HCCA CHC Exam Prep With All Correct Answers Graded A+
Stark or Physician Self-Referral LawAnswerThe Omnibus Budget Reconciliation Act bans physicians from
referring patients to receive "designated health services" to any entity with which the physician has a
financial relationship. Designated health services include lab testing, imaging services, physical or
occupational therapy, etc. (civil only, medicare/medicaid only, strict liability)
Anti-Kickback Statute (AKS)AnswerProhibits the solicitation, receiving, offering, or paying any
remuneration directly or indirectly in cash or in kind in exchange. Essentially it prohibits the exchange of
anything of value in exchange for or in an effort to gain the referral of business reimbursable by federal
healthcare programs. (intent, any federal program, civil or criminal)
Physician Payments Sunshine Act (PPSA)AnswerRequires that detailed information about payments or
other "transfers of value" worth over $10 from manufacturers of drugs, medical devices and biologics to
physicians and teaching hospitals be made available to the public. (Open payment data).
Deficit Reduction ActAnswerA Federal law that grants states the ability to modify their Medicaid
programs. This allows individual states to reform their Medicaid programs to fit with the present health
care environment while maintaining federal guidelines.
False Claims ActAnswerOriginally adopted byt U.S. Congress to discourage suppliers from overcharging
the government, it is now legislation that prohibits anyone from knowingly submitting or causing to be
submitted a false or fraudulent claim. DOJ.
Qui Tam ActionAnswerAllows persons and entities with evidence of fraud against federal programs or
contracts to sue the wrongdoer on behalf of the United States Government - based upon private
information.
7 Elements of an Effective Compliance ProgramAnswer1. Policies and Procedures
2. Compliance Oversight
3. Effective Lines of Communication
4. Training / Education
5. Internal Monitoring and Auditing
, 6. Enforcing standards through consistent disciplinary guidelines
7. Responding timely to detracted offenses.
HIPAA Privacy RuleAnswerA covered entity may not use of disclose protected health information except
for when it is required or permitted.
HIPAA Security RuleAnswerEssentially outlines how to protect PHI in an electronic form (only applies to
ePHI). 3 main safeguards: administrative, technical, and physical.
Reportable BreachAnswer1. breach of privacy rule
2. unsecured PHI
3. more than "low probability of compromise"
Breach NotificationAnswer1. Notify individual in writing
-if less than 10 are undeliverable, alternate notification method (like email) may be use
-if more than 10 are undeliverable, must post contact info to web page.
2. Must notify OCR within 60 days of the end of the calendar year
-if it involves 500+ people, must notify OCR immediately
3. Org. must notify media if 501+ individuals in same jurisdiction/state are involved in breach.
Patient Rights Under HIPAAAnswero Request for restriction of PHI Use - as long as it is reasonable i.e.
can restrict that information is not given to insurance company, given that the pt. requests in writing,
self-pays, and the info would be typically given to the insurance company.
o Request for confidential communication (i.e. no voicemails)
o Request Access/Copy of medical record
o Request for Medical Record amendment
o Request to review accounting of disclosures
o Right to receive notification of Breach
Stark or Physician Self-Referral LawAnswerThe Omnibus Budget Reconciliation Act bans physicians from
referring patients to receive "designated health services" to any entity with which the physician has a
financial relationship. Designated health services include lab testing, imaging services, physical or
occupational therapy, etc. (civil only, medicare/medicaid only, strict liability)
Anti-Kickback Statute (AKS)AnswerProhibits the solicitation, receiving, offering, or paying any
remuneration directly or indirectly in cash or in kind in exchange. Essentially it prohibits the exchange of
anything of value in exchange for or in an effort to gain the referral of business reimbursable by federal
healthcare programs. (intent, any federal program, civil or criminal)
Physician Payments Sunshine Act (PPSA)AnswerRequires that detailed information about payments or
other "transfers of value" worth over $10 from manufacturers of drugs, medical devices and biologics to
physicians and teaching hospitals be made available to the public. (Open payment data).
Deficit Reduction ActAnswerA Federal law that grants states the ability to modify their Medicaid
programs. This allows individual states to reform their Medicaid programs to fit with the present health
care environment while maintaining federal guidelines.
False Claims ActAnswerOriginally adopted byt U.S. Congress to discourage suppliers from overcharging
the government, it is now legislation that prohibits anyone from knowingly submitting or causing to be
submitted a false or fraudulent claim. DOJ.
Qui Tam ActionAnswerAllows persons and entities with evidence of fraud against federal programs or
contracts to sue the wrongdoer on behalf of the United States Government - based upon private
information.
7 Elements of an Effective Compliance ProgramAnswer1. Policies and Procedures
2. Compliance Oversight
3. Effective Lines of Communication
4. Training / Education
5. Internal Monitoring and Auditing
, 6. Enforcing standards through consistent disciplinary guidelines
7. Responding timely to detracted offenses.
HIPAA Privacy RuleAnswerA covered entity may not use of disclose protected health information except
for when it is required or permitted.
HIPAA Security RuleAnswerEssentially outlines how to protect PHI in an electronic form (only applies to
ePHI). 3 main safeguards: administrative, technical, and physical.
Reportable BreachAnswer1. breach of privacy rule
2. unsecured PHI
3. more than "low probability of compromise"
Breach NotificationAnswer1. Notify individual in writing
-if less than 10 are undeliverable, alternate notification method (like email) may be use
-if more than 10 are undeliverable, must post contact info to web page.
2. Must notify OCR within 60 days of the end of the calendar year
-if it involves 500+ people, must notify OCR immediately
3. Org. must notify media if 501+ individuals in same jurisdiction/state are involved in breach.
Patient Rights Under HIPAAAnswero Request for restriction of PHI Use - as long as it is reasonable i.e.
can restrict that information is not given to insurance company, given that the pt. requests in writing,
self-pays, and the info would be typically given to the insurance company.
o Request for confidential communication (i.e. no voicemails)
o Request Access/Copy of medical record
o Request for Medical Record amendment
o Request to review accounting of disclosures
o Right to receive notification of Breach
