MOD 3 WEEK 4 Compliance in Healthcare Environments

Ace your homework & exams now with Quizwiz!

False

Cyber hackers mainly target larger organizations. (T/F)?

False

Cybersecurity is only needed to access an EHR through the internet from a cloud server and not locally from the office? (T/F)?

Business Associate

Data analysis is an example of this kind of entity.

No more than 60 days

How long after the discovery of a breach must a notification be made?

6 years after creation or last effective date (whichever is later)

How long must a covered entity maintain written security policies and procedures and written records of required actions, activities, or assessments?

Ø Require the business associate safeguard the PHI Ø Detail the disclosure of the PHI that the associate can make

If a covered entity enlists the help of a business associate then a written contract or other arrangements must contain what 2 things?

Yes

If a patient can't access their PHI, this is a violation of HIPAA security?

True

If an entity does not meet the definition of covered entity or business associate, it does not have to comply with HIPAA. (T/F)?

True

If information is encrypted, there is a low probability that anyone other than the receiving party who has the key to the code or access to another confidential process would be able to decrypt (translate) the text and convert it into plain, comprehensible text. (T/F)?

Business Associate

Legal services are example of this kind of entity.

Ø Health Plans Ø Those health care providers who conduct certain electronic transactions Ø Healthcare clearing houses Ø Business Associates

List 4 entities that must comply with HIPAA

Administrative, Physical, Organizational, Policy and Procedures

List 4 safeguards/requirements for HIPAA security.

Ø ePHI encryption Ø Auditing functions Ø Backup and recovery routines Ø Unique user IDs and strong passwords Ø Role- or user-based access controls Ø Auto time-out Ø Emergency access Ø Amendments and accounting of disclosures

List some features of security software that would benefit the medical practice?

Business Associate

Management administration is an example of this kind of entity.

True

Most EHRs and related equipment have security features built in or provided as part of a service, but they are not always configured or enabled properly. (T/F)?

False

Most of the activities of the HER can be conducted offline. (T/F)?

Health and Human Services

Notifications of smaller breaches of less than 500 individuals must be submitted to who annually?

False, they can recognize dangerous drug interactions

One downfall of the EMR is that they can't recognize dangerous drug interactions. (T/F)?

Physical Safeguards

Physical measures, policies, and procedures to protect electronic information systems and related buildings and equipment from natural and environmental hazards and unauthorized intrusion describes what?

Covered Entity

A chiropractor is an example of this kind of entity

Business Associate

A person or organization, other than an employee of a covered entity, that performs certain functions on behalf of, or provides certain services to, a covered entity that involves access to PHI.

Health care clearing house

A public or private entity that processes another entity's health care transactions from a standard format to a non-standard format, or vice versa describes what?

Business Associate

Accreditation is an example of this kind of entity.

Administrative Safeguards

Actions, policies, and procedures to prevent, detect, contain, and correct security violations describes what?

Health Plan

Any individual or group plan that provides or pays the cost of health care describes what?

Covered Entity

Any provider of medical or other health care services or supplies who transmits any health information in electronic form in connection with a transaction for which HHS has adopted a standard describes what?

Business Associate

Billing is an example of this kind of entity.

Business Associate

Claims processing is an example of this kind of entity.

True

Does cybersecurity protect information stored in any digital memory device?

Yes

Does cybersecurity protect your information or any form of digital asset stored in your computer?

True

EMRs are beneficial to doctors because they allow for data to be tracked over time. (T/F)?

True

EMRs are beneficial to doctors because they allow for identification of patients who are due for preventative visits and screenings. (T/F)?

True

EMRs can help monitor how patients measure up to certain limitations of vaccinations and blood pressure readings. (T/F)?

True

EMRs can reduce the potential for potentially risky tests and procedures. (T/F)?

True

EMRs can verify medications and doses. (T/F)?

Business Associate

Financial Services is an example of this kind of entity.

False

Financial incentives are not currently available to help providers transition into EMRs. (T/F)?

Risk analysis or risk management

In maintaining the security of patients ePHI, this process guides you through a systematic examination of many aspects of your health care practice to identify potential security weaknesses and flaws.

Protected Health Information

Individually identifiable health information that is transmitted or maintained by electronic or other media, such as computer storage devices is known as __________?

Policies and procedures

Require a CE to adopt reasonable and appropriate policies and procedures to comply with the provisions of the Security Rule describes what?

True

The HIPAA Privacy Rule established standards of protection of PHI held by business associates (T/F)?

False

The HIPAA security rule dictates security measures. (T/F)?

True

Your practice is responsible for taking the steps needed to protect the confidentiality, integrity, and availability of ePHI maintained in your EHR. (T/F)?

False

The guardian of the ePHI isn't responsible for making sure the basic features are functioning and updated. (T/F)?

Organizational Standards

The requirement of a CE to have contracts or other arrangements with BAs that will have access to the CE's ePHI describes what?

