FCA
False Claims Act (FCA): {"knowing" and "knowingly"}-Federal statue setting civil and criminal penalties to protect the government from being
... [Show More] overcharged or sold substandard goods or services:
-falsely billing the government
-over-representing the amount of a delivered product
....or....
-under-stating an obligation to the government
Minimum Necessary Standard. What should be sent if records are being requested??
The ? requires covered entities to take reasonable steps to limit the disclosure of PHI. Only the dates of service requested should be sent. The PHI would not need to be redacted.
What does PHI stand for?? What does it include??
Protected Health Information-"individually identifiable health information" that includes many common identifiers, such as demographic data, name, address, birth date, and social security number.
If a provider is excluded from federal health plans, what does that mean??
One of the most severe penalties associated with the Social Security Act is the ability of the Office of Inspector General (OIG) to exclude an entity or an individual from participation in any and all federal healthcare programs. This includes Medicare, Medicaid, VA programs, and TRICARE. An excluded individual cannot bill for services, provide referrals, prescribe medications or order services for any beneficiary of a federally administered health plan.
HMO plans require the enrollee to??
To have referrals to see a specialist that is generated by patient's PCP.
HMO plans are managed and overseen by??
The patient's PCP. The PCP is responsible to manage the referrals for panel of patients assigned to them.
The Federal False Claim Act allows for claims to be reviewed for a standard of how many years after an incident??
The federal False Claims Act (31 USC § 3729) allows for claims to be brought up to seven years after the incident, but has been extended to 10 years in some cases, but this is not the standard.
What entities are exempt from HIPAA and not considered to be covered entities?? (3)
HIPAA allows exemption for entities providing only worker's compensation plans, employers with less than 50 employees as well as government funded programs such as food stamps and community health centers.
What is the purpose of the Privacy Rule?
The purpose of the Privacy Rule is to protect individual privacy, while promoting high quality healthcare and public health and well-being.
______, _____, and _____ of Justice are the government agencies enforcing ________??
The Department of Justice (DOJ), the Department of Health & Human Services Office of Inspector General (OIG), and the Centers for Medicare and Medicaid (CMS) are the government agencies that enforce the Federal fraud and abuse laws.
A new radiology company opens in town. The manager calls your practice and offers to pay $20 for every Medicare patient you send to them for radiology services. What does this offer violate??
The Anti-Kickback law-a federal law that makes it a criminal offense to knowingly or willingly offer, pay, solicit, or receive any remuneration to induce or reward referrals of items or services reimbursable by a federal healthcare program.
What are conditions of participation (CoP)??
What types of entities do CoP's apply to for health plans??
CMS and other health plans have conditions that healthcare organizations must meet to participate with the plan or program. CoPs are designed to protect patient health and safety, and to ensure quality of care. These apply to entities such as: ambulatory surgical centers, hospitals, hospices, clinics, psychiatric hospitals, long term care facilities, and transplant centers.
Patient questions and concerns regarding the Privacy Practices in the clinic should be addressed by what party??
HIPAA rules indicate that all entities should designate a Privacy Official that will develop and implement privacy policies and procedures and be a contact person for individuals with questions.
According to the Privacy Rule, what health information may not be de-identified??
Physician provider number.
To de-identify health information, any information that could help identify the patient is removed.
Medical records are requested for a patient for a specific date of service. When records are copied, multiple dates of service are copied and sent in reply to the request. What standard does this violate and under what rule??
The HIPAA Privacy Rule includes guidance for minimum necessary stating the use of PHI should be limited to the minimum necessary. When medical records are requested, records for only the date of service requested should be sent.
A private practice hires a consultant to come in and audit some medical records. Under the Privacy Rule, what is this consultant considered??
Business Associate +Perform certain functions or activities, which involve the use or disclosure of individually identifiable health information, on behalf of another person or organization. -These services include claims processing or administration, data analysis, utilization review, billing, benefit management, and re-pricing. Because the consultant will be auditing medical records, PHI will need to be shared from the practice. The practice would be the covered entity.
Fraud and abuse penalties do NOT include??
Ability to refile claims in question.
+Fraud and abuse penalties are stiff and can include monetary penalties, exclusion from Medicare, Medicaid, and other federal healthcare programs and even imprisonment.
A patient is seen in your clinic. Her husband calls later in the day to ask for information about the visit. The practice pulls the patient's privacy authorization to see if they can speak to the husband. What act does this action fall under??
The Privacy Act is under HIPAA and protects the health information of the patient. According to HIPAA, for the practice to release information to the husband, the patient would have to have signed an authorization.
What actions are considered under the False Claim Act?
