HIPAA Practice Exam
How has HIPAA impacted the Health care industry?
- Standardization of transactions to electronic for administrative and financial health care transactions. - Unique health identifiers for employers, health plans,health care providers and individuals - Security standards protecting the confidentiality, integrity and availability of Individually Identifiable Health Information (IIHI).
What are other names for HIPAA?
1) Public Law 104-194 (H.R. 3103) 2) The Kennedy Kassebaum Bill
How many Titles is HIPAA divided into?
5 titles
Define Transaction Standard?
A transaction standard is a set of rules, conditions, or requirements describing the classification and components of a transaction.
Patient health record (PHR)
Allows patient to access via the Internet to the medical office's website to store and update personal medical information; allows patient to make inquiries of the healthcare provider regarding prescriptions, appointments, and other concerns.
When was the final "Privacy Rule published?
April 14, 2001
What is Privacy Standards compliance date?
April 14,2003.
What is the Security Standards compliance date?
April 20, 2005.
When did HIPAA Become law?
August 21, 1996
Define the acronym BA?
Business Associate(s)
Define Data Content?
Data content includes the data elements and code sets inherent to a transaction and not related to the format of the transaction. The information within a transacton that has nothing to do with formatting.
HITECH Act 0f 2009
Established stringent security requirements for all EHR programs that seeks certification through the Office of the National Coordinator for Health Information Technology (ONC); eliminates providers' apprehension regarding safety and unauthorized accessibility.
Return on investment (ROI)
Expressed as a percentage, this measure is the amount earned from a company's total purchase or investment. It is calculated by dividing the total capital into earnings for financial benefits.
When was the final Security Rule published?
February 20, 2003
Personal digital assistant (PDA)
First used in 1992 by Apple Computer CEO John Sculley; handheld mobile devices that function as a personal information manager.
Define Tier B Civil Penalty.
If the violation was due to reasonable cause and not willful neglect $1,000 for each violation of an identical requirement or prohibition during a calendar may not exceed $100,000.
Define Tier D Civil Penalty.
If the violation was due to willful neglect and was not corrected $50,000 for each violation except the total amount imposed to a person for an identical requirement or prohibition during a calendar year may not exceed $1,500,00.
Define Tier C Civil Penalty.
If the violation was due to willfulneglect but was corrected $10,000 for each violation. If the violation was identical or prohibition during the calandar year it may not exceed $250,000.
Define the acronym IIHI?
Individually Identifiable Health Information.
Under-coding
Lnaccurately documenting all aspects of patient encounter leading to loss of revenue to practice
Electronic health record (EHR)
Most commonly accepted term for software with a full range of functionalities to store, access, and use patient healthcare information.
Computer-based patient record (CPR)
One of the first terms used to conceptualize idea of electronic patient record; record that that is a lifetime patient record that includes all information from all specialties including dentistry and psychiatry.
National Health Information Network (NHIN)
Set of standards, services, and policies designed to provide a common platform for health information exchange of the Internet.
What are the 4 Subtitles of The HITECH Act ?
Subtitle A - Promotion of Health Informaiton Technology. Subtitle B - Testing of Health Information Technology Subtitle C - Grants and Loans Funding Subtitle D - Privacy (Web Link for more detailed information: http://www.hipaasurvivalguide.com/hitech-act-text.php
Electronic medical record (EMR)
Term for medical software that lacks a full range of higher-end functionalities to store, access, and use patient medical information. EMRs are not interoperable.
What is the ARRA and when was it signed into law?
The American Recovery and Reinvestment Act. It was signed into law on February 17, 2009.
What is HIPAA's definition of a "Small" Business?
Those typically having fewer than 50 participants and less than 5 million dollars in revenues.
HIPAA Provides both Civil and/or Criminal Penalties. Define the Tier A Penalty.
Tier A: If the offender did not know and exercised resonable diligence and would not have known that they violated the law a $100 fine for each violation. If the violation is of an identical requirement the fine or prohibition cannot exceed $25,000 per calendar year.
ARE BA's liable to Civil and Criminal Penalities under HITECH?
Yes. The HITECH Act made this sweeping change.
Does HIPPA allow States' Attorney Generals ro recover money penalties?
Yes. They can collect money penalties as well as costs of suit and attorneys' fees, on behalf of residents of the state who are harmed by the HIPAA violation.
Why was HIPAA passed?
a. Improve portability and continuity of health insurance coverage. b. Combat waste, fraud, and abuse in health insurance and health care delivery c. Promote the use of medical savings accounts d. Improve access to long term health care coverage e. Simplify the administration of health insurance
Interoperability
The ability of a software program to accept, send, and communicate data from its database to and from multiple vendors' software programs.
