• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Issues and Trends in HBI Ch 2
 

Issues and Trends in HBI Ch 2

on

  • 893 views

 

Statistics

Views

Total Views
893
Views on SlideShare
207
Embed Views
686

Actions

Likes
0
Downloads
1
Comments
0

1 Embed 686

http://moodle.richmondcc.edu 686

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Teaching Notes: <br /> Suggest to students that they review the key terms in this chapter prior to reading the chapter or hearing the lecture. This will enhance their understanding of the material. <br />   <br />
  • . <br />
  • Learning Outcome: 2.1 Explain the importance of accurate documentation when working with medical records. <br /> Teaching Notes: <br /> Ask students to identify and describe at least three important facts in the medical record about the patient. <br /> Discuss why documentation in the medical record must be accurate and consistent at all times. Ask students to describe a few strategies for ensuring accuracy. <br /> Ask students to write a paragraph that discusses and provides an example of how documentation errors can result in malpractice. <br />
  • Learning Outcome: 2.1 Discuss the importance of medical records and documentation in the medical billing cycle. <br /> Teaching Notes: <br /> Ask students to list the elements that should be documented for every patient encounter. <br /> Ask students to identify the differences between EHRs and EMRs and discuss how they are used in the medical office. <br />
  • Learning Outcome: 2.1 Discuss the importance of medical records and documentation in the medical billing cycle. <br /> Teaching Notes: <br />   <br /> Ask students to define informed consent and describe how it benefits the patient. <br /> Examine the medical documentation and billing cycle using Figure 2.4, and then ask students to describe each step. <br /> Examine the parts of SOAP notes with your students using Figure 2.2 as an example, and then ask students to describe the SOAP note format. <br />
  • Learning Outcome: 2.2 Compare the intent of HIPAA and ARRA/HITECH laws. <br /> Teaching Notes: <br />   <br /> Visit the Centers for Medicare and Medicaid Services (CMS) website with students and discuss the various links and information that can be helpful for medical insurance reimbursement. <br />
  • Learning Outcome: 2.2 Compare the intent of HIPAA and ARRA/HITECH laws. <br /> Teaching Notes: <br />   <br /> Ask students to examine Table 2.2 Meaningful Use Objectives and describe why these objectives have the potential to improve the quality of healthcare. <br /> Discuss the way that health information exchanges (HIEs) enable the sharing of health-related information among provider organizations. Why is standardization important? <br />
  • Learning Outcome: 2.2 Compare the intent of HIPAA and ARRA/HITECH laws. <br /> Teaching Notes: <br />   <br /> Define an ACO and have students determine if any ACOs have been established locally. <br /> Ask students to identify and explain the advantages of avoiding unnecessary medical tests and exams. <br />
  • Learning Outcome: 2.3 Describe the relationship between covered entities and business associates. <br /> Teaching Notes: <br /> Ask students to identify and discuss the benefits and risks of using electronic data interchange (EDI). <br /> Ask students to explain how EDI transactions provide a paperless exchange of information and how good keyboarding skills can benefit a medical insurance specialist. <br />
  • Learning Outcome: 2.3 Describe the relationship between covered entities and business associates. <br /> Teaching Notes: <br />   <br /> Discuss how each of the following covered entities must follow HIPAA rules: health plans, healthcare clearinghouses, and healthcare providers. <br /> Have students differentiate between CEs and BAs, explaining the effect that HITECH has had on the rules governing BAs. <br />
  • Learning Outcome: 2.4 Explain the purpose of the HIPAA Privacy Rule. <br /> Teaching Notes: <br />   <br /> Refer to the list of protected health information on page 49 and ask students to explain why the following examples of health information are protected by the HIPAA Privacy Rule: name, address, names of relatives and employers, birth date, telephone and fax numbers, e-mail address, Social Security number, medical record number, health plan beneficiary number, account number, certificate or license number, serial number of any vehicle, website address, fingerprints or voiceprints, and photographic images. <br /> Explain the use and disclosure of PHI under TPO and provide examples of each type of use. <br />
  • Learning Outcome: 2.4 Explain the purpose of the HIPAA Privacy Rule. <br /> Teaching Notes: <br />   <br /> Discuss types of information included in a designated record set as well as excluded information. For example, medical and billing records are included, whereas appointment and surgery schedules, requests for lab tests, and birth and death records are not included. <br /> Refer to Figure 2.5 and examine the Notice of Privacy Practices; then ask students to explain how this form protects the patient’s privacy. <br />
