HIM 298 Sayles CHAPTER 8 HEALTH LAW
Individual Identifiers under HIPAA:
* Name * All address information * Dates, including birth, death, admission, discharge, and any data indicating age * Telephone numbers * Fax Numbers * Email Addresses * Social Security Number * Health Record Number * Health Plan Beneficiary Number * Account Numbers * Certificate/License numbers * Vehicle Identifiers * Device identifiers and serial numbers * URLs * IP Addresses * Biometric Identifiers * Facial Photographs * Any other unique identifying number, characteristic, or code.
Legal theories supporting a medical malpractice lawsuit include:
* Negligence * Res Ipsa Loquitur * Failure to Warn * Vicarious Liability * Corporate Negligence
Limitations of HIPAA:
* does not address employment records kept by a covered entity in its capacity as an employer * does not cover student health records
HIPAA Security Safeguards: (page 311 Table 13.5 Legal Book)
1) Administrative Safeguards 2) Physical Safeguards 3) Technical Safeguards
Private Law includes/encompasses issues related to Civil actions such as:
1) Contracts 2)Intellectual Property 3) Tort
Public Law includes:
1) Criminal 2) Constitutional
Types of Laws:
1) Public Law 2) Private Law
Generally, the authority to release information rests with:
1) The patient, if the patient is a competent adult or emancipated minor 2) A legal guardian or parent on behalf of a minor child 3) The executor or administrator of a estate if the patient is deceased.
Statutes of Limitations are designed for two purposes:
1) To force those persons considering a lawsuit to bring the lawsuit at a time when memories are intact and evidence is available and, therefore, not "sit on their rights"; 2) To allow potential defendants a time frame from which to know that a lawsuit can no longer be made against them.
Federal Regulations governing the disclosure of patient information fall into three categories:
1) disclosures made with written patient authorization 2) those made without written patient authorization but pursuant to federal regulation 3) those made subject to a valid court order.
Steps in Civil Lawsuits:
1. Complaint 2. Discovery 3. Pretrial Conference 4. Trial 5. Appeal 6. Satisfying the judgement
Exceptions to prior consent
1. Disclosure to public health authorities as required by law (ex: reporting of communicable diseases) 2. Disclosure to governmental authority to receive reports of abuse, neglect, or domestic violence 3. Disclosure to a health oversight agency for oversight activities as required by law, including audits and inspections. 4. Disclosure to law enforcement agencies for limited purposes, such as reporting certain types of wounds or an individual's death, which may have resulted from criminal conduct 5. Disclosure to coroners, medical examiners, and funeral directors as required by law and as necessary to carry out their duties with respect to a decedent. 6. Disclosure for research purposes, if stringent standards are met. 7. Disclosure to avert a serious threat to health and safety 8. Disclosure for specialized governmental functions, such as for the conduct of lawful intelligence or the protection of the President. 9. Disclosure for Worker's Compensation
Major Laws addressing Fraud and Abuse:
1. False Claims Act 2. Qui tam actions 3. Anti-kickback statutes 4. Physician self-referral prohibitions/Stark Law (Stark I and II) 5. Mail and Wire Fraud Statutes 6. HIPAA 7. Deficit Reduction Act of 2005
Common Elements of a Subpoena:
1. Name of court where lawsuit is brought. 2. Names of the parties to the lawsuit. 3. Docket number of the case. 4. Date, time, and place of the requested appearance. 5. Specific documents to be produced if a subpoena duces tecum is involved. 6. Name and telephone number of attorney who requested the subpoena. 7. Signature, stamp, or seal of the official empowered to issue the subpoena. 8. Witness fees, where provided by law.
