EHR chapter 3

consent

permission given to a covered entity for uses and disclosure of protected health info. for treatment, payment, and healthcare operations

physical safeguard

protection against unauthorized intrusion using locks, security guards, employee identification and visitor badges

ethics

rules and standards of conduct that govern professional behavior and arise from our shared understanding of morality

name 2 of the privacy rule requirements for each disclosure

the date of the disclosure, the name and address, if known, of entity or person

confidentiality

the obligation of professionals to keep a patients information in confidence

anonymity

the patient's right to have private health data collected in a way that can never be linked ot traced back

T/F: lab results would be an example of PHI

true

technical safeguard

unique usernames or numbers, automatic logoff after a period of inactivity or encryption

which of the following is not a covered entity

workers compensation program

what does HIPAA stand for

health insurance portability and accountability

T/F: if erroneous information is found in a file, it can be removed at the patient's request

False

T/F: a computer can verify that a password is valid, but cannot authenticate that the person using the password is authorized to do so

True

T/F: workers compensation is exempt from some HIPAA regulations

True

what does MIB, inc. stand for and briefly explain what they do

medical information bureau, maintains a database of medical information exchanged by the life, health, and disability insurers that make up its membership

the privacy rule prohibits the discussion of patient information in the following areas except

over the telephone

privacy

patients freedom to determine when, how much, and under what circumstances their medical info.

minimum necessary standard

a key provision of the HIPAA privacy rule requiring that covered entities limit unnecessary or inappropriate access to a disclosure

name the 3 security safeguards in the medical practice

administrative, physical, technical

Administrative safeguard

adopt formal processes to prevent, detect, contain, and correct security violations

what are some login procedures to help practices meet security specifications

appropriate username and password, smart cards, finger prints, change password often, no password sharing

the office manager reviews the staff's________ every 6 months to determine if any unauthorized information was accessed

audit trail

describe the difference between confidential vs. anonymous

confidential- patients right to have private health data collected in a way that can't be linked or traced back anonymous- the obligation of professionals to keep a patients info. in confidence

describe the difference between confidentiality vs. privacy

confidentiality- refers to the right of an individual to have all their info. including health info, kept private. privacy- refers to the patients right to control how their healthcare info is used and shared with others

in order to release patient information for participation in a research study a _____ form would need to be completed

disclosure authorization

authorization

document giving a covered entity permission to use protected health information for specified purposes other than treatment , payment, or healthcare

T/F: copying the entire chart for a patient's cardiovascular referral appointment would be an example of minimum necessary standerd

false

laws

formal enforcement rules and policies based on community standards of conduct

disclosure

giving access to releasing or transferring info. to a person or entity

what does protected health information pertain to

health information stored and transmitted electronically