HITT 1353 Midterm

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

The Privacy Rule generally requires covered entities to take reasonable steps to limit the use or disclosure of, and requests for, protected health information to the ______________ _______________ to accomplish the intended purpose.

minimum necessary

A business associate (BA) is ______ ____________ by the covered entity, but are __________ the covered entity.

not employed; contracted

Personnel files are _______ _________ under the Privacy rule.

not protected

Pre-employment physical exams are _______ _________ under the Privacy rule.

not protected

A pre-employment physical exam is included in the patient's __________ __________________, NOT the health record.

personnel record

Confidentiality is the legal term used to define ________ of ________ _________ within patient/provider relationships.

protection; health information

Many times, organizations have copies of health records from other providers. when this information is released it is known as __________________.

redisclosure

Privacy is _______________ access to patient's information.

safeguarding The Privacy Rule governs the privacy of protected health information regardless of the medium it is stored.

For a physician practice that is closing to sell patient information to a provider who is buying the business, the records cannot be part of the ____________ ______ ________ _______________.

sale of the practice.

In relation to electronic records, the HITECH Act has ________________ the HIPAA Privacy and Security rules.

strengthened

A provider amendment to a health record is a type of late entry where information is added to __________ or ______________ a previous entry.

support; clarify

If a medical record goes to court, the custodian of health records must testify that the records were created during ____________________________________________.

the normal course of business.

A physician practice that is closing can sell patient information to a provider buying the business, but they cannot ____________ the records without the ____________ ________________.

transfer; patient's consent

Breach is defined as ________ access, acquisition, use or disclosure of PHI which _________ the security or privacy of the information.

unauthorized; compromises

___________ _______ governs how much an entity can be charged for health records.

State law

What are the 9 items required for a valid subpoena for a federal case? (ANNN)

- Assigned case docket number - Name of the court from which subpoena was issued - Names of plaintiff and defendant - Name of issuing attorney - Information required, such as testimony or specific documents - Form in which the information is to be produced - Name of the recipient being directed to disclose the records - Signature or stamp of court official/judge authorized to issue the subpoena

Which legislation allows information to be restricted for patients who pay out of pocket for health services?

The HITECH Act. Passed to promote the adoption and meaningful use of HIT. Subtitle D addresses privacy and security and strengthens the civil and criminal enforcement of HIPAA rules.

What is the OCR?

The US Department of HHS Office for Civil Rights enforces HIPAA Privacy and Security rules.

Can health information be sent from a hospital to a clinic without patient authorization if the patient plans to receive follow up care at that clinic?

Yes, for continuum of care.

Does HHS have the right to inspect health records without authorization?

Yes.

Does a firefighter or EMT have the right to access a patient's record who has bled all over them after rescuing the victim, to determine if the victim has HIV?

Yes.

Does a non-custodial parent who still has rights to the child have access to minor's health record?

Yes. In some cases a step-parent may have greater rights to the records than the non-custodial biological parent.

Does a parent have access to a minor's health record?

Yes. Instances such as STD and abortions the minor may seek treatment without parental acknowledgment and may request this information not to be disclosed to parent.

When the patient is deceased can the executor or the estate request copies of the health record?

Yes. The power of attorney's right end once the patient dies.

How do you respond to a court order or subpoena?

You must comply!

Who is the custodian of health records?

HIM director

What does HIPAA defer to when it comes to access, use, or disclosure of minors' health records?

HIPAA defers to state law.

A business associate (BA) performs functions that require _________ to PHI.

access

Security is controlling access and protecting information from ________ or ____________ disclosure of unauthorized persons, and from unauthorized ___________, ___________, or __________.

accidental; intentional; alteration; destruction; loss.

If a breach affects fewer than 500 individuals, the covered entity may notify the Secretary on an __________ basis.

annual

Health records may be included as evidence under the _________________ _________ ______________.

business record exception

An advance directive is a legal document that indicates what a person wants done if they _____________________.

cannot make their own medical decisions.

OCR investigates ________________, and conducts reviews to see if covered entities are within ___________________.

complaints; compliance

A breach simply disclosed in error to 1 single patient would not need to be reported to HHS until the _____________________.

end of the year

The hearsay rule is to prevent out of court secondhand statements from being used as ______________ ____ ______ given the fact that the statements could be unreliable.

evidence at trial

Authorizations must contain an ___________ date.

expiration

How could delayed completion/deficiency of a health record impact its admissibility in court?

It reflects in favor of the patient and poorly on the hospital.

Can you release information to a family member for an individual who had not been deemed incapacitated?

No.

Appropriate documentation in health record:

Patient appears below the BMI for their height. Patient was not compliant.

Inappropriate documentation in health record:

Patient appears to be drug addict. Patient acting crazy.

