Lesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA)

Transcription

1 Lesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA)

2 Introduction: Welcome to Honesty and Confidentiality Lesson Three: The False Claims Act is an important part of BAYADA s commitment to honesty. The Health Insurance Portability and Accountability Act, also known as (HIPAA), is what guides BAYADA s commitment to confidentiality. In this lesson we ll continue to focus on the laws that govern our work and our responsibilities as BAYADA employees. Our Objectives: At the end of this lesson you will be able to: Recognize the laws, regulations, standards, and policies that govern our work at BAYADA. Act in accordance with the False Claims Act and the Health Insurance Portability and Accountability Act We ll begin with the False Claims Act, our commitment to honesty. Created by LCD 2 BAYADA Home Health Care, 2017

3 The Federal False Claims Act: The Federal False Claims Act (31 USC ) helps the federal government combat fraud and recover losses resulting from fraud in federal programs, such as Medicare and Medicaid. What does it mean?: A person or entity violates the False Claims Act by knowingly: Submitting a false claim for payment Making or using a false record or statement to obtain payment for a false claim Conspiring to make a false claim or get one paid Making or using a false record to avoid payments owed to the government Concealing or improperly avoiding an obligation to pay the government Documenting and billing for visits not performed Documenting longer visit times than actually performed Continued Created by LCD 3 BAYADA Home Health Care, 2017

4 Knowingly means a person either has actual knowledge that the information is false, acts in deliberate ignorance of the truth or falsity of the information, or acts in reckless disregard of the truth or falsity of the information. Examples of Potential False Claims: Examples of potential false claims include: Billing for goods and services that were never delivered or rendered Performing inappropriate or unnecessary medical procedures to increase Medicare reimbursement Billing for work or tests not performed Double billing or charging more than once for the same goods or services Billing to increase revenue instead of billing to reflect actual work performed Forging physician signatures when required for reimbursement from Medicare or Medicaid Created by LCD 4 BAYADA Home Health Care, 2017

5 BAYADA s Non-Retaliation Policy: BAYADA promotes an environment that encourages all of us to seek clarification of issues and report questions and concerns. It is our duty and responsibility to report possible violations of our standards, guidelines, or policies. You will be protected from retaliation if you make a good-faith report, complaint, or inquiry. Do the Right Thing: Let s apply what we ve learned so far to a scenario. Mary is a billing clerk who has fallen behind with posting charges into the billing system. She doesn t want to work late so she rushes through her work to catch up. She knows she may have made some errors like listing inaccurate codes, but she turns a blind eye to them. Is this a problem? Yes Correct. Mary has violated policy, as well as the federal law. Mary has opened herself individually to prosecution for submitting a false claim. In addition, she has exposed BAYADA to criminal liability under the False Claims Act. No Oops, that is incorrect. Mary has violated policy, as well as the federal law. Mary has opened herself individually to prosecution for submitting a false claim. In addition, she has exposed BAYADA to criminal liability under the False Claims Act. Created by LCD 5 BAYADA Home Health Care, 2017

6 Next, we ll review the Health Insurance Portability and Accountability Act (HIPAA), and BAYADA s commitment to confidentiality. The Health Insurance Portability and Accountability Act (HIPAA) is federal legislation that includes rules to protect the privacy and confidentiality of client information. The medical condition and care-related information, specific to a client, is Protected Health Information or PHI. This includes all information about a client, whether written on paper, saved on a computer, or spoken aloud. The suite of HIPAA regulations include the Privacy Rule, which protects all forms of PHI; the Security Rule, which sets standards for the security of electronic PHI (ephi); and the Breach Notification Rule, which requires notification of a breach of PHI. A breach is an unauthorized disclosure of PHI. Client Protected Health Information (PHI) includes, but is not limited to: Client name Address Names of relatives Birth date address Photographs that identify a client or relative Everyone at BAYADA has a role to play in the privacy and security of PHI and confidential information - it is truly a shared responsibility. We all have health information and want it to be secure and private; RESPECT our client information as if it were YOUR OWN! Created by LCD 6 BAYADA Home Health Care, 2017

7 Privacy Rule: Communicate privately Protect client and confidential documents Communicate Privately: Office and Field Access and use only information that is necessary for your authorized job responsibilities. Do not share any client PHI or confidential information with anyone, in person or on the telephone, who does not need to know, including coworkers or personal acquaintances not involved in the client s care or treatment. Discussions about a client s PHI should be conducted as discreetly and privately as possible; use a soft voice and use minimal PHI during the conversation. De-identify the client. When appropriate, move to a private area, away from other people. How to de-identify: Use first name only. Use last initial only if needed to distinguish clients with common name. Created by LCD 7 BAYADA Home Health Care, 2017

