Your SlideShare is downloading. ×
0
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Survey of Medical Insurance pp ch02
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Survey of Medical Insurance pp ch02

1,570

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,570
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Teaching Notes:   Have students define all key terms as an assignment. Then, in class, ask each student to define one key term aloud.   Optional assignment: Have students do an Internet search of one key term and write a short paragraph describing what they learned about that term from looking at a few websites.
  • Teaching Notes:   Have students define all key terms as an assignment. Then, in class, ask each student to define one key term aloud.   Optional assignment: Have students do an Internet search of one key term and write a short paragraph describing what they learned about that term from looking at a few websites.
  • Teaching Notes:   Have students define all key terms as an assignment. Then, in class, ask each student to define one key term aloud.   Optional assignment: Have students do an Internet search of one key term and write a short paragraph describing what they learned about that term from looking at a few websites.
  • Learning Outcome: 2.1 Discuss the importance of medical records and documentation in the medical billing cycle. Pages: 42-52 Teaching Notes:   Have students explain the need for medical practices to keep sound documentation.
  • Learning Outcome: 2.1 Discuss the importance of medical records and documentation in the medical billing cycle. Pages: 42-52 Teaching Notes:   Ask students to explain the differences between EHRs and EMRs, in their own words.
  • Learning Outcome: 2.1 Discuss the importance of medical records and documentation in the medical billing cycle. Pages: 42-52 Teaching Notes:   Examine the parts of SOAP notes with your students using Figures 2.1 – 2.4 as examples.
  • Learning Outcome: 2.2 Compare the intent of HIPAA and ARRA/HITECH laws. Pages: 52-53 Teaching Notes:   Highlight the importance of HIPAA for your students, and elaborate on its main goals. (Protecting people’s private health information, ensuring health insurance coverage when people change or lose jobs, uncovering fraud and abuse, and creating standards for electronic transmission of health care transactions.)
  • Learning Outcome: 2.2 Compare the intent of HIPAA and ARRA/HITECH laws. Pages: 52-53 Teaching Notes:   Ask students to explain the reasons why they think the HITECH Act was put into law.
  • Learning Outcome: 2.3 Describe the relationship between covered entities and business associates. Pages: 53-55 Teaching Notes:   Have students debate the advantages and disadvantages that they see in the use of EDI.
  • Learning Outcome: 2.3 Describe the relationship between covered entities and business associates. Pages: 53-55 Teaching Notes:   Introduce students to the three main types of covered entities that must follow the HIPAA rules. (Health plans, health care clearinghouses, and health care providers.)
  • Learning Outcome: 2.4 E xplain the purpose of the HIPAA Privacy Rule. Pages: 55-62 Teaching Notes:   Give students some examples of protected health information. (Name, address, names of relatives and employers, birth date, telephone and fax numbers, e-mail address, Social Security number, medical record number, health plan beneficiary number, account number, certificate or license number, serial number of any vehicle, website address, fingerprints or voiceprints, photographic images, etc.)
  • Learning Outcome: 2.4 E xplain the purpose of the HIPAA Privacy Rule. Pages: 55-62 Teaching Notes:   Discuss the types of information that are included in a designated record set, as well as the information that is not included, with the class. (Medical and billing records are included, whereas appointment and surgery schedules, requests for lab tests, and birth and death records are not included.) Examine the contents of the Notice of Privacy Practices, which appears as Figure 2.8, with the class.
  • Learning Outcome: 2.4 E xplain the purpose of the HIPAA Privacy Rule. Pages: 55-62 Teaching Notes:   Have students discuss the reasons why some exceptions are made for the release of PHI other than for TPO.
  • Learning Outcome: 2.5 Briefly state the purpose of the HIPAA Security Rule. Pages: 63-64 Teaching Notes:   Have students create examples of good and bad passwords.
  • Learning Outcome: 2.6 Explain the purpose of the HITECH Breach Notification Rule. Pages: 64-66 Teaching Notes:   Ask students to explain why they think that the breach notification procedures outlined by HITECH are either too lenient, too strict, or appropriate.
  • Learning Outcome: 2.7 Describe the HIPAA Electronic Health Care Transactions and Code Sets standards and the four National Identifiers. Pages: 66-68 Teaching Notes:   Review the HIPAA standard code sets in Table 2.2 with your students.
