Medical Insurance
Stark Rules, Antikickback Statute, and 2010 Affordable Care Act
all laws which regulate fraud and abuse.
Health Information Exchange (HIE)
an electronic system that allows physicians, nurses, pharmacists, other health care providers, and patients to appropriately access and securely share a patient's vital medical information
Informed Consent
an ethical principle that research participants be told enough to enable them to choose whether they wish to participate
Designated Record Set (DRS)
any item, collection, or grouping of info that includes PHI and is maintained by a CE
Office of E-Health Standards and Services (OESS)
part of CMS that helps to develop and coordinate the implementation of a comprehensive e-health strategy
Business Associates (BAs)
person or organization that performs a function or activity for a covered entity
Relator
person who makes an accusation of fraud or abuse
Abuse
physical or emotional harm to someone
DRS (designated record set)
protected health info and maintained by a covered entity - physicians use this when inputing info into chart
HIPAA Privacy Rule
regulations for protecting individually identifiable information about a patient's health and payment for healthcare that is created or received by a healthcare provider
A ____________ is a person who makes an accusation of fraud or abuse.
relator
HIPAA Electronic Health Care Transactions and Code Sets (TCS)
rule governing the electronic exchange of health information
Operating Rules
rules that improve interoperability between the data systems of different entities
Medical Standards of Care
state-specified performance measures for the delivery of health care
A court order to appear and testify is a
subpoena
Electronic Data Interchange (EDI)
the computer-to-computer exchange of business documents from a retailer to a vendor and back
The authorization to release information must specify...
the entity to whom the information is to be released
Centers for Medicare and Medicaid Services (CMS)
the federal government agency that administers Medicare and Medicaid
The provider owns the actual medical records, but the information in a record belongs to:
the patient
Minimum Necessary Standard
the uses/disclosures must be no more than the minimum required for the described research purpose
Audit
to check the accuracy of financial accounts and records
Code Set
under HIPAA, terms that provide for uniformity and simplification of health care billing and record keeping
National Provider Identifier (NPI)
unique ten-digit identifier assigned to each provider
OESS
Office of E-Health Standards and Services
OIG
Office of Inspector General
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a law designed to:
--ensure health insurance coverage for workers and their families when they change or lose their jobs --uncover fraud and abuse --protect peoples' private health information
Transaction
A business activity that changes assets, liabilities, or owner's equity
Medical Record
A collection of data recorded when a patient seeks medical treatment.
Password
A safeguard for access to a computer or computer program.
Notice of Privacy Practices (NPP)
A written document detailing a health care provider's privacy practices.
Disclosure of which of the following conditions requires a specific authorization from the patient other than for TPO?
AIDS
_____ is an action that improperly uses another's resources.
Abuse
ACO
Accountable Care Organization
ARRA
American Recovery and Reinvestment Act of 2009
Clearinghouse
An independent organization that receives insurance claims from the physician's office, performs software edits, and redistributes the claims electronically to various insurance carriers.
Accountable Care Organization (ACO)
An organization of healthcare providers accountable for the quality, cost, and overall care of Medicare beneficiaries who are assigned and enrolled in the traditional fee-for-service program
BA
BUSINESS ASSOCIATES
The HIPAA Privacy Rule is enforced by
Department of Justice - Office of Civil Rights
CE
COVERED ENTITY
CMS
Centers for Medicare and Medicaid Services
CMS stands for
Centers for Medicare and Medicaid Services
A(n) ______________ can be used by providers to transmit claims in the proper format for carriers.
Clearinghouse
Medical Documentation and Billing Cycle
Combination of the billing cycle and medical documentation cycle of a practice.
Which of the following is a systematic, logical, and consistent recording of a patient's health status in a medical record?
Documentation
Differences between EHR's, EMR's, and PHR'
EHR are Electronic Health Records that is are a computerized lifelong healthcare records for an individual that incorporate data from all sources that treat the individual. EMR's are Electronic Medical Records that are computerized records of one physicians encounters of a patient over time that are the physicians legal record of a pt's care. PHR's are Personal Health Records that are private, secure electronic files that are created, maintained, and controlled by pt.
EDI
Electronic Data Interchange
Malpractice
Failure by a health professional to meet accepted standards
_____________ is deception with intent to benefit from the behavior.
Fraud
Office for Civil Rights (OCR)
Government agency that enforces the HIPAA Privacy Act.
