homework help

;

INTRODUCTION

;

This graded project is a research paper that you’ll complete

;

and submit to the school for grading. In your paper, you’ll

;

apply what you learned about HIPAA to an actual situation in

;

which a health care organization violated HIPAA regulations.

;

YOUR ASSIGNMENT

;

Health care organizations must know and follow the regulations

;

that are set forth by HIPAA, or be held accountable

;

for their failure to follow the rules. For this assignment,

;

you’ll need to find three real-life examples of HIPAA violations;

;

that is, violations of HIPAA’s privacy or security laws

;

that occurred in the United States since the passage of the

;

HIPAA law (after 1996). Each violation described should be

;

serious, and one that resulted in a fine or penalty for the

;

individual or company involved.

;

You can find real-life examples of HIPAA violations in

;

news reports, medical journals, professional health care

;

publications, and other similar reliable factual sources.

;

For each example violation, you should provide the following

;

information:

;

n A complete, descriptive summary of the case

;

n Important facts that relate to the case, such as the

;

names of the company or individual involved, the date

;

of the violation, and the city and state where the incident

;

occurred

;

n An explanation of the HIPAA rules that were violated

;

Be sure to answer these questions when writing your

;

summaries:

;

n How did the HIPAA violation occur?

;

n What policies (if any) did the organization have in place

;

to protect against the violation?

;

n What was the penalty for the violation (fine, prison term,

;

termination of employment, etc)?

;

;

;

Finally, describe three ways in which the organization could

;

have prevented the violation.

;

Organize your three case examples into a 750-word paper.

;

Research Instructions

;

To write your paper, you may use journal articles, textbook

;

material, case studies, and Web site information. The Web

;

site information must come from reputable and verifiable

;

sources, such as the United States Department of Health and

;

Human Services, the American Medical Association, professional

;

or business organizations, or articles published by

;

major news organizations.

;

To get started on finding a real-life case example that you’re

;

interested in, you can use an Internet search engine such as

;

Google. Try entering keywords such as “HIPAA violation”

;

under the “News” section. Or, go to your local library and

;

perform a search in the medical journals or professional

;

publications they have on file.

;

Writing Guidelines

;

1. Type your submission, double-spaced, in a standard

;

print font, size 12. Use a standard document format with

;

1-inch margins. (Do not use any fancy or cursive fonts.)

;

2. Read the assignment carefully, and follow the instructions.

;

3. Be sure to include the following information at the top of

;

your paper:

;

n Your name

;

n Your student number

;

n The course title (HIPAA Compliance)

;

n Graded project number (46081100)

;

n The date

;

4. Be specific. Limit your submission to the issues covered

;

by your chosen topic.

;

;

;

The student must

;

n Provide a clear discussion of the chosen topic

;

n Address the topic in complete sentences

;

n Support his or her research by citing specific information

;

from the textbook, Web sites, and any other references,

;

and by using correct APA or MLA guidelines for citations

;

and references

;

n Stay focused on the chosen topic

;

n Write in his or her own words and use quotation marks

;

to indicate direct quotations

;

Written Communication

;

The student must

;

n Discuss the topic in complete paragraphs that include an

;

introductory sentence, at least four sentences of explanation,

;

and a concluding sentence

;

n Use correct grammar, spelling, punctuation, and sentence

;

structure

;

;

;

Provide clear organization (for example, uses words like

;

;

;

;

;

first, however, on the other hand, and so on, consequently,

;

;

;

;

;

;

;

since, next, and when )

;

;

;

n Make sure the paper contains no typographical errors

;

;

;

;

;

;

;

;

;

Format

;

;

;

;

;

;

;

The paper should be double-spaced and typed in font size 12.

;

;

;

It must include the student’s

;

;

;

;

;

n Name and complete mailing address

;

;

;

n Student number

;

;

;

n Course title (HIPAA Compliance)

;

;

;

n Research project number (46081100)

;

;

;

; 460810RR – IMPLEMENTING AND ENFORCING HIPAA

;

Questions 1 to 20: Select the best answer to each question. Note that a question and its answers may be split across a page

;

break, so be sure that you have seen the entire question and all the answers before choosing an answer.

