Test Flashcards by Katherine Cardona

Compliance Program primary concern

rules and regulations

How well did you know this?

Not at all

Perfectly

Integrity Program primary concern

values; doing the right thing

How well did you know this?

Not at all

Perfectly

Who needs a compliance program?

Physicians Practices
Medicare + Choice Organizations 
Ambulance Suppliers
Third Party Billing Companies
Pharmaceutical Manufacturers
Hospitals
Laboratories
Teaching Institutions/Research 
DME Distributors
Home Health/Hospice/SNF
Others

How well did you know this?

Not at all

Perfectly

Defense Industry Initiative

Voluntary self-regulatory guidelines developed by defense industries suppliers
GOAL: Eliminate waste and bring prices into line

How well did you know this?

Not at all

Perfectly

Who is responsible for enforcing the rules and regulations under the Medicare and Medicaid laws

HHS OIG in conjunction with the Justice Department

How well did you know this?

Not at all

Perfectly

An effective compliance program:

safeguards the organization’s legal responsibility to abide by applicable laws ad regulations

How well did you know this?

Not at all

Perfectly

Three strikes and you’re out

Balanced Budget Act of 1997

How well did you know this?

Not at all

Perfectly

Qui Tam

whistle blower

How well did you know this?

Not at all

Perfectly

This act provides financial incentives for private citizens to come forward in qui tam suite

False Claims Act (FCA)

How well did you know this?

Not at all

Perfectly

He who brings the action for the king as well as for himself

Qui tam pro domino rege quam pro se ipso in hac parte sequitur

How well did you know this?

Not at all

Perfectly

Qui tam pro domino rege quam pro se ipso in hac parte sequitur

He who brings the action for the king as well as for himself

How well did you know this?

Not at all

Perfectly

Healthcare whistle blowers can be eligible to receive X of government’s total award if DOJ decides to assume the case

15-25%

How well did you know this?

Not at all

Perfectly

Healthcare whistle blowers can be eligible to receive X of government’s total award if DOJ declines the case

25-30%

How well did you know this?

Not at all

Perfectly

Who can impose a CIA (corporate integrity agreement)

The government

How well did you know this?

Not at all

Perfectly

CIA characteristics

negotiated in order to avoid litigation 
admits no fault or liability 
submits to government for corrective action 
3-5 year duration 
extensive reporting requirements

How well did you know this?

Not at all

Perfectly

Fine for organizations are calculated using:

Culpability score

How well did you know this?

Not at all

Perfectly

Possible sanctions include

fines, restitution, forfeiture, and probation

How well did you know this?

Not at all

Perfectly

Factors that might mitigate an organization’s punishment

effective ethics program and self reporting, cooperation or acceptance of responsibility

How well did you know this?

Not at all

Perfectly

Four aggravating factors to a culpability score

if upper level employee has “participated in, condoned, or was willfully ignorant of the offence”
if the violation is a repeat offense
if the government was hindered during its investigation
if awareness of and tolerance of the violation were pervasive

How well did you know this?

Not at all

Perfectly

Four mitigating factors in a culpability score

If the organization had an effective compliance program, even though there was a violation
If the organization reported the violation promptly
If the organization cooperated with the government investigators
If the organization accepted responsibility for the violation

How well did you know this?

Not at all

Perfectly

Seven Elements of an effective compliance program

Written standards of conduct
Designating a chief compliance officer and other appropriate bodies
effective education and training
Audits and evaluation techniques to monitor compliance
Reporting processes and procedures for complaints
Appropriate disciplinary mechanisms
Investigation and remediation of systemic problems

How well did you know this?

Not at all

Perfectly

Ten Obstacles to Effective compliance Implementation

Commitment and buy-in
Lack of funding
Too many roles for compliance professional
Interpreting laws and regulations
Lack of resources and staff
Lack of education and training
Resistance to change
Lack of or poor communication
Fear of retaliation/retribution
No internal enforcement

How well did you know this?

Not at all

Perfectly

which two documents become tools to build compliance program

the standards or code of conduct and the polices and procedures

How well did you know this?

Not at all

Perfectly

When a patient requests access to PHI, the covered entity can:

    a. Take up to 120 days to respond 
    b. Charge for retrieving the record 
    c. Require that the request be in writing 
    d. Request the patient accept a summary of the record

c. Require that the request be in writing

How well did you know this?

