Fraudulent billing practices represent a major compliance risk for healthcare organizations. High-risk billing practices include: billing for noncovered services, altered claim forms, duplicate billing, misrepresentation of facts on a claim form, failing to return overpayments, unbundling, billing for medically unnecessary services, overcoding and upcoding, billing for items or services not rendered, and false cost reports (Bowman 2017, 440-441, 466).
The federal Fair and Accurate Credit Transactions Act (FACTA) requires financial institutions and creditors to develop and implement written identity theft programs that identify, detect, and respond to red flags that may signal the presence of identity theft. There are five categories of red flags that are used as triggers to alert the organization to a potential identity theft (16 CFR Part 681). The categories are: Alerts, notifications, or warnings from a consumer reporting agency; Suspicious documents; Suspicious personally identifying information such as a suspicious address; Unusual use of, or suspicious activity relating to, a covered account; Notices from customers, victims of identity theft, law enforcement authorities, or other businesses about possible identity theft in connection with an account (Rinehart-Thompson 2016b, 248).
The basic functions of healthcare risk management programs are similar for most organizations and should include which of the following?
a. Reporting of claims, initial investigation of claims, protection of primary and secondary health records, negotiation of settlements, management of litigations, and use of information for claim's resolution in performance management activities
b. Risk acceptance, risk avoidance, risk reduction or minimization, and risk transfer
c. Safety management, security management, claims management, technology management, and facilities management
d. Risk identification and analysis, loss prevention and reduction, and claims management
HIPAA requires a covered entity to establish policy to ensure that protected health information could not identify a specific individual. One method used to meet this deidentification standard is the expert determination model. The expert determination model requires these four steps:
Determine the statistical and scientific method to be used to determine the risk of reidentification
Analyze and assess the risk to the deidentified data
The expert applies the method to the deidentified data
The facility should choose the expert for the deidentification analysis
What is the correct order in which these steps should be performed?
a. 4, 1, 2, 3
b. 1, 2, 3, 4
c. 2, 4, 3, 1
d. 4, 1, 3, 2
Some EHR users prefer to copy and paste text from existing documents in order to speed up the documentation process. Allowing this practice should be assessed carefully as certain risks are inherent in the use of copy functionality. These tools, if used inappropriately, may undermine the clinical decision-making process. Specific risks to documentation integrity of using copy functionality include: inaccurate or outdated information that may adversely impact patient care, inability to identify the author or what they thought, inability to identify when the documentation was created, inability to accurately support or defend E/M codes for professional or technical billing notes, propagation of false information, copying the wrong information into the wrong patient's chart, and internally inconsistent progress notes. Because of these issues, the healthcare facility should have policies and procedures in place that are related to the copying and pasting of free text in the EHR. Similar to documentation in paper-based records, individuals who document in the EHR must be held accountable for their entries (Sayles 2016b, 69).