Ambulatory
The ability to walk or to move from one place to another; used to distinguish walking patients from bedridden ones, as in those in inpatient hospitals or skilled nursing facilities.
What does Compliance Date mean?
The compliance date is the latest date by which a covered entity such as a health plan, health care clearinghouse, or health care provider must comply with a rule. The compliance date for HIPAA standards generally is 24 months after the effective date of a final rule. The compliance date for small health plans, however, is 36 months after the effective date of the final rule.
Point of care
The time and place the healthcare provider gives the patient medical care.
Evidence-based treatment protocols
Help prevent oversight by the practitioner and ensure optimal care for patients by incorporating practice guidelines into the EHR.
Name 8 HIPAA related Organizations.
- US Department of Health and Human Services (HHS). This is the principal agency for protecting the health of all Americans. - Centers for Medicare and Medicaid Services (CMS) (Assigned to the Office of Civil Rights (OCR). CMS provides health insurance for over 74 million American through Medicare, medicaid and State Children's Health insurance Program (SCHIP). (Part of HHS). - The Office for Civil Rights (OCR). the office of OCR is assigned to investigate all complaints regarding HIPAA. Prior to August of 2009 OCR only investigated Privacy complaints. (Part of HHS). - Designated Standards Maintenance Organization (DSMO) - the Secretary of HHS named six organizations to maintain the standards defined under HIPAA. -Workgroup for Electronic Data Interchange (WEDI). Established in 1991 to address administrative costs in the nation's health care system. WEDI is a voluntary, public/private task force created to streamline health care administration by standardizing electronic communication across the industry. -Washington Publishing Company (WPC). The WPC specializes in maintaining, developing and implementing EDI standards. The WPC is the organization tha publishes the guides for HIPAA defined for electronic transactons. -National Committee on Vital and Health Statistics (NCVHS) -An advisory committee to the Secretary of HHS that advises on matters relating to health care standards. NCVHS has developed transacton standards for the pharmaceutical industry and are undergoing version changes (ICD 10) -National Council for Prescription Drug Programs (CPDP). First started developing standards in 1977 with the universial claim form. Transaction between pharmacies and health plans are typically executed in the NCPDP standard, transactions between all other providers and plans are done with X12 Standards.
What are the Criminal Penalties for misuse of unique health identifiers or IIHI?
-A fine up to $50,000 and/or imprisonment of not more than 1 year. -If misuse is under false pretenses, a fine up to $1000,000 and/or imprisonment of not more than 5 years -If misuse is with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal, gain, or malicious harm, a fine up to $250,000 and/or imprisonment of not more than 10 years.
Who are the 6 DSMO's?
-ANSI - Accredited Standards Committee (ASC) X12 -Dental Content Committee of the American Dental Association -Health Level Seven (HL7) -National Council for Prescription Drug Programs (NCPDP) -National Uniform Billing Committee (NUBC) -National Uniform Claim Committee (NUCC)
Continuity of care document (CCD) or Continuity of care record
Healthcare provider-oriented record comprised of core set of data that is most relevant summary of patient's medical healthcare; sub-set of EHR.
What does the acronym HIPAA mean?
Health Insurance Portability and Accountability Act of 1996.
What is a covered entity (CE)?
Health Plans, Medicare prescription drug card sponsors, health care clearing houses, most health care providers, and Business Associates (BA's).
Define the acronym PHI?
Protected Health information.
The ARRA and HITECH Act came into legislation at the same time. What is the HITECH Act?
The Health Informaton Technology for Economic and Clinical Health Act.
Identify each Title and define their meaning.
Title I - Ensures and enhances insurance access, portability, and renewability for working Americans and their families. -It Increases the ability to get health coverage when starting a new job -It reduces the probability of losing existing health care coverage -It helps workers maintain continuous health coverage when changing jobs -It helps workers purchase health insurance coverage on their own if they lose coverage under an employer's group health plan. Title II - Administrative Simplification defines rules for transactions, privacy, and security. Title II provides information regarding prevention of health care fraud and abuse; administrative simplification; and protecting the privacy and confidentiality of patient records and any other patient identifiable information in any media form. Titles III, IV, and V These 3 titles involve the various regulatory agencies that play a role in the American health care delivery and financing. These titles are: -Tax-related Health Provisions, -Application and Enforcement of Group Health Insurance Requirements, -Revenue offsets
Which Title is "The Heart of HIPPA legislation?"
Title II Administrative Simplification
What is the purpose of HIPAA?
To standardize Health care transactions as well as rules which protect the privacy and security of health information.