;

1. Which of the following is used to code and classify morbidity data from patient medical records,

;

physician offices, and surveys conducted by the National Center for Health Statistics?

;

A. NPPES

;

B. ICD-9-CM

;

C. Claim status codes

;

D. HCPCS

;

2. You are employed by a small dentist office that has three employees. Under the Administrative

;

Simplification Compliance Act, your office is

;

A. required to file claims electronically.

;

B. excluded from the mandate to file a claim electronically.

;

C. required to append a waiver form and file all claims electronically.

;

D. required to file claims through paper submissions only.

;

3. Which of the following is the HIPAA standard code set for diseases, injuries, and other health-related

;

medical problems?

;

A. HCPCS

;

B. National Drug Codes

;

C. CDT-4

;

D. ICD-9-CM

;

4. Dr. Madison’s office calls an insurance company to determine whether they have paid for Mr. Rossi’s

;

last checkup visit. This procedure is known as a

;

A. referral authorization.

;

B. health care claim status inquiry.

;

C. functional acknowledgment.

;

D. remittance advice.

;

5. The agency of the federal government that combats fraud and abuse in health insurance and health care

;

delivery is the

;

A. Centers for Medicare and Medicaid Services (CMS).

;

B. Health Care Fraud and Abuse Program.

;

C. Department of Justice (DOJ).

;

D. Office of the Inspector General (OIG)

;

6. Which of the following is the HIPAA standard code set for dental services?

;

A. National Drug Codes

;

B. CDT-4

;

C. ICD-9-CM

;

D. Current Procedural Terminology

;

7. Which of the following advises covered entities about HIPAA compliance problems uncovered by the

;

OIG?

;

A. corporate integrity agreement.

;

B. OIG Work Plan.

;

C. Health Care Fraud and Abuse Control Program.

;

D. OIG Fraud Alert

;

8. The department of the federal government that investigates criminal violations of the HIPAA privacy

;

standards is the

;

A. Department of Justice (DOJ).

;

B. Health Care Fraud and Abuse Program.

;

C. Centers for Medicare and Medicaid Services (CMS).

;

D. Office of the Inspector General (OIG).

;

9. A written document created by a health care provider that’s designed to prevent fraud and abuse by

;

outlining the process for finding, correcting, and preventing illegal practices among their staff members is

;

called a(n)

;

A. compliance plan.

;

B. code of conduct.

;

C. audit report.

;

D. OIG Work Plan.

;

10. Which of the following are physicians, contractors, or employees who have been found guilty of fraud,

;

and are therefore prevented from participating in Medicare, Medicaid, and federal health care programs?

;

A. Excluded parties

;

B. Advisors

;

C. Relators

;

D. Self-referrers

;

11. On a HIPAA 277 transaction, a claim status code of “A” indicates that

;

A. the claim has been finalized.

;

B. an error occurred in the transmission of the claim.

;

C. a request for more information has been sent.

;

D. the claim has been received.

;

12. Under the HIPAA transaction standards, the supplemental health information that’s provided to clarify

;

and support a health care claim is called a

;

A. paper claim.

;

B. implementation guide.

;

C. claim attachment.

;

D. remittance advice remark.

;

13. There are eight mandated transactions described under the HIPAA transaction standards. The 270/271

;

transaction represents

;

A. an inquiry to an insurance company to determine is a claim has been paid.

;

B. remittance advice that explains how a payment amount was calculated.

;

C. a delivery of information to an insurance company to apply payment to an individual’s account.

;

D. an inquiry to an insurance company to check whether a patient is covered for a specific service.

;

14. Under HIPAA, the nonmedical code sets that are used to capture general information, such as state

;

abbreviations and payment explanations, are called

;

A. implementation guides.

;

B. administrative code sets.

;

C. ICD-9-CM codes.

;

D. CPT codes.

;

15. Which of the following statements about electronic medical claims is correct?

;