  • Learning Outcome: 2.4 Explain the purpose of the HIPAA Privacy Rule. <br /> Teaching Notes: <br />   <br /> Ask students to identify and discuss the reasons why some exceptions are made for the release of PHI. <br /> Ask students to describe the goal of de-identification. <br />
  • Learning Outcome: 2.5 Briefly state the purpose of the HIPAA Security Rule. <br /> Teaching Notes: <br />   <br /> Ask students to provide examples of good and bad passwords. <br /> Ask students why DOB or first and last names do not make secure passwords. <br /> Give examples of a mixture of uppercase and lowercase letters and explain that if the system permits, passwords should include special characters, such as @, $, or &. <br />
  • Learning Outcome: 2.6 Explain the purpose of the HITECH Breach Notification Rule. <br /> Teaching Notes: <br />   <br /> Ask students to explain the breach notification procedures outlined by HITECH, and discuss its effectiveness and how well it protects patients. <br /> Ask students to discuss strategies for ensuring the protection of PHI in the workplace. <br />
  • Learning Outcome: 2.7 Explain how the HIPAA Electronic Health Care Transactions and Code Sets standards influence the electronic exchange of health information. <br /> Teaching Notes: <br />   <br /> Review the HIPAA standard code sets in Table 2.3 with your students and discuss the impact of a standardized coding system. <br /> Ask students to discuss how a National Provider Identifier (NPI) can help a third-party payer ensure accurate reimbursement. <br />
  • Learning Outcome: 2.8 Explain how to guard against potentially fraudulent situations. <br /> Teaching Notes: <br />   <br /> Ask students to explain why it is important to identify medical insurance fraud and report it to the appropriate authorities. <br /> Examine the OIG Home Page (http://oig.hhs.gov/) with your students and review information on fraud prevention and detection. <br />
  • Learning Outcome: 2.8 Explain how to guard against potentially fraudulent situations. <br /> Teaching Notes: <br />   <br /> Ask students to identify the differences between fraud and abuse and to suggest examples of fraudulent or abusive behaviors. <br />
  • Learning Outcome: 2.9 Explain how various organizations enforce HIPAA. <br /> Teaching Notes: <br />   <br /> Enforcing HIPAA standards is the job of several government agencies. <br /> Office for Civil Rights enforces civil violations of HIPAA. <br /> The Department of Justice enforces criminal violations of HIPAA. <br />
  • Learning Outcome: 2.9 Explain how various organizations enforce HIPAA. <br /> Teaching Notes: <br /> OESS enforces the other HIPAA standards. <br /> Office of the Inspector General investigates and enforces fraud and abuse laws. <br /> Define audit and have students look at current audit reports on the OIG website.  <br />
  • Learning Outcome: 2.9 Explain how various organizations enforce HIPAA. <br /> Teaching Notes: <br />   <br /> Ask students discuss the punishments associated with criminal cases, as seen in the chart on page 68. <br /> Ask students to define the law of respondeat superior and discuss whether it should apply to all cases. <br />
  • Learning Outcome: 2.10 Assess the benefits of a compliance plan. <br /> Teaching Notes: <br />   <br /> Explain and discuss the benefits of the seven elements that should be part of a compliance plan, according to the OIG: (1) consistent written policies and procedures; (2) appointment of a compliance officer and committee; (3) training; (4) communication; (5) disciplinary systems; (6) auditing and monitoring; and (7) responding to and correcting errors. <br /> Compliance plans are written and maintained by the practice’s compliance officer and an assigned. <br />
  • Learning Outcome: 2.10 Assess the benefits of a compliance plan. <br /> Teaching Notes: <br /> Explain and discuss the importance of a compliance plan in all areas including PHI, hiring, Occupational Safety and Health Administration regulations (OSHA), and handling of hazardous materials such as blood-borne pathogens. <br /> Ask students to explain how a compliance plan can help defend the practice and prevent fraud and abuse. <br />
  • Learning Outcome: 2.10 Assess the benefits of a compliance plan. <br /> Teaching Notes: <br /> Ask students to identify and describe the differences between the compliance officer’s duties and the compliance committee’s duties. <br /> Ask students to explain how a compliance plan can help defend the practice and prevent fraud and abuse. <br /> Optional Assignment: <br /> Ask students to write a paragraph that discusses how voluntary internal audits can help improve quality in a medical practice. <br />
  • Learning Outcome: 2.10 Assess the benefits of a compliance plan. <br /> Teaching Notes: <br /> Ask students to discuss why ethical behavior in a practice’s daily operations would reduce the risk of non-compliance. <br /> Ask students to provide examples of strategies that can encourage and ensure compliance. <br /> Optional Assignment: <br /> Ask students to write a paragraph that provides a plan to encourage employees to report compliance concerns directly to the compliance officer. <br />
  • Learning Outcome: 2.10 Assess the benefits of a compliance plan. <br /> Teaching Notes: <br /> Discuss with students how ongoing training can ensure compliance. <br />

