HIPAA

HIPAA

Act of 1996 that deals with the patients right to preserve privacy

False Claims Act

Act that prohibits false claims and misrepresentations, and rewards "whistle-blowers" who alert the government to cases of fraud.

30

Amendments may be requested to correct any parts of their PHI and these must usually be completed within __ days

Covered entity

Any health care provider, health insurance plans, or clearinghouse to which the Privacy Rule applies (those who must comply with HIPAA)

Portability

Being able to transfer group health insurance form one job to another

ERISA

Employer offered health plans are regulated by this Act of 1974

National security

Entities that may have access to PHI generally any time they request it.

department of justice

Government agency that investigates the most serious violations of the Privacy Rule, prosecutes criminal violations

privacy rule

Guideline under HIPAA that sets national standards for the protection of health information

3

HIPAA governs how many types of covered entitities.

2003

HIPAA privacy standards were established in _____ to protect personal health information.

confidentiality notices

HIPAA recommends this notice be included instructing anyone who receives the communication in error should immediately contact the sender and destroy the information received.

final enforcement rule

HIPAA rule of 2006 that clarified that both acts and omissions may constitute violations

Electronic

HIPAA security standards focus on what kinds of PHI.

compliance guidelines

HIPAA- related privacy, training, and security regulations designed to focus on, correct, and maintain good healthcare practices

30

Patients have a right to view and copy their PHI withing __ days of requesting it, either free or for a reasonable fee as per HIPAA regulations.

PHI

Patients have the right to be told how their _________ can be used.

Notice of Privacy Practices

Patients must sign an additional document stating that they have read and reviewed the providers _________.

Healthcare Fraud and Abuse Control Program

Program that enforces HIPAA regulations and government standards, and is conducted by the OIG and DOJ.

National Council for Prescription Drug Programs

Programs that create and promote data transfer standards relating to the practice of pharmacy. Members of this program must receive education tailored to their pharmacy practice, and also receive database services.

office for civil rights

The division of Health and Human Services responsible for enforcing the HIPAA privacy rules. Privacy is considered a civil right.

electronic data interchange

The electronic exchange of information between computers, especially the exchange of health information among physicians and insurance companies.

Title II

The rules in this part of HIPAA cover administrative, financial, and case management policies and procedures. It contains strict requirements for the uniform transfer rules of patient confidentiality.

Notice of Privacy Practices

These are created by providers which detail their policies and procedures, and make it available to anyone who requests it.

Medical Code Sets

These are used to encode data elements concerning specific diagnoses and clinical procedures. There are six code sets used for clinical information.

Privacy Standards

These standards require that privacy policies be appropriate to the services provided, and a specific person within the organization oversees them. Pharmacy techs and Pharmacists are responsible for maintaining them in order to protect PHI of patients.

State laws

These types of law regulatesmany types of health insurance

Centers for Medicare and Medicaid Services

agency that enforces non-privacy standards

Department of Justice

agency that prosecutes criminal violations

Office of Inspector General

agency that prosecutes fraud and abuse in the healthcare industry while overseeing Medicare and Medicaid

State law preemption

allowed HIPAA to supersede state laws unless HHS decided otherwise; however, when state law is stronger, it must be followed.

PHI

any piece of information that identifies or could be used to identify any specific individual

manage, store

as a result of the privacy rule of 2003, pharmacies have direct control over the way they ______ and ______ patients information.

CDT-4

code set used for dental services

NDC

code set used for drug products

ICD-9-CM

code set used for identifying disease and conditions

ICD volume 3

code set used for inpatient hospital services

HCPCS

code set used for items, supplies, and non-physician services

CPT-4

code set used for medical procedures and services

Title II

controls the private health information of individuals. It is known as administrative simplification.

Encounter

form of documentation that is undertaken for every visit is also known as an ______, visits to healthcare providers are documented thoroughly.

office of civil rights

government agency that accepts and investigates complaints related to the Privacy Rule, it enforces civil violations of HIPAA privacy standards,

PHI

health information that relates to a past, present, or future physical or mental health condition.

kickbacks

incentive given to those who defraud others

Disclosure

information must only be provided to the patient or person authorized by him or her; pharmacy personnel must understand how to properly interact with all family members, friends, and caretakers of the patient.

disclosure

information released to an outside entity whether by email, fax, verbally, or in writing.

chronological

medical record documents of the medical history of a patient are in ______ order

Criminal Penalties

penalties assessed for intentional misuse of PHI, can be as high as $250,000 and up to 10 years in prison.

Civil Penalties

penalties usually given for violating privacy on an unintentional basis. can be as high as $25,000 in fines per year

prescriber, pharmacist

pharmacy techs are not authorized to make medication decisions for patients-- they must follow the exact instructions of the _____ and the ________.

pharmacist, privacy officer

pharmacy techs should refer issues related to the disclosure of a child's PHI to the _______ or the _______.

compliance plans

plans that are designed to prevent illegal practices. they may serve as legal defense in the case of prosecution for fraud.

