MT

MediTrans

HIPAA & FWA Training Portal
Progress: 0%
TRAINING PORTAL

HIPAA & Fraud, Waste, & Abuse Training

This training is required annually for all employees, contractors, transportation providers, and drivers of Medi Trans.
Your Training Progress

Complete all sections, pass the quiz, then sign the attestation.

0%

Training Sections

🔒

What is HIPAA?

Privacy Rule, PHI & more
📄

Uses & Disclosures

How PHI is shared
🛡

Your Responsibility

Safeguarding member data

HIPAA Compliance

Privacy Office & policies
👥

Members' Rights

Complaints & protections

FWA Training

Laws & penalties
📝

Assessment Quiz

7 questions — must pass

Attestation

Sign & submit
SECTION 1

What is HIPAA?

Understanding the Health Insurance Portability and Accountability Act and why it matters to Medi Trans.
📜

HIPAA Overview

The foundation of health information privacy
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law passed in 1996. HIPAA created national standards for protecting the privacy and security of health information.

The HIPAA Privacy Rule

The Privacy Rule is a key part of HIPAA. It establishes standards for how Protected Health Information (PHI) may be used and disclosed. It applies to all "covered entities" and their "business associates."

What is Protected Health Information (PHI)?

PHI is the combination of two types of information:

Medical Information

    • Medical records & billing info
    • Health plan enrollment data
    • Any health information that can identify a person

Personally Identifiable Information (PII)

    • Names, addresses, birth dates
    • Social Security & phone numbers
    • Email addresses, medical record numbers
    • Vehicle identifiers, photos, biometrics

Key Formula

Medical Info + PII = PHI (Protected Health Information)

Covered Entities & Business Associates

Who must follow HIPAA rules
Covered Entities are organizations that must follow HIPAA regulations. They include health plans, healthcare clearinghouses, and healthcare providers who transmit health information electronically.

Medi Trans as a Business Associate

A Business Associate is any person or company that works with or for a Covered Entity and handles PHI. Medi Trans is a Business Associate to the health plans it contracts with. We are legally required to protect PHI under a Business Associate Agreement (BAA).

HITECH Act & HIPAA Omnibus Rule

The HITECH Act strengthened HIPAA enforcement and increased penalties. The HIPAA Omnibus Rule expanded requirements to Business Associates and their subcontractors, requiring the same level of PHI protection as Covered Entities.

🚨

What is a HIPAA Breach?

Understanding violations and notification requirements

HIPAA Breach Definition

A HIPAA Breach is the access, use, or release of Protected Health Information (PHI) that is not allowed by HIPAA.

Breach Notification Rule

When a breach occurs, specific notifications are required:

    • Affected individuals must be notified
    • The U.S. Department of Health and Human Services (HHS) must be notified
    • If a breach affects 500+ individuals, the media must also be notified

Important

Even accidental or unintentional access to PHI that you were not authorized to see can constitute a breach. Always report suspected breaches immediately.
SECTION 2

Uses & Disclosures of PHI

Learn how Protected Health Information may and may not be shared.

Use of PHI

When PHI is accessed or reviewed within the organization. Example: A Medi Trans associate looks at a member's PHI to decide whether they are eligible for transportation services.

Disclosure of PHI

When PHI is shared outside the organization. Example: A Medi Trans associate shares information with a transportation provider so they may safely transport a member.
🚫

Examples of PHI Violations

Actions that violate HIPAA rules
    • Discussing a member's PHI with others who have no need to know (in person, on social media, by email, etc.)
    • Leaving a member's information in places that can be accessed by others (on desks, seats, etc.)
    • Selling or releasing medical information
    • Throwing away printed materials that may contain personal information (these items must be shredded)
    • Providing information to others without the permission of the member

Remember

It is NOT fine to simply throw away a member's PHI. All printed materials containing PHI must be properly shredded or disposed of according to policy.

Disciplinary Actions

Consequences of HIPAA violations
For transportation providers and other subcontractors, corrective actions that Medi Trans may take when HIPAA rules are broken are defined in the contract with your company, the Business Associate Agreement, and any other agreements between the organizations.
SECTION 3

Your Responsibility

What you must do to protect member information every day.
All associates, subcontractors, and vendors of Medi Trans are responsible for:
    • Preventing access to or use of PHI that is not allowed by HIPAA
    • Watching out for illegal use or release of PHI
    • Reporting illegal use or release of PHI to your supervisor or to Medi Trans' Privacy Office

Golden Rule

Protect a member's PHI as if it were yours!