Issues and Trends in HBI Ch 2 Issues and Trends in HBI Ch 2 Presentation Transcript

  • CHAPTER 2 Electronic Health Records, HIPAA, and HITECH: Sharing and Protecting Patients’ Health Information © 2014 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.
  • Learning Outcomes 2-2 When you finish this chapter, you should be able to: 2.1 Explain the importance of accurate documentation when working with medical records. 2.2 Compare the intent of HIPAA and ARRA/HITECH laws. 2.3 Describe the relationship between covered entities and business associates. 2.4 Explain the purpose of the HIPAA Privacy Rule. 2.5 Briefly state the purpose of the HIPAA Security Rule. 2.6 Explain the purpose of the HITECH Breach Notification Rule.
  • Learning Outcomes (continued) When you finish this chapter, you should be able to: 2.7 Explain how the HIPAA Electronic Health Care Transactions and Code Sets standards influence the electronic exchange of health information. 2.8 Explain how to guard against potentially fraudulent situations. 2.9 Explain how various organizations enforce HIPAA. 2.10 Assess the benefits of a compliance plan. 2-3
  • 2-4 Key Terms • abuse • accountable care organization (ACO) • accounting of disclosure • American Recovery and Reinvestment Act (ARRA) of 2009 • audit • authorization • breach • breach notification • business associate (BA) • Centers for Medicare and Medicaid Services (CMS) • clearinghouse • code set • compliance plan • covered entity (CE) • de-identified health information • designated record set (DRS) • documentation • electronic data interchange (EDI) • encounter
  • Key Terms (continued) • encryption • evaluation and management (E/M) • fraud • Health Care Fraud and Abuse Control Program • health information exchange (HIE) • Health Insurance Portability and Accountability Act (HIPAA) of 1996 2-5 • Health Information Technology for Economic and Clinical Health (HITECH) Act • HIPAA Electronic Health Care Transactions and Code Sets (TCS) • HIPAA National Identifiers • HIPAA Privacy Rule • HIPAA Security Rule • informed consent • malpractice
  • Key Terms (continued) • meaningful use • medical documentation and billing cycle • medical record • medical standards of care • minimum necessary standard • National Provider Identifier (NPI) • Notice of Privacy Practices (NPP) • Office for Civil Rights (OCR) 2-6 • Office of E-Health standards and Services (OESS) • Office of the Inspector General (OIG) • operating rules • password • protected health information (PHI) • relator • transaction • treatment, payment, and healthcare operations (TPO)
  • 2.1 Medical Record Documentation: Electronic Health Records • A patient’s medical record contains facts, findings, and observations about that patient’s health • Documentation is recording and organizing a patient’s health status in a consistent manner • Medical standards of care—state-specified performance measures for healthcare delivery – Medical records and documentation act as legal documents and help physicians make accurate diagnoses – Malpractice—failure to use professional skill when giving medical services that results in injury or harm 2-7
  • 2.1 Medical Record Documentation (continued) 2-8 • Encounter—a visit between a patient and a medical professional • Evaluation and Management (E/M)—provider’s evaluation of a patient’s condition and decision on a course of treatment • Electronic health record (EHR)—computerized lifelong healthcare record with data from all sources • Electronic medical record (EMR)—computerized record of one physician’s encounters with a patient
  • 2.1 Medical Record Documentation (continued) • Informed consent—process by which a patient authorizes medical treatment after a discussion with a physician • Medical documentation and billing cycle – interrelated cycles to graphically explain integration of EHR with practice management program • SOAP notes – Subjective – Objective – Assessment – Plan 2-9
