Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014
description
Transcript of Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014
![Page 1: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/1.jpg)
![Page 2: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/2.jpg)
Mississippi DOMFraud, Waste, and Abuse (FWA)
and HIPAA Training
UPDATED 4/1/2014
![Page 3: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/3.jpg)
FRAUD, WASTE & ABUSE (FWA)
![Page 4: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/4.jpg)
FWA Training Purpose• Centers for Medicare & Medicaid Services
(CMS), which is an agency within the US Dept. of Health and Human Services responsible for several health care programs, handed down new rules regarding FWA that must be followed by MTM, First Tier, Downstream & Related Entities– Providers, drivers & office staff Training required by CMS & MTM clients
![Page 5: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/5.jpg)
FWA Training Purpose Cont’d
• We are all responsible for preventing FWA & reporting suspected cases without fear of reprisal
• Training will give you basic information necessary to understand what FWA is & what your obligations are if you suspect it is happening
• By knowing the basics of FWA, we are in compliance with CMS & MTM client requirements & help reduce potential for future FWA
• By looking out for FWA, we protect Federal funding given to Medicaid & Medicare programs for NEMT
![Page 6: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/6.jpg)
FWA Training Topics
• FWA definitions • Why MTM conducts FWA training• Applicable Federal laws • FWA obligations• Examples of Beneficiary FWA– What to do when Beneficiary FWA is
suspected
![Page 7: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/7.jpg)
FWA Training Topics Cont’d
• Examples of First Tier, Downstream & Related Entity FWA– What to do to if First Tier, Downstream or Related Entity FWA is
suspected • Who is responsible for identifying FWA?• Who is responsible for monitoring & auditing FWA at MTM?• Preventing FWA• Reporting FWA• Protection for whistle blowers
![Page 8: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/8.jpg)
FWA: What is Fraud?
• An intentional deception or misrepresentation made by a person with knowledge that deception could result in unauthorized benefit to himself or another person
• Includes any act that constitutes fraud under applicable Federal & State law
![Page 9: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/9.jpg)
FWA: What is Waste?
• Overutilization of services or other practices that result in unnecessary costs
• Generally not caused by criminally negligent actions but rather misuse of resources
![Page 10: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/10.jpg)
FWA: What is Abuse?
• Provider practices that are inconsistent with sound fiscal, business, or medical practices & result in:– Unnecessary cost to Medicaid/Medicare program• Reimbursement for unnecessary services or
services that fail to meet professionally recognized standards for healthcare
Includes covered Beneficiary practices that result in unnecessary costs
![Page 11: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/11.jpg)
FWA Training Importance
• MTM does business with Medicare & Medicaid clients• Clients are required by CMS to conduct FWA training with
First Tier, Downstream & Related Entities (subcontractors) – MTM must do the same with our First Tier, Downstream &
Related Entities (transportation providers, drivers & office staff)– Because MTM clients are regulated by CMS, so is MTM & our
subcontractors• Documentation of annual FWA training must be
maintained & available to CMS/clients when requested
![Page 12: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/12.jpg)
FWA Training Requirements
• Applicable laws & regulations – Federal & State specific
• Obligations to have policies & procedures in place to address FWA
• Types of Beneficiary FWA & possible resolutions • Types of subcontractor FWA & possible
resolutions • Process for reporting suspected FWA • Protections for employees who report FWA
![Page 13: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/13.jpg)
FWA Laws & Regulations
• Suspected violations of:– False Claims Act; 31 U.S.C. §3729 – Stark Law– AntiKickback Statute
• Suspected marketing violations, including inducements• Acts defined in 18 U.S.C. Chapter 47, especially §1001 & §1035• Health Insurance Portability & Accountability Act (HIPAA)• State-specific laws & regulations that address
Medicaid/Medicare FWA
![Page 14: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/14.jpg)
FWA: Your Obligations
• Have policies & procedures in place • Comply with all policies & procedures developed &
amended by MTM relative to FWA• Acknowledge that payments made to you consist of
Federal & State funding– You can/will be held civilly/criminally liable for non-performance,
misrepresentation or FWA of services rendered to MTM & its clients
• Immediately refer all suspected or confirmed FWA to MTM
![Page 15: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/15.jpg)
Examples of Beneficiary FWA
• Changing, forging, or altering:– Prescriptions– Medical records– Referral forms
• Lending insurance card to another person
• Identity theft• Using NEMT for non-medical
services
• Misrepresenting eligibility status
• Resale of medications to others
• Medication stockpiling• Doctor shopping
– refers to the practice of a patient requesting care from multiple physicians, often simultaneously, without making efforts to coordinate care or informing the physicians of the multiple caregivers.
