providers evaluation of a patients condition and decision on a course of treatment to manage it
HIPAA security rule
law requiring covered entities to establish safeguards to protect information. Specifies how to secure information on computers, internet or storage disks.
TPO (treatment, payment and health care operations)
legitimate reasons for the sharing of patients protected health information without authorization
DRS (designated record set)
covered entitys records that contain protected health information for providers and the medical/financial patient record
minimum necessary standard
principle that individually identifiable health information should be disclosed only to the extent needed (not whole record)
(CMS) Centers for Medicare and Medicaid Services
administers the Medicare and Medicaid
programs to more than 90 million Americans.
entities that obey HIPAA regulations
Health Plans Health.
Care Providers. Health Care Clearinghouses. Business Associates
(NPP) notice of privacy practice
Covered entities must give each patient at the first contact or encounter.
a method of converting a message into encoded text
-the process of encoding information in such a way that only the person (or computer) with the key can decode it
Stark Rules, Antikickback Statute, and 2010 Affordable Care Act
all laws which regulate fraud and abuse.
Department of Justice (DOJ)
handles HIPAA criminal violations related to kidnapping, robbery, and arson.
-OCR or CMS receives a complaint that may lead to a criminal case, to what entity will the agency usually refer the complaint for investigation
be one of the practice's physicians, the practice manager, or the billing manager.
The American Recovery and Reinvestment act (ARRA) of 2009
contains additional provisions concerning the standards for electronic transmission of health care data.
HIPAA Electronic Health Care Transactions and Code Set standards
standards specify certain code sets for diagnoses, procedures, and supplies.
The person who is making the accusation of fraurd or abuse under the False Claims Act
-In qui tam, or whistleblower, cases the person who makes the accusation of suspected fraud
helps a medical practice prevent fraud and abuse relating to reimbursement for services and procedures.
-should set up procedures to audit and monitor compliance with government regulations.
-should address the topics of coding and billing.
An impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of PHI and also that could pose a significant risk of financial, reputational, or other harm to the affected person
The HIPAA Electronic Health Care Transaction and Code Sets (TCS)
standards make it possible for physicians and health plan to exchange electronic data using a standard format and standard code sets
The Health Care Fraud and Abuse Control Program
HIPAA created to uncover and prosecute fraud and abuse
providers evaluation of a patients condition and decision on a course of treatment to manage it.