Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA and Medical Records

Similar presentations

Presentation on theme: "HIPAA and Medical Records"— Presentation transcript:

1 HIPAA and Medical Records
Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved.

2 Learning Outcomes After studying this chapter, you should be able to:
2.1 Discuss the importance of medical records and documentation in the medical billing process. 2.2 Describe the benefits of electronic health records (EHR). 2.3 Explain the purpose of the HIPAA Privacy Rule. 2.4 Distinguish between a covered entity and a business associate under HIPAA. Chapter 2

3 Learning Outcomes (Continued)
2.5 Define protected health information (PHI). 2.6 Discuss patients’ authorizations to use or disclose their health information. 2.7 Briefly describe the purpose of the HIPAA Security Rule. 2.8 Describe the HIPAA Electronic Health Care Transactions and Code Sets standards and the four National Identifiers. Chapter 2

4 Learning Outcomes (Continued)
2.9 Explain the purpose of the Health Care Fraud and Abuse Control Program and related laws. 2.10 Discuss the ways in which compliance plans help medical practices avoid fraud and abuse. Chapter 2

5 Key Terms Abuse Audit Authorization Business associate
Centers for Medicare and Medicaid Services (CMS) Certification Commission for Healthcare Information Technology (CCHIT) Clearinghouse Code set Compliance plan Chapter 2

6 Key Terms (Continued) Electronic health record (EHR) Covered entity
Encounter Encryption Evaluation and management (E/M) Fraud Covered entity De-identified health information Designated record set (DRS) Documentation Electronic data interchange (EDI) Chapter 2

7 Key Terms (Continued) Health Care Fraud and Abuse Control Program
Health Insurance Portability and Accountability Act (HIPAA) of 1996 HIPAA Electronic Health Care Transactions and Code Sets (TCS) HIPAA Final Enforcement Rule HIPAA National Identifier Chapter 2

8 Key Terms (Continued) Minimum necessary standard
National Plan and Provider Enumerator System (NPPES) National Provider Identifier (NPI) Notice of Privacy Practices (NPP) HIPAA Privacy Rule HIPAA Security Rule Informed consent Malpractice Medical record Medical standards of care Chapter 2

9 Key Terms (Continued) Office for Civil Rights (OCR)
Office of the Inspector General (OIG) Password Protected health information (PHI) Qui tam Relator Respondeat superior Subpoena Subpoena duces tecum Transaction Treatment, payment, and health care operations (TPO) Chapter 2

10 Medical Records: Documentation
Provide for continuity of care Aid in communication among health care providers Provide data for medical research Are used for medical education Help physicians make accurate diagnoses Document and trace the course of treatment to prove adherence to medical standards of care Medical records are legal documents Chapter 2

11 Medical Record Documentation
Record of each encounter (face-to-face visit) must be legible and clear Entries must be signed and dated Changes must be clearly made No blank spaces are left between entries Each patient should have a single record Records should use consistent vocabulary and format Diagnostic information must be easy to locate Entries must be made promptly Standards Chapter 2

12 Subjective Objective Assessment Plan SOAP Format
What the patient reports, chief complaint, symptoms Subjective Objective Assessment Plan The physician’s findings from the physical exam, lab tests, vitals signs, etc. The impression, conclusion, or diagnosis Treatment and follow up, advice Chapter 2

13 History and Physical Examination
The initial exam usually entails a history and physical examination. The components of the exam include: Chief complaint History and physical examination Diagnosis Treatment plan Chapter 2

14 During Treatment Course Discharge Summaries of Final Visit
More Documentation Progress Reports During Treatment Course Are documented at follow-up visits Explain if the treatment plan should be continued or changed Discharge Summaries of Final Visit Include final diagnosis Compare patient statements and doctor’s findings Goals achieved? Patient’s current condition, status, and final prognosis Reason and date of discharge Chapter 2

15 Procedural services Procedural or operative reports Laboratory reports
Radiology reports Specific forms as applicable

16 Termination of Provider-Patient Relationship
Provider keeps the record If provider ends the relationship, the patient is informed in writing Termination letter placed in patient’s medical record

17 Electronic Medical vs. Paper Records
Electronic Health Records Are created and maintained electronically Are expensive and time-consuming to implement Easily permit large amounts of data to be stored, analyzed, and processed Paper Records Are created manually Are inexpensive to create Include handwritten entries in a medical record What are the pros and cons of both types of records? Chapter 2

Documentation and billing must be connected for compliance. IF A SERVICE IS NOT DOCUMENTED, IT SHOULD NOT BE BILLED Chapter 2

19 Health Care Regulation Federal Regulation
Centers for Medicare and Medicaid Services (CMS) (formerly HCFA) Administers Medicare and Medicaid Regulates medical laboratory testing Prevents discrimination based on health status Assesses the quality of health care facilities Researches effectiveness of health care management, treatment, and financing Combats fraud and abuse in government-sponsored programs Chapter 2

20 Health Care Regulation Laws
Health Insurance Portability and Accountability Act (HIPAA) Protects peoples’ private health information Protects health insurance coverage for employees and their dependents if job status changes Uncovers fraud and abuse Includes the adoption of standards for electronic transmission in health care industry Chapter 2

21 Health Care Regulation Laws
State laws Implement quality and control of HMOs and PPOs and may require: business licenses financial guidelines limitations on premium increases Chapter 2

22 Ownership of Medical Records
The physical document(s) are the property of the provider (physician, clinic, or facility) that created them. The information contained in the medical record belongs to the patient. Providers’ responsibilities vs. Patients’ rights to their information Chapter 2

