HIPAA Lab Content (Notes)
Define 'workforce member' and give an example?
A healthcare employee, volunteer, or student responsible for protecting pt's privacy. EX: MA, Physician, etc.
FILL IN THE BLANK: Under the Privacy Rule, the patient has the right to request _______ to or copies of his or her health records.
Access
Who is the Department of Justice?
Primary federal criminal investigation and enforcement agency.
FILL IN THE BLANK: The act of accessing any health information by a workforce member for the purpose of performing a task within a healthcare organization is referred to as _______________.
Use
Law Enforcement
a government employee who is responsible for the prevention, investigation, apprehension, or detention of individuals suspected or convicted of offenses against the criminal laws, including an employee engaged in this activity who is transferred to a supervisory or administrative position; or serving as a probation or pretrial services officer
FILL IN THE BLANK: When protected health information (PHI) is being used or disclosed for reasons other than treatment, payment, or healthcare operations, the authorization for the release of the PHI must be______________.
Valid
FILL IN THE BLANK: Many healthcare organizations are adopting ____________ policies in regard to workforce members who violate the organization's privacy policies.
Zero tolerance.
FILL IN THE BLANK: Under the Privacy Rule, the patient has the right to request communication by _____________.
Alternative means
TRUE OR FALSE: IF you have made your best effort to obtain a patient's signature verifying that he or she has received the Notice of Privacy Practices but the patient has refused to sign, you are required to document the reason that you were not able to obtain the signature.
True
TRUE OR FALSE? As workforce members, it is important for us to understand the purpose of HIPAA. Furthermore, we should be able to explain the purpose of this legislation to patients. In this training HIPAA has been described as: A catalyst for change in American health care Federal legislation focused on healthcare reform A complex and far-reaching set of healthcare regulatory requirements
True
TRUE OR FALSE? As workforce members, we must be aware that under the Privacy Rule access to medical records Is not restricted, other than psychotherapy, on the basis of diagnosis.
True
TRUE OR FALSE? On detecting a Privacy Rule violation, the U.S. Department of Health and Human Services (DHHS) will exercise discretion to consider not only what harm has been done but also the willingness of the covered entity (CE) to achieve voluntary compliance.
True
TRUE OR FALSE? The Office of Civil Rights (OCR), committed to strong enforcement of the Privacy Rule to protect patients' rights, has imposed penalties on covered entities (CEs) that have violated those rights as a means of encouraging other CEs to examine and improve their privacy protections.
True
TRUE OR FALSE? Workforce members should be aware of the greatest areas of noncompliance risk and focus their attention on these areas. According to the Office of Civil Rights, the most frequently reported violation of the Privacy Rule is Impermissible uses and disclosures of protected health information (PHI)
True
TRUE OR FALSE? Workforce members should understand that the Privacy Rule Requires that reasonable efforts be made to eliminate incidental use or disclosure of protected health information (PHI).
True
TRUE OR FALSE? As workforce members we must understand that if an incident of noncompliance with the Privacy Rule is not resolved by the covered entity (CE) in a satisfactory manner, the Office of Civil Rights (OCR) may Impose a civil monetary penalty (CMP)
True
TRUE OR FALSE? It is essential that workforce members understand that the Privacy Rule applies to Paper, electronic, and oral communications
True
FILL IN THE BLANK: Monies collected under penalties imposed under the Privacy Rule are deposited into the ____________, not disbursed to the complainant
U.S. Treasury
What health information is protected by the privacy rule?
individually identifiable health information that is transmitted or maintained in any form or medium (electronic, oral, or paper) by a covered entity or its business associates, excluding certain educational and employment records.
TRUE OR FALSE ? If a medical practice denies an individual's request for medical records, the medical practice must provide the individual with a statement of his or her review rights and an explanation of how to complain to the Secretary of the U.S. Department of Health and Human Services (DHHS).
True
TRUE OR FALSE: Viewing your own medical records in the healthcare organization you work for may be considered a violation of the organization's policy on access to medical records.
True
Individual
single; separate
Define 'business associate' and who would be considered one in the medical office?
