accountable care organization (ACO): Groups of doctors, hospitals, and other healthcare providers that voluntarily come together to provide coordinated high-quality care to their Medicare patients.
additional documentation request (ADR): If a claim is selected for review or needs additional documentation, an ADR letter is sent to the provider requesting that documentation and/or medical records be submitted. The response must be submitted within a specific time frame to the requesting Medicare contractor identified on the letter for review and payment determination.
adjusted average per capita cost (AAPCC): Centers for Medicare & Medicaid Services’ best estimate for the amount of money it costs to care for Medicare recipients in a year under fee-for-service Medicare in a given area.
adjusted community rating: Under the Affordable Care Act (ACA), insurers can’t raise premiums based on health status, medical claims, gender, or most of the other factors that they had previously used to determine rates prior to ACA implementation.
advance beneficiary notice of noncoverage (ABN): The ABN (Form CMS-R-131) is issued by providers (including independent laboratories, home health agencies, and hospices), physicians, practitioners, and suppliers to Original Medicare (fee-for-service) beneficiaries when Medicare payment is expected to be denied. In certain situations, the ABN transfers potential financial liability to the Medicare beneficiary.
advisory opinion (of the OIG): A legal opinion issued by the Office of Inspector General (OIG) to one or more requesting parties about the application of the OIG’s fraud and abuse authorities to the party’s existing or proposed business arrangement. An OIG advisory opinion is legally binding on the Department of Health & Human Services and the requesting party or parties. It is not binding on any other government department or agency.
affiliated covered entity (ACE): Under the Health Insurance Portability and Accountability Act, legally separate covered entities under common ownership or control have an option to be treated as a single legal entity by choosing to designate as ACE. This enables the entities to share information in a way that would otherwise be impermissible (use vs. disclosure).
Agency for Healthcare Research and Quality: Agency within the Department of Health & Human Services (HHS) whose mission is to produce evidence to make healthcare safer, higher quality, more accessible, equitable, and affordable and to work with HHS and other partners to make sure that the evidence is understood and used.
Anti-Kickback Statute (AKS): Federal criminal statute that prohibits the exchange (or offer to exchange) of anything of value in an effort to induce (or reward) the referral of federal healthcare program business.
attestation: The affirmation by signature, usually on a printed form, that the action outlined has been accomplished by the individual signing (e.g., the individual has read the code of conduct and agreed to adhere to its principles).
attorney–client privilege: A legally accepted policy that communication between a client and attorney is confidential in the course of the professional relationship and that such communication cannot be disclosed without the consent of the client. Its purpose is to encourage full and frank communication between attorneys and their clients.
audit, baseline: A systematic inspection of records, policies, and procedures with the goal to establish a set of benchmarks for comparison for future inspections.
audit, concurrent: An inspection of records, policies, and procedures at a given point in time in which identified potential problems are audited as they arise (e.g., documentation reviewed and codes substantiated prior to dropping a bill).
audit, retrospective: An audit of historical events (e.g., paid claims audits, executed contracts, etc.). How far back it goes can be determined by specific milestones or a legal statute (e.g., new or revised laws, new departments, new system, etc.).
Balanced Budget Act of 1997: Legislation containing major reform of the Medicare and Medicaid programs, especially in the areas of home health and patient transfers. It also mandated permanent exclusion from participation in federally funded healthcare programs of those convicted of three healthcare-related crimes.
bankruptcy: Legal status of person or entity that cannot repay the debts it owes to creditors.
benchmarking: The measurement of performance against best-practice standards.
best practices: Generally recognized superior performance by organizations in operational and/or financial processes.
business associate: A business associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) on behalf of, or provides services to, a covered entity. A member of the covered entity’s workforce is not a business associate. A covered healthcare provider, health plan, or healthcare clearinghouse can be a business associate of another covered entity. The Privacy Rule lists some of the functions or activities, as well as the particular services, that make a person or entity a business associate if the activity or service involves the use or disclosure of PHI. The types of functions or activities that may make a person or entity a business associate include payment or healthcare operations activities, as well as other functions or activities regulated by the Administrative Simplification Rules. Business associate functions and activities include claims processing or administration; data analysis, processing, or administration; utilization review; quality assurance; billing; benefit management; practice management; and repricing. Business associate services are legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, and financial. See the definition of “business associate” at 45 C.F.R. § 160.103 .
business associate agreement (BAA): The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule requires that, before protected health information (PHI) can be shared between a covered entity and a business associate, the business associate must sign a written agreement that gives satisfactory assurances that it will not use or disclose PHI in a manner that contradicts the Privacy Rule requirements. HIPAA also requires a business associate agreement to define the function of the business associate and the limitations on their uses and disclosures of PHI. The business associate agreement must also define what will happen to the PHI held by the business associate upon termination of the agreement.
