Chapter 22 Learning Outcomes After studying this chapter, you should be able to: 2.1Discuss the importance of medical records and documentation in the medical billing process. 2.2Describe the benefits of electronic health records (EHR). 2.3Explain the purpose of the HIPAA Privacy Rule. 2.4Distinguish between a covered entity and a business associate under HIPAA.
Chapter 23 Learning Outcomes (Continued) 2.5Define protected health information (PHI). 2.6Discuss patients authorizations to use or disclose their health information. 2.7Briefly describe the purpose of the HIPAA Security Rule. 2.8Describe the HIPAA Electronic Health Care Transactions and Code Sets standards and the four National Identifiers.
Chapter 24 Learning Outcomes (Continued) 2.9Explain the purpose of the Health Care Fraud and Abuse Control Program and related laws. 2.10Discuss the ways in which compliance plans help medical practices avoid fraud and abuse.
Chapter 25 Key Terms Abuse Audit Authorization Business associate Centers for Medicare and Medicaid Services (CMS) Certification Commission for Healthcare Information Technology (CCHIT) Clearinghouse Code set Compliance plan
Chapter 26 Key Terms (Continued) Covered entity De-identified health information Designated record set (DRS) Documentation Electronic data interchange (EDI) Electronic health record (EHR) Encounter Encryption Evaluation and management (E/M) Fraud
Chapter 27 Key Terms (Continued) Health Care Fraud and Abuse Control Program Health Insurance Portability and Accountability Act (HIPAA) of 1996 HIPAA Electronic Health Care Transactions and Code Sets (TCS) HIPAA Final Enforcement Rule HIPAA National Identifier
Chapter 28 Key Terms (Continued) HIPAA Privacy Rule HIPAA Security Rule Informed consent Malpractice Medical record Medical standards of care Minimum necessary standard National Plan and Provider Enumerator System (NPPES) National Provider Identifier (NPI) Notice of Privacy Practices (NPP)
Key Terms (Continued) Chapter 29 Office for Civil Rights (OCR) Office of the Inspector General (OIG) Password Protected health information (PHI) Qui tam Relator Respondeat superior Subpoena Subpoena duces tecum Transaction Treatment, payment, and health care operations (TPO)
Chapter 210 Medical Records: Documentation Provide for continuity of care Aid in communication among health care providers Provide data for medical research Are used for medical education Help physicians make accurate diagnoses Document and trace the course of treatment to prove adherence to medical standards of care Medical records are legal documents
Chapter 211 Medical Record Documentation Record of each encounter (face-to-face visit) must be legible and clear Entries must be signed and dated Changes must be clearly made No blank spaces are left between entries Each patient should have a single record Records should use consistent vocabulary and format Diagnostic information must be easy to locate Entries must be made promptly
Chapter 212 SOAP Format S ubjective O bjective A ssessment P lan What the patient reports, chief complaint, symptoms The physicians findings from the physical exam, lab tests, vitals signs, etc. The impression, conclusion, or diagnosis Treatment and follow up, advice
Chapter 213 History and Physical Examination The initial exam usually entails a history and physical examination. The components of the exam include: Chief complaint History and physical examination Diagnosis Treatment plan
Chapter 214 More Documentation Progress Reports During Treatment Course Are documented at follow-up visits Explain if the treatment plan should be continued or changed Discharge Summaries of Final Visit Include final diagnosis Compare patient statements and doctors findings Goals achieved? Patients current condition, status, and final prognosis Reason and date of discharge
Procedural services Procedural or operative reports Laboratory reports Radiology reports Specific forms as applicable
Termination of Provider-Patient Relationship Provider keeps the record If provider ends the relationship, the patient is informed in writing Termination letter placed in patients medical record
Chapter 217 Electronic Medical vs. Paper Records Electronic Health Records Are created and maintained electronically Are expensive and time- consuming to implement Easily permit large amounts of data to be stored, analyzed, and processed Paper Records Are created manually Are inexpensive to create Include handwritten entries in a medical record What are the pros and cons of both types of records?
