Intro to the fundamentals of law for health information and information management
Privacy protection related to health information has been established in all but which one of the following ways? State laws Federal laws Court decisions Constitutional right
Constitutional right
What is the term used most often to describe the individual within an organization who is responsible for protecting health information in conjunction with the court system? Administrator of record Custodian of record Director of record Supervisor of record
Custodian of record
T/F: repots that "there has been a significant increase in the percent of hospitals that provide patients with the ability to electronically view, download, and transmit their health information" since 2013 with a decrease in patient engagement functionalities.
False, there was an increase not decrease
The joint commission definition of __________ reflects all administrative, physician, and technical safeguards to "prevent unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system".
security
Similar to the role of custodianship, ________________ goes beyond the physical role to include "responsibilities for ensuring integrity (accuracy, completeness, timeliness) and security (protection of privacy as well as from tampering, loss or destruction) within the context of electronic information and records management".
stewardship
___________ with advances in information technology, at least 93% of information generated today is created using digital technology.
volume and duplicity
From a federal perspective, the US Code on Information Security defines information security as follows: Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide
1. integrity, which means guarding against improper information modifications or destruction, and includes ensuring information non-repudiation and authenticity. 2. Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and propriety information. 3. Availability, which means ensuring timely and reliable access to and use of information.
The ASTM E31 Health Informatics Subcommittee defines security from _______ perspectives, security related to data and security related to systems: 1 2 3 4
2
How many types of law are there? 4 1 2 3
2 Public and Private
HIPAA and HITECH are two of more than ________ federal laws and regulations addressing privacy, confidentiality, and security protections. 1000 250 50 550
50
The "custodian of health records" refers to the individual within an organization who is responsible for the following action(s): Authorized to certify records Supervises inspection and copying of records Testifies to authenticity of records All of the above None of the above
All of the above
The concept of confidentiality applies to which of the following? All data and information systems Automated, paper and verbal communications Clinical, financial and business records All of the above
All of the above
When someone is identified as an information steward, the individual is responsible for what activities? Integrity of electronic health record Protecting loss or destruction of electronic health record Security of electronic health record a and c b and c All of the above
All of the above
One definition, which addresses the breadth of privacy, is provided by the _____________________ Health Informatics Subcommittee, which states: Privacy is a right of individuals to be let alone and to be protected against physical or psychological invasion or the misuse of their property. It includes freedom from intrusion or observation into one's private affairs, the right to remain control over certain personal information, and the freedom to act without outside interference (ASTM) on privacy, confidentiality, and access.
American Society for Testing and Materials
What is the legal term used to describe the physical and electronic protection of health information? Access Privacy Answer Security Confidentiality
Answer Security
What is the legal term used to define the protection of health information in a patient-provider relationship? Access Confidentiality Privacy Security
Confidentiality
___________ is the result of effective data protection measures; the sum of measures that safeguard data and computer programs from undesired occurrences and exposure to accidental or intentional access or disclosure to unauthorized persons, or a combination thereof; accidental or software deficiencies, operating mistakes; physical damage by fire, water, smoke, excessive temperature, electrical failure, or sabotage, or a combination thereof. Data security exists when data are protected from accidental or intentional disclosure to unauthorized persons and from unauthorized or accidental alteration.
Data security
Public law
Involved federal, state and businesses as related to government Ex. federal or state laws that define access, use, and disclosure of patient healthcare information represent public laws.
Private law
Is concerned with the rules and principles that define rights and duties among individuals and among private businesses. Private law addresses issues such as contracts between two entities. Ex. a contract between an EHR vendor and a hospital system.
___________ of the physical health record, whether paper, electronic, or hybrid, has traditionally been grated to the healthcare provider who generates the record. However, stated and federal laws have long upheld the right of the patient to control the information within the record.
Ownership
Jeff Hill has gone to this doctor to discuss possible treatment for lung cancer, which he does not want anyone to know he has. Jeff is reasonably assured his information will be confidential based on which of the following legal concepts? Closed communication Open communication Private communication Privileged communication
Privileged communication
Who owns the health record? Patient No one Provider who generated the information Insurance company who paid for the care recorded in the record
Provider who generated the information
Privacy as a legal term is best described by which definition? Right of an individual to limit disclosure of personal information Protection of health information in a patient-provider relationship Physical and electronic protection of health information Prevents the stealing of electronically stored information
Right of an individual to limit disclosure of personal
T/F: The key difference in these definitions is that the EMR is considered an electronic record housed within an organization, whereas an EHR is thought to contain data or information from more than one organization.