Caremark International derivative litigation: The 1996 U.S. civil settlement of Caremark International Inc. in which an imposed corporate integrity agreement precluded Caremark from providing healthcare in certain forms for a period of five years. Also suggests that the failure of a corporate director to attempt in good faith to institute a compliance and ethics program in certain situations may be a breach of a director’s fiduciary obligation.
Centers for Medicare & Medicaid Services (CMS): Previously known as the Health Care Financing Administration, the agency that administers the Medicare, Medicaid, and state Children’s Health Insurance programs within the Department of Health & Human Services.
Certified Professional Coder (CPC): A coder who has satisfied certification requirements as established by the American Academy of Professional Coders.
Civil Monetary Penalties Law (CMPL): Regulations that apply to any claim for an item or service that was not provided as claimed or that was knowingly submitted as false and that provide guidelines for the levying of fines for such offences.
Civilian Health and Medical Program of the Uniformed Services: A federal program providing healthcare coverage to families of military personnel and others.
Clinical Laboratory Improvement amendments: Federal regulations that include federal standards applicable to all US facilities or sites that test human specimens for health assessment or to diagnose, prevent, or treat disease.
Committee of Sponsoring Organizations of the Treadway Commission (COSO): A joint initiative of five private-sector organizations that are dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control, and fraud deterrence.
compliance: Adherence to the laws and regulations passed by official regulating bodies as well as general principles of ethical conduct. In the United States, such regulating bodies include the U.S. Congress, federal executive departments and federal agencies and commissions, and corresponding state-level entities.
conflict of interest: A conflict of interest occurs when an individual’s private interest interferes in any way―or even appears to interfere―with the interests of the corporation as a whole. A conflict situation can arise when an employee, officer, or director takes action or has interests that may make it difficult to perform their company work objectively and effectively.
Consolidated Omnibus Budget Reconciliation Act (COBRA): Continuation health coverage legislation that gives employees and families who lose health benefits the right to choose to continue group health benefits provided by their group health plan for limited periods of time under certain circumstances.
Consumer Assessment of Healthcare Providers & Systems: An initiative by the federal government for Medicare & Medicaid the aim of which is to develop a set of satisfaction surveys built off of a core of standardized items and supplemented by additional targeted elements to make the surveys both adaptable to different subpopulation and suitable for making some cross-group comparisons.
corporate integrity agreement (CIA): A negotiated settlement between an organization and the government in which the provider accepts no liability but must agree to implement a strict plan of government-supervised corrective action.
covered entities: Health plans, healthcare clearinghouses, and healthcare providers that electronically transmit health information connected with transactions (generally regarding billing and payment for services or insurance coverage) that are guided by the U.S. Department of Health & Human Services standards.
culpability score: Part of the U.S. Sentencing Commission guidelines for the sentencing of organizations, a system that adds points for aggravating factors and subtracts points for mitigating factors in the determination of fines imposed for fraud or abuse.
Current Procedural Terminology (CPT®): A publication of the American Medical Association that lists and assigns codes to procedures and services performed by physicians.
de-identified information: Health information from a patient’s health record that has been stripped of information that could be used to identify the patient, such as Social Security number, name, and email addresses, among other items, as defined in the Health Insurance Portability and Accountability Act.
Department of Health & Human Services (HHS): The department of the executive branch of the US government with healthcare accountabilities, including responsibility for the Public Health Service, the Centers for Medicare & Medicaid Services, and the Social Security Administration.
Department of Justice (DOJ): The Department of Justice works to enforce federal law, to seek just punishment for the guilty, and to ensure the fair and impartial administration of justice. It accomplishes this with various agencies under its umbrella.
Department of Labor (DOL): This federal agency administers and enforces laws and regulations that govern workplace activities, including wages and overtime pay (through the Wage and Hour Division), workers’ compensation, workplace safety and health (through the Occupational Safety and Health Administration), employee benefits, certain nonimmigrant visa programs, etc.
designated health services: Under Stark Law, the services covered are:
(i) Clinical laboratory services. (ii) Physical therapy, occupational therapy, and outpatient speech-language pathology services. (iii) Radiology and certain other imaging services. (iv) Radiation therapy services and supplies. (v) Durable medical equipment and supplies. (vi) Parenteral and enteral nutrients, equipment, and supplies. (vii) Prosthetics, orthotics, and prosthetic devices and supplies. (viii) Home health services. (ix) Outpatient prescription drugs
(x) Inpatient and outpatient hospital services.
