CompTIA Healthcare IT Technician HIT-001 Cert Guide: Regulatory Requirements
Regulatory requirements don’t sound like fun to read about. No matter how boring this topic is, it is relevant to HIT. The requirements keep you and others out of trouble. The agencies and laws are in place to protect patients’ rights and privacy and help you find resources.
Laws and regulations change and can be updated, so the most important point of this chapter is to know where to go to find current information. Also agencies, laws, and regulations vary from state to state, so you need to be aware of local policies in your state.
Use government websites and Internet search engines to find information. The government or .gov sites are the authoritative sources. Other websites might offer insight about where to look for answers or how other facilities handle issues. If you cannot fin what you need, look within your facility. Often all it takes to find information about a policy is to visit the department in your hospital that handles matters of policy on a daily basis.
This chapter begins by identifying and explaining the roles of some important agencies and laws.
Identifying Standard Agencies, Laws, and Regulations
Each of the agencies, laws, and regulations described in the following sections play a role in healthcare. The agencies of the U.S. government are responsible for implementing the laws and regulations created by Congress and enacted by the President. The common goal of the agencies, laws, and regulations is to improve the healthcare available to citizens. First, learn about the agencies.
Agencies Governing Healthcare
With changes in the government over the last few years, generous resources have been provided for the development and implementation of HIT. The government has focused funding toward advancing healthcare technology in the United States. The government created agencies to filter the monies to covered entities. Covered agencies work toward this same goal to advance healthcare technology. The government and covered agencies are tasked with ensuring the laws and regulations have compliance by healthcare providers and facilities.
Following is a list of agencies that govern healthcare in the United States:
- Department of Health and Human Services (HHS)
- National Institute of Standards and Technology (NIST)
Department of Health and Human Services
The Department of Health and Human Services (HHS)—http://www.hhs.gov—is an agency of the U.S. government tasked with the following responsibilities:
- Protect the health of Americans.
- Provide a means for Americans who are least able to help themselves to access healthcare.
- Contain and treat any national health emergencies.
- Test and regulate food and drug supplies.
Figure 3-1 shows the HHS website.
Figure 3-1 The HHS website is current and informative with the need-to-know facts and how to access resources the HHS provides.
Photo credit: http://www.hhs.gov
The HHS contains several operating divisions, as shown in Table 3-1.
Table 3-1 Operating Divisions of the HHS
Administration for Children and Families
Administration on Children, Youth, and Families
Administration on Aging
Agency for Healthcare Research and Quality
Centers for Disease Control and Prevention
Centers for Medicare & Medicaid Services
Food and Drug Administration
Health Resources and Services Administration
Indian Health Service
National Institutes of Health
National Cancer Institute
Office of the Inspector General
Substance Abuse and Mental Health Services Administration
The more notable divisions of the HHS include the Food and Drug Administration (FDA), Centers for Disease Control and Prevention (CDC), and the National Institutes of Health (NIH). Now take a closer look at the divisions of the HHS involved in healthcare:
- Centers for Medicare & Medicaid Services (CMS)
- Office of the National Coordinator for HIT (ONC)
- Office for Civil Rights (OCR)
Centers for Medicare & Medicaid Services (CMS)
The Centers for Medicare & Medicaid Services (CMS) branch—http://www.cms.gov—of the HHS is responsible for administrating Medicare and Medicaid. CMS also regulates the transaction standards of billing codes used to price healthcare expenses, such as electronic claims, remittance, eligibility, and claims status requests/responses. The current version of HIPAA transaction standards is Version 5010. All HIPAA-compliant facilities adopted this version January 1, 2012. CMS regulates medical diagnosis and inpatient procedure coding in healthcare. The current version is ICD-9. The new version, ICD-10, is required to be adopted by HIPAA-compliant facilities by October 1, 2013. Figure 3-2 shows the CMS website homepage.
Figure 3-2 The CMS website is current and informative with the need-to-know facts and how to access resources the CMS provides.
Photo credit: http://www.cms.gov
The purpose of coding is to equate expenses in a hospital into numbers. For example, whenever a doctor examines a patient, a nurse uses a syringe to administer a drug, or a patient receives a diagnosis, a code must be generated to represent the expense associated with providing this patient care. When healthcare providers enter information into a patient’s chart, that information eventually is sent to a medical coding specialist. This person is responsible for translating charted documentation about a patient’s stay in a hospital into codes so that insurance companies can be properly billed for the hospital’s expenses.
