POP QUIZ!!

• • • • • What does CMS stand for?

What does HIPAA stand for?

Which is a record of all of your visits with one doctor, EMR or EHR?

Documents in a medical file are considered what kind of documents?

In a patient’s chart, if something is SUBJECTIVE, what does that mean?

• • • • •

POP QUIZ!!

What does CMS stand for?

– Centers for Medicare and Medicaid Services What does HIPAA stand for?

– Health Insurance Portability and Accountability Act Which is a record of all of your visits with one doctor, EMR or EHR?

– Electronic MEDICAL Record Documents in a medical file are considered what kind of documents?

– Legal documents In a patient’s chart, if something is SUBJECTIVE, what does that mean?

– It’s in their own words.

Lecture 2

2.3 Covered Entities and Business Associates

2-12

• • Electronic data interchange (EDI)—system-to system exchange of data in a standardized format The electronic exchange of health care information is called a transaction

2.3 Covered Entities and Business Associates (Continued)

2-13

• • • Health care organizations that must obey HIPAA regulations are called covered entities (CEs) – Transmit information electronically Clearinghouse—company that helps providers handle electronic transactions and manage EMR systems Business Associates (BA)—organizations that work for covered entities but are not themselves CEs – Law firms; outside medical billers, coders, and transcriptionists; accountants; collection agencies

2.4 HIPAA Privacy Rule

• • • HIPAA Privacy Rule—law regulating the use and disclosure of patients’ protected health information (PHI) Protected health information (PHI)—individually identifiable health information that is transmitted or maintained by electronic media Both use and disclosure of PHI are necessary and permitted for patients’ treatment, payment, and

health care operations (TPO) 2-14

2.4 HIPAA Privacy Rule (Continued)

2-15

• • • • Minimum necessary standard—taking reasonable safeguards to protect PHI from incidental disclosure Designated record set (DRS)—CE’s records that contain PHI Notice of Privacy Practices (NPP)—description of a CE’s principles and procedures related to the protection of patients’ health information For use or disclosure other than for TPO, a CE must have the patient sign an authorization

2.4 HIPAA Privacy Rule (Continued)

2-16

• Health information can be released for reasons other than TPO in some cases – Subpoena—order of a court for a party to appear and testify – Subpoena duces tecum—order of a court directing a party to appear, testify, and bring specified documents or items – De-identified health information—medical data from which individual identifiers have been removed

2.5 HIPAA Security Rule

• The HIPAA Security Rule requires CEs to establish safeguards to protect PHI – Encryption—method of converting a message into encoded text – Password—confidential authentication information (the key)

2-17

2.6 HITECH Breach Notification Rule

2-18

• • • HITECH Act requires CEs to notify affected individuals following the discovery of a breach of unsecured health information Breach—impermissible use or disclosure of PHI that could pose significant risk to the affected person Breach notification—document notifying an individual of a breach

2.7 HIPAA Electronic Health Care Transactions and Code Sets

• •

HIPAA Electronic Health Care Transactions and

Code Sets (TCS)—rule governing the electronic exchange of health information – Under HIPAA, a code set is any group of codes used for encoding data elements HIPAA National Identifier—identification systems for employers, health care providers, health plans, and patients – National Provider Identifier (NPI)—unique ten-digit identifier assigned to each provider

2-19

2.8 Fraud and Abuse Regulations

2-20

• • HIPAA created the Health Care Fraud and Abuse Control Program to uncover and prosecute fraud and abuse The HHS Office of the Inspector General (OIG) has the task of detecting health care fraud and abuse and enforcing all the related laws – Has the authority to investigate suspected fraud cases and to audit the records of physicians and payers – Audit—formal examination of a physician’s records

2.8 Fraud and Abuse Regulations (Continued)

2-21

• • Qui tam—cases in which a relator accuses another party of fraud or abuse against the federal government Relator—person who makes an accusation of fraud or abuse