(2) Except as otherwise noted in this subpart, the term “designated health services” or DHS means only DHS payable, in whole or in part, by Medicare. DHS do not include services that are paid by Medicare as part of a composite rate (for example, SNF Part A payments or ASC services identified at § 416.164(a)), except to the extent that services listed in paragraphs (1)(i) through (1)(x) of this definition are themselves payable under a composite rate (for example, all services provided as home health services or inpatient and outpatient hospital services are DHS).
Designated record set:
1. A group of records maintained by or for a covered entity that is:
i. The medical records and billing records about individuals maintained by or for a covered health care provider;
ii. The enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or
iii. Used, in whole or in part, by or for the covered entity to make decisions about individuals
2. For purposes of this paragraph, the term record means any item, collection, or grouping of information that includes protected health information and is maintained, collected, used, or disseminated by or for a covered entity.
diagnosis-related groups (DRG): Classifications of diagnoses determined by the average cost of treating a particular condition, regardless of the number of services rendered or the length of patient stay. Medicare reimbursement is assigned by DRG.
disclosure: The release, transfer, provision of, access to, or divulging in any other manner of information outside the entity holding the information.
Drug Supply Chain Security Act: Outlines critical steps to build an electronic, interoperable system to identify and trace certain prescription drugs as they are distributed in the United States, identify illegitimate drugs, and facilitate recalls.
durable medical equipment (DME): Owned or rented medical equipment that is placed in the home of an insured person to facilitate treatment and/or rehabilitation. DME generally consists of items that can withstand repeated use. DME is primarily and customarily used to service a medical purpose and is usually not useful to a person in absence of illness or injury.
durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS): An industry that sells or rents certain medical equipment that is closely controlled by the Centers for Medicare & Medicaid Services.
electronic health record (EHR): A digital version of a patient’s health record.
electronic protected health information (ePHI): Health Insurance Portability and Accountability Act covered entities are required to protect ePHI from data breach or loss and improper use or disclosure. See also: protected health information (PHI).
Emergency Medical Treatment and Labor Act (EMTALA): Federal law ensuring public access to emergency services regardless of ability to pay. Medicare-participating hospitals that offer emergency services must provide a medical screening examination (MSE) when a request is made for examination or treatment for an emergency medical condition (EMC), including active labor, regardless of an individual’s ability to pay. Hospitals must provide stabilizing treatment for patients with EMCs.
Employee Retirement Income Security Act (ERISA): Established in 1974, ERISA set up plan design, funding, and administration requirements for employee pension plans to protect the rights of plan participants and beneficiaries, preempting certain state laws relating to employee benefit plans, including medical plans self-insured by employers.
enterprise risk management (ERM): A risk-based approach to managing an enterprise; a framework to identify, assess, mitigate, and communicate risk in an integrated approach to help influence decision-making and strategic development.
Equal Employment Opportunity Commission (EEOC): US agency created in 1964 to end discrimination based on race, religion, sex, or national origin in employment. The commission reviews and investigates charges of discrimination and, if found to be true, attempts remedy through conciliation or legal means.
False Claims Act (FCA): Originally adopted by the U.S. Congress in 1863 during the Civil War to discourage suppliers from overcharging the federal government, legislation that prohibits anyone from knowingly submitting or causing to be submitted a false or fraudulent claim.
Family Educational Rights and Privacy Act (FERPA): The federal act that provides for the protection of student educational records for both K-12 students and secondary education students.
Federal Drug Administration (FDA): A federal agency of the Department of Health & Human Services that is responsible for protecting the public health by ensuring the safety, efficacy, and security of human and veterinary drugs, biological products, and medical devices; ensuring the safety of our nation’s food supply, cosmetics, and products that emit radiation; and regulating the manufacturing, marketing, and distribution of tobacco products to protect the public health and to reduce tobacco use by minors.
Federal Sentencing Guidelines for Organizations (FSGO): Enacted November 1, 1991, by the U.S. Sentencing Commission. Organizations with compliance and ethics programs meeting defined standards earn credit toward reduced penalties if employees engage in wrongdoing.
financial assistance policy: A requirement for 501(c)(3) hospitals to maintain tax-exempt status by establishing a written financial assistance policy governing billing and collection of certain eligible individuals.
fiscal intermediary/fiduciary intermediary: A person or organization that, under agreement with the Department of Health & Human Services under part A of Medicare, processes claims, provides services, and issues payments on behalf of private, federal, and state health benefit programs or other insurance organizations.
