HIPAA Quiz

Ace your homework & exams now with Quizwiz!

more sensitive info

mental health situations, addiction and substance abuse, HIV/AIDS status, pregnancy, and genetic information

legal guardian

need court documents, make a copy and put in patient's file, appropriate and necessary?

de-identified information

not protected and include state in which patient resides, partial zip code if large region, year of birth, year of death cautious not to link to person

Security in HIPAA

safeguards that covered entities and business associates must implement to protect confidentiality, integrity, and availability of electronic PHI

Three rules of HIPAA

Privacy Security Breach Notification

Can you borrow your preceptor's password for the EMAR for the day?

NO, don't give it out, and don't write it down where others can find

One of your close friends and classmates was on rotation during their APPEs at the same pharmacy you are currently finishing your rotation. He became close to a patient who was diagnosed with cancer. He asks you how the patient is doing when you are together during class. Is it okay to tell him?

No

What was HIPAA designed to do?

Set national privacy standards for when a patient's protected health information can be used and disclosed, Allow for easier access by patients to receive care seamlessly among various providers while having protections, and Set standards and requirements for the security of electronic transmission of health information

patient's birth year

de-identified PHI

HIPAA-covered entity

healthcare provider, health plan, health insurer, healthcare clearinghouse, business associate of covered entity. all in relation to the provision of healthcare or payment for healthcare services

can notify family/friends involved in patient's care

patient's general condition, location, ready for discharge, death

Violations of HIPAA are Grounds for Discipline

professionally incompetent, may create danger to patient's life, health, safety., biolate federal/state laws

PHI can be released without patient authorization for

public health situations, sale, transfer, or merger of a covered entity or business associate, contracted business associate, patient based on request, when required by law, legal subpoena/court order, comply with worker's compensation, avoid serious threats to safety, DEA or Board inspectors

Disclosures

release PHI to someone (attorney, patient, faxing)

marketing

requires authorization by patient

PHI examples

Health records, health histories, lab test results, medical bills, medication profiles, and medication labeling, names, dates except year, telephone numbers, geographic data, fax numbers, SSN, email addresses, medical record numbers, account numbers, genetic information, health plan beneficiary, certificate/license numbers, vehicle identifiers, Web URLs, device identifiers + serial numbers

power of attorney?

depends, Designated Agent rights to access care, treatment and payment information are not effective until the patient is declared incapacitated by two physicians or one physician and one therapist declaration of incapacity form submitted prior to honoring a request

patient authorizations should contain

description of the information to be used/disclosed, name of the individuals or entities who are giving and receiving the info, purpose of the disclosure, an expiration date for use, and needs to be a separate, individually signed document

Organization must

designate a privacy officer develop sanctions for non-compliance notice of privacy practices, train those in direct contact with PHI

PHI can refer to all of the following

electronic, paper, verbal individual's past, present, and future physical or mental health or condition, provision of health care to the individual the past, present, or future payment for the provision of health care to the individual

psychotherapy notes

extremely sensitive, not required or useful for treatment/payment. patient authorization for need for disclosing for any reason meds, med treatment plans, diagnosis, symptoms, progress

business associates liable as a covered entity

fail to disclose PHI to US Department of HHS, comply with requests, establish agreements, report a breach, comply with minimum necessary requirements, provide accounting of disclosures

NOT considered marketing

refill reminders, product coverage and formulary placement, product substitutions, treatment recommendations that are patient specific, drug utilization review, general health info like how to care for diabetes, lower blood pressure and other disease state managements

Breach Notification

requires covered entities to notify affected individuals, Department of Health and Human Services, and the media of unsecured PHI breach

Uses

review or use PHI internally

Privacy in HIPAA

sets national standards for when PHI may be used/disclosed

can you look yourself up at a hospital/office if you're the patient?

CEI says this is NOT a HIPAA violation. Rotation manual says it is.

Which is true with regard to electronic message of patient information?

CMS allows texting of patient information on a secured platform but not for patient orders

Why is Privacy Important?

Code of ethics, gift of trust, maintain that trust, serve the patient in a private and confidential manner

The Health Insurance Portability and Accountability Act of 1996 was designed to do all of the following EXCEPT:

Create a framework for protecting genetic information so it is not used to discriminate in determining treatment

student takes paper copies and puts them in their car, someone breaks in and steals

Don't take PHI home with you, if granted access, may be able to get remote access to EMAR, deidentify patient if need to take home for case presentation

Why is Privacy Important?

Ethics, Hippocratic Oath, and Oath of a Pharmacist- protect all information entrusted, hold to the highest principles of moral, ethical, and legal conduct

Which of the following are examples of Protected Health Information (PHI)?

Patient's Name Patient's Date of Birth Patient's Medication List (all of the above)

True or false: The "minimum necessary" requirement of HIPAA refers to using or disclosing/releasing only the minimum PHI necessary to accomplish the purpose of use, disclosure or request.

True

PHI

any identifiable health information that is used, maintained, stored, or transmitted by a HIPAA-covered entity

Who does NOT have to provide a privacy notice, follow admin requirements, or patients' access rights?

business associates

Can you share about a psych patient that shot a family?

students can discuss patient cases but should deidentify the patients unless taking care of them on same rotation. DONT dicsuss RARE cases like psychotherapy notes, HIV status, or substance abuse


Related study sets

WGU Wiley Quizzes Intermediate Accounting I

View Set

Ch. 4 The Greek World Expands, 400-150 b.c.e

View Set

CHAPTER 26 ; VITAL SIGNS PREP U

View Set

Personal Finance chapters 6,7, and 8

View Set