8 Data Protection: Keep all client records secure and private at all times. When documents are on your desk or when transporting records, keep them in a place where others cannot see. It s important to note that there may be slight differences between how client Protected Health Information (PHI) is handled in an office versus the field. Office: Turn documents face down, place them in a drawer, or use a folder. When finished with client information, place in secured locked cabinets. Office: Always dispose of documents containing client PHI using a shredder or secure disposal vendor. Office/Field: Do not keep client records at home unless they are required for your job. Office/Field: Return ALL client records to the office when complete and no longer needed, including, but not limited to, all Activity Records, Nurse s Notes, or Therapy Notes for filing or proper disposal. Retaining client records for personal reasons is PROHIBITED. Created by LCD 8 BAYADA Home Health Care, 2017

9 Do the Right Thing Scenario: Read the statement in the scenario and choose the most correct answer. If a client s friend or neighbor calls an office or the client s home to ask a field employee about a clients health status or treatment: 1. It s okay to share with client verbal authorization. 2. It s okay to share as long as I don t give a diagnosis. 3. It s never okay to share. *Option 1 is the correct answer. Sharing any client Protected Health Information (PHI) with a friend, neighbor, or relative requires written or verbal authorization from the client or their power of attorney. Secure Computing: Communicating securely includes all forms of communication: , text, fax, telephone, photos, social media, and the internet. Created by LCD 9 BAYADA Home Health Care, 2017

10 Office employees may ONLY use BAYADA-provided accounts. Never send client Protected Health Information (PHI) to non-bayada accounts such as Gmail, Yahoo Mail, or Hotmail. If use of a personal service cannot be avoided: Office/Field: Use minimal information required; for example, de-identify the client by removing client Protected Health Information (PHI) or using first name only and last initial, if necessary. Office: We do not recommend that client records containing client Protected Health Information (PHI) be ed to field employees. If necessary, be sure to redact all client PHI (for example, name, address, and phone number) Office: When using your BAYADA account to send client Protected Health Information (PHI) to a non- BAYADA address, secure the by adding the word bayadasecure to the end of the subject line (this will encrypt the using our Zix platform). Once the recipient receives their first via Zix and follows the instructions, the recipient can respond and send future messages securely to BAYADA. Field: Do NOT print s or documents, unless necessary, that contain client Protected Health Information (PHI). If printing is necessary, leave any printed s or documents in the client s home or return to the office for proper disposal. Field: If you receive an from BAYADA s secure service (Zix), follow the instructions. This will register you to be able to receive the message. This will also provide the ability for you to send and receive future messages with BAYADA securely. Created by LCD 10 BAYADA Home Health Care, 2017

11 Text, Fax, and Telephone: Never communicate client Protected Health Information (PHI) via text message. Texting is not secure and not compliant with HIPAA standards, if sending client PHI that is not de-identified. When sending a fax, always use a cover sheet so information is covered at the receiving end. Be sure to verify the fax number before sending. NOTE: Office employees must use a BAYADA cover sheet with office information and BAYADA s confidentiality notice. Do not discuss client PHI with an unknown caller. If you do not recognize the caller, ask for identifying information or return the call to a number on file. Do not leave a voic or answering machine message that contains any client Protected Health Information (PHI) unless you have permission from the client. You cannot be sure who may listen to the message. Photos: Never take personal photos of a client, client s home, family, or friends with a mobile phone or camera. Only photos for medical purposes, at the request of a supervisor or physician, are permitted. To take authorized photos for care purposes: Use a secure BAYADA device if available If a personal device must be used, the photo should not show a client s face and the client s name should not be used when transmitting the photo. Use of a personal device to take photos of clinical records or timesheets that are not de-identified is NOT permitted. Created by LCD 11 BAYADA Home Health Care, 2017

