HIPAA Basics
HIPAA is applicable primarily to these entities.
What are Covered Entities? For extra 100 Points- business associates too!
Business associates must obtain contracts with these entities.
What are subcontractors?
HIPAA Security refers to what.
What is electronic versions of PHI and how to protect it?
The name of the person you should ask compliance questions of.
Who is your Privacy Officer or Security Officer for ePHI?
My predecessor's daughter has this interesting compliance name.
Who is ERISA?
These contracts are required to be signed with all self-funded health plan clients.
Business Associate Agreement
This controls the majority of HIPAA obligations for a business associate.
What is a Business Associate Agreement?
Lisa Nelson
Who is the Leavitt Group Health Plan HIPAA Privacy Officer?
The location where you can find HIPAA compliance resources.
What is the Shared Drive and intranet?
Orange
Knock knock whose there?
This standard requires those using and disclosing PHI to do so using the least amount of PHI required to get the task done.
What is the minimum necessary standard?
If sending an email with PHI to the wrong recipient, this is what I must do.
What is notify the Privacy Officer who will take any necessary action?
I must click which button to ensure emails with PHI and PII are sent secure.
What is the encrypt button?
Sample business associate agreements can be found here.
What is the EB Resources Center HIPAA folder - internal?
To get to the other side.
Why did the chicken cross the road?
A method used to remove identifiers from PHI so that the PHI can then be used without an authorization form.
What is de-identification?
I must obtain this in order to share PHI with a third-party, not the owner of the PHI.
What is an authorization form?
True or false. Data warehouses or cloud based storage do not need a Business Associate Agreement.
False. If storing or using PHI or PII, a subcontractor BAA is recommended.
This person will review changes to the BAA.
Who is your HIPAA Privacy Officer Lisa Nelson?
True or False: You cannot snore and dream at the same time.
False
Self-funded plans, including self-funded components (e.g., some HSA, HRA, EAP & FSA) must comply with HIPAA by doing (at least) the following five things. Whomever gets the most gets the win!
1. Risk Assessment
2. HIPAA Policies & Procedures
3. Documented HIPAA training
4. Business Associate Agreements
5. Authorization Form
I must do this biannually to help my agency comply with HIPAA.
What is training?
Double checking recipient email address and consider whether the message makes sense/is spelled correctly.
What are things to consider when receiving emails with attachments in order to avoid phishing scams?
This is required in order for carriers to share PHI with the Plan.
What is the standards clause or HIPAA plan certification?
HIPAA-Crite
What do you call someone who wants to keep their information private but overshares others'?