homework help
;
INTRODUCTION
;
OUR PROCESS
Order
Payment
Writing
Delivery
Why Choose Us: Cost-efficiency, Plagiarism free, Money Back Guarantee, On-time Delivery, Total Сonfidentiality, 24/7 Support, 100% originality
This graded project is a research paper that you’ll complete
;
and submit to the school for grading. In your paper, you’ll
;
apply what you learned about HIPAA to an actual situation in
;
which a health care organization violated HIPAA regulations.
;
YOUR ASSIGNMENT
;
Health care organizations must know and follow the regulations
;
that are set forth by HIPAA, or be held accountable
;
for their failure to follow the rules. For this assignment,
;
you’ll need to find three real-life examples of HIPAA violations;
;
that is, violations of HIPAA’s privacy or security laws
;
that occurred in the United States since the passage of the
;
HIPAA law (after 1996). Each violation described should be
;
serious, and one that resulted in a fine or penalty for the
;
individual or company involved.
;
You can find real-life examples of HIPAA violations in
;
news reports, medical journals, professional health care
;
publications, and other similar reliable factual sources.
;
For each example violation, you should provide the following
;
information:
;
n A complete, descriptive summary of the case
;
n Important facts that relate to the case, such as the
;
names of the company or individual involved, the date
;
of the violation, and the city and state where the incident
;
occurred
;
n An explanation of the HIPAA rules that were violated
;
Be sure to answer these questions when writing your
;
summaries:
;
n How did the HIPAA violation occur?
;
n What policies (if any) did the organization have in place
;
to protect against the violation?
;
n What was the penalty for the violation (fine, prison term,
;
termination of employment, etc)?
;
;
;
Finally, describe three ways in which the organization could
;
have prevented the violation.
;
Organize your three case examples into a 750-word paper.
;
Research Instructions
;
To write your paper, you may use journal articles, textbook
;
material, case studies, and Web site information. The Web
;
site information must come from reputable and verifiable
;
sources, such as the United States Department of Health and
;
Human Services, the American Medical Association, professional
;
or business organizations, or articles published by
;
major news organizations.
;
To get started on finding a real-life case example that you’re
;
interested in, you can use an Internet search engine such as
;
Google. Try entering keywords such as “HIPAA violation”
;
under the “News” section. Or, go to your local library and
;
perform a search in the medical journals or professional
;
publications they have on file.
;
Writing Guidelines
;
1. Type your submission, double-spaced, in a standard
;
print font, size 12. Use a standard document format with
;
1-inch margins. (Do not use any fancy or cursive fonts.)
;
2. Read the assignment carefully, and follow the instructions.
;
3. Be sure to include the following information at the top of
;
your paper:
;
n Your name
;
n Your student number
;
n The course title (HIPAA Compliance)
;
n Graded project number (46081100)
;
n The date
;
4. Be specific. Limit your submission to the issues covered
;
by your chosen topic.
;
;
;
The student must
;
n Provide a clear discussion of the chosen topic
;
n Address the topic in complete sentences
;
n Support his or her research by citing specific information
;
from the textbook, Web sites, and any other references,
;
and by using correct APA or MLA guidelines for citations
;
and references
;
n Stay focused on the chosen topic
;
n Write in his or her own words and use quotation marks
;
to indicate direct quotations
;
Written Communication
;
The student must
;
n Discuss the topic in complete paragraphs that include an
;
introductory sentence, at least four sentences of explanation,
;
and a concluding sentence
;
n Use correct grammar, spelling, punctuation, and sentence
;
structure
;
;
;
Provide clear organization (for example, uses words like
;
;
;
;
;
first, however, on the other hand, and so on, consequently,
;
;
;
;
;
;
;
since, next, and when )
;
;
;
n Make sure the paper contains no typographical errors
;
;
;
;
;
;
;
;
;
Format
;
;
;
;
;
;
;
The paper should be double-spaced and typed in font size 12.
