accreditation]. for example The Joint Commission is an accreditation agency
What are policies and procedures required by HIPAA that address the management of computer resources and security.
[Administrative safeguards] the administrative provision(providing) detail how the security program should be managed from the organization's perspective. written and formalized the policy and procedures, created outlining data security authority and responsibilities throughout the organization.
The Healthcare Cost and Utilization Project (HCUP) is a major initiative of which organization within the federal government?
[Agency for Healthcare Research and Quality (AHRQ) ] sponsor HCUP. This organization most involved in health services research, they looks at issues related to the efficiency and effectiveness of the healthcare delivery system, disease protocols, and guidelines for improved disease outcomes.
The utilization manager's role is essential to___
[Analyze the estimate of benefits (EOBs) received] UM is a front-end utilization management to the prevention of denials for inappropriate levels of care. Ensure the requested services meet medical necessity requirements and provided in the most appropriate setting. When the reinsurance company denies the claim, an appeal may be process or possible, this process is time consuming and costly and it does not always result in payment of the claim. UM staff are the key in obtaining documentation during an inpatient stay to prevent denies and inappropriate levels of care.
Which areas within high risk of compliance that including in billing practices.
[Billing for non-covered services, altered claim forms, duplicate billing, misrepresentation of facts on a claim form, failing to return overpayments, unbundling, billing for medically unnecessary services, overcoding and upcoding, billing for items or services not rendered, and false cost reports]
Who is responsible for implementing the policies and strategic direction of the hospital or healthcare organization set by hospital board of directors and for building an effective executive management team?
[CEO Chief executive officer] is the leader of the administrative staff.
The basic functions of the utilization review process.
[Case management, discharge planning, and utilization review]
In developing an internal coding audit review program, what is would be risk areas that should be targeted for audit?
[Charge master description CMD] Selecting the types of cases to review is important for identify of risk areas. examples of various case selection possibilities in CMD to review risk areas.
What is three risk areas that are vitally important to the accuracy of the claims submission process. Which is a fraudulent billing practices represent a major compliance risk for health care organizations.
[Coding and billing, documentation, and medical necessity for tests and procedures]
What is the role of the case manager?
[Coordinate medical care and ensure the necessity of the services provided to beneficiaries(facilitate care)] The care-planning process extends beyond the acute care setting to ensure that the patient receives appropriate follow-up service.
In developing a coding compliance program, who would be ordinarily included as participants in coding compliance education?
[Current coding personnel, Medical staff, Newly hired coding personnel] HIM manager should provide education, training related to complete and accurate coding, documentation and billing on an ANNUAL basis. Annually require by compliance for coding staff should be updated the compliance.
Specific performance expectations and/or structures and processes that provide detailed information for each of the Joint Commission standard are called:
[Elements of performance] JC change from survey monitors every three years to continuous improvement and continuous standard compliance. The change is facility's monitoring of sentinel (unexpected) events and follow the hospital experience of selected patients (tracer methodology) during JC surveys was instituted(establish/organize/to set going). Each accreditation standard was accompanied by a rationale and steps to meet the standard call elements of performance.
What is the biggest threat to the security of healthcare data?
[Employees]
A group practice has hired an HIT as its chief compliance officer. The current compliance program includes written standards of conduct and policies and procedures that address specific areas of potential fraud. It also has audits in place to monitor compliance. What else compliance officer should also ensure are in place?
[Establishment of a hotline to receive complaints and adoption of procedures to protect whistleblowers from retaliation]. this is one of the seven elements that OIG has outlined which is conducting internal monitoring and auditing this is a maintenance of a process.
What is the term for an explicit (clear cut, specific) statement that directs clinical decision making?
[Evidence-based clinical practice guideline are the foundation of members'care for specific clinical conditions.
If an HIM department acts in deliberate ignorance or in disregard to official coding guideline, it may be committing____
[Fraud]
Who issues compliance program guidance?
[HHS ( Health and Human service) office of Inspector General (OIG)] OIG issue compliance program guidance since 1998 for various types of healthcare organization. Which most healthcare organization need guidance to develop fraud and abuse compliance plans or program.
In developing a monitoring program for coding compliance that should be regularly audited is____
[ICD-9-CM and CPT coding]. Because the accuracy and completeness assignment ICD and CPT code determine the provider payment.
This organization has been responsible for accrediting healthcare organizations since the middle 1950s and determines whether the organization is continually monitoring and improving the quality of care they provide.
[Joint Commission[ Primary focus is to determine whether organizations seeking accreditation are continually monitoring the quality of the care they provide.
