Ehr ch 9 the hippa privacy rule

Ace your homework & exams now with Quizwiz!

HIT FOR ECONOMIC AND CLINICAL HEALTH ACT (HITECH)

Federal legislation that was passed a a portion of the American Recovery and Reinvestment Act; contains changes to the HIPAA Privacy Rule

USE

HIPAA definition with respect to individually identifiable health info, the sharing, employment, application, utilization, examination, or analysis of such info within an entity that maintains such info.

PRIVACY RULE

HIPPA ACT OF 1996

DEIDENTIFIED INFORMATION

Information from which personal characteristics have been stripped and that, as a result, neither identifies nor provides a reasonable basis to believe it could identify an individual.

Fundraising activities that target individuals based on diagnosis require prior authorization

True

CENTER FOR DEMOCRACY & TECHNOLOGY

A nonprofit public interest organization that promotes privacy in communications technologies; it houses the Health Privacy Project

AMERICAN RECOVERY AND REINVESTMENT ACT (ARRA)

Federal legislation that included significant funding for HIT and provided for significant changes to the HIPAA Privacy Rule.

AUTHORIZATION

A patient's permission to disclose PHI; the form or detailed document that gives covered entities permission to use PHI for specific purposes, generally other than for treatment, payment, or HC operations, or to disclose PHI to a third party specified by the individual.

HEALTH PRIVACY PROJECT

A nonprofit organization whose mission is to raise public awareness of the importance of ensuring health privacy in order to improve healthcare access and quality.

1. Know precautions related to the use of Chlorhexidine. 2. Know what potassium is essential to. 3. Which B vitamin is associated with a toxicity when given in excessive doses? 4. Supplementing with vitamin K may be necessary for what condition? 5. What is the required treatment for inhalation of a poisoning? 6. A syringe marked with U-100 indicates what type of syringe? 7. Know what to do with taking care of a snakebite. 8. In addition to bight blindness, vitamin A deficiencies may also be observed in another condition (know the condition). 9. Know the functions of iron (Fe) in the body. 10. What precautions should be taken elated to the use of Accutane?

...

CONSENT

1. A patient's acknowledgment that they understand a proposed intervention, including that interventions's risks, benefits, and alternatives; 2. A patient's agreement that PHI can be disclosed; the document that provides a record of the patient's consent.

INSTITUTIONAL REVIEW BOARD (IRB)

A committee of at least five members with varying backgrounds that determines the acceptability of proposed human subjects research in accordance with institutional policies, applicable law, and standards of professional practice and conduct.

FACILITY DIRECTOR

A directory of patients being treated in a HC facility.

PRIVACY BOARD

A group formed by HIPAA-covered entity to review research studies in which authorization waivers are requested and to ensure the HIPAA privacy rights of research subjects

DESIGNATED RECORED SET (DRS)

A group of records maintained by or for a covered entity encompassing medical records and billing records about individuals and enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan used, in whole or in part, by or for the covered entity to make decisions about individuals

FREEDOM OF INFORMATION ACT OF 1967 (FOIA)

A law covering the right of disclosure to and access by the public regarding federal agency records.

CLINICAL LABORATORY IMPROVEMENT ACT (CLIA)

A law that provides that clinical laboratories are to disclose test results or reports only to "authorized persons" - unless state law defines them otherwise, defined by the law as the person who orders the test.

PRIVACY ACT OF 1974

A law that requires federal agencies to safeguard personally identifiable records and provides individuals with certain privacy rights

PREEMPTION

A legal doctrine that requires a covered entity to comply with federal law when federal and state law conflict (that is, federal law preempts contrary state law).

ACCOUNTING OF DISCLOSURES

A list of all disclosures made of a patient's HI; Section 164.528 of the Privacy Rule states that an individual has the right to receive an accounting of certain disclosures made by a covered entity within the six years prior to the date on which the accounting was requested.

BUSINESS ASSOCIATE (BA)

A person or organization other than a member of a covered entity's workforce that performs functions or activities on behalf of or affecting a covered entity that involve the use or disclosure of individually identifiable HI

PERSONAL REPRESENTATIVE

A person with legal authority to act on behalf of another individual and is treated the same as the individual regarding the use and disclosure of the individual's PHI

PRIVACY OFFICER

A position mandated under the HIPAA Privacy Rule - covered entities must designate an individual to be responsible for developing and implementing privacy policies and procedures.

ENFORCEMENT RULE

A rule that created standardized procedures and substantive requirements for investigating complaints and imposing civil monetary penalties for HIPAA violations, as well as a uniform compliance and enforcement mechanism that addresses all of the Administrative Simplification regs, including privacy, security, and transactions and code sets.

