HIPAA Basics
The acronym HIPAA is
What is Health Insurance Portability and Accountability Act?
Unauthorized acquisition, access, use, or disclosure of
PHI which compromises its security or privacy
What is breach?
Regulates maintenance and
transmission of electronic protected
health information (ePHI) rather than
regulating all PHI (paper, electronic,
oral)
What is the HIPAA
Security Rule ?
HITECH stands for
What is Health Information Technology for Economic and Clinical Health?
A written permission signed by the patient or the patient’s personal representative (e.g., a parent) to allow a Covered Entity to Use or Disclose a patient’s PHI for reasons generally not related to Treatment, Payment or Healthcare Operations
What is Authorization
Gives legal precedence to
federal law when it conflicts with state law
What is preemption?
Something that does not require or prescribe certain technologies
What is Technology neutral ?
The HITECH Act was made to
What is encourage healthcare providers to adopt electronic health records and improve privacy and security protections for healthcare data
The 3 types of Disclosure are
What is No Authorization Required, No Authorization Required, but Must Give Opportunity to Object, Authorization Required?
Three primary documents inform
patients and give them some control
over their PHI
What is Notice of Privacy Practices, Authorization, Consent?
The five Security Rule standards are
What are Physical safeguards, Technical safeguards, Administrative safeguards, Organizational requirements, Policies and procedures and
documentation requirements?
HITECH is a part of which Act
What is the American Recovery and Reinvestment Act (ARRA)?
Covered entities under HIPAA include:
What is Health Care Providers, Health Plans, Health Care Clearinghouses & Business Associates?
Three exceptions to breach definition
What is Unintentional acquisition, Inadvertent disclosure, Recipient unable to retain the information?
The four physical safeguard standards are
What is Facility access controls, Workstation use, Workstation security, Device and media controls?
HITECH has strengthened HIPAA by
What is implementing safeguards to keep health information private and confidential, restricting uses and disclosures of health information and were honoring their obligation to provide patients with copies of their medical records on request ?
Name 5 PHI identifiers
What is Names, Addresses including Zip Codes, All Dates, Telephone & Fax, Numbers, Email Addresses, Social Security Numbers, Medical Record Numbers, Health Plan Numbers, License Numbers, Vehicle Identification, Numbers, Account Numbers, Biometric Identifiers, Full Face Photos, Identifying Number, Characteristic, or Code? (Only have to name 5)
Two situations where Use and disclosure required without individual authorization
What is
Individual or representative requests access
to PHI or accounting of disclosures of PHI
and
US Department of Health and Human
Services is conducting an investigation,
review, or enforcement action?
The Nine administrative safeguard standards are
What is
•Security management process
• Assigned security responsibility
• Workforce security
• Information access management
• Security awareness and training
• Security incident procedures
• Contingency plan
• Evaluation
• Business associate contracts and other arrangements ?
The 4 subtitles of HITECH are
What is Promotion of Health Information Technology, Testing of Health Information Technology, Grants and Loans Funding, Privacy ?