HIPAA New Hire Orientation

HIPAA FAQ

Components of HIPAA

Authorization

HIPAA VIOLATIONS / BREACHES

PATIENT RIGHTS / MINIMUM NECESSARY STANDARD

100

H-Health I-Insurance P-Portability A-Accountability A-Act

What does HIPAA Stand for?

100

It defines how BA and CE may use and disclose PHI

What does the Privacy Rule do?

100

A form that the patient or legal representative would need to fill out and sign when requesting a copy of the patient's PHI to be released/disclosed to themselves or another person/entity.

What is an Authorization?

100

Everyone is responsible for reporting.

Who is responsible for reporting a possible incident?

100

Notice of Privacy Practices

What does NOPP stand for?

200

1) Privacy 2) Security 3) Electronic Data Interchange (EDI)

What are three (3) components of HIPAA?

200

Specifies safeguards for PHI and addresses protections of ePHI.

What is the Security Rule?

200

For the purpose of: Treatment Payment Operations

In what instances does HIPAA allow disclosure of PHI without an AUTHORIZATION?

200

24 Hours

How long do you have to report a possible HIPAA violation once you become aware of it?

200

It contains the list patient rights, How to contact and file a complaint with the organization.

What are some items listed in the NOPP?

300

Protected Health Information

What does PHI stand for?

300

1) Administrative 2) Technical 3) Physical

What are the three (3) safeguards under the security rule to protect the Confidentiality, Storage and Accessibility of ePHI?

300

Photo ID and a minimum of two identifiers such as name, date of birth, address, phone.

How do we verify a patient's identity in person?

300

Shauntara Jones, Privacy Officer Paul Daly, Security Officer

Who is the Privacy Officer and Security Officer for AltaMed Healthcare Servicers?

300

When there is job-related need only.

When is it appropriate to access the patient's electronic medical records?

400

Everyone is responsible.

Whose responsibility to help keep protected health information secure and private?

400

Defines the format of electronic transfers of information between provider and payers/business associates.

What does EDI do?

400

Minors, can consent.

Who can consent for treatment of Minors ages 12-17 as it relates to sensitive services?

400

Contact your direct report Fill out a HIPAA Incident Report Call or Email the Privacy Officer and or Security Officer

How do you report a possible HIPAA violation?

400

Minimum Necessary Standard

Which standard ensures that we only use the minimum necessary information related to a job related task?

500

To protect the privacy and security of patient information.

What is the purpose of HIPAA?

500

1) Privacy Rule - April 2003 2) Security Rule - April 2005

When did the Privacy & Security Rule become effective?

500

A person that is authorized applicable law, has the authority to act on behalf of a patient in making decisions related to health care.

What is a Legal Representative?

500

Providing an unauthorized individual with identifiable medical information verbally, written or in electronic form.

Definition of a HIPAA Violation/Breach?

500

1) Access 2) Amend 3) Accounting of Disclosures 4) Restrictions 5) Communications 6) Complian

What are the HIPAA related patient rights summarized in the NOPP?