🛡

Safeguarding PHI

Best practices for different situations

💻 Computer Security

Your computer or mobile device are the main tools you use to perform your job.
    • Never allow anyone to use your device
    • Never share your username or password
    • Never write down your password in an insecure place
    • Always lock your device when stepping away
    • Secure your laptop when leaving for the day
    • Always use a strong password

📧 Email

Email has security risks you should be aware of.
    • Do not email PHI unless needed for a specific task
    • Do not email PHI outside Medi Trans without permission
    • Never send PHI to personal email accounts
    • Use the IT encryption process when sending PHI externally
    • Ask your manager if you need encryption training

💬 Instant Messaging

Instant messaging is easy but not secure.
    • Do not chat about PHI through instant message
    • Do not send PHI or PHI-related documents through IM

🖨 Faxes

PHI by fax is risky. Fax only when absolutely necessary.
    • Use the standard cover sheet with the Confidentiality Statement
    • Double-check the fax number before sending
    • Check "sent" records for each fax with PHI
    • Report accidental misdirected faxes to the Privacy Office immediately

💼 Workspace

PHI should be stored in locked rooms, drawers, cabinets, or containers.
    • Never leave PHI documents around your workspace
    • Shred paper documents with PHI when no longer needed
    • Home offices must comply with all PHI security policies

🏢 Public Areas

Be aware of your surroundings with PHI in public.
    • Avoid talking about members' PHI in public
    • If unavoidable, do not use identifying information
    • Ensure others cannot see PHI documents and secure them before leaving

Common Privacy Mistakes

Avoid these frequent violations
    • Leaving your ID badge visibly unattended
    • Leaving private/protected health information out in the open at your workspace or public areas (copier/fax machines)
    • Leaving keys to lockable cabinets and doors in the lock
    • Leaving your computer unlocked and unattended
    • Leaving portable company devices (laptop or mobile device) out in the open and unattended
SECTION 4

HIPAA Compliance

Medi Trans' Privacy Office and how compliance is maintained.
🏢

Human Resource / Privacy Office

Your point of contact for HIPAA questions
HIPAA regulations require that Medi Trans designate a Privacy Office / Officer to perform specific privacy tasks. The Privacy Office is operated by the Director of Human Resources, in conjunction with the COO. This office oversees all activities related to developing, implementing, and maintaining our organization's privacy policies.
Brittany St. Julien
Director of Human Resources
📞 337.534.4484 ext. 105
📧 Privacy@CallMediTrans.com
Morgan Landry
COO
📞 225.892.7488
📧 MLandry@CallMediTrans.com

When to Contact the Privacy Office

Report any suspected HIPAA violation, accidental PHI disclosure, or if you have any questions about how to properly handle member information.
SECTION 5

Members' Rights

What rights members have regarding their Protected Health Information.
👥

Member Rights Under HIPAA

Understanding what members can request
Members have the following rights regarding their PHI:

📄 Limit Use of PHI

Members can request to limit the use or release of their Protected Health Information.

🔎 View & Correct PHI

Members can see the PHI we use to make decisions and request corrections if they see something wrong.

💬 Communication Preferences

Members can request that we communicate their PHI in a specific way.

👁 See Released PHI

Members have the right to see all of their PHI that we may have released.
📣

Member Complaints

How members can report privacy concerns
If a member thinks their privacy has been violated, they have the right to file a complaint. Members may contact Member Services to file a complaint and the Privacy Office will investigate. Members may also file a complaint directly with the U.S. Department of Health and Human Services.

Important Protections

    • We cannot interfere with members' rights to complain and express their opinions about their PHI
    • We cannot ask members to give up their rights in order to receive service
    • We may not intimidate, threaten, pressure, discriminate against, or retaliate in any way against members who file a complaint
FWA TRAINING

Fraud, Waste, & Abuse

Reducing inappropriate and wasteful use of federal funds. This training covers the key laws that protect federal healthcare programs.
1

The False Claims Act (FCA) & Deficit Reduction Act (DRA)

The Federal False Claims Act (FCA) protects the government from being overcharged or sold low quality goods or services. The FCA holds any person responsible who knows or has reason to think a claim is false, but submits it to the government for payment anyway.
NEMT Example
A transportation provider intentionally submits a claim for non-emergency transportation they know they did not provide. This transportation provider has committed fraud.

