Health Science Critchlow HIPAA

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What does SOX stand for?

Sarbanes Oxley

Who enforces HIPAA?

US Department of Health and Human Services and the OCR Office for Human Rights

Where can malicious software be spread?

across a network

What is malicious software?

any software that could cause harm: virus, worm, or trojan horse

Does HIPAA require you to leave the room to avoid hearing a private conversation?

no but good privacy practice require consideration for coming back at a later time to avoid interfering in patient care

Can you email PHI to an unauthorized third party outside the company?

no this is strictly prohibited unless the email is encrypted

What do you do if you see a password and/or user ID posted where people can see it?

notify your supervisor

Where should you not place user names and/or passwords?

on a sticky note or under a keyboard

What are you supposed to look at and use?

only what you need to know

Where should you keep PHI?

out of public areas

What do you do if you need to page a patient?

pages should not include information that can allow others to identify the patient. Such as their name, department they are being treated in, or any information as to why they are there

How must offices containing confidential information be controlled?

physically

What is the second category of information?

proprietary: not confidential, public information with the company

What is the third category of information?

public: released by tenent

What must be done with PHI if it is used, disclosed, or requested?

reasonable efforts must be taken to determine how much information is sufficient for the intended purpose

What are the 7 information security policies?

record processing, user security, incident handling, physical access and protection, contingency planning controls, information security administration, technical security information

What are some tools to protect confidentiality?

records are kept locked, only people with a need to know are given access to the records, computerized records are not left logged in to the patient information system while not at their work station, and screens containing patient information are turned away from view

What does the patient have the rights to?

restrict access, amend PHI, accounting for disclosure of all PHI, and complain about a possible inappropriate disclosure of PHI

What should you do if you find records unattended?

return to the nursing supervisor

What should passwords not contain?

similar to the user ID, your name, spouse's name, child's name, pet's name, address, phone number, birthday, slang, numbers and/or letters in sequence

What are the two elements of physical security?

site or physical security and information asset

What are the symptoms of malicious software?

slower response time, unexpected sending or receiving of emails, internet interruptions, lost files, change in modification dates on files, increased file size, total failure

What can you do for software piracy detection and correction?

software audits done annually, review of software agreements, removal of illegal copies

Where should PHI papers not be placed?

trash can unshredded

What are some information asset security incidents?

unauthorized access to the system, malicious code such as virus or trojan horse, theft of a computer, misuse of information assets, sharing of user ID or passwords

What does tenent have standard policies and procedures in place, for routine uses, disclosure, and guidelines for?

use of oral, written, and electronic communication

What steps do you take while faxing PHI?

verify the fax number, make sure the person requesting the fax is valid, use a cover sheet with a confidentiality statement, and report immediately if the fax was sent to a wrong recipient to the compliance officer or privacy officer

What does tenet have the right to monitor access through?

video, electronic internet, downloads, and data access

What is the consequence for a civil violation?

$100 per violation

What is the consequence for a criminal violation?

$50,000 and 1 year in jail

When did HIPAA become a legal requirement?

1996

What does PHI include but not limited to?

name, address, age, SS#, etc.

When should you release patient information outside of the hospital?

never

Should you try to find out information for a friend?

no

What is PHI

Any information pertaining to the health of an individual combined with any information that identifies the individual.

What are the two questions you should ask yourself before looking at any patient information?

Do I need this to do my job? What is the least amount of information I need?

What do you do if you find PHI?

Gather the records and give to a superior to report and follow up

How do healthcare providers explain how their information will be used?

HIPAA requires healthcare providers to post a Notice of Privacy Practices

What does HIPAA stand for?

Health Insurance Portability Accountability Act

How do you ensure physical security?

ID badge, keep paper documentation containing confidential information in a secure location, transport documentation in a secure manner, keep doors locked or closed, report suspicious activity

What are users prohibited from?

Loading unlicensed software onto a company owned asset

What does NPP stand for?

Notice of Privacy Practices

How should hospital employees report information security identities?

Tell the hospital compliance officer, information security officer, or call the ethict action line

What are the top 5 software commandments?

Thou shall not pirate software Thou shall not install more software onto the company computer than the company has a license to use Thou shall not copy your friend's software to a company computer Thou shall report software piracy to your information security officer

What does TPO stand for?

Treatment payment operations

How can you keep discussions private?

closing doors, pull curtains, conduct discussions so that others cannot hear, patient medical records not left where others can easily see or access, and lab or test results kept private

What is most of this?

common sense (from the video not my words lol)

What do patients not have the right to keep private?

communicable diseases, child abuse, domestic violence, criminal investigation, and courts have the right to release PHI

What might loading unlicensed software onto a company computer subject you to?

company action up to termination

What are information assets?

computers, records, networks, services, electronic files, hardware, software

What is the first category of information?

confidential: PHI, payroll, personal files

What can happen due to failure to follow HIPAA?

corrective action and termination

What should you never do with any records from the facility

deliberately remove them

What is data?

information of any kind

What should passwords contain?

letters, numbers, at least 8 characters, one lower case letter, one upper case letter

Can a patient ask to not be listed on the directory?

yes

Does private policy apply to you?

yes even if you no longer work for tenent


Kaugnay na mga set ng pag-aaral

Live Virtual Machine Lab 2.4: Module 02 Virtual Network Concepts

View Set

MIS: Chapter 6 Simulation: MIS Simulation: Data Communication and the Cloud

View Set

ch 40Care of Patients with Acute Coronary Syndromes

View Set

Chapter 5 Unit 2 Test—Physical Science

View Set

Life Policy Provisions, Riders and Options

View Set

Week 3 go/ come / go back home ・return from Monday to Sunday

View Set

Anatomy 2 Packet 5 The pectoral Girdle & Upper Extremities

View Set

Unit 1: Preliminary Work with Taxpayer Data

View Set

Nclex Style: Nursing Fundamentals - Fluids and Electrolytes

View Set