Three types of negligence:
1. Nonfeasance 2. Malfeasance 3. Misfeasance
Parties to a Lawsuit:
1. Plaintiff 2. Defendant/Third-Party Plaintiff 3. Third Party Defendant
Two of the many federal and state statutes and regulations that provide a protective framework around the health record and also form its content:
1. Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA) 2. American Recovery and Reinvestment Act (ARRA)
There are two types of subpoenas:
1. Subpoena ad testificandum 2. Subpoena duces tecum
In addition to federal and state laws, there are accrediting bodies that provide standards and requirements related to the protection and the content of the health records, such as
1. The Joint Commission 2. American Osteopathic Association (AOA)
Core Elements of a Valid Release of Health Information Form:
1. The individual's name and identifying information. 2. A specific and meaningful description of the information to be used or disclosed. 3. The name or other specific identification of the person or class of persons to whom the disclosure is to be made. 5. An expiration date or expiration event that relates to the individual or purpose of the use or disclosure. 6. A statement of the individual's right to revoke the authorization, the exceptions to the right to revoke, and a description of the individual may revoke the authorization. 7. A statement that the information used or disclosed is subject to redisclosure and may loose its protected status. 8. The signature and date of the individual. 9. If the authorization is signed by the individual's personal representatives, a description of the representative's authority to act for the individual. (page 213 of Legal Book)
Patients Rights under HIPAA
1. To access, inspect, and maintain a copy of his protected health information 2. To be notified of the information privacy practices a health care entity follows 3. To limit the use or disclosures of protected health information, including for marketing purposes. 4. To request that the health care provider take reasonable steps to ensure that communications with the patient are confidential. 5. To request an accounting of all disclosure of protected health information 6. To file a formal complaint concerning the privacy practices of the health care entity.
To succeed in a negligence claim for medical malpractice, the plaintiff (the patient) must prove the following four elements:
1. a duty to care is owed to the patient 2. a breach of this duty of care 3. a causal connection between the breach of duty and the patient's injury 4. damages
Four sources of Public and Private Law:
1= Constitutions 2= Statutes 3= Administrative Law 4= Judicial decisions also known as common law or case law
For a negligence law suit to be successful, the plaintiff must prove four elements:
1= The existence of a duty to meet a standard of care (degree of caution expected of an ordinary reasonable person under given circumstances). 2= Breach or deviation from that duty 3= Causation, the relationship between the defendant's conduct and the harm that was suffered. 4= Injury (harm), which may be economic (medical expenses and loss of wages) of non-economic (pain and suffering)
Stark II
= Congress later extended Stark I prohibition to other services so that a physician is barred from referring Medicare patients to a DESIGNATED HEALTH SERVICE in which the physician or immediate family member possesses a financial interest. = the term DESIGNATED HEALTH SERVICE is broad enough to include durable medical equipment, clinical laboratories, occupational therapy, physical therapy, hospital services, orthotics and prosthetics, radiology, parenteral and enteral nutrition services and supplies, home health services, and outpatient prescription drugs. = under this law, a physician violates the law by referring a Medicare patient to any entity just listed if the physician or immediate family member holds any financial interest in the entity. By making such referral, the physician taints the claim for reimbursement made by the referred entity. = requests for an advisory opinion concerning these exceptions are directed to the CMS.
Stark Law
= Congress passed laws that prohibit self-referral for a number of services. = is the Physician Self-Referral Law = builds on the Anti-Kickback Statute and prohibits a physician from referring patients to a business in which he or she or a member of the physician's immediate family has financial interests = EXAMPLE: If the physician owns a dialysis center, he or she cannot refer a patient for dialysis at that location.
Who may grant authority to release health information is a matter governed by
= State Law and Regulation
HIPAA Security Rule
= a controlling regulation that establishes a requirement for effective information security policies. Because information security policies provide answers to the "who, what, where, when, why, and how" questions of information security, they cover the issue of destruction of protected health information. = requires a risk analysis of electronically protected health information. = establishes security safeguards for protected health information that a covered entity creates, receives, maintains, or transmits in an electronic format. = this rule establishes security safeguards that: 1= Protect the confidentiality of data so that only those persons authorized may see the data 2= Ensure data integrity by protecting it from unauthorized creation, modification , or deletion 3= allow data to be available when needed. = serves to protect health information by specifying the technical requirements, policies, and procedures that covered entities can use to protect data from known threats and vulnerabilities.
Stark I
= a physician is barred from referring Medicare patients to a clinical laboratory in which the physician or an immediate family member possesses a financial interest.
