Disaster Planning
HIPAA Security Rule
HIPAA Training Requirements/Resources
HIPAA Safeguards
HIPAA Security Breaches
100
An unexpected event or situation that affects a company financially or professionally. Usually a negative occurrence, and most likely unexpected (Duff, 2016).
What is a contingency
100
Patient safety and protected health information are aspects of this ("Self Assessment-Contingency Planning," 2014).
What is HIPAA compliance
100
Teaching and preparation provided by covered entities and business associates for staff and healthcare workers who handle protected health information (Solove, 2014).
What is HIPAA training
100
These are three key components of HIPAA safeguards ("HIPAA Security Rule," n.d.)
What is physical, technical and administrative safeguards
100
Inexcusable use or disclosure of information that compromises privacy and security of PHI and poses a risk for physical, reputation or financial harm to a patient (Robichau, 2014).
What is a breach
200
A blueprint or design a hospital has set in place in case of an internal or external disaster, facility destruction, or breach of personal health information (PHI) (Vesely & Hoppszallern, 2014).
What is a contingency plan
200
This focuses on electronic Protected Health Information (ePHI) and requires implementing physical, administrative and technical safeguards ("HIPAA Security Rule," n.d.)
What is the HIPAA Security Rule
200
In this course health care workers must take include topics such as identifying PHI, instructions on how PHI can be disclosed, minimum necessary rule, the significance of confidentiality and keeping a record of disclosures (Solove, 2014).
What is HIPAA Privacy Training
200
An example of this includes a locked file cabinet with protected health information ("HIPAA Security Rule," n.d.)
What is a physical safeguard
200
This is a requirement that entities covered by the HIPAA law must notify patients, the Secretary of the U.S. Department of Health and Human Services (HHS) of theft, loss, disclosure or violation of unsecured PHI (Robichau, 2014).
What is the Breach Notification Rule
300
Staff training and plans set in place for unplanned occurrences including disasters, privacy breaches, hard drive crashes, etc. (Vesely & Hoppszallern, 2014).
What is an emergency operations plan
300
Ensures integrity, confidentiality, and accessibility of protected health information (PHI) electronically ("Self Assessment-Contingency Planning," 2014).
What is specifications of the HIPAA Security Rule
300
This employee training program teaches the topics of security awareness, security reminders including updates, downloading mal-ware software, monitoring log-ins and managing passwords (Solove, 2014).
What is HIPAA Security Training
300
An example of this includes a hospital's policies and procedures manual ("HIPAA Security Rule," n.d.)
What is an administrative safeguard
300
These departments must promptly be notified a breach of unsecured PHI that affects over 500 patients (Robichau, 2014). The media as well may need to be notified depending on the severity of the breach.
What is the Secretary of Health and Human Services (HHS) and Office for Civil Rights (OCR)
400
Situations occurring where healthcare workers and clinical staff can not access the computer charting system due to software failure, power outages, or natural disasters ("Self-Assessment-Contingency Planning," 2014).
What is Electronic Health Record (EHR) unavailability
400
A self-assessment survey to help hospitals and other healthcare organizations comprehend HIPAA and the security rule and thus implement its requirements ("The Security Rule," n.d.)
What is the NIST HIPAA Security Toolkit Application
400
Penalties of up to $1.5 million dollars for each violation of HIPAA and include data breaches, audits, etc. The result of these fines is due to this: (Solove, 2014).
What is consequences of inadequate HIPAA training for employees
400
An example of this includes a computer password or an encrypted file ("HIPAA Security Rule," n.d.)
What is a technical safeguard
400
These are steps that a covered entity must take in the event of a breach of privacy. The entity must notify the affected patients within 60 days of occurrence. They must also notify the media as well as the department of Health and Human Services ("Breach Notification Rule," n.d.)
What is Breach Notification Requirements
500
Establishing proper electronic practices and policies, including appropriate downtime procedures, and creating teamwork between staff and clinicians ("Self Assessment-Contingency Planning," 2014).
What is the Electronic Health Record (EHR) safety and effectiveness program
500
The administration responsible for releasing yearly guidance on necessities of the HIPAA Security Rule. This administration releases regulations on the implementation of suitable safeguards to secure electronic ePHI ("Guidance on Risk Analysis," n.d.)
What is the Office for Civil Rights (OCR)
500
This training program was founded by Professor Solove, a law professor at George Washington University Law School. The program includes information security and privacy awareness training, phishing and HIPAA training, as well as training on other security and privacy topics (Solove, 2014).
What is the Teach Privacy Program
500
This worksheet or agenda allows covered entities to double check that safeguards for securing ePHI have been implemented or addressed ("IHS HIPAA Security Checklist," n.d.)
What is a HIPAA Security Checklist
500
The number of states that have laws and legislation requiring government, education and private entities to notify patients of a security breach in PHI. Three states are exempt from these laws ("Security Breach Notification Laws," 2016).
What is 47 US States
M
e
n
u