HIPAA Basics
This federal law, enacted in 1996, protects the privacy and security of health information.
What is HIPAA?
PHI stands for this.
What is Protected Health Information?
Individuals must receive this document explaining how their PHI will be used.
What is a Notice of Privacy Practices?
A Business Associate is any person or organization that does this with PHI on behalf of a covered entity.
What is creates, receives, maintains, or transmits PHI?
This rule sets standards for protecting electronic PHI.
What is the HIPAA Security Rule?
These three types of organizations are considered “covered entities” under HIPAA.
What are health plans, healthcare providers, and healthcare clearinghouses?
Give one example of PHI.
What is a medical record number (or name, address, SSN, etc.)?
This right allows individuals to request corrections to their health information.
What is the Right to Request Amendments?
Name one example of a Business Associate.
What is a billing company (or cloud storage provider, HR vendor, etc.)?
Covered entities must notify affected individuals within this timeframe after a breach.
What is 60 days?
This agreement ensures vendors handling PHI comply with HIPAA.
What is a Business Associate Agreement (BAA)?
PHI relates to three things: health condition, healthcare provision, and this.
What is payment for healthcare services?
Individuals can request this list showing who accessed their PHI outside of treatment, payment, or operations.
What is an Accounting of Disclosures?
This contract is required between a covered entity and a business associate.
What is a Business Associate Agreement (BAA)?
Name one safeguard type under HIPAA.
What is administrative, physical, or technical safeguard?
HIPAA gives individuals this right to review and obtain copies of their health records.
What is the Right to Access?
True or False: PHI only applies to electronic records.
What is False?
HIPAA forbids this type of action against someone who files a complaint.
What is retaliation?
Without a BAA, sharing PHI is considered this.
What is a HIPAA violation?
The maximum prison term for knowingly violating HIPAA with intent to sell or harm is this.
What is 10 years?
Under HIPAA, this standard requires sharing only the minimum PHI necessary for a task.
What is the Minimum Necessary Standard?
This rule requires PHI to be safeguarded electronically, physically, and administratively.
What is the HIPAA Security Rule?
Providers must respond to access requests within this timeframe.
What is 30 days (with one possible 30-day extension)?
Business Associates are directly liable for this under HIPAA.
What is HIPAA violations?
Civil monetary penalties for HIPAA violations can reach this annual cap.
What is $2,134,831?