![Page 16: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/16.jpg)
Resolution Options for Beneficiary FWA
• Add a note to Beneficiary’s file advising MTM for future trips
• Add Beneficiary’s name to a list a frequent abusers– Trip requests will be monitored &
managed to prevent future FWA• Report issue to designated
State or County Medicaid office or MTM client
![Page 17: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/17.jpg)
Examples of Provider FWA
• Falsifying credentials• Billing for services not rendered• Inappropriate billing• Double billing, up-coding & unbundling• Collusion among providers– Agreeing on minimum fees they will charge & accept
• Falsifying information submitted through prior authorization or other mechanism to justify coverage
![Page 18: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/18.jpg)
Resolution Options for Provider FWA
• Recover trip cost• Provide education• Make recommendation for an audit of trip records• Establish Corrective Action Plan (CAP)• Disciplinary action • Dismissal from MTM network of providers
![Page 19: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/19.jpg)
Who is Responsible for Identifying FWA?
MTM Employees
Board of Directors
Transportation Providers
Drivers
Office Staff
DOM
![Page 20: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/20.jpg)
Who Monitors FWA at MTM?
• Cases reported to Quality Management department• Compliance Auditor investigates each reported
incident– Notes results of investigation in Beneficiary’s file
• FWA reported against First Tier, Downstream, or Related Entities handled in the same manner
• MTM reports incidents of FWA to clients on monthly basis
![Page 21: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/21.jpg)
Preventing FWA
• Preventing FWA before it happens is critical
• First Tier, Downstream & Related Entities, as it relates to MTM riders, should report incidents of FWA they suspect to MTM’s Quality Management department immediately
Report all cases of
suspected FWA to MTM
immediately
![Page 22: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/22.jpg)
Preventing FWA
• MTM staff are diligent & watch carefully for signs of FWA– Deny a trip if it seems “suspect”– Push trip request up internal chain of command to Team
Lead– Contact client & get their guidance– Employees of MTM also contact Quality Management of
suspected FWA
![Page 23: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/23.jpg)
Reporting FWA
• Contact MTM’s Quality Management department– 1-866-436-0457
• Try to include all pertinent information:
Subject of FWA
Subject ID information
FWA description
Any other important
information
MTM then reports to DOM
![Page 24: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/24.jpg)
FWA Reporting Protections
• Whistleblowers offered protection against retaliation under the False Claims Act– Employees discharged, demoted,
harassed, or otherwise discriminated for reporting FWA or as a consequence of whistleblowing are entitled to relief necessary to make employee whole
![Page 25: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/25.jpg)
FWA Conclusion
• Training has given you:– Knowledge about what FWA is & why it is important to
identify cases of suspected FWA– Tools necessary to feel confident in reporting suspected
FWA without fear of reprisal– Understanding of why MTM requires training– Knowledge that everyone is responsible for reporting FWA– Knowledge that preventing FWA is critical—stop it before it
happens
![Page 26: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/26.jpg)
HEALTH INSURANCE PORTABILITY &
ACCOUNTABILITY ACT (HIPAA)
![Page 27: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/27.jpg)
HIPAA Introduction Training will:• Provide information necessary to
ensure Beneficiary health information is regarded with privacy & security
• Provide information necessary to meet standards for privacy & security set forth by governing agencies
• Focus on daily functions of transportation providers to ensure Beneficiary privacy & security
![Page 28: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/28.jpg)
HIPAA Background Enacted by Congress in 1996 Department of Health & Human
Services (DHHS) implemented final Privacy Rule on April 14, 2003
Compliance date for Security Standards was April 20, 2005
HITECH Act of 2009 widened scope of privacy & security protections available under HIPAA
![Page 29: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/29.jpg)
HIPAA Privacy Rule Ensures nationwide uniform procedural
protection for all health information Imposes restrictions on use & disclosure
of Protected Health Information (PHI) Gives people greater access to medical
records Provides people with more control over
health information
![Page 30: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/30.jpg)
HIPAA Security Rule
Privacy Rule deals with PHI in general; Security Rule deals with electronic PHI (ePHI)
