Medical Insurance Ch 2

Helpfulness: 0
Set Details Share
created 5 years ago by jesse8888
520 views
Term, definition
Subjects:
pharmacy
show moreless
Page to share:
Embed this setcancel
COPY
code changes based on your size selection
Size:
X
Show:
1

Centers for Medicare and Medicaid Services (CMS)

main federal government agency responsible for health care

2

What does the CMS do?

1. Regulating all laboratory testing other than research performed on humans

2. Preventing discrimination based on health status for people buying health insurance

3. Researching the effectiveness of various methods of health care management, treatment, and financing

4. Evaluating the quality of health care facilities and services

3

Health Insurance Portability and Accountability Act (HIPAA) of 1996

law designed to protect people's private health information, ensure health coverage for workers and their families when they change or lose jobs, and uncover fraud and abuse

4

medical records

patient's medical files and other clinical materials that are legal documents belonging to the pharmacy that created them

5

What are the 3 parts to HIPAA's Administrative Simplification provisions?

1. HIPAA Privacy Rule

2. HIPAA Security Rule

3. HIPAA Electronic Health Care Transactions and Code Sets standards

6

covered entities

organizations that electronically transmit any information that is protected by HIPAA

7

Under HIPAA, three types of covered entities must follow the regulations. They are:

1. Health plans

2. Health care clearinghouses

3. Health care providers

8

clearinghouses

companies that help providers handle electronic transactions such as pharmacy claims

9

business associates

in HIPAA terms, agencies that must comply with the law in order to do business with covered entities such as law firms, accountants, IT, contractors, transcription companies, compliance, consultants, and collection agencies.

10

HIPAA privacy rule

the first comprehensive federal protection for the privacy of health information

11

The HIPAA Privacy Rule says that covered entities must:

1. Have a set of privacy practices that are appropriate for its health care services

2. Notify patients about their privacy rights and how their information can be used or disclosed

3. Train employees so that they understand the privacy practices.

4. Appoint a privacy official responsible for seeing that the privacy practices are adopted and followed

5. Safeguard patients' records

12

protected health information (PHI)

individually identifiable health information that is transmitted or maintained by electronic media

This information includes

1. name

2. address

3. names of relatives and employers

4. birth date

5. telephone numbers

6. fax number

7. e-mail address

8. social security number

9. medical and/or pharmacy record number

10. health plan beneficiary number

11. account number

12. certificate or license number

13. serial number of any vehicle or other device

14. website address

15. fingerprints or voiceprints

16. photographic images

13

treatment, payment, and health care operations (TPO)

term referring to providing and coordinating a patient's medical care, the exchange of information with health plans, and general business management functions

14

minimum necessary standard

precautions a covered entity must take to limit the usage of protected health information by taking reasonable safeguards to protect it from incidental disclosure

The minimum necessary standard does not apply to any type of disclosure - oral, written, phone, fax, e-mail, or other - among providers for treatment purposes.

15

designated record set (DRS)

medication and billing records a pharmacy maintains

16

Patients have what rights within the DRS?

1. Access, copy, and inspect their PHI.

2. Request amendments to their health information

3. Obtain accounting of most disclosures of their health information.

4. Receive communications from pharmacies via other means, such as in Braille or in foreign languages.

5. Complain about alleged violations of the regulations and the pharmacy's own information policies.

17

Notice of Privacy Practices (NPP)

document explaining how patients' protected health information may be used and describing their rights.

Covered entities must give each patient a notice of privacy practices at the first contact or encounter.

18

authorization

document a patient must sign for a covered entity to use or disclose information other than for TPO

19

An authorization must include what?

1. A description of the information to be used or disclosed

2. The name or other specific identification of the person(s) authorized to use or disclose the information.

3. The name of the person(s) or group of people to whom the covered entity may make the use or disclosure

4. A description of each purpose of the requested use or disclosure

5. An expiration date

6. The signature of the individual (or authorized representative) and the date

7. A statement of the individual's right to revoke the authorization in writing

8. A statement about whether the covered entity is able to base treatment, payment, enrollment, or eligibility for benefits on the authorization

9. A statement that information used or disclosed after the authorization may be disclosed again by the recipient and may no longer be protected by the rule.

20

Requests for Information other Than for TPO. The exceptions are:

1. court orders

2. Workers' compensation cases

3. Statutory reports

4. Research

21

subpoena

order of the court directing a party to appear and testify

22

subpoena duces tecum

order of the court directing a party to appear, testify, and bring specified documents or items.

23

de-identified health information

health information that neither identifies nor provides a reasonable basis to identify an individual

There are no restrictions on the use or disclosure of de-identified health information.

24

HIPAA Security Rule

rule that requires covered entities to establish safeguards to protect a patient's protected health information.

25

encryption

process of encoding information in such a way that only the person or computer with key can decode it

26

password

key to information for individuals who have been granted access rights.

27

HIPAA Electronic Health Care Transactions and Code Sets (TCS)

code sets that make it possible for providers and health plans to exchange data using a standard format and standard code sets

28

transactions

electronic data that are regularly sent back and forth between providers, health plans, and employers.

29

code set

any group of codes used for encoding data elements

30

ICD-9-CM

mandated code set for diagnoses under TCS

31

Current Procedural Terminology (CPT)

mandated code set for physician procedures and services under TCS

32

Healthcare Common Procedure Coding System (HCPCS)

mandated code set for reporting supplies, orthotic and prosthetic devices, and durable medical equipment under TCS

33

HIPAA National Identifiers

numbers of predetermined length and structure used for identification purposes

They are used to identify employers, health care providers, health plans, and patients.

34

National Provider Identifier (NPI)

standard for the identification of providers when filing claims and other transactions

35

NCPDP Provider Identification Number

provides pharmacies with a unique national identifier for use in interactions with payers and claim processors

36

Medicare Prescription Drug Improvement and Modernization Act of 2003 (MMA)

provided seniors and individuals with disabilities access to prescription drug plans with more choices and better benefits.

37

Prescription Drug Equity Act of 1997

prohibits a prescription drug plan from providing mail-order coverage without also providing non-mail-order prescription benefits.

38

Health Care Fraud and Abuse Control Program

program created to uncover and prosecute fraud and abuse

39

Office of the Inspector General (OIG)

detects health care fraud and abuse and enforces all laws relating to them.

40

qui tam

whistle-blower cases

41

relator

person who makes an accusation of suspected fraud

42

fraud

act of deception used to take advantage of another person

43

abuse

action that misuses money that the government has allocated

44

corporate integrity agreement

compliance action under which a provider's Medicare billing is monitored by the Office of the Inspector General

45

Office for Civil Rights (OCR)

enforcer of HIPAA privacy regulations

46

audit

methodical examination of selected pharmacy records.

47

respondeat superior

law stating that an employer is responsible for employees' actions

48

compliance plans

plans a pharmacy practice writes and implements to uncover compliance problems and correct them to avoid risking liability

49

According to OIG, voluntary plans should contain seven elements:

1. Consistent written policies and procedures

2. Appointment of a compliance officer and committee

3. Training

4. Communication

5. Disciplinary systems

6. Auditing and monitoring

7. Responding to and correcting errors