Post on 11-Jan-2016
description
HIPAA AND THE LEGAL MEDICAL RECORD
Chapter 2
Chapter 2 2
HIPAA AND THE LEGAL MEDICAL RECORD Learning Objectives
Discuss the importance of medical record documentation in the billing and payment process.
Define the facts that are included in patients’ protected health information (PHI).
Discuss the purpose of the HIPAA Privacy Rule.
Chapter 2 3
HIPAA AND THE LEGAL MEDICAL RECORD Learning Objectives
Describe what PHI can be released without patients’ authorization.
Discuss patients’ authorizations to use or disclose PHI.
Describe the purpose of a retention schedule. Discuss how to guard against potentially
fraudulent situations.
Chapter 2 4
Key Terms Acknowledgment of
Receipt of Notice of Privacy Practices
Authorization Clearinghouse Compliance plan Documentation Fraud
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA Privacy Rule Medical records Minimum necessary
standard Notice of Privacy
Practices
Chapter 2 5
Key Terms (cont’d)
Office of Civil Rights (OCR)
Protected health information (PHI)
Retention schedule Subpoena Subpoena duces tecum Treatment, Payment, and
Operations (TPO)
Chapter 2 6
Patient Medical Records Contain all facts, facts, findings,findings, observations observations
of patients’ health historyof patients’ health history Provide for continuity of care and continuity of care and
communicationcommunication among providersamong providers Provide data data for medical research Are used for medical educationmedical education Document course of treatmentcourse of treatment Are used to prepare insurance claimsprepare insurance claims ARE LEGAL DOCUMENTS
Chapter 2 7
Documentation StandardsDocumentation Standards
DocumentationDocumentation – is the systematicsystematic, logicallogical, and consistent recordingrecording of a patient’s health status, history, examinations, tests results of treatments, and observations in chronological order in a patient medical record. Records must be clear:
Medical records must be completecomplete & accurate.accurate. If the records are handwritten, the entries should be
legible to others, Entries must be made in “Black Ink” (not pencil), and
dated.
Chapter 2 8
Documentation Standards Documentation Standards ContinueContinue
Entries must be signed & dated: Digital , transcribed or handwritten entries made
by the provider must have a signature/initials and title of the responsible provider and the date of service.
Chapter 2 9
Documentation Standards Documentation Standards ContinueContinue
Changes must be clearly made: An incorrect entry is marked with a single line single line thru
the words to be changed; the correct informationcorrect information is entered after it, so that the
previous copy can be read. CorrectionsCorrections are dateddated and signedsigned by the person
making the change. No part of a record should be otherwise altered,
removed, or destroyed.
Chapter 2 10
Documentation Standards Documentation Standards ContinueContinue
No blank spaces may be left between entries: Entries are made chronologicallychronologically, without spaces
between them, to prevent out-of order entries.out-of order entries.
Each patient should have a single record: Each patient should have only oneone medical record medical record
(unit record). A separate file should be in the patient’s Medical
Record when a Worker’s Compensation claims are involved.
Chapter 2 11
Documentation Standards Documentation Standards ContinueContinue
Records should use consistent vocabulary and format: All entries should reflect standardstandard, accepted medical medical
vocabularyvocabulary and abbreviations. abbreviations. All medical records in a practice consistently All medical records in a practice consistently should be
labeled labeled and have logical sections.logical sections.
Diagnostic information must be easy to locate: Past Past & & Present Present diagnoses should be placed so that they are diagnoses should be placed so that they are
easy to locateeasy to locate by each physician who uses the medical record.
Chapter 2 12
Documentation Standards Documentation Standards ContinueContinue
Practitioners’ entries must be made promptly: Entries Entries should be made in a timely mannertimely manner and ; FiledFiled in a consistent chronological orderchronological order, either
ascending or descending.
Chapter 2 13
Documentation Formats Document Formats – are used to organize
patients’ medical records. Problem-Oriented Medical Record
(POMR) Most common format used in the general
medical practices Contain a general section with data from the
initial patient examination and assessment.
Chapter 2 14
Documentation Formats Problem-Oriented Medical Record (POMR) - Cont
When patient makes subsequent visits, the reasons for those encounters are listed separately in a problem list, each with its own notes about the patient condition.
EXAMPLE: Patient must have a General section followed by sections labeled according to each encounter.
Progress Notes for each Problem are in the SOAP Format beginning with the Problem and then four points:
Subjective & Objective Assessment & Plan
Chapter 2 15
SOAP Format SSubjective
OObjective
AAssessment
PPlan
What the patient reports
The Objective information Includes: the physical exam
and laboratory reports or test.
The physician’s impression/conclusion, or diagnosis of the
Subjective & Objective information
Treatment and follow-up, advice
Chapter 2 16
Documentation Content
Providers – follows specific guidelines to document encounters.
Initial exam and assessment show the treatment plan for the patient.
