42 Questions
What is the main objective of Principle III: Obligation to the Profession?
To uphold the integrity and dignity of the profession
According to the OIG, what is the recommended approach to establishing a Compliance Committee?
A committee with varying perspectives
What is a key element of an effective compliance program according to the text?
Proper education and training of employees
What is the recommended annual education and training requirement by the OIG?
1-3 hours per year
What is a topic that should be included in general compliance education?
Ethics
What is an example of a topic for specific/focused training?
Conflict of interest
What should a written annual training plan outline?
Training needs, timing, methods, and duration
What is the role of the Compliance Officer in a Compliance Program?
A focal point, but not the only point in a Compliance Program
What is the last resort in dealing with possible misconduct?
Termination
What is the goal of a Compliance Program?
Detection
Why are cover-ups generally not effective?
They cause more problems than they solve
Who should handle internal investigations?
Skilled investigators
How soon must repayment be made to Medicare?
Within 60 days
What is the time limit for returning overpayments?
6 years
What should be the focus of performance reviews?
Both positive and negative feedback
What is the timeframe for reporting misconduct to the OIG?
Within a reasonable period
What are the essential characteristics of a compliance program's enforcement and discipline?
Fair, equitable, and consistent
What should a written policy statement on disciplinary actions include?
A 5-point outline of disciplinary procedures
What is the consequence of failing to report an offense?
Equal discipline as the actual misconduct
Who is responsible for working with management in imposing discipline?
HR
What is the purpose of the first step in the progressive discipline process?
To secure the employee's understanding of the problem and a commitment to correcting behavior
What is the next step after a written warning in the progressive discipline process?
Escalation to a higher authority
What is the purpose of a written warning?
To emphasize the seriousness of the situation and stress the urgency of modified behavior
What is the consequence of intentional or reckless noncompliance?
Significant sanctions
What is the primary objective of the Administrative Simplification Section of Title II of HIPAA?
To develop standardized transaction standards for content and transmission of data
When were the Privacy Rule and Security Rule issued by DHHS?
2003 and 2005
What is the primary purpose of the Privacy Rule under HIPAA?
To assign rights to individual patients to control their health information
What is a key requirement of the HIPAA Privacy Rule?
Establishment of a Privacy Officer
What is the primary purpose of the HIPAA Security Rule?
To implement safeguards for the protection of health information
What is the relationship between HIPAA and state laws regarding the protection of health information?
HIPAA is a federal regulation and overrides state laws
What is the primary purpose of the HITECH Act?
To promote the adoption of electronic health records
What is the significance of the Omnibus Rule?
It provided additional protections for health information
What is the primary goal of the HIPAA Act in promoting electronic health records?
To reduce the administrative cost of healthcare
What is the result of the expansion of the application of business associate agreements to subcontractors of covered entities?
Subcontractors are required to comply with HIPAA regulations
What is the result of a breach of unsecured information under the HIPAA Act?
Notification is required, and the potential civil monetary penalties for violations of HIPAA are increased
What is the purpose of the Notice of Privacy Practices?
To describe how the covered entity uses and discloses PHI, and provide examples of how health information will be used or disclosed
What is the result of the exemption of the PHI of individuals who have been deceased for more than 50 years?
The PHI of deceased individuals is no longer protected under HIPAA
What is the purpose of the standard transactions under HIPAA?
To reduce the administrative cost of healthcare
What is the result of the prohibition on the sale of PHI without an individual authorization?
Covered entities are prohibited from selling PHI without individual authorization
What is the purpose of the right to access and obtain a copy of PHI?
To allow individuals to access and obtain a copy of their PHI
What is the result of the restriction on information provided to health plans for healthcare for which the individual paid in full out of pocket?
Health plans are restricted from accessing PHI for healthcare paid in full out of pocket
What is the purpose of the privacy regulations under HIPAA?
To place control over health information squarely in the hands of the individual who is the subject of the information
Study Notes
Principle III: Obligation to the Profession
- Compliance professionals should strive to uphold the integrity and dignity of the profession
- Should advance the effectiveness of compliance programs and promote professionalism in health care compliance
- Compliance Officer may be a focal point, but not the only point in a Compliance Program
- OIG urges a Compliance Committee be established to advise and assist the CO
- Committee should include varying perspectives and develop goals and objectives on an annual basis
- Participating in the identification of risk
- Regularly reviewing and assessing compliance P&Ps
- Assisting with the development of the COC and P&Ps
- Determining strategy to promote Compliance
- Developing a system to solicit, evaluate, and respond to complaints and problems
Education and Training
- Education and Training are the first and possibly the most important lines of defense for a Compliance program
- Proper education of all officers, managers, and employees, and continual retraining, is a significant element of an effective compliance program
- General Training Topics:
- Elements of the compliance program
- The Code of Conduct
- The reporting system
- Individual accountability for reporting suspected non-compliance
- Non-retaliation policy
- Who is the Compliance Officer
- Explanation of FWA
- OIG urges a specific number of education hours per year (1-3hrs per yr in corporate integrity agreements)
- General Compliance Education should include:
- Ethics
- Code of Conduct
- Obligation to Report
- Privacy
- Topics for specific/focused training include:
- Actions outside scope of practice
- Government and private payor reimbursement principles
- Third-party relationships
- Identification of a privacy breach
- Stark/anti-kickback
- Submission of a claim for physician services when rendered by a non-physician
- Signatures for a physician without the physician's authorization
- EMTALA
- Conflicts of interest
- Proper documentation of services rendered
- Directions for conducting investigations
- Written annual training plan should outline the training needs, timing, methods, and duration
Enforcement and Discipline
- Discipline will be administered for non-compliance
- Employees have an obligation to report suspected non-compliance
- An outline of disciplinary procedures
- A list of the parties responsible for appropriate action
- A promise that discipline will be fair and consistent
- Failure to report an offense is a serious act of non-compliance and equally deserving of discipline as the actual misconduct
- HR is responsible for working with management in imposing discipline
- Compliance will monitor consistency for fairness and severity
- Intentional or reckless non-compliance = significant sanctions
- Progressive discipline = Multi-step process
- Employee's manager to discuss problem with employee
- Depending on the situation, next step might be to escalate the issues to a higher authority
- A written warning
- Next step could be suspension without pay, or a probationary period
- Final option is termination, if all other options are exhausted
- OIG Recommends a new employs policy:
- Background checks
- Reference checks
- Reviews of the federal health care sanctions list
Responding to Offenses / CAPs
- If there's a reason to believe misconduct, response must be timely and appropriate
- Detected but uncorrected misconduct threatens an organization's credibility
- Cover-ups usually cause more problems than they solve
- The goal of a Compliance Program is detection
- Depending on severity, you may want to meet with your legal counsel
- OIG recommends an investigation anytime a potential violation is identified
- Internal investigations must be handled by skilled investigators and documented according to your policy
- OIG calls for prompt reporting of [misconduct] within a reasonable period
- If a [repayment] is due to Medicare, it must be made within 60 days of identification
Learn about the HIPAA Administrative Simplification section, including standardized transaction standards and privacy rules to protect health information.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free