A. Dentists are required to submit all claims electronically.

;

B. Medicare pays electronic claims in half the time required to pay paper claims.

;

C. No covered entity is required to use electronic claims; they may continue to send paper claims indefinitely.

;

D. Electronic claims are more expensive to send than paper claims.

;

16. The annual list of the OIG’s planned projects for sampling billing in various settings (such as hospitals,

;

doctor’s offices, and long-term care facilities) to check for potential fraud is called the

;

A. OIG Work Plan.

;

B. Deficit Reduction Act.

;

C. corporate integrity agreement.

;

D. triggered review.

;

17. Which of the following is the second part of an 835 that explains how the payment was arrived at?

;

A. Functional acknowledgment

;

B. Remittance advice

;

C. Claim payment status

;

D. Claim status inquiry

;

18. The Jefferson Pediatric group sends an 837 to the Rhode Island Insurance Company. An 837 is a type

;

of HIPAA transaction that represents a

;

A. referral certification and authorization.

;

End of exam

;

B. health care payment and remittance advice.

;

C. health plan enrollment.

;

D. health care claim.

;

19. A physician’s office “upcoded” office visits to an insurance provider in order to receive a higher

;

reimbursement for patient services. Upcoding is an example of

;

A. abuse.

;

B. benchmarking.

;

C. compliance.

;

D. fraud.

;

20. The federal law that prohibits physicians from making self-interested referrals, or referrals in which

;

they have a financial interest or may receive a kickback, is called

;

A. Deficit Reduction Act (DRA).

;

B. Sarbanes-Oxley Act.

;

C. Stark II.

;

D. False Claims Act (FCA).

;

UNDERSTANDING HIPAA

;

Questions 1 to 20: Select the best answer to each question. Note that a question and its answers may be split across a page

;

break, so be sure that you have seen the entire question and all the answers before choosing an answer.

;

1. Under the HIPAA Security Standards, according to the category of _______ standards, covered entities

;

are required to create policies and procedures that concern authentication, transmission, and other issues

;

when electronic protected health information is accessed.

;

A. emergency

;

B. technical

;

C. administrative

;

D. physical

;

2. In a situation where a patient’s protected health information is required as evidence in a court of law, the

;

provider may release the information

;

A. only with the patient’s approval.

;

B. upon the request of any attorney.

;

C. only if the patient signs a release form.

;

D. without the patient’s approval upon receipt of a judicial order.

;

3. Michael has just paid for a property and casualty insurance policy for the Dalton Medical Clinic. How is

;

this type of insurance classified under HIPAA?

;

A. Property and casualty insurance policies are federally funded clearinghouses.

;

B. Property and casualty insurance polices are not classified as covered entities.

;

C. Property and casualty insurance policies are non-exempt entities.

;

D. Property and casualty insurance policies are covered entities.

;

4. A provider instructs an administrative staff member to bill a patient for a particular procedure. The

;

conversation is overheard by another patient who is sitting in the waiting room. This situation would be

;

describes as a(n)

;

A. incidental use and disclosure, which is not a violation of HIPAA rules.

;

B. illegal disclosure of protected health information.

;

C. release of information, which is a violation of HIPAA rules.

;

D. disclosure of de-identified health information.

;

5. In an electronic healthcare information system, a type of program that harms the information system,

;

and that’s often brought into the organization through e-mail attachments or Internet downloads, is called

;

A. a proxy server.

;

B. encryption.

;

C. a firewall.

;

D. malware.

;

6. In the United States, the main federal government agency that’s responsible for healthcare and that

;

administers the Medicare and Medicaid programs is

;

A. the American Health Information Management Association (AHIMA).

;

B. the Centers for Medicare and Medicaid Services (CMS).

;

C. the American Medical Association (AMA).

;

D. the Health Care Financing Administration (HCFA).

;

7. To protect electronic health information, many covered entities prevent employees from accessing the

;

information unless they have a certain job title or job function. This type of technical security safeguard is

;

called

;

A. a firewall.

;

B. antivirus software.

;