Fraud Enforcement and Recovery Act (FERA): A federal law enacted in 2009 that expands the reach of the False Claims Act that prohibits defrauding the government, including Medicare and Medicaid payments.
General Services Administration (GSA): The federal agency that manages the federal government’s property and records, including the construction and operation of buildings and procurement and distribution of supplies, among other functions.
good clinical practice (GCP): Food and Drug Administration regulations governing the conduct of clinical trials describe GCPs for studies with both human and nonhuman animal subjects.
good laboratory practice (GLP): Rules for conducting nonclinical laboratory studies that support or are intended to support applications for research or marketing permits for products regulated by the Food and Drug Administration. May also apply to conducting studies related to health effects, environmental effects, and chemical fate testing to ensure the quality of data for the Toxic Substances Control Act (TSCA).
healthcare: Care, services, or supplies related to the health of an individual, including but not limited to: (1) Preventive, diagnostic, rehabilitative, maintenance, or palliative care, counseling, service, assessment, or procedure with respect to a physical or mental condition or functional status of an individual or that affects the structure or function of the body; and (2) Sale or dispensing of a drug, device, equipment, or other item pursuant to a prescription.
healthcare clearinghouse: A public or private entity, including a billing service, repricing company, community health management information system or community health information system, and ‘value-added’ networks and switches, that does either of the following functions:
-
Processes or facilitates the processing of health information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction;
-
Receives a standard transaction from another entity and processes or facilitates the processing of health information into nonstandard format or nonstandard data content for the receiving entity.
Healthcare Common Procedure Coding System (HCPCS): A set of codes used by Medicare that describes services and procedures; HCPCS Level 1 codes are Current Procedural Terminology (CPT) codes, Level II codes are for suppliers and non-CPT codes, and Level III are locally set codes.
Health Care Financing Administration (HCFA): Created in 1977 to combine under one administration the oversight of the Medicare program, the federal portion of the Medicaid program, and related quality assurance activities. HCFA was renamed the Centers for Medicare & Medicaid Services in July 2001.
Health Care Fraud Prevention and Enforcement Action Team (HEAT): Auditing team focused on preventing fraud and abuse in the Medicare and Medicaid programs by identifying fraud perpetrators and those abusing the system.
healthcare operations: Any of the following activities of the covered entity to the extent that the activities relate to covered functions:
-
Conducting quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines, provided that the obtaining of generalizable knowledge is not the primary purpose of any studies resulting from such activities; population-based activities relating to improving health or reducing healthcare costs, protocol development, case management, and care coordination; contacting of healthcare providers and patients with information about treatment alternatives; and related functions that do not include treatment;
-
Reviewing the competence or qualifications of healthcare professionals; evaluating practitioner and provider performance; health plan performance; conducting training programs in which students, trainees, or practitioners in areas of healthcare learn under supervision to practice or improve their skills as healthcare providers; training of nonhealthcare professionals; accreditation, certification, licensing, or credentialing activities;
-
Underwriting, premium rating, and other activities relating to the creation, renewal, or replacement of a contract of health insurance or health benefits and ceding, securing, or placing a contract for reinsurance of risk relating to claims for healthcare (including stop-loss insurance and excess of loss insurance), provided that the requirements of 45 C.F.R. § 164.514(g) are met, if applicable;
-
Conducting or arranging for medical review, legal services, and auditing functions, including fraud and abuse detection and compliance programs;
-
Business planning and development, such as conducting cost management– and planning-related analyses related to managing and operating the entity, including formulary development and administration, development or improvement of methods of payment or coverage policies; and
-
Business management and general administrative activities of the entity, including, but not limited to:
-
Management activities relating to implementation of and compliance with the requirements of this subchapter;
-
Customer service, including the provision of data analyses for policy holders, plan sponsors, or other customers, provided that protected health information is not disclosed to such policy holder, plan sponsor, or customer;
-
Resolution of internal grievances;
-
The sale, transfer, merger, or consolidation of all or part of the covered entity with another covered entity, or an entity that, following such activity, will become a covered entity, and due diligence related to such activity; and
-
Consistent with the applicable requirements of 45 C.F.R. § 164.514 , creating de-identified health information or a limited data set, and fundraising.
-
healthcare provider: A provider of services (as defined in section 1861(u) of the Social Security Act, 42 U.S.C. § 1395x(u) ), a provider of medical or health services (as defined in section 1861(s) of the Social Security Act, 42 U.S.C. § 1395x(s) ), and any other person or organization who furnishes, bills, or is paid for healthcare services or supplies in the normal course of business.
health information: Any information, oral or recorded, in any form or medium, that:
-
Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and
-
Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
health information management (HIM): HIM professionals work in a various settings and job titles in the healthcare industry. They often serve in roles connecting clinical, operational, and administrative functions.
