providers evaluation of a patients condition and decision on a course of treatment to manage it
TPO (treatment, payment and health care operations)
legitimate reasons for the sharing of patients protected health information without authorization
DRS (designated record set)
covered entitys records that contain protected health information for providers and the medical/financial patient record
minimum necessary standard
principle that individually identifiable health information should be disclosed only to the extent needed (not whole record)
patients medical record
contains facts findings and observations about patients health history
EHR (electronic health record)
contains life long health care record with data from all sources
(CMS) Centers for Medicare and Medicaid Services
administers the Medicare and Medicaid
programs to more than 90 million Americans.
entities that obey HIPAA regulations
Health Plans Health.
Care Providers. Health Care Clearinghouses. Business Associates
(NPP) notice of privacy practice
Covered entities must give each patient at the first contact or encounter.
a method of converting a message into encoded text
-the process of encoding information in such a way that only the person (or computer) with the key can decode it
HIPAA standard code set
separate code set for dental services
Stark Rules, Antikickback Statute, and 2010 Affordable Care Act
all laws which regulate fraud and abuse.
Department of Justice (DOJ)
handles HIPAA criminal violations related to kidnapping, robbery, and arson.
-OCR or CMS receives a complaint that may lead to a criminal case, to what entity will the agency usually refer the complaint for investigation
be one of the practice's physicians, the practice manager, or the billing manager.
The American Recovery and Reinvestment act (ARRA) of 2009
contains additional provisions concerning the standards for electronic transmission of health care data.
abbreviation for the Health Insurance Portability and Accountability Act
release of PHI
treatment, payment, and operations, no authorization is required from the patient.
exceptions under the HIPAA Privacy Rule
National Provider Identifier. Unique 10 digit number a ssigned to each provider.
HIPAA Electronic Health Care Transactions and Code Set standards
standards specify certain code sets for diagnoses, procedures, and supplies.
The person who is making the accusation of fraurd or abuse under the False Claims Act
-In qui tam, or whistleblower, cases the person who makes the accusation of suspected fraud
abbreviation for Office for Civil Rights, which enforces the HIPAA Privacy Rule.
helps a medical practice prevent fraud and abuse relating to reimbursement for services and procedures.
-should set up procedures to audit and monitor compliance with government regulations.
-should address the topics of coding and billing.
When a provider injures a patient due to failure to follow medical standards of care
NOT part of usual evaluation and management services
law made to tighten the HIPAA Privacy Rule
When personal identifiers have been removed, protected health information
An impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of PHI and also that could pose a significant risk of financial, reputational, or other harm to the affected person
The HIPAA Electronic Health Care Transaction and Code Sets (TCS)
standards make it possible for physicians and health plan to exchange electronic data using a standard format and standard code sets
The Health Care Fraud and Abuse Control Program
HIPAA created to uncover and prosecute fraud and abuse
providers evaluation of a patients condition and decision on a course of treatment to manage it.