1 hipaa and medical records chapter 2 © 2010 the mcgraw-hill companies, inc. all rights reserved
TRANSCRIPT
![Page 1: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/1.jpg)
1
HIPAA and Medical Records
Chapter 2
© 2010 The McGraw-Hill Companies, Inc. All rights reserved.
![Page 2: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/2.jpg)
Chapter 2 2
Learning OutcomesAfter studying this chapter, you should be able to:2.1 Discuss the importance of medical records
and documentation in the medical billing process.
2.2 Describe the benefits of electronic healthrecords (EHR).
2.3 Explain the purpose of the HIPAA Privacy Rule.
2.4 Distinguish between a covered entity and a business associate under HIPAA.
![Page 3: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/3.jpg)
Chapter 2 3
Learning Outcomes (Continued)
2.5 Define protected health information (PHI).
2.6 Discuss patients’ authorizations to use or disclose their health information.
2.7 Briefly describe the purpose of the HIPAA Security Rule.
2.8 Describe the HIPAA Electronic Health Care Transactions and Code Sets
standards and the four National Identifiers.
![Page 4: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/4.jpg)
Chapter 2 4
Learning Outcomes (Continued)
2.9 Explain the purpose of the Health Care Fraud and Abuse Control Program and related laws.
2.10 Discuss the ways in which compliance plans help medical practices avoid
fraud and abuse.
![Page 5: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/5.jpg)
Chapter 2 5
Key Terms
• Abuse• Audit• Authorization• Business associate• Centers for
Medicare and Medicaid Services (CMS)
• Certification Commission for Healthcare Information Technology (CCHIT)
• Clearinghouse • Code set• Compliance plan
![Page 6: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/6.jpg)
Chapter 2 6
Key Terms (Continued)
• Covered entity• De-identified health
information• Designated record
set (DRS)• Documentation• Electronic data
interchange (EDI)
• Electronic health record (EHR)
• Encounter• Encryption• Evaluation and
management (E/M)• Fraud
![Page 7: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/7.jpg)
Chapter 2 7
Key Terms (Continued)
• Health Care Fraud and Abuse Control Program
• Health Insurance Portability and Accountability Act (HIPAA) of 1996
• HIPAA Electronic Health Care Transactions and Code Sets (TCS)
• HIPAA Final Enforcement Rule
• HIPAA National Identifier
![Page 8: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/8.jpg)
Chapter 2 8
Key Terms (Continued)
• HIPAA Privacy Rule
• HIPAA Security Rule
• Informed consent• Malpractice• Medical record• Medical standards
of care
• Minimum necessary standard
• National Plan and Provider Enumerator System (NPPES)
• National Provider Identifier (NPI)
• Notice of Privacy Practices (NPP)
![Page 9: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/9.jpg)
Key Terms (Continued)
Chapter 2 9
• Office for Civil Rights (OCR)
• Office of the Inspector General (OIG)
• Password• Protected health
information (PHI)• Qui tam
• Relator• Respondeat superior• Subpoena• Subpoena duces
tecum• Transaction• Treatment,
payment, and health care operations (TPO)
![Page 10: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/10.jpg)
Chapter 2 10
Medical Records: Documentation
• Provide for continuity of care• Aid in communication among health care
providers• Provide data for medical research• Are used for medical education• Help physicians make accurate diagnoses• Document and trace the course of treatment to
prove adherence to medical standards of care
Medical recordsare legal
documents
![Page 11: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/11.jpg)
Chapter 2 11
Medical Record Documentation• Record of each encounter (face-to-face visit)
must be legible and clear• Entries must be signed and dated• Changes must be clearly made• No blank spaces are left between entries• Each patient should have a single record• Records should use consistent vocabulary and
format• Diagnostic information must be easy to locate• Entries must be made promptly
![Page 12: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/12.jpg)
Chapter 2 12
SOAP Format
Subjective
Objective
Assessment
Plan
What the patient reports, chief complaint, symptoms
The physician’s findings fromthe physical exam, lab tests,
vitals signs, etc.
