Drs Connection

COMPLIANCE TRAINING


Doctors Connection is committed to complying with all applicable all Federal (HIPAA and OSHA), State, and local laws, and "safe harbor" regulations. We require all contractors to adhere to the same laws. Please review the following pages and initial each section and sign at the bottom confirming your understanding of all information contained.

All compliance videos can be found here: https://oig.hhs.gov/newsroom/video/2011/heat_modules.asp

Compliance PDF’s can be found here:

https://oig.hhs.gov/compliance/provider-compliance-training/index.asp#webcast

The Anti-Kickback Statute: Avoiding Compliance Pitfalls

What is the Anti-Kickback Statute?

In the context of federal-payor reimbursement, the federal Anti-Kickback Statute prohibits remuneration “directly or indirectly, overtly or covertly, in cash or kind to any person to induce such person to refer an individual.” The statute imposes stiff penalties for violations which are considered felonies. This is an intent- based criminal statute, which is broadly worded and has been interpreted to include any arrangement, one purpose of which is to induce referrals. The Anti-Kickback Statute can also be enforced through non-criminal, administrative actions. See 42 U.S.C. §1320a-7b(b).

Consequences of Anti-Kickback violations:

  • Exclusion from federal healthcare programs;
  • Criminal penalties of up to $25,000 in fines or up to 5 years in jail (or both); $50,000 civil monetary penalty for each violation.

Note that parties on both sides of an impermissible “kickback” transaction may be found criminally liable.

Below is an example of an Anti-Kickback violation as identified by the Office of Inspector General.

July 2, 2007 - Advanced Neuromodulation Systems, Inc. (“ANS”) of Texas agreed to pay $2.95M for allegedly violating the Civil Monetary Penalties Law. The OIG alleged that ANS offered and paid remuneration to potential and existing referral sources in exchange for referrals to ANS for the purchasing, leasing, ordering, arranging for, or furnishing of medical devices that were manufactured by ANS that were payable to a federal health care program. Other ANS practices that raised kickback concerns included free dinners, gifts and expenses paid to physicians under consulting agreements.

Other arrangements that could potentially generate prohibited remuneration under the Anti-Kickback Statute include:

  • Paying a healthcare provider a per patient amount for the physicians’ services in collecting blood;
  • Waivers of co-payments and deductible amounts;
  • Transfers of items or services for free or for other than fair market value;
  • Payments for blood drawing services that exceed Medicare reimbursement;
  • Gifts of trips, event tickets, rounds of golf, equipment, meals, advertising expenses.

An excellent online resource that discusses this law can be found at: http://oig.hhs.gov/fraud/PhysicianEducation/.

I have reviewed the above information, understand its contents and agree to fully and completely adhere to all federal and state fraud and abuse laws.  I have watched and listened to the OIG’s Compliance Training Video, “Federal Anti-kickback Statute (4.45 min),” found at:  https://youtu.be/a4KhqqeAaUg  

 

Stark Law: Avoiding Compliance Pitfalls

What is the Stark Law also referred to as the “Physician Self-Referral Law?

It is a highly technical statute. Even Peter Stark, the statute’s Congressional namesake, has expressed regrets that it passed!

The physician referral law prohibits a physician from referring patients to an entity for a Designated Health Service (DHS), if the physician or a member of his or her immediate family1 has a financial relationship with the entity, unless an exception applies. The law also prohibits an entity from presenting a claim to Medicare or to any person or other entity for DHS provided under a prohibited referral. No Medicare payment may be made for DHS rendered as a result of a prohibited referral, and an entity must timely refund any amounts collected for DHS performed under a prohibited referral.

Stark is a strict liability statute. Innocent violations are still violations and intent does not need to be shown. Even if you have the most innocent intentions, you are still subject to the grossest of penalties, as if you meant to violate the law.

How Can You Navigate the Stark Law Minefield?

In any Stark analysis there are three (3) key questions:

  • Are the patients covered by Medicare or Medicaid?
  • Are the services considered Designated Health Services (i.e. clinical laboratory services)?
  • Does the physician or his/her immediate family member have a financial relationship with the entity2 to which there is a referral? [i.e. either compensation or investment]

If the answer is “yes” to all three questions, there is a Stark Law issue.

142 CFR §411.351 defines immediate family member as “husband or wife; birth or adoptive parent, child or sibling; stepparent, stepchild, stepbrother, or stepsister; father-in-law, mother-in-law, son-in-law, daughter-in-law, brother-in-law, sister-in-law; grandparent or grandchild; and spouse of a grandparent or grandchild”.