Claims can be submitted for drugs unless the drugs were expired or were provided free to the entity. Incident-to claims are legal when the guidelines are adhered to. Releasing of records inappropriately are covered under the Privacy Rule. Relative to healthcare services, examples of fraud or misconduct subject to the False Claims Act include:- Falsifying a medical chart notation- Submitting claims for services not performed, not requested, or unnecessary- Submitting claims for expired drugs- Upcoding and/or unbundling services- Submitting claims for physician services performed by a non-physician provider (NPP) without regard to Incident-to guidelines
What is the standard time frame established for record retention?
There is no single standard record retention requirement, it varies by state and federal regulations. The five year time line is for CMS providers that submit cost reports.
A hospital records transporter is moving medical records from the hospital to an off-site building. During the transport, a chart falls from the box on to the street. It is discovered when the transporter arrives at the off-site building and the number of charts is not correct. What type of violation is this?
A breach-occurs when an impermissible release or disclosure of information is discovered.
What is the length of time that False Claim can be investigated??
7 years
What were the eight standard transactions for electronic data interchange adopted under??
Under HIPAA, provisions were included for Administrative Simplification that mandated HHS to adopt national standards for electronic healthcare transactions and code sets.
When a practice sends an electronic claim to a commercial health plan for payment, what is this considered??
A transaction-the electronic transfer of information between two parties for specific purposes.
How many national priority purposes are under the Privacy Rules for disclosure of specific PHI without an individual's authorization or permission??
There are 12 national priority purposes.
-To strike a balance between the individual interest and public interest for specific PHI, the Privacy Rule permits use and disclosure of this information without an individual's authorization or permission through public interest and benefit activities.
What penalties can be imposed for fraud and/or abuse related to the United States Code??
Exclusion from participation in the Federal healthcare programs and State healthcare programs may be imposed, along with criminal penalties of fines, imprisonment, or both.
-Fraud and abuse carry stiff penalties under 42 USC § 1320a-7a of the United States Code. Civil monetary penalties (CMPs) may be imposed to varying amounts, depending on the type of violation.
Fraud is defined by what and who??
-What are examples??
CMS defines fraud as making false statements or misrepresenting facts to obtain an undeserved benefit or payment from a federal healthcare program.
+CMS lists examples of fraud as:
-Billing for services and/or supplies that you know were not furnished/provider
-Altering claim form/receipts to receive a higher payment amount
-Billing a Medicare patient above the allowed amount
-Billing for services at a higher level than provided/necessary
-Misrepresenting the diagnosis to justify payment
-Falsifying documentation
Internal Revenue Code (of what year) ??
Employer contributions to employee health plans exempt from taxable income.
1954.
Stabilization Act of ??
1942-Wage and price controls placed on employers and allowed adoption of employee insurance plans.
When was Medicare enacted under who and what title??
What did it offer??
Medicare was passed into law on July 30, 1965 by President Lyndon B. Johnson under the title act XVIII of the Social Security Act.
-Automatic enrollment of Part A
-Option to enroll in Part B
HMO Act of ??
Enacted under who, when, and why??
Health Maintenance Organization (HMO) Act of 1973 was passed into law under the Nixon administration to try to help control healthcare costs by authorizing $375 million to assist in establishing and expanding them.
-HMO's overrode state laws that prohibited the establishment of prepaid health plans, and required employers with 25 or more employees to offer an HMO option (if they furnished healthcare to their employees).
PPO
-When were they established?? What is it a part of and what are they??
Preferred Provider Organization (PPO) Is within the framework of manged care health insurance.
-PPO's set up a group of MD's, hospitals, and other healthcare providers to create a network and negotiated predetermined fees with a given carrier.
-PPO's offer members more options in that they don't have to have to maintain a PCP or require referrals.
HIPAA
-When were they established?? What is it a part of and what are they??
Health Insurance Portability and Accountability Act of 1996, was enacted on August 21, 1996 to provide rights and protections for participants and beneficiaries of group health plans.
-Under this law, exclusions for pre-existing conditions were limited, and discrimination against employees (and dependents) based on their behalf.
HCFAC
-When was it enacted, under what, and why??
-Example??
HIPAA established the Health Care Fraud and Abuse Control (HCFAC) program, to combat fraud and abuse in healthcare (both public and private).
-HCFAC is designed to coordinate federal, state, and local law enforcement activities with respect to healthcare fraud and abuse.
-The US Department of Human Health Services (HHS) and the Department of Justice (DOJ) are required to provide an annual report detailing the efforts and the HCFAC annual report details the efforts and recoveries made.
What did HIPAA Administrative Simplification provisions require in 2002??
[Security Rule]
That sections of the law be publicized to explain the standards for the electronic exchange, privacy, and security of health information.
ICD-10-CM
-Utilized by who and when??