The impression, conclusion,or diagnosis
Treatment and follow up, advice
![Page 13: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/13.jpg)
Chapter 2 13
History and Physical Examination
The initial exam usually entails a history and physical examination. The components of the exam include:
• Chief complaint
• History and physical examination
• Diagnosis
• Treatment plan
![Page 14: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/14.jpg)
Chapter 2 14
More Documentation
Progress Reports
During Treatment Course
• Are documented at follow-up visits
• Explain if the treatment plan should be continued or changed
Discharge Summaries of Final Visit
• Include final diagnosis• Compare patient
statements and doctor’s findings
• Goals achieved?• Patient’s current
condition, status, and final prognosis
• Reason and date of discharge
![Page 15: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/15.jpg)
Procedural services
• Procedural or operative reports
• Laboratory reports
• Radiology reports
• Specific forms as applicable
![Page 16: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/16.jpg)
Termination of Provider-Patient Relationship
• Provider keeps the record
• If provider ends the relationship, the patient is informed in writing
• Termination letter placed in patient’s medical record
![Page 17: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/17.jpg)
Chapter 2 17
Electronic Medical vs. Paper Records
Electronic Health Records
• Are created and maintained electronically
• Are expensive and time-consuming to implement
• Easily permit large amounts of data to be stored, analyzed, and processed
Paper Records• Are created manually
• Are inexpensive to create
• Include handwritten entries in a medical record
What are the pros and consof both types of records?
![Page 18: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/18.jpg)
Chapter 2 18
Billing Tip
• Documentation and billing must be connected for compliance.
IF A SERVICE IS NOT DOCUMENTED, IT SHOULD NOT BE BILLED
![Page 19: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/19.jpg)
Chapter 2 19
Health Care Regulation Federal Regulation
• Centers for Medicare and Medicaid Services (CMS) (formerly HCFA)
– Administers Medicare and Medicaid
– Regulates medical laboratory testing
– Prevents discrimination based on health status
– Assesses the quality of health care facilities
– Researches effectiveness of health care management, treatment, and financing
– Combats fraud and abuse in government-sponsored programs
![Page 20: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/20.jpg)
Chapter 2 20
Health Care RegulationLaws
• Health Insurance Portability and Accountability Act (HIPAA)– Protects peoples’ private health information
– Protects health insurance coverage for employees and their dependents if job status changes
– Uncovers fraud and abuse
– Includes the adoption of standards for electronic transmission in health care industry
![Page 21: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/21.jpg)
Chapter 2 21
Health Care RegulationLaws
State laws• Implement quality and control of
HMOs and PPOs and may require:– business licenses
– financial guidelines
– limitations on premium increases
![Page 22: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/22.jpg)
Chapter 2 22
Ownership of Medical Records• The physical document(s) are the
property of the provider (physician, clinic, or facility) thatcreated them.
• The information contained in the medical record belongs to the patient.
Providers’ responsibilitiesvs. Patients’ rights to their information
![Page 23: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/23.jpg)
Chapter 2 23
HIPAA Administrative Simplification: 3 Rules
• HIPAA Privacy Rule
• HIPAA Security Rule
• HIPAA Electronic Health Care Transactions and Code Sets standards
Regulates the use and disclosure of patients’ PHI
Security requirements needed to protect patients’
PHI
Every provider doing business electronically must use same standards for transactions and code sets
![Page 24: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/24.jpg)
Chapter 2 24
Covered Entities under HIPAA
• Covered entities electronically transmit HIPAA-protected information
• CEs are (1) health plans, (2) health care clearinghouses, and (3) health care providers
• Business associates work for covered entities and include services such as law firms, accounting practices, IT consultants, and collection agencies
![Page 25: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/25.jpg)
Chapter 2 25
HIPAA Privacy Rule
• States that covered entities must:– Have appropriate privacy practices – Notify patients about their privacy rights– Train employees on the privacy practices– Appoint a privacy official responsible for the
adoption and following of privacy practices
– Safeguard patients’ records
![Page 26: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/26.jpg)
Chapter 2 26
PHI
• A patient’s Protected Health Information– Medical record– Other personal health information
that is transmitted or maintained by electronicmedia
![Page 27: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/27.jpg)
Chapter 2 27
PHI
– Name
– Social Security Number
– Address
– Phone
– E-mail address
– Photo images
– Birth date
– Relatives and employers
• Contains individually identifiable health information, such as the patient’s
![Page 28: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/28.jpg)
Chapter 2 28
Use and Disclosure of PHI
• Use = sharing within the entity that holds the patient’s information
• Disclosure = the release of information outside the entity holding the patient’s information
![Page 29: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/29.jpg)
Chapter 2 29
Use and Disclosure of PHI
Necessary and permitted for patients’ TPO
TPO = Treatment
Payment
Operations
Providing and coordinating medical care
The exchange of information with health plans
General business management functions
![Page 30: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/30.jpg)
Chapter 2 30
Use and Disclosure of PHI
Under HIPAA, no patient release of information document is required when PHI is shared for TPO.
The CE must try to limit the information shared to the minimum for the intended purpose—following the minimum necessary standard.
