Patient Access Revision Session 1 PDF

Chat with Document Download

Document Details

CongratulatoryBromine2667

Uploaded by CongratulatoryBromine2667

Tags

patient access healthcare insurance verification prior authorization

Related

Summary

This document provides an overview of patient access procedures, including registration, scheduling, and verification of insurance and out-of-pocket expenses. It also discusses dependents coverage criteria and the process for obtaining prior authorizations for medical services.

Full Transcript

# Patient Access ## Patient Access Facilities - Hospitals & Health Systems - Surgery Centers - Ambulatory Centers - Physicians' Offices - Clinics - Long-Term Care - Rehabilitation Centers # Introduction - Patient Access Patient access involves the processes of: - Registering patients - Schedulin...

# Patient Access ## Patient Access Facilities - Hospitals & Health Systems - Surgery Centers - Ambulatory Centers - Physicians' Offices - Clinics - Long-Term Care - Rehabilitation Centers # Introduction - Patient Access Patient access involves the processes of: - Registering patients - Scheduling appointments - Providing support services to patients, providers, and payers throughout the patient's healthcare experience This is considered the core function of the revenue cycle because it sets the foundation for all subsequent steps in the process, such as billing and payment, and helps ensure a smooth and efficient experience for all stakeholders involved. ## Important Verification Done by Patient Access - **Insurance Eligibility Verification** - Patient eligibility can be confirmed through insurance portal, valid health insurance card and by contacting the insurer. - **Out of Pocket Expenses Verification** - Verification of benefits provides information regarding the patient's coverage which include patient coinsurance, copay, and deductible amounts etc. # Insurance Verification - A patient's coverage and benefits under their insurance plan should be verified periodically. - For this, an accurate record of patient information must be maintained because any changes like marriage, birth, and divorce can change coverage and benefits. ## Dependents Coverage Criteria: - Husband or wife - Sons up to the age of 25 - Unmarried daughters - Orphans fostered by foster families ## Determining The Primary Insurance - When a patient is a subscriber plus has secondary insurance through spouse, then patient's insurance is primary. - When a child is covered by insurance plans from both parents, the birthday rule is used to determine the primary and secondary insurance. Under the birthday rule, the health plan of the parent whose birthday comes first in the calendar year is designated as the primary plan. The year of birth is not a factor in this rule. The month and day are the only factors the health plan considers. # Prior Authorization - A prior authorization is a requirement imposed by insurance payers to determine the medical necessity and benefit coverage eligibility before the patient receives a service or undergoes a procedure. - Once the physician examines the patient physically in the room according to their health condition, they advise on medical services like consultation, medical treatment, lab test, radiology, or any procedure. - All these services must be entered in the billing system to start the billing process and further billing steps. Approval department staff sends approval for the patient as per their policy approval limit. - Approvals are taken care by pre-authorization or insurance department in majority of the healthcare facilities. Sometimes front office does the same work in small healthcare facilities. - Preauthorization requests are submitted to the insurance companies by online method through payor portal, which is easy for tracking and submission of relevant documents required to obtain the approval. ## Prior Authorization - Importance - It is important to report prior authorization number on the claim form when billing for preauthorized procedures. - Insurance contracts and policies should be reviewed to determine when prior authorization is required. - The natirer Is not resporitiple for payment for the service if icerprior autnorization was not oblainerl. Under thesp circumstance, ice provider is required to write off the balance. ## Prior Authorization - For Example - Approval is required for all dental medication irrespective of the amount andiunits prescribed by the dentist. - Electived SCS is not an emergent:y however patient is required to stay overnight in tho hospital after the delivery. Hence the correct e.ecounter type for preapproval.should be obtained under Inpatient category. ## Prior Authorization - Validity - Prior authorizalion is valid up to thirty calendar days from date of approval or up to the expiry date of the policy, whichever