Presentation is loading. Please wait.

Presentation is loading. Please wait.

CHAPTER © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2 HIPAA, HITECH, and Medical Records.

Published bySylvia Kennedy Modified over 8 years ago

Similar presentations

Presentation on theme: "CHAPTER © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2 HIPAA, HITECH, and Medical Records."— Presentation transcript:

1 CHAPTER © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2 HIPAA, HITECH, and Medical Records

2 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records and documentation in the medical billing process. 2.2Compare the intent of HIPAA and ARRA/HITECH laws. 2.3Describe the relationship between covered entities and business associates. 2.4Explain the purpose of the HIPAA Privacy Rule. 2.5Briefly state the purpose of the HIPAA Security Rule. 2.6Explain the purpose of the HITECH Breach Notification Rule. 2-2

3 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. Learning Outcomes (Continued) When you finish this chapter, you will be able to: 2.7Describe the HIPAA Electronic Health Care Transactions and Code Sets standards and the four National Identifiers. 2.8Explain the purpose of the Health Care Fraud and Abuse Control Program and related laws. 2.9Identify the organizations that enforce HIPAA. 2.10Discuss the ways in which compliance plans help medical practices avoid fraud or abuse. 2-3

4 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. Key Terms abuse American Recovery and Reinvestment Act (ARRA) of 2009 audit authorization breach breach notification business associate (BA) Centers for Medicare and Medicaid Services (CMS) 2-4 clearinghouse code set compliance plan covered entity (CE) de-identified health information designated record set (DRS) documentation electronic data interchange (EDI) electronic health record (EHR)

5 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. Key Terms (Continued) electronic medical record (EMR) encounter encryption evaluation and management (E/M) fraud Health Care Fraud and Abuse Control Program Health Insurance Portability and Accountability Act (HIPAA) of 1996 2-5 HIPAA Electronic Health Care Transactions and Code Sets (TCS) HIPAA final enforcement rule HIPAA National Identifier HIPAA Privacy Rule HIPAA Security Rule HITECH Act informed consent malpractice medical record

6 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. Key Terms (Continued) medical standards of care minimum necessary standard National Provider Identifier (NPI) Notice of Privacy Practices (NPP) Office for Civil Rights (OCR) Office of the Inspector General (OIG) 2-6 password protected health information (PHI) qui tam relator respondeat superior subpoena subpoena duces tecum transaction treatment, payment, and health care operations (TPO)

7 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2.1 Medical Record Documentation 2-7 A patient’s medical record contains facts, findings, and observations about that patient’s health Documentation is the recording of a patient’s health status in a medical record history Medical standards of care—state-specified performance measures for health care delivery –Medical records and documentation act as legal documents and help physicians make accurate diagnoses –Malpractice—failure to use professional skill when giving medical services that results in injury or harm

8 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2.1 Medical Record Documentation (Continued) 2-8 Encounter—an office visit between a patient and a medical professional Evaluation and management (E/M)—provider’s evaluation of a patient’s condition and decision on a course of treatment Electronic health record (EHR)—computerized lifelong health care record with data from all sources Electronic medical record (EMR)— computerized record of one physician’s encounters with a patient

9 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2.1 Medical Record Documentation (Continued) 2-9 Informed consent—process by which a patient authorizes medical treatment after a discussion with a physician

10 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2.2 Health Care Regulation: HIPAA and HITECH 2-10 The main federal government agency responsible for health care is the Centers for Medicare and Medicaid Services, also known as CMS The foundation legislation for the privacy of patients’ health information is called the Health Insurance Portability and Accountability Act (HIPAA) of 1996 –Protects private health information, ensures coverage, uncovers fraud and abuse, and creates industry standards

11 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2.2 Health Care Regulation: HIPAA and HITECH (Continued) 2-11 American Recovery and Reinvestment Act (ARRA) of 2009—law with provisions concerning the standards for the electronic transmission of health care data –Contains the HITECH Act—law promoting the adoption and use of health information technology

12 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2.3 Covered Entities and Business Associates 2-12 Electronic data interchange (EDI)—system-to- system exchange of data in a standardized format The electronic exchange of health care information is called a transaction