Health Information Technology for Economic and Clinical Health (HITECH) Act: Part of the American Recovery and Reinvestment Act of 2009. HITECH Act is designed to encourage healthcare providers to adopt health information technology that establishes electronic health records in a standardized manner that protects patients’ private health information. In addition, it requires the Department of Health & Human Services to modify the Health Insurance Portability and Accountability Act Privacy, Security, and Enforcement rules to strengthen health information privacy and security protections.
Health Information Trust Alliance (HITRUST): Organization that established a Common Security Framework that can be used by all organizations that create, access, store, or exchange sensitive and/or regulated data.
Health Insurance Portability and Accountability Act (HIPAA) of 1996: A federal law stating that a covered entity may not use or disclose protected health information, except as permitted or required.
health maintenance organization (HMO): A managed care organization that aims to lower healthcare costs by contracting with a network of providers to provide services for reduced cost. Through contracts with providers, the HMO can predict costs by shifting risk to the provider for services used by members. The HMO manages costs by limiting members to seeing approved providers and controlling access to specialty services.
health plan: Per 45 C.F.R. § 160.103 , an individual or group plan that provides, or pays the cost of, medical care (as defined in section 2791(a)(2) of the Public Health Service Act, 42 U.S.C. § 300gg-91(a)(2) ) of the Act:
-
A health plan includes the following, singly or in combination:
-
A group health plan, as defined in this section.
-
A health insurance issuer, as defined in this section.
-
A health maintenance organization, as defined in this section.
-
Part A and B of the Medicare program under title XVIII of the Act.
-
The Medicaid program under title XIX of the Act.
-
An issuer of a Medicare supplemental policy.
-
An issuer of a long-term care policy, excluding a nursing home fixed indemnity policy.
-
An employee welfare benefit plan or any other arrangement that is established or maintained for the purpose of offering or providing health benefits to the employees of two or more employers.
-
The healthcare program for active military personnel under title 10 of the United States Code.
-
The veterans’ healthcare program under 38 C.F.R. § 17 .
-
The Indian Health Services program.
-
The Federal Employees Health Benefits Program.
-
An approved state child health plan under title XXI of the Act.
-
A high-risk pool established under state law to provide health insurance coverage or comparable coverage to eligible individuals.
-
Any other individual or group plan, or combination of individual or group plans, that provides or pays for the costs of medical care.
-
-
A health plan excludes:
-
Any policy, plan, or program to the extent that it provides, or pays for the cost of excepted benefits that are listed in section 2791(c)(1) of the Public Health Service Act, 42 U.S.C. § 300gg-91(c)(1) ; and
-
A government-funded program (other than one listed in paragraph (1) (i)-(xvi) of this definition);
-
Whose principal purpose is other than providing, or paying the cost of, healthcare; or
-
Whose principal activity is:
-
The direct provision of healthcare to persons; or
-
The making of grants to fund the direct provision of healthcare to persons.
-
-
-
Health Plan Management System (HPMS): Centers for Medicare & Medicaid Services’ web-enabled information system that serves a critical role in the operations of the Medicare Advantage, Part D, and accountable care organization programs.
Health Resources and Services Administration (HRSA): Agency within the Department of Health & Human Services. Is the primary federal agency for improving access to healthcare by strengthening the healthcare workforce, building health communities, and achieving health equity. HRSA’s programs provide healthcare to people who are geographically isolated and/or economically or medically vulnerable.
home health agency (HHA): An organization primarily engaged in providing skilled nursing services and other therapeutic services; has policies established by a group of professionals (associated with the agency or organization), including one or more physicians and one or more registered professional nurses, to govern the services it provides. For purposes of Part A home health services under Title XVIII of the Social Security Act, the term “home health agency” does not include any agency or organization that is primarily for the care and treatment of mental diseases.
hospice: According to the Social Security Act, Title 18, § 1861(dd), “items and services provided to a terminally ill individual by, or by others under arrangements made by, a hospice program under a written plan (for providing such care to such individual) established and periodically reviewed by the individual’s attending physician and by the medical director (and by the interdisciplinary group described in paragraph (2)(B)) of the program.”
hospital payment monitoring system: A Centers for Medicare & Medicaid Services requirement that involves monitoring and detecting unacceptable reimbursement claims and ensuring accuracy of claims.
hybrid covered entity: A covered entity that does both covered and noncovered functions under the Health Insurance Portability and Accountability Act Privacy Rule has the option to restrict the application of the Privacy Rule to certain parts of its organization by designating healthcare components.
