POP QUIZ!!

Report
POP QUIZ!!
• What does CMS stand for?
• What does HIPAA stand for?
• Which is a record of all of your visits with one
doctor, EMR or EHR?
• Documents in a medical file are considered
what kind of documents?
• In a patient’s chart, if something is
SUBJECTIVE, what does that mean?
POP QUIZ!!
• What does CMS stand for?
– Centers for Medicare and Medicaid Services
• What does HIPAA stand for?
– Health Insurance Portability and Accountability Act
• Which is a record of all of your visits with one
doctor, EMR or EHR?
– Electronic MEDICAL Record
• Documents in a medical file are considered what
kind of documents?
– Legal documents
• In a patient’s chart, if something is SUBJECTIVE,
what does that mean?
– It’s in their own words.
HIPAA, HITECH, and Medical Records
2
Lecture 2
2.3 Covered Entities and Business
Associates
2-12
• Electronic data interchange (EDI)—system-tosystem exchange of data in a standardized
format
• The electronic exchange of health care
information is called a transaction
2.3 Covered Entities and Business
Associates (Continued)
• Health care organizations that must obey HIPAA
regulations are called covered entities (CEs)
– Transmit information electronically
• Clearinghouse—company that helps providers
handle electronic transactions and manage EMR
systems
• Business Associates (BA)—organizations that
work for covered entities but are not themselves
CEs
– Law firms; outside medical billers, coders, and
transcriptionists; accountants; collection agencies
2-13
2.4 HIPAA Privacy Rule
2-14
• HIPAA Privacy Rule—law regulating the use and
disclosure of patients’ protected health
information (PHI)
• Protected health information (PHI)—individually
identifiable health information that is transmitted
or maintained by electronic media
• Both use and disclosure of PHI are necessary and
permitted for patients’ treatment, payment, and
health care operations (TPO)
2.4 HIPAA Privacy Rule (Continued)
2-15
• Minimum necessary standard—taking
reasonable safeguards to protect PHI from
incidental disclosure
• Designated record set (DRS)—CE’s records that
contain PHI
• Notice of Privacy Practices (NPP)—description of
a CE’s principles and procedures related to the
protection of patients’ health information
• For use or disclosure other than for TPO, a CE
must have the patient sign an authorization
2.4 HIPAA Privacy Rule (Continued)
• Health information can be released for
reasons other than TPO in some cases
– Subpoena—order of a court for a party to appear
and testify
– Subpoena duces tecum—order of a court
directing a party to appear, testify, and bring
specified documents or items
– De-identified health information—medical data
from which individual identifiers have been
removed
2-16
2.5 HIPAA Security Rule
2-17
• The HIPAA Security Rule requires CEs to
establish safeguards to protect PHI
– Encryption—method of converting a message into
encoded text
– Password—confidential authentication
information (the key)
2.6 HITECH Breach Notification Rule
2-18
• HITECH Act requires CEs to notify affected
individuals following the discovery of a breach
of unsecured health information
• Breach—impermissible use or disclosure of
PHI that could pose significant risk to the
affected person
• Breach notification—document notifying an
individual of a breach
2.7 HIPAA Electronic Health Care
Transactions and Code Sets
2-19
• HIPAA Electronic Health Care Transactions and
Code Sets (TCS)—rule governing the electronic
exchange of health information
– Under HIPAA, a code set is any group of codes used
for encoding data elements
• HIPAA National Identifier—identification systems
for employers, health care providers, health
plans, and patients
– National Provider Identifier (NPI)—unique ten-digit
identifier assigned to each provider
2.8 Fraud and Abuse Regulations
2-20
• HIPAA created the Health Care Fraud and Abuse
Control Program to uncover and prosecute fraud
and abuse
• The HHS Office of the Inspector General (OIG)
has the task of detecting health care fraud and
abuse and enforcing all the related laws
– Has the authority to investigate suspected fraud cases
and to audit the records of physicians and payers
– Audit—formal examination of a physician’s records
2.8 Fraud and Abuse Regulations
(Continued)
• Qui tam—cases in which a relator accuses
another party of fraud or abuse against the
federal government
• Relator—person who makes an accusation of
fraud or abuse
2-21

similar documents