True
______________ electronic information can be more easily modified than paper information.
dynamic changeable content
__________ is the totality of safeguards including hardware, software, personnel policies, information practice policies, disaster preparedness, and oversight of these components. Security protects both the system and the information contained within form unauthorized access from without and form misuse from within. Security enable the entity or system to protect the confidential information it stores from unauthorized access, disclosure, or misuse, thereby protecting the privacy of the individuals who are the subjects of the stored information.
System security
T/F: A health record may also be known as a medical record, patient record, client record, inpatient record, outpatient record, or clinical record.
True
T/F: Although the US Constitution DOES NOT expressly grant the right of privacy, it does provide safeguards against government intrusion.
True
T/F: HIPAA privacy rules went into effect in 2002, followed by security rules in 2003
True
T/F: The custodian supervises the inspection and copying or duplication of records and can be called to testify as the authenticity of the record.
True
Health information is collected from multiple sources and is used for a wide v()ariety of purposes. It is protected under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which defines protected health information (PHI) as:
any information, whether oral or recorded in any form or medium, that: (1)Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and (2) Related to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual.
______________ electronic documents are easily stored in multiple locations such as on computer hard drives, servers, or portable devices such as laptops, PDA's, cell phones, or jump drives.
dispersion and searchability
Whether the health record is a paper record, a hybrid record, an EMR, or an EHR, it is the legal ___________ created in the normal course of business of an organization or healthcare provider.
business record
___________ results form sharing private thoughts with someone else in confidence.
confidentiality
An official ______________ is required by both federal and state rules of evidence that permit health records to be entered as business records in legal proceedings.
custodian
The _________________ of health records is the individual who has been designed as having responsibility for the operational functions related to the development and maintenance of records.
custodian
_______________ an electronic record of health-related information on an individual that conforms to nationally recognized interoperability standards and that can be created, managed, and consulted by authorized clinicians and staff across more than one healthcare organization.
electronic health record
______________"an electronic record of health-related information on an individual that can be created, gathered, managed, and consulted by authorized clinicians and staff within one healthcare organization".
electronic medical record
When an organization engages in __________________, it facilitates stewardship and over-all information governance by supporting the "functions used to plan, organize and coordinate people, processes, technology, and content for managing information as a corporate asset that ensures data quality, safety, and ease of use".
enterprise information system (EIM)
________________ unlike paper documents, electronic data may not be readable once it is moved form its ___________.
environment-dependence and obsolesence
AHIMA states that a ____________ "comprises individually identifiable data, in any medium, that are collected, processed, stored, displayed, and used by healthcare processionals.
health record
The term _________ refers to a a record that consists of both paper and electronic records and media (for example, film, video, or imaging system) and uses both manual and electronic processes.
hybrid health record
Stewardship is a component of _________________. It refers to "an organization wide framework for managing information throughout its lifecycle and supporting the organization's strategy, operations, regulatory, legal, risk and environmental requirements".
information governance
Information detailing the contents of a health record, including what constitutes a ______________.
legal health record
The form of a health record that is the legal business record of the organization and serves as evidence in lawsuits or other legal actions; what constitutes an organization's legal health record varies depending on how the organization defines it.
legal health record
_____________ electronic documents contain _________ which is information about the document or file that is recorded by the computer to assist the computer and often the user in storing and retrieving the document or file at a later date.
metadata
Healthcare providers have implemented ______________ that allow patients to electronically access their personal health record, and schedule appointments, communicate with their provider via e-mail messaging, and perform other functions as offered by the organization
patient portals
_____________ it is much more difficult to dispose of electronic documents than paper documents.
persistence
_______________ is defined as "an electronic record of health-related information on an individual that conforms to nationally recognized interoperability standards and that can be drawn from multiple sources while being managed, shared and controlled by the individual.
personal health record (PHR)
The joint commission defines __________ as an individual's "right to limit the disclosure of personal information".
privacy
__________ is an important social value that, described by jurists Samuel Warren and Louis Brandeis in 1890, means the right (to be let alone).
privacy
The information or communication shared in these relationships is considered "PRIVLEGED" . What constitutes _______________ is usually delineated by state law.
privileged communication