Security Rule for ePHI greatly expanded in 2009 under American Recovery & Reinvestment Act
![Page 31: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/31.jpg)
ARRA 2009
HITECH Act of American Recovery & Reinvestment Act of 2009 (ARRA) imposes new obligations on a covered entity (CE) & business associate (BA)• Breach notification• BA directly responsible for compliance with Security Rule• BA liable for violations of Security Rule & breaches
![Page 32: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/32.jpg)
HIPAA Expectations Use or disclose PHI only for work related purposes Limit use & disclosure to “minimum necessary” to
accomplish intended purpose of use, disclosure, or request Exercise reasonable caution to protect PHI under your
control Understand & follow MTM privacy policies Report privacy problems to supervisor & MTM
immediately
![Page 33: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/33.jpg)
Protected Health Information (PHI)
PHI is individually identifiable health information that is: • Transmitted by electronic media• Maintained in electronic media• Transmitted or maintained in any other form or medium
When MTM Beneficiary, agency, or health provider gives personal information to MTM, that information becomes PHI
![Page 34: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/34.jpg)
Examples of PHI
Any information that might connect health information to an individual
Name or address
SSN or other ID number
Medicaid/ Medicare number
Physician notes
Billing information
![Page 35: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/35.jpg)
Additional Examples of PHI All geographic subdivisions:
• Street address• City• County• Precinct• Zip code, and their equivalent geocodes, if according to the current publicly
available data from the Bureau of the Census the geographic unit formed by combining all zip codes with the same three initial digits contains 20,000 or fewer people. If the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people, DOM may provide the first 3 digits of the zip code.
![Page 36: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/36.jpg)
Additional Examples of PHI (con’t) All elements of dates (except year) for dates directly related to an individual,
including birth date, admission date, discharge date, or date of death. All ages over 89 and all elements of dates (including year) indicative of such
age, except that such ages and elements may be aggregated into a single category of age “90 or older”
Telephone numbers Fax numbers Email addresses Medical record numbers Account numbers
![Page 37: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/37.jpg)
Additional Examples of PHI (con’t) Certificate or license numbers Vehicle identifiers and serial numbers, including license plate numbers. Device identifiers and serial numbers Web Universal Resource Locators (URLs) Internet protocol (IP) address numbers Biometric Identifiers, including finger and voice prints Full fax photographic images and any comparable images. Any other identifying number, characteristic or code, that reasonably
could be used to identify an individual, except as permitted for re-identification
![Page 38: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/38.jpg)
Use or Disclosure of PHI
Privacy Rule covers use & disclosure of PHI Designed to minimize careless or unethical
disclosure PHI can’t be used or disclosed unless it is permitted
or required by the Privacy Rule
![Page 39: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/39.jpg)
Use vs. Disclosure
PHI is used when it is:• Shared• Examined • Applied • Analyzed
PHI is disclosed when it is:• Released/transferred• Accessed in any way by
anyone outside entity holding information
![Page 40: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/40.jpg)
Use or Disclosure of PHI
PHI may be shared when it’s for “TPO”• Treatment: Management of healthcare & related services
that includes coordination among healthcare providers• Payment: Various activities of healthcare providers to
obtain payment or be reimbursed for services• Healthcare Operations: Certain administrative, financial,
legal & quality improvement activities of covered entity necessary to run its business & to support core functions of Treatment & Payment
![Page 41: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/41.jpg)
Use or Disclosure of PHI
Transportation Providers permitted to use or disclose PHI for:• Scheduling trip information• Confirming special needs or
adaptive equipment• Incidental use such as talking
to a facility or medical provider
![Page 42: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/42.jpg)
Minimum Necessary
Use or disclosure of PHI should be limited to minimum amount of health-related information necessary to accomplish intended purpose of use or disclosure
MTM has developed policies & procedures to make sure least amount of PHI is shared
If you have no need to review PHI, then stop!