12 Social Media and The Internet: When using social media, please ensure you do not share any client Protected Health Information (PHI) for example Facebook, Twitter, or LinkedIn. Forming personal relationships or conducting business through social media between clients or clients representatives when they are receiving care from BAYADA is NOT permitted per policy. When using a BAYADA computer or device remember: o Be cautious when using social media, , and surfing the internet. Do not open attachments, click links, or provide information to unknown sources. o It is critical to report any suspicious that you may have opened and accidentally clicked on a link or opened an attachment. o Field employees should immediately report any concerns to their supervisor. Office employees should immediately report any concerns to the IS office ( ). Do the Right Thing Scenario: In this scenario, one of your clients sends you a friend request on social media. Do you accept? 1. Yes 2. No Yes - INCORRECT! Forming personal relationships or conducting business through social media between clients or clients representatives when they are receiving care from BAYADA is NOT permitted per policy. No - CORRECT! Forming personal relationships or conducting business through social media between clients or client's representatives when they are receiving care from BAYADA is NOT permitted per policy. Created by LCD 12 BAYADA Home Health Care, 2017

13 Secure Use and Access of BAYADA Devices and Applications: Now that we ve covered communicating securely, let s move on to safeguarding your devices and storing information. Secure Your Devices: Position device screens, copiers, and fax machines in a position or place where information cannot be viewed by unauthorized individuals. Always lock or log off of your computer when you are away from your desk and at the end of the day. A best practice is to use Window-L to quickly hide/lock your screen. Always keep laptop/mobile/portable device physically secure to prevent theft and unauthorized access. All BAYADA-issued computers and devices MUST be returned to a BAYADA office for proper disposal. Created by LCD 13 BAYADA Home Health Care, 2017

14 Protect Your Password: Do not share your username and password with anyone. Keep your password private at all times. If you suspect your password has been compromised, immediately change your password and report the incident. For assistance with changing your password, please contact the IS Office ( ). It is critical to report a compromised password. Field employees should immediately report any concerns to their supervisor. Office employees should immediately report any concerns to the IS office ( ). Use BAYADA Provided Storage Only: Do not store client Protected Health Information (PHI) on personal equipment or in personal accounts. For example, do not store on personal laptop, mobile telephone, Google drive, Dropbox, portable media (USB drive) or cloud storage. Created by LCD 14 BAYADA Home Health Care, 2017

15 Great job! Reporting a Suspected Breach: A breach is an unauthorized use, disclosure, or loss of client Protected Health Information (PHI), even if it is inadvertent or unintentional. Created by LCD 15 BAYADA Home Health Care, 2017

16 Examples of Breaches: Examples of potential breaches include but are not limited to: Discussing or sharing a client s Protected Health Information (PHI) with someone not authorized Lost or stolen documents, computers, or devices that contain client Protected Health Information Improper disposal of documents, computers, or devices that contain client Protected Health Information (PHI) Posting client information on social media, such as Facebook, Twitter, or Instagram, even if removed right away Unauthorized access to documents, computers, or devices that contain client Protected Health Information (PHI) Sending client Protected Health Information via or text that has not been de-identified Leaving a message that contains client Protected Health Information (PHI) that is not authorized An or fax that contains client Protected Health Information (PHI) sent to the wrong address or telephone number Created by LCD 16 BAYADA Home Health Care, 2017

17 Report a Suspected Breach: Field employees should report a suspected breach immediately to their supervisor or via the BAYADA Hotline ( ). Office employees should follow BAYADA s incident reporting process. For serious incidents where a supervisor cannot be reached or an incident report cannot immediately be filed and help or support is needed, call Legal Services (LS) between 8:30 am and 7:30 pm EST Monday through Friday at or after hours and weekends at Do the Right Thing Scenario: Read the statement in the scenario and choose the most correct answer. I routinely store extra copies of my client s records at home. As long as I keep them in a locked file drawer, this is not a breach of HIPAA. 1. True 2. False *False. Return ALL client records to the office when complete and no longer needed including but not limited to all Activity Records, Nurse s Notes, or Therapy Notes to the office for filing or shredding. Do not keep client records at home unless they are required for your job. Retaining client records for personal reasons is PROHIBITED. Created by LCD 17 BAYADA Home Health Care, 2017

18 Do the Right Thing! While BAYADA does its part to safeguard information, privacy and security of client Protected Health Information (PHI) starts and ends with YOU! Understand and comply with BAYADA IT policies and best practices. Stay informed, read BAYADA IT Security Bulletin articles. Report any suspected breach. Always ask when you are not sure. Congratulations, you are ready to move on to Honesty and Confidentiality Lesson Four! Congratulations: Congratulations, you are ready to move on to Honesty and Confidentiality Lesson Four! Created by LCD 18 BAYADA Home Health Care, 2017