HIPAA
What do the letters HIPAA stand for?
Health Insurance Portability and Accountability Act
T or F - You can be charged for the cost of copying and mailing your health records
True.
You may need to put your request in writing.
T or F - You can tell your health care provider what phone number to call to reach you.
True
What is IIHI?
“information relating to an individual’s past, present, or future health condition” including treatment, payment, and demographic info
What does PHI stand for?
Protected Health Information
Patient health information is an alternative term
1996
What is the year HIPAA was enacted?
T or F - If you believe there is an error in your medical record file, the covered entity must change it.
False - but they should note the disagreement in the file.
Only if you have given permission.
Explain how Non-Health Identifying Information, like an address, can be consider IIHI.
When it is in a designated record set with other IIHI such as a test result
What is a designated record set?
any group of medical and/or billing records maintained by or for a Covered Entity make decisions about an individual
The definition includes a footnote that a designated record set can consist of a single item.
Who are considered covered entities?
Health Plans (insurance companies, HMO, Medicaid, Medicare)
Most healthcare providers
Healthcare Clearing Houses
If you think your rights are being denied or your health information is not being protected, you have the right to file a complaint with
your provider, health insurer, or the U.S. Department of Health and Human Services.
What is the Accounting of Disclosures
A report about who has seen your health record information
How many HIPAA identifiers are there?
In §164.514 of the Privacy Rule, there is a list of 18 HIPAA identifiers
They have to be removed from a designated record set before the record is considered de-identified.
What are allowable uses and disclosures of PHI?
(do not require a patient’s authorization)
uses for treatment,
payment, and
healthcare operations, and
disclosures to public health agencies
Organizations exempt from HIPAA privacy rules
Employers
Schools
Many state agencies
Most law enforcement agencies
A few possible measures that can be built in to Electronic Health Record systems may include:
“Access control” tools like passwords and PIN numbers
Encrypting
An “audit trail” feature, which records who accessed your information, what changes were made and when
Where you can find information about your rights under HIPAA
What is the Notice of Privacy Practices
What is one problem with the HIPAA identifiers?
They are out of date as they were created in the last century.
Why is a picture of a baby on a baby wall an example of PHI?
Because it implies the provision of past treatment to an identifiable individual
T or F - Your doctor can withhold your records if you haven't paid your bill.
False
When can a health care provider share relevant information if you are not around or cannot give permission
You had emergency surgery and are still unconscious.
Your doctor may discuss your drugs with your caregiver who calls your doctor with a question about the right dosage.
Can telemarketers obtain your health information and use it to call to sell goods and services?
Short answer is no. They can only communicate on behalf of the covered entity.
They cannot market their own goods and services or those of another third party.
Give an example of a more modern identifier.
social media aliases,
Medicare Beneficiary identifiers
details about emotional support animals
Reasons why “information that can identify an individual is not always PHI”.
With PHI (the Privacy Rule) only applies to organizations that qualify as covered entities.
(Not covered - employers, therapist billing patients directly)
"An individual can have multiple designated record sets maintained by the same organization”