is sooner. ## Prior Authorization - Emergency Patients - Emergency patients should be treated immediately, and the preapproval request should be submitted to the insurance company within 24hr from the time of admission. - The approval request must be sent within 15 minutesfrom the doctor ordering the service. - The insurance company must reply to the request within 30 minutes fresh the timi of receiving the sequest. - If the insurance company has no response within 60 minutes, the request will be considered approved. ## Prior Authorization - Process | Step | Process | | ----------- | ----------- | | 1 | Patient Registration and Scheduling - Receive patient schedules from the hospital or clinic via FTP, fax or e-mail | | 2 | Patient Enrollment - Enter and/or update demographic information and prior authorizations for patient visits | | 3 | Eligibility and Benefit Verification - Verify patients' insurance coverage on all primary and secondary payers | | 4 | Obtain Authorizations - Obtain authorization for medical treatment from appropriate sources | | 5 | Contacting Patients - Communicate with the patient for additional information necessary to process the application | | 6 | Update the Billing System - Process all information received and update the billing system with eligibility and verification details | # Summary - Patient Access The patient access as a core function of the revenue cycle starts with registration, scheduling, and all its support processes to patients, providers, and payers throughout the patient's healthcare experience. ## General Responsibilities of Patient Access Department - Patient service - Positive identification of the patient - Provide information to the patient/family - Help determine special needs of a patient - Preadmission services (eligibility) - Scheduling of resources and services - Pre-authorization support of insurance department - Distribute and/or obtain signatures on required documents - Verbalize important messages from insurance department and payers - Point of service collections (National Association of Healthcare Access Management - NAHAM) # Test Yourself ## What is the validity period of prior authorization? a. Prior authorization is valid up to thirty calendar days from date of approval b. Prior authorization is valid up to forty calendar days from date of approval or up to the expiry date of the policy, whichever is sooner. c. Prior authorization is valid up to thirty-forty calendar days from date of approval or up to the expiry date of the policy, whichever is sooner. d. Prior authorization is valid up to thirty calendar days from date of approval or up to the expiry date of the policy, whichever is sooner. **Answer - D** ## Which insurance will act as primary insurance when a patient is a subscriber plus has secondary insurance through spouse? a. Patient Insurance is always primary b. Spouse Insurance is always primary c. Both can act as primary, patient can chose d. Both can act as primary based on insurance choice **Answer - A** # Introduction - AR - Accounts receivable (A/R) is the total charges entered that have not been collected from insurance and patient and represents the revenue that still needs to be collected for services already rendered. ## What is the Ideal Net Collection Rate? - 90-100% # AR Performance Indicators The key performance indicators in monitoring account receivables are: 1. **Days in A/R:** This measurement refers to how long it takes a business to collect on charges. The days in A/R number can be an important tool. 2. **Net collection rate:** This measurement identifies how well a practice collects allowable charges and is calculated by dividing the total payments received by the total charges, minus all write-offs and adjustments. 3. **Monitor denials:** Managing all kinds of denials regularly is important to protect cash flow. If denials are not followed up on, the charges may never be paid. Denials can be an important tool in identifying trends with registration, coding, noncovered services, and/or payers. 4. **Bad Debt Ratio:** A bad debt write-off is the writing off non-collectible account balances. 