![Page 43: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/43.jpg)
Maintaining Privacy: Written Keep information in a folder during
business hours & locked drawer after hours
Shred documents containing PHI after use
Keep a minimal amount of information in hard copy format
Do not leave documents unattended at printer or fax machines
![Page 44: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/44.jpg)
Maintaining Privacy: Telephone
Leave minimal information necessary on voice mail or answering machines regarding confirmation of trips, or ask Beneficiary to return call to confirm
![Page 45: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/45.jpg)
Maintaining Privacy: Faxes
Always include a cover sheet that: • States it is a confidential
document• Gives a contact if fax is received
in error• Spells out HIPAA language
Verify fax number before sending
![Page 46: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/46.jpg)
Maintaining Privacy: Email
Emails containing PHI must be sent securely
Follow all directions for secured email
Do not enter any PHI in subject line
![Page 47: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/47.jpg)
Maintaining Privacy: Workstation/Vehicle
Always lock access to computer with a password & use privacy notice
Remove documents containing PHI from copiers & printers immediately
Keep PHI in a folder or upside down during working hours Remove PHI from desk or vehicle & place in locked drawer
at end of work day Do not discuss PHI in public areas
![Page 48: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/48.jpg)
Privacy Practices Designed to Protect PHI
Verify identity & authority of requestor before releasing PHI
Transmit PHI by telephone only when it can not be overheard
When leaving messages, limit information left to Beneficiary’s name, a request to return call & your name/company along with your telephone number
![Page 49: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/49.jpg)
Misuse of PHI
Misuse of PHI can result in civil & criminal sanctions:• Civil Penalties: Up to $25,000/year for inadvertent
violations; $250,000 for willful neglect; $1.5 million for repeated or uncorrected violations
• Criminal Penalties: Up to $250,000 fine & prison sentence up to 10 years for deliberate violations
• Sanctions by DHHS• Other penalties related to not meeting contractual
obligations
![Page 50: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/50.jpg)
Example of Misuse of PHI
A South Dakota medical student took home copies of 125 patients’ psychiatric records to work on a research project• He disposed of material in dumpster of a fast food
restaurant, where they were found by a newspaper reporter
![Page 51: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/51.jpg)
Reporting Misuse of PHI
Report incidents of accidental or intentional disclosure to your supervisor & MTM
No adverse action will be taken against anyone who reports in good faith violations or threatened violations of Privacy Rule, Security Rule or related policies
MTM must report to DHHS all uses or disclosures not permitted by BA provisions of contract or HIPAA
![Page 52: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/52.jpg)
Breach of ePHI
HITECH Act imposes data breach notification requirements for unauthorized uses & disclosures of unsecured (unencrypted) PHI
Breach is unauthorized acquisition, access, use or disclosure of PHI which compromises the security or privacy of information
![Page 53: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/53.jpg)
Example of Breach of ePHI
Theft of 57 hard drives at an insurance company’s training facility, including images from computer screens containing data that was encoded but not encrypted
![Page 54: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/54.jpg)
Breach Notification
Notice to individual of breach of his/her PHI is required under the ARRA HITECH Act
Breaches involving PHI of more than 500 persons in one circumstance must be immediately reported to DHHS by covered entity • Will be posted on DHHS site
BAs must report security breaches to covered entity
![Page 55: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/55.jpg)
Enforcement of Privacy & Security
Office of Civil Rights has enforced Privacy Rule since 2003
CMS has enforced Security Rule since 2005 As of July 27, 2009 DHHS has delegated
enforcement of both rules to Office of Civil Rights
![Page 56: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/56.jpg)
HIPAA Resources CMS • www.cms.hhs.gov/
SecurityStandard/ Office of Civil Rights• www.hhs.gov/ocr/hippa/
US DHHS• www.hhs.gov
Mississippi Division of Medicaid• www.medicaid.ms.gov
![Page 57: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/57.jpg)
HIPAA Glossary
Business Associate: Person or entity that performs certain functions or activities that involve use or disclosure of PHI on behalf of, or provides services to a covered entity
Protected Health Information: Individually identifiable health information
Minimum Necessary Information: Current practice is that PHI should not be used or disclosed when not necessary to satisfy a purpose or carry out a function
![Page 58: Mississippi DOM Fraud , Waste, and Abuse (FWA) and HIPAA Training UPDATED 4 /1/2014](https://reader036.fdocuments.net/reader036/viewer/2022062814/5681687d550346895ddef28c/html5/thumbnails/58.jpg)
Thank you!
Thank you for your participation!