View
215
Download
2
Category
Tags:
Preview:
Citation preview
1
HIPAA and Medical Records
Chapter 2
© 2010 The McGraw-Hill Companies, Inc. All rights reserved.
Chapter 2 2
Learning OutcomesAfter studying this chapter, you should be able to:2.1 Discuss the importance of medical records
and documentation in the medical billing process.
2.2 Describe the benefits of electronic healthrecords (EHR).
2.3 Explain the purpose of the HIPAA Privacy Rule.
2.4 Distinguish between a covered entity and a business associate under HIPAA.
Chapter 2 3
Learning Outcomes (Continued)
2.5 Define protected health information (PHI).
2.6 Discuss patients’ authorizations to use or disclose their health information.
2.7 Briefly describe the purpose of the HIPAA Security Rule.
2.8 Describe the HIPAA Electronic Health Care Transactions and Code Sets
standards and the four National Identifiers.
Chapter 2 4
Learning Outcomes (Continued)
2.9 Explain the purpose of the Health Care Fraud and Abuse Control Program and related laws.
2.10 Discuss the ways in which compliance plans help medical practices avoid
fraud and abuse.
Chapter 2 5
Key Terms
• Abuse• Audit• Authorization• Business associate• Centers for
Medicare and Medicaid Services (CMS)
• Certification Commission for Healthcare Information Technology (CCHIT)
• Clearinghouse • Code set• Compliance plan
Chapter 2 6
Key Terms (Continued)
• Covered entity• De-identified health
information• Designated record
set (DRS)• Documentation• Electronic data
interchange (EDI)
• Electronic health record (EHR)
• Encounter• Encryption• Evaluation and
management (E/M)• Fraud
Chapter 2 7
Key Terms (Continued)
• Health Care Fraud and Abuse Control Program
• Health Insurance Portability and Accountability Act (HIPAA) of 1996
• HIPAA Electronic Health Care Transactions and Code Sets (TCS)
• HIPAA Final Enforcement Rule
• HIPAA National Identifier
Chapter 2 8
Key Terms (Continued)
• HIPAA Privacy Rule
• HIPAA Security Rule
• Informed consent• Malpractice• Medical record• Medical standards
of care
• Minimum necessary standard
• National Plan and Provider Enumerator System (NPPES)
• National Provider Identifier (NPI)
• Notice of Privacy Practices (NPP)
Key Terms (Continued)
Chapter 2 9
• Office for Civil Rights (OCR)
• Office of the Inspector General (OIG)
• Password• Protected health
information (PHI)• Qui tam
• Relator• Respondeat superior• Subpoena• Subpoena duces
tecum• Transaction• Treatment,
payment, and health care operations (TPO)
Chapter 2 10
Medical Records: Documentation
• Provide for continuity of care• Aid in communication among health care
providers• Provide data for medical research• Are used for medical education• Help physicians make accurate diagnoses• Document and trace the course of treatment to
prove adherence to medical standards of care
Medical recordsare legal
documents
Chapter 2 11
Medical Record Documentation• Record of each encounter (face-to-face visit)
must be legible and clear• Entries must be signed and dated• Changes must be clearly made• No blank spaces are left between entries• Each patient should have a single record• Records should use consistent vocabulary and
format• Diagnostic information must be easy to locate• Entries must be made promptly
Chapter 2 12
SOAP Format
Subjective
Objective
Assessment
Plan
What the patient reports, chief complaint, symptoms
The physician’s findings fromthe physical exam, lab tests,
vitals signs, etc.