Who is the largest healthcare standards-setting body in the world?
[Joint Commission] It conducts accreditation surveys and continually evolved to meet the changing needs of healthcare organization since 1952.
Access to reports based on protected health info w/in a healthcare facility should be limited to employees who have a ____
[Legitimate need for access] HIM department tracks requests for info and ensures that a legitimate need for access to it is present when users who need integrated info more detail than what they can allow to access in other part of health record.
Medical school graduates must pass a test before they can obtain(to gain, to be, become effective) a _____ to practice medicine.
[License] the license test are administered by state medical boards and passing scores for the test vary by state.
Local coverage determination LCD describe when and under what circumstances of____
[Medical necessity] LCD refer to coverage rules, at a fiscal intermediary (FI) or carrier level, that provide info on what diagnoses justify the medical necessity of a test.
Who is dictates(control/strongly influence) how the medical staff operates?
[Medical staff bylaws] The medical staff operates According to a predetermined set of policies called the medical staff bylaws.
Developing, implementing, and revising the organization's policies and procedures under the direction of Executive managers is the role of______.
[Middle managers]
OASIS data are used to assess the____ of home health services.
[Outcome]. OASIS is outcomes and Assessment Information Set. designed to gather data about outcomes for Medicare patient who receive service from home health.
Placing locks on computer room doors is considered what type of security control?
[Physical control]
Which facility do not have to meet the standards in the condition of participation?
[Physician offices]
A statement or guideline that directs decision making or behavior in organization is called a:
[Policy]
Which of the following is a written description of an organization's formal position?
[Policy] A policy is a clearly stated and comprehensive statement that establishes the parameters for decision making and action. Policies are developed at both the institutional and departmental levels. and both levels must developed in accordance with applicable laws and reflect actual practice.
Types of utilization review.
[Pre-admission review, Continued-stay review, and Discharge review.]
What program that is not an automatic control that helps preserve data confidentiality and integrity in an electronic system.
[Security awareness program] is program that educates employee on confidential nature of patient and organization-related data including security policies or sign a yearly confidentiality statement. So anemployee responsible for threats to data security. is a security program that help reduce security breaches.
Position descriptions, policies, and procedures, training checklists, and performance standards are all example of:
[Staffing tools] it used to plan and mange staff resources.
Who is outlined elements of compliance program?
[The OIG (office of inspector general)] outlined seven elements as the minimum necessary for a comprehensive compliance program.
Corporate compliance programs become common/blueprint for an effective compliance program for healthcare organization after adoption of__________
[The US federal Sentencing Guidelines], they outline seven steps as the hallmark of an effective program to prevent and detect violation of law.
An individual designated as an inpatient coder may have access to an electronic medical record in order to code the record. Under what access security mechanism is the coder allowed access to the system?
[User-Based Access UBAC] is based on the workforce member's identity. The Role Based Access Control (RBAC) based on the workforce member's work role. For example, a workforce member with multiple job functions would be assigned multiple roles and access rights. Context Based Access Control (CBAC) such as restricting access to certain dates or times, or certain devices on the covered entity's electronic information system or network.
This type of healthcare organization review is conducted as the request of the healthcare facility seeking accreditation. (NOT mandated, not require)
[Voluntary review]
Under HIPPA rules, when an individual asks to see his/her own health info PHI, a covered entity:
[can deny access to psychotherapy notes] or info compiled in reasonable anticipation of a civil, criminal, or administrative action or proceeding, or PHI subject to the Clinical Laboratory Improvements Act (CLIA).
What committee usually oversees the development and approval of new forms for the health record?
[clinical forms committee or medical record committee] they should provide oversight for the development, review, and control of all enterprise-wide (entire organization) information capture tools, including paper forms and design of computer screens.
What is healthcare fraud?
[false representation of fact, failure to disclose a material fact, or damage to another party that reasonably relied on misrepresentation]
Facilities that must meet the standards in the condition of participation include______
]Hospital, home health agencies, ambulatory surgical centers, and hospices]
To ensure relevancy, an organization's security policies and procedures be reviewed at least____
at least every year to make sure they are up-to-date and still relevant to organization.
which governmental fraud and abuse effort focused on recouping lost funds for the medicare program due to inaccurate coding and billing? $188 million were recovered during the first two years of this effort.
operation restore trust is target fraud and abuse in healthcare provider.
The policies and procedures section of a coding compliance plan should include___
physician query process, coding diagnosis not supported by medical documentation, upcoding, correct use of encoder software, unbundling, coding medical records w/out complete documentation, assignment of discharge destination codes, and complete process for using scrubber software.