1 / 41

HIPAA AND THE LEGAL MEDICAL RECORD

HIPAA AND THE LEGAL MEDICAL RECORD. Chapter 2. HIPAA AND THE LEGAL MEDICAL RECORD. Learning Objectives Discuss the importance of medical record documentation in the billing and payment process. Define the facts that are included in patients’ protected health information (PHI).

shino
Download Presentation

HIPAA AND THE LEGAL MEDICAL RECORD

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HIPAA AND THE LEGAL MEDICAL RECORD Chapter 2

  2. HIPAA AND THE LEGAL MEDICAL RECORD • Learning Objectives • Discuss the importance of medical record documentation in the billing and payment process. • Define the facts that are included in patients’ protected health information (PHI). • Discuss the purpose of the HIPAA Privacy Rule. Chapter 2

  3. HIPAA AND THE LEGAL MEDICAL RECORD • Learning Objectives • Describe what PHI can be released without patients’ authorization. • Discuss patients’ authorizations to use or disclose PHI. • Describe the purpose of a retention schedule. • Discuss how to guard against potentially fraudulent situations. Chapter 2

  4. Acknowledgment of Receipt of Notice of Privacy Practices Authorization Clearinghouse Compliance plan Documentation Fraud Health Insurance Portability and Accountability Act (HIPAA) HIPAA Privacy Rule Medical records Minimum necessary standard Notice of Privacy Practices Key Terms Chapter 2

  5. Office of Civil Rights (OCR) Protected health information (PHI) Retention schedule Subpoena Subpoena duces tecum Treatment, Payment, and Operations (TPO) Key Terms (cont’d) Chapter 2

  6. Patient Medical Records • Contain all facts, findings,observations of patients’ health history • Provide for continuity of care and communicationamong providers • Provide data for medical research • Are used for medical education • Document course of treatment • Are used to prepare insurance claims • ARE LEGAL DOCUMENTS Chapter 2

  7. Documentation Standards • Documentation– is the systematic, logical, and consistent recording of a patient’s health status, history, examinations, tests results of treatments, and observations in chronological order in a patient medical record. • Records must be clear: • Medical records must be complete & accurate. • If the records are handwritten, the entries should be legible to others, • Entries must be made in “Black Ink” (not pencil), and dated. Chapter 2

  8. Documentation Standards Continue • Entries must be signed & dated: • Digital , transcribed or handwritten entries made by the provider must have a signature/initials and title of the responsible provider and the date of service. Chapter 2

  9. Documentation Standards Continue • Changes must be clearly made: • An incorrect entry is marked with asingle line thru the words to be changed; • the correct information is entered after it, so that the previous copy can be read. • Correctionsare datedand signed by the person making the change. • No part of a record should be otherwise altered,removed, or destroyed. Chapter 2

  10. Documentation Standards Continue • No blank spaces may be left between entries: • Entries are made chronologically, without spaces between them, to prevent out-of order entries. • Each patient should have a single record: • Each patient should have only one medical record (unit record). • A separate file should be in the patient’s Medical Record when a Worker’s Compensation claims are involved. Chapter 2

  11. Documentation Standards Continue • Records should use consistent vocabulary and format: • All entries should reflect standard, accepted medical vocabulary and abbreviations. • All medical records in a practice consistently should be labeled and have logical sections. • Diagnostic information must be easy to locate: • Past & Present diagnoses should be placed so that they are easy to locate by each physician who uses the medical record. Chapter 2

  12. Documentation Standards Continue • Practitioners’ entries must be made promptly: • Entries should be made in a timely mannerand ; • Filed in a consistent chronological order, either ascending or descending. Chapter 2

  13. Documentation Formats • Document Formats – are used to organize patients’ medical records. • Problem-Oriented Medical Record (POMR) • Most common format used in the general medical practices • Contain a general section with data from the initial patient examination and assessment. Chapter 2

  14. Documentation Formats • Problem-Oriented Medical Record (POMR) - Cont • When patient makes subsequent visits, the reasons for those encounters are listed separately in a problem list, each with its own notes about the patient condition. • EXAMPLE: Patient must have a General section followed by sections labeled according to each encounter. • Progress Notes for each Problem are in the SOAP Format beginning with the Problem and then four points: • Subjective & Objective • Assessment & Plan Chapter 2