Whistle-blowers
= a relator who is a current or former employee of the health care provider or organization who has learned of the fraud and abuse and wishes to expose the activity. = have included physicians who supervised laboratories and supervisors responsible for billing, coding, and claims processing procedures. Relators have even included persons whose insurance benefits were the subject of coverage and payment disputes between Medicare and third-party payers.
Litigation Response Plan
= a tool consisting of policies and procedures that address how to respond to legal process requests.
2. Malfeasance
= a wrong improper act, such as removal of the wrong body part
Malfeasance
= a wrong or improper act, such as removal of the wrong body part
HIPAA (Health Insurance Portability and Accountability Act)
= addresses issues of privacy and security of protected health information of individual patients. = these regulations were created pursuant to an administrative procedure act and were subject to multiple notice and comment periods. = all 3 branches of the government play a role in this act: * Congress creates a statute * Executive Branch enforces it * Judicial Branch resolves litigation relating to it. = Congress passed this in part to battle perceived health care fraud and abuse. = established or strengthened five programs to assist with fraud enforcement, all to be administered by the executive branch. = also empowered executive branch agencies to promulgate rules and regulations concerning the confidentiality, privacy, and security of health information. = addresses wrongful disclosure in statutory provisions specifying that knowing disclosure of individually identifiable health information to another person in violation of this provision is a FEDERAL OFFENSE/FEDERAL CRIME. = in addition to offering confidentiality protections to patient information, this rule enumerates several rights to patients pertinent to their health information. These rights include, but are not limited to, the right to be informed of the uses and disclosures of this information, the right to restrict uses or disclosures of this information, the right to amend this information, and the right to inspect and copy this information. = provides a floor for the patient's right of access to his own health information; states have the flexibility to expand that right through the statute or regulation. = specifically prohibits genetic information, absent a diagnosis of a condition, from being considered a pre-existing condition for health insurance purposes. = also prohibits heath insurers from charging an individual a higher premium than others in a group because of the existence of genetic information. = was the first effort at the national level to address the misuse of genetic information by insurance companies.
Qui tam actions
= allow private plaintiffs (technically referred to as RELATORS) to sue on behalf of the US government and receive a portion of the recovered funds, if successful. The relator begins the lawsuit on his own initiative; however, the government may decide to intervene in the case and take over prosecution or may join in the prosecution with the relator. The government may decide to allow the relator to proceed with the case on his own without any form of government intervention.
Rules
= are the principles established by authorities that prescribe or direct certain action or forbearance from action. = in the context of judiciary, rules are used to implement statutory requirements, establish uniform procedures, and guide attorneys and parties to a case regarding how proceedings will be conducted.
Legal Process
= are the stages through which a lawsuit passes
Subpoena
= compels a response in a legal proceeding = is one of the most important discovery tools = it is not a method of discovery that actually elicits information (such as depositions and interrogatories), but it facilitates discovery by compelling individuals to appear at certain times and places or to produce requested documents. = is initiated on behalf of one of the parties in the case, although it is issued through the court. = is a command issued by a court or other authorized official to appear and/or present certain documents and other things.
Standard of Care
= degree of caution expected of an ordinary reasonable person under given circumstances. = is the level of care a reasonably prudent professional would have rendered in the same or similar circumstances.
HIPAA Privacy Rule
= dictate that an individual possesses a right to have a covered entity amend patient-specific health information or a record about the individual contained in a designated record set for as long as the patient-specific health information is maintained in that record set. = sets a floor requirement for health care providers to respond to patient request to correct the record. = addresses the sale, transfer, merger, or consolidation of all or part of a covered entity with another covered entity and defines it as part of the business management and general administrative activities of the covered entity. As such, the patient's authorization is NOT REQUIRED before the data and records are transferred from one covered entity to another. = this rule defines confidential health information as Protected Health Information (PHI). = requires health care providers to issue a Notice of Privacy Practice to each patient. = requires the healthcare provider to inform the patient that disclosures, other than for treatment, payment or operations, will only be made with the patient's consent. = also requires the provider to make a good faith effort to obtain the patient's acknowledgement that the notice has been received. = requires the covered entity to post a complete copy of the notice in a clear and prominent location of its facility. = does not stop with protection of the patient record per se but forms the basis for protections related to electronic health information exchanges. = recognizes clearly that the patient possesses a right of access to his own information. = dictate that the patient be notified of any uses and be given the opportunity to consent, reject, or request restriction of this information for any or all of the many uses the health record serves. = details both the content of the notice of privacy practices and the methods by which the patient is notified of the healthcare provider's information practices. = sets a standard where the health care provider may seek the patient's consent before using PHI to carry out treatment, payment, and health care operations. = requires the health care provider to obtain the patient's consent before using or disclosing the health information to carry out treatment, payment, or health care operations. = provides a floor of protections, allowing a state to enact more stringent protections. = establishes the principle of the minimum necessary standard for release of protected health information = provides authority for health care providers to charge reasonable, cost-based fees for copies or summary of PHI. = governs protected health information collected and used in the research environment.