Progress Reports
Progress Reports documents the patient’s progress and response to the treatment plan
PAUSE & PRACTICEPAUSE & PRACTICE Figure 2-1Figure 2-1 – Page 24Page 24 Figure 2-2 Figure 2-2 – Page 25Page 25
Chapter 2 17
Protected Health Information Protected Health Information (PHI) & (PHI) & Medical RecordMedical Record
HIPAA’s (Health Insurance Portability and Accountability Act)
regulates how electronic patient information is stored and shared.
HIPAA’s has three rules that are important in medical office:1. HIPAA Privacy Rule – The Privacy requirements
cover patients’ health information.
2. HIPAA Security Rule – The security requirements state the administrative, technical, and physical safeguards that are required to protect patients’ health information.
Chapter 2 18
Protected Health Information Protected Health Information (PHI) & (PHI) & Medical RecordMedical Record
HIPAA’s three rules Cont:
3. HIPAA Electronic Transaction and Code Sets Standards – These standards require every provider who does business electronically to use the same health care transactions, code sets, and identifiers.
Chapter 2 19
Patients’ ProtectedPatients’ ProtectedHealth Information Health Information (PHI)(PHI)
HIPAA’s Privacy Rule – defines PHI PHI as individually identifiable health informationidentifiable health information that is transmitted by electronic media, such as:
Internet, or; Stored in office Computer Files
Chapter 2 20
Patients’ ProtectedPatients’ ProtectedHealth Information Health Information (PHI)(PHI)
Contains many factsfacts about a person, such as the patient’s: Name Birth date Telephone Address Employer Social Security Number
Chapter 2 21
Patients’ ProtectedPatients’ ProtectedHealth Information Health Information (PHI)(PHI)
HIPAA Privacy Rules (Health Insurance Portability & (Health Insurance Portability &
Accountability Act)Accountability Act) regulates the use and disclosure of patients’ Protected Health InformationProtected Health Information HIPAA Privacy RuleHIPAA Privacy Rule must be followed by:
Health Plans Health Care Clearinghouses Health Care Providers, and other businesses
Chapter 2 22
Patients’ ProtectedPatients’ ProtectedHealth Information Health Information (PHI)(PHI)
Privacy Practices – also set the things that medical offices must do to properly handle patients’ PHIPHI:: Medical offices must adopt privacy practicesprivacy practices that are
appropriate for its health care services.
The practicepractice must notify patientsnotify patients about their privacy privacy rightsrights and how their informationhow their information may be used used or disclosed.disclosed.
Chapter 2 23
Patients’ ProtectedPatients’ ProtectedHealth Information Health Information (PHI)(PHI)
Privacy Practices Continue Office employees must be trainedmust be trained so that they understand
the privacy practices.privacy practices.
A staff member must be appointedmust be appointed as the office’s privacy office’s privacy officialofficial and be responsible for seeing that privacy practices are adopted and followed.
Patients’ recordsPatients’ records containing individually identifiable health information must be maintained and storedmust be maintained and stored so that they are not readily available to those who do not need them.
Chapter 2 24
Patients’ ProtectedPatients’ ProtectedHealth Information Health Information (PHI)(PHI)
Notice & Acknowledgement of Receipt of Notice of Notice & Acknowledgement of Receipt of Notice of Privacy PracticePrivacy Practice To comply with the “Privacy Rule”, medical offices,
providers and Health Plans must give each patient an explanation of privacy practices during the patient’s first encounter.
To satisfy this requirement, medical offices give the patient a copy of their “Notice of Privacy Practices”“Notice of Privacy Practices”
The Notice explain how the patients’ PHIPHI may be used and describes their rights.
Patients must review & sign an “Acknowledgment of “Acknowledgment of Receipt of Notice of Privacy Practices”.Receipt of Notice of Privacy Practices”.
Chapter 2 25
Patients’ ProtectedPatients’ ProtectedHealth Information Health Information (PHI)(PHI)
Sharing Protected Health InformationSharing Protected Health Information The “Privacy Rule” determines the three (3) waysthree (3) ways PHIPHI can
be released without the patient’s permission: treatment,treatment, payment,payment, and operation operation (TPO)
TTreatment PPayment OOperation
Providing and coordinating the patient’s Providing and coordinating the patient’s medical care.medical care.The exchange of information with The exchange of information with Health plans.Health plans.
Business functions need to run the office.Business functions need to run the office.
Chapter 2 26
Patients’ ProtectedPatients’ ProtectedHealth Information Health Information (PHI)(PHI)
Minimum Necessary Standard - The principle that individually identifiable health informationindividually identifiable health information should be disclosed only to the extent needed only to the extent needed to support the purpose of the to support the purpose of the disclosure.disclosure.
Avoid using a Avoid using a FaxFax transmission for confidential transmission for confidential information.information.
Follow Follow medical office standardsmedical office standards when sending when sending confidential information via email.confidential information via email.
Chapter 2 27
Patients’ ProtectedPatients’ ProtectedHealth Information Health Information (PHI)(PHI)
Office of Civil Rights (OCR)/Health & Human Services (HHS) Investigate written Investigate written complaintscomplaints of patient who experience of patient who experience
privacy problems with the a provider.privacy problems with the a provider. Patient submit complaints within Patient submit complaints within 180 days180 days of occurrence. of occurrence. The Provider must cooperate with the OCR/HHS’ The Provider must cooperate with the OCR/HHS’
investigator, by granting access to: investigator, by granting access to: Facility, books, records and:Facility, books, records and: Systems, including relevant protected health information.Systems, including relevant protected health information.