2One exception to the referral prohibition is an investment interest in a publicly traded company or investment in a corporation that has stockholder equity exceeding $75M. See 42 CFR §411.356.

The Stark Law carries draconian penalties that are often grossly disproportionate to any harm. Possible consequences of Stark Law violations:

  • An entity may be prohibited from presenting claims to Medicare;
  • An entity may be required to refund all collected amounts to Medicare;
  • Civil Monetary Penalties of $15,000 per claim;
  • Civil Monetary Penalties of $100,000 for schemes to circumvent the law; and/or
  • An entity may be excluded from all federal health care programs.

The goal is to avoid technical violations of the Stark law in the first place. We want to protect you, the company and our clients. Work with legal counsel on Stark law analyses if there are questions.

Please review the Stark Law PDF found at:

https://oig.hhs.gov/compliance/provider-compliance-training/files/PhysicianSelfReferralHandout508.pdf

I have reviewed the above information, understand its contents and agree to fully and completely adhere to all federal and state fraud and abuse laws. I have also watched and listened to the OIG’s Compliance Training Video, “Physician Self-Referral Law (4.19 min),” found at:  https://youtu.be/hmWG4o5zrvQ

 

 

HIPAA Compliance Rules & Laws

JSH Enterprises is committed to making sure all contractors are familiar with HIPPA guidelines when working with clinics.

HIPAA, which stands for the American Health Insurance Portability and Accountability Act of 1996, is a set of rules to be followed by doctors, hospitals and other health care providers. HIPAA helps ensure that all medical records, medical billing, and patient accounts meet certain consistent standards with regard to documentation, handling and privacy.

Any healthcare provider that electronically stores, processes or transmits medical records, medical claims, remittances, or certifications must comply with HIPAA regulations. HIPAA does not require a practice to purchase a computer-based system as it applies only to electronic medical transactions.

HIPAA requires that all patients be able access their own medical records, correct errors or omissions, and be informed how personal information is shared used. Other provisions involve notification of privacy procedures to the patient. HIPAA provisions that have led in many cases to extensive overhauling with regard to medical records and billing systems.

HIPAA Laws and Regulations are divided into five Rules:

Privacy Rule 

The HIPAA Privacy Rule is located at 45 CFR Part 160 and Part 164. The Privacy Rule establishes national standards to protect individual’s medical records and other personal health information. The Privacy Rule applies to health plans, health care clearinghouses, and health care providers that conduct health care transactions electronically.

The HIPAA Privacy Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization.

The Privacy Rule also gives patients’ rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.

The following HIPAA forms are associated with the Privacy Rule:

  • Notice of Privacy Practices (NPP) Form
  • Request for Access to Protected Health Information (PHI) Form
  • Request for Restriction of Patient Health Care Information Form
  • Request for Accounting Disclosures Form
  • Authorization for Use or Disclosure Form
  • Privacy Complaint Form

Security Rule

The HIPAA Security Rule addresses the privacy protection of electronic protected health information (PHI). Similar to the Privacy Rule, the Security Rule also deals with identifiable health information as defined by 18 HIPAA identifiers. The Security Rule defines standards, procedures and methods for protecting electronic PHI with attention to how PHI is stored, accessed, transmitted, and audited.

The HIPPA Security Rule addresses three aspects of security:

  • Administrative Safeguards - Assignment of a HIPPA security compliance team.
  • Physical Safeguards - Protection of electronic systems, equipment and data.
  • Technical Safeguards - Authentication & encryption used to control data access.

Covered entities need to perform a Risk Analysis and utilize Risk Management methodologies so vulnerabilities and possible risks can be reduced. Organizations should assign a security analyst or officer who is responsible or maintaining and enforcing the HIPAA standards within the organization.

Hardware, Software and Transmission Security
Organizations should have a hardware firewall in place. Transmission of personal information should be encrypted and comply with HIPAA rulings. Operating Systems should be hardened and up to date. Policies should cover the updating of hardware, firmware, operating systems and applications.

Transactions Rule

Per HIPAA regulations, a Code Set is any set of codes used for encoding data elements, such as medical terms, medical concepts, medical diagnosis codes, and medical procedure codes. Code sets for medical data are required for administrative transactions under HIPAA for diagnoses, procedures, and drugs.

Medical data code sets used in the health care industry under HIPAA include coding systems for health-related problems and their manifestations; causes of injury, disease or impairment; actions taken to prevent, diagnose, treat, or manage diseases, injuries, and impairments; and any substances, equipment, supplies, or other items used to perform these actions.