True

The security rule does not apply to patients sending information to their physician. (T/F)?

g

The security rule mandates that: a. a security officer must be assigned the responsibility for the medical facility's security b. All staff, including management, receives security awareness training c. Medical facilities must implement audit controls to record and examine staff who have logged into information that contain PHI d. Organizations limit physical access to medical facilities that contain electronic PHI e. Organizations must conduct risk analyses to determine information security risks and vulnerabilities f. Organizations must establish policies and procedures that allow access to electronic PHI on a need-to-know basis g. All of the above

AHIMA

This Association strives to improve health information management through support of people, research, and resources. Improve health record quality and works towards advancing the implementation of electronic health record by leading key industry initiatives, and advocating high and consistent standards.

Encrypting

This is a method of converting an original message of regular text into encoded text.

HIMSS

This is a non-profit organization focused on better health through information technology. Works to improve the quality, cost, effectiveness, access, and value of healthcare through IT.

Breach Notification Rule

This rule also requires that business associates of covered entities notify the covered entity of breaches at or by the business associate.

HIPAA Security Rule

This rule established in 2003, regulates the administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of health information covered by HIPAA.

Breach Notification Rule

This rule requires covered entities to notify affected individuals, U.S. Department of Health and Human Services, and in some cases the media, of a breach of unsecured PHI?

HIPAA Privacy Rule

This rule, as applicable in HIPAA title II, is designed to provide strong privacy protections that do not interfere with patient access to health care or the quality of health-care delivery. Sets national standards for when PHI may be used and disclosed.

Risk Analysis

To uphold patient trust as your practice continues to adopt and use an EHR or other electronic technology for collection and use of ePHI, and to comply with HIPAA Security Rule and Meaningful Use requirements, your practice must conduct

False

Unfortunately, properly configured and certified EHRs can't provide more protection to ePHI than paper files provided. (T/F)?

Cybersecurity

Ways to prevent, detect, and respond to attacks against or unauthorized access against a computer system and its information describes what?

American Health Information and Management Association

What does AHIMA stand for?

Health Information and Management Systems Society

What does HIMSS stand for?

Key code or access to another confidential process

What must the receiver of an encrypted message/information have in order to decrypt it?

Immediately

When does the HIPAA security or privacy rule take affect on PHI delivered to a health care facility?

a

Which of the following describes Physical Standards of the HIPAA security rule? a) Technology and the policies and procedures for its use that protect ePHI and control access to it. b) A CE must periodically review and update its documentation in response to environmental or organizational changes that affect the security of ePHI. c) Selection, development, implementation, and maintenance of security measures to protect ePHI and to manage the conduct of workforce members in relation to the protection of that information d) Provides the specific criteria required for written contracts or other arrangements

b

Which of the following describes Policies and Procedures standards of the HIPAA security rule? a. Physical safeguards: technology and the policies and procedures for its use that protect ePHI and control access to it. b. A CE must periodically review and update its documentation in response to environmental or organizational changes that affect the security of ePHI. c. Administration safeguards: selection, development, implementation, and maintenance of security measures to protect ePHI and to manage the conduct of workforce members in relation to the protection of that information d. Provides the specific criteria required for written contracts or other arrangements

e

Which of the following is an example of a healthcare clearing house? a. Dentist b. Repricing companies c. Community Health Management Information Systems d. HMO e. b&c

c

Which of the following is not considered identifiable health information: a. account numbers b. web URLs c. hair color d. email address e. Internet Protocol (IP) address number f. payments

e

Which of the following is true regarding the HIPAA privacy rule except: a. gives patients more control over their health information b. establish safeguards used to protect the privacy of health information c. hold violators accountable if they violate patient's privacy rights d. disclosure of some forms of data e. All are true

c

Which of the following refers to Administrative Safeguards of the HIPAA security rule? a. Technology and the policies and procedures for its use that protect ePHI and control access to it. b. A CE must periodically review and update its documentation in response to environmental or organizational changes that affect the security of ePHI. c. Selection, development, implementation, and maintenance of security measures to protect ePHI and to manage the conduct of workforce members in relation to the protection of that information d. Provides the specific criteria required for written contracts or other arrangements

d

Which of the following refers to Organization Standards of the HIPAA security rule? a) Technology and the policies and procedures for its use that protect ePHI and control access to it. b) A CE must periodically review and update its documentation in response to environmental or organizational changes that affect the security of ePHI. c) Selection, development, implementation, and maintenance of security measures to protect ePHI and to manage the conduct of workforce members in relation to the protection of that information d) Provides the specific criteria required for written contracts or other arrangements

HHS Office for Civil Rights

Who enforces the HIPAA security, privacy, and breach notification rules

Business Associate Covered Entity

With reference to the HIPAA security rule, what do these two acronyms stand for. (BA) and (CE)?

Office of the National Coordinator for Health Information Technology (ONC)

is at the forefront of the administration's health IT efforts and is a resource to the entire health system to support the adoption of health information technology and the promotion of nationwide health information exchange to improve health care.


Related study sets

ZOO4480: Topic 6: Modes of Feeding

View Set