Question: Who enforces the Health Insurance Portability and Accountability Act (HIPAA)?
Answer
The Office of E-Health Standards and Services within the Centers for Medicare & Medicaid Services (CMS) enforces the Transactions and Code Sets and National Identifiers (Employer and Provider identifiers) regulations of the Health Insurance Portability and Accountability Act (HIPAA). Complaints may be submitted electronically, at https://htct.hhs.gov/aset/, or via paper at http://www.cms.hhs.gov/Enforcement/Downloads/HIPAANon-PrivacyComplaintForm.pdf
The HIPAA Privacy and Security Rules are enforced by the Office for Civil Rights OCR. Complaints related to concerns about protected health information may be sent to OCR at http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html. CMS also enforces the insurance portability requirements under Title I of HIPAA. For more information about portability and how to obtain information or assistance, go to: http://www.cms.hhs.gov/HealthInsReformforConsume/01_Overview.asp
Tuesday, December 8, 2009
How should modifier -59 be reported under the CCI?
Question : How should modifier -59 be reported under the CCI?
Answer: Modifier -59 is used to indicate a distinct procedural service. To appropriately report this modifier, append modifier -59 to the column 2 code to indicate that the procedure or service was independent from other services performed on the same day. The addition of this modifier indicates to the carriers or fiscal intermediaries that the procedure or service represents a distinct procedure or service from others billed on the same date of service. In other words, this may represent a different session, different anatomical site or organ system, separate incision/excision, different lesion, or different injury or area of injury (in extensive injuries). When used with a CCI edit, modifier -59 indicates that the procedures are different surgeries when performed at different operative areas or at different patient encounters. (1/10/03)
Answer: Modifier -59 is used to indicate a distinct procedural service. To appropriately report this modifier, append modifier -59 to the column 2 code to indicate that the procedure or service was independent from other services performed on the same day. The addition of this modifier indicates to the carriers or fiscal intermediaries that the procedure or service represents a distinct procedure or service from others billed on the same date of service. In other words, this may represent a different session, different anatomical site or organ system, separate incision/excision, different lesion, or different injury or area of injury (in extensive injuries). When used with a CCI edit, modifier -59 indicates that the procedures are different surgeries when performed at different operative areas or at different patient encounters. (1/10/03)
Does the HIPAA Security Rule allow for sending electronic PHI in an email or over the Internet?
Question: Does the HIPAA Security Rule allow for sending electronic PHI in an email or over the Internet?
Answer : The HIPAA Security Rule does not expressly prohibit the use of email for sending electronic protected health information (PHI). However, the standards for access control, (45 CFR § 164.312(a)) integrity (45 CFR § 164.312(c)(1)), and transmission security (45 CFR § 164.312(e)(1)) require covered entities to implement policies and procedures to restrict access to, protect the integrity of, and guard against the unauthorized access to electronic PHI. The standard for transmission security (§ 164.312(e)) also includes addressable specifications for integrity controls and encryption. This means that the covered entity must assess its use of open networks, identify the available and appropriate means to protect electronic PHI as it is transmitted, select a solution, and document the decision. The Security Rule allows for electronic PHI to be sent over an electronic open network as long as it is adequately protected.
Answer : The HIPAA Security Rule does not expressly prohibit the use of email for sending electronic protected health information (PHI). However, the standards for access control, (45 CFR § 164.312(a)) integrity (45 CFR § 164.312(c)(1)), and transmission security (45 CFR § 164.312(e)(1)) require covered entities to implement policies and procedures to restrict access to, protect the integrity of, and guard against the unauthorized access to electronic PHI. The standard for transmission security (§ 164.312(e)) also includes addressable specifications for integrity controls and encryption. This means that the covered entity must assess its use of open networks, identify the available and appropriate means to protect electronic PHI as it is transmitted, select a solution, and document the decision. The Security Rule allows for electronic PHI to be sent over an electronic open network as long as it is adequately protected.
With whom should I share my National Provider Identifier (NPI)?
Question: With whom should I share my National Provider Identifier (NPI)?
Answer : Health care providers should share their NPIs with other providers with whom they do business, and with health plans that request their NPIs. All health care providers who conduct standard transactions as adopted under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) are covered health care providers. These providers must share their NPI with other providers, health plans, clearinghouses, and any entity that may need those NPIs for use in standard transactions. Providers should also consider letting health plans or institutions for whom they work, share their NPIs for them.
CMS strongly encourages providers to share their NPI with other health care providers to whom they refer patients; pharmacies that fill their prescriptions;health plans in which they are enrolled and to whom they submit claims; and organizations where they have staff privileges.
Answer : Health care providers should share their NPIs with other providers with whom they do business, and with health plans that request their NPIs. All health care providers who conduct standard transactions as adopted under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) are covered health care providers. These providers must share their NPI with other providers, health plans, clearinghouses, and any entity that may need those NPIs for use in standard transactions. Providers should also consider letting health plans or institutions for whom they work, share their NPIs for them.
CMS strongly encourages providers to share their NPI with other health care providers to whom they refer patients; pharmacies that fill their prescriptions;health plans in which they are enrolled and to whom they submit claims; and organizations where they have staff privileges.
How long will it take to get an NPI?
Question: How long will it take to get an NPI?
Answer : We cannot predict the amount of time it will take to obtain a National Provider Identifier (NPI) because several factors come into play. Such factors include the volume of applications being processed at a given time, whether the application was submitted electronically or on paper, and whether the application was complete and passed all edits. We expect that a health care provider who submits a properly completed electronic application could have its NPI in 10 days.