Specifically, the following code sets are used in HIPAA transactions:

ICD-9-CM codes
ICD-10-CM codes
HCPCS Codes
CPT-3 Codes
CPT-4 Codes
NDC codes

Identifiers Rule

As part of the HIPAA Administrative Simplification regulation, there are currently three unique identifiers used for covered entities in HIPAA administrative and financial transactions. The use of these unique identifiers will promote standardization, efficiency and consistency.

The unique identifiers under HIPAA regulations are:

Standard Unique Employer Identifier-The same as the Employer Identification Number (EIN) used on an organization's federal IRS Form W-2. This identifies an employer entity in HIPAA transactions.

National Provider Identifier (NPI)-NPI is a unique 10-digit number used for covered health-care providers in all HIPAA administrative and financial transactions.

National Health Plan Identifier (NHI)-The NHI is a Centers for Medicare & Medicaid Services (CMS) proposed identifier to identify health plans and payers.

Enforcement Rule

The HIPAA Enforcement Rule stems directly from the ARRA HITECH Act provisions that distinguishes between violations occurring before, and on or after the compliance date of Feb. 18, 2014 "with respect to the potential amount of civil money penalty and the affirmative defense available to covered entities," according to the rule.

ARRA describes "improvements" to existing HIPAA law, covered entities, business associates and others will be subject to more rigorous standards when it comes to protected health information (PHI) The HITECH Act expands the scope of the HIPAA Privacy and Security Rules and increases the penalties for HIPAA violations.

Specifically, the HITECH Act addresses five main areas of the HIPAA regulations:

  • Applies the same HIPAA privacy and security requirements (and penalties) for covered entities to business associates
  • Establishes mandatory federal privacy and security breach reporting requirements for HIPAA covered entities and business associates
  • Creates new privacy requirements for HIPAA covered entities and business associates, including new accounting disclosure requirements and restrictions on sales and marketing
  • Establishes new criminal and civil penalties for HIPAA non-compliance and new enforcement methods
  • Mandates that the new security requirements must be incorporated into all Business Associate contracts

HITECH Act

The American Recovery and Reinvestment Act of 2014 includes the Health Information Technology for Economic and Clinical Health (HITECH) Act.

The HITECH Act provides Medicare and Medicaid monetary incentives for hospitals and physicians to adopt electronic health records (EHRs) and also provides grants for the development of a health information exchange (HIE). These incentives and grants were created to stimulate health care providers to adopt technology necessary to improve the efficiency of patient healthcare.

HITECH Act provides over $30 billion for healthcare infrastructure and the adoption of electronic health records (EHR). According to the Act, physicians are eligible to receive up to $44,000 per physician from Medicare for "meaningful use" of a certified EHR system starting in 2014.

ARRA describes "improvements" to existing HIPAA law, covered entities, business associates and others will be subject to more rigorous standards when it comes to protected health information (PHI) The HITECH Act expands the scope of the HIPAA Privacy and Security Rules and increases the penalties for HIPAA violations.

Specifically, the HITECH Act addresses five main areas of the HIPAA regulations:

  • Applies the same HIPAA privacy and security requirements (and penalties) for covered entities to business associates
  • Establishes mandatory federal privacy and security breach reporting requirements for HIPAA covered entities and business associates
  • Creates new privacy requirements for HIPAA covered entities and business associates, including new accounting disclosure requirements and restrictions on sales and marketing
  • Establishes new criminal and civil penalties for HIPAA non-compliance and new enforcement methods
  • Mandates that the new security requirements must be incorporated into all Business Associate contracts

I have reviewed the above information about HIPAA, understand its contents and agree to fully and completely adhere to all federal and state fraud and abuse laws.

 

 

False Claims Act (FAC)

The False Claims Act, or "FCA," provides a way for the government to recover money when someone submits or causes to be submitted false or fraudulent claims for payment to the government, including the Medicare and Medicaid programs.

Examples of health care claims that may be false include claims where the service is not actually rendered to the patient, is provided but is already provided under another claim, is upcoded, or is not supported by the patient's medical record.

Claims also may be false if they result from referrals made in violation of the Federal Anti-kickback statute or the Stark law.

I have reviewed the above information, understand its contents and agree to fully and completely adhere to all federal and state fraud and abuse laws. I have also watched and listened to the OIG’s Compliance Training Video, “OIG Reviews the False Claims Act (4 min) found at: https://youtu.be/BbZ78QTLztQ

 

 

Medicare Fraud & Abuse

What is Medicare fraud?