;
;
;
It must include the student’s
;
;
;
;
;
n Name and complete mailing address
;
;
;
n Student number
;
;
;
n Course title (HIPAA Compliance)
;
;
;
n Research project number (46081100)
;
;
;
; 460810RR – IMPLEMENTING AND ENFORCING HIPAA
;
Questions 1 to 20: Select the best answer to each question. Note that a question and its answers may be split across a page
;
break, so be sure that you have seen the entire question and all the answers before choosing an answer.
;
1. Which of the following is used to code and classify morbidity data from patient medical records,
;
physician offices, and surveys conducted by the National Center for Health Statistics?
;
A. NPPES
;
B. ICD-9-CM
;
C. Claim status codes
;
D. HCPCS
;
2. You are employed by a small dentist office that has three employees. Under the Administrative
;
Simplification Compliance Act, your office is
;
A. required to file claims electronically.
;
B. excluded from the mandate to file a claim electronically.
;
C. required to append a waiver form and file all claims electronically.
;
D. required to file claims through paper submissions only.
;
3. Which of the following is the HIPAA standard code set for diseases, injuries, and other health-related
;
medical problems?
;
A. HCPCS
;
B. National Drug Codes
;
C. CDT-4
;
D. ICD-9-CM
;
4. Dr. Madison’s office calls an insurance company to determine whether they have paid for Mr. Rossi’s
;
last checkup visit. This procedure is known as a
;
A. referral authorization.
;
B. health care claim status inquiry.
;
C. functional acknowledgment.
;
D. remittance advice.
;
5. The agency of the federal government that combats fraud and abuse in health insurance and health care
;
delivery is the
;
A. Centers for Medicare and Medicaid Services (CMS).
;
B. Health Care Fraud and Abuse Program.
;
C. Department of Justice (DOJ).
;
D. Office of the Inspector General (OIG)
;
6. Which of the following is the HIPAA standard code set for dental services?
;
A. National Drug Codes
;
B. CDT-4
;
C. ICD-9-CM
;
D. Current Procedural Terminology
;
7. Which of the following advises covered entities about HIPAA compliance problems uncovered by the
;
OIG?
;
A. corporate integrity agreement.
;
B. OIG Work Plan.
;
C. Health Care Fraud and Abuse Control Program.
;
D. OIG Fraud Alert
;
8. The department of the federal government that investigates criminal violations of the HIPAA privacy
;
standards is the
;
A. Department of Justice (DOJ).
;
B. Health Care Fraud and Abuse Program.
;
C. Centers for Medicare and Medicaid Services (CMS).
;
D. Office of the Inspector General (OIG).
;
9. A written document created by a health care provider that’s designed to prevent fraud and abuse by
;
outlining the process for finding, correcting, and preventing illegal practices among their staff members is
;
called a(n)
;
A. compliance plan.
;
B. code of conduct.
;
C. audit report.
;
D. OIG Work Plan.
;
10. Which of the following are physicians, contractors, or employees who have been found guilty of fraud,
;
and are therefore prevented from participating in Medicare, Medicaid, and federal health care programs?
;
A. Excluded parties
;
B. Advisors
;
C. Relators
;
D. Self-referrers
;
11. On a HIPAA 277 transaction, a claim status code of “A” indicates that
;
A. the claim has been finalized.
;
B. an error occurred in the transmission of the claim.
;
C. a request for more information has been sent.
;
D. the claim has been received.
;
12. Under the HIPAA transaction standards, the supplemental health information that’s provided to clarify
;
and support a health care claim is called a
;
A. paper claim.
;
B. implementation guide.
;
C. claim attachment.
;
D. remittance advice remark.
;
13. There are eight mandated transactions described under the HIPAA transaction standards. The 270/271
;
transaction represents
;
A. an inquiry to an insurance company to determine is a claim has been paid.
;
B. remittance advice that explains how a payment amount was calculated.
;
C. a delivery of information to an insurance company to apply payment to an individual’s account.
;
D. an inquiry to an insurance company to check whether a patient is covered for a specific service.
;
14. Under HIPAA, the nonmedical code sets that are used to capture general information, such as state
;
abbreviations and payment explanations, are called
;
A. implementation guides.
;
