HIPAA Module 1
Workforce members
Employees, volunteers, students, and trainees of any healthcare organization
Which primary concern does HIPAA's Privacy Rule address regarding the implementation of electronic data interchange (EDI) for common business transactions in health care?
Whether patients' privacy is compromised by the use of EDI
T/F A CE must have in place policies and procedures covering access to medical records.
true
T/F A billing service's workforce members are required to comply with the HIPAA Privacy Rule.
true
T/F Before implementation of the HIPAA Privacy Rule, most health-related organizations took measures to protect their patients' health information.
true
T/F If a state has regulations regarding the protection of medical records that are stricter than the federal HIPAA Privacy Rule, the workforce member may follow the state law
true
T/F Penalties for violations of HIPAA's patient confidentiality provisions include imprisonment.
true
T/F The individual has the right to review his or her medical record or request a copy of it.
true
According to the sample policy and procedure, which types of privacy complaints must be reported to the privacy official?
• Complaints related to electronic records • Complaints related to medical documents recorded on paper • Complaints related to oral conversations
According to the sample policy and procedure, what are the privacy official's obligations in handling a patients' complaint?
Contact the patient and take measures to prevent a similar situation from occurring
What three precautions should be taken by a workforce member sending a facsimile?
1. Use a fax cover sheet bearing the fax numbers of the sender and the receiver. 2. Provide instructions on the cover sheet explaining what to do if you receive a misdirected fax transmission. 3. Preprogram fax numbers into the fax machine.
During fiscal year 2015, approximately how much money did the federal government win or negotiate in judgments and settlements?
1.9 billion
In fiscal year 2015, what was the total number of defendants convicted for healthcare fraud-related crimes?
613
According to the sample policy and procedure, what is needed if the request for medical records is not related to TPO?
An authorization form to be signed by the individual
Health plan
An individual or group plan that provides or pays the cost of medical care
Business associate
An individual or organization that provides business services to a CE and agrees to protect their patients' health information
PHI
Any information that identifies a specific person who has received medical care
Portability
Being able to transfer group health insurance from one job to another
Privacy rule
Guideline under HIPAA that sets national standards for the protection of health information
Notice of Privacy Practices Acknowledgement
HIPAA requires the CE to make its best effort to obtain a signature on this form from every patient
What does the acronym HITECH stand for?
Health Information Technology for Economic and Clinical Health Act
HIPAA is the acronym for:
Health Insurance Portability and Accountability Act
According to the sample policy and procedure, in what manner should the workforce member conduct oral discussions?
In a manner that limits the possibility of inadvertent disclosure
What does the HITECH amendment to HIPAA provide?
Increased protection and control of protected health information
According to the sample policy and procedure, when is it appropriate for workforce members to use fax transmissions?
Only for urgent matters
What is the provision under HIPAA that limits denial of coverage on the basis of previous poor health and the exclusion of preexisting conditions by health plans?
Portability
HIPAA can be said to be:
Significant in its impact on the day-to-day performance of healthcare workers
According to the sample policy and procedure, what types of disciplinary action could be taken if a workforce member accessed a son's or a daughter's medical record out of curiosity and concern?
Termination
According to this policy and procedure, which of the following penalties is possible in every type of breach?
Termination
CE
The acronym for healthcare providers, healthcare plans, and healthcare clearinghouses to which the Privacy Rule applies
Minimum necessary
The concept that it is wrong to access medical records without a legitimate business purpose
Individual
The person who is receiving medical care
According to the sample policy and procedure, to whom should a workforce member turn to if uncertain whether a request is related to TPO?
The privacy official
According to the sample policy and procedure, to whom would a workforce member report a suspected violation of the HIPAA privacy policies and procedures?
The privacy official
Disclosure
The process of releasing confidential patient information to another healthcare organization
Authorization
The statement needed to release PHI for reasons other than "treatment, payment, or healthcare operations
Privacy official
The workforce member in the healthcare organization responsible for assisting staff with Privacy Rule-related issues
Which title of the HIPAA legislation sets forth standards to protect the privacy and confidentiality of patient information?
Title II
Authorization to Release Information
a signature on this document is required by HIPAA for release of information that is related to treatment, payment, or healthcare operations (TPO)
Notice of Privacy Practices
describes the patient's right in accessing and controlling his or her health information
T/F An individual's rights are shared with him or her on an "as needed" basis.
false
T/F If a medical practice has a policy for the release of records that is stricter than the HIPAA Privacy Rule, the workforce member may disregard it.
false
T/F The HIPAA Privacy Rule applies to electronic transactions only.
false
T/F The HIPAA Privacy Rule does not apply to physical therapists or audiologists.
false
Consent to Disclose Medical Information
not a requirement of HIPAA; however, by signing this document the patient authorizes the medical practice to release information to insurance companies to receive reimbursement
Public health agencies
these agencies and individuals are involved in controlling disease, injury, or disability
Health oversight agencies
these agencies and individuals are involved in government regulatory programs and civil rights laws
Others involved in your healthcare
these people are individuals such as family members, relatives, and close friends
Privacy official
this individual is listed on the Notice of Privacy Practice as a contact for complaints related to privacy breaches