Ch 10
The Federal Privacy Act _____. Allows a patient greater access to records than is provided for by HIPAA Allows a patient less access to records than is provided for by HIPAA Applies to all facilities that receive Medicaid and Medicare reimbursement only Applies to facilities operated by state governments, but not federal governments
Allows a patient greater access to records than is provided for by HIPAA
According to HIPAA, the _____ has the right to access patient information in the complete medical record. government patient payer transferring facility
patient
Health care information is owned by the _____. facility government agency patient treating physician
patient
The release of information _____. is enforceable past the expiration date may be denied by the provider for any reason permits removal of records from the provider's control requires the express consent of the patient
requires the express consent of the patient
Authority for release of information can be granted to an individual who is: _____. Actively serving in the US armed forces Engaged to be married Not living with his or her parents Quitting high school
Actively serving in the US armed forces
Which is a direct identifier that must be removed from research subjects' records in order to comply with the use of a limited data set? Account number Age Gender Race
Account number
List four items that must be included on a valid release of information form.
1. The individual's name and identifying information 2. A specific and meaningful description of the information to be sued or disclosed. 3. An expiration date or expiration event that relates to the individual or purpose of the use or disclosure. 4. The signature and date of the individual.
With regards to the method of disclosure, the law requires that it be made by: Any method consistent with professional guidelines and institutional practices. Electronic transmission that includes the application of encryption software. Mail or other shipping method that verifies the receipt of the patient records. Portable media such as CD-ROM, DVD, portable hard drive, or thumb drive.
Any method consistent with professional guidelines and institutional practices.
A parent will not be granted access to the health care record of his or her child who has not yet reached the age of majority when the minor child _____. Can lawfully obtain health care without parental consent Is pursuing her GED online and living with her parents Seeks treatment for an injury sustained in an auto accident Violates terms of her court-assigned probation and runs away
Can lawfully obtain health care without parental consent
Reporting of public health threats include _____. Breaches of confidentiality Child abuse Domestic violence Terminations of pregnancy
Child abuse
Which is categorized as a business associate, as defined by HIPAA regulations? Government entities Health care providers Patients and family members Claims processing companies
Claims processing companies
An authorization for use or disclosure of patient-specific health information that has been combined with any other document is called a(n) _____ authorization. Admissibility Beneficence Certiorari Compound
Compound
Which is an agreement constructed to authorize a business associate's access to protected health information (PHI) under the HIPAA Privacy Rule? Description of the permitted uses of released patient information. Government agencies that will be impacted by release of PHI. Methods for notifying the provider whenever the information is accessed. Name of primary business associate who will view the patient record.
Description of the permitted uses of released patient information.
A patient's friend or family may be given access to medical records in the event that the _____. Family member is the custodial parent of a minor child Friend is the patient's local church pastor or minister Health care facility has no policy regarding ROI Patient would otherwise unreasonably object to access
Family member is the custodial parent of a minor child
When determining which entity's federal or state law concerning the control of health information control is preemptive, the health information manager must understand that the _____. Federal or state law that is more stringent is followed HIPAA privacy rules always preempts state and local laws Language in federal laws preempts state and local laws State mandates result from mandates determined to be federal
Federal or state law that is more stringent is followed
The Declaration of Helsinki applies to _____. Freedom of patient access to medical records relative to research Guidelines followed when conducting research involving human subjects Protection of human and non-human subjects involved in medical research Legal consequences of ethical violations occurring during research
Guidelines followed when conducting research involving human subjects
Which is a HIPAA Privacy Rule exceptions to the requirement that consent to release protected health information (PHI) be obtained prior to disclosure? Adverse events involving provider negligence. Contained accidental chemical exposure. Instances concerning victims of abuse or neglect. Non-violent trauma that results in emergency care.
Instances concerning victims of abuse and neglect
A release of information (ROI) authorization signed and dated by the patient is considered invalid when it _____. Contains information that may implicate the provider in negligence Includes medical information about unnamed family members Lacks a specific description of the information requested Meets the facility's ROI policy as well as HIPAA requirements
Lacks a specific description of the information requested.
The minimum necessary standard refers to the healthcare provider's effort to _____. Invoice third-party payers for the least reasonable amount associated with care provided to the patient Limit patient-specific health information released to that which is needed to accomplish the intended purpose only Minimalize the risk of negligence that would result in becoming involved in a malpractice lawsuit Provide the patient with the minimum amount of procedures and medications to maintain reasonable insurance costs
Limit patient-specific health information released to that which is needed to accomplish the intended purpose only
HIPAA provides for two exceptions in which approval for research does not require full IRB review. They include _____. Identified information and waiver or authorization Limited data set and de-identified information Minimum data set and UHDDS information Research that meets criteria for emergency review
Limited data set and de-identified information
Third parties have the right to access a person's information if _____. Previous access to records was granted Proper release of information is authorized The requesting parties are third-party payers The requestors are the patient's caregivers
Proper release of information is authorized
A redisclosure notice _____. Allows information released by a facility to be submitted to RHIO agencies. Is optional when the patient information pertains to drug and alcohol abuse treatment. Protects information from the patient record from being shared with a third party. Prohibits information from being only for the stated purpose included on ROI form.
Protects information from the patient record from being shared with a third party.
Which is a method used by the health information manager to protect patient information from identity theft? Performing background checks on anyone requesting information. Permitting access by representatives of physician offices only. Redacting portions of credit card and social security numbers. Restricting password access to all hospital staff members.
Redacting portions of credit card and social security numbers.
Which is an example of a valid reason for restricting access to a patient's medical record? Access to information in the patient record is never restricted, regardless of reason. Information revealed during litigation would adversely impact a person's marriage. Patient information obtained via court order would reveal criminal behavior. Releasing information might have a detrimental effect on the patient's mental health.
Releasing information might have a detrimental effect on the patient's mental health.
HIPAA regulations establish a "floor" of patient rights, which means _____. Facilities of multi-state hospital systems abide by state laws granting the least access Multi-state hospital systems are bound by the federal HIPAA requirements only States may enact legislation that provides for additional patient access to records States must restrict patient access to records according to minimum HIPAA
States may enact legislation that provides for additional patient access to records
What is the role of the IRB?
The IRB's role is to safeguard human subjects' rights and welfare. They must review, approve, and monitor medical research. The IRB also looks at how the confidential information will be stored and maintained.
A business associate is defined as one who performs or assists in performing a function or activity involving the use or disclosure of individually identifiable health information on behalf of a covered entity. T or F?
True
A personal health record is a collection of the patient's important health information " that can be drawn from multiple sources and that is managed, shared, and controlled by or primarily for the individual." T or F?
True
In the modern view of ownership of health information, the health care provider owns the medium in which the patient health information is created and stored, and the patient possesses right of access. T or F?
True
Lacking a core element and an authorization not being filled out completely are both common defects of an invalid release of information form. T or F?
True
A reasonable fee for the copying of health information is established by the state. T or F?
True
An emancipated minor is one who is _____. a 17 year old who served in the armed forces a mentally disabled 18 year old a minor child a mentally disabled 15-year-old
a 17 year old who served in the armed forces