Legal Stuff
In 1996, this act was created to ensure the privacy and security of protected health information.
What is the Health Insurance Portability and Accountability Act?
U.S. Department of Health & Human Services [USDHHS], Office for Civil Rights [OCR]. (2013). Summary of the HIPAA security rule. Retrieved from https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
This rule sets national standards for the security of electronic Protected Health Information (ePHI).
What is Security Rule?
U.S. Department of Health & Human Services [USDHHS], Office for Civil Rights [OCR]. (2013). Summary of the HIPAA security rule. Retrieved from https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
These rules protect the privacy of individually identifiable health information; establishes national standards for the protection of certain health information; and addresses the use and disclosure of PHI as well as standards for individuals’ privacy rights to understand and control how their health information is used and shared.
What are Privacy Rules?
The Office of the National Coordinator for Health Information Technology. (2015). Guide to privacy and security of electronic health information. Retrieved from https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf
You are logged into a workstation in your patient’s room when you remember you forgot one of the patient’s medications; it is in your best interest to...
What is secure the workstation by logging out of the EMR?
Robichau, B. P. (2014). Healthcare Information Privacy + Security. Apress: New York, NY.
p. 112
Protected health information disclosure the poses a significant risk to the affected individual.
What is a breach?
Robichau, B. P. (2014). Healthcare Information Privacy + Security. Apress: New York, NY.
p. 171
This rule requires covered entities (CEs) and business associates (BAs) to provide notification following a breach of unsecured Protected Health Information (PHI).
What is a breach notification rule?
The Office of the National Coordinator for Health Information Technology. (2015). Guide to privacy and security of electronic health information. Retrieved from https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf
Prior to a cyber-attack, breach of protected health information or a natural disaster, it is important for each covered entity and business associate to have this in place.
What is a contingency plan?
The Office of the National Coordinator for Health Information Technology. (2015). My entity just experienced a cyber-attack! What do we do now? Retrieved from https://www.hhs.gov/sites/default/files/cyber-attack-checklist-06-2017.pdf
Maintaining a copy of protected health information on a server that is maintained both on and off site is a method of...
What is backing up data?
The Office of the National Coordinator for Health Information Technology. (2015). Guide to privacy and security of electronic health information. Retrieved from https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf
To ensure safety of the electronic medical record these should be of a specific length and complexity and changed at least every 90 days.
What is a password?
Robichau, B. P. (2014). Healthcare Information Privacy + Security. Apress: New York, NY.
p. 120
You have had multiple breaches this year but your max payout cannot be more than.
What is $1.5 million?
The Office of the National Coordinator for Health Information Technology. (2015). Guide to privacy and security of electronic health information. Retrieved from https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf
The protected information has gotten out, now we will investigate.
Who is the Office of Civil Rights (OCR)?
Robichau, B. P. (2014). Healthcare Information Privacy + Security. Apress: New York, NY.
p. 172
The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical these for protecting e-PHI.
What are safeguards?
Robichau, B. P. (2014). Healthcare Information Privacy + Security. Apress: New York, NY.
p. 23
It is important to always maintain developer documentation that provides contact information and the serial numbers of your server and other hardware and software used, etc. An even more important to keep one copy offsite in a secure place. In case of a...
What is a disaster?
The Office of the National Coordinator for Health Information Technology. (2015). Guide to privacy and security of electronic health information. Retrieved from https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf
Before storing and sending protected health information by mobile device and/or email it is best to make the information has an...
What is encryption?
Official Website of The Office of the National Coordinator for Health Information Technology (ONC). (2019). How Can You Protect and Secure Health Information When Using a Mobile Device? Retrieved from https://www.healthit.gov/topic/privacy-security-and-hipaa/how-can-you-protect-and-secure-health-information-when-using-mobile-device
The media must now be notified because you have allowed this many people protected health information to breached.
What is 500?
Robichau, B. P. (2014). Healthcare Information Privacy + Security. Apress: New York, NY.
p. 172
This provision was created by the American Recovery and Reinvestment Act (ARRA) detailing the legal and legislative guidelines for healthcare information privacy and security. It's meaningful.
What is the Health Information Technology for Economic and Clinical Health Act (HITECH Act)?
Robichau, B. P. (2014). Healthcare Information Privacy + Security. Apress: New York, NY.
p. 19
When you conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity, you are performing a...
What is a risk analysis?
Official Website of The Office of the National Coordinator for Health Information Technology (ONC). (2017). Guidance on Risk Analysis. Retrieved from https://www.hhs.gov/hipaa/for-professionals/security/guidance/guidance-risk-analysis/index.html?language=es
This is given to patients to describe the ways in which the covered entity may use and disclose protected health information.
What is a Notice of Privacy Practice?
The Office of the National Coordinator for Health Information Technology. (2015). Guide to privacy and security of electronic health information. Retrieved from https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf
Before discarding, repurposing, or reusing a computer or mobile device that has protected health information it is mandatory to due this to prevent disclosure of information.
What is delete the data?
Official Website of The Office of the National Coordinator for Health Information Technology (ONC). (2019). How Can You Protect and Secure Health Information When Using a Mobile Device? Retrieved from https://www.healthit.gov/topic/privacy-security-and-hipaa/how-can-you-protect-and-secure-health-information-when-using-mobile-device
I knew the act would lead to the disclosure of the protected health information.
What is willful neglect?
Robichau, B. P. (2014). Healthcare Information Privacy + Security. Apress: New York, NY.
p. 19
The HIPAA Security Rule has requirements that these must be included to specify the what and how things should be handled.
What are policies and procedures?
The Office of the National Coordinator for Health Information Technology. (2015). Guide to privacy and security of electronic health information. Retrieved from https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf
When a covered entity makes reasonable efforts to use, disclose, and request only the amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request.
What is minimal necessity?
U.S. Department of Health & Human Services [USDHHS], Office for Civil Rights [OCR]. (2013). Summary of the HIPAA privacy rule. Retrieved from https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html
In order to ensure that privacy is maintained and protected and the electronic medical record and protected health information are secure and that all the mechanisms are working properly; you must...
What is test your plan?
The Office of the National Coordinator for Health Information Technology. (2015). Guide to privacy and security of electronic health information. Retrieved from https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf
Your colleague is having trouble signing into the workstation and asks you to sign-in so he/she can review a patient’s labs; you say no and instruct her to...
What is call technical support?
Or
What is call the help desk?
Robichau, B. P. (2014). Healthcare Information Privacy + Security. Apress: New York, NY.
p. 135
You have accessed the chart of a famous person that is in the hospital but is not your patient; when asked about it by management you deny doing so, but management produces this that says otherwise.
What is an audit log?
Robichau, B. P. (2014). Healthcare Information Privacy + Security. Apress: New York, NY.
p. 61