© 2016 McGraw-Hill Education. All rights reserved. Ch 8 Privacy, Security and Fraud

© 2016 McGraw-Hill Education. All rights reserved.. Key Terms American Recovery and Reinvestment Act (ARRA) breach covered entities Criminal Health Care Fraud Statute de-identify electronic health record (EHR) electronic medical record (EMR) encryption 8-2

© 2016 McGraw-Hill Education. All rights reserved.. Key Terms (cont.) Federal Anti- Kickback Law Federal False Claims Act firewall Health Information Technology for Economic and Clinical Health Act (HITECH) limited data set permission privacy protected health information (PHI) Stark Law state preemption 8-3

© 2016 McGraw-Hill Education. All rights reserved. Learning Outcomes 8.1Discuss U.S. constitutional amendments and privacy laws that pertain to health care. 8.2 Explain HIPAA’s special requirements for disclosing protected health information. 8.3Discuss laws implemented to protect the security of health care information as health records are converted from paper to electronic form. 8-4

© 2016 McGraw-Hill Education. All rights reserved. Learning Outcomes (cont.) 8.4 Discuss the federal laws that cover fraud and abuse within the health care business environment and the role of the Office of the Inspector General in finding billing fraud. 8.5 Discuss patient rights as defined by HIPAA, the Patient Protection and Affordable Care Act, and other health care entities. 8-5

© 2016 McGraw-Hill Education. All rights reserved. Privacy Freedom from unauthorized intrusion Right to privacy derived from amendments to the U.S. Constitution –First, Third, Fourth, Fifth, Ninth and Fourteenth Amendments to Constitution 8-6

© 2016 McGraw-Hill Education. All rights reserved. Basis for Privacy Laws Information collected and stored about individuals should be limited to what is necessary to carry out the functions of the business or government agency collecting the information Once it is collected, access to personal information should be limited to those employees who must use the information in performing their jobs 8-7

© 2016 McGraw-Hill Education. All rights reserved. Federal Privacy Laws Personal information cannot be released outside the organization without permission of the subject The person should know that the information is being collected and should have the opportunity to check the information for accuracy 8-8

© 2016 McGraw-Hill Education. All rights reserved. HIPAA Standards Standard 1. Transactions and Code Sets Standard 2. Privacy Rule Standard 3. Security Rule Standard 4. National Identifier Standards 8-9

© 2016 McGraw-Hill Education. All rights reserved. HIPAA Standard 2: Privacy Protected health information (PHI) must be protected against unauthorized disclosure, whether it is –Spoken –Written –In electronic form 8-10

© 2016 McGraw-Hill Education. All rights reserved. HIPAA Permissions Disclosures to patients Use or disclosure for treatment, payment, or health care operations –Covered entities may receive patient information Uses and Disclosures with Opportunity to Agree or Object –Informal permission that clearly allows individual to agree or object 8-11

© 2016 McGraw-Hill Education. All rights reserved. HIPAA Permissions (cont.) Incidental uses and disclosures –Reasonable precautions between health care providers Public Interest and Benefit Activities –12 national priorities Limited data set –Used in research –Specific, direct identifiers removed 8-12

© 2016 McGraw-Hill Education. All rights reserved. Medical vs. Electronic Record Electronic medical record (EMR) –Contains information from just one provider or facility Electronic health record (EHR) –Comprehensive record focused on total health of the patient –May contain information from many providers or facilities 8-13

© 2016 McGraw-Hill Education. All rights reserved. HIPAA’s Security Rule Requirements for maintaining the security of electronic health records –Transmission –Storage Substantial fines if found to be in non- compliance Breach –Unauthorized acquisition 8-14

© 2016 McGraw-Hill Education. All rights reserved. HIPAA Security Run a complete risk assessment Be prepared for a disaster Train all employees in proper computer use Buy products with security and compatibility in mind Collaborate with all compliance-affected parties 8-15

© 2016 McGraw-Hill Education. All rights reserved. HITECH Rule Strengthened HIPAA protections by: –Extending compliance with rules to business associates –Prohibiting sale of information without permission –Expanding individual rights to electronically access PHI –Prohibiting use of genetic information for insurance purposes 8-16

© 2016 McGraw-Hill Education. All rights reserved. HITECH Rule (cont.) –Finalizing breach notification requirements –Expanding individuals’ rights to restrict access to certain information –Limiting use and disclosure of PHI for marketing and fundraising –Improving access for schools to immunization records –Removing privacy rule from individual deceased more than 50 years 8-17

© 2016 McGraw-Hill Education. All rights reserved. Fraud and Abuse in Health Care Estimates vary, but approximately $1.2 trillion a year is wasted or abused in health care Fraudulent spending is not always separated from total health care dollars Fraud continues to increase Fraud is often undetected 8-18

© 2016 McGraw-Hill Education. All rights reserved. Office of the Inspector General Nationwide network of auditors, investigators, and evaluators Responsible for more than 300 federal health care programs Oversees enforcement of: –Federal False Claims Act –Federal Anti-Kickback Law –Stark Law –Criminal Health Care Fraud Statute 8-19

© 2016 McGraw-Hill Education. All rights reserved. Federal False Claims Act Allows individuals to bring civil actions on behalf of the Federal government for false claims Qui tam is a Latin term that is commonly applied –Whistleblowers may share in any court- awarded damages 8-20

© 2016 McGraw-Hill Education. All rights reserved. Federal Anti-Kickback Law Knowingly and willfully receiving or paying anything of value to influence referral of federal health care program business is against the law Possible punishment: –Fines –Prison term –Loss of participation in federal programs 8-21

© 2016 McGraw-Hill Education. All rights reserved. Stark Law Physicians or members of their immediate family with a financial interest are restricted from referring patients to entities owned by the physician Applies to Medicare and Medicaid programs 8-22

© 2016 McGraw-Hill Education. All rights reserved. Criminal Health Care Fraud Statute Prohibits knowingly or willingly executing a scheme, or attempting to execute a scheme, with the intent to: –Defraud any health care program –Obtain by false pretenses, representations, or promises any money or property under the control of any health care benefit program 8-23

© 2016 McGraw-Hill Education. All rights reserved. Comparison of Anti-Kickback Law and Stark Law 8-24

© 2016 McGraw-Hill Education. All rights reserved. Patients’ Bill of Rights Unofficial but effective methods at the federal level exist to provide patients with rights –HIPAA Variety of rights regarding PHI –Patient Protection and Affordable Care Act Phase out annual lifetime limits to coverage No longer can limit or deny coverage to patients under 19 with pre-existing condition Cover children up to age 26 on parents’ health insurance 8-25

© 2016 McGraw-Hill Education. All rights reserved. Patients’ Bill of Rights (cont.) American Hospital Association –Had an unofficial bill of rights –Now has a Patient Care Partnership document that is available on their website Some individual states have enacted Patients’ Bills of Rights 8-26