Helping Entities Implement Privacy and Security Protections (HIPAA & Compliance Training)

​

The HIPAA Rules are flexible and scalable to accommodate the enormous range in types and sizes of entities that must comply with them. This means that there is no single standardized program that could appropriately train employees of all entities.

​

This activity is intended for primary care physicians, obstetricians & gynecologists, pediatricians, nurses, and Third-party billing companies.

 

The goal of this activity is to review components of the Health Insurance Portability and Accountability Act (HIPAA) right of access and ways in which it enables individuals to be more involved in their own care.

 

Upon completion of this activity, participants will have increased knowledge regarding:

1. The components of the HIPAA access right, including an individual's ability to direct a copy of their health information to a third party, including a researcher

2. How the HIPAA right of access enables individuals to become more involved in their care

​

We assure you are getting trained and certified on the following topics.

​

1) False Claims Act [31 U.S.C. § § 3729-3733]: 

The civil FCA protects the Government from being overcharged or sold shoddy goods or services. It is illegal to submit claims for payment to Medicare or Medicaid that you know or should know are false or fraudulent. Filing false claims may result in fines of up to three times the programs' loss plus $11,000 per claim filed. Under the civil FCA, each instance of an item or a service billed to Medicare or Medicaid counts as a claim, so fines can add up quickly. The fact that a claim results from a kickback or is made in violation of the Stark law also may render it false or fraudulent, creating liability under the civil FCA as well as the AKS or Stark law.

Under the civil FCA, no specific intent to defraud is required. The civil FCA defines "knowing" to include not only actual knowledge but also instances in which the person acted in deliberate ignorance or reckless disregard of the truth or falsity of the information. Further, the civil FCA contains a whistleblower provision that allows a private individual to file a lawsuit on behalf of the United States and entitles that whistleblower to a percentage of any recoveries. Whistleblowers could be current or ex-business partners, hospital or office staff, patients, or competitors.

There also is a criminal FCA (18 U.S.C. § 287). Criminal penalties for submitting false claims include imprisonment and criminal fines. Physicians have gone to prison for submitting false health care claims. OIG also may impose administrative civil monetary penalties for false or fraudulent claims, as discussed below.

 

2) Anti-Kickback Statute [42 U.S.C. § 1320a-7b(b)]: 

The AKS is a criminal law that prohibits the knowing and willful payment of "remuneration" to induce or reward patient referrals or the generation of business involving any item or service payable by the Federal health care programs (e.g., drugs, supplies, or health care services for Medicare or Medicaid patients). Remuneration includes anything of value and can take many forms besides cash, such as free rent, expensive hotel stays and meals, and excessive compensation for medical directorships or consultancies. In some industries, it is acceptable to reward those who refer business to you. However, in the Federal health care programs, paying for referrals is a crime. The statute covers the payers of kickbacks-those who offer or pay remuneration- as well as the recipients of kickbacks-those who solicit or receive remuneration. Each party's intent is a key element of their liability under the AKS.

Criminal penalties and administrative sanctions for violating the AKS include fines, jail terms, and exclusion from participation in the Federal health care programs. Under the CMPL, physicians who pay or accept kickbacks also face penalties of up to $50,000 per kickback plus three times the amount of the remuneration.

Safe harbors protect certain payment and business practices that could otherwise implicate the AKS from criminal and civil prosecution. To be protected by a safe harbor, an arrangement must fit squarely in the safe harbor and satisfy all of its requirements. Some safe harbors address personal services and rental agreements, investments in ambulatory surgical centers, and payments to bona fide employees.

​

3) Physician Self-Referral Law [42 U.S.C. § 1395nn]: 

The Physician Self-Referral Law, commonly referred to as the Stark law, prohibits physicians from referring patients to receive "designated health services" payable by Medicare or Medicaid from entities with which the physician or an immediate family member has a financial relationship unless an exception applies. Financial relationships include both ownership/investment interests and compensation arrangements. For example, if you invest in an imaging center, the Stark law requires the resulting financial relationship to fit within an exception or you may not refer patients to the facility and the entity may not bill for the referred imaging services.

​

4) Exclusion Statute [42 U.S.C. § 1320a-7]:

OIG is legally required to exclude from participation in all Federal health care programs individuals and entities convicted of the following types of criminal offenses: (1) Medicare or Medicaid fraud, as well as any other offenses related to the delivery of items or services under Medicare or Medicaid; (2) patient abuse or neglect; (3) felony convictions for other health-care-related fraud, theft, or other financial misconduct; and (4) felony convictions for unlawful manufacture, distribution, prescription, or dispensing of controlled substances. OIG has the discretion to exclude individuals and entities on several other grounds, including misdemeanor convictions related to health care fraud other than Medicare or Medicaid fraud or misdemeanor convictions in connection with the unlawful manufacture, distribution, prescription, or dispensing of controlled substances; suspension, revocation, or surrender of a license to provide health care for reasons bearing on professional competence, professional performance, or financial integrity; provision of unnecessary or substandard services; submission of false or fraudulent claims to a Federal health care program; engaging in unlawful kickback arrangements; and defaulting on health education loan or scholarship obligations.

​

5) Sync for Science (S4S) API Privacy and Security:

6) Guide to Privacy and Security of Electronic Health Information

7) Security Risk Assessment (SRA) Tool

8) Security Risk Analysis Guidance

9) HIPAA Security Toolkit Application.

10) Certified Health IT Product List.

11) Business Associate Contract Provisions

12) Model Notices of Privacy Practices (NPPs).

13) Keeping Health Information Private and Secure.

Additional Modules are the only available after application.

​

​