HIPAA Enforcement Agencies
Civil Case Procedures
Criminal Case Procedures
Who Is Responsible: The Covered Entity, Business Associates, or Employees?
Fraud and Abuse Regulations
The Health Care Fraud and Abuse Control Program
Federal False Claims Act
Additional Laws
Definition of Fraud and Abuse
OIG Investigations, Audits, and Advice
OIG's Civil Money Penalties
Strategies for Compliance: The Compliance Plan
Guidance on Compliance Plans
Parts of a Compliance Plan
Written Policies and Procedures
Compliance Officer and Committee
Ongoing Training
Effective Lines of Communication
Ongoing Auditing and Monitoring
Disciplinary Guidelines and Policies
Corrective Action
Case Discussion
After studying this chapter, you should be able to:
Explain the purpose of the HIPAA final enforcement rule.
Distinguish between civil and criminal cases.
Describe the roles of the Office for Civil Rights (OCR) and the Department of Justice (DOJ) in the enforcement of the HIPAA privacy standards.
Describe the role of the Centers for Medicare and Medicaid Services (CMS) in the enforcement of the HIPAA security, transactions, code sets, and identifiers standards.
Describe the civil case procedure followed by OCR and CMS.
Discuss the role of the Office of Inspector General (OIG) of the Health and Human Services Department (HHS) in enforcing HIPAA.
Compare fraud and abuse.
Discuss the laws that underpin the OIG's fraud and abuse enforcement actions.
Describe the purpose of an OIG Work Plan.
List the recommended elements of a compliance plan.
