Show:
PHI & HIPAA
Access/Disclosures
Breaches/Penalties
100

What does PHI stand for?

Protected Health Information

100

At what age must the client give written consent to disclose SUD treatment information?

14

100

Who can be held responsible for a HIPAA Breach?

The organization as well as the individual whom committed the breach?

200

What forms of PHI are protected by HIPAA?

Paper, Electronic and Verbal

200

What is the standard for accessing patient information?

Only access the minimum necessary information needed for the performance of your job. 

200

Who does a HIPAA Breach Affect

The Client, The employee & The organization

300

Access to PHI is determined by: 

Your role in the organization. 

300

When are you authorized to access a co-workers medical record?

When you are directly involved in their care. 

300

How much time do we have to notify a client they have been affected by a breach?

60 Days

400
Who is responsible for protecting our clients and the organization from potential breaches?

EVERYONE! Breaches or Potential Breaches should be reported immediately by whoever discovers the incident. 

400
When is the patient's written authorization to release information required?
Anytime PHI is shared with anyone for reasons other than treatment, payment, or healthcare operations. 
400

What must be done if a breach affects greater than 500 people

Notify the OCR within 60 days and release a public statement regarding the breach

500
What are the types of safeguards we are required to have in place?

Physical, Technical & Administrative

500

What are exceptions to needing authorization?

Court Orders, addressing public health issues, or reporting Abuse/Neglect

500

How can a breach be reported

Immediately tell a supervisor/manager, director or the privacy officer or submit an RL 6