Not at all

Perfectly

``` Changes to the Privacy and Security provisions of the HIPAA and its regulations were enacted in which of the following acts? a. GINA b. FERA c. FACTA d. HITECH ```

D. HITECH

Appropriate progressive discipline policies associated with a compliance program should be: a. Defined by role b. Enforced consistently c. Applied to physicians d. Reported to the government

b. Enforced consistently

``` At which level of the Medicare Part A or Part B appeals process is the appeal reconsidered by a qualified independent contractor? A. first level of appeal b. second level of appeal c. third level of appeal d. fourth level of appeal ```

b. second level of appeal

True or False: | An oral request by law enforcement may delay notifications related to a breach for up to 60 days.

False

True or False: | An individual has the right of access all information maintained in that individual's Designated Record Set.

False An individual has the right of access to the PHI maintained within a Designated Record Set (DRS), not all of the information maintained in the DRS.

True or False: | Minimum necessary requirements under HIPAA does not apply to uses or disclosures required by law.

Answer: True | Disclosures required by law are subject to the minimum necessary requirement.

True or False: | A CE must accommodate reasonable requests by an individual to receive communications of PHI by alternative means.

Answer: True | This is directly from the regs...if reasonable, then the CE must accommodate.

True or False: Privacy means the property that data or information is not made available or disclosed to unauthorized persons or processes.

Answer: False | The definition listed is verbatim that which applies to security.

``` OIG urges the _________________ to assist in the implementation of the compliance program and serves as advisers. A. Board B. CEO C. Compliance Committee D. Quality Committee ```

C. Compliance Committee

``` The compliance committee should develop objective and goals on A. monthly basis B. continuous basis C. quarterly basis D. annual basis ```