Chapter 218 Billing Tip Documentation and billing must be connected for compliance. IF A SERVICE IS NOT DOCUMENTED, IT SHOULD NOT BE BILLED
Chapter 219 Health Care Regulation Federal Regulation Centers for Medicare and Medicaid Services (CMS) (formerly HCFA) –Administers Medicare and Medicaid –Regulates medical laboratory testing –Prevents discrimination based on health status –Assesses the quality of health care facilities –Researches effectiveness of health care management, treatment, and financing –Combats fraud and abuse in government-sponsored programs
Chapter 220 Health Care Regulation Laws Health Insurance Portability and Accountability Act (HIPAA) –Protects peoples private health information –Protects health insurance coverage for employees and their dependents if job status changes –Uncovers fraud and abuse –Includes the adoption of standards for electronic transmission in health care industry
Chapter 221 Health Care Regulation Laws State laws Implement quality and control of HMOs and PPOs and may require: – business licenses –financial guidelines –limitations on premium increases
Chapter 222 Ownership of Medical Records The physical document(s) are the property of the provider (physician, clinic, or facility) that created them. The information contained in the medical record belongs to the patient. Providers responsibilities vs. Patients rights to their information
Chapter 223 HIPAA Administrative Simplification: 3 Rules HIPAA Privacy Rule HIPAA Security Rule HIPAA Electronic Health Care Transactions and Code Sets standards Regulates the use and disclosure of patients PHI Security requirements needed to protect patients PHI Every provider doing business electronically must use same standards for transactions and code sets
Chapter 224 Covered Entities under HIPAA Covered entities electronically transmit HIPAA-protected information CEs are (1) health plans, (2) health care clearinghouses, and (3) health care providers Business associates work for covered entities and include services such as law firms, accounting practices, IT consultants, and collection agencies
Chapter 225 HIPAA Privacy Rule States that covered entities must: –Have appropriate privacy practices –Notify patients about their privacy rights –Train employees on the privacy practices –Appoint a privacy official responsible for the adoption and following of privacy practices –Safeguard patients records
Chapter 226 PHI A patients Protected Health Information –Medical record –Other personal health information that is transmitted or maintained by electronic media
Chapter 227 PHI –Name –Social Security Number –Address –Phone –E-mail address –Photo images –Birth date –Relatives and employers Contains individually identifiable health information, such as the patients
Chapter 228 Use and Disclosure of PHI Use = sharing within the entity that holds the patients information Disclosure = the release of information outside the entity holding the patients information
Chapter 229 Use and Disclosure of PHI Necessary and permitted for patients TPO TPO =Treatment Payment Operations Providing and coordinating medical care The exchange of information with health plans General business management functions
Chapter 230 Use and Disclosure of PHI Under HIPAA, no patient release of information document is required when PHI is shared for TPO. The CE must try to limit the information shared to the minimum for the intended purposefollowing the minimum necessary standard.
Designated Record Set Covered entities must disclose certain PHI to patients called designated record set. Providers = medical and billing records Health plans = enrollment, payment, claim decisions, and medical management system data Within designated record set, patients can: Access, copy, and inspect information Request amendments Obtain accounting of disclosures Receive information by other means Complain about alleged violations Chapter 231
Chapter 232 Notice of Privacy Practices HIPAA-mandated document Presents the covered entitys principles and procedures regarding protection of patients PHI A covered entity must give all patients a copy of its notice
Chapter 233 Patient Authorization to Release Information Document must be in plain language and include: Description of the information to be released Who can use or disclose the information Who will receive it For what purpose An expiration date Patients signature and date
Chapter 234 Exceptions to the Privacy Rule Court order Workers compensation cases Statutory reports Research De-identified health information Psychotherapy notes State statutes may be more stringent
Chapter 235 HIPAA Security Rule Requires medical offices to protect protected health information (PHI) by: Encryptionencoding information so that a key is required to retrieve it The secure use of computer networks, the Internet, and storage disks Using security techniques, such as passwords Limiting who in a medical office can see the information Creating activity logs that show who has accessed, or tried to access, information
Chapter 236 HIPAA Electronic Health Care Transactions and Code Sets Standard Transactions Examples: Health care claims, claim status, referral authorizations, payments Standard Code Sets Examples: ICD-9-CM, CPT, CDT, HCPCS Financial and administrative information regularly exchanged between providers and health plans Coding systems for diseases; treatments and procedures; supplies
Chapter 237 HIPAA National Identifiers Employers Health care providers Health plans Patients Employer Identification Number (EIN) To be released by federal government in future National Provider Identifier (NPI)
Chapter 238 Fraud and Abuse Regulations Fraud: Act of deception used to take advantage of another person. Example – billing when the task was not done Abuse: Act that misuses public funds. Example – billing when the task was not necessary
Chapter 239 Federal Laws Health Insurance Portability and Accountability Act of 1996 (HIPAA) False Claims Act Federal Acts and other special legislation
Chapter 240 Federal Laws Civil False Claims Act Social Security Act Health Insurance Portability and Accountability Act of 1996 (HIPAA) Federal Acts and other special legislation Created the Health Care Fraud and Abuse Control Program to uncover fraud and abuse in Medicare and Medicaid programs.
Chapter 241 Federal Laws Civil False Claims Act Social Security Act Health Insurance Portability and Accountability Act of 1996 (HIPAA) Federal Acts and other special legislation Antikickback staute Self-referral prohibitions (Stark Law) Sarbanes-Oxley Act
Chapter 242 Enforcement and Penalties HIPAA – Enforced by the Office for Civil Rights (OCR) and CMS Fraud and Abuse – Enforced by the Office of the Inspector General (OIG) Penalties may be civil or criminal (the Department of Justice involved)
Chapter 243 Compliance Plans Parts of a compliance plan: 1.Consistent written policies and procedures 2.Appointment of a compliance officer and committee 3.Training 4.Communication 5.Disciplinary systems 6.Auditing and monitoring 7.Responding to and correcting errors
Chapter 244 Compliance Plans Compliance officer and committee Communication between the office staff and compliance officer encourages staff to report suspected fraud and/or abuse. A fraud and abuse hotline may be created.
Chapter 245 Compliance Plans Code of conduct A statement of conduct promotes a clear commitment to compliance. The commitment can include a process to identify offenses and apply corrective action through internal investigation and publicized disciplinary guidelines.
Chapter 246 Compliance Plans Ongoing training Assures compliance with latest rules and regulations by establishing training programs for all professional and support personnel. The training includes physicians and all billing and coding personnel.