Acronyms
HIPAA is a federal law enacted in the Unites States in 1996 as an attempt at incremental healthcare reform. What does HIPAA stand for?
What is: Health Insurance Portability & Accountability Act
Example include:
Social Security Number
Name
What is: PHI
The individual that an organization must designate to take responsibility for implementing and overseeing HIPAA Privacy compliance at the organization.
What is: Compliance Officer or Privacy Officer
The HIPA _____ _____ is a technology neutral, federally mandated "minimum floor" of protection whose primary objective is to protect the confidentiality, integrity and availability when it is stored, maintained or transmitted.
What is: Security Rule
The HIPAA regulations are structured as five major provisions or titles whose purpose logically fall into two major categories: Administrative Simplification and Insurance Reform.
What is: True
PHI is any individually identifiable health information relating to the past, present or future health condition of the individual regardless of the form in which it is maintained (electronic, paper, oral format, etc.) What does PHI stand for?
What is: Protected Health Information
Examples Include:
Healthcare Providers
Health Plans
Healthcare Clearinghouses
What is: Covered Entities
Clients (whether they are covered entities or business associates) cannot share PHI with your organization unless they ensure that your organization is also HIPPA compliant. That assurance is handled under HIPAA by requiring the client to have a singed _____ in place?
What is: Business Associate Contract
The Security Rule's requirements are organized into three categories. Name one of the three categories.
What is:
Administrative Safeguards: Policies & Procedures
Physical Safeguards: Controlling physical access to protect against inappropriate access to protected data
Technical Safeguards: The controlling of access to computer systems and the protection of communications containing HPI transmitted electronically over open networks
Employees of physician's practices and healthcare systems are the only ones who much comply with HIPAA.
What is: False
Civil penalties are enforced by the OCR within the Department of Health and Human Services.
What does OCR stand for?
What is: Office of Civil Rights
Examples Include:
Medical Answering Services
Medical Software Companies
Accountants
What is: Business Associates
The term used for the acquisition, access, use or disclosure of protected health information in a manner not permitted which compromises the security or privacy of the protected health information.
What is: Breach
Physical Safeguards are physical measures, policies and procedures to protect the organization's' electronic information systems and related buildings and equipment from natural and environmental hazards and unauthorized intrusion. Give one example of a physical safeguard.
What is:
Computer servers in loced rooms
Data backup stored offsite
Employee badges
Door locks
Locked cabinets for records with PHI
Screen savers / screen locks
Fireproof storage for records with PHIBusiness associates must perform all reasonable efforts not to disclose more than the minimum amount of PHI necessary to accomplish the intended purpose of the use or disclosure.
What is: True
Civil penalties are enforced by the Office of Civil Rights with the HHS. What does HHS stand for?
What is: Department of Health and Human Services
Examples Include:
Assigned HIPAA Compliance Officer
HIPAA awareness training for staff
Policies, procedures and systems in place to protect PHI
What is: Administrative Safeguards
Who should you notify if you believe a HIPAA breach may have occurred?
What is: Compliance Officer
Technical Safeguards are the technology and the policy and procedures for its use that protect ePHI and control access to it. Name one example of a Technical Safeguard.
What is:
Username and passwords
Security logs
Access controls
Firewalls
Data encrtption
An organization must train all of its workforce that have access to PHI on a HIPAA awareness training at the time of hire. Any additional training beyond that is at the discretion of the Compliance Officer.
What is: False
The HITECH Act - This legislation's purpose is to promote the adoption and meaningful use of health information. What does HITECH stand for?
What is: The Health Information Technology for Economic & Clinical Health Act
Examples Include:
Stolen or improperly accessed PHI
PHI Inadvertently sent to the wrong provider
Unauthorized viewing of PHI by an employee in your practice
What is: Breach
Who is the HIPAA Compliance Officer at WCMSCHF?
Who is: Jennifer Brighton
The individual that an organization must designate to take responsibility for implementing and overseeing HIPAA Security compliance at the organization.
What is: Compliance or Security Officer
ePHI is a subset of PHI and is protected under the Security Rule
What is: True