A person or entity that performs certain functions or activities that involve the use or disclosure of PHI on be half of, or provides services to, a covered entity. EX: Software company with access to PHI's
FILL IN THE BLANK Under the Privacy Rule, a covered entity is required to put forth its _____________ to obtain an individual's signature indicating receipt of the Notice of Privacy Practices.
Best Effort
To ensure compliance with the Privacy Rule, the workforce member should?
Continue adding to their knowledge of the privacy rule, focus on risk areas identified by the OCR, and commit to continuous improvement relating to the protection of patient privacy.
FILL IN THE BLANK: The release, transfer or sharing the information with another individual or entity outside the healthcare organization holding this information is referred to as ________________.
Disclosure
TRUE OR FALSE When state laws regarding the protection of medical records are stricter than the federal Privacy Rule, the workforce member must follow the federal rule.
False
TRUE OR FALSE ? If a business associate violates the privacy of an individual, it is not necessary for the covered entity (CE) to investigate or act upon knowledge of the violation.
False
TRUE OR FALSE? In determining what constitutes a reasonable safeguard for the protection of patient privacy, we should assess the risk without consideration of patient care.
False
TRUE OR FALSE? To meet the requirements of the Privacy Rule, it is not necessary to hand a copy of the Notice of Privacy Practices to the individual if it has already been posted in the waiting room.
False
What does HIPAA stand for?
Health Insurance Portability and Accountability Act
FILL IN THE BLANK: Unnecessary use or disclosure of health information that could reasonably have been prevented is referred to as ___________________
Impermissible.
FILL IN THE BLANK: A ___________ is an order of the court that prohibits parties from using protected health information (PHI) for any purpose other than litigation or proceedings for which the PHI has been requested.
Qualified Protective Order
When you are entering the workforce of a healthcare organization, what is the best method of strengthening your knowledge of the Privacy Rule and how the organization expects you to protect the privacy of its patients?
Reading and becoming familiar with the organization's Notice of Privacy Practices (NPP)
FILL IN THE BLANK: Under the Privacy Rule, workforce members are expected to take _____________ steps to Safeguard protected health information.
Reasonable
TRUE OR FALSE? The Privacy Rule requires that all covered entities (CEs) have and apply appropriate sanctions against those workforce members who fail to comply with the rule
True
Administrative Law Judge
an official who presides at an administrative hearing to resolve disputes between a government agency and someone affected by a decision or action of that agency.
How are covered entities defined in the HIPAA rules?
health plans, health care clearinghouses, and health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards
Office of Civil Rights (OCR)
helps to protect you from discrimination in certain health care and social service programs.
FILL IN THE BLANK: Under the Privacy Rule, ____________ guidelines restrict the amount of health information that may be used or disclosed to that needed to accomplish the purpose in question.
Minimum Necessary
FILL IN THE BLANK: Under the Privacy Rule, the covered entity must provide the individual with a ______________on his or her first date of service which outlines the patient's rights under the rule.
Notice of Privacy Practices (NPP)
Workforce members must stay informed of enforcement activities related to the Privacy Rule. Information on these activities may be found on which website?
Office of Civil Rights (OCR)
FILL IN THE BLANK: Under the Privacy Rule, ____________ may be imposed for violations of patient confidentiality.
Penalties
FILL IN THE BLANK: Under the Privacy Rule, the covered entity (CE) is obligated to implement, maintain, and provide workforce members with _____ & ______ to make clear the CE's expectations and assist in protecting the privacy of its patients.
Policies, Procedures
FILL IN THE BLANK: Under the Privacy Rule, the covered entity is required to appoint a ____ ____, who will be responsible for various aspects of the rule, including assistance to workforce members in maintaining compliance.
Privacy official
FILL IN THE BLANK: The Privacy Rule prohibits acts of revenge, known as _________, against any person filing a complaint about a privacy violation.
Retaliation
FILL IN THE BLANK: Under the Privacy Rule, a written authorization must be obtained when the release of information is not related to ______________.
TPO: Treatment, Payment, (Healthcare) Operations
Any piece of information that identifies or can be used to identify a specific individual is referred to in the healthcare setting as Protected Health Information (PHI) True or False?
True