5. **Adjustments to Collections Ratio:** Because adjustments can affect the net collection rate as well as days in A/R, it is important to monitor the adjustments monthly to verify that the money is not being written off unnecessarily. ## Effective management of the A/R is imperative to maintain cash flow for the business. A poor A/R process can result in loss of money for the business and can create financial strains to the owners. # AR Concepts ## Adjustments to Collection Ratio - Total Adjustments for a period - Total collections for a period - Because adjustments can affect the net collection rate as well as days in A/R, it is important to monitor the use of adjustment codes monthly to verify that money is not being written off unnecessarily. - Finally, adjustments should also be monitored by category, such as: - Contractual adjustments - Bad debt write-offs - Small balance write-offs ## A bad debt write-off is writing off non-collectible account balances of both payer or patient's responsibility with the consent of the provider. ## Refund - A refund is a process of returning the "overpaid" money back to the insurance company or the patient. - It's important for a practice or facility to establish a refund policy. ## Pre-Denials - In the case of electronic claims, there is an option to have your claims checked through an electronic clearinghouse. This will ensure that your claim is accurate before it is submitted to the carriers. - Any missing or invalid information, the clearinghouse will promptly return it back to rectify it by identifying the pre-denials. - Thus, it's an entity that processes or facilitates the processing of claims conversions into standard formats for providers and healthcare plans. ## Claim Submission Period - A fresh medical claim should be billed to insurance within 45 days from the date of service rendered. - As per CHI, insurers shall settle the complete, clean and approved claims within 45 days from the date of Claim Submission. - As per CHI, insurance rejected claim should be submitted within 22 days from the date of remittance advice. ## Appeal - If a claim is incorrectly denied by the insurance, an appeal letter is sent to the insurance to reconsider processing the claim. ## A/R Management | Step | Process | | ----------- | ----------- | | Demographic Entry & Superbill Entry/Analysis | N/A | | Submission | N/A | | Followup | N/A | | Payment | N/A | | Reports | N/A | | Patient Bills | N/A | | Denials | N/A | | Modification | N/A | | Re-Submissions | N/A | | E-Reports | N/A | ## AR Concepts - Days Sales Outstanding - Days sales outstanding (DSO) is the average number of days it takes a company to receive payment for a sale. - A high DSO number suggests that a company is experiencing delays in receiving payments, which can result in a cash flow problem. A higher DSO means more outstanding and low processing of Claims. - A low DSO indicates that the company is getting its payments quickly. - A good process must ensure that the outstanding is lower and submission, resubmission, reconciliation are done in a timely manner. - Day sales outstanding (DSO) is one of the effective method of calculating account receivable vs Sales. # Denial Report - A denial management team is a team of specialists working with extensive knowledge of billing and insurance protocols, denials, corrections and appeals, to get the claim paid by health insurance company. ## Monitoring Denials - There are two ways to monitor denials: - Weekly and monthly denial rate report. ## Denial Rate Calculation - **Denial rate = Total number of denials for a period / Total claims Submitted/Processed** - If denials are not analysed and followed up on a timely basis, it may result in non-recovery from insurance. # Summary - AR Benchmarking - Benchmarking is the process of measuring and comparing data to internal or external results for quality improvement. - An effort can be made to improve accounts receivable (A/R) by benchmarking against better performers to decrease days in A/R or improve net collection rates. ## Accounts Receivable Management Process | Step | Process | | ----------- | ----------- | | Track Status | Follow up with the insurance company to track the status of the claims | | Identify Denial Issues | We identify denied claims, to analyze the reasons, follow-up with insurance company to check if additional information is needed and address the issues. | | Refile the claim | Refile the corrected claim to the insurance company and initiate follow up plan. At times, we may need to bill the secondary insurer. | | Resolve the Claim | Track the status of the claim with the insurer and follow-up till the claim is resolved. | # Test Yourself ## What does a high DSO mean? a. more outstanding and low processing of Claims. b. less outstanding and high processing of Claims. c. Increase work done by the team d. Increase in hospital revenue **Answer - A** ## What is the timeline for a clean claim to be settled by the insurance company? a. 22 Days from the date of remittance advice b. 45 Days from the date of claim submission c. 45 Days from the date of service rendered d. 30 Days from the date of claim rejection **Answer - B** ## What is the ideal net collection rate by AR? a. 90-100% b. 95-100% c. 85-95% d. 80-95% **Answer - A** # Fraud and Abuse ## Fraud Definition - An intentional act of deception, misrepresentation, or concealment in order to gain something of value. ## Fraud Examples - Knowingly billing for services at a level of complexity higher than services actually provided or documented