Release of Information Form
= disclosure of patient information in the SUBSTANCE ABUSE context involves the use of this form. = a document that permits dissemination of confidential health information to third parties.
NPDB (National Practitioner Data Bank)
= established by the federal Health Care Quality Improvement Act of 1986. = an important part of credentialing process is querying this = one goal of this data bank is to limit the movement of physicians throughout the US where their negative histories such as medical malpractice lawsuits and loss of privileges at other healthcare facilities might go undetected. = the regulations include requirements for reporting information to this data bank prior to granting medical staff privileges. = this is where information concerning professional competence and conduct is reported by hospitals, medical societies, licensing boards, prepaid medical practices, and other health care entities involved in peer review activities. = specific information contained here includes data concerning malpractice payments, licensure actions, and adverse actions such as the loss of staff privileges of physicians and dentists in all fifty states.
Implied/Tacit Consent
= exists in situations in which a patient voluntarily submits to a procedure with apparent knowledge of that procedure and the procedure presents slight or no apparent risk, such as taking the patient's pulse or temperature. In these instances, the law presumes the patient has given consent. = communicated through conduct or a mechanism other than words, such as an unconscious person who is brought to the emergency room = the patient's consent to receive diagnostic or therapeutic treatment or procedures without expressing verbal or written action by the patient; often existing in situations in which a patient voluntarily submits to a procedure with apparent knowledge of that procedure and the procedure present slight or no apparent risk, such as taking the patient's pulse or temperature.
1. Nonfeasance
= failure to act, such as not ordering a standard diagnostic test
3. Misfeasance
= improper performance during an otherwise correct act, such s nicking the bladder during an otherwise appropriately performed gallbladder surgery.
PRIVATE LAW
= involves rights and duties among private entities or individuals. = are conflicts between private parties = Example: When a contract for the purchase of a house is written between two parties. = Example: In the MEDICAL FIELD, it often applies when there is a breach of contract or when a tort occurs through malpractice.
PUBLIC LAW
= involves the government at any level and its relationship with individuals and organizations. = it's purpose is to define , regulate, and enforce rights where any part of a government agency is a party. = are conflicts between the government and private parties = involves Criminal and Constitutional actions
Express Consent
= is a consent that can be written (preferable because it offers greater proof) or spoken; and communicated through words. = is in the form of verbal or written informed consent, is necessary in cases where diagnostic or therapeutic procedures will be performed. = here the risk of harm may or may not be readily apparent to the patient but is generally considered to be more than slight. = Examples include: invasive surgery, radiological therapy, or procedures that may change the body structure. = the verbal or written consent of a patient to receive diagnostic or therapeutic treatment or procedures.
summons
= is a document used to start a civil action and acquire jurisdiction over a defendant.
Statutes of Limitations
= is a law that sets forth a fixed time period in which a lawsuit must be brought. If a lawsuit is not brought within the time frame specified, the lawsuit is barred, and the court must dismiss the case. = are technical in nature, as illustrated by the fact that the time period of each varies between the type of lawsuit --- that is, contract or tort --- and between each state's laws. = is the period of time in which a lawsuit (such as medical malpractice) must be filed.