  • 2.2 Healthcare Regulation: HIPAA and HITECH 2-10 • The main federal government agency responsible for healthcare is the Centers for Medicare and Medicaid Services (CMS) • States are also a major regulator • The foundation legislation for the privacy of patients’ health information is called the Health Insurance Portability and Accountability Act (HIPAA) of 1996 – Protects private health information, ensures coverage, uncovers fraud and abuse, and creates industry standards
  • 2.2 Healthcare Regulation: HIPAA and HITECH (continued) 2-11 • American Recovery and Reinvestment Act (ARRA) of 2009—law with provisions concerning standards for electronic transmission of healthcare data – Contains the HITECH Act—law promoting the adoption and use of health information technology – Meaningful use signifies utilization of certified EHR technology to improve quality, efficiency, and patient safety – Health information exchange (HIE) makes it possible to share health-related information among provider organizations
  • 2.2 Healthcare Regulation: HIPAA and HITECH (continued) • ACA and Accountable Care Organizations – ACA offers incentives to form accountable care organizations (ACOs) – ACO is network of doctors and hospitals who share responsibility for managing quality and cost of care provided to a group of patients – Goal is to avoid unnecessary tests and procedures 2-12
  • 2.3 Covered Entities and Business Associates 2-13 • Electronic data interchange (EDI)—system-tosystem exchange of data in a standardized format • The electronic exchange of healthcare information is called a transaction
  • 2.3 Covered Entities and Business Associates (continued) 2-14 • Healthcare organizations that must obey HIPAA regulations are called covered entities (CEs) – Transmit information electronically • Clearinghouse—company that helps providers handle electronic transactions and manage EMR systems • Business associates (BAs)—organizations that work for covered entities but are not themselves CEs – Law firms; outside medical billers, coders, and transcriptionists; accountants; collection agencies
  • 2.4 HIPAA Privacy Rule • HIPAA Privacy Rule—law regulating use and disclosure of patients’ protected health information (PHI) • Protected health information (PHI)— individually identifiable health information transmitted or maintained by electronic media • Both use and disclosure of PHI are necessary and permitted for patients’ treatment, payment, and healthcare operations (TPO) 2-15
  • 2.4 HIPAA Privacy Rule (continued) • Minimum necessary standard—principle of using reasonable safeguards to disclose PHI only to the extent needed • Designated record set (DRS)—CE’s records that contain PHI • Notice of Privacy Practices (NPP)— description of a CE’s principles and procedures related to protection of patients’ health information • Accounting of disclosure – documentation of unauthorized release of information 2-16
  • 2.4 HIPAA Privacy Rule (continued) • For use or disclosure other than TPO, a CE must have the patient sign an authorization • Health information can be released for reasons other than TPO in some cases – – – – – Court orders Worker’s compensation cases Statutory reports Research Self-pay requests for restrictions De-identified health information—medical data from which individual identifiers have been removed 2-17
  • 2.5 HIPAA Security Rule • The HIPAA Security Rule requires CEs to establish safeguards to protect PHI – Encryption—method of converting a message into encoded text – Password—confidential authentication information (the key) 2-18
  • 2.6 HITECH Breach Notification Rule 2-19 • HITECH Act requires CEs to notify affected individuals following the discovery of a breach of unsecured health information • Breach—impermissible use or disclosure of PHI that could pose significant risk to the affected person • Breach notification—document notifying an individual of a breach
  • 2.7 HIPAA Electronic Health Care Transactions and Code Sets 2-20 • HIPAA Electronic Health Care Transactions and Code Sets (TCS)—rule governing electronic exchange of health information – Operating rules improve interoperability between data systems of different entities – Under HIPAA, a code set is any group of codes used for encoding data elements • HIPAA National Identifiers—identification systems for employers, healthcare providers, health plans, and patients – National Provider Identifier (NPI)—unique ten-digit identifier assigned to each provider