in the medical records - Knowingly billing for services not furnished, supplies not provided, or both, including falsifying records to show delivery of such items - Knowingly ordering medically unnecessary items or services for patients ## Abuse Definition - Excessive or improper use of services or actions that are inconsistent with acceptable business or medical practice. - Refers to incidents that, although not fraudulent, may directly or indirectly cause financial loss. ## Abuse Examples - Billing for unnecessary medical services - Charging excessively for services or supplies - Misusing codes on a claim, such as upcoding or unbundling codes. - Upcoding is when a provider assigns an inaccurate billing code to a medical procedure or treatment to increase reimbursement. ## Definitions of Fraud, Waste, and Abuse | Category | Definition | | ----------- | ----------- | | **Fraud** | When someone intentionally deceives or makes misrepresentations to obtain money or property from any health care benefit program.| | **Waste** | Overusing services or other practices that directly or indirectly result in unnecessary costs to any health care benefit program.| | **Abuse** | When health care providers or suppliers perform actions that directly or indirectly result in unnecessary costs to any health care benefit program.| ## Types of Improper Payments | Category | Result In | | ----------- | ----------- | | Mistakes | Incorrect coding that is not wide spread | | Inefficiencies | Ordering excessive diagnostic tests | | Bending the rules | Improper billing practices (like upcoding)| | Intentional Deceptions | Billing for services or supplies that were not provided| # Introduction - HIPAA - The Health Insurance Portability and Accountability Act (HIPAA) is a law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge. - Under the HIPAA Privacy Rule, covered entities and business associates are allowed to disclose PHI without a signed authorization for treatment, payment, or healthcare operations (TPO) reasons. - Covered entities (anyone providing treatment, payment, and operations in healthcare) may not use or disclose protected health information without valid authorization, except as otherwise permitted or required in the Privacy Rule. ## HIPAA Examples - Doctors and/or hospitals (that are covered entities) may share information freely with one another for treatment reasons. - Patients' information may also be released without their authorization to insurance companies to receive payment for services provided. - Healthcare operations can include a variety of business activities including quality assessment, employee review, licensing, etc. ## Please Note: - Any uses or disclosures of PHI for non-TPO are not allowed unless required by state or other law or have been authorized by the patient. # Standard Code Sets - The Administrative Simplification provisions of HIPAA include the Privacy Rule, Security Rule, code sets, electronic transactions, and identifiers. - Under HIPAA, a code set is any set of codes used for encoding data elements, such as tables of terms, medical concepts, medical diagnosis codes, or medical procedure codes. ## CHI Approved Code sets - **International Classification of Disease, Australian Modification (ICD-10-AM, Tenth Edition) for diagnosis codes and SBS (Saudi Billing System) codes for interventions and other investigations, etc.** - **For outpatient oral health, The Australian Schedule of Dental Services and Glossary (ADA) are used.** - **For packaged pharmaceuticals, the Global Trade Identification Number (GTIN) as per the Saudi Food and Drug Authority (SFDA).** - **For medical devices, the Global Medical Device Nomenclature (GMDN) as per SFDA.** - **For inpatient (admitted care and day cases), Diagnosis Related Grouper (DRG), AR-DRG v9 is used.** - **LOINC stands for Logical Observation Identifiers Names and Codes. It is a standard coding system used for identifying medical laboratory tests and their results. LOINC codes have a fixed length field of 3-7 characters within the LOINC database.** # Minimum Necessary Rule - The purpose of the HIPAA Privacy Rule was to introduce restrictions on the allowable uses and disclosures of protected health information (PHI), stipulating when, with whom, and under what circumstances, health information could be shared. ## Principle of Minimum Necessary - A covered entity must make reasonable efforts to use, disclose, and request only the minimum amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request. ## Minimum Necessary Exceptions - Requests by a healthcare provider for treatment purposes - Disclosures to the individual who is the subject of the information - Disclosures made pursuant to an individual's authorization - Uses or disclosures that are required by other law. ## Example - For a relative of the patient it is