HIPAA STUDY GUIDE
when you are entering the owrkforce of a healthcare organization, what is the best method of strengthening your knowledge of the privacy rule and how the organization expects you to protect the privacy of its patients?
NPP
workforce members must stay informed of enforcement activites related to the privacy rule. information on these activities may be found
OCR website
Monies collected under penalties imposed under the Privacy Rule are deposited by the _________, not distributed to the complaintant
US treasury
a federal official who may be requested by a covered entity to preside over a trial-type hearing and make decisions to resolve disputes
administrative law judge
under the privacy rule, a covered entity is required to put forth its _______ to obtain an individual's signature indicating receipt of the Notice of Privacy Practices
best effort
unnecessary use or disclosure of helath information that could have been reasonably prevented is referred to as
impermissible
the government agency that accepts and investigates complaints related to the Privacy Rule
office of civil rights
it is essential that workforce members understand that the privacy rule applies to
paper, electronic, and oral communication
under the Privacy Rule, the covered entity (CE) is obligated to implement, maintain, and provide workforce members with ___________ to make clear the CE's expectations and assist in maintaining compliance
policies and procedures
under the privacy rule, the covered entity is required to appoint a _______, who will be responsible for various aspects of the rule, including assistance to workforce memebers in maintaining compliance
privacy official (PO)
any piece of information that identifies or could be used to identify a specific indicidual is referred to in the healthcare setting as
protected healthcare information (PHI)
under the Privacy Rule, workforce members are expected to take _________ steps to safeguard protected health information
reasonable
under the privacy rule the patient has the right to request ___________ or obtain copies of his/her health records
access to
under the privacy rule the patient has the right to request communication by
alternative means
an organization or person who provides services to a healthcare organization and required protected health information
business associate
any provider, health plan, or clearinghouse to which the Privacy Rule applies
covered entity
the government agency that investigates the most serious violations of the Privacy Rule
department of justice
the release, transfer, or sharing of health information with another individual or entity outside the healthcare organization holding this informationis refered to as
disclosure
if a business associate vioaltes the privacy of an individual, it is not necessary for the covered entity (CE) to investigate or act upon knowledge of the violation
false
in determining what constitues a reasonable safeguard for the protection of patient privacy, we should assess the risk without consideration of patient care
false
to meet the requirements of the privacy rule it is not necessary to hand a copy of the notice of privacy practices (npp) to the individual if it has already
false
when state laws regarding the protection of medical records are stricter than the federal privacy rule, the workerforce member must follow the federal rule
false
workforce members shoudl be aware of the greatest aareas of noncompliance risk and focus their attention on these areas. according to the office of civil rights (OCR), the most frequently reported violation of the privacy rule is:
impermissible use of disclosures
as workforce members we must uderstnad that if an incident of noncompliance with the privacy rule isnot resolved by the covered entity (CE) in a satisfactory manner, the office of civil rights (OCR) may
impose civil monetary penalty
the person who is seeking medical care; the person whose information we are protecting
individual
to ensure compliance with the privacy rule, the workforce member should:
knowledge risk areas improvement
officers of the federal, state, or local government who have legal authority to investigate violations of the law
law enforcement
under the privacy rule, __________ guidelines restrict the amount of health information that may be used or disclosed to that needed to accomplish the purpose in questions
minimum necessary
as workforce members, we must be aware that under the privacy rule access to medica records:
not restricted other than psychotherapy
under the Privacy Rule, the covered entity must provide the individual with a ________ on his/her first date of service which outline the patient's rights under the rule
notice of privacy practices (NPP)
under the privacy rule, ________ may be imposed for violations of patient conidentiality
penalties
a ___________ is an order of the court that prohibits parties form using protect health information (PHI) for any purpose other than litigation orproceeding for which the PHI has been requested
qualitive protective order
if a medical practice denies an individual's request for medical records, the medical practice must provide the individual with a statement of his/ her review rights and an explanation of how to complain to the Secretary of the US Department of Health and Human Services (DHHS)
true
if you have made your best effort to obtain a patient's signature verifying that he/she has received the notice of privacy practices (npp) but the patient has refused to sign, you are required to document the reason that you were not able to obtain the signature
true
on detecting a privacy rule violation, the US Department of Health and Human Services (DHHS) will exercise discretion to consider not only what harm has been done bus also the willingness of the covered entity (CE) to achieve voluntary compliance
true
the privacy rule requires that all covered entities (CEs) have and apply appropriate sanctions against those workforce members who fail to comply with the rule
true
viewing your own medical records in the healthcare organization you work for may be considered a violation of the organization's policy on access to medical records
true
workforce memebrs should be aware that under the privacy rule an individual has the right to request copies of his/her records. the providers may deny the patient access:
under limited circumstances-request in writing (why they're not releasing info)
the act of accessing any health information by a workforce member for the purpose of performing a task within a healthcare organization is referred to as
use
when protected health information (PHI) is being used or disclosed for reasons other than treatment, payment, or healthcare operations, the authorization for the release of the PHI must be
valid
a healthcare employee, volunteer, student, or trainee; responsible for protecting patients' health information
work force member
workforce members hsould understand that the privacy rule:
reasonable efforts
the Privacy Rule prohibits acts of revenge, known as _________, against any person filing a complain about a privacy violation
retaliation
under the privacy rule, a written authorization must be obtained when the release of information is not related to
treatment, payment, and operations (TPO)
the Office of Civil Rights (OCR), committed to strong enforcement of the privacy rule to protect patients' rights, has imposed penalties on covered entities (CEs) that have violated those rights as a means of encouraging other CEs to examine and imporve their privacy
true
many healthcare organizations are adopting ____________ policies in regard to workforce members who violate the organization's privacy policies
zero tolerance
as workforce members, it is important for us to understand the purpose of HIPAA. furthermore, we should be able to explain the purpose of this legislation to patients. in this trainign HIPAA has been described as
A catapult for change in America Health Care. Federal Legislation focused on healthcare reform. A complex and far reaching set of healthcare regulatory requirements.
