Glossary of Compliance Terms

Anti-Kickback Law — Prohibits the solicitation, receiving, offering, or paying of any remuneration directly or indirectly in cash or in kind in exchange.

Attestation — The affirmation by signature, usually on a printed form, that the action outlined has been accomplished by the individual signing; e.g., the individual has read the code of conduct and agreed to adhere to its principles.

Attorney-Client Privilege — A legally accepted policy that communication between a client and attorney is confidential in the course of the professional relationship and that such communication cannot be disclosed without the consent of the client. Its purpose is to encourage full and frank communication between attorneys and their clients.

Audit, baseline — A systematic inspection of records, policies, and procedures with the goal to establish a set of benchmarks for comparison for future inspections.

Audit, concurrent — An inspection of records, policies, and procedures at a given point in time in which identified potential problems are audited as they arise (e.g., documentation reviewed and codes substantiated prior to dropping a bill).

Audit, retrospective — An audit of historical events (e.g., paid claims audits, executed contracts, etc.). How far back can be determined by specific milestones or a legal statute (e.g., new or revised laws, new departments, new system, etc.).

Balanced Budget Act of 1997 — Legislation containing major reform of the Medicare and Medicaid programs especially in the areas of home health and patient transfers. It also mandated permanent exclusion from participation in federally funded health care programs of those convicted of three health care-related crimes (3 strikes and you’re out).

Benchmarking — The measurement of performance against “best practice” standards.

Best Practices — Generally recognized superior performance by organizations in operational and/or financial processes.

Business Associate — A “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. A member of the covered entity’s workforce is not a business associate. A covered health care provider, health plan, or health care clearinghouse can be a business associate of another covered entity. The Privacy Rule lists some of the functions or activities, as well as the particular services, that make a person or entity a business associate, if the activity or service involves the use or disclosure of protected health information. The types of functions or activities that may make a person or entity a business associate include payment or health care operations activities, as well as other functions or activities regulated by the Administrative Simplification Rules.

Business associate functions and activities include: claims processing or administration; data analysis, processing or administration; utilization review; quality assurance; billing; benefit management; practice management; and repricing. Business associate services are: legal; actuarial; accounting; consulting; data aggregation; management; administrative; accreditation; and financial. See the definition of “business associate” at 45 CFR 160.103.

Business Associate Agreement (BAA) — The HIPAA Privacy Rule requires that, before PHI can be shared between a covered entity and a business associate, the business associate must sign a written agreement that gives satisfactory assurances that it will not use or disclose PHI in a manner that contradicts the Privacy Rule requirements. HIPAA also requires a Business Associate Agreement to define the function of the business associate and the limitations on their uses and disclosures of PHI. The business associate agreement must also define what will happen to the PHI held by the business associate upon termination of the agreement.

Caremark International Derivative Litigation — The 1996 U.S. civil settlement of Caremark International, Inc. in which an imposed corporate integrity agreement precluded Caremark from providing health care in certain forms for a period of five years. Also suggests that the failure of a corporate director to attempt in good faith to institute a compliance and ethics program in certain situations may be a breach of a director’s fiduciary obligation.

Centers for Medicare and Medicaid Services (CMS) — A component of the U.S. Department of Health and Human Services that administers the Medicare, Medicaid and State Children’s Health Insurance programs.

Certified Professional Coder (CPC) — A coder who has satisfied certification requirements as established by the American Academy of Professional Coders.

Chain of Command — The hierarchy of reporting structure within an organization, which assumes all issues will be presented first to one’s immediate supervisor.

Civil Monetary Penalties Law (CMPL) — Regulations which apply to any claim for an item or service that was not provided as claimed or that was knowingly submitted as false and which provides guidelines for the levying of fines for such offences.

Compliance — Adherence to the laws and regulations passed by official regulating bodies as well as general principles of ethical conduct. In the United States, such regulating bodies include the U.S. Congress; federal executive departments and federal agencies and commissions; and corresponding state-level entities. Also: Corporate Compliance.

This document is only available to subscribers. Please log in or purchase access