NOTICE OF PRIVACY PRACTICES (NPP)

A statement (mandated by the HIPAA Privacy Rule) issued by a healthcare organization that informs individuals of the uses and disclosures of patient-identifiable health info that may be made by the organization, as well as the individual's rights and the organization's legal duties with respect to that info

BELMONT REPORT

A statement of ethical principles to prevent the un ethical use of human subjects in research, sponsered by the Dept. of HHS

PROTECTED HEALTH INFORMATION (PHI)

A term defined in the HIPAA Pivacy Rule as "individually identifiable health info that is transmitted by electronic media, maintained in electronic medium, or transmitted or maintained in any other form or medium."

BUSINESS ASSOCIATE AGREEMENT (BAA)

A written and signed contract that allows covered entities to lawfully disclose PHI to business associates such as consultants, billing companies, accounting firms, or others that perform services for the provider, provided that the business associate agrees to abide by the provider's requirements to protect the information's security and confidentiality.

INDIVIDUAL

According to the HIPAA Privacy Rule, a person who is the subject of PHI

BREACH OF NOTIFICATION

An ARRA requirement that mandates the notification of individuals following the unauthorized use or disclosure of their PHI, as the information's security or privacy may be compromised.

NATIONAL RESEARCH ACT OF 1974

An act that required the Dept. of Health, Education, and Welfare (now the Dept. of HHS) to codify its policy for the protection human subjects into federal regs and created a commission that generated the Belmont Report.

ORGANIZED HEALTHCARE ARRANGEMENT (OHCA)

An agreement characterized by two or more covered entities that share PHI to manage and benefit their common enterprise and are recognized by the public as a single entity (HHS 2003)

STAND-ALONE AUTHORIZATION

An authorization for the use or disclosure of one's protected health info that is separate from an informed consent for treatment or participation in a research study.

COMPOUND AUTHORIZATION

An authorization that combines informed consent with an authorization for the use and/or disclosure of PHI

HYBRID ENTITY

An entity that performs both covered and non-covered functions under the Privacy Rule; for example, a university that educates students and maintains student educational records is not covered by the Privacy Rule. However the same university that operates a medical enter is covered by the Privacy Rule, as it meets the definition of "healthcare provider."

CONFIDENTIAL COMMUNICATIONS

As defined by HIPAA, a request that PHI be routed to a alternative location or by an alternative method; must be honored by health plans under HIPAA.

UNCONDITIONED AUTHORIZATION

Authorization is not required in order to receive treatment or some other service or benefit.

PSYCHOTHERAPY NOTES

Behavioral notes recorded by a mental health professional that document the content and impressions of conversations that are part of private counseling sessions; they are not part of the health record and do not contain info such as diagnosis, prescriptions, treatment modalities and test results

TREATMENT, PAYMENT AND HEALTHCARE OPERATIONS (TPO)

Collectively, these three actions are functions of a covered entity that are necessary for the covered entity to successfully conduct business; thus, many of the Privacy Rule's requirements are relaxed or removed where PHI is needed for purposes of treatment, payment, or healthcare operations.

REDISCLOSURE

Disclosure by a healthcare organization of info that was created by and received from another entity.

A BA is anyone who might have access to a CE's PHI

False

A CE needs only consider its employees when evaluating HIPAA compliance within the organization

False

A hospital employee's pre-employment physical examination is in his personnel file in Human Resources; this report is PHI

False

All the activities that meet the HIPAA definition of marketing must receive prior written authorization from the individual

False

An individual has the right of access to her psychotherapy notes

False

Complaints about alleged Privacy Rule violations must be submitted to the covered entity

False

De-identified info receives Privacy Rule protection

False

Enforcement of the Privacy Rule will continue to operate exclusively on a complaint-based system

False

In order to simplify processes, individuals may be required to waive their rights under the Privacy Rule to obtain treatment or benefits eligibility

False

The FOIA was enacted to address the privacy of health info

False

The HIPPA consent explains an individual's rights and theCE's legal duties with respect to PHI

False

The minimum necessary principle applies to disclosures made for TPO purposes

False

The threshold for required media notification in the event of a privacy breach is 300 affected individuals

False

Under no circumstances should health records from other facilities be made part of a organizations DRS

False

AFFILIATED COVERED ENTITIES

Legally separate covered entities, affiliated by common ownership or control; for purposes of the Privacy Rule, these legally separate entities may refer to themselves as a single covered entity.

FUNDRAISING

Money-generating activities that benefit a HIPAA-covered entity and are subject to the HIPAA Privacy Rule.

ACCESS

One of the rights protected by the Privacy Rule, the right of access allows an individual to inspect and obtain a copy of their own PHI that is contained in a designated record set; also an information security term that refers to the ability to enter an electronic system and make use of the data within it.