Covered entities must upgrade to Version 5010 billing codes to be prepared for the ICD-10 diagnostic and procedure codes. ICD-10 codes accommodate Version 5010. The reason for the transition to Version 5010 over a year and a half before the transition to ICD-10 is to make sure any kinks in the transition to Version 5010 have been addressed to reduce the possibilities of problems in the transition to ICD-10.
The need for the transition from ICD-9 to ICD-10 is because ICD-9 is too restrictive in the amount of information the code can communicate. With ICD-10, a code can report more specifically what was wrong with a patient and how the patient was treated. ICD-10 uses more character fields in the code and approximately 55,000 more available codes. For example, if a physician charts “initial encounter for a stress fracture of the right tibia,” in ICD-9, a coder could use only the code 733.9 to mean the limited information “stress fracture of the tibia.” This ignores a lot of specific information about this patient’s condition. Because this was the first encounter and of the right tibia would be coded using separate codes. With ICD-10, the coder can report more details in a single code using a longer code with more options to choose from. To report “initial encounter for a stress fracture of the right tibia” in ICD-10, a coder would report M84.361A as the code.
Office of the National Coordinator for Health Information Technology (ONC)
Office of the National Coordinator for Health Information Technology (ONC)—http://www.healthit.hhs.gov: This office of the HHS was created to promote national HIT infrastructure and oversee its development. The ONC was created by executive order in 2004 and written into legislation by the HITECH Act in 2009, which requires healthcare providers to move toward using electronic solutions to store and process patient data. The ONC tests and certifies all EMR/EHR solutions to be HIPAA-compliant. Healthcare providers and hospitals may use only the certified EMR/EHR solutions if they want to qualify for monetary incentives. Figure 3-3 shows the ONC website.
Figure 3-3 The ONC website is current and informative with the need-to-know facts and how to access resources the ONC provides.
Photo credit: http://www.healthit.hhs.gov
The U.S. government provides funding through various venues to encourage covered entities to transition to advanced healthcare technology. Covered entities are encouraged to meet deadlines for stages in the transition, for example, to EMR/EHR information systems. If they meet these goals, they are given money. The deadlines for the incentives are set before the deadlines of when covered entities are required to transition to advanced healthcare technology. If a covered entity misses the latter required deadline, the U.S. government starts applying penalties for not complying with the required deadline. It serves the covered entities well to be ahead of the game by transitioning to advanced healthcare technologies sooner rather than later.
Office of Civil Rights (OCR)
Office of Civil Rights (OCR)—http://www.hhs.gov/ocr: This office of the HHS is responsible to protect Americans against discrimination and enforce the Privacy and Security Rules of HIPAA. The OCR fulfills this responsibility through education to prevent violations and through investigation of complaints about violations of these rules. The OCR usually enables a covered entity to enforce rules and reprimand violations without intervening. Complaints about violations are filed through the OCR. See Figure 3-4 to see the OCR website.
Figure 3-4 The OCR website is current, informative, and offers instructions on how to file a complaint about a privacy violation.
Photo credit: http://www.hhs.gov/ocr
National Institute of Standards and Technology (NIST)
National Institute of Standards and Technology (NIST)—http://www.nist.gov—This agency is part of the U.S. Department of Commerce. The goal of the NIST is to promote U.S. innovation and industrial competition. The NIST aims to advance standards and technology to improve American economic security and quality of life. In healthcare, the NIST aims to do the following:
- Create opportunities for accelerated research and development of HIT.
- Improve the usefulness of HIT and remote healthcare.
- Develop the security of HIT.
Figure 3-5 shows the NIST website.
Figure 3-5 The NIST website is current and informative of its activities.
Photo credit: http://www.nist.gov
Now that you have learned about the agencies for healthcare, turn your attention to the programs and laws that these agencies offer and enforce.
Government agencies use social programs to fulfill responsibilities tasked to the agency. Programs ensure accessibility of benefits to those who qualify. The two most significant healthcare programs are Medicare and Medicaid. Medicare and Medicaid are impressive by the numbers of beneficiaries and expense.
The Medicare—http://www.medicare.gov—social insurance program is for hospital and medical care for elderly and certain disabled citizens. Medicare is provided by the U.S. government. Medicare was created as an amendment to the Social Security Act in 1965. Medicare is regulated and administered at the federal level. Figure 3-6 shows the Medicare website homepage.
Figure 3-6 The Medicare website is current and informative with the need-to-know facts and how to access resources Medicare provides.