  15. SOAP Format • Subjective • Objective • Assessment • Plan What the patient reports The Objective information Includes: the physical exam and laboratory reports or test. The physician’s impression/conclusion, or diagnosis of the Subjective & Objective information Treatment and follow-up, advice Chapter 2

  16. Documentation Content • Providers– follows specific guidelines to document encounters. • Initial exam and assessment show the treatment plan for the patient. • Progress Reports • Progress Reports documents the patient’s progress and response to the treatment plan • PAUSE & PRACTICE • Figure 2-1 – Page 24 • Figure 2-2 – Page 25 Chapter 2

  17. Protected Health Information (PHI) & Medical Record • HIPAA’s(Health Insurance Portability and Accountability Act) regulates how electronic patient information is stored and shared. • HIPAA’shas three rules that are important in medical office: • HIPAA Privacy Rule – The Privacy requirements cover patients’ health information. • HIPAA Security Rule – The security requirements state the administrative, technical, and physical safeguards that are required to protect patients’ health information. Chapter 2

  18. Protected Health Information (PHI) & Medical Record • HIPAA’sthree rules Cont: 3. HIPAA Electronic Transaction and Code Sets Standards – These standards require every provider who does business electronically to use the same health care transactions, code sets, and identifiers. Chapter 2

  19. Patients’ ProtectedHealth Information (PHI) • HIPAA’s Privacy Rule – defines PHI as individually identifiable health information that is transmitted by electronic media, such as: • Internet, or; • Stored in office Computer Files Chapter 2

  20. Patients’ ProtectedHealth Information (PHI) • Contains many facts about a person, such as the patient’s: • Name • Birth date • Telephone • Address • Employer • Social Security Number Chapter 2

  21. Patients’ ProtectedHealth Information (PHI) • HIPAA Privacy Rules (Health Insurance Portability & Accountability Act)regulates the use and disclosure of patients’ Protected Health Information • HIPAA Privacy Rule must be followed by: • Health Plans • Health Care Clearinghouses • Health Care Providers, and other businesses Chapter 2

  22. Patients’ ProtectedHealth Information (PHI) • Privacy Practices– also set the thingsthat medical offices must do to properly handle patients’ PHI: • Medical offices must adopt privacy practicesthat are appropriate for its health care services. • The practice must notify patients about their privacy rights and how their information may be used or disclosed. Chapter 2

  23. Patients’ ProtectedHealth Information (PHI) • Privacy Practices Continue • Office employees must be trainedso that they understand the privacy practices. • A staff member must be appointed as the office’s privacy officialand be responsible for seeing that privacy practices are adopted and followed. • Patients’ records containing individually identifiable health information must be maintained and storedso that they are not readily available to those who do not need them. Chapter 2

  24. Patients’ ProtectedHealth Information (PHI) • Notice & Acknowledgement of Receipt of Notice of Privacy Practice • To comply with the “Privacy Rule”,medical offices, providers and Health Plans must give each patient an explanation of privacy practices during the patient’s first encounter. • To satisfy this requirement, medical offices give the patient a copy of their “Notice of Privacy Practices” • The Notice explain how the patients’ PHI may be used and describes their rights. • Patients must review & sign an“Acknowledgment of Receipt of Notice of Privacy Practices”. Chapter 2

  25. Patients’ ProtectedHealth Information (PHI) • Sharing Protected Health Information • The “Privacy Rule” determines the three (3) waysPHI can be released without the patient’s permission: treatment,payment, and operation (TPO) • Treatment • Payment • Operation Providing and coordinating the patient’s medical care. The exchange of information with Health plans. Business functions need to run the office. Chapter 2

  26. Patients’ ProtectedHealth Information (PHI) • Minimum Necessary Standard - The principle that individually identifiable health informationshould be disclosed only to the extent needed to support the purpose of the disclosure. • Avoid using a Fax transmission for confidential information. • Follow medical office standards when sending confidential information via email. Chapter 2

  27. Patients’ ProtectedHealth Information (PHI) • Office of Civil Rights (OCR)/Health & Human Services (HHS) • Investigate written complaints of patient who experience privacy problems with the a provider. • Patient submit complaints within 180 days of occurrence. • The Provider must cooperate with the OCR/HHS’ investigator, by granting access to: • Facility, books, records and: • Systems, including relevant protected health information. Chapter 2

  28. Authorization For us or disclosure of PHI other than for treatment, payment, or operation (TPO), the patient must sign an authorization to release the information. Example • Alcohol and Drug Abuse may not be released without a specific authorization from the patient Chapter 2

  29. Authorization - Continue • Authorization Document must be in plainlanguage and include: • Description of the information to be released • Who can use or disclose the information • Who will receive it • For what purpose • An expiration date • Patient’s signature and date Chapter 2

  30. Exceptions to the Privacy Rule • Release Under Court Order • Subpoena - A court order to testify. • Subpoena(duces tecum) – a court order to testify & to bring specific documents or other items. • Workers Compensation • State Lawmay provide for release of records to employers in workers’ compensation • Statutory Reports • Certain information are required byState Lawto be released toState Health orSocial Services Chapter 2

  31. Exceptions to the Privacy Rule • HIV & AIDS • Every State requires AIDS cases to be reported. • Most states also require reporting of the HIV infection that causes the syndrome. • State Law varies concerning whether only the fact of a case is to be reported, or if the patient’s name must also be reported. • The Medical Office’s guidelines will reflect the State Laws & must be strictly observed to protect patient privacy & comply with regulations. Chapter 2

  32. Exceptions to the Privacy Rule • Research Data • PHImay be made available to researchers approved by the practice. • Example: If research is being conducted on a specific type of Diabetes, the practice may share information from the appropriate records for analysis. • De-Identified Health Information • There is no restrictions on the use or disclosure of “de-identified” health information that does not identify an individual. Chapter 2

  33. Records Retention • Retention Schedule – is a practice policy that governs which information from the patients’ medical record is to be stored. • Retention schedule is based on: • The laws of states and, • Federal regulations, if the office sees Medicare or Medicaid patients. Chapter 2

  34. Records Retention - Continue • The Retention Schedule determines: • What information should be kept, • How long information should be kept, and • In what medium,such as paper, microfilm or computer files. • Retain both patient and practice records Chapter 2

  35. Records Retention - - Continue • Records • Detail patient treatment, insurance records, and legal support for the patient, if needed • Is a legal documentation of treatment • Can be Audited for up to Seven (7) years Chapter 2

  36. Avoiding Fraud • Intentional Misrepresentation • HIPAA defines health care fraud as a crime • Set-up Health Care Fraud and Abuse Control Program to coordinate federal, state and local law enforcement thru investigations, audits, evaluations & inspections. • If Fraud is determined: • Law permits fines up to $10,000 per item or service which fraudulent payment was received. • Criminal penalties – fines & imprisonment if “knowingly” planning to obtain money or property owned by the health care benefit program. • Knowinglyis key word in fraud cases Chapter 2

  37. Avoiding Fraud • Fraudulent Situations include: • Altering Charts • Upgrading or falsifying procedures • Over Billing • Compliance Plans (OIG) • Office of Inspector General – is a Government Agency that investigates and prosecutes fraud against government health care programs, such as Medicare. Chapter 2

  38. Compliance Plans(OIG) • OIG’s Compliance Program for Individual and Small Group Physician Practices to Write, then Communicate to Staff. 1. Conducts audits and monitoring 2. Implements compliance and practice standards 3. Appoints compliance officer 4. Provides staff training 5. Responds appropriately to problems 6. Ensures avenues of communication 7. Enforces standards/publicizes rules Chapter 2

  39. The Medical Insurance Specialist’s Role • Avoid Fraud: • Make sure that all insurance information is true. • Do not add a diagnosis or procedure code unless it is accurate. • If the Medical Insurance Specialist discovers that something has been left out, the Specialist must ask the Physician to update the records before information is entered on the claim form. • Make sure that requested Audit Records are available and signed by the Physician. Chapter 2

  40. Quiz • Individually identifiable health information that is transmitted electronically. _______ PHI • A _________________________ presents a medical office’s principles and procedures regarding PHI. Notice of Privacy Practices • The ____________________ identifies what, where and for how long data is kept. retention schedule • Patient information may be released to a family friend. (T/F) False, unless patient signs release. Chapter 2

  41. Quiz Office of Civil Rights (OCR) • _________________________ is a Government agency that enforces the HIPAA Privacy Act? • _________________________ is Government agency that investigates and prosecutesfraud against government health care programs such as Medicare Office of Inspector General (OIG) Chapter 2

More Related