DNR = do-not-resuscitate
= is a type of advance directive that always specifies an individual's wish not to receive treatment specifically, cardiopulmonary resuscitation (CPR). = most often used by individuals who are elderly or in chronically ill health = it directs healthcare providers to refrain from performing the otherwise STANDING ORDER of CPR should the individual experience cardiac or respiratory arrest. = prior to executing this * the patient and physician should have a discussion, * a consent form should be signed by the patient, * and the physician writes an order in the patient's health record. = STATE LAW provides the framework for completing these types of orders and the forms. = JOINT COMMISSION-accredited organizations are required to implement POLICIES regarding advance directives and these types of orders. = also called PASSIVE EUTHANASIA or NEGATIVE EUTHANASIA = involves the practice in which no heroic measures are taken to preserve life. = also known as "NO-CODE" orders. = implicates the ethical concept of NONMALEFICENCE. = patient's decision regarding this may not have taken into consideration WHEN these orders should be implemented.
Complaint
= is a written document that describes: * the grounds of jurisdiction of the court * the plaintiff's claim in a short and plain statement * the demand for relief to which the plaintiff feels he is entitled, for example, damages.
Living Will
= is an advance directive executed by a competent adult, expressing the individual's wishes regarding treatment should the individual become afflicted with certain conditions (for example, a persistent vegetative state or a terminal condition) and no longer be able to communicate on his or her own behalf. = often address extraordinary life-saving measures such as ventilator support and either the continuation or removal or nutrition and hydration. = is a document, executed while a patient is competent, that provides direction as to medical care the patient should receive in the event she is incapacitated or unable to make personal decisions. = are analogous to blue prints or maps of the patient's wishes. = The value of this directive is that it specifies the patient's wishes, thereby lessening the decision-making burden on family members and health care providers concerning what actions they should or should not take with regard to the patient's care. = provides a measure of assurance to family members and health care providers tat if they follow the terms specified in this directive, they will act in compliance with the patient's wishes. = is a document, exercised while a patient is competent, that provides direction as to medical care in the event the patient becomes incapacitated or unable to make personal decisions. = generally refers to a document that provides direction as to medical care in the event the patient is incapacitated or unable to make personal decisions.
Medicare COP (Condition of Participation)
= is an example of a Public Law
Law
= is defined as a system of principles and processes by organized society to deal with disputes and problems without resorting to the use of force. = it establishes certain standards for human behavior.
Consent
= is one's agreement to receive medical treatment.
service of process
= is the delivery of the summons and complaint.
Minimum necessary standard
= is the principle under HIPAA and ARRA that governs the release of protected health information = requires the health care provider to make reasonable efforts to limit patient-specific health information to a limited data set, or to the minimum necessary to accomplish the intended purpose of such use, disclosure, or request, respectively.
Medical Malpractice
= is the professional liability of healthcare providers ---physicians, nurses, therapists, or others involved in the delivery of patient care. = this misconduct generally involves failing of a physician to follow a standard of care, which results in harm to the patient. = are not limited to physicians and may also be brought against other healthcare providers and institutions. = underlying is the existence of a relationship between the patient and the health care provider or institution. = the failure of a medical professional to follow standard of care prevalent for his or her profession that results in harm to the patient.
Qui tam
= is the whistle blower provisions of the False Claims Act---private persons, known as relators, may enforce the Act by filing a complaint, under seal, alleging fraud committed against the government. For example, if a coder is told to assign codes in violation of coding rules, then he or she can report the facility for fraud. The individual who submits the allegations can receive 15-30 percent of the penalties collected by the federal government.
Criminal Law
= is where the government is a party against an accused who has been charged with violating a criminal statute.
Litigation
= judicial decision as the ultimate outcome of a legal proceeding
Negligence
= occurs when a healthcare provider does not do what a prudent person would normally do in similar circumstances. = unintentional wrongdoing. = refers to someone failing to do something that a reasonably prudent person would do in a similar situation or, alternatively, doing something that a reasonably prudent person would not do in a similar situation. = is a wrong generally characterized by carelessness, inattentiveness, and neglectfulness rather than by positive intent to cause injury.