Immediate Corrective Action Required: A Centers for Medicare & Medicaid Services audit finding; the result of noncompliance with specific requirements that has the potential to cause significant beneficiary harm.
independent review organization (IRO): Part of corporate integrity agreements; provide objective, unbiased determinations on what the root cause of a particular treatment was, or whether there was a medical necessity for a treatment.
individually identifiable health information (IIHI): Information that is a subset of health information, including demographic information collected from an individual, and:
-
Is created or received by a healthcare provider, health plan, employer, healthcare clearinghouse; and
-
Related to the past, present, or future physical or mental health or condition of an individual; the provision of healthcare to an individual; or the past, present, or future payment for the provision of healthcare to an individual; and
-
That identifies the individual; or
-
With respect to which there is a reasonable basis to believe that the information can be used to identify the individual.
-
International Classification of Diseases, 10th Revision (ICD-10): A coding of diseases, signs and symptoms, abnormal findings, complaints, social circumstances, and external causes of injury or diseases, as classified by the World Health Organization
International Classification of Diseases, 10th Revision, Clinical Modification (ICD-10-CM): A two-part classification system in current use for coding patient medical information and for classifying patients into diagnosis-related groups (DRGs) for Medicare and other third-party payers. The first part provides a comprehensive list of diseases with corresponding codes compatible with the World Health Organization’s list of disease codes. The second part contains procedure codes independent of the disease codes. Published by the Commission on Professional and Hospital Activities (CPHA) and by the federal government.
International Classification of Functioning, Disability and Health: An international classification system that describes and measures health and disability and includes environmental factors.
The Joint Commission: An independent, nongovernmental nonprofit organization that certifies and accredits healthcare organizations for quality.
low probability of compromise (LoProCo): In Health Insurance Portability and Accountability Act, “low probability” is based on 4 factors:
-
What was the nature and extent of the protected health information (PHI) involved, including the types of identifiers in the information and the likelihood of reidentification?
-
To whom was the unauthorized information disclosed?
-
Was the PHI actually acquired or viewed?
-
What was the extent to which the risk to PHI has been mitigated?
managed care: Provides for the delivery of Medicaid health benefits and additional services through contracted arrangements between state Medicaid agencies and MCOs that accept a set per-member per-month payment for these services.
managed care organization (MCO): An organization that combines the functions of health insurance, delivery of care, and administration. An umbrella term for health plans that provide healthcare in return for a predetermined monthly fee and coordinate care through a defined network of physicians and hospitals. Examples: health maintenance organization, point of service, preferred provider organization.
Medicaid: A program under the Department of Health & Human Services that provides low- or no-cost basic health coverage for low-income adults and children.
Medicaid Fraud Control Unit (MFCU): Single entity of state government annually certified by the secretary of the Department of Health & Human Services responsible for conducting a state initiative aimed at investigating and prosecuting providers that defraud the Medicaid program.
Medicaid Integrity Program (MIP): Created by the Deficit Reduction Act of 2005 as the first comprehensive federal strategy to prevent and reduce provider fraud, waste, and abuse in the Medicaid program. The program has two responsibilities: hire contractors to review provider activities and support states in their efforts to combat fraud and abuse.
Medicare: A health insurance program administered by the Centers for Medicare & Medicaid Services under the Department of Health & Human Services. Medicare is comprised of several parts, including hospital insurance; medical insurance; and prescription drug insurance for people over 65, people under 65 with disabilities, and people of all ages with end-stage renal disease.
monitoring: Monitoring is a quality control tool for determining whether study activities are being carried out as planned so that deficiencies can be identified and corrected.
National Uniform Billing Committee (NUBC): Brought together by the American Hospital Association (AHA) in 1975, NUBC includes the participation of all the major national provider and payer organizations. The NUBC was formed to create a uniform billing form and standard data set for institutional providers and payers to use for handling healthcare claims.
Occupational Safety And Health Administration (OSHA): A component of the Department of Labor that develops and administers standards relating to the well-being of workers at the job site, develops and issues regulations in this area, conducts investigations and inspections to determine status of compliance with safety and health standards and regulations, and issues citations and proposes penalties for noncompliance.
Office for Civil Rights (OCR): An agency within in the Department of Health & Human Services that enforces civil rights claims and the Health Insurance Portability and Accountability Act Privacy and Security rules.
Office for Human Research Protections (OHRP): Provides leadership in the protection of the rights, welfare, and well-being of subjects involved in research conducted or supported by the Department of Health & Human Services.
