Acronyms and Definitions
HIPAA
What is Health Insurance Portability and Accountability Act
Name BHSET's Privacy Officer
Who is William Toon
What do the Privacy Regulations seek to do?
What is establish that health information must be kept confidential.
CE
What is Covered Entity
Name at least 6 of the 18 personal identifiers
What is:
1. Names
2. Geographic subdivisions smaller than a state
3. Telephone numbers
4. Fax numbers
5. E-mail addresses
6. Social Security numbers
7. Medical record numbers
8. Health plan beneficiary numbers
9. Account numbers
10. All elements of dates (except year) for dates related to and individual including, birth date, admission date, discharge date, date of death, all ages of 8 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older.
11. Certificate/license numbers
12. Vehicle identifiers and serial numbers, including license plate numbers
13. Device identifiers and serial numbers
14. URLs
15. IP address numbers
16. Biometric identifiers, including finger and voice prints
17. Full face photographic images and any comparable images
18. Any other unique identifying numbers, characteristics, or codes
Minimum Necessary
refers to reasonable efforts made to limit the use, disclosure, or requests for PHI to the minimum necessary to accomplish the intended purpose
Name BHSET's Compliance Officer
Who is Deborah Verret
Privacy is the goal whereas _______ is the means to that end.
What is security
E-PHI
What is Electronic Protected Health Information
Name at least 2 circumstances under which protected health information my be disclosed without a client's consent or authorization
What is
1. disclosures required by law
2. permitted disclosures for public health activities (such as reporting diseases, collecting vital statistics, etc)
3. disclosures about victims of abuse, neglect or domestic violence.
4. health oversight activities
5. disclosures for judicial or administrative proceedings
6. disclosures for law enforcement purposes
7. use and disclosure for research purposes
8. disclosures to avert a serious threat to health or safety
EHR
What is Electronic Health Record
What team is responsible for overseeing the investigation into unexpected outcomes and events or incidents that have been reported?
Who is the Variance Committee.
True or False: Isolated incidents readily attributable to common non-malicious behavior that is determined to be non-threatening to BHSET's corporate information assets, such as typographical errors and forgotten passwords are classified as a Level 1 security incident
What is True
OIG
What is Office of the Inspector General
All release of medical records are to be handled by what department?
What is Medical Records
Define the term Business Associate
What is....
A person or entity who provides certain functions, activities or services for the CE involving the use and/or disclosure of protected health information, other than a member of the CE's workforce.
In conjunction with the Privacy and Information Security Officers, what team is responsible for overseeing the privacy and security activities of BHSET?
What or who is the Corporate Compliance Committee
_______ is the process to ensure accurate, reliable data is accessible to only those who are authorized to access it.
What is cybersecurity
OCR
Office of Civil Rights
Protected health information includes information about...(name at least 1)
What is:
1. A person's health, health care, or payment of healthcare (including mental and behavioral health issues)
2. Information that identifies a person
3. Services crated or received by a covered health care plan or provider.
Name BHSET's Information Security Officer
Who is Derek Spangler
Password sharing is classified as a level ___ security incident.
What is level 3 (the highest level)
HITECH
What is Health Information and Technology for Economic and Clinical Health Act