required by the provider to share only the Minimum necessary information as deemed necessary by the provider. # Cyber Attacks The main source of cyberattacks are: - **Device loss:** Sensitive information is stored on employees' laptops, tablets, smartphones, and USB drives. - **Malware:** Any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. - Four common types of malicious software: trojans, spyware, viruses, and ransomware. - **Hacking:** The act of compromising digital devices and networks through unauthorized access to an account or computer system. - Man in the middle: when a hacker intercepts your communications and steals your content. - Denial of Service: when a hacker floods systems with so much traffic that it brings normal operations to a halt. - Password Attacks: When a hacker uses a dictionary of passwords or brute force to find a working password. - Phishing: When a hacker sends fraudulent communications that appear to come from a trusted source in order to get you to voluntarily give out sensitive personal information or unknowingly install malware. # Firewall - A firewall is a program or hardware device that filters the information coming through the internet. - If an incoming packet of information is flagged by the filters, it is not allowed through. - A firewall, working closely with a router program, examines each network packet to determine whether to forward it toward its destination. - A firewall may also work with a proxy server that makes network requests on behalf of workstation users. ## Firewall Criteria - It may allow or deny users based on several criteria: - IP addresses - Domain names - Protocols - Ports - Specific words and phrases ## Safeguarding e-PHI - To safeguard the e-PHI from cyberattacks, all the covered entity should follow the below: - Use strong password protection. - Install antivirus and antimalware programs. - Don't interact with anything suspicious and contact the IT department immediately. - Never use an untrusted computer or network. # Disaster Recovery Plan - The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare organizations to develop and implement contingency plans. - Contingency planning ensures that in the event of a natural or man-made disaster that disrupts operations, the business can continue to function until regular services can be resumed. - A HIPAA disaster recovery plan is a critical element of contingency planning. - If disaster strikes and access to systems containing patients' protected health information is blocked, the HIPAA disaster recovery plan is implemented. - The disaster recovery plan contains a set of policies and procedures to follow and assigns responsibilities to staff to ensure the fastest possible response and recovery. ## Disaster Recovery Plan - Examples: - Natural or man-made disasters - Cyber attacks - Theft of devices ## Disaster Recovery Plan - Steps | Step | Process | | ----------- | ----------- | | 1 | Risk Assessment & Business Impact Analysis | N/A | | 2 | Creating a Disaster Recovery Team | N/A | | 3 | Define critical application and data | N/A | | 4 | Right Tools & Techniques | N/A | | 5 | Rest and Review your Disaster Recovery plan | N/A | | 6 | Document, implement and regularly update the recovery plan | N/A | # Privacy Rule - The HIPAA security regulation adopts administrative, technical, and physical safeguards required to prevent unauthorized access to Protected Health Information. ## HIPAA Administrative Safeguards | Safeguard | Description | | ----------- | ----------- | | Security Management Process | N/A | | Assigned Security Responsibility | N/A | | Workforce Security | N/A | | Information Access Management | N/A | | Security Awareness and Training | N/A | | Security Incident Procedures | N/A | | Contingency Plan | N/A | | Evaluation | N/A | | Business Associate Contracts | N/A | ## Administrative Safeguards - Implementation - Develop and implement written privacy policies and procedures, - Designate a privacy official, - Train all workforce members on privacy policies and procedures, - Have and apply appropriate disciplinary actions against employees who violate privacy policies and procedures, safeguard PHI, - Maintain all HIPAA documents for a period of 6 years. # Physical Safeguard - Medical Records and PHI should be stored out of sight of unauthorized individuals, and should be locked in a cabinet, room or building when not supervised or in use. ## Physical Access Control - Provide physical access control through the following: - Locked file cabinets, desks, closets, or offices. ## Physical Safeguards - Implementation | Safeguard | Description | | ----------- | ----------- | | Facility Access Control | N/A | | Workstation Use | N/A | | Workstation Security | N/A | | Device and Media Control | N/A | # Technical Safeguards - User authentication control is the ability or the