International Classification of Diseases, 10th Revision, Clinical Modification (ICD-10-CM)-Endorsed by the World Health Assembly, utilized by the World Health Organization (WHO), and implemented in the US, October 1, 2015.
Privacy Rule
-Under HIPAA, the Privacy Rule sets standards for how an individuals protected health information (PHI) is used. It's purpose is to protect individual privacy, while promoting high quality healthcare and well being.
-All covered entities (healthcare plans, providers, and clearing houses that transmit health information in an electronic format) are required to follow.
PHI
Personal Health Information (PHI):
-Demographic data (name, address, date of birth, social security number)
-Individual's past, present, or future physical or mental health condition
-Provision of healthcare to the individual
-Past, present, or future payment for the provision of healthcare
What is required when using a business associate??
Contract
If a covered entity identifies material breach of a contract agreement with a business associate, after reasonable steps have been taken to cure the breach or end the violation have been unsuccessful and the contract is terminated the problem is reported to:
-This is under what rule??
-The HHS Office for Civil Rights (OCR)
-HIPAA Privacy Rule
According the the ________, an ______ ______ or ______ is "a secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and that occurs as a result of another use or disclosure that is permitted by the rule."
-OCR (Office of Civil Rights)
-Incidental use
or
-disclosure
______ ______ are required to develop and implement policies and procedures to reasonable limit uses and disclosures to the minimum necessary.
Covered entities
The Privacy Practice Notice must: ??
-Clearly explain the covered entity's obligation to protect privacy
-Provide a notice of privacy practices, and abide by the terms of the current notice
-Inform the patient of his or her individual rights
Under the HIPAA Privacy Rule, fully insured group health plans have only 2 obligations. What are they??
(1) Banned from retaliatory acts and waiver of individual rights
(2) To provide documentation for the disclosure of PHI through documentation
The ______ ______ contains ?? and was established by the ?? to establish nation standards to protect and secure patient data that is stored electronically.
-HIPAA Security Rule
-Information on transactions and code sets
-HIPAA Administration Simplification Regulations
The (HIPPA) ______ ______ requires that appropriate ______, ______, and ______ safeguards are in place to ensure confidentiality and security of patient health information.
-Security Rule
-Administrative, physical, and technical
What act requires CMS to implement an incentive program?? -What did it end??
Medicare Access and CHIP Reauthorization Act (MACRA) of 2015 -It ended the Sustainable Growth Rate (which would have significantly cut payment rates for participating Medicare clinicians)
Abuse is defined by what and who??
-What are examples of abuse??
CMS defines abuse as an action that results in unnecessary costs to a federal healthcare program, either directly or indirectly.
+CMS lists examples of abuse as:
-Misusing codes on a claim
-Charging excessively for services/supplies
-Billing for services that were not medically necessary
-Failure to maintain adequate medical or financial records
-Improper billing practices
-Billing Medicare patients at a higher fee schedule than non-Medicare patients
If payment is received in error, the ______ ______ ______ requires the money be returned upon identification of the overpayment, under what provision??
-What does the provision state??
-What must the provider do??
-False Claims Act (FCA); Reverse False Claims Act
-A provider must report and return an overpayment to the Secretary of HHS, the state, an intermediary, a carrier, or a contractor, as appropriate, by the later of 60 days from the date when the overpayment was identified or the date any correspondence cost report is due
-The provider must notify the party to whom the overpayment was returned, in writing, of the reason of the overpayment
TILA
Truth In Lending Act (TILA)-{also known as the Truth and Lending Act}-is a federal law enacted in 1968
-Protects consumers in their dealings with lender/creditors
+Designed to assure that every customer who needs consumer credit is given meaningful information concerning the costs of such credit
+If the practice assesses a finance charge, the amount of the finance charge must be disclosed as an annual percentage rate (APR)
If the practice refers patients to an outside finance company for large balances, it required that there is more expensive disclosure of the info to the patient. Payment plans that extend past 4 installments require the following to be disclosed: {10}??
-The "cash price" of the service
-The amount of any down payment
-The resulting unpaid balance
-The total amount financed
-The amount of the finance charge
-The annual percentage rate of the finance charge
-The total price to be paid under the credit plan
-The schedule of payments, including number, amount, and due dates of payments
-The sum of such scheduled payments, or total payments
-The amount or method of computing the amount of any late payment charges
If a covered entity under HIPAA {provisions were included for Administrative Simplification that mandated HHS to adopt national standards for electronic healthcare transactions and code sets} conducts any of the above transactions electronically, they must use the adopted standard ______ or ______ for each transaction??
ASC X12 Version 5010 or NCPDP (used for certain pharmacy transactions)
The FCA is violated by submitting a FALSE claim ....??
With knowledge* that it is false; even if there is no intent to defraud.