EMTALA (Emergency Medical Treatment and Active Labor Act)
= of the Consolidated Omnibus Budget Reconciliation Act of 1985 (COBRA) = hospitals and physicians who participate in the Medicare program must follow certain guidelines for the treatment and transfer of all patients, regardless of whether a particular patient who appears for care is eligible for Medicare. = commonly referred to as the "ANTIDUMPING LAW". = requires a hospital or physician to treat a patient who is in active labor or in an emergency medical condition until the condition is stabilized. Once the condition is stabilized, the hospital and physician have three choices: continue to treat the patient, transfer the patient, or discharge the patient.
Release of information
= provide health care providers and institutions with the authority to disclose patient-specific health information to persons not otherwise authorized to receive this information.
Malpractice
= refers to professional misconduct = this misconduct involves a professional who fails to follow a standard of care prevalent for his profession that results in harm to another person.
1. Subpoena ad testificandum
= seeks one's testimony
2. Subpoena duces tecum
= seeks the documents one can bring with him or her
Litigation hold
= the actions of a party who possesses electronically stored information (ESI) to make efforts to prevent routine destruction and preserve ESI that may be discoverable, even before the time when a lawsuit is filed.
False Claims Act
= the linchpin for the prosecution of health care fraud and abuse. = originally used during the Civil War to prosecute individuals and organizations that supplied the Union with inferior products or cheated the government outright. = it is used to protect the government against those who charge for services not rendered and is often used in the Medicare and Medicaid context. = typically, a health care provider or organization violates this by knowingly submitting a false or fraudulent claim to the government or by making a false statement in order to get the claim approved or paid. This knowing submission may be proven by: (1) showing that the provider or organization actually intended to commit fraud, or (2) knew the statement was false and was either deliberately ignorant of the truth or acted with reckless disregard of the truth when submitting the false statement. = these claims are typically brought as QUI TAM ACTIONS = one of the key components of the False Claims Act is QUI TAM
Defendant
= the person sued by the plaintiff
Plaintiff
= the person who initiates the lawsuit
Informed consent
= when a treatment or procedure becomes progressively more risky or invasive, it is important that this form is completed to ensure the patient has a basic understanding of diagnosis and the nature of the treatment or procedure, along with the risks, benefits, alternatives (including opting out of treatment), and individuals who will perform the treatment or procedure. = is a process and it is the responsibility of the provider who will be rendering the treatment or performing the procedure to obtain the patient's consent and answer the patient's questions. = failure to obtain this can result in legal action generally based on NEGLIGENCE
True or False: A general rule is that data are only destroyed after the retention period has expired, using only those methods specified in an information security policy.
True
True or False: Although it is typically thought of as addressing individually identifiable patient data, HIPAA also addresses business records, specifying retention periods for those records.
True
True or False: Another example of a third party requiring patient authorization is a member of the patient's period. Although the family member believe he possess an absolute right of access to the patient's health information by virtue of the family relationship, that is not the case under the law. A patient's friends and family may have access to a patient's protected health information under the HIPAA Privacy Rule if the patient agrees, or is given an opportunity to object but does not do so, or if the health care provider can reasonable infer from the circumstances that the patient would not object to the disclosure. Covered entities must treat a patient's personal representative as the patient for access purposes, absent an indication that the personal representative lacks authority to act on behalf of the patient.
True
True or False: Both HIPAA and ARRA address the privacy and security of health records.
True
True or False: Extensions of the statute of limitations period also apply to minors or persons under some type of legal disability. The extension of the statute of limitations period in these instances is referred to as TOLLING the statute of limitations. For EXAMPLE: A particular state's law may extend the period of time to a certain number of years after the minor reaches the age of majority to bring a lawsuit. This extension is granted so that the minor is not penalized for the failure of his parent to bring a lawsuit on his behalf.
True
True or False: For a variety of reasons, parents do not bring lawsuits on behalf of their injured children, including reasons of unwillingness or financial inability. For public policy considerations, the law allows children whose rights were not vindicated by their parents to bring lawsuits to vindicate their rights once they reach the age of majority. For this same reason, this extension concept applies to an injured person who is under some form of legal disability, such as being adjudged insane. Once the period of legal disability is removed, the time period of the statute of limitations begins to run.
True
True or False: If the patient's employer seeks access, the patient's authorization is required, unless a worker's compensation claim in involved. Where worker's compensation claims are involved, STATE LAW may provide the employer with a right of access to the information without the patient's authorization.