means to read, write, modify, or communicate data/information or otherwise use any system resource. - Healthcare providers are responsible for implementing technical policies and procedures for electronic information systems that maintain ePHI to allow access only to those persons or software programs that have been granted access rights. ## Individual Authentication - A unique individual identifier for each user - Weak passwords not allowable - System generates random password - Change passwords often - Token based or single-use passwords or token card with PIN - Biometric (fingerprint, retinal scan, etc.) - Different security for terminals in different locations - Account canceled when employee leaves - Automatic logoff after specified time ## Technical Safeguards - Implementation | Safeguard | Description | | ----------- | ----------- | | Access control | N/A | | Audit control | N/A | | Integrity | N/A | | Personal or Entity Authentication | N/A | | Transmission security | N/A | ## Technical Safeguards to Address - Encryption - Anti-virus - Access Control - Backup - Audit Logging - Firewall - Automatic Logoff # Security Rule While exchanging health information, confidentiality should be maintained by the following ways: ## Sharing of Information - Do not discuss patient's medical information with unauthorized family members. - Limit sharing of information with other staff, unless for consultations and second opinion. - Do not disclose patient's information without their consent. ## Patient's Manual Records - Hold in secure place under lock and key. - Return to the filing system as soon as possible after use. ## Electronic Records - Log out computer system when work is finished. - Do not leave a terminal unattended while logged in. - Do not share passwords with others. - Change passwords at regular intervals. - Always clear the screen of previous patient's information before seeing another. ## Emails and Fax - Whenever possible, clinical details should be separated from demographic data. - All data transmitted by email should be password-protected. ## Conduct a HIPAA Risk Assessment in 6 Steps | Step | Process | | ----------- | ----------- | | 1 | Define the scope and where PHI is stored and shared. | N/A | | 2 | Identify potential weaknesses and threats facing PHI. | N/A | | 3 | Monitor the effectiveness of security measures and document any gaps. | N/A | | 4 | Determine and assign risk levels to each identified threat. | N/A | | 5 | Prioritize risks based on the likelihood of them occurring and the impact they pose. | N/A | | 6 | Review and update your risk analysis on a regular basis. | N/A | # PHI Disclosure The following are the appropriate reasons for disclosure of patient confidential information which are not considered as breach of confidential information: - If permitted by the patient or substitute decision maker - If required by judiciary - Consultation or second opinion - Public health interest/threats (birth, death, and notifiable diseases) - Individual's threats to prevent crimes # Breach Notification For Breach Notification, a note to individuals must include: - The date of the breach and when it was discovered - A brief description of the incident that led to the breach - Description of the unsecured PHI involved - Suggested steps individuals should take to protect themselves against any problems stemming from the breach # SeHE - Saudi Health Information Exchange (SeHE): The Saudi organization known as SeHE that delivers capabilities to enable the electronic sharing of health-related information and health-related services across the country of Saudi Arabia. - Saudi Central Board for Accreditation of Healthcare Institutions (CBAHI): The official agency authorized to grant accreditation certificates to all governmental and private healthcare facilities currently operating in the KSA. - Accreditation is a self-assessment and external peer review process used by healthcare organizations to accurately assess their level of performance in relation to established standards and to implement ways to continuously improve the healthcare system. - According to the World Health Organization (WHO), accreditation can be the most important approach for improving the quality of healthcare structures. - Accreditation is not an end but rather a means to improve quality. The accreditation movement is gaining prominence due to globalization, especially due to the global expansion of trade in health services. It will eventually become a tool for international categorization and recognition of hospitals. # HIPAA Goals The goal of HIPAA is to improve portability and continuity of health insurance coverage in the group and individual markets by: - Combating waste, fraud, and abuse in health insurance and healthcare delivery. - Promoting the use of medical savings accounts. - Improving