13 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2.3 Covered Entities and Business Associates (Continued) 2-13 Health care organizations that must obey HIPAA regulations are called covered entities (CEs) –Transmit information electronically Clearinghouse—company that helps providers handle electronic transactions and manage EMR systems Business Associates (BA)—organizations that work for covered entities but are not themselves CEs –Law firms; outside medical billers, coders, and transcriptionists; accountants; collection agencies

14 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2.4 HIPAA Privacy Rule 2-14 HIPAA Privacy Rule—law regulating the use and disclosure of patients’ protected health information (PHI) Protected health information (PHI)— individually identifiable health information that is transmitted or maintained by electronic media Both use and disclosure of PHI are necessary and permitted for patients’ treatment, payment, and health care operations (TPO)

15 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2.4 HIPAA Privacy Rule (Continued) 2-15 Minimum necessary standard—taking reasonable safeguards to protect PHI from incidental disclosure Designated record set (DRS)—CE’s records that contain PHI Notice of Privacy Practices (NPP)— description of a CE’s principles and procedures related to the protection of patients’ health information For use or disclosure other than for TPO, a CE must have the patient sign an authorization

16 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2.4 HIPAA Privacy Rule (Continued) 2-16 Health information can be released for reasons other than TPO in some cases –Subpoena—order of a court for a party to appear and testify –Subpoena duces tecum—order of a court directing a party to appear, testify, and bring specified documents or items –De-identified health information—medical data from which individual identifiers have been removed

17 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Security Rule 2-17 The HIPAA Security Rule requires CEs to establish safeguards to protect PHI –Encryption—method of converting a message into encoded text –Password—confidential authentication information (the key)

18 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2.6 HITECH Breach Notification Rule 2-18 HITECH Act requires CEs to notify affected individuals following the discovery of a breach of unsecured health information Breach—impermissible use or disclosure of PHI that could pose significant risk to the affected person Breach notification—document notifying an individual of a breach

19 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2.7 HIPAA Electronic Health Care Transactions and Code Sets 2-19 HIPAA Electronic Health Care Transactions and Code Sets (TCS)—rule governing the electronic exchange of health information –Under HIPAA, a code set is any group of codes used for encoding data elements HIPAA National Identifier—identification systems for employers, health care providers, health plans, and patients –National Provider Identifier (NPI)—unique ten-digit identifier assigned to each provider

20 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2.8 Fraud and Abuse Regulations 2-20 HIPAA created the Health Care Fraud and Abuse Control Program to uncover and prosecute fraud and abuse The HHS Office of the Inspector General (OIG) has the task of detecting health care fraud and abuse and enforcing all the related laws –Has the authority to investigate suspected fraud cases and to audit the records of physicians and payers –Audit—formal examination of a physician’s records

21 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2.8 Fraud and Abuse Regulations (Continued) 2-21 Qui tam—cases in which a relator accuses another party of fraud or abuse against the federal government Relator—person who makes an accusation of fraud or abuse

22 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2.8 Fraud and Abuse Regulations (Continued) 2-22 Fraud—an act of deception used to take advantage of another person –Example—forging another person’s signature In federal law, abuse means an action that misuses money that the government has allocated –Example—billing Medicare for an unnecessary ambulance service

23 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2.9 Enforcement and Penalties 2-23 HIPAA final enforcement rule—law designed to combine the enforcement procedures for privacy and security standards into a single rule Office for Civil Rights (OCR)—government agency that enforces the HIPAA Privacy Act Criminal violations of HIPAA privacy standards are prosecuted by the Department of Justice (DOJ) –Other standards are enforced by the CMS

24 © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2.10 Compliance Plans 2-24 Compliance plan—medical practice’s written plan for complying with regulations –Used to uncover compliance problems and correct them to avoid risking liability –A process for finding, correcting, and preventing illegal medical office practices Respondeat superior—doctrine making employers responsible for employee actions

Download ppt "CHAPTER © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2 HIPAA, HITECH, and Medical Records."

Similar presentations

HIPAA and Medical Records

HIPAA and Medical Records
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.

An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
Medical Ethics, Law and compliance

Medical Ethics, Law and compliance
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 1 The Goal of HIPAA: Administrative Simplification HIPAA for Allied Health.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 1 The Goal of HIPAA: Administrative Simplification HIPAA for Allied Health.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
CHAPTER © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2 HIPAA, HITECH, and Medical Records.

CHAPTER © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2 HIPAA, HITECH, and Medical Records.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA

Similar presentations

Ads by Google