Office of Inspector General (OIG): The Office of Inspector General of the Department of Health & Human Services (HHS) fights waste, fraud, and abuse in Medicare, Medicaid, and more than 300 other HHS programs.
Office of Inspector General (OIG) Compliance Program Guidance: Guidelines issued by the Office of Inspector General for the suggested development of compliance programs. Compliance program guidances have been issued for hospitals; home health agencies; clinical laboratories; third-party billers; the durable medical equipment, prosthetics, orthotics, and supplies industry; hospice providers; physician practices; research (draft); skilled nursing; and Medicare+Choice organizations.
Office of the Medicaid Inspector General: Independent agencies within individual state departments of health tasked with improving the integrity of state Medicaid programs by coordinating the fraud and abuse activities for multiple state agencies that provide Medicaid-funded services.
organized healthcare arrangements (OHCA): (1) A clinically integrated setting in which individuals typically receive healthcare from more than one healthcare provider; (2) an organized system of healthcare in which more than one covered entity participates and in which the participating covered entities hold themselves out to the public as participating in a joint arrangement and participate in joint activities; (3) a group health plan and a health insurance issuer or health maintenance organization (HMO) with respect to such group health plan, but only with respect to protected health information created or received by such health insurance issuer or HMO that relates to individuals who are or who have been participants or beneficiaries in such group health plan; (4) a group health plan and one or more other group health plans each of which are maintained by the same plan sponsor; or (5) the group plans described in (4) and health insurance issuers or HMOs with respect to such group health plans, but only with respect to protected health information created or received by such health insurance issuers or HMOs that relates to individuals who are or have been participants or beneficiaries in any such group health plans.
Patient Protection and Affordable Care Act (PPACA or ACA): Commonly referred to as the Affordable Care Act or Obamacare. Enacted to increase the affordability and quality of health insurance, lower the uninsured rate by expanding public and private insurance coverage, and reduce the cost of healthcare for individuals and the government. The law requires insurance companies to cover all applicants within minimum standards and offer the same rates regardless of preexisting conditions or sex.
Patient Safety and Quality Improvement Act: Law enacted in 2005 that created patient safety organizations to collect, aggregate, and analyze confidential information reported by healthcare providers in order to identify patterns of failures and propose measures to eliminate patient safety risks and hazards.
payment:
-
The activities undertaken by:
-
[A] health plan to obtain premiums or to determine or fulfill its responsibility for coverage and provision of benefits under the health plan; or
-
ii. A health care provider or health plan to obtain or provide reimbursement for the provision of health care; and
-
2. The activities in paragraph (1) of this definition relate to the individual to whom health care is provided and include, but are not limited to:
-
Determinations of eligibility or coverage (including coordination of benefits or the determination of cost sharing amounts), and adjudication or subrogation of health benefit claims;
-
Risk adjusting amounts due based on enrollee health status and demographic characteristics;
-
Billing, claims management, collection activities, obtaining payment under a contract for reinsurance (including stop-loss insurance and excess of loss insurance), and related health care data processing;
iv. Review of health care services with respect to medical necessity, coverage under a health plan, appropriateness of care, or justification of charges
v. Utilization review activities, including precertification and preauthorization of services, concurrent and retrospective review of services; and
vi. Disclosure to consumer reporting agencies of any of the following protected health information relating to collection of premiums or reimbursement:
-
Name and address;
-
Date of birth;
-
Social security number;
-
Payment history;
-
Account number; and
-
Name and address of the health care provider and/or health plan.
physician: Under the Stark Law, a doctor of medicine or osteopathy, a doctor of dental surgery or dental medicine, a doctor of podiatric medicine, a doctor of optometry, or a chiropractor, as defined in section 1861 of the Act. A physician and the professional corporation of which they are a sole owner are the same for purposes of this subpart.
Physicians at Teaching Hospitals (PATH): A Department of Health & Human Services/Office of Inspector General nationwide review of compliance with rules governing physicians at teaching hospitals. Records were reviewed to determine adequate physician involvement in patient care according to IL373, the Medicare rule that dictates that an attending physician must be present when supervising an intern or resident in order to bill for the care provided by the intern or the resident.
Physician Payments Sunshine Act (PPSA): Part of the Affordable Care Act that requires manufacturers of drugs, medical devices, and biologicals that participate in the federal healthcare programs to report certain payments and items of value given to physicians and teaching hospitals. Centers for Medicare & Medicaid Services implements the program and calls it the Open Payments Program.