B. administrative code sets.
;
C. ICD-9-CM codes.
;
D. CPT codes.
;
15. Which of the following statements about electronic medical claims is correct?
;
A. Dentists are required to submit all claims electronically.
;
B. Medicare pays electronic claims in half the time required to pay paper claims.
;
C. No covered entity is required to use electronic claims; they may continue to send paper claims indefinitely.
;
D. Electronic claims are more expensive to send than paper claims.
;
16. The annual list of the OIG’s planned projects for sampling billing in various settings (such as hospitals,
;
doctor’s offices, and long-term care facilities) to check for potential fraud is called the
;
A. OIG Work Plan.
;
B. Deficit Reduction Act.
;
C. corporate integrity agreement.
;
D. triggered review.
;
17. Which of the following is the second part of an 835 that explains how the payment was arrived at?
;
A. Functional acknowledgment
;
B. Remittance advice
;
C. Claim payment status
;
D. Claim status inquiry
;
18. The Jefferson Pediatric group sends an 837 to the Rhode Island Insurance Company. An 837 is a type
;
of HIPAA transaction that represents a
;
A. referral certification and authorization.
;
End of exam
;
B. health care payment and remittance advice.
;
C. health plan enrollment.
;
D. health care claim.
;
19. A physician’s office “upcoded” office visits to an insurance provider in order to receive a higher
;
reimbursement for patient services. Upcoding is an example of
;
A. abuse.
;
B. benchmarking.
;
C. compliance.
;
D. fraud.
;
20. The federal law that prohibits physicians from making self-interested referrals, or referrals in which
;
they have a financial interest or may receive a kickback, is called
;
A. Deficit Reduction Act (DRA).
;
B. Sarbanes-Oxley Act.
;
C. Stark II.
;
D. False Claims Act (FCA).
;
UNDERSTANDING HIPAA
;
Questions 1 to 20: Select the best answer to each question. Note that a question and its answers may be split across a page
;
break, so be sure that you have seen the entire question and all the answers before choosing an answer.
;
1. Under the HIPAA Security Standards, according to the category of _______ standards, covered entities
;
are required to create policies and procedures that concern authentication, transmission, and other issues
;
when electronic protected health information is accessed.
;
A. emergency
;
B. technical
;
C. administrative
;
D. physical
;
2. In a situation where a patient’s protected health information is required as evidence in a court of law, the
;
provider may release the information
;
A. only with the patient’s approval.
;
B. upon the request of any attorney.
;
C. only if the patient signs a release form.
;
D. without the patient’s approval upon receipt of a judicial order.
;
3. Michael has just paid for a property and casualty insurance policy for the Dalton Medical Clinic. How is
;
this type of insurance classified under HIPAA?
;
A. Property and casualty insurance policies are federally funded clearinghouses.
;
B. Property and casualty insurance polices are not classified as covered entities.
;
C. Property and casualty insurance policies are non-exempt entities.
;
D. Property and casualty insurance policies are covered entities.
;
4. A provider instructs an administrative staff member to bill a patient for a particular procedure. The
;
conversation is overheard by another patient who is sitting in the waiting room. This situation would be
;
describes as a(n)
;
A. incidental use and disclosure, which is not a violation of HIPAA rules.
;
B. illegal disclosure of protected health information.
;
C. release of information, which is a violation of HIPAA rules.
;
D. disclosure of de-identified health information.
;
5. In an electronic healthcare information system, a type of program that harms the information system,
;
and that’s often brought into the organization through e-mail attachments or Internet downloads, is called
;
A. a proxy server.
;
B. encryption.
;
C. a firewall.
;
D. malware.
;
6. In the United States, the main federal government agency that’s responsible for healthcare and that
;
administers the Medicare and Medicaid programs is
;
A. the American Health Information Management Association (AHIMA).
;
B. the Centers for Medicare and Medicaid Services (CMS).
;
C. the American Medical Association (AMA).
;
D. the Health Care Financing Administration (HCFA).
;
7. To protect electronic health information, many covered entities prevent employees from accessing the
;
information unless they have a certain job title or job function. This type of technical security safeguard is
;
called
;
