A
Under the Privacy Rule, The Privacy Officer is required and responsible for privacy related?
training and education
What does the acronym HIPAA stand for?
When was HIPAA enacted?
Health Insurance Portability and Accountability Act of 1996
Privacy, security, uniform transaction, code sets and identifiers are included in the Administrative__________?
Simplification
The privacy Rule protects information that exists in which forms?
written, oral and electronic
What institutions must comply with HIPAA Privacy Rule?
Hospitals, Dr. offices, home health agencies, nursing homes, health plans and clearinghouses
What is the name of the form that is given to the patient informing them of their rights?
Notice of Privacy Practices (NOPP)
The Privacy Rule under the Uses and Disclosures in Treatment, Payment and Health care options provides for?
billing and collections activities
Healthcare providers and workers who violate HIPAA guidelines may receive what type of penalties?
monetary fine and/or imprisonment
Covered entities must identify who needs access to protected health information under the Minimum Necessary Standard to carry out?
their job duties
The Minimum Necessary Standard requires covered entities to evaluate their practices in order to protect access and disclosure of _________ _______ ______?
personal/Protected Health Information (PHI)
Which government office is responsible for administering and enforcing HIPAA standards?
The Office of Civil Rights
Who must comply with the HIPAA Privacy Rule?
employees, volunteers, trainees, and other persons who have a job-related reason to access PHI
Which Act updated the HIPAA Privacy Rule to include protections against identity theft?
The HITECH Act
The Privacy Rule permits certain incidental uses and disclosures as long as there are________ safeguards and implemented _________ _________ standards?
reasonable
Minimum Necessary
A person or entity that performs certain functions or activities that involve the use or disclosure of PHI on behalf of or provides services to a covered entity in known as a ?
Business Associate
The provision, coordination, or management of health care related services is defined as?
treatment
After a patient receives a NOPP they must?
sign an acknowledgement of receipt which is retained by the provider
Healthcare providers communicate a patients privacy rights through?
Notice of Privacy Practices
Give an example of a business associate?
3rd party administrator assisting with claims
(insurance company)
Covered entities must have ________, ________, and _________ safeguards in place to protect against uses and disclosures not permitted by the Privacy Rule
Administrative, technical & physical
Which organization sets the standards for compounding?
USP-NF
United States Pharmacopeia -National Formulary
Which agency is responsible for ensuring the safety, efficacy, and security of human and veterinary medications and recalling products?
FDA
Food & Drug Administration
This agency oversees safety in the workplace and created Safety Data Sheets?
OSHA
OCCUPATIONAL SAFETY & HEALTH ADMINISTRATION
Who is not considered a HIPAA covered entity?
family members
What are the patients rights under HIPAA?
THE RIGHT TO;
see and obtain a copy of their health records
make corrections to their health records
request a report when and why their health information was shared for certain purposes