Covered Entities
Entities covered by the privacy and security rules includes what?
What is? healthcare plans, healthcare providers, healthcare clearinghouses and business associates of covered entities.
The privacy rule requires the following administrative safeguards to ensure what?
What is? to ensure that PHI is not compromised.
The security rule portion of hippa requires what?
What is? that administrative physical and technical safeguards are in place to prevent the improper use or disclosure of PHI.
The security rule requires certain technical safeguards , which are what?
What is? access controls and audit controls.
As a general rule a covered entity may not use or disclose protected health information for purposes other than what?
What is? treatment or case management
A covered entity may not use or disclose protected health information except what?
What is? as the individual authorizes in writing or as the hippa privacy rule permits or requires.
What is a privacy officer?
What is? to be responsible for the development and implementation of privacy policies and the receiving of complaints.
Applying appropriate sanctions against employees who fail to comply with hippa policies and procedures is what policy?
What is? sanction policy
What is data authentication ?
What is? controls to help ensure that health data has not been altered in an unauthorization manner.
New healthcare developments would not be considered what?
What is? marketing under the privacy rules.
What should covered entities rely on?
What is? professional ethics and best judgements in deciding which of these permissive uses and disclosures to make.
What are the requiring business associates to confirm that they will protect PHI?
What is? lawyers consultants auditors , billing companies, and pharmacists.
What is the plan for responding to system emergencies including the performance of backups , emergency mode operations , and disaster recovery procedures?
What is? contingency plan
Sending PHI VIA EMAIL and fax according to the security rule is what?
What is? it is permissible to use the internet to transmit PHI as long as an acceptable method of ecryption is used to protect confidentially.
The privacy rule allows incidental disclosures of PHI as long as what?
What is?as long as the covered entity uses reasonable safeguards and adheres to the minimum necessary standard.
The privacy rule requires a covered entity to what?
What is? provide patients with a notice of privacy practices (NPP).
What is tracking?
What is? developing a system to track who accessed what information.
What is information system activity review?
What is? implement procedures to regularly review records of information system activity , such as audit logs, access reports, and security incident tracking reports.
What is person or entity authentication?
What is? controls to ensure that data is sent to the intended recipient and received by the intended party.
Define HiIPPA?
What is? a consent form for patient confidentiality
When using or disclosing PHI or when requesting PHI from another covered entity must make what?
What is? reasonable efforts to limit PHI to the minimium necessary.
What is the meaning of violations?
What is? implementing rules for addressing violations of privacy, security and transaction regulations , preventing retaliation against anyone who reports a hippa violation.
What is the purpose for security procedures?
What is? instructions for reporting and dealing with security breaches.
Name two controls for technical safeguards?
What is? access controls and audit controls.
What if someone violates hippa rules?
What is? there can be serious consequences, the violator may face disciplinary actions, termination of employment, and lawsuits from patients.