C. encryption.

;

D. role-based authorization.

;

8. A pathology laboratory is contracted with Winchester Hospital to review the hospital’s biopsy specimens.

;

Under HIPAA, the laboratory would be classified as a(n)

;

A. business associate.

;

B. direct provider.

;

C. clearinghouse.

;

D. indirect provider.

;

9. A hospital’s security system requires an individual’s unique fingerprint, voice pattern, facial pattern, or

;

eye/iris pattern to access protected health information. These unique methods of individual identification

;

are known as

;

A. biometrics.

;

B. backup procedures.

;

C. audit controls.

;

D. digital certificates.

;

10. According to the HIPAA Security Standards for electronic protected health information, issues such as

;

workstation security, facility access controls, and device controls are covered under _______ standards.

;

A. physical

;

B. technical

;

C. administrative

;

D. organizational

;

11. To protect electronic health information, the information may be transformed into an unreadable format

;

before it’s distributed to anyone. This type of security safeguard is called

;

A. antivirus software.

;

B. encryption.

;

C. a firewall.

;

D. password protection.

;

12. Which of the following statements about the HIPAA Privacy Rules is correct?

;

A. It’s a HIPAA violation if a provider’s name appears on a patient’s telephone caller ID.

;

B. There are no restrictions on the use or disclosure of de-identified health information.

;

C. Providers are required to provide the Notice of Privacy Practices to patients receiving emergency treatment.

;

D. It’s a HIPAA violation to have a patient sign-in sheet at a facility’s front desk.

;

13. Which of the following is the computer-to-computer transfer of routine business information that has

;

helped healthcare businesses to greatly simplify their administrative practices?

;

A. Treatment, Payment, and Health Care Operations (TPO)

;

B. Electronic data interchange (EDI)

;

C. Notice of Privacy Practices (NPP)

;

D. Group health plans (GHP)

;

14. Having a backup procedure for the computer systems in a health clinic is an example of satisfying

;

A. a technical security standard.

;

B. an implementation specification.

;

C. a physical security standard.

;

D. an administrative security standard.

;

15. Any direct personal contact between a patient and a health care provider in any place of service for the

;

diagnosis and treatment of an illness or injury is called a(n)

;

A. complaint.

;

B. encounter.

;

C. authorization.

;

D. liability.

;

16. Which of the following organizations creates and promotes standards for the transfer of data to and

;

from the pharmacy services sector of the health care industry?

;

A. The National Committee on Vital and Health Statistics (NCVHS)

;

B. The Strategic National Implementation Process (SNIP)

;

C. The National Drug Code (NDC)

;

D. The National Council for Prescription Drug Programs (NCPDP)

;

17. Rachel receives health insurance through her job as a privacy officer at the MEA clinic. She has just

;

resigned from her job, but the office manager tells her that she’ll be allowed to continue her health coverage

;

under the employer’s plan for a limited time period, at a cost of $395.00 per month. Which of the following

;

acts allows Rachel to continue her health care coverage with her former employer?

;

A. FEHB

;

B. ERISA

;

End of exam

;

C. IHP

;

D. COBRA

;

18. The Blue Ridge Surgery Group has developed a new Web site that describes its services and benefits.

;

According to HIPAA rules, which of the following must be included on the organization’s Web site?

;

A. A complete description of all procedures provided

;

B. A list of the types of insurance they accept

;

C. A Notice of Privacy Practices

;

D. A listing of all physicians on staff and their professional credentials

;

19. Frequently, electronic health information must be transferred from one user to another over the Internet

;

or through a computer network. To ensure that the remote user is authorized to receive the data, an

;

electronic authorization called a(n) _______ can be issued to the remote users by a covered entity.

;

A. emergency access procedure

;

B. digital certificate

;

C. contingency

;

D. computer administrator

;

20. HIPAA refers to any item, collection, or grouping of individually identifiable protected health

;

information as a

;

A. notice of privacy practices.

;

B. billing record.

;

C. designated record set.

;

D. health plan identifier.

;

;

;