HIPAA Basics
This is what HIPAA stands for.
What is the Health Insurance Portability and Accountability Act?
The HIPAA Privacy Rule protects this type of health information.
What is individually identifiable health information?
PHI stands for this.
What is Protected Health Information?
Accessing patient records without a valid reason is this type of HIPAA violation.
What is unauthorized access?
HIPAA violations can result in both this type of penalty and criminal charges.
What are civil penalties?
HIPAA was enacted in this year.
What is 1996?
Covered entities must provide this document to patients, outlining how their health information may be used.
What is Notice of Privacy Practices?
This common identifier is considered PHI under HIPAA.
What is a patient's name, address, or phone number?
Leaving patient files visible on a desk in a public area violates this HIPAA principle.
What is the minimum necessary standard?
The maximum penalty for a single HIPAA violation.
What is $1.5 million per year?
This government department is responsible for enforcing HIPAA.
What is the Department of Health and Human Services?
Under the HIPAA Privacy Rule, patients have the right regarding their health information.
What is the right to access and receive a copy of their health information.
Health information must be associated with this to be considered PHI.
What are identifiers that could be used to identify an individual?
Sharing patient information on social media without consent is a violation of this.
What is the HIPAA Privacy Rule?
Penalties are divided into this many tiers based on the nature of the violation.
What is 4 tiers?
These 3 types of organizations are considered "covered entities" under HIPAA.
What are healthcare providers, health plans, and healthcare organizations.
This rule sets national standards for the security of electronic protected health information.
What is the HIPAA Security Rule.
This type of health information is not protected by HIPAA.
What is de-identified health information?
This common office practice can lead to HIPAA violations if not done securely.
What is disposing of documents containing PHI?
This factor is considered when determining the penalty for a HIPAA violation.
What is the organization's level of culpability?
This 2009 act significantly strengthened HIPAA enforcement.
What is the HITECH (Health Information Technology for Economic and Clinical Health) Act?
This is the minimum time that covered entities must retain HIPAA-related documentation.
What is 6 years?
Under HIPAA, genetic information is considered this type of information.
What is PHI?
A breach affecting 500 or more individuals must be reported to HHS and the media within this timeframe.
What is 60 days?
In addition to monetary fines, covered entities that violate HIPAA may be required to do this.
What is implement a corrective action plan?