*"knowing" and "knowingly"-a person has actual knowledge of the information; acts in a deliberate ignorance or reckless disregard of the truth or falsify the information; and/or requires no proof of specific intent to defraud.
What are the 2 ways can clinicians can choose to participate in the Quality Payment Program (QPP) [of 2019] ??
-Merit-based Incentive Program (MIPS)-eligible MIPS clinicians are subject to a performance-based payment adjustment through MIPS
-Advanced Alternative Payment Models (APM's)-eligible clinicians may earn a Medicare incentive payment for sufficiently participating in an innovative payment model
Merit-based Incentive Payment System (MIPS) combines the following existing quality reporting programs, to form a new reporting system {3}:
-PQRS
-Meaningful Use
-Value-Based Payment Modifier
Reporting MIPS Data to CMS includes {4}:
-Medicare Claims
-Qualified Clinical Data Registries (QCDR)
-Other Registries
-EHR or CMS Web-interface
Examples of Alternative Payment Models (APM) {6}:
-Accountable Care Organizations (ACO's)
-Patient Centered Medical Home (PCMH) Models
-Bundled Payment Care Improvement
-Medicare Shared Savings models
-End Stage Renal Disease (ESRD) Prospective Payment System
-Others initiated by the Centers for Medicare and Medicaid Innovation (CMMI)
Limited Data Set
Protected Health Information (PHI) from which certain patient identifiers have been removed
-May be used for: research, healthcare operations, and public health purposes (as log as there is an agreement with promised safeguards in place for the PHI)
A breach notification rule requires ??
HIPAA covered entities are required to provide notification in the event of an unsecured breach of patient health information
Code set established by ______ to represent services not covered by CPT??
CMS; Healthcare Common Procedure Coding System (HCPCS)
Code set maintained by the ______ to describe medical procedures and physician services??
Current Procedural Terminology (CPT); AMA
______ contains the diagnosis codes and is maintained by ??
International Classification of Diseases, 10th Revision, Clinical Modification (ICD-10); the National Centers for Disease Control (CDC)
______ contains procedures, used to report procedures for ?? and is maintained by ??
International Classification of Diseases, 10th Revision, Procedure Classification System (ICD-10 PCS)
Code set that identifies vendor, product, and package size of all drugs and biologicals recognized by the FDA, maintained by ______??
Vendor, product, and package size; HHS
Code set for dental services, maintained by ______??
Current Dental Terminology (CDT); American Dental Association (ADA)
Two-digit codes placed on all healthcare professional claims that denote the setting in which the service was provided and is maintained by ______??
Place of Service Codes; CMS
In addition to the standardization of the codes used to request payment for medical services, a ______ ______ for employers and providers, must be used on all transactions??
Unique identifier
State laws on record retention vary from ______ ______ ______ and the ______ ______ ______??
Type of provider (MD vs hospital) and the age of patient (adult vs minor)
The ______ ______ prohibits a physician from making a referral for certain Designated Health Services (DHS) to an entity in which the physician has an ownership/investment interest or with which he/she has a compensation arrangement??
-Amended by??
-Governed by??
-Penalties for violation??
Stark Law
-Social Security Act
-HHS
-Fines up to $15,000/violation, False Claim liability
The ______ ______ ______ is a federal law that makes it a criminal offense to knowingly or willingly offer, pay, solicit, or receive any remuneration to induce or reward referrals of item or services reimbursable by a federal healthcare program??
What act included the original legislation??
Anti-Kickback Law: any items or services that are received by the physician as payment {such as cash or gifts, free rent, expensive trips, or meals} can be a violation of the law [Fines up to $25,000/violation, False Claim liability, civil liability, subject to OIG to exclude an entity/individual from any and all federal healthcare programs, and/or prison time]
-The Social Security Act of 1972; HIPAA (1996) increased the scope of fraud and abuse sanctions
PPO
Preferred Provider Organization (PPO)-Managed care organization of MD's, hospitals, and other healthcare providers who have agreed with an insurer or a third-party administrator to provide healthcare at reduced rates to the insurers' or administrator's clients
In reviewing practice records, it is found that an office is billing Medicare for drugs that it was obtaining at no charge from drug companies. This is consider as ______??
Fraud
A medical practice has been found to be routinely submitting bills to Medicare as the primary payer when Medicare is the secondary payer. This is consider to be ______??
Abuse
______ ______ ______ is defined as services or supplies that are furnished incident to a physician's professional services when the services or supplies are furnished as an integral, although incidental, part of the physician's personal professional services in the course of diagnosis or treatment of an injury or illness and services are performed in the physician's office or in the patient's home??
Incident to claim
+To qualify for payment under the incident to rules, services must be part of the patient's normal course of treatment, during which a physician personally performed an initial service and remains actively involved in the ongoing course of treatment. [Show Less]