D. annual basis

``` Who should participate in developing goals and objectives for the compliance program? A. Compliance Committee B. Risk Managers C. The Governing Board D. Physicians ```

A. Compliance Committee

HIPAA Regs: What subpart in Part 164 deals with Privacy

Subpart E: | Hint: Privacy….Privac-E

HIPAA Regs: What subpart in Part 164 deals with Breach Notifications

Subpart D: | “D”arn it! We have a breach!

HIPAA Regs: What subpart in Part 164 deals with Security

Subpart C: | Hint: “C”-curity

What are the 3 components that make up security?

Confidentiality Integrity Availability

What’s wrong with this statement, “We need to identify if this breach is reportable?”

All breaches are reportable.

When is the deadline for reporting breaches to the Secretary

* For breaches affecting 500 or more: 60 days from discovery. * For breaches affecting less than 500: By the 60th day of the year following when the breach was discovered.

Covered Entities and their Business Associates must comply with the all of the Security and Privacy Rules – True or False

False as Business Associates are not required to comply with all of the Privacy Rules.

The designated privacy official and the designated security official under HIPAA must be different individuals.

False as the same official may be designated both roles.

A health care provider has how long to redistribute its Notice of Privacy Practice to established patients after making a material change to the notice.

There is no such requirement for a health care provider as making such a change does not include a requirement to redistribute the Notice of Privacy Practices

Encryption is required under HIPAA – True or False

False. It is an addressable implementation specification.

The difference between an addressable and a required implementation specification

* Required – the specification must be implemented | * Addressable – Either implement the specification or an equivalent alternative measure

What are the four impermissibles

* Access * Acquisition * Use * Disclosure

When does the 60 day “clock” begin for breach notifications?

When the “impermissible” is discovered by the Covered Entity

What is the record retention period for HIPAA related work product?

6 years

A Security Risk Analysis must be done annually for a Covered Entity to comply with the Privacy Rules. – True or False

False as the Risk Analysis is not required annually and the risk analysis is part of the Security Rules.

PHI stands for

Protected Health Information

What is the timeframe requirement to train new employees about HIPAA?

“within a reasonable period of time after the person joins the covered entity's workforce”

A covered entity may use or disclose PHI for TPO…what does TPO stand for

Treatment Payment Operations

What rights of an individual must be contained in the Notice of Privacy Practices

* The right to request restrictions on certain uses and disclosures of protected health information * The right to receive confidential communications of PHI * The right to inspect and copy PHI * The right to amend PHI * The right to receive an accounting of disclosures of PHI * The right of an individual to obtain a paper copy of the notice from the covered entity upon request.

An individual has the right to access all of the PHI within his or her Designated Record Set – True or False

False as the HIPAA rules do identify instances when a covered entity may deny access.

After an investigation, it was discovered that the organization's reputation is a stake. What should a Compliance Professional do next? a. Report the findings to the board b. Contact legal counsel c. Advise the CEO and recommend next steps d. Self-disclose to the OIG

b. Contact legal counsel

What are the effective elements for monitoring and auditing? A. You have an auditing plan and methodology B. Your program has gone beyond process audits, proactive and reactive audits C. You have included an auditing strategy and results reporting D. Corrective Action and verification E. All of the above

E. All of the above

CMS released areas of high-risk fraud, some of those include: A. Sudden changes in billing and billing inappropriate specialties B. Billing of inappropriate diagnoses and increased beneficiary complaints C. Geographical changes in billing and Identity theft (provider and beneficiary) D. A and B E. All of the above

E. All of the above

As a CO, you are tasked with identifying risk. Knowing some document reviews may never apply to your organization, should you review Special Advisory Bulletins? A. True B. False

A. True

The benefits of conducting a Controlled Self-Assessment are: A. Increases the scope and targets audit work B. Increases awareness and targets audit work C. Frees internal audit resources and increases the scope D. Motivates personnel, targets audit work, and increases awareness E. Both C and D

E. Both C and D

You are tasked with creating a risk assessment team. What are the keys to your success? A. Select team members based on skills and experience and knowledge of risk areas and make sure they know why they were selected B. Utilize risk assessment tools C. Develop team ground rules and the risk assessment process D. Both A and B E. Both A and C F. A, B, and C

F. A, B, and C

The Physician Payment Sunshine Act must report ______to a covered recipient which is defined as a ______or teaching_____.

payments, physician, hospital

The PHRMA CODE is an adopted voluntary code and is considered a law. A. True B. False

B. False

The OIG requests that you post on your website whether or not the PHRMA CODE is followed. A. True B. False

A. True

PHS regulations define a significant financial interest as: Income which when aggregated for the investigator, and investigator's spouse or dependent children exceeds $10,000 over twelve months A. True B. False

B. False

STARK indicates no Medicare payments may be made for DHS referred by the physician, and the Entity must refund all money collected for DHS referred by the physician. A. True B. False

A. True

When we anticipate what the government will measure if our compliance program is under review, we should assume the following: A. The FSG is the basis of the assessment B. What determines "effectiveness?" C. Are there specific resources on what it is we need to demonstrate? D.Resource: Corporate Integrity Agreements/Settlement Letters E. All of the above

E. All of the above

Since 1981, ____ has had the authority to levy administrative penalties and assessments against providers as punishment for filing false or improper claims or as a collateral consequence of prior bad acts. ``` A. DHS B. OIG C. HHS D. SSA E. USC ```

C. HHS

E- All of the Above

TRUE or FALSE: As a CO, you are tasked with identifying risk. Knowing some document reviews may never apply to your organization, should you review Special Advisory Bulletins?

True

E- Both C and D

F- A,B, and C

TRUE or FALSE: PHS regulations define a significant financial interest as: Income which when aggregated for the investigator, and investigator's spouse or dependent children exceeds $10,000 over twelve months

False (?)

TRUE or FALSE: STARK indicates no Medicare payments may be made for DHS referred by the physician, and the Entity must refund all money collected for DHS referred by the physician.

True

When we anticipate what the government will measure if our compliance program is under review, we should assume the following: A. The FSG is the basis of the assessment B. What determines "effectiveness?" C. Are there specific resources on what it is we need to demonstrate? D. Resource: Corporate Integrity Agreements/Settlement Letters E. All of the above

E- All of the Above

``` OIG urges the ____________ to assist in the implementation of the compliance program and serves as advisors. A. Board B. CEO C. Compliance Committee D. Quality Committee ```

C. Compliance Committee

``` When a medical record is not consistent with the selected diagnosis code, the coder should contact the A. attending nurse. B. attending physician. C. billing supervisor. D. compliance auditor ```

B- Attending Physician.

Covered entities participating in an Organized Health Care Arrangement are permitted to A. act as a single covered entity. B. utilize a single notice of privacy practices. C. share psychotherapy notes. D. operate as a hybrid entity

B- Utilize a single notice of privacy practices.

``` When creating and implementing a compliance plan, the compliance officer should have A. no approval B. board approval and resolution. C. patient approval. D. legal approval ```

B- Board approval and resolution.

``` Which of the following elements is included in the Anti-Kickback Statute? A. whistleblower provisions B. exclusions C. safe harbors D. compliance guidance ```

C. safe harbors