Presentation is loading. Please wait.

Presentation is loading. Please wait.

CHAPTER 2 Electronic Health Records, HIPAA, and HITECH: Sharing and Protecting Patients’ Health Information.

Published byScot Preston Modified over 6 years ago

Similar presentations

Presentation on theme: "CHAPTER 2 Electronic Health Records, HIPAA, and HITECH: Sharing and Protecting Patients’ Health Information."— Presentation transcript:

1 CHAPTER 2 Electronic Health Records, HIPAA, and HITECH: Sharing and Protecting Patients’ Health Information

2 Chapter 2: Electronic Health Records, HIPAA, and HITECH
See the ten-step Revenue Cycle figure (at the beginning of the chapter). This chapter focuses on the following steps: Preregister patients Establish financial responsibility Check in patients Review coding compliance Review billing compliance Check out patients Prepare and transmit claims Monitor payer adjudication Generate patient statements Follow up payments and collections

3 Learning Outcomes (1) When you finish this chapter, you should be able to: 2.1 Explain the importance of accurate documentation when working with medical records. 2.2 Compare the intent of HIPAA, HITECH, and ACA laws. 2.3 Describe the relationship between covered entities and business associates. 2.4 Explain the purpose of the HIPAA Privacy Rule. 2.5 Briefly state the purpose of the HIPAA Security Rule. 2.6 Explain the purpose of the HITECH Breach Notification Rule.

4 Learning Outcomes (2) When you finish this chapter, you should be able to: 2.7 Explain how the HIPAA Electronic Health Care Transactions and Code Sets standards influence the electronic exchange of health information. 2.8 Describe the four final rules in the Omnibus Rule. 2.9 Explain how to guard against potentially fraudulent situations. 2.10 Assess the benefits of a compliance plan.

5 Key Terms (1) clearinghouse abuse code set
accountable care organization (ACO) accounting of disclosure Affordable Care Act (ACA) audit authorization breach breach notification business associate (BA) Centers for Medicare and Medicaid Services (CMS) clearinghouse code set compliance plan covered entity (CE) de-identified health information designated record set (DRS) documentation electronic data interchange (EDI) encounter

6 Key Terms (2) encryption evaluation and management (E/M) fraud
Health Care Fraud and Abuse Control Program health information exchange (HIE) Health Information Technology for Economic and Clinical Health (HITECH) Act Health Insurance Portability and Accountability Act (HIPAA) of 1996 HIPAA Electronic Health Care Transactions and Code Sets (TCS) HIPAA National Identifiers HIPAA Privacy Rule HIPAA Security Rule informed consent malpractice

7 Key Terms (3) Office of E-Health standards and Services (OESS)
meaningful use medical documentation and revenue cycle medical record medical standards of care minimum necessary standard National Provider Identifier (NPI) Notice of Privacy Practices (NPP) Office for Civil Rights (OCR) Office of E-Health standards and Services (OESS) Office of the Inspector General (OIG) Omnibus Rule operating rules password protected health information (PHI) relator transaction treatment, payment, and healthcare operations (TPO)

8 2.1 Medical Record Documentation: Electronic Health Records (1)
Medical record contains facts, findings, and observations about the patient’s health Documentation: recording and organizing a patient’s medical record in a consistent manner Including health history, examinations, tests, treatment Must be complete

9 2.1 Medical Record Documentation: Electronic Health Records (2)
Medical standards of care—state-specified performance measures for healthcare delivery Medical professional liability: responsibility of healthcare professionals to provide standard of care Malpractice—failure to use professional skill when giving medical services that results in injury or harm Medical records and documentation act as legal documents; can defend physician in legal cases Medical record provides rationale for medical necessity (services essential for treatment of the medical problem)

10 2.1 Medical Record Documentation: Electronic Health Records (3)
EHR vs. EMR Electronic health record (EHR)—computerized lifelong healthcare record with data from all sources Electronic medical record (EMR)—computerized record of one physician’s encounters with a patient Advantages of EHR Immediate access to health information Computerized physician order management Clinical decision support Automated alerts and reminders Electronic communication and connectivity Patient support Administration and reporting Error reduction

11 2.1 Medical Record Documentation (1)
Encounter—a visit between a patient and a medical professional Must contain specific types of information (name, date, diagnosis, etc.) Evaluation and Management (E/M)—provider’s evaluation of a patient’s condition, and decision on a course of treatment Common formats include POMR POMR (problem-oriented medical record) SOAP (subjective, objective, assessment, plan) H&P (history and physical) DS (discharge summary) Procedure reports for operations, labs, and x-rays

12 2.1 Medical Record Documentation (2)
Informed consent—process by which a patient authorizes medical treatment after a discussion with a physician Revenue Cycle with Medical Documentation (see Figure 2.3) Explains how EHR is integrated with PM (practice management) programs during the 10-step revenue cycle Both billing information and clinical information are collected from the patient and documented Insurance specialists must understand PM/EHR cycle so they can find the documentation to complete claims