  • 2.8 Fraud and Abuse Regulations • HIPAA created the Health Care Fraud and Abuse Control Program to uncover and prosecute fraud and abuse • The HHS Office of the Inspector General (OIG) has the task of detecting healthcare fraud and abuse and enforcing all related laws – Has authority to investigate suspected fraud cases and to audit records of physicians and payers – Relator—person who makes an accusation of fraud or abuse 2-21
  • 2.8 Fraud and Abuse Regulations (continued) • Fraud—an act of deception used to take advantage of another person – Example—forging another person’s signature – Intentional • In federal law, abuse means an action that misuses money allocated by the government – Example—billing Medicare for an unnecessary ambulance service – May not be intentional and could result from ignorance or inaccuracy 2-22
  • 2.9 Enforcement and Penalties • HIPAA final enforcement rule—law designed to combine enforcement procedures for privacy and security standards into a single rule • Office for Civil Rights (OCR)—government agency that enforces the HIPAA Privacy Act • Criminal violations of HIPAA privacy standards are prosecuted by the Department of Justice (DOJ) – Other standards are enforced by the CMS 2-23
  • 2.9 Enforcement and Penalties (continued)2-24 • Office of E-Health Standards and Services (OESS) – Part of CMS – Investigates complaints of noncompliance with HIPAA standards • Office of Inspector General – Authority to investigate suspected fraud – Authority to audit records of physicians and payers – Innocent errors will be distinguished from clear patterns of practice
  • 2.9 Enforcement and Penalties (continued)2-25 • Civil and Criminal Money Penalties – Most complaints settled by voluntary compliance – HITECH has tiered system for monetary penalties for privacy violations – CMS and OCR can supersede HITECH limits – $1.5 million dollars is current cap for a calendar year for the same type of violation
  • 2.10 Compliance Plans • Compliance plan—medical practice’s written plan for complying with regulations – Used to uncover compliance problems and correct them to avoid risking liability – A process for finding, correcting, and preventing illegal medical office practices • Changing mandate – Compliance plans soon will be mandated by law rather than voluntary 2-26
  • 2.10 Compliance Plans • Compliance plan areas – Coding and billing procedures – Equal Employment Opportunity (EEO) regulations – Occupational Safety and Health Administration regulations (OSHA) • Compliance plan goals – Prevent fraud and abuse through a formal process – Ensure compliance with federal, state, and local laws – Defend the practice if investigated or prosecuted for fraud 2-27
  • 2.10 Compliance Plans • Compliance officer and committee – Compliance officer is in charge of ongoing work and can be a physician, practice manager, or billing manager – Compliance committee is established to oversee the entire program – Error and omission insurance may be recommended as part of a compliance guideline for the healthcare facilities employees 2-28
  • 2.10 Compliance Plans 2-29 • Code of Conduct – Procedures for ensuring compliance with laws relating to referral arrangements – Provisions for discussing compliance during employees’ performance reviews and for disciplinary action against employees, if needed – Mechanisms to encourage employees to report compliance concerns directly to the compliance officer
  • 2.10 Compliance Plans 2-30 • Ongoing training – Physicians must be trained in pertinent coding and regulatory matters as part of the compliance plan – Medical office and staff members involved with coding and billing must also receive ongoing training as part of the compliance plan – Usually conducted by compliance officer • • • • • Keep sessions brief and straightforward Focus sessions on specialty area Use actual examples Explain benefits of compliance Use meetings or newsletters as communication methods
  • Summary
  • Summary
  • Summary
  • Summary