HIPAA
The HIPPA _____ Rule establishes national standards to protect individuals' medical records and other individually identifiable health information
What is the HIPAA Privacy Rule?
A person's demographic data, current or historical medical information, and current or historical billing information.
What is Protected Health Information (PHI)?
All workforce members employed by an organization that might use or disclose Protected Health Information.
Who is required to have HIPAA compliance training?
Any acquisition, access, use, or disclosure of protected health information (PHI) that compromises its security or privacy.
What is a breach of HIPAA?
Treatment, payment, healthcare operations
What are legitimate reasons to access PHI without consent?
The HIPAA _____ Rule specifies a series of administrative, physical, and technical safeguards for covered entities to assure the confidentiality, integrity, and availability of electronic protected health information.
What is the HIPAA Security Rule?
Data related to an individual's health condition, treatment or payment that is created, received, transmitted or stored electronically.
What is electronic Protected Health Information (ePHI)?
The title of the person responsible for HIPAA training.
Who is the Privacy Officer or the Security Office(r)?
Sharing your secure computer login and password, hacking incidents, unauthorized employee access, and impermissible use or disclosure of PHI.
What are examples of HIPAA breaches?
The right to view, make changes and obtain an accounting of disclosures for PHI.
What are patient rights to access their PHI?
Conducting regular risk assessments and employee training while also maintaining HIPPA policies and incident reports?
What are examples of Administrative Safeguards to protect PHI?
Accessing only information you need to do your job.
What is Minimum Necessary?
As long as policies or procedures related to the training (including sanctions policies) are in force plus six year.
What is how long HIPAA training documents must be maintained?
1. Unaware, 2. Unintentional due to lack of oversight, 3. Willful neglect but addressing the cause, 4. Willful neglect with no effort to address.
What are the four tiers/types of breaches of HIPAA PHI?
Sharing or receiving health information for the purposes of ensuring public health and safety.
What is disclosing or accessing health information for public health purposes?
A health plan, a health provider, a health clearing house and CCHHS.
What is a HIPAA covered entity?
Each covered entity, with certain exceptions, must provide this type of notice to all patients.
What is an organization's Notice of Privacy Practices?
Policies and Procedures and elements of the HIPPA Privacy and Security Rules.
What are the areas of HIPPA that staff need to be trained?
$141 - $2,134,831
What are the minimum and maximum HIPAA violation fines (updated August 2024)?
An entity that provides a service for or on behalf of a CCHHS that may come across our PHI and must have an agreement that requires compliance with the HIPAA Privacy Rule standard.
What is a Business Associate?
Locking doors, cabinets and workstations; wearing identification badges; and using keypad entries and confidential passwords.
What are Physical Safeguards to protect PHI?
Written, oral, electronic information that identifies an individual
What are the means/forms of maintaining or transmitting PHI?
Promoting, understanding and contributing to an environment of HIPAA compliance as all of our responsibility.
What is creating a culture of compliance and data security?
Filling out an incident report when you notice something that could become a HIPAA Breach so we have a chance to fix it.
What is reporting a near miss?
Prohibition on PHI use and disclosure for identifying, investigating, or prosecuting merely for seeking, obtaining or providing reproductive health
What is the 2024 HIPPA Reproductive Health Rule?