13 2.2 Healthcare Regulation: HIPAA, HITECH, and ACA (1)
Federal Regulation Centers for Medicare and Medicaid Services (CMS)—the main federal government agency responsible for healthcare (Medicare, Medicaid, clinical laboratories, and other government health programs) State Regulation States are also a major regulator State insurance commissioners investigate healthcare consumer complaints State laws require licensing to operate an insurance company States may restrict price increases and require certain policy provisions

14 2.2 Healthcare Regulation: HIPAA, HITECH, and ACA (2)
Health Insurance Portability and Accountability Act (HIPAA) of 1996 Federal act with guidelines for standardizing the electronic data interchange of administrative and financial healthcare transactions, exposing fraud and abuse, and protecting and securing PHI Protects private health information, ensures coverage, uncovers fraud and abuse, and creates industry standards

15 2.2 Healthcare Regulation: HIPAA, HITECH, and ACA (3)
American Recovery and Reinvestment Act (ARRA) law with provisions concerning standards for electronic transmission of healthcare data Contains the HITECH Act—law promoting the adoption and meaningful use of health information technology Meaningful use signifies utilization of certified EHR technology to improve quality, efficiency, and patient safety; includes financial incentive for providers Regional extension centers (RECs) assist with transition to EHR Health information exchange (HIE) makes it possible to share health-related information among provider organizations

16 2.2 Healthcare Regulation: HIPAA, HITECH, and ACA (4)
Affordable Care Act (ACA) Health system reform legislation that offers improved insurance coverage and other benefits Offers incentives to form accountable care organizations (ACOs) ACO—network of doctors and hospitals who share responsibility for managing quality and cost of care provided to a group of patients Goals of ACO—improve quality, save money, avoid unnecessary tests and procedures

17 2.3 Covered Entities and Business Associates (1)
Covered Entity (CE) Healthcare organization (health plan, clearinghouse, provider, or business associate) that transmits HIPAA-protected information electronically Must obey HIPAA regulations Clearinghouse Company that converts nonstandard transactions into standard transactions and transmits the data to health plans (and the reverse procedure) Business associate (BA) Organizations that work for covered entities but are not themselves CEs (law firms; outside medical billers, coders, and transcriptionists; collection agencies; accountants)

18 2.3 Covered Entities and Business Associates (2)
HIPAA Administrative Simplification provisions HIPAA Privacy Rule: The privacy requirements cover patients’ health information. HIPAA Security Rule: The security requirements state the administrative, technical, and physical safeguards that are required to protect patients’ health information HIPAA Electronic Transaction and Code Sets Standards: Require every provider who does business electronically to use the same healthcare transactions, code sets, and identifiers

19 2.3 Covered Entities and Business Associates (3)
Medical record belongs to the provider who created it Patients control how medical information is released (with some exceptions) Important for insurance specialists to know what (and how) information can be released Electronic data interchange (EDI)—computer-to-computer exchange of data in a standardized format Transaction—the electronic exchange of healthcare information

20 2.4 HIPAA Privacy Rule (1) HIPAA Privacy Rule—law regulating use and disclosure of patients’ protected health information (PHI) Protected health information (PHI)—individually identifiable health information transmitted or maintained by electronic media Both use and disclosure of PHI are necessary and permitted for patients’ treatment, payment, and healthcare operations (TPO) Treatment—providing care Payment—exchange of information with health plan Operations—general business management

21 2.4 HIPAA Privacy Rule (2) Minimum necessary standard—principle of using reasonable safeguards to disclose PHI only to the extent needed Designated record set (DRS)—CE’s records that contain PHI Notice of Privacy Practices (NPP)—description of a CE’s principles and procedures related to protection of patients’ health information Accounting for disclosure – documentation of release of information other than for PTO

22 2.4 HIPAA Privacy Rule (3) For use or disclosure other than TPO, a CE must have the patient sign an authorization (written permission) Psychotherapy notes have special protection Health information can be released without authorization for some reasons other than TPO: Court orders Workers’ compensation cases Statutory reports Research Self-pay (patient payment) requests for restrictions De-identified health information—medical data from which individual identifiers have been removed

23 2.5 HIPAA Security Rule The HIPAA Security Rule requires CEs to establish safeguards to protect PHI Encryption—method of converting a message into encoded text Security Measures Secure Internet connections Access control, password (confidential authentication information = the key), and log files Backups Security policies

24 2.6 HITECH Breach Notification Rule
Health Information Technology for Economic and Clinical Health (HITECH) Act requires CEs to notify affected individuals following the discovery of a breach of unsecured health information Breach—impermissible use or disclosure of PHI that could pose significant risk to the affected person Breach notification—document notifying an individual of a breach (usually required within 60 days)