23 HIPAA Administrative Simplification: 3 Rules
Regulates the use and disclosure of patients’ PHI HIPAA Privacy Rule HIPAA Security Rule HIPAA Electronic Health Care Transactions and Code Sets standards Security requirements needed to protect patients’ PHI Every provider doing business electronically must use same standards for transactions and code sets Chapter 2

24 Covered Entities under HIPAA
Covered entities electronically transmit HIPAA-protected information CEs are (1) health plans, (2) health care clearinghouses, and (3) health care providers Business associates work for covered entities and include services such as law firms, accounting practices, IT consultants, and collection agencies Chapter 2

25 HIPAA Privacy Rule States that covered entities must:
Have appropriate privacy practices Notify patients about their privacy rights Train employees on the privacy practices Appoint a privacy official responsible for the adoption and following of privacy practices Safeguard patients’ records Chapter 2

26 PHI A patient’s Protected Health Information Medical record
Other personal health information that is transmitted or maintained by electronic media Chapter 2

27 PHI Contains individually identifiable health information, such as the patient’s Name Social Security Number Address Phone address Photo images Birth date Relatives and employers Chapter 2

28 Use and Disclosure of PHI
Use = sharing within the entity that holds the patient’s information Disclosure = the release of information outside the entity holding the patient’s information Chapter 2

29 Use and Disclosure of PHI
Necessary and permitted for patients’ TPO TPO = Treatment Payment Operations Providing and coordinating medical care The exchange of information with health plans General business management functions Chapter 2

30 Use and Disclosure of PHI
Under HIPAA, no patient release of information document is required when PHI is shared for TPO. The CE must try to limit the information shared to the minimum for the intended purpose—following the minimum necessary standard. Chapter 2

31 Designated Record Set Covered entities must disclose certain PHI to patients called “designated record set.” Providers = medical and billing records Health plans = enrollment, payment, claim decisions, and medical management system data Within designated record set, patients can: Access, copy, and inspect information Request amendments Obtain accounting of disclosures Receive information by other means Complain about alleged violations Chapter 2

32 Notice of Privacy Practices
HIPAA-mandated document Presents the covered entity’s principles and procedures regarding protection of patients’ PHI A covered entity must give all patients a copy of its notice Chapter 2

33 Patient Authorization to Release Information
Document must be in plain language and include: Description of the information to be released Who can use or disclose the information Who will receive it For what purpose An expiration date Patient’s signature and date Chapter 2

34 Exceptions to the Privacy Rule
Court order Workers’ compensation cases Statutory reports Research De-identified health information Psychotherapy notes State statutes may be more stringent Chapter 2

35 HIPAA Security Rule Requires medical offices to protect protected health information (PHI) by: Encryption—encoding information so that a key is required to retrieve it The secure use of computer networks, the Internet, and storage disks Using security techniques, such as passwords Limiting who in a medical office can see the information Creating activity logs that show who has accessed, or tried to access, information Chapter 2

36 HIPAA Electronic Health Care Transactions and Code Sets
Financial and administrative information regularly exchanged between providers and health plans Standard Transactions Examples: Health care claims, claim status, referral authorizations, payments Standard Code Sets Examples: ICD-9-CM, CPT, CDT, HCPCS Coding systems for diseases; treatments and procedures; supplies Chapter 2

37 HIPAA National Identifiers
Employer Identification Number (EIN) Employers Health care providers Health plans Patients National Provider Identifier (NPI) To be released by federal government in future Chapter 2

38 Fraud and Abuse Regulations
Fraud: Act of deception used to take advantage of another person. Example – billing when the task was not done Abuse: Act that misuses public funds. Example – billing when the task was not necessary Chapter 2

39 Federal Laws Health Insurance Portability and Accountability Act of 1996 (HIPAA) False Claims Act Federal Acts and other special legislation Chapter 2

40 Federal Laws Civil False Claims Act Social Security Act
Created the Health Care Fraud and Abuse Control Program to uncover fraud and abuse in Medicare and Medicaid programs. Civil False Claims Act Social Security Act Health Insurance Portability and Accountability Act of 1996 (HIPAA) Federal Acts and other special legislation Chapter 2

41 Self-referral prohibitions (Stark Law)
Federal Laws Antikickback staute Self-referral prohibitions (Stark Law) Sarbanes-Oxley Act Civil False Claims Act Social Security Act Health Insurance Portability and Accountability Act of 1996 (HIPAA) Federal Acts and other special legislation Chapter 2

42 Enforcement and Penalties
HIPAA – Enforced by the Office for Civil Rights (OCR) and CMS Fraud and Abuse – Enforced by the Office of the Inspector General (OIG) Penalties may be civil or criminal (the Department of Justice involved) Chapter 2

43 Compliance Plans Parts of a compliance plan:
1. Consistent written policies and procedures 2. Appointment of a compliance officer and committee 3. Training 4. Communication 5. Disciplinary systems 6. Auditing and monitoring 7. Responding to and correcting errors Chapter 2

44 Compliance officer and committee
Compliance Plans Compliance officer and committee Communication between the office staff and compliance officer encourages staff to report suspected fraud and/or abuse. A fraud and abuse “hotline” may be created. Chapter 2

45 Compliance Plans Code of conduct
A statement of conduct promotes a clear commitment to compliance. The commitment can include a process to identify offenses and apply corrective action through internal investigation and publicized disciplinary guidelines. Chapter 2

46 Compliance Plans Ongoing training
Assures compliance with latest rules and regulations by establishing training programs for all professional and support personnel. The training includes physicians and all billing and coding personnel. Chapter 2

Download ppt "HIPAA and Medical Records"

Similar presentations

Ads by Google