The impression, conclusion,or diagnosis
Treatment and follow up, advice
Chapter 2 13
History and Physical Examination
The initial exam usually entails a history and physical examination. The components of the exam include:
• Chief complaint
• History and physical examination
• Diagnosis
• Treatment plan
Chapter 2 14
More Documentation
Progress Reports
During Treatment Course
• Are documented at follow-up visits
• Explain if the treatment plan should be continued or changed
Discharge Summaries of Final Visit
• Include final diagnosis• Compare patient
statements and doctor’s findings
• Goals achieved?• Patient’s current
condition, status, and final prognosis
• Reason and date of discharge
Procedural services
• Procedural or operative reports
• Laboratory reports
• Radiology reports
• Specific forms as applicable
Termination of Provider-Patient Relationship
• Provider keeps the record
• If provider ends the relationship, the patient is informed in writing
• Termination letter placed in patient’s medical record
Chapter 2 17
Electronic Medical vs. Paper Records
Electronic Health Records
• Are created and maintained electronically
• Are expensive and time-consuming to implement
• Easily permit large amounts of data to be stored, analyzed, and processed
Paper Records• Are created manually
• Are inexpensive to create
• Include handwritten entries in a medical record
What are the pros and consof both types of records?
Chapter 2 18
Billing Tip
• Documentation and billing must be connected for compliance.
IF A SERVICE IS NOT DOCUMENTED, IT SHOULD NOT BE BILLED
Chapter 2 19
Health Care Regulation Federal Regulation
• Centers for Medicare and Medicaid Services (CMS) (formerly HCFA)
– Administers Medicare and Medicaid
– Regulates medical laboratory testing
– Prevents discrimination based on health status
– Assesses the quality of health care facilities
– Researches effectiveness of health care management, treatment, and financing
– Combats fraud and abuse in government-sponsored programs
Chapter 2 20
Health Care RegulationLaws
• Health Insurance Portability and Accountability Act (HIPAA)– Protects peoples’ private health information
– Protects health insurance coverage for employees and their dependents if job status changes
– Uncovers fraud and abuse
– Includes the adoption of standards for electronic transmission in health care industry
Chapter 2 21
Health Care RegulationLaws
State laws• Implement quality and control of
HMOs and PPOs and may require:– business licenses
– financial guidelines
– limitations on premium increases
Chapter 2 22
Ownership of Medical Records• The physical document(s) are the
property of the provider (physician, clinic, or facility) thatcreated them.
• The information contained in the medical record belongs to the patient.
Providers’ responsibilitiesvs. Patients’ rights to their information
Chapter 2 23
HIPAA Administrative Simplification: 3 Rules
• HIPAA Privacy Rule
• HIPAA Security Rule
• HIPAA Electronic Health Care Transactions and Code Sets standards
Regulates the use and disclosure of patients’ PHI
Security requirements needed to protect patients’
PHI
Every provider doing business electronically must use same standards for transactions and code sets
Chapter 2 24
Covered Entities under HIPAA
• Covered entities electronically transmit HIPAA-protected information
• CEs are (1) health plans, (2) health care clearinghouses, and (3) health care providers
• Business associates work for covered entities and include services such as law firms, accounting practices, IT consultants, and collection agencies
Chapter 2 25
HIPAA Privacy Rule
• States that covered entities must:– Have appropriate privacy practices – Notify patients about their privacy rights– Train employees on the privacy practices– Appoint a privacy official responsible for the
adoption and following of privacy practices
– Safeguard patients’ records
Chapter 2 26
PHI
• A patient’s Protected Health Information– Medical record– Other personal health information
that is transmitted or maintained by electronicmedia
Chapter 2 27
PHI
– Name
– Social Security Number
– Address
– Phone
– E-mail address
– Photo images
– Birth date
– Relatives and employers
• Contains individually identifiable health information, such as the patient’s
Chapter 2 28
Use and Disclosure of PHI
• Use = sharing within the entity that holds the patient’s information
• Disclosure = the release of information outside the entity holding the patient’s information
Chapter 2 29
Use and Disclosure of PHI
Necessary and permitted for patients’ TPO
TPO = Treatment
Payment
Operations
Providing and coordinating medical care
The exchange of information with health plans
General business management functions
Chapter 2 30
Use and Disclosure of PHI
Under HIPAA, no patient release of information document is required when PHI is shared for TPO.
The CE must try to limit the information shared to the minimum for the intended purpose—following the minimum necessary standard.