A. a firewall.
;
B. antivirus software.
;
C. encryption.
;
D. role-based authorization.
;
8. A pathology laboratory is contracted with Winchester Hospital to review the hospital’s biopsy specimens.
;
Under HIPAA, the laboratory would be classified as a(n)
;
A. business associate.
;
B. direct provider.
;
C. clearinghouse.
;
D. indirect provider.
;
9. A hospital’s security system requires an individual’s unique fingerprint, voice pattern, facial pattern, or
;
eye/iris pattern to access protected health information. These unique methods of individual identification
;
are known as
;
A. biometrics.
;
B. backup procedures.
;
C. audit controls.
;
D. digital certificates.
;
10. According to the HIPAA Security Standards for electronic protected health information, issues such as
;
workstation security, facility access controls, and device controls are covered under _______ standards.
;
A. physical
;
B. technical
;
C. administrative
;
D. organizational
;
11. To protect electronic health information, the information may be transformed into an unreadable format
;
before it’s distributed to anyone. This type of security safeguard is called
;
A. antivirus software.
;
B. encryption.
;
C. a firewall.
;
D. password protection.
;
12. Which of the following statements about the HIPAA Privacy Rules is correct?
;
A. It’s a HIPAA violation if a provider’s name appears on a patient’s telephone caller ID.
;
B. There are no restrictions on the use or disclosure of de-identified health information.
;
C. Providers are required to provide the Notice of Privacy Practices to patients receiving emergency treatment.
;
D. It’s a HIPAA violation to have a patient sign-in sheet at a facility’s front desk.
;
13. Which of the following is the computer-to-computer transfer of routine business information that has
;
helped healthcare businesses to greatly simplify their administrative practices?
;
A. Treatment, Payment, and Health Care Operations (TPO)
;
B. Electronic data interchange (EDI)
;
C. Notice of Privacy Practices (NPP)
;
D. Group health plans (GHP)
;
14. Having a backup procedure for the computer systems in a health clinic is an example of satisfying
;
A. a technical security standard.
;
B. an implementation specification.
;
C. a physical security standard.
;
D. an administrative security standard.
;
15. Any direct personal contact between a patient and a health care provider in any place of service for the
;
diagnosis and treatment of an illness or injury is called a(n)
;
A. complaint.
;
B. encounter.
;
C. authorization.
;
D. liability.
;
16. Which of the following organizations creates and promotes standards for the transfer of data to and
;
from the pharmacy services sector of the health care industry?
;
A. The National Committee on Vital and Health Statistics (NCVHS)
;
B. The Strategic National Implementation Process (SNIP)
;
C. The National Drug Code (NDC)
;
D. The National Council for Prescription Drug Programs (NCPDP)
;
17. Rachel receives health insurance through her job as a privacy officer at the MEA clinic. She has just
;
resigned from her job, but the office manager tells her that she’ll be allowed to continue her health coverage
;
under the employer’s plan for a limited time period, at a cost of $395.00 per month. Which of the following
;
acts allows Rachel to continue her health care coverage with her former employer?
;
A. FEHB
;
B. ERISA
;
End of exam
;
C. IHP
;
D. COBRA
;
18. The Blue Ridge Surgery Group has developed a new Web site that describes its services and benefits.
;
According to HIPAA rules, which of the following must be included on the organization’s Web site?
;
A. A complete description of all procedures provided
;
B. A list of the types of insurance they accept
;
C. A Notice of Privacy Practices
;
D. A listing of all physicians on staff and their professional credentials
;
19. Frequently, electronic health information must be transferred from one user to another over the Internet
;
or through a computer network. To ensure that the remote user is authorized to receive the data, an
;
electronic authorization called a(n) _______ can be issued to the remote users by a covered entity.
;
A. emergency access procedure
;
B. digital certificate
;
C. contingency
;
D. computer administrator
;
20. HIPAA refers to any item, collection, or grouping of individually identifiable protected health
;
information as a
;
A. notice of privacy practices.
;
B. billing record.
;
C. designated record set.
;
D. health plan identifier.
;
;
;