True
True or False: In certain instances,specific statutes or court decisions have extended the time period of the general statute of limitation. For EXAMPLE: The time frame in which to bring a lawsuit is generally measured from the time the injury occurred. If, however, the injury involves a foreign object left in the body following surgery, the limitations period begins to run when the injured person discovers or should have discovered the injury.
True
True or False: No matter what method of destruction is selected, the paramount concern should be one of keeping the contents of the record confidential, as required by the HIPAA Privacy Rule. Failure to maintain confidentiality can result in CIVIL fines and punishments.
True
True or False: Omnibus Final Rule has clarified that a release of information is not required 50 YEARS AFTER the patient's death because the health information ceases to be protected after this length of time.
True
True or False: One of the regulations that health care organizations must consider when developing a business record retention policy deals with the HIPAA requirement that covered entities must retain records showing HIPAA compliance for a period of six years.
True
True or False: Ownership change meets the definition of health care operations under HIPAA.
True
True or False: Some third parties may be provided access to patient-specific health information without first obtaining the patient's authorization. For EXAMPLE: Health care practitioners within the provider institution may be granted access on a need-to-know basis to perform their jobs with the patient. Similarly, surveyors with accrediting and licensing agencies may be granted access to the extent necessary to ensure compliance with standards or regulations for health information management. Additionally, a court may grant access to patient records in a lawsuit upon a finding of good cause.
True
True or False: Statutory provisions offer protections for the use of genetic information in insurance.
True
True or False: The HIPAA Privacy Rule grants rights to patients to amend their health record.
True
True or False: The HIPAA Security Rule's requirement for effective information security policies encompasses the concept of handling data destruction.
True
True or False: The covered entity may deny the request for amendment to patient-specific health information for a limited number of reasons, but in doing so must give written notice to the requestor.
True
True or False: The extent of access and the need for patient authorization is defined by the identity of the third party seeking access. For example: If the party seeking access is the patient's attorney or insurance company, the health care provider may disclose patient specific health information only with the patient's authorization.Similarly, patient authorization is generally necessary before disclosure may be made to a federal, state, or local government agency.
True
True or False: The terms of the Genetic Information Nondiscrimination Act (GINA) specifically address the application of the statute to the HIPAA Privacy Rule.
True
True or False: Under HIPAA, information containing identifiers by which an individual can be recognized is considered Protected Health Information (PHI)
True
True or False: When the patient is an emancipated minor, the parent, legal guardian or the person acting with parental rights may have access to PHI, unless, the minor could lawfully obtain health care without parental consent (e.g., health care involving female reproductive rights); the covered entity must follow state law concerning disclosures. Under State Law, a valid release from is required before the family member may legitimately gain access to the patient's health information. An exception to this rule is where the family member has been appointed the patient's attorney in fact under a durable power of attorney for healthcare. In such instance, the law generally allows the family member as attorney in fact to review the patient's health record.
True
True or False: Where health data and records are TRANSFERRED rather than destroyed due to an OWNERSHIP CHANGE, healthcare providers and organizations can be guided by the HIPAA Privacy Rule
True
True or False: While HIPAA recognizes a patient's right of access, it dos not go as far as specifying that the health care provider acts in a trust capacity for the patient.
True
True or False: In the context of substance abuse, for a release of information Form to be valid, the completed written authorization form must meet the requirements of the regulations. Similar to the components f a valid general release of information form, a release of information form in the substance abuse context must identify the patient, the program that should release the information, the program or person who should receive the information, what information is to be disclosed, and include the patient's signature and date. In addition, the consent must identify the purpose of the disclosure; include a statement indicating that the consent is subject to revocation at anytime; and include a date, event, or condition upon which the authorization will expire if not revoked before.
True
The health record plays an important role as a legal document because
it provides critical evidence in the legal process, including medical malpractice and other personal injury lawsuits, criminal case, healthcare fraud and abuse investigations and actions, and quasi-judicial proceedings such as worker's compensation determinations.
HIPAA Risk Compliance Issues and Recommendations
on page 273-274 of Legal Book
The most important purpose of the health record is
to document patient treatment and provide a means for a patient's healthcare providers to communicate among each other.