Deficit Reduction Act (DRA)

The DRA of 2005 is used to reduce Medicaid fraud and abuse. It applies to all healthcare providers receiving at least $5 million in payments from Medicaid every year.

⚠ Violation Penalties

    • Must pay the federal government three times the amount of damages caused
    • Civil penalties of $10,781 to $21,562 per violation
    • Banned from working on or participating in federal and state government contracts
📣

Qui Tam (Whistleblower Provision)

Reporting fraud and your protections
An important part of the False Claims Act is known as "qui tam." It allows any person or organization that has evidence of fraud against federal programs or contracts to file a lawsuit on behalf of the U.S. Government.

Incentive

Whistleblowers may be awarded a part of any money collected from a qui tam lawsuit.

Protection

Medi Trans has a zero-tolerance policy for retaliation against any employee or subcontractor who reports suspected FWA in good faith. Whistleblowers who face retaliation can seek double the amount of pay they would have received.
2

The Fraud Enforcement & Recovery Act (FERA)

The Fraud Enforcement and Recovery Act (FERA) was signed into law in 2009. FERA makes it easier for the government to investigate and punish those who violate the False Claims Act.
3

The Anti-Kickback Statutes (AKS)

In 1972, Congress passed the first Anti-Kickback rules to prevent fraud and outlaw dishonest behavior. These rules make it a crime for individuals or companies to offer, pay for, ask for, or receive something of value in exchange for referrals of business under federal healthcare programs.
NEMT Example
A transportation provider offers to pay customer service representatives to assign them more expensive trips.

⚠ AKS Penalties

    • Fines up to $25,000 each time the law is broken
    • A felony conviction with jail time, or both
    • Banned from working in or with federal healthcare programs
4

The Physician Self-Referral Law (Stark Law)

Physician self-referral is the practice of a doctor sending a patient to a medical facility that is owned by the doctor or the doctor's family member. The Stark Law makes this illegal. The main reason is to ensure that money or profits do not cause incorrect medical decisions.

⚠ Stark Law Penalties

    • Denial of payment from Medicare or Medicaid for services that violated the law
    • Any payment received for an illegal referral must be returned
    • Up to $15,000 fine for each service provided while breaking the law
    • Up to $100,000 fine for participating in a scheme that breaks the law
    • Banned from the Medicare and Medicaid programs
🏢

FWA Compliance Office

Report suspected fraud, waste, or abuse

Your Responsibility

It is your responsibility to report suspected Fraud, Waste, or Abuse to MediTrans FWA Compliance Office. Your report is strictly confidential and cannot be used against you in any way.
Brittany St. Julien
Director of Human Resources
📞 337.534.4484 ext. 105
📧 Fraud@CallMediTrans.com
Jon Lester
DOO
📞 337.346.3106
📧 JLester@CallMediTrans.com
ASSESSMENT

HIPAA & FWA Quiz

Answer all 7 questions correctly to pass. You must pass to access the attestation form.
Question 1 of 7

A HIPAA Breach is...

Question 2 of 7

What does PHI stand for?

Question 3 of 7

Which of the following could be considered part of PHI?

Question 4 of 7

It is fine to simply throw away a member's PHI.

Question 5 of 7

The False Claims Act...

Question 6 of 7

If a transportation provider intentionally submits a claim for non-emergency transportation they know they did not provide, this transportation provider has committed fraud.

Question 7 of 7

"Whistleblowers" are protected from...

FINAL STEP

Attestation

Sign and submit your HIPAA & FWA attestation to complete your training.
🔒

Attestation Locked

You must pass the assessment quiz with a score of 100% before you can access the attestation form.

✅ Attestation Submitted Successfully!

Your HIPAA & FWA training attestation has been submitted. A copy of your results and attestation has been sent to docs@meditrans.com.

You scored on the assessment quiz.