Chapter 2 28
AuthorizationFor us or disclosure of PHI other than for treatment,
payment, or operation (TPO), the patient must sign
an authorization to release the information.
Example Alcohol and Drug Abuse may not be released
without a specific authorization from the patient
Chapter 2 29
Authorization - Continue
Authorization Document must be in plainlanguage and include:
Description of the information to be released Who can use or disclose the information Who will receive it For what purpose An expiration date Patient’s signature and date
Chapter 2 30
Exceptions to the Privacy RuleExceptions to the Privacy Rule
Release Under Court Order Subpoena - A court order to testify. Subpoena (duces tecum) – a court order to testify & to bring
specific documents or other items.
Workers Compensation State LawState Law may provide for release of records to employers in
workers’ compensation
Statutory Reports Certain information are required by State LawState Law to be released
to State Health State Health oror Social ServicesSocial Services
Chapter 2 31
Exceptions to the Privacy Rule
HIV & AIDS Every State requires AIDSAIDS cases to be reported. Most states also require reporting of the HIV reporting of the HIV
infection that causes the syndrome.infection that causes the syndrome. State LawState Law varies concerning whether only the fact
of a case is to be reported, or if the patient’s name must also be reported.
The Medical Office’s guidelinesMedical Office’s guidelines will reflect the State LawsState Laws & must be strictly observed to protect patient privacy & comply with regulations.
Chapter 2 32
Exceptions to the Privacy Rule
Research Data PHIPHI may be made available to researchers approved by the
practice.
Example:Example: If research is being conducted on a specific type of Diabetes,Diabetes, the practice may share information from the appropriate records for analysis.
De-Identified Health Information There is no restrictions on the use or disclosure of “de-identified”
health information that does not identify an individual.
Chapter 2 33
Retention Schedule – is a practice policypractice policy that governs which information from the patients’ medical record is to be stored.
Retention schedule is based on: The laws of states and, Federal regulations, if the office sees
Medicare or Medicaid patients.
Records Retention
Chapter 2 34
The Retention Schedule determines: What information should be kept, How long information should be kept, and In what medium,what medium, such as paper, microfilm or
computer files. Retain both patientpatient and practicepractice records
Records Retention - ContinueContinue
Chapter 2 35
Records Detail patient treatmentpatient treatment, insurance insurance
recordsrecords, and legal supportlegal support for the patient, if needed
Is a legal documentation of treatment Can be Audited for up to Seven (7) years
Records Retention - - ContinueContinue
Chapter 2 36
Intentional Misrepresentation HIPAA defines health care fraud as a crime
Set-up Health Care FraudHealth Care Fraud and Abuse ControlAbuse Control Program to coordinate federal, state and local law enforcement thru investigations, audits, evaluations & inspections.
If Fraud is determined: Law permits fines up to $10,000 per item or service which fraudulent
payment was received. Criminal penalties – fines & imprisonment if “knowingly” planning to
obtain money or property owned by the health care benefit program.
KnowinglyKnowingly is key word in fraud cases
Avoiding Fraud
Chapter 2 37
Fraudulent Situations include: Altering Charts Upgrading or falsifying procedures Over Billing
Compliance Plans (OIG)(OIG) Office of Inspector General – is a Government Agency that
investigates investigates and prosecutes prosecutes fraud against government health care programs, such as MedicareMedicare.
Avoiding Fraud
Chapter 2 38
OIG’s Compliance ProgramCompliance Program for Individual and Small Group Physician Practices to Write,Write, then Communicate to Staff.
1. Conducts audits and monitoring 2. Implements compliance and practice standards3. Appoints compliance officer4. Provides staff training5. Responds appropriately to problems6. Ensures avenues of communication7. Enforces standards/publicizes rules
Compliance Plans(OIG)(OIG)
Chapter 2 39
Avoid Fraud: Make sure that all insurance informationinsurance information is true true. Do not add add a diagnosis diagnosis or procedureprocedure code unless it is
accurate. If the Medical Insurance SpecialistMedical Insurance Specialist discovers that
something has been left outleft out, the Specialist must ask the ask the Physician to update the recordsPhysician to update the records before information is entered on the claim form.
Make sure that requested Audit RecordsAudit Records are available and signed by the Physician.
The Medical Insurance Specialist’s Role
Chapter 2 40
A _________________________ presents a medical office’s principles and procedures regarding PHI.
PHI
Individually identifiable health information that is transmitted electronically. _______
Quiz
Notice of Privacy Practices
retention schedule The ____________________ identifies what, where and for how long data is kept.
Patient information may be released to a family friend. (T/F) False, unless patient signs release.
Chapter 2 41
_________________________ is a Government agency that enforces the HIPAA Privacy Act?
QuizOffice of Civil Rights
(OCR)
_________________________ is Government agency that investigates and prosecutes fraud against government health care programs such as Medicare
Office of Inspector General (OIG)