access to long-term care services and coverage. - Simplifying the administration of health insurance. ## HIPAA Goals - Implementation | Goal | Implemented By | | ----------- | ----------- | | Access control | N/A | | Audit control | N/A | | Integrity | N/A | | Person or Entity Authentication | N/A | | Transmission Security | N/A | | Facility Access Controls | N/A | | Workstation Use | N/A | | Workstation Security | N/A | | Device and Media Controls | N/A | | Security Mgmt. Process, Sec. Official | N/A | | Workforce Security, Info. Access Mgmt. | N/A | | Security Training, Security Incident Proc. | N/A | | Contingency Plan, Evaluation, BACs | N/A | ## HIPAA Security Standard Hierarchy | Category | Standard | Description | | ----------- | ----------- | ----------- | | Technical | 2 options for Standards: -Compliant -Not Compliant | N/A | | Physical | 3 options for Implementation Specifications: -Compliant -Partially Compliant -Not Compliant | N/A | | Administrative | N/A | Privacy Rule "reasonable" safeguards for all PHI | # Summary - CDS - Confidentiality is the assurance given to the patient that the information (s)he shares with doctors would not be passed on to anyone without their permission, and such information can be shared only after authorization is provided and then only with authorized individuals. - If there are any violations made by fellow employees or outside entities, it needs to be reported immediately to supervisor. - Individuals who do not adhere to HIPAA policies and procedures can be fined regardless of whether or not they knowingly violated the act. ## HIPAA Compliance Checklist | Step | Process | | ----------- | ----------- | | 1 | Determine if the Privacy Rule affects you or not. | N/A | | 2 | Protect the right types of patient data. | N/A | | 3 | Understand HIPAA Security Rule & the types of safeguards. | N/A | | 4 | Understand the causes of HIPAA violations. | N/A | | 5 | Document every activity towards protecting data. | N/A | | 6 | Set up breach notifications if any data is lost. | N/A | | 7 | Implement physical safeguards. | N/A | | 8 | Implement technical safeguards to protect access to ePHI. | N/A | # Test Yourself ## Restricting access to a workplace belongs to what type of safeguard? a. Technical Safeguard b. Physical Safeguard c. Administrative Safeguard d. Employees should not be restricted to workplace as per HIPAA policy **Answer - B** ## Which of the following is not a breach protocol a. The date of the breach and when it was discovered b. A brief description of the incident that led to the breach and Description of the unsecured PHI involved c. Suggested steps individuals should take to protect themselves against any problems stemming from the breach d. Publish the breach incident to all social media portals so that everyone is aware of the same **Answer - D** ## Knowingly billing for services not furnished, supplies not provided, or both, including falsifying records to show delivery of such items is an example of ___? a. Waste b. Abuse c. Fraud d. Misuse of resources **Answer - C** ## Which code set is used for medical devices? a. ADA b. GTIN c. GMDN d. DRG **Answer - C** ## Rationale - International Classification of Disease, Australian Modification (ICD-10-AM, Tenth Edition) for diagnosis codes and SBS (Saudi Billing System) codes for interventions and other investigations, etc. - For outpatient oral health, The Australian Schedule of Dental Services and Glossary (ADA) are used. - For packaged pharmaceuticals, the Global Trade Identification Number (GTIN) as per the Saudi Food and Drug Authority (SFDA). - For medical devices, the Global Medical Device Nomenclature (GMDN) as per SFDA. - For inpatient (admitted care and day cases), Diagnosis Related Grouper (DRG), AR-DRG v9 is used. - LOINC stands for Logical Observation Identifiers Names and Codes. It is a standard coding system used for identifying medical laboratory tests and their results. LOINC codes have a fixed length field of 3-7 characters within the LOINC database. # EHR ## EHR Illustration - A diagram with the EHR in the center is shown: - The EHR is connected to: - Hospitals - Physicians/Clinicians - Insurers - Laboratory data - Radiology Reports - Vital Signs # Health Information Management Health information management is a separate department that stores and organizes the paper or computer based medical records of a patient. ## Illustration - A diagram with the Health Information Management in the center is shown: - The **Health Information Management** is connected to: - **Patient Health Records** - **Medical Coders** - **Security-IT-Facility** - **Education/Training** ## Health Information Management Workflow - The **Health Information Management** workflow includes: - **Collect** - **Share** - **Maintain** - **Use** - **Store** # CBAHI The common objectives of the Saudi Central