025

Question 1

What are some examples of when a patient authorization is required?

Answer 1

Any of the following: patient requests a copy, patient is going downtown for care, medical records of minors, adopted infants, and release to insurance agencies, and other external recipients.

Question 2

What should you be cautious of when disclosing the records of minors to their legal guardians?

Answer 2

Pay special attention to sensitive issues (birth control, abortion, STD treatment) and consult MLC and/or SJA before releasing the information.

Question 3

What should you do when releasing adopted infant’s medical records?

Answer 3

Remove all reference to the child’s natural parents.

Question 4

When you answer a request for information on injury cases that appear to involve medical affirmative claims actions, where should you send a copy of the paperwork?

Answer 4

To the Staff Judge Advocate.

Question 5

Disclosure with PHI should be released in accordance with what rule?

Answer 5

The minimum necessary rule.

Question 6

Who has commander designee, by virtue of their position, and does not require an appointment letter?

Answer 6

The deputy/vice commander and first sergeant.

Question 7

What agency, such as the Office of Special Investigations, is authorized to use a blanket request? Explain.

Answer 7

Blanket requests are not permitted by any person or agency. Requests must be specific and limited in scope. It should only request information that could reasonably accomplish the mission.

Question 8

What are examples of mandatory reporting that medical providers are required to adhere to?

Answer 8

Domestic abuse, and in some states, sexual assault.

Question 8

How does a patient request to restrict access to their medical information?

Answer 8

Complete a DD Form 2871, Request to Restrict Medical and Dental Information.

Question 9

What information is required if a patient wants their medical information released?

Answer 9

Patient signature and date, description of the information to be released, be written in plain language, name/organization authorized to make the request, purpose of the request, name/organization where the information is going, an expiration date for the authorization, an individual’s right to revoke the authorization in writing, and name/organization authorized to release the information.

Question 10

When should you NOT release information?

Answer 10

It’s known to be revoked, is an incomplete request, if the information provided is false, expired, is a compound authorization, