Chapter 2 Review: Compliance, Privacy, Fraud, and Abuse in Insurance Billing

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Define protected health information (PHI)

Any data that identify an individual and describe his or her health status, age, sex, ethnicity, or other demographic characteristics, whether or not that information is stored or transmitted electronically

If you give, release, or transfer information to another entity, this is known as

Disclosure

HIPAA requirements protect disclosure of protected health information outside of the organization but does not protect against internal use of health information

False

If fraud and abuse are detected, ZPIC contractors report to the DOJ for further investigation

False

In the event of an OIG audit, the presence of an OIG compliance program will prevent penalties and fines from being imposed

False

In the federal health care program, accepting discounts, rebates, or other types of reductions in price is encouraged

False

The focus on the health care practice setting and reduction of administrative costs and burdens are the goals of which part of HIPAA?

HIPAA Title II: Administrative Simplification

What is the first step health insurance specialists should take toward achieving compliance so they do not violate laws, which may result in penalties or fines?

Identifying the laws that regulate the industry

At a patient's first visit under HIPAA guidelines, the document that must be given so the patient ackowledges the provider's confidentiality of his or her protected health information is the _____

Notice of Privacy Practices (NPP)

What is the primary purpose of HIPAA Title I: Insurance Reform?

To provide continuous insurance coverage for workers and their insured dependents when they change or lose jobs

It is necessary to turn documents over or lock them in a secure drawer if you are only leaving your desk for a few moments

True

Organizations who hire or contract with individuals who have been convicted of a misdemeanor or criminal offense and are on the OIG's list of excluded individuals may be subject to civil monetary penalties

True

Part III True/False Individually identifiable health information (IIHI) is any part of a person's health data (e.g., demographic information, address, date of birth) obtained from the patient that is created or received by a covered entity

True

Recovery audit contractors are highly motivated to find claim errors as they are paid a percentage of the money they recovery

True

The HITECH Act requires that business associates comply with the HIPAA Security Rule in the same manner that a covered entity would

True

To submit an insurance claim for medical services that were not medically necessary is a violation of the False Claims Act (FCA)

True

Under HIPAA Privacy regulations, patients do not have the right to access psychotherapy notes

True

Under HIPAA, patients may request confidential communications and may restrict certain disclosures of protected health information

True

Under HITECH, civil penalties for HIPAA violations are $100 for each violation with a maximum penalty of $25,000 for all violations of the same provision in a calendar year

True

Name the three main sections of the HIPAA Security Rule for protecting electronic health information

a. Adminstrative safeguards b. Technical safeguards c. Physical safeguards

The initiative that established hotlines for the public to report issues that might indicate fraud, abuse, or waste id a. ORT b. CMP c. HEAT d. RAC

a. ORT

Under HIPAA, exceptions to the privacy are those records involving

a. When the patient is a member of a managed care organization (MCO) and the physician has signed a contract with the MCO that has a clause that says "for quality care purposes, the MCO has a right to access the medical records of their patients, and for utilization management purposes, " the MCO has a right to audit those patients' financial records b. When patients have certain communicable diseases that are highly contagious or infectious and state health agencies require providers to report, even if the patient does not want the information reported c. When a medical device breaks or malfunctions, the Food and Drug Administration (FDA) requires providers to report certain information d. When a patient is suspect in a criminal investigation or to assist in locating a missing person, material witness, or suspect, police have the right to request certain information e. When the patient's records are subpoenaed or there is a search warrant. The courts have the right to order providers to release patient information f. When there is a suspicious death or suspected crime victim, providers must report cases g. When the physician examines a patient at the request of a third party who is paying the bill, as in workers' compensation cases h. When state law requires the release of information t police that is for the good of society, such as reporting cases of child abuse, elder abuse, domestic violence, or gunshot wounds

24. The Notice of Privacy Practices (NPP) document is given to patients a. at the first visit to the practice b. at every visit to the practice c. on an annual basis d. only on request of the patient

a. at the first visit to the practice

An individual's formal written permission to use or disclose his or her personally identifiable health information for purposes other than treatment, payment, or health care operations is called a. authorization b. disclosure c. release d. consent

a. authorization

Name the three specific areas of significant change that resulted from the HITECH act

a. business associates b. notification of breach c. civil penalties for noncompliance with the provisions of HIPAA