  • Learning Outcome: 2.8 Explain the purpose of the Health Care Fraud and Abuse Control Program and related laws. Pages: 68-71 Teaching Notes:   Instruct your students to visit the OIG Home Page and to look at some of the information on fraud prevention and detection. (http://oig.hhs.gov/)
  • Learning Outcome: 2.8 Explain the purpose of the Health Care Fraud and Abuse Control Program and related laws. Pages: 68-71 Teaching Notes:   Analyze the three cases provided in the text with your students, and have them debate the outcomes of these cases.
  • Learning Outcome: 2.8 Explain the purpose of the Health Care Fraud and Abuse Control Program and related laws. Pages: 68-71 Teaching Notes:   Ask your students to explain the difference between fraud and abuse, in their own words.
  • Learning Outcome: 2.9 Identify the organizations that enforce HIPAA. Pages: 71-73 Teaching Notes:   Have students debate the severity of the punishments associated with criminal cases, as seen in the chart on page 73.
  • Learning Outcome: 2.10 Discuss the ways in which compliance plans help medical practices avoid fraud or abuse. Pages: 74-75 Teaching Notes:   Explain the seven elements that should be part of a compliance plan, according to the OIG. ((1) Consistent written policies and procedures; (2) Appointment of a compliance officer and committee; (3) Training; (4) Communication; (5) Disciplinary systems; (6) Auditing and monitoring; (7) Responding to and correcting errors.)
  • Transcript

    • 1. 2 HIPAA, HITECH, and Medical Records
    • 2. Learning Outcomes <ul><li>When you finish this chapter, you will be able to: </li></ul><ul><li>2.1 Discuss the importance of medical records and documentation in the medical billing process. </li></ul><ul><li>2.2 Compare the intent of HIPAA and ARRA/HITECH laws. </li></ul><ul><li>2.3 Describe the relationship between covered entities and business associates. </li></ul><ul><li>2.4 Explain the purpose of the HIPAA Privacy Rule. </li></ul><ul><li>2.5 Briefly state the purpose of the HIPAA Security Rule. </li></ul><ul><li>2.6 Explain the purpose of the HITECH Breach Notification Rule. </li></ul>2-2
    • 3. Learning Outcomes (Continued) <ul><li>When you finish this chapter, you will be able to: </li></ul><ul><li>2.7 Describe the HIPAA Electronic Health Care Transactions and Code Sets standards and the four National Identifiers. </li></ul><ul><li>2.8 Explain the purpose of the Health Care Fraud and Abuse Control Program and related laws. </li></ul><ul><li>2.9 Identify the organizations that enforce HIPAA. </li></ul><ul><li>2.10 Discuss the ways in which compliance plans help medical practices avoid fraud or abuse. </li></ul>2-3
    • 4. Key Terms <ul><li>abuse </li></ul><ul><li>American Recovery and Reinvestment Act (ARRA) of 2009 </li></ul><ul><li>audit </li></ul><ul><li>authorization </li></ul><ul><li>breach </li></ul><ul><li>breach notification </li></ul><ul><li>business associate (BA) </li></ul><ul><li>Centers for Medicare and Medicaid Services (CMS) </li></ul>2-4 <ul><li>clearinghouse </li></ul><ul><li>code set </li></ul><ul><li>compliance plan </li></ul><ul><li>covered entity (CE) </li></ul><ul><li>de-identified health information </li></ul><ul><li>designated record set (DRS) </li></ul><ul><li>documentation </li></ul><ul><li>electronic data interchange (EDI) </li></ul><ul><li>electronic health record (EHR) </li></ul>
    • 5. Key Terms (Continued) <ul><li>electronic medical record (EMR) </li></ul><ul><li>encounter </li></ul><ul><li>encryption </li></ul><ul><li>evaluation and management (E/M) </li></ul><ul><li>fraud </li></ul><ul><li>Health Care Fraud and Abuse Control Program </li></ul><ul><li>Health Insurance Portability and Accountability Act (HIPAA) of 1996 </li></ul>2-5 <ul><li>HIPAA Electronic Health Care Transactions and Code Sets (TCS) </li></ul><ul><li>HIPAA final enforcement rule </li></ul><ul><li>HIPAA National Identifier </li></ul><ul><li>HIPAA Privacy Rule </li></ul><ul><li>HIPAA Security Rule </li></ul><ul><li>HITECH Act </li></ul><ul><li>informed consent </li></ul><ul><li>malpractice </li></ul><ul><li>medical record </li></ul>