HIE
HEALTH INFORMATION EXCHANGE
TCS
HIPAA Electronic Health Care Transaction and Code Sets
Under which act can a patient restrict the access of health plans to their medical records if they pay for the service in full at the time of visit?
HITECH
HITECH
Health Information Technology for Economic and Clinical Health Act
HIPAA
Health Insurance Portability and Accountability Act
HIPAA is the abbreviation for the
Health Insurance Portability and Accountability Act
Covered Entity (CE)
Health plan, clearinghouse, or provider that transmits any health information in electronic form.
Protected Health Information (PHI)
Information that contains one or more patient identifiers.
HIPAA Security Rule
Law that requires covered entities to establish administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of health information.
The importance of accurate documentation when working with medical records
Medical records are created based on a variety of different types of documentation for pt's encounters to provide the best possible care
NPI
National Provider Identifier
NPP
Notice of Privacy Practices
OCR
Office of Civil Rights
Releasing protected health information for other than treatment, payment, or healthcare operations requires
Patient's signed authorization
Minimum Necessary Standard
Principle that individually identifiable health information should be disclosed only to the extent needed to support the purpose of the disclosure.
PHI
Protected Health Information
In a SOAP format, which of the following is information from the patient?
Subjective
SOAP is the abbreviation for which of the following?
Subjective/Objective/Assessment/Plan
Evaluation and Management (E/M)
The CPT codes used to capture the face-to-face time between a patient and the care provider; takes into consideration the extent of the history, extent of the physical exam, and the level of medical decision making required.
Documentation
The act of creating citations to identify resources used in writing a work.
Department of Justice (DOJ)
The department within the executive branch of the federal government that is headed by the Attorney General and staffed by U.S. Attorneys.
Authorization
The process of giving someone permission to do or have something
TPO
Treatment, Payment & Operations
Compliance Plan
a medical practice's written plan for complying with regulations
Encryption
a process of encoding messages to keep them secret, so only "authorized" parties can read it.
Meaningful Use
a set of government mandated criteria that must be obtained for every patient
Breach
a violation; a gap or break
An impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of PHI and also that could pose a significant risk of financial, reputational, or other harm to the affected person is called a
breach
A vendor such as a software firm that does business with a covered entity is called a(n)
business associate
How have most privacy complaints under HIPAA been resolved?
by voluntary compliance
compliance plan contains...
consistent written policies and procedures
The American Recovery and Reinvestment act (ARRA) of 2009
contains additional provisions concerning the standards for electronic transmission of health care data.
Under HIPAA, an organization that electronically transmits patients' protected health information is a(n)
covered entity
When personal identifiers have been removed, protected health information is called
de-identified --De-identified health information has had the personal identifiers removed--
Breach Notification
document used by a covered entity to notify individuals of a breach in their PHI required under the new HITECH breach notification rules
Account of Disclosure
documentation of the disclosure of a patient's PHI in that person's medical record in unauthorized cases
EHR is the abbreviation for
electronic health record
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
federal act with guidelines for standardizing the electronic date interchange of administrative and financial transaction, exposing fraud and abuse, and protecting PHI
Office of the Inspector General (OIG)
government agency that investigates and prosecutes fraud
Health Care Fraud and Abuse Control Program
government program to uncover misuse of funds in federal health care programs run by the Office of the Inspector General
The Health Care Fraud and Abuse Control Program
government program to uncover misuse of funds in federal health care programs run by the Office of the Inspector General
HIPAA National Identifiers are for ?
health care providers, employers, and patients
HIPAA identifies three types of covered entities:
health plans, clearinghouses, and providers
HIPAA National Identifiers
identification systems for employers, healthcare providers, health plans, and patients
Health Information Technology for Economic and Clinical Health Act (HITECH)
law promoting the adoption and use of health information technology (HIT)
American Recovery and Reinvestment Act of 2009 (ARRA)
law with provisions concerning the standards for the electronic transmission of healthcare data
Treatment, Payment, and Healthcare Operations (TPO)
legitimates reasons for the sharing of patient's PHI without authorization
De-identitfied Health Information
medical data from which individual identifiers have been removed
Encounter
meeting
Patients always have the right to...
withdraw their authorization to release information
Fraud
wrongful or criminal deception intended to result in financial or personal gain