Legal Issues

9


Legal Issues



Objectives


After completing this chapter, readers should be able to:


image Describe legal issues concerning medical records.


image Discuss ways to comply with privacy regulations.


image Define fraud and fraudulent billing.


image Explain the importance of record keeping.


image Describe subpoena and the consequence in receiving a subpoena.


image Understand the statute of limitation on accounts for collection.


KEY TERMS







































































Term Definition
Abuse Unknowingly defrauding the Medicare program by obtaining payment for items or services when there is not legal entitlement to the payment.
Arbitration Legal method where the patient and physician may agree to resolve any controversy that may occur before an impartial panel.
Civil Law Law that enforces private rights and liabilities, as distinguished from criminal law.
Defamation Slander or libel or injury to reputation.
Defendant Person defending a case. In a malpractice case this is usually the physician.
Deposition Taking of testimony from a witness made under oath although not in an open court. Information is written down or taped to be used in the case of a trial.
Embezzlement Willful act of illegally taking an employer’s money by an employee.
Ethics Moral principles and standards in the ideal relationship between a physician and patient or between physicians.
Fraud An intentional misrepresentation of facts to deceive or mislead another.
Judgment The official decision of the court in regard to an action or suit.
Litigation A lawsuit.
Locum Tenens A physician who substitutes for another physician who is out of the office for an extended period of time.
Malfeasance Wrongful treatment of a patient.
Misfeasance Lawful treatment performed or provided in the wrong way.
Negligence Omission to do something that should be done under ordinary circumstances. Negligence can involve a wrongful action or an omission of care.
Nonfeasance Failure by a physician to anything in regard to a patient’s medical condition when the physician has an obligation to act.
Open Contract An account where charges are made from time to time with a 5-year limitation for collection from the date the charge incurred.
PHI Protected Health Information. Data that could be used to learn a person’s health information.
Qui Tam Recovery of a penalty brought by an informer in a situation. Generally, a percentage of the recovery is given to the informer for payment.
Statute of Limitations The time limit in which a lawsuit may be filed.
Written Contract An agreement signed by a patient in which specific payment amounts are made on the account on a monthly basis. These accounts usually have high amounts that will take over 4 months to repay and generally have a 6-year limitation for collection.


Introduction


The purpose of this chapter is to describe some of the problems encountered in the performance of practice duties and to provide guidance on ways to avoid legal issues in medical records, billing, and collection activities.


The best policy for any practice is to practice within the guidelines of the law and to have an attorney who is skilled in laws concerning medical practices and policies. When in doubt concerning practice policy or guidelines, one should contact an attorney to determine the various rules and regulations for the particular state and circumstances.


It is not the author’s intent to replace legal counsel or to offer advice on legal matters. The intent is to direct the reader in identifying problems and situations that may require assistance from those who are versed in the rules and regulations governing your state policies and laws.



Medical Ethics


According to Mosby’s Medical, Nursing, & Allied Health Dictionary, ethics is defined as the science or study of moral values or principles, including ideals of autonomy, beneficence, and justice. Ethics are standards in which a medical practice determines the propriety of conduct in relationship to patients, physicians, and coworkers. Our modern code of medical ethics was adopted by the American Medical Association and is known as the “Principles of Medical Ethics.” Often in medicine, medical ethics and medical professional liability sometimes overlap.


Medical ethics and patient privacy have several factors in common. In forming the privacy rules discussed later in this chapter, you can see the parallel between ethics and HIPAA rulings. The following represent some of the standard guidelines of medical ethics used by medical practices.



To obtain an in-depth understanding of the Code of Ethics for professional associations, visit the following web sites:










American Association of Medical Assistants http://www.aama-ntl.org
American Health Information Management Association http://www.ahima.org


Medical Records


A medical record is a written account of the reason a patient sought medical care and the treatment rendered by the physician. Records include:



Patients’ medical records and financial records contain health information. Health information includes any facts that relate to the past, present, or future physical or mental health or condition of an individual, the health care they received, or the payment for that health care.


The data that could be used to learn a person’s health information is called protected health information, or PHI. Under federal regulations, medical offices, insurance carriers, and any other company that processes patients’ health information electronically must protect the privacy and security of this PHI.



Protected Health Information: The HIPAA Privacy Rule


Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996 because of concerns regarding fraud (e.g., coding irregularities, medical necessity issues, and waiving co-pays and deductibles). Although the authority granted under the Federal False Claims Act provided CMS with regulatory authority to enforce fraud and abuse statutes, HIPAA extends that authority to all federal and state health care programs.


HIPAA provisions were designed to improve the portability and continuity of heath care coverage by:




Privacy Rule


The final HIPAA Privacy Rule was published by the Department of Health and Human Services (HHS) on December 28, 2000. The final rule took effect on April 14, 2003. The Privacy Rule creates national standards to protect individuals’ medical records and other PHI. The rule also gives patients greater access to their own medical records and more control over how their personal health information is used. The rule addresses the obligations of health care providers and health plans to protect health information.


The Privacy Rule requires the implementation of activities that include:



The HIPAA Privacy Rule covers patients’ protected health information. Under the Privacy Rule, medical practices may not use or disclose protected health information, except as the individual who is the subject of the information (or the individual’s personal representative) authorizes in writing or as needed for treatment, payment, and health care operations.


These terms refer to:













Treatment Providing, coordinating, and managing health care for the patient, such as asking the patient’s insurance carrier for an authorization, a consultation between doctors on the patient’s case, or the referral of a patient from one physician to another.
Payment All the activities the medical office does to be reimbursed by insurance companies and government health plans, including billing and collection activities.
Health Care Operations Administrative, financial, and legal activities necessary to run the business of the medical office.

If a practice thinks it best, it may obtain patient consent for uses and disclosures of protected health information for treatment, payment, and health care operations. This consent is not required by the Privacy Rule, however. An authorization from the patient is required by the Privacy rule for the practice, hospital, or plan to use and disclose protected health information not otherwise allowed by the rule. Where the Privacy Rule requires patient authorization, voluntary consent is not sufficient to permit use or disclosure of protected health information unless it also satisfies the requirements of a valid authorization. A valid authorization is a detailed document that gives covered entities permission to use protected health information for specified purposes, which are generally other than treatment, payment, or health care operations.


An authorization must have:




How Practices Comply


To comply with the HIPAA Privacy Rule, practices must:



Offices usually create written privacy policies called a Notice of Privacy Practices. The main points of this document are summarized on a form called the Acknowledgment of Receipt of Notice of Privacy Practices. Patients of the practice are asked to sign this form and can take a copy of the privacy practices if they wish. If a particular patient refuses to sign, a note of this is made in the medical record to show that the practice attempted in good faith to get a signature.


The Privacy Rule also must be followed by vendors outside the practice that work with or provide services to the practice if the work involves the use of protected health information. Such business associates of the practice must sign agreements that they will follow the regulations and keep the data secure. Examples are outside billing service companies, attorneys, and accounting firms.


When using or disclosing protected health information, medical office staff must try to limit the use or disclosure to the minimum amount of PHI necessary—just what is needed to accomplish the intended purpose. This minimum standard does not apply to disclosures, including oral disclosures, among physicians who are treating the patient. For example, a physician is not required to apply the minimum necessary standard when discussing a patient’s medical chart with another doctor also handling the case.


Physician’s offices may use patient sign-in sheets or call out patient names in waiting rooms, as long as the information disclosed is appropriately limited. The HIPAA Privacy Rule explicitly permits the incidental disclosures that may result from this practice—for example, when other patients in a waiting room hear the identity of the person whose name is called, or see other patients’ names on a sign-in sheet. Reasonable safeguards need to be in place. For example, the sign-in sheet may not display medical information that is not necessary for the purpose of signing in (e.g., the medical problem for which the patient is seeing the physician).


The Privacy Rule also addresses records that have been written or dictated by the physician while rendering the service in that particular office. Records from hospitals, laboratories, x-ray departments, or other physicians are not part of the physician’s records. Information of this type should be requested from the agency or party that actually performed the service. When a physician has dictated notes or operative reports at a hospital, this information should be requested from and sent by the hospital even though the physician has a copy of the information in the office chart.

Related posts:

  1. Putting it All Together
  2. Accounts Receivable
  3. Insurance Claim Forms
  4. Service and Procedural Coding: Current Procedural Terminology (CPT)

Stay updated, free articles. Join our Telegram channel
Tags:
Dec 10, 2016 | Posted by in GENERAL SURGERY | Comments Off on Legal Issues

Full access? Get Clinical Tree
Get Clinical Tree app for offline access