    • 6. Key Terms (Continued) <ul><li>medical standards of care </li></ul><ul><li>minimum necessary standard </li></ul><ul><li>National Provider Identifier (NPI) </li></ul><ul><li>Notice of Privacy Practices (NPP) </li></ul><ul><li>Office for Civil Rights (OCR) </li></ul><ul><li>Office of the Inspector General (OIG) </li></ul>2-6 <ul><li>password </li></ul><ul><li>protected health information (PHI) </li></ul><ul><li>qui tam </li></ul><ul><li>relator </li></ul><ul><li>respondeat superior </li></ul><ul><li>subpoena </li></ul><ul><li>subpoena duces tecum </li></ul><ul><li>transaction </li></ul><ul><li>treatment, payment, and health care operations (TPO) </li></ul>
    • 7. 2.1 Medical Record Documentation <ul><li>A patient’s medical record contains facts, findings, and observations about that patient’s health </li></ul><ul><li>Documentation is the recording of a patient’s health status in a medical record history </li></ul><ul><li>Medical standards of care— state-specified performance measures for health care delivery </li></ul><ul><ul><li>Medical records and documentation act as legal documents and help physicians make accurate diagnoses </li></ul></ul><ul><ul><li>Malpractice —failure to use professional skill when giving medical services that results in injury or harm </li></ul></ul>2-7
    • 8. 2.1 Medical Record Documentation (Continued) <ul><li>Encounter —an office visit between a patient and a medical professional </li></ul><ul><li>Evaluation and management (E/M)— provider’s evaluation of a patient’s condition and decision on a course of treatment </li></ul><ul><li>Electronic health record (EHR)— computerized lifelong health care record with data from all sources </li></ul><ul><li>Electronic medical record (EMR)— computerized record of one physician’s encounters with a patient </li></ul>2-8
    • 9. 2.1 Medical Record Documentation (Continued) <ul><li>Informed consent— process by which a patient authorizes medical treatment after a discussion with a physician </li></ul>2-9
    • 10. 2.2 Health Care Regulation: HIPAA and HITECH <ul><li>The main federal government agency responsible for health care is the Centers for Medicare and Medicaid Services, also known as CMS </li></ul><ul><li>The foundation legislation for the privacy of patients’ health information is called the Health Insurance Portability and Accountability Act (HIPAA) of 1996 </li></ul><ul><ul><li>Protects private health information, ensures coverage, uncovers fraud and abuse, and creates industry standards </li></ul></ul>2-10
    • 11. 2.2 Health Care Regulation: HIPAA and HITECH (Continued) <ul><li>American Recovery and Reinvestment Act (ARRA) of 2009—law with provisions concerning the standards for the electronic transmission of health care data </li></ul><ul><ul><li>Contains the HITECH Act— law promoting the adoption and use of health information technology </li></ul></ul>2-11
    • 12. 2.3 Covered Entities and Business Associates <ul><li>Electronic data interchange (EDI)— system-to-system exchange of data in a standardized format </li></ul><ul><li>The electronic exchange of health care information is called a transaction </li></ul>2-12
    • 13. 2.3 Covered Entities and Business Associates (Continued) <ul><li>Health care organizations that must obey HIPAA regulations are called covered entities (CEs) </li></ul><ul><ul><li>Transmit information electronically </li></ul></ul><ul><li>Clearinghouse— company that helps providers handle electronic transactions and manage EMR systems </li></ul><ul><li>Business Associates (BA) —organizations that work for covered entities but are not themselves CEs </li></ul><ul><ul><li>Law firms; outside medical billers, coders, and transcriptionists; accountants; collection agencies </li></ul></ul>2-13
    • 14. 2.4 HIPAA Privacy Rule <ul><li>HIPAA Privacy Rule —law regulating the use and disclosure of patients’ protected health information (PHI) </li></ul><ul><li>Protected health information (PHI)— individually identifiable health information that is transmitted or maintained by electronic media </li></ul><ul><li>Both use and disclosure of PHI are necessary and permitted for patients’ treatment, payment, and health care operations (TPO) </li></ul>2-14