Designated Record Set• Covered entities must disclose certain PHI to patients
called “designated record set.”• Providers = medical and billing records
• Health plans = enrollment, payment, claim decisions, and medical management system data
• Within designated record set, patients can:• Access, copy, and inspect information
• Request amendments
• Obtain accounting of disclosures
• Receive information by other means
• Complain about alleged violations
Chapter 2 31
Chapter 2 32
Notice of Privacy Practices
• HIPAA-mandated document
• Presents the covered entity’s principles and procedures regarding protection of patients’ PHI
• A covered entity must give all patients a copy of its notice
Chapter 2 33
Patient Authorizationto Release Information
Document must be in plain language and include:
• Description of the information to be released
• Who can use or disclose the information
• Who will receive it
• For what purpose
• An expiration date
• Patient’s signature and date
Chapter 2 34
Exceptions to the Privacy Rule
• Court order
• Workers’ compensation cases
• Statutory reports
• Research
• De-identified health information
• Psychotherapy notes
• State statutes may be more stringent
Chapter 2 35
HIPAA Security Rule
Requires medical offices to protect protected health information (PHI) by:
• Encryption—encoding information so that a key is required to retrieve it
• The secure use of computer networks, the Internet, and storage disks
• Using security techniques, such as passwords• Limiting who in a medical office can see the
information• Creating activity logs that show who has accessed, or
tried to access, information
Chapter 2 36
HIPAA Electronic Health Care Transactions and Code Sets
Standard TransactionsExamples: Health care claims, claim status, referral authorizations, payments
Standard Code SetsExamples: ICD-9-CM, CPT, CDT, HCPCS
Financial andadministrative
information regularlyexchanged between
providersand health plans
Coding systems fordiseases;
treatments andprocedures; supplies
Chapter 2 37
HIPAA National Identifiers
• Employers
• Health care providers
• Health plans
• Patients
Employer Identification Number (EIN)
To be releasedby federalgovernmentin future
National Provider Identifier (NPI)
Chapter 2 38
Fraud and Abuse Regulations
Fraud: Act of deception used to take advantage of another person.
• Example – billing when the task was not done
Abuse: Act that misuses public funds.• Example – billing when the task was not
necessary
Chapter 2 39
Federal Laws
• Health Insurance Portability and Accountability Act of 1996 (HIPAA)
• False Claims Act
• Federal Acts and other special legislation
Chapter 2 40
Federal Laws
• Civil False Claims Act
• Social Security Act
• Health Insurance Portability and Accountability Act of 1996 (HIPAA)
• Federal Acts and other special legislation
Created the Health Care Fraud and AbuseControl Program to uncover fraud and abuse
in Medicare and Medicaid programs.
Chapter 2 41
Federal Laws
• Civil False Claims Act
• Social Security Act
• Health Insurance Portability and Accountability Act of 1996 (HIPAA)
• Federal Acts and other special legislation
•Antikickback staute•Self-referral prohibitions (Stark Law)
•Sarbanes-Oxley Act
Chapter 2 42
Enforcement and Penalties
HIPAA – Enforced by the Office for Civil Rights (OCR) and CMS
Fraud and Abuse – Enforced by the Office of the Inspector General (OIG)
Penalties may be civil or criminal (the Department of Justice involved)
Chapter 2 43
Compliance Plans
Parts of a compliance plan:1. Consistent written policies and procedures2. Appointment of a compliance officer and committee3. Training4. Communication5. Disciplinary systems6. Auditing and monitoring 7. Responding to and correcting errors
Chapter 2 44
Compliance Plans
Compliance officer and committee
• Communication between the office staff and compliance officer encourages staff to report suspected fraud and/or abuse.
• A fraud and abuse “hotline” may be created.
Chapter 2 45
Compliance Plans
Code of conduct
• A statement of conduct promotes a clear commitment to compliance.
• The commitment can include a process to identify offenses and apply corrective action through internal investigation and publicized disciplinary guidelines.
Chapter 2 46
Compliance Plans
Ongoing training
• Assures compliance with latest rules and regulations by establishing training programs for all professional and support personnel.
• The training includes physicians and all billing and coding personnel.
Recommended