Ethics, Privacy, and Regulatory Legislation Regulatory Legislation for Health Information
Which uses of PHI are restricted under HITECH privacy requirements? Select all that apply. Marketing Fund raising Data disclosure Electronic health claims Data shared by health care providers
Marketing The HITECH Act restricts the use of PHI in marketing. Fund raising The HITECH Act restricts the use of PHI in fund raising. Data disclosure The HITECH Act restricts the use of PHI in data disclosure.
Which are examples of covered entities under HIPAA? Select all that apply. Medicaid Pharmacies Auto insurers Health care providers Property insurance carriers
Medicaid Covered entities applies to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form. Pharmacies Pharmacies transmitting health information, such as for billing purposes, are considered a covered entity. Property insurance carriers Property insurance carriers do not transmit protected health information.
What actions must be taken if a data breach occurs? Select all that apply. Notify the media of a data breach Notify affected persons by first class mail Notify affected persons by registered mail Notify all parties whose information is involved Notify the Centers for Medicaid and Medicare Services
Notify the media of a data breach When a data breach occurs, the facility must notify the media making the breach public. Notify affected persons by first class mail When a data breach occurs, the facility must notify the affected persons by first class mail. Notify all parties whose information is involved When a data breach occurs, the facility must notify all parties affected.
What is the goal of the HIPAA Privacy Rule? Protection of education records Protection of employment records Protecting use of de-identified data Protection of individual health information
Protection of individual health information The main goal of the HIPAA Privacy Rule is to assure the protection of individual rights in relation to their protected health information.
What best describes de-identified data? Select all that apply. Cannot be definitively erased Cannot be used to identify individuals Can be determined by a qualified statistician Can be updated easily to identify an individual Cannot include information about family members
Cannot be used to identify individuals De-identified data is information that does not identify nor provide a reasonable basis to identify an individual. Can be determined by a qualified statistician De-identified data can be determined by a qualified statistician. Cannot include information about family members De-identified data cannot identify an individual through association with a family member.
What are examples of a specific person's PHI? Select all that apply. Date of birth Person's pharmacy Was treated for asthma Treated with antibiotic therapy An individual's employee health records
Date of birth PHI includes all information that could identify an individual such as date of birth and social security number. Was treated for asthma PHI includes an individual's past, present or future physical or mental health or condition and the provision of health care to the individual. Treated with antibiotic therapy PHI includes an individual's the provision of treatment and health care to the individual. An individual's employee health records PHI includes protected health information included in employee health records held by a covered entity in its role as employer.
What are key elements of the HIPAA Privacy Rule? Select all that apply. Regulation of data control Defines protected health information Identifies a national set of standards to protect PHI Defines who can transmit individually identifiable information Identifies differences in identified and de-identified information
Defines protected health information The HIPAA Privacy Rule defines PHI as individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral - is protected by The Privacy Rule. Defines who can transmit individually identifiable information The HIPAA Privacy Rule clearly defines covered entities, which are those groups that can transmit individually identifiable information without authorization. Identifies differences in identified and de-identified information Conversely, the Privacy Rule defines de-identified information as data has been altered by (1) a formal determination by a qualified statistician; or (2) the removal of specified identifiers of the individual and of the individual's relatives, household members, and employers such that the remaining information could be not used to identify the individual.
What describes the HITECH Act? Select all that apply. Described meaningful use Is a requirement of HIPAA Included in the economic stimulus bill Regulates protected health information Managed by the Office of the National Coordinator
Described meaningful use The Health Information Technology for Economic and Clinical Health Act (HITECH Act) was the driving force behind defining and enforcing meaningful use. Included in the economic stimulus bill The Health Information Technology for Economic and Clinical Health Act (HITECH Act) legislation was a component of the American Recovery and Reinvestment Act of 2009 (ARRA) economic stimulus bill. It was enacted in 2009 to stimulate the adoption of electronic health records (EHR) and to support US technology. Managed by the Office of the National Coordinator The Health Information Technology for Economic and Clinical Health Act (HITECH Act) is managed by the ONC.
What is covered under the HIPAA Privacy Rule? Select all that apply. Health IT security Individual privacy rights Protected health information Use and disclosure of health information Providers that do not transfer identifiable health data
Individual privacy rights The HIPAA Privacy Rule protects an individual's right to privacy. Protected health information The HIPAA Privacy Rule guides and protects individually identifiable health information. Use and disclosure of health information The HIPAA Privacy Rule states that authorization is required to use and release PHI.
Which are main goals of the HITECH Act? Select all that apply. Make EHRs interoperable Establish standards for EHR development Mandating handheld bedside computers at all hospitals Develop a national sharing network for electronic health data Mandating provider use of handheld computers for patient care
Make EHRs interoperable The HITECH Act outlines two main goals 1) to make electronic health records interoperable by establishing standards and 2) to develop a national network for providers to share electronic data. Establish standards for EHR development Standard development for EHRs is a goal of the HITECH Act. Develop a national sharing network for electronic health data The HITECH Act outlines two main goals 1) to make electronic health records interoperable by establishing standards and 2) to develop a national network for providers to share electronic data.
What best describes the rationale for the HITECH Act? Select all that apply. Requiring data encryption Protecting the use of de-identified data Providing incentives to support EHR use Creating standards for EHR systems and data Allowing health care providers to share data for better patient care quality
Providing incentives to support EHR use The HITECH Act outlines two main goals 1) to make electronic health records interoperable by establishing standards and 2) to develop a national network for providers to share electronic data. These goals support EHR use. Creating standards for EHR systems and data The HITECH Act works to create standards for EHR systems and the protection of health data. Allowing health care providers to share data for better patient care quality A goal of the HITECH Act is interoperability for providers to electronically share patient data.
Match meaningful use stages with their requirements. Required for EHRs Minimum bar of 25 criteria for capture of electronic clinical data Ensures information technology use supports National Quality Strategy All providers use certified 2015 Edition EHRs Stage 3 Stage 4 Stage 2 Stage 1
Required for EHRs Minimum bar of 25 criteria for capture of electronic clinical data - Stage 1 Ensures information technology use supports National Quality Strategy - Stage 2 All providers use certified 2015 Edition EHRs - Stage 3