15. Let’s Look at the Nature of the Alleged HIPAA Violation. . . Employee has an unencrypted laptop with the PHI of 5,000 veterans. Laptop is stolen from employee’s car. Which Rule has been violated. . . HIPAA Privacy Rule or HIPAA Security Rule
16. Answer: The HIPAA Privacy Rule. . . Because there has been an unauthorized “disclosure”, as the PHI of thousands of people has been made available to people outside the CE and its associates.
27. No Mention of Civil Money Penalties. . . .Bearing this in mind, answer the following. . . .
28. Most complaints regarding violations of the HIPAA Privacy Standard have been resolved without. . . Legal Action Civil Money Penalties Audit Reports Upcoding
29. YES, The answer that makes the most sense is. . . B. Civil Money Penalties. Not A. Legal Action b/c, remember, violations of the Privacy Rule are generally CIVIL violations. . . (true but not best answer) Not C. Audit Reports b/c the CE’s have to do some kind of follow-up audit to determine the extent of the violation. Answer D is just plain dumb.
30. Alleged Privacy Rule Violations that abuse a patient’s privacy rights (and do not violate state or federal laws) are CIVIL VIOLATIONS and are investigated by the O.C.R.
31. Another Scenario. . . Employee of a CE gives her ID and Password to a reporter friend, who uses it to look at PHI of a famous individual with the intent to exploit the information for financial gain. What HIPAA Rule has been violated by the giving of the password. . . The Privacy Rule or the Security Rule?
32. YEP, It’s the Security Rule. All HIPAA Non-Privacy Rule violations are investigated by the Center for Medicare/Medicaid Services (CMS). So, this issue will be investigated by CMS. CMS has a great deal of responsibility and authority when it comes to HIPAA. . .
40. Fraud is “an act of deception to take financial advantage of another person.”Fraud is an INTENTIONAL act.
41. ABUSE In federal law, “abuse” means actions that are not sound medical, business, or fiscal practices AND that misuse U.S. Government money, such as Medicare funds.
42.
43. Example: Billing for services that, although provided, were not medically necessary.
44.
45. Civil Money Penalties (CMP) NOTE: CMP’s cannot exceed $25,000 for all violations of an identical type in a single year. (exam.)
46. The GREATEST Criminal Penalty can be imposed when the crime is: Using PHI for profit, gain, or harm; Offenses done under false pretenses; Knowingly obtaining PHI in violation of HIPAA; or None of the Above
48. What Happens when a HIPAA violation becomes a criminal matter? The Agency investigating the alleged violation refers it to the U.S. Department of Justice (DOJ)for criminal investigation and follow-up. Example: The OIG or the OCR may refer criminal matters to the DOJ. (See the nice chart, page 127 of Newby)
49. And MORE About the OIG. . . The Deficit Reduction Act (DRA) of 2005 gave the OIG authority to review and evaluate: 1. State false claim laws, 2. The compliance plans of prescription drug plan sponsors, 3.Reported deaths of patients in restraint or seclusion, and 4. The responses of public health personnel to emergencies created by Hurricanes Katrina and Rita.
50. THE OIG Issues Fraud Alerts to Covered Entities And, in so doing, advises CE’s about compliance problems that the OIG is finding in its investigations.
51. Acts AND Omissions. . . Remember, HIPAA standards apply to both wrongful acts as well as failure to act when an act is called for (omissions). This is provided for in the HIPAA Final Enforcement Rule.
52. Who Can be Charged with a HIPAA Violation? Covered Entities. -Individual Employees do not get charged with HIPAA Violations. . . -Business Associates (BA’s) do not get charged with HIPAA violations. . . -UNLESS. . . .
53. When do CE Employees or BA’s get charged for a HIPAA violation?
54. Answer: When the act in question also violates other laws. . Example: Jack, employee of a CE, provides Jill (his girlfriend) with names, d.o.b.’s, and SS# and together they set up a credit card number selling operation. (violation of Credit Card Fraud Laws)
55. Is Health Care Fraud a REAL Problem in the U.S.? YES. . . The National Health Care Anti-Fraud Association estimates that about 3% of our country’s health care expenses is lost due to fraud. That’s about $60,000,000,000 a year. (or, 60 Billion dollars. ) Wow.
71. Stark Law II Expanded the “entities” list from Stark I and provides for civil money penalties up to $100,000 for each “arrangement or scheme” that a person knows or should know would violate the statute.
72. What if a physician violates the Stark Laws? In addition to CMP’s The government may withhold payments for the illegal referrals and seek to make the violator pay back past payments made under the illegal “arrangements or schemes.” Bottom line: Doctors have to be careful when they invest in other businesses!
73. Stories about Fraud, Kickbacks, and Theft There are some good examples of each on page 130 of your book in the orange “FYI” box. Take a Look!
74. ONE MORE LAW. . . .Sarbanes-Oxley Act of 2002 Bottom Line for Health Care: If a health care corporation operates for profit and publicly traded, then it must attest to the soundness of its financial management. (Gives another opportunity for the whistleblowers as well.)
75. What is the PURPOSE of Sarbanes-Oxley? After a few Fortune 500 companies defrauded investors and the American public by lying about their worth, there was an alleged “public outcry” for the SEC to have the authority to examine records of publicly traded companies for transparency in their valuation techniques. People lost a lot of money because of the past fraudulent conduct.
76.
77. The Focus could be on ANY type of health care billing and finance.