25 2.7 HIPAA Electronic Health Care Transactions and Code Sets
HIPAA Electronic Health Care Transactions and Code Sets (TCS) Rule governing electronic exchange of health information Operating rules improve interoperability between data systems of different entities Under HIPAA, a code set is any group of codes used for encoding data elements HIPAA National Identifiers Identification systems for employers, healthcare providers, health plans, and patients National Provider Identifier (NPI)—unique ten-digit identifier assigned to each provider Employer Identification Number (EIN)—used when employers enroll/disenroll employees in a health plan

26 2.8 Omnibus Rule and Enforcement (1)
Omnibus Rule—set of regulations enhancing patients’ privacy protections and rights to information, and the government’s ability to enforce HIPAA Four final rules: Strengthen previous HIPAA/HITECH rules Increase monetary penalties for violations Restate the standard for reporting breaches Prohibit health plans from using or disclosing genetic information for determining insurance coverage Audit—formal examination of a physician’s or payer’s records

27 2.8 Omnibus Rule and Enforcement (2)
Government agencies that enforce HIPAA: Office for Civil Rights (OCR)—government agency that enforces the HIPAA privacy standards and investigates civil complaints on behalf of an individual Department of Justice (DOJ)—prosecutes criminal violations of HIPAA privacy standards Office of E-Health Standards and Services (OESS)—part of CMS—enforces: Transaction and Code Set (TCS) Rule National Employer Identification (EIN) Rule National Provider Identifier (NPI) Rule

28 2.8 Omnibus Rule and Enforcement (3)
Government agencies that enforce HIPAA (cont.) Office of Inspector General Authority to investigate suspected fraud and audit records of physicians and payers Innocent errors will be distinguished from clear patterns of practice Civil and Criminal Money Penalties Most complaints settled by voluntary compliance HITECH has tiered system for monetary penalties for privacy violations CMS and OCR can supersede HITECH limits $1.5 million dollars is current cap for a calendar year for the same type of violation

29 2.9 Fraud and Abuse Regulations (1)
Fraud—intentional deceptive act to obtain a benefit by taking advantage of another person Example—forging another person’s signature Abuse—action that improperly uses another’s resources In federal law, abuse means an action that misuses money allocated by the government Example—billing Medicare for an unnecessary ambulance service May not be intentional and could result from ignorance or inaccuracy

30 2.9 Fraud and Abuse Regulations (2)
HIPAA created the Health Care Fraud and Abuse Control Program to uncover and prosecute fraud and abuse in federal healthcare programs The HHS Office of the Inspector General (OIG) has the task of detecting healthcare fraud and abuse and enforcing all related laws Has authority to investigate suspected fraud cases and to audit records of physicians and payers Relator—person who makes an accusation of fraud or abuse

31 2.10 Compliance Plans (1) Compliance plan—medical practice’s written plan for complying with regulations Used to uncover compliance problems and correct them to avoid risking liability A process for finding, correcting, and preventing illegal medical office practices Changing mandate Compliance plans soon will be mandated by law rather than voluntary

32 2.10 Compliance Plans (2) Compliance plan areas Compliance plan goals
Coding and billing procedures Equal Employment Opportunity (EEO) regulations Occupational Safety and Health Administration regulations (OSHA) Compliance plan goals Prevent fraud and abuse through a formal process Ensure compliance with federal, state, and local laws Defend the practice if investigated or prosecuted for fraud

33 2.10 Compliance Plans (3) Compliance officer and committee
Compliance officer is in charge of ongoing work and can be a physician, practice manager, or billing manager Compliance committee is established to oversee the entire program Error and omission insurance may be recommended as part of a compliance guideline for the healthcare facility’s employees

34 2.10 Compliance Plans (4) Code of Conduct
Procedures for ensuring compliance with laws relating to referral arrangements Provisions for discussing compliance during employees’ performance reviews and for disciplinary action against employees, if needed Mechanisms to encourage employees to report compliance concerns directly to the compliance officer

35 2.10 Compliance Plans (5) Ongoing training
Physicians must be trained in pertinent coding and regulatory matters as part of the compliance plan Medical office and staff members involved with coding and billing must also receive ongoing training as part of the compliance plan Usually conducted by compliance officer Keep sessions brief and straightforward Focus sessions on specialty area Use actual examples Explain benefits of compliance Use meetings or newsletters as communication methods *end of presentation*

Download ppt "CHAPTER 2 Electronic Health Records, HIPAA, and HITECH: Sharing and Protecting Patients’ Health Information."

Similar presentations

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
CHAPTER © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2 HIPAA, HITECH, and Medical Records.

CHAPTER © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2 HIPAA, HITECH, and Medical Records.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.

Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
POP QUIZ!! What does CMS stand for? What does HIPAA stand for?

POP QUIZ!! What does CMS stand for? What does HIPAA stand for?
2 HIPAA, HITECH, and Medical Records. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records.

2 HIPAA, HITECH, and Medical Records. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records.

Similar presentations

Ads by Google