    • 15. 2.4 HIPAA Privacy Rule (Continued) <ul><li>Minimum necessary standard —taking reasonable safeguards to protect PHI from incidental disclosure </li></ul><ul><li>Designated record set (DRS )—CE’s records that contain PHI </li></ul><ul><li>Notice of Privacy Practices (NPP) —description of a CE’s principles and procedures related to the protection of patients’ health information </li></ul><ul><li>For use or disclosure other than for TPO, a CE must have the patient sign an authorization </li></ul>2-15
    • 16. 2.4 HIPAA Privacy Rule (Continued) <ul><li>Health information can be released for reasons other than TPO in some cases </li></ul><ul><ul><li>Subpoena —order of a court for a party to appear and testify </li></ul></ul><ul><ul><li>Subpoena duces tecum —order of a court directing a party to appear, testify, and bring specified documents or items </li></ul></ul><ul><ul><li>De-identified health information —medical data from which individual identifiers have been removed </li></ul></ul>2-16
    • 17. 2.5 HIPAA Security Rule <ul><li>The HIPAA Security Rule requires CEs to establish safeguards to protect PHI </li></ul><ul><ul><li>Encryption —method of converting a message into encoded text </li></ul></ul><ul><ul><li>Password —confidential authentication information (the key) </li></ul></ul>2-17
    • 18. 2.6 HITECH Breach Notification Rule <ul><li>HITECH Act requires CEs to notify affected individuals following the discovery of a breach of unsecured health information </li></ul><ul><li>Breach —impermissible use or disclosure of PHI that could pose significant risk to the affected person </li></ul><ul><li>Breach notification— document notifying an individual of a breach </li></ul>2-18
    • 19. 2.7 HIPAA Electronic Health Care Transactions and Code Sets <ul><li>HIPAA Electronic Health Care Transactions and Code Sets (TCS) —rule governing the electronic exchange of health information </li></ul><ul><ul><li>Under HIPAA, a code set is any group of codes used for encoding data elements </li></ul></ul><ul><li>HIPAA National Identifier— identification systems for employers, health care providers, health plans, and patients </li></ul><ul><ul><li>National Provider Identifier (NPI)— unique ten-digit identifier assigned to each provider </li></ul></ul>2-19
    • 20. 2.8 Fraud and Abuse Regulations <ul><li>HIPAA created the Health Care Fraud and Abuse Control Program to uncover and prosecute fraud and abuse </li></ul><ul><li>The HHS Office of the Inspector General (OIG) has the task of detecting health care fraud and abuse and enforcing all the related laws </li></ul><ul><ul><li>Has the authority to investigate suspected fraud cases and to audit the records of physicians and payers </li></ul></ul><ul><ul><li>Audit— formal examination of a physician’s records </li></ul></ul>2-20
    • 21. 2.8 Fraud and Abuse Regulations (Continued) <ul><li>Qui tam — cases in which a relator accuses another party of fraud or abuse against the federal government </li></ul><ul><li>Relator— person who makes an accusation of fraud or abuse </li></ul>2-21
    • 22. 2.8 Fraud and Abuse Regulations (Continued) <ul><li>Fraud— an act of deception used to take advantage of another person </li></ul><ul><ul><li>Example—forging another person’s signature </li></ul></ul><ul><li>In federal law, abuse means an action that misuses money that the government has allocated </li></ul><ul><ul><li>Example—billing Medicare for an unnecessary ambulance service </li></ul></ul>2-22
    • 23. 2.9 Enforcement and Penalties <ul><li>HIPAA final enforcement rule— law designed to combine the enforcement procedures for privacy and security standards into a single rule </li></ul><ul><li>Office for Civil Rights (OCR)— government agency that enforces the HIPAA Privacy Act </li></ul><ul><li>Criminal violations of HIPAA privacy standards are prosecuted by the Department of Justice (DOJ) </li></ul><ul><ul><li>Other standards are enforced by the CMS </li></ul></ul>2-23
    • 24. 2.10 Compliance Plans <ul><li>Compliance plan— medical practice’s written plan for complying with regulations </li></ul><ul><ul><li>Used to uncover compliance problems and correct them to avoid risking liability </li></ul></ul><ul><ul><li>A process for finding, correcting, and preventing illegal medical office practices </li></ul></ul><ul><li>Respondeat superior — doctrine making employers responsible for employee actions </li></ul>2-24

    ×