Legal and

Regulatory Issues

Chapter 5

Privacy and Security Standards

• Privacy

• Confidentiality

• Security – safekeeping of patient information by

• Breach of confidentiality – the unauthorized release of patient information to a third party

Federal Laws

• Medicare Administrative Contractors

• False Claims Act• Federal Anti-Kickback

Law• Utilization Review Act

• McKinney Act • OBRA 1989• PATH• CCI• HIPAA• SCHIP• Medicare Prescription

Drug, Improvement, and Modernization Act

Health Insurance Portability and Accountability Act (HIPAA)

• Improves portability and continuity of health insurance coverage in the group and individual markets

• Combats waste, fraud, and abuse

• Supports use of medical savings accounts

• Long-term care services and coverage

• Unique identifiers for providers, health plans, employers, and individuals

• Standards for electronic health information transactions

• Create privacy standards for health information

Record Retention• Storage of documentation for an established

period of time usually mandated by federal and state law

• Medicare Conditions of Participation mandate the retention of patient records in their original or legally reproduced form (e.g., microfilm) for a period of at least five years.

• HIPAA mandates the retention of health insurance claims and accounting records for a minimum of six years.

Common Forms of Medicare Fraud

• Billing for services that were not performed

• Misrepresenting diagnosis to justify payment

• Kickbacks

• Unbundling codes

Overpayments Include• Payment based on a charge that exceeds the

reasonable charge• Duplicate processing of charges/claims• Payment made to the wrong payee• Payment made for an item or service not covered• Incorrect application of deductible or coinsurance• Payment during a period of nonentitlement• Payment for which another entity is the primary payer• Payment made after the beneficiary’s date of death

Provider Liability for Overpayments

• Providers are responsible for reimbursement of overpayment when

• Provider receives two payments:

• Provider was paid and did not accept assignment.

• Provider furnished erroneous information.

• Submitted a claim for services that were not medically necessary

• Put in a claim for something that is not qualified for Medicare reimbursement

• Items or services furnished by provider who is not qualified for Medicare reimbursement

National Correct Coding Initiative (NCCI)

• Analysis of standards for medical and surgical practices

• Coding conventions included in CPT

• Coding guidelines made by national medical specialty societies

• Local and national coverage determination

• Review of current coding practices

Unbundling CPT Codes

• Unbundling occurs when – one service is divided into its component parts and a

code for each component part is reported as if they were separate services

– A code for the separate surgical approach (e.g., laparotomy) is reported in addition to a code for the surgical procedure

• NCCI edits determine appropriateness of CPT code combinations.

• NCCI edits are designed to detect unbundling.

Administrative Simplification

• Improve efficiency and effectiveness of the health care system by standardizing the interchange of electronic data for specified administrative and financial transactions

• Protect the security and confidentiality of electronic health information

• General penalty for failure to comply• Wrongful disclosure of individually identifiable

health information:

Unique Identifiers

• National Health PlanID

• National Individual Identifier

• National Provider Identifier

• National Standard Employer Identification Number

Steps in Identifying Risk Areas 1. Perform periodic audits to monitor billing

2. Develop written practice standards and procedures

3. Designate a compliance officer

4. Conduct training and education classes

5. Respond by investigating allegations and disclosing to appropriate entities

6. Develop open lines of communication

7. Have disciplinary standards and enforce them