LIMITED DATA SET

PHI that excludes direct identifiers of the individual and the individual's relatives, employers, or household members but still does not de-identify the info.

COVERED ENTITIES (CE)

Persons or organizations that must comply with the HIPAA Privacy and Security Rules; include HC providers, health plans, and HC clearinghouses.

ACCESS REPORT

Proposed by the Dept. of HHS in May 31, 2011, Notice of Proposed Rulemaking, it would allow individuals (upon request) to receive a listing from covered entities with EHRs of every person who viewed the individual's designated record set during the previous three years.

MITIGATION

Required by the Privacy Rule, the lessening as much as possible of harmful effects that result from the wrongful use and disclosure of PHI; possible courses of action may include an apology, disciplinary action against the responsible employee(s), repair of the process that resulted in the breach, payment of a bill or financial loss that resulted from the infraction, or gestures of goodwill and good public relations that may assuage the individual.

CONDITIONED AUTHORIZATION

Requires authorization in order to receive treatment or some other service or benefit.

RETALIATION AND WAIVER

Rights protected under the Privacy Rule. To ensure the integrity of individual's rights to complain about alleged Privacy Rule violations, covered entities are expressly prohibited from retaliating against anyone who exercises their under the Privacy Rule, assists in an investigation by the Dept. of HHS or other appropriate investigative authority, or opposes as act or practice that they believe is a violation of the Privacy Rule; individuals cannot be required to waived the rights that they hold under the Privacy Rule in order to obtain treatment, payment, or eligibility for enrollment or benefits.

DISCLOSURE

The act of making info known; the release of confidential HI about an identifiable person to another person or entity; release, transfer, provision of access to, or divulging in any other manner of info outside he entity holding the info.

ADMINISTRATIVE SIMPLIFICATION

The original intent of HIPAA - the streamlining and standardiation of the HC industry's non-uniform and seemingly inefficient business practices, such as billing and creating standards for the electronic transmission of data.

AMENDMENT REQUEST

The right of individuals to ask that a covered entity amend their HRs as provided in Section 164.526 of the Privacy Rule.

CONDITIONS OF PARTICIPATION

The standards that govern providers receiving Medicare and Medicaid reimbursements.

A conditioned authorization may be allowed by ARRA in certain situations

True

A university with a medical center is a hybrid entity under the Privacy Rule

True

Although an individual must verbally agree to be included in a facility directory, written authorization is not required

True

Breach notification is one type of mitigation under the Privacy Rule

True

By definition, a DRS includes billing records.

True

Drug an alcohol abuse treatment records have received protection under federal law

True

In part, info must be individually identifiable to meet the definition of PHI

True

Incidental disclosures do not require an individual's written authorization

True

One of the 12 public interest and benefit exceptions to the authorization requirements is disclosure to organ procurement agencies.

True

Per HITECH, an accounting of disclosures will be required in the future for TPO disclosures made by covered entities with EHRs

True

Per the HIPAA Privacy Rule, patient authorization is required for the use or disclosure of PHI unless it meets an exception whereby authorization is not required.

True

Some of the Privacy Rule's requirements are relaxed or removed where PHI is needed for purposes of TPO

True

The Conditions of Participation regulate only providers who receive funds from Medicare and Medicaid programs

True

The HITECH Act has strengthened BA requirements regarding compliance with the Privacy Rule

True

The HITECH Act of ARRA of 2009 made significant changes to the HIPAA Privacy Rule

True

The Privacy Rule resides in the adminstration simplification provision of Title II of HIPAA

True

The breach notification requirement is new under HITECH

True

The privacy Rule provides a floor, or minimum, of privacy requirements

True

Under HITECH, state attorneys general may bring civil actions in federal district court on behalf of residents believed to have been negatively affected by a HIPAA violation

True

Under thePrivacy Rule, a personal rep must be treated the same as the individual regarding the use and disclosure of the individual's PHI

True

WORKFORCE

Under the HIPAA Privacy Rule, employees, volunteers, trainees, and other persons, whether paid or not, who work for and are under the direct control of the covered entity.

REQUEST RESTRICTIONS

Under the Privacy Rule, the right of an individual to request that a covered entity limit the uses and disclosures of PHI to carry out treatment, payment, or healthcare operations

REQUESTS

Ways in which access, use, and disclosure of patient info are made, which may include mail, telephone, physical presence of the requester, fax or email


Related study sets

maternity chapter 26, 27, 28 & 29

View Set

Chapter 20: Nursing Management of the Pregnancy at Risk: Selected Health Conditions and Vulnerable Populations

View Set

Ancient Greece: The Persian Empire

View Set

Basic Medical Terms To Describe Disease Conditions

View Set

Real Estate Principals Practice Exam

View Set

Chapter 4 The Art of Communication

View Set