Photo credit: http://www.medicare.gov
The Medicaid—http://www.medicaid.gov—social welfare program is for health and medical services for certain citizens and families with low incomes and few resources. Medicaid is provided by the U.S. government. Medicaid was created as an amendment to the Social Security Act in 1965. Primary oversight of Medicaid is regulated at the federal level. All states participate in Medicaid; however, state participation to use Medicaid funding is voluntary. Each state administers this program using Medicaid funding. States also have control over eligibility standards, scope of services, and rate of payment for services. Figure 3-7 shows the Medicaid website.
Figure 3-7 The Medicaid website is current and informative with the need-to-know facts and how to access resources Medicaid provides.
Photo credit: http://www.medicaid.gov
Government agencies use laws to define the scope of responsibilities tasked to the agency. Laws clarify the manner and intent of the government. HIPAA, ARRA, and HITECH are all acts of Congress meant to improve healthcare in the United States.
Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA)—http://www.hhs.gov/ocr/privacy—was created in 1996 to provide a standard set of rules for all covered entities to follow to protect patient health information and to help healthcare providers transition from paper to electronic health records. The Office of Civil Rights (OCR) enforces the following HIPAA rules:
- Privacy Rule: Establishes national standards to protect individuals’ health information whenever a covered entity accesses this information. This rule establishes safeguards to regulate who can access e-PHI (electronic protected health information) and the reasons why someone needs to access e-PHI.
- Security Rule: Establishes national standards to protect the e-PHI of an individual. This rule establishes safeguards for how e-PHI is accessed.
- Breach Notification Rule: Requires covered entities to notify affected individuals, the HHS secretary, and possibly the media when protected health information (PHI) has been breached.
- Enforcement Rule: Establishes penalties for violations to HIPAA rules and procedures following a violation, such as investigations and hearings.
Figure 3-8 shows the enforcement activities and results on the HIPAA website.
Figure 3-8 The HIPAA website is current and informative of the need-to-know facts.
Photo credit: http://www.hhs.gov/ocr/privacy/hipaa/enforcement
American Recovery and Reinvestment Act (ARRA)
The American Recovery and Reinvestment Act (ARRA)—http://www.recovery.gov—was created in 2009 at the urging of President Obama to help citizens through the economic recession. This act is called the Recovery Act. The Recovery Act provided hundreds of billions of dollars for tax cuts, funding for entitlement programs, and federal contracts, grants, and loans. Specific to healthcare, the Recovery Act provides funding to HHS branches, such as the CMS and ONC. The Recovery Act is intended to help preserve and improve affordable healthcare in the United States. The Recovery Act also creates plans and incentives to assist Americans through challenges faced as a nation. Figure 3-9 shows the Recovery Act website.
Figure 3-9 The Recovery Act website is current and informative with the need-to-know facts and how to access resources the Recovery Act provides.
Photo credit: http://www.recovery.gov
Health Information Technology for Economic and Clinical Health (HITECH) Act
The Health Information Technology for Economic and Clinical Health (HITECH) Act—http://www.healthit.hhs.gov—focuses on creating incentive and opportunity for the advancement of HIT through the ONC. The programs funded in the HITECH Act collectively aim to make EMRs/EHRs relevant and beneficial resources to all Americans. The HITECH Act provides grants for education programs and monetary incentives. The HITECH Act also encourages communication within the healthcare community, within a state, and between states as HIT is advanced and implemented.
Now that you are familiar with programs and laws about healthcare, the following sections explain how these programs and laws are regulated.
Regulations of Healthcare Laws
Government agencies use regulations to ensure the intent of the government is carried out. It is in these regulations that healthcare providers and hospitals begin to understand the means and extent of the laws’ intent.
Two new buzzwords in HIT are meaningful use and eligible provider. The Recovery Act requires covered entities to use HIT in a meaningful way, which is where the term “meaningful use” came from. The meaningful use of HIT justifies the push to advance in technology and offer incentives to accomplish this goal. Starting in 2011, grants from the HITECH Act provide incentives with deadlines for healthcare providers to comply with the regulations identified by meaningful use. By 2015, all healthcare entities must demonstrate meaningful use to avoid financial penalties. Eligible providers are covered entities that want to receive monetary incentives by meeting meaningful use criteria. This qualification makes them eligible to receive incentive money.
Now that you know some background on the agencies, laws, and regulations, the following section shifts the focus to how the agencies and acts from the government regulate privacy.