Indirect providers

providers that include labs that handle patient test results

Direct providers

providers that provide direct treatment to patients

ePHI

records that may be stored in computers and related peripheral devices, and transmitted over computer networks, over the internet, and on removable media that interfaces with computers

self referrals

referring patients to an entity in which the referrer receives some monetary compensation

Electronic Health Care Transactions and Code Sets

set of standards that says all providers are required by HIPAA to use the same code sets, identifiers, and transaction when healthcare information is being transmitted.

security rule

specifies how patient information is protected on computer networks, the internet, extranet, and disks and other storage media.

electronic health records

the records rely on EMRs to be in place

Administrative code sets

these are non-medical code sets. used for administrative information and include simple and complex codes

Health insurance plan

these plans include group health plans, HMOs, Medicare, Medicaid, supplemental Medicare policies, long-term policies, employee benefit plans, TRICARE, CHAMPVA, Indian Health Service, Federal Employees Health Benefits Program, approved childe health plans, high-risk plans, etc.

electronic medical records

these records are legal records of a care delivery organization up which an EHR is based.

electronic health records

these records are owned by the patient or person who has a stake in the outcome, provides an interactive patient access.

electronic medical records

these records are preferred over paper records because they can be accessed more quickly, and take less room to store

electronic medical records

these records may be share between authorized healthcare professionals more easily than paper records.

COBRA

this act of 1985 allows employees who are leaving a job to elect to continue their previous employer's health coverage for a limited time.

TPHCO

this concerns PHI that may be shared in order to provide treatment, process payment, and operate medical business: treatment mostly concerns discussions with other healthcare providers, payment refers mostly to health insurance, and healthcare operation includes training and accreditation. .

Healthcare provider

this includes hospitals, nursing, facilities, rehabilitation facilities, hospices, home health care, pharmacies, private practices, dental practices, labs, chiropractors, osteopaths, podiatrists, and therapists.

Title I

this part of HIPAA focuses on continuation of health insurance coverage and insurance reform

Title I

this part of HIPAA gave certain people the ability to enroll in new healthcare plans of different types.

Title II

this part of HIPAA restricted electronic transfer of healthcare data, gave patients more rights regarding their own personal information, and put in place better security of this information.

Title II

this part of HIPAA sought to reduce paperwork, simplify internet form processing, and standardize the administration of healthcare information.

Minimum necessary standard

this protects against too much information being given to any specific person or entity

HIPAA training

this training is required of pharmacy techs and pharmacists to be acquainted with all policies and procedures designed to protect PHI

Office for civil rights

to who may complaints against providers handling of PHI may be made

confidentiality

under HIPAA, healthcare providers ensure that patient _______ is always maintained

privacy rule

under this rule, information belongs to the patients, and they have the right to control who is able to view it. it applies to healthcare providers, health insurance plans, and clearing houses.

Notice of Privacy Practices

using this notice, providers explain to patients how their PHI may be used and disclose, their access to his or her own information, patients full rights, and how to register complaints.

department of health and human services

who enforces HIPAA standards and regulations, which also enforces situations of related abuse and fraud.

trained employees

who may protect patients records and must also understand the legal regulations about who may have access to them?

HIPAA Enforcement Agencies

-Dept. of Justice -Centers for Medicare and Medicaid services -Electronic Healthcare Transaction and Code set Rule -National Employer Identifier Number Rule -Office for Civil Rights -Office of Inspector General

title II provisions

-Electronic health information transaction standards -Penalties -Privacy -Provider and health plan mandate and timetable (2 years to start) -State law preemption

HIPAA

-Goal: improve portability and continuity of health insurance -Originated as plan to reduce health care administrative costs

Title I

COBRA is under this part of HIPAA

licensed, bonded company

Discarded patient information must be handled with care. When patient records are to be discarded, they should be destroyed by a ________. it should never be thrown into the trash.

PHI

Refers to any patient information in any form that is created or received by a covered entity, relates to a patient's health condition in the past, present, or future, and identifies the patient.

State and Federal Prisoners

This group of people has less protection concerning the disclosure or their PHI, though state statutes may overrule HIPAA in certain circumstances

COBRA

Title I of HIPAA can also be referred to as

True

True/False. PHI may be transmitted electronically, via the internet and other methods. It includes all of a patients basic information as well as that of relatives, employers, and health insurance providers.

False

True/False. medical records cannot be considered legal documents so accuracy is not very vital when documenting that appropriate medical care has been given to each patient.

Subpoenas

_____ for court appearances and testimony can authorize disclosure of PHI.

judicial

_____ orders can override a patients preferences regarding the release of PHI.

written authorization

______ must be obtained before information can be shared with anyone if the use of patient information does not fall under TPHCO

computer storage media

_______ containing patient records should be completely wiped.

children

_______'s access to their own records is governed by state law

Designated record set

a group of medical records that includes a provider's medical and billing records

privacy and security officer

a pharmacy often has a ___________ who handles disclosure of PHI. this officer usually receives referred requests from patients to access or amend their records, and strives to handle them in a timely manner.