Indicate whether each of the following situations is one of fraud or abuse a. Under the False Claims Act, billing a claim for services not medically necessary b. Changing a figure on an insurance claim form to get increased payment c. Dismissing the copayment owed by a Medicare patient d. Neglecting a refund an overpayment to the patient e. Billing for a complex fracture when the patient suffered a simple break

a. fraud b.fraud c. fraud d. fraud e. fraud

Measurable solutions that have been taken, based on accepted standards and are periodically monitored to demonstrate that an office is in compliance with HIPAA Privacy rules is referred to as a. reasonable safeguards b.privacy safeguards c. security safeguards d. standards

a. reasonable safeguards

Privacy regulations allow patients the right to obtain a copy of PHI a. under all circumstances b. if they have a court order c. only if the health care provider has determined that it would be appropriate and would not endanger the patient or any other person d. only if the patient can pay the associated fee for the copies

a. under all circumstances

When faced with the discovery of an offense or an error, the health insurance specialist should immediately report concerns a. using the established chain of command outlined in your compliance plan b. to the OIG through their telephone hotline c. to the OIG through their e-mail address d. directly to the Department of Health and Human Services

a. using the established chain of command outlined in your compliance plan

The OIG recommends that health care staff should attend trainings in "general" compliance a. as part of their initial orientation b. at least annually c. every 6 months d. every 6 years

b. at least annually

Verbal or written agreement that gives approval to some action, situation, or statement is called a. authorization b. consent c. disclosure d. release

b. consent

HIPAA transaction standards apply to the following, which are called covered entities. They are a. health care third-party payers b. health care providers c. health care clearinghouses d. all of the above

b. health care providers

The FCA provision that allows a private citizen to bring civil action for a violation on behalf of the federal government and share in any money recovered is referred to as a. minimum necessary b. qui tam c. privileged information d. exclusion statue

b. qui tam

Under the Criminal False Claims Act, fines and imprisonment penalties for making a false claim in connection with payment for health care benefits can be imposed on a. the physician who provided the services b. the health care billing specialist who prepared the claim c. the health care administrator who oversees the practice or organization d. anyone who knowingly and willfully participated in the scheme

d. anyone who knowingly and willfully participated in the scheme

Under HITECH, if a breach occurs, the covered entity a. does not have to notify the affected party b. only has to notify the affected party if they feel it is reasonable c. must notify the affected party no later than 30 calendar days after the discovery of the breach d. must notify the affected party no later than 60 calendar days after the discovery of the breach

d. must notify the affected party no later than 60 calendar days after the discovery of the breach

Compliance is the process of

meeting regulations, recommendations, and expectations of federal and state agencies that pay for health care services and regulate the industry

If a breach of privacy is discovered, the health care provider is required to take affirmative action to respond to the breach and alleviate the severity of it. This is known as ____

mitigation

An individual designated to assist the provider by putting compliance policies and procedures in place and training office staff is known as a/an

privacy officer or private official (PO)

Part II Multiple Choice 19. One of the agencies charged with enforcing laws that regulate the health care industry is: a. Drug Enforcement Agency (DEA) b. Office of Inspector General (OIG) c. National Committee on Vital and Health Statistics (NCVHS) d. Department of Internal Affairs (DIA)

19. b. Office of Inspector General (OIG)

Under HIPAA guidelines, a health care coverage carrier, such as Blue Cross/Blue Shield, that transmits health information in electronic form in connection with a transaction is called a/an

covered entity

A confidential communication related to the patient's treatment and progress that may be disclosed only with the patient's permission is known as

Confidential communication

Unauthorized release of a patient's health information is called

breach of confidential communication

Dr. John Doe contracts with an outside billing company to manage claims and accounts receivable. Under HIPAA guidelines, the billing company is considered a/ an ____ of the provider

business associate

Enforcement of the privacy standards of HIPAA is the responsibility of a. Health Care Fraud and Abuse Control Program (HCFAP) b. National Committee on Vital and Health Statistics (NCVHS) c. Office for Civil Rights (OCR) d. Federal bureau of Investigation (FBI)

c. Office of Civil Rights

Health care providers who determine that they have submitted false claims, should resolve the issue by seeking the HHS and OIG guidelines established in 2006 and referred to as a. Operation Restore Trust b. Stark I and II c. Self-Disclosure Protocol d. Safe Harbor

c. Self-Disclosure Protocol

Under HIPAA, patient sign-in sheets a. are never permissible b. are permissible c. are permissible but limit the information that is requested d. are permissible but require the practice to give the patient a number to be used when calling the patient

c. are permissible but limit the information that is requested

Stealing money that has been entrusted in one's care is referred to as a. fraud b. abuse c. embezzlement d. obstruction

c. embezzlement

An independent organization that receives insurance claims from the physician's office, performs edits, and transmits claims to insurance carriers is known as a/an

clearinghouse


Set pelajaran terkait

Chapter 24: The Digestive System

View Set

Computer concepts powerpoint ch 1-3 Thomas

View Set

Psychology Test 3 (Chapters 6, 7)

View Set