It is fraud when Medicare is billed for services or supplies you never receive. Medicare loses billions of dollars to fraudulent claims every year. Fraud is different from abuse. Abuse happens when doctors or suppliers don't follow good medical practices, which leads to unnecessary costs to Medicare, improper payment, or services that aren't medically necessary.

A complaint about the quality of care you got from a doctor, hospital, or other provider or facility isn't considered fraud or abuse. Your Beneficiary and Family Centered Care Quality Improvement Organization (BFCC-QIO) can help you if you have a complaint about your quality of care.

What are some examples of Medicare fraud?

  • A healthcare provider bills Medicare for services you never received.
  • A supplier bills Medicare for equipment you never got.
  • Someone uses your Medicare card to get medical care, supplies, or equipment.
  • A company offers a Medicare drug plan that has not been approved by Medicare.
  • A company uses false information to mislead you into joining a Medicare plan.

Why is it important to stop Medicare fraud?

Medicare fraud results in higher health care costs for everyone. Eliminating fraud cuts costs for families, businesses, and the federal government. It also increases the quality of services for those who need care.

What can we do to stop Medicare fraud?

Stopping fraud requires cooperation from everybody—the federal government, state governments, health care providers, insurers, law enforcement, and citizens like you. Currently, four key programs are support the effort to crack down on Medicare fraud:  

  • The Affordable Care Act-The Act, also known as the health care reform law, includes powerful steps toward fight health care fraud, waste, and abuse. Through its programs, the government has recovered more than $10 billion in the last three years.
  • Health Care Fraud Prevention and Enforcement Action Team (HEAT)-This joint effort between the Department of Health and Human Services and Department of Justice brings together senior officials to lead Medicare Strike Force teams that raise the fight against fraud to a new level.
  • Senior Medicare Patrols-The administration has added new funding for Senior Medicare Patrols. These groups of senior citizen volunteers educate their peers to identify, prevent, and report health care fraud. 
  • Public-Private Partnership to Prevent Health Care Fraud-This ground-breaking partnership unites public and private organizations in the fight against health care fraud. The voluntary, collaborative partnership includes the federal government, state officials, several leading private health insurance organizations, and other anti-fraud groups.

What successes have the anti-fraud efforts had so far?

The government recovered a historic $4.1 billion in 2011, resulting in more than $10 billion recovered since 2008.

In its first year of implementation, the Centers for Medicare and Medicaid’s Fraud Prevention System:

  • Generated leads for 538 new fraud investigations
  • Provided new information for 511 existing investigations
  • Triggered 617 provider interviews and 1,642 beneficiary interviews
  • In October 2012, Medicare Strike Force operations in seven cities led to charges against 91 individuals—including doctors, nurses, and other licensed medical professionals—for their alleged participation in Medicare fraud schemes involving approximately $432 million in false billing.

I have reviewed the above information regarding Medicare fraud & abuse, understand its contents and agree to fully and completely adhere to all federal and state fraud and abuse laws.

 

 

Safe Harbor Act: Law and Ethics in Clinical Practice

The "safe harbor" regulations describe various payment and business practices that, although they potentially implicate the Federal anti-kickback statute, are not treated as offenses under the statute.

Safe harbors immunize certain payment and business practices that are implicated by the anti-kickback statute from criminal and civil prosecution under the statute. To be protected by a safe harbor, an arrangement must fit squarely in the safe harbor. Failure to comply with a safe harbor provision does not mean that an arrangement is per se illegal. Compliance with safe harbors is voluntary, and arrangements that do not comply with a safe harbor must be analyzed on a case-by-case basis for compliance with the anti-kickback statute. Parties who are uncertain whether their arrangements qualify for safe harbor protection may request an advisory opinion.

 I have reviewed the above information on rules for Safe Harbor Act: Law & Ethics , understand its contents and agree to fully and completely adhere to all federal and state fraud and abuse laws.

 

I have reviewed the OIG’s fact sheet about Safe Harbor Act: Law & Ethics found at:

http://oig.hhs.gov/fraud/docs/safeharborregulations/safefs.htm

 

I have reviewed the compliance training contained in this agreement and confirm my understanding of the topics covered topics as it pertains to medical practices at a federal level and it is my responsibility to comply with these rules.

 

Leave this empty:

Signature arrow


Signature Certificate
Document name: COMPLIANCE TRAINING
lock iconUnique Document ID: 9e964969202edb82f527b84829cf7ca9fe7a61ec
Timestamp Audit
May 6, 2021 4:29 pm EDTCOMPLIANCE TRAINING Uploaded by Doctors Connection - support@drsconnection.com IP 99.20.95.30