![Page 31: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/31.jpg)
Designated Record Set• Covered entities must disclose certain PHI to patients
called “designated record set.”• Providers = medical and billing records
• Health plans = enrollment, payment, claim decisions, and medical management system data
• Within designated record set, patients can:• Access, copy, and inspect information
• Request amendments
• Obtain accounting of disclosures
• Receive information by other means
• Complain about alleged violations
Chapter 2 31
![Page 32: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/32.jpg)
Chapter 2 32
Notice of Privacy Practices
• HIPAA-mandated document
• Presents the covered entity’s principles and procedures regarding protection of patients’ PHI
• A covered entity must give all patients a copy of its notice
![Page 33: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/33.jpg)
Chapter 2 33
Patient Authorizationto Release Information
Document must be in plain language and include:
• Description of the information to be released
• Who can use or disclose the information
• Who will receive it
• For what purpose
• An expiration date
• Patient’s signature and date
![Page 34: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/34.jpg)
Chapter 2 34
Exceptions to the Privacy Rule
• Court order
• Workers’ compensation cases
• Statutory reports
• Research
• De-identified health information
• Psychotherapy notes
• State statutes may be more stringent
![Page 35: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/35.jpg)
Chapter 2 35
HIPAA Security Rule
Requires medical offices to protect protected health information (PHI) by:
• Encryption—encoding information so that a key is required to retrieve it
• The secure use of computer networks, the Internet, and storage disks
• Using security techniques, such as passwords• Limiting who in a medical office can see the
information• Creating activity logs that show who has accessed, or
tried to access, information
![Page 36: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/36.jpg)
Chapter 2 36
HIPAA Electronic Health Care Transactions and Code Sets
Standard TransactionsExamples: Health care claims, claim status, referral authorizations, payments
Standard Code SetsExamples: ICD-9-CM, CPT, CDT, HCPCS
Financial andadministrative
information regularlyexchanged between
providersand health plans
Coding systems fordiseases;
treatments andprocedures; supplies
![Page 37: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/37.jpg)
Chapter 2 37
HIPAA National Identifiers
• Employers
• Health care providers
• Health plans
• Patients
Employer Identification Number (EIN)
To be releasedby federalgovernmentin future
National Provider Identifier (NPI)
![Page 38: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/38.jpg)
Chapter 2 38
Fraud and Abuse Regulations
Fraud: Act of deception used to take advantage of another person.
• Example – billing when the task was not done
Abuse: Act that misuses public funds.• Example – billing when the task was not
necessary
![Page 39: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/39.jpg)
Chapter 2 39
Federal Laws
• Health Insurance Portability and Accountability Act of 1996 (HIPAA)
• False Claims Act
• Federal Acts and other special legislation
![Page 40: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/40.jpg)
Chapter 2 40
Federal Laws
• Civil False Claims Act
• Social Security Act
• Health Insurance Portability and Accountability Act of 1996 (HIPAA)
• Federal Acts and other special legislation
Created the Health Care Fraud and AbuseControl Program to uncover fraud and abuse
in Medicare and Medicaid programs.
![Page 41: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/41.jpg)
Chapter 2 41
Federal Laws
• Civil False Claims Act
• Social Security Act
• Health Insurance Portability and Accountability Act of 1996 (HIPAA)
• Federal Acts and other special legislation
•Antikickback staute•Self-referral prohibitions (Stark Law)
•Sarbanes-Oxley Act
![Page 42: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/42.jpg)
Chapter 2 42
Enforcement and Penalties
HIPAA – Enforced by the Office for Civil Rights (OCR) and CMS
Fraud and Abuse – Enforced by the Office of the Inspector General (OIG)
Penalties may be civil or criminal (the Department of Justice involved)
![Page 43: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/43.jpg)
Chapter 2 43
Compliance Plans
Parts of a compliance plan:1. Consistent written policies and procedures2. Appointment of a compliance officer and committee3. Training4. Communication5. Disciplinary systems6. Auditing and monitoring 7. Responding to and correcting errors
![Page 44: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/44.jpg)
Chapter 2 44
Compliance Plans
Compliance officer and committee
• Communication between the office staff and compliance officer encourages staff to report suspected fraud and/or abuse.
• A fraud and abuse “hotline” may be created.
![Page 45: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/45.jpg)
Chapter 2 45
Compliance Plans
Code of conduct
• A statement of conduct promotes a clear commitment to compliance.
• The commitment can include a process to identify offenses and apply corrective action through internal investigation and publicized disciplinary guidelines.
![Page 46: 1 HIPAA and Medical Records Chapter 2 © 2010 The McGraw-Hill Companies, Inc. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022013011/5517ac365503460e6e8b60d4/html5/thumbnails/46.jpg)
Chapter 2 46
Compliance Plans
Ongoing training
• Assures compliance with latest rules and regulations by establishing training programs for all professional and support personnel.
• The training includes physicians and all billing and coding personnel.