If an individual wants to see his or her own health record what do you do?

Patients are allowed access to their health records.

A durable power of attorney deals with ________ or ___________. It remains in effect after a person is declared _______________.

financial; real estate; incompetent Some are drafted to indicate they will only go into effect if the person is incompetent.

The HIPAA Privacy Rule sets the _______ for privacy requirements.

floor

Health records are considered _________________.

hearsay

For a patient to request an amendment to their health record, they must make the request ____ __________, and ___________ ___________ for the amendment.

in writing; provide rationale

Hearsay evidence is _________ for lack of a firsthand witness.

inadmissible

A Durable Power or Attorney for Health Care Decision (DPOA-HCD) covers decisions related to healthcare for __________ individuals.

incompetent

Patients can be charged for _________ and _________ costs for copies of medical records.

labor; supply

A power of attorney grants authority to another person or several people to make _______ and _________ decisions for someone while the person is ___________ (of sound mind).

legal; financial; competent

A living will is executed by a competent person that expresses his/her wishes to _________ treatment methods with specific diagnosis or if certain conditions exist.

limit Some states require two or more physicians to certify in writing that the individual has a terminal illness.

If a breach affects _______ or more individuals, covered entities must notify the Secretary without unreasonable delay no later than ______ days following a breach.

500, 60

The retention for HIPAA related documentation is ________ years.

6

If one patient's information is accidentally given to another patient, simply notify HHS at least _______ days after the end of the calendar year.

60

What are all 3 exceptions to the breach definition?

- Disclosure to a person that the covered entity believes in good faith was unlikely to retain the information (a nurse accidentally gives lab results to the wrong patient who immediately sees that it is not their lab results and hands it back to the nurse) - Unintended use or access of PHI by an employee of the covered entity (the tech pulls the wrong John Smith's record when trying to schedule an appointment) - The disclosure was accidental by a person who is authorized to use PHI to another person at work (sending patient information to the wrong doctor is not considered a breach)

What are items required on a valid authorization?

- Expiration date cannot be expired - Authorization must be completely filled out with no blanks or required elements - Authorization should not be revoked - Authorization cannot violate compound authorization requirements - All material on the authorization must be true

Under the Privacy Rule, what are considered unique patient identifiers?

- Name - Address - All elements of dates except years of age - Telephone numbers - Fax number - Email address - SS# - Medical record # - Health plan beneficiary # - Account # - Certificate or license # - Vehicle identifiers including license plate # - Device identifiers - Web URL - IP Address - Finger or voice print - Photographic images

What rights does a patient have concerning their health information, access to the health information, and destruction of the information?

- Patients have the right to review and inspect their health information. - Patients do not have the right to choose when/how their information is destroyed.

When can you deny an individual the right to see his or her own health information?

- Patients may be denied the request if the desire is to see psychotherapy notes - Patients may be denied if the provider feels the patient is a danger to self

What are examples of business associates (BA)?

- Third party administrator that assists a health plan with claims processing. - A CPA firm whose accounting services to a health provider involve access to PHI. - An attorney whose legal services to a health plan involve access to PHI. - A consultant that performs UR for a hospital. - A healthcare clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a healthcare provider and forwards the processed transaction to a payer. - An independent medical transcriptionist that provides transcription to a physician. - A pharmacy benefits manager that manages a health plan's pharmacist network.

The minimum necessary rule does NOT apply to uses or disclosures for:

- Treatment purposes. - To the individual who is the subject of the information. - Made pursuant to an individual's authorization. - Required for compliance with HIPAA Administrative Simplification Rules - To the Department of Health and Human Services (HHS) when disclosure of information is required under the Privacy Rule for enforcement purposes - Required by other law

What are the 4 basic tests the record must pass for exception to hearsay?

1. Made/created during the regular course of business 2. Entry was made by an employee or representative of the business who had personal knowledge of the act or condition being recorded 3. Record was made at or near the time of the recorded act or condition occurred, or soon after 4. Records were kept in a consistent manner according to procedure.


Ensembles d'études connexes

SOCIAL PSYCH MIDTERM LECTURE NOTES

View Set

Chapter 3 Study Guide Physical Science

View Set

ENG 100 - Week 1, Knowledge Check

View Set

Safety and infection control quiz

View Set

Construction Productivity: Measurement and Improvememt

View Set

ITS THE FINAL COUNT DOWWWWNNNNN!!!!!

View Set

Chapter 34 Drugs for Fluid Volume Excess Prep U

View Set

DNA as a double helix made of two antiparallel strands of nucleotides with two strands linked by hydrogen bonding between complementary base pairs

View Set

Chem 101 Practice Problems Lectures 1-?

View Set

Chapter 20 - Accounting Changes and Error Corrections

View Set