Board for Accreditation of Healthcare Institutions (CBAHI) for medical documentation standards required for accreditation include: - Ensure the quality of healthcare through the application of quality concepts; - Fosters a culture of patient safety and minimizes the risk of medical error; - Achieves optimum organizational results with available resources; - Increases accountability to patients and identified stakeholders. ## Accreditation Awarded The hospital is awarded accreditation if: - The overall compliance score equals to or more than 85% - All essential safety requirements are in satisfactory compliance, and - There are no other issues of concern related to the safety of patients, visitors, or staff ## Conditional Accreditation The Accreditation Decision Committee may recommend Conditional Accreditation decision when: - The hospital demonstrates tangible compliance with all applicable standards at the time of the onsite survey but still has not met the requirements for accredited status if the overall score is 75% or above and less than 85%, and/or some of the essential safety requirements (but not exceeding 25% of them) are not in satisfactory compliance. ## Please Note - The validity period of accreditation of healthcare institution by CBAHI is for three years. # CBAHI - Medical Records Standards Medical Records is the backbone of the hospital and are considered as one of the important elements in the quality program. ## CBAHI-MR1 Standards - The Health Information Management (Medical Records) department has adequate qualified staff. - MR.1.1 The health information management (Medical Records) department is directed by individual qualified by education (bachelor in health information management) and experience. - MR.1.2 The department director is credentialed in health information management through formal training as per the national/international guidelines. - MR.1.3 The department has adequate staff to carry out its functions. - MR.1.4 Staff working in the department are credentialed in health information management through formal training as per the national/international guidelines. - MR.1.5 Clinical coding staff working in the department are credentialed/certified in clinical coding through formal training as per the national/international guidelines. ## CBAHI-MR9 Standards - CBAHI Medical Record Standards MR.9 There is a process to ensure availability of the medical records in a timely manner. - MR.9.1 The hospital determines in a policy all disciplines who may have access to the medical records. - MR.9.2 Care providers have access to current and past medical records. - MR.9.3 Medical records are readily retrievable for each patient encounter. - MR.9.4 Medical records are available within thirty minutes of being requested. - MR.9.5 Medical records can be retrieved any time of the day. ## CBAHI Stakeholders - As per CBAHI, there are multiple stakeholders involved in reviewing a patient's medical records, right from the patient's arrival till the discharge from the facility: - Administrator including quality department and medical records committee - Clinicians and radiologists (all specialties following the patient) - Laboratory (reporting the lab results) - Pharmacist # Quality Control ## Definition - A system of technical activities that measures the performance of a process, item, or service against a defined set of criteria or standards. ## Example The (2) unique identifiers of patient (MRN & Patient Name) is STRICTLY used when: - Administering medications - Administering blood and blood products - Taking blood samples - Taking other samples for clinical testing - Providing treatment or procedure ## Technical Analysis - A technical function that includes activities such as calibrations and analyses of check samples to assess the bias and precision associated with sample results. ## Technical Analysis Example - Calibrating equipment like lab machines, diagnostic imaging. - Reviewing logs of who is accessing the records in the EMR - Verifying accurate temperatures of refrigerators holding vaccines # Goals - QC The goals of quality care improvement include: - **Safety:** Limiting injuries to patients from the care that is intended to help them - **Effectiveness:** Providing services based on scientific knowledge - **Patient-centeredness:** Providing care that is responsive to individual patient preferences, needs, and values and assuring that patient values guide all clinical decisions - **Timeliness:** Reducing waits and harmful delays - **Equity:** Providing care that does not vary in quality because of personal characteristics (gender, ethnicity, geographic location, or socioeconomic status) - **Efficiency:** Avoiding waste, including waste of equipment, supplies, ideas, and energy ## Benchmarking - Benchmarking is the

Use Quizgecko on...
Browser
Open
Browser
Browser