Physician Quality Reporting System (PQRS): A Centers for Medicare & Medicaid Services reporting tool that provides incentives and penalties to eligible professionals for reporting quality information.
Physician Self-Referral Law (Stark Law): The Omnibus Budget Reconciliation Act (OBRA) of 1989 bans physicians from referring lab specimens to any entity with which the physician has a financial relationship. Amended by OBRA ‘90 to exclude financial relationships between hospitals and physicians unrelated to clinical laboratory services. OBRA ‘93 (Stark II) expanded to include 10 other designated healthcare services.
Program for Evaluating Payment Patterns Electronic Report (PEPPER): A comparative data report that summarizes one provider’s Medicare claims data statistics for services vulnerable to improper Medicare payments.
Prospective Payment System (PPS): The system for paying for services for Medicare patients (see DRGs) whereby patients are classified into categories for which prices are negotiated or determined in advance.
protected health information (PHI): Individually identifiable health information:
-
Except as provided in paragraph (2) of this definition, that is:
-
Transmitted by electronic media;
-
Maintained in any medium described in the definition of electronic media at § 162.103 of this
-
subchapter; or
-
Transmitted or maintained in any other form or media.
-
-
Protected health information excludes individually identifiable health information in:
-
Education records covered by FERPA;
-
Records described at 20 U.S.C. § 1232g(a)(4)(B)(iv) ; and
-
Employment records held by a covered entity in this role as an employer.
-
-
That is or has been electronically maintained or electronically transmitted by a covered entity, or transmitted or maintained in any other form or media.
Provider Statistical & Reimbursement Report (PS&R): Centers for Medicare & Medicaid Services’ system-generated reports of statistical and reimbursement data applicable to the processed and finalized Medicare Part A claims.
qui tam: Legal term for the mechanism in the federal False Claims Act (FCA) that allows persons and entities with evidence of fraud against federal programs or contracts to sue the wrongdoer on behalf of the government. A qui tam action is one brought under the FCA by a private plaintiff (relator) on behalf of the federal government (rather than by the government itself).
recovery audit contractors (RAC): The contractors that carry out Recovery Audit Program activities.
relator: The legal term for a person who is the whistleblower in a qui tam lawsuit brought under the False Claims Act.
remuneration: In the Anti-Kickback Statute, the transfer of anything of value, directly or indirectly, overtly or covertly, in cash or in kind.
Risk Adjustment Data Validation (RADV): The process of verifying that diagnosis codes submitted for payment by a Medicare Advantage organization are supported by medical record documentation for an enrollee.
risk assessment: A systematic process for identifying and assessing the risks involved with doing business that may cause harm to an organization that results in noncompliance with a regulation.
risk-based monitoring: A mix of centralized monitoring and on-site monitoring. Monitoring activities should focus on preventing or mitigating important and likely sources of error in conduct, collection, and reporting of critical data and processes necessary for human subject protection and study data integrity.
safe harbors: Explicit regulatory exceptions to otherwise legally prohibited conduct. Federal safe harbor regulations specify certain joint ventures and other arrangements concerning hospitals and/or physicians that do not violate Medicare fraud and abuse laws.
self-reporting: Having identified actual wrongdoing, the organization informs the government. Although not protected from civil or criminal action under the False Claims Act, providers disclosing fraud are advised in the government self-disclosure protocol that timely self-reporting of wrongdoing may offer mitigating factors in potential penalties and/or fines.
skilled nursing facility (SNF): An institution or a distinct part of an institution, such as a skilled nursing home or rehabilitation center, that has a transfer agreement in effect with one or more participating hospitals and that:
-
Is primarily engaged in providing skilled nursing care and related services for residents who require medical or nursing care, or rehabilitation services for the rehabilitation of injured, disabled, or sick persons, and
-
Meets the requirements for participation in section 1819 of the Social Security Act and in regulations in 42 C.F.R. §§ 483.1–483.95 .
treatment: The provision, coordination, or management of healthcare and related services by one or more healthcare providers, including the coordination or management of healthcare by a healthcare provider with a third party; consultations between healthcare providers relating to a patient; or the referral of a patient for healthcare from one healthcare provider to another.
treatment, payment, and healthcare operations (TPO): The primary areas where healthcare workers have a need to use patients’ protected health information.
upcoding: Coding for a higher level than the documentation warrants.
use: With respect to individually identifiable health information, the sharing, employment, application, use, examination, or analysis of such information within an entity that maintains such information.
workforce: Employees, volunteers, trainees, and other persons whose conduct, in the performance of work for the covered entity, is under the direct control of such entity, whether or not they are paid by the covered entity.