HIPAA 101
HIPAA stands for this
What is the Health Insurance Portability & Accountability Act of 1996
PHI stands for this
The HIPAA Privacy Rule
What is the rule that requires appropriate safeguards to protect the privacy of PHI and sets limits on uses and disclosures that may be made without an individual’s authorization?
The HIPAA Security Rule
What is the rule that sets national standards for the security of electronic protected health information?
An unauthorized acquisition, access, use or disclosure of protected health information
What is a breach?
These three types of organizations need to comply with HIPAA
What are health plans, healthcare professionals, and healthcare clearinghouses
A person’s name, birth date, email address, and SSN are all examples of this
What is PHI?
What you should do before you walk away from your computer
What is lock it or turn it off?
True or False – It’s totally fine to plug your phone into your computer to charge it
What is False?
You must do this if you send an email with PHI to the wrong recipient
What is notify the Privacy Officer, immediately?
The minimum amount of time that we must retain HIPAA-related documentation
What is 6 years?
What you need if a HR representative reaches out on a participant’s behalf to assist with an issue
What is a HIPAA Authorization Form?
What you should do with unneeded sensitive information in paper form
What is shred it?
This standard requires those using and disclosing PHI to do so using the least amount of PHI required to get the task done
What is the Minimum Necessary Rule?
A breach affecting 500 or more individuals must be reported to HHS and the media within this timeframe
What is 60 days?
This government department is responsible for enforcing HIPAA
What is the Department of Health and Human Services?
A contract that must be signed between the Trust and its service providers who use/disclose/access PHI prior to such u/d/a
What is a Business Associate Agreement?
Self-funded plans must comply with HIPAA by doing (at least) these five things
What are a risk assessment, implementing HIPAA policies and procedures, documented training, getting BAAs, and obtaining complete authorization forms?
The Security Officer must do this on a regular basis as required by HIPAA
What is a risk analysis: analyze and identify gaps in network security?
The potential legal consequences of a breach
What are civil penalties up to $2,1134,831 per violation, criminal fines up to $250,000 and up to 10 years imprisonment, and corrective action plans to address deficiencies?
HITECH stands for this
What is the Health Information Technology for Economic and Clinical Health Act, a federal law enacted in 2009 to promote the use of health information technology?
Four components of a valid authorization form
What are name of participant, name of recipient, expiration date, signature and date, description of information being disclosed?
A collection of medical and health information about an individual that is maintained by or for the Trust to make decisions about individuals
What is a Designated Record Set?
What you call someone who wants to keep their information private but overshares others’ information
What is a HIPAA-Crite?
This factor is considered when determining the penalty for a HIPAA violation
What is the organization’s level of culpability (4 tiers civil, 3 tiers criminal)?