Content Solutions
Sport Events
Vending Machines
Answer : We cannot predict the amount of time it will take to obtain a National Provider Identifier (NPI) because several factors come into play. Such factors include the volume of applications being processed at a given time, whether the application was submitted electronically or on paper, and whether the application was complete and passed all edits. We expect that a health care provider who submits a properly completed electronic application could have its NPI in 10 days.
Content Solutions
Sport Events
Vending Machines
National Provider Identifiers
Question: What types of business structures are considered organization health care providers and thus eligible for organization National Provider Identifiers (NPIs)? What types are not?
Answer : The final NPI rule defines “organization health care providers” as providers who are not individuals (persons). These are classified as entity type 2 providers. Examples are hospitals, home health agencies, clinics, nursing homes, residential treatment centers, laboratories, ambulance companies, group practices, health maintenance organizations, suppliers of durable medical equipment or pharmacies.
Commercial Refrigerators
Wildblue
Lechuza Planters
Some health care provider organizations are made up of components or business units that function somewhat independently of the ”parent” health care organization of which they are a part. These components, which are referred to as “subparts” in the regulation, might conduct their own standard transactions, might be at the same or at a different address than the organization provider “parent”, might furnish a type of service different than the organization provider “parent.” These subparts or business units might be required by Federal regulations to have unique identifiers for billing purposes. Each organization must make a determination regarding the status of its subparts, and apply for NPIs as it deems appropriate. The Work group for Electronic Data Exchange (WEDI) has a white paper on this topic that can be helpful to covered entities in making their decisions.
A sole proprietorship is a form of business in which one person owns all of the assets of the business and is solely liable for all debts on an individual basis. Sole proprietors are individuals, and they must apply for their NPIs as Individuals (Entity Type I). The subpart concept does not apply to a sole proprietorship, even one with multiple locations, because the sole proprietorship is not an organization as defined in the Final NPI Rule (69FR3434).
State laws enable the creation of many other different types of businesses. While we cannot address every possible type of business structure, we apply the following broad principle to determine whether a business is eligible for an organization NPI: Any organization that is recognized by the State as separate and distinct from the individual is eligible for an organization NPI. The law in each State will govern how different business types are recognized by the State.
Answer : The final NPI rule defines “organization health care providers” as providers who are not individuals (persons). These are classified as entity type 2 providers. Examples are hospitals, home health agencies, clinics, nursing homes, residential treatment centers, laboratories, ambulance companies, group practices, health maintenance organizations, suppliers of durable medical equipment or pharmacies.
Commercial Refrigerators
Wildblue
Lechuza Planters
Some health care provider organizations are made up of components or business units that function somewhat independently of the ”parent” health care organization of which they are a part. These components, which are referred to as “subparts” in the regulation, might conduct their own standard transactions, might be at the same or at a different address than the organization provider “parent”, might furnish a type of service different than the organization provider “parent.” These subparts or business units might be required by Federal regulations to have unique identifiers for billing purposes. Each organization must make a determination regarding the status of its subparts, and apply for NPIs as it deems appropriate. The Work group for Electronic Data Exchange (WEDI) has a white paper on this topic that can be helpful to covered entities in making their decisions.
A sole proprietorship is a form of business in which one person owns all of the assets of the business and is solely liable for all debts on an individual basis. Sole proprietors are individuals, and they must apply for their NPIs as Individuals (Entity Type I). The subpart concept does not apply to a sole proprietorship, even one with multiple locations, because the sole proprietorship is not an organization as defined in the Final NPI Rule (69FR3434).
State laws enable the creation of many other different types of businesses. While we cannot address every possible type of business structure, we apply the following broad principle to determine whether a business is eligible for an organization NPI: Any organization that is recognized by the State as separate and distinct from the individual is eligible for an organization NPI. The law in each State will govern how different business types are recognized by the State.
What does the physician referral law prohibit?
Question: What does the physician referral law prohibit?
Answer : The physician referral law (section 1877 of the Social Security Act) prohibits a physician from referring patients to an entity for a designated health service (DHS), if the physician or a member of his or her immediate family has a financial relationship with the entity, unless an exception applies. (The exceptions are specified in 42 CFR Part 411, Subpart J.) The law also prohibits an entity from presenting a claim to Medicare or to any person or other entity for DHS provided under a prohibited referral. No Medicare payment may be made for DHS rendered as a result of a prohibited referral, and an entity must timely refund any amounts collected for DHS performed under a prohibited referral. Civil money penalties and other remedies may also apply under some circumstances.
Programmable Thermostats
Flashlight z
Predictive Dialer
Answer : The physician referral law (section 1877 of the Social Security Act) prohibits a physician from referring patients to an entity for a designated health service (DHS), if the physician or a member of his or her immediate family has a financial relationship with the entity, unless an exception applies. (The exceptions are specified in 42 CFR Part 411, Subpart J.) The law also prohibits an entity from presenting a claim to Medicare or to any person or other entity for DHS provided under a prohibited referral. No Medicare payment may be made for DHS rendered as a result of a prohibited referral, and an entity must timely refund any amounts collected for DHS performed under a prohibited referral. Civil money penalties and other remedies may also apply under some circumstances.
Programmable Thermostats
Flashlight z
Predictive Dialer
Subscribe to:
Comments (Atom)