Use and Disclosure
The acronym PHI stands for
What is Protected health information
Stems from sharing of private information in confidence with someone else
What is Confidentiality?
Under the HIPAA Privacy Rule, a covered entity includes a:
What are
•Healthcare providers that conduct financial or administrative transactions electronically
•Health plans
•Healthcare clearinghouses
_____ is a document that provides a complete description to patients about how PHI is used in a covered entity.
What is the Notice of privacy practices
Identify a covered entity under the HIPAA Privacy Rule.
-healthcare organization (hospital, doctor office, clinic, SNF, etc)
-pharmacy
-dentist offices
Which of the following statements regarding the notice of privacy practices is true?
It must be provided to every individual at the first time of contact or service with the covered entity.
“right to be let alone”
What is Privacy?
HIPAA stands for
•Health Insurance Portability and Accountability Act (HIPAA) of 1996
Identify the number of days a covered entity has to respond to an individual’s request for access to PHI under HIPAA rules:
What is 30 days
Under the HIPAA Privacy Rule, what types of records can be denied when an individual asks to see his or her own health information
psychotherapy notes
(the physician must be consulted to approve or deny the request, because the doctor must determine if the notes would detriment to harm the patient.)
When a covered entity receives a requests from individuals who wish to access their PHI , they may ask for a...
A cost-based fee may be charged for making a copy of the PHI.
Does not identify the individual
What is Deidentified information
•Within the Department of Health and Human Services
What is the Office of the National Coordinator for Health Information Technology (ONC)
Identify the number of days a covered entity has to respond to an individual’s request for access to his or her PHI when the PHI is stored off-site
What is 60 days
Identify the situation where a covered entity provides an appeal process for denial to requests from individuals to see their own health information.
When a licensed healthcare professional has determined that access to PHI would likely endanger the life or safety of the individual
Which of the following situations requires the patient’s authorization?
Giving the name of an expectant mother to a baby formula manufacturer
how an organization avails itself of information internally
What is Use?
Identify a patient’s right under HIPAA
Right to request an amendment of the health record
The HIPAA Privacy Rule requires that covered entities limit use, access, and disclosure of PHI to the least amount necessary to accomplish the intended purpose. This concept is _____.
What is minimum necessary
Which of the following is an example of unsecured PHI?
PHI that technology has not made unusable, unreadable, or indecipherable to an unauthorized person
Under the HIPAA Privacy Rule, when an individual asks to see his or her own health information, a covered entity _______________.
What is Can deny access to psychotherapy notes
how information is disseminated outside an organization
Type of records are subject to the HIPAA privacy rule
PHR vendors that are not part of a covered entity or business associate must report PHI breaches to ______________.
The Federal Trade Commission
Which of the following is a true statement about the facility directory?
Individuals must be given an opportunity to deny permission to place information about them in the directory.