HCCA - CHPC Study Guide - 296 Questions And Answers 2023/2024 Graded A+.

HCCA - CHPC Study Guide - 296 Questions And Answers 2023/2024 Graded A+. What is the purpose of HIPAA? - CORRECT ANSWER - • Protect PHI from unauthorized disclosure/use; • Prevent fraud, waste and abuse (via Administrative Simplification); • Make health insurance portable under ERISA; • Move health care onto a nationally standardized electronic billing platform Ref. More on HIPAA: HIPAA resides in which CFR section? - CORRECT ANSWER - 45 CFR sections 164.102 through 164.534 What are the subparts of HIPAA part 164? - CORRECT ANSWER - HIPAA - 45 CFR 164, subparts: Subpart A - General rules Subpart C - Security Subpart D - Breach notification Subpart E - Privacy How do you determine if an organization is a "Covered Entity"? - CORRECT ANSWER - 1. compare if the organization meets one of the 3 types of CE (provider, health plan, clearinghouse) and 2. determine if the organization electronically transmits one of the 9 defined transactions: • Health claims or equivalent encounter information • Health claims attachments • Enrollment and disenrollment in a health plan • Eligibility for a health plan • Health care payment and remittance advice • Health plan premium payments • First report of injury • Health claim status • Referral certification and authorization HCCA - CHPC Study Guide - 296 Questions And Answers 2023/2024 Graded A+. In addition, business associates of covered entities must follow parts of the HIPAA regulations. This Act established in 1974 was created for government agencies placing restrictions on how the government can share the information maintained in Federal systems of records that might infringe on an individual's privacy rights with other individuals and agencies. - CORRECT ANSWER - The Privacy Act of 1974 Which of the following is not considered a HIPAA Entity Designation: 1. Affiliated covered entity 2. Entity that performs healthcare and non-healthcare component activities including both covered and non-covered functions 3. A group health plan 4. Contract arrangement with FEDEX carrier - CORRECT ANSWER - 4. Contract arrangement with FEDEX carrier What is Gramm-Leach-Bliley Act (GLBA)? - CORRECT ANSWER - Gramm-LeachBliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, includes The Financial Privacy Rule and The Safeguards Rule requires all financial institutions to protect customer's personal financial information. What is an OHCA? - CORRECT ANSWER - OHCA (Organized Health Care Arrangement) it's a clinically integrated care setting where individuals receive health care from more than one provider. These are joint arrangements/activities and have an Integrated Delivery System for easy exchange of PHI data. See 45 CFR 160.103. OHCAs can also utilize a joint NPP. See 45 CFR § 164.520(d). ACE (Affiliated Covered Entity) do not have an Integrated Delivery System because these are legally separate covered entities that are associated in business, or affiliated as a result of some common control or ownership. Both the OHCA and the ACE would allow sharing of PHI across participating entity lines for treatment, payment, operations purposes (TPO). What's an ACE? - CORRECT ANSWER - ACE (Affiliated Covered Entity) Legally separate covered entities that share common control/ownership and designate themselves as a single CE for the purpose of complying with the HIPAA Privacy standards. ACEs do not have an Integrated Delivery System, while OHCA do, and can share a single NPP. See 45 CFR § 164.520(d) ACE example: a health system composed on several affiliated hospitals. Both the OHCA and the ACE would allow sharing of PHI across participating entity lines for treatment, payment, operations purposes (TPO). What's a Hybrid Entity? - CORRECT ANSWER - Entity that conducts both covered functions (or healthcare-functions) and non-covered functions (other biz/non-healthcare functions) to elect to be a "hybrid entity." For instance, a University System that has a research laboratory or academic medical center. The post-secondary functions (non-healthcare components) do NOT need to comply with HIPAA. The research lab/med center functions (healthcare component) needs to comply with HIPAA provisions to protect the use/disclosure of PHI involved. entity's%20health%20care%20component. The transmission of information between two parties to carry out financial or administrative activities related to health care is called: - CORRECT ANSWER - Transaction (healthcare transaction). Few examples of healthcare transactions: healthcare claims; coordination of benefits; health plan premium payments; remittance advice (or ETF, electronic fund transfer); referral certification and authorization What are examples of a BA? - CORRECT ANSWER - BA (Business Associate) - performs functions or activities on behalf of a covered entity that involve access by the business associate to protected health information. Examples: claims processing data analysis billing benefit management quality assurance quality improvement practice management legal actuarial accounting accreditation other administrative services True or False: A hospital is not required to have a business associate contract with the specialist to whom it refers a patient and transmits the patient's medical chart for treatment purposes. - CORRECT ANSWER - TRUE Remember, use and disclosure of PHI for purposes of TPO requires no specific authorization Except for TPO, list two examples where a CE requires an authorization to use/disclose PHI - CORRECT ANSWER - 1. Sales and marketing 2. Psychotherapy notes How do you determine if an entity is subject to HIPAA? - CORRECT ANSWER - By understanding the applicability (healthcare component), entities that transmit health information and fall under the 3 types of CE (health plans, clearinghouses, and providers) HIPAA provide standards for the access, disclosure, transmission, and retention of PHI, and created a national baseline for health information Privacy and Security. At the state level, they can also develop health information statutes but only adding higher or more restrictive standards than the Federal HIPAA rules. This is referred as: a. HIPAA status b. HIPAA assurance c. HIPAA preemption d. HIPAA state law - CORRECT ANSWER - c. HIPAA preemption What is the intent of HIPAA? a. standardize healthcare billing and coding to comply with national accounting principles b. increase payment from providers given the rising cost of healthcare and fraud violations c. allow group health plans collect premiums after individual has left a job/employer d. improve healthcare programs and data flow between providers to data mine for fraudulent behavior - CORRECT ANSWER - d. improve healthcare programs and data flow between providers to data mine for fraudulent behavior.