1-1 Chapter 1 Legal and Ethical Issues Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of 1-2 Learning Objectives 1.1 Identify your responsibilities under HIPAA’s Privacy Rule to protect a patient’s information. 1.2 Elaborate on the purpose of the Health Care Fraud and Abuse Control Program. 1.3 Analyze the use of the National Correct Coding Initiative. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-3 Learning Objectives (cont.) 1.4 Apply the rules of ethical and legal coding. 1.5 Identify the points within industry codes of ethics that will direct your conduct as a professional coder. 1.6 Outline the purpose of a compliance program. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-4 Key Terms • Code for coverage • Covered entities • Disclosure • Ethical behaviors • Fraud • HIPAA’s Privacy Rule Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-5 Key Terms (cont.) • Mutually exclusive codes • Protected health information (PHI) • Supporting documentation • Unbundling • Upcoding • Use • Willful ignorance Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-6 Health Insurance Portability and Accountability Act (HIPAA) • The Privacy Rule – protects an individual’s privacy, specifically a patient’s personal information. – allows patients’ information to be easily accessible to authorized parties (physicians, coders, billers, etc.). – secures patients’ personal information from unauthorized parties (potential employers, co-workers, etc.). Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written Who Is Responsible for Obeying This Law? • Covered entities are divided into three categories – Healthcare providers • Physicians, hospitals, laboratories, pharmacies, etc. – Health plans • Medicaid, Medicare, Blue Cross Blue Shield, Tricare, etc. – Healthcare clearinghouses • National Clearinghouse, NDC Electronic Claims Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-8 Who Is Responsible for Obeying This Law? (cont.) • Covered entities include every member of the workforce regardless of job title: – Full time employees – Part-time employees – Interns/externs – Volunteers – Physicians – Nurses – Assistants Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-9 What This Law Covers • Extension of doctor-patient confidentiality. • Access to personal and confidential information (essential to accurately reporting data). • Protected health information (PHI). • Any individually identifiable health information regardless of form. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-10 The Use and Disclosure of PHI • USE – Information is shared between people who work together in the same office and need to exchange PHI in order to better serve the patient. • DISCLOSURE – PHI is revealed to someone outside the healthcare office or facility in order to better serve the patient. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-11 Getting Written Approval • Documentation must be written in plain language (not legalese) so that the average person can understand what he or she is signing. • Documentation must specify exactly what information will be disclosed or used. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-12 Getting Written Approval (cont.) • Documentation must specifically identify the person or organization that will be disclosing the information. • Documentation must specifically identify the person(s) who will be receiving the information. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-13 Getting Written Approval (cont.) • Documentation must have a definite expiration date. • Documentation must clearly explain that the person signing the release may retract the authorization in writing at any time. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-14 Permitted Uses and Disclosures Circumstances under which healthcare professionals are permitted to use their best professional judgment to use and/or disclose a patient’s PHI (with or without written patient permission) … Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-15 Permitted Uses and Disclosures (cont.) 1. To the individual 2. For treatment, payment, and/or operations (TPO) 3. Opportunity to agree or object 4. Incidental use and disclosure 5. Public interest 6. Limited data sets Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-16 Privacy Notices • Notices of Privacy written in compliance with HIPAA’s Privacy Rule must contain: – A full description of how the covered entity may use and/or disclose a patient’s PHI. – A statement about the covered entity’s responsibility to protect a patient’s privacy. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-17 Privacy Notices (cont.) …as well as… – Complete information about the patient’s rights. – The name of a specific employee of the covered entity must be named as privacy officer. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-18 Violating HIPAA’s Privacy Rule • Civil Penalties – $100 for each single violation. – Maximum of $25,000 for multiple violations. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-19 Violating HIPAA’s Privacy Rule (cont.) • Criminal Penalties – Up to $50,000 and up to 1 year in jail for the unauthorized or inappropriate disclosure of individually identifiable health information. – Up to $100,000 and up to 5 years in prison for the unauthorized or inappropriate disclosure of individually identifiable health information through deception. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-20 Violating HIPAA’s Privacy Rule (cont.) • Criminal Penalties – Up to $250,000 and up to 10 years in prison for the unauthorized or inappropriate disclosure of individually identifiable health information through deception with intent to sell or use for business-related benefit, personal gain, or hateful detriment. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-21 Health Care Fraud • Health Care Fraud and Abuse Control Program – Created by HIPAA. – Investigates attempts of fraud and abuse in the healthcare system (including Medicaid and Medicare). – Acts in association with the Office of the Inspector General (OIG) and coordinates with federal, state, and local law enforcement agencies. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-22 National Correct Coding Initiative/ Federal False Claims Act • National Correct Coding Initiative (NCCI) was created by Centers for Medicare and Medicaid Services (CMS). • Updated annually by CMS. • Documentation is crucial. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-23 National Correct Coding Initiative/ Federal False Claims Act (cont.) • Federal False Claims Act forbids the submission of healthcare claims with the intention of gaining financial consideration by stating details that are not true and accurate. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-24 Rules for Ethical & Legal Coding • Codes on the health claim form must represent the services actually performed and are supported by notes and other documentation in the patient’s health record. – Don’t use a code on a claim form without having supporting documentation in the file. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-25 Rules for Ethical & Legal Coding (cont.) • Coding for coverage (coding services based on what insurance companies will pay for, or “cover,” not for true services rendered) is not permitted. • All codes must reflect services and procedures rendered. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-26 Rules for Ethical & Legal Coding (cont.) • Upcoding, an illegal process, is considered falsifying records. • Resubmitting a claim that has been lost must be identified as a “tracer” or “second submission”. • Unbundling is not permitted. • All services provided during one encounter must be placed on one claim form. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-27 Codes of Ethics • Two premier trade organizations for professional coding specialists have codes of ethics: – American Health Information Management Association Code of Ethics (AHIMA). – American Academy of Professional Coders (AAPC). Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-28 Codes of Ethics (cont.) • AHIMA Code of Ethics – Ensure confidentiality – Honor patients, peers, and selves – Protect PHI – Avoid unethical practices – Promote knowledge – Perform honorably Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-29 Codes of Ethics (cont.) • AHIMA Standards of Ethical Coding – Support accurate coding practices – Follow official guidelines – Code only what is documented – Query physicians for clarification – Advocate proper credentialing – Continue education Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-30 Codes of Ethics (cont.) • AAPC Code of Ethical Standards – Maintain highest standard of conduct – Use only legal and ethical means – Pursue excellence through continuing education – Do not exploit relationships for personal gain Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-31 Compliance Programs • Compliance programs – Create policies and procedures – Establish the structure to adhere to those policies – Set up a monitoring system to ensure compliance – Correct conduct that does not comply Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-32 Compliance Programs (cont.) • The Seven Steps to Due Diligence 1. Establish compliance standards and procedures. 2. Assign overall responsibility to specific high-level individuals. 3. Attempt to avoid delegation of authority to individuals that may result in illegal actions. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-33 Compliance Programs (cont.) • The Seven Steps to Due Diligence 4. Effectively communicate standards and procedures to all staff. 5. Utilize monitoring and auditing system for compliance. 6. Enforce adequate disciplinary sanctions when appropriate. 7. Respond to episodes of non-compliance by modifying program. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written 1-34 Chapter Summary • Know your legal and ethical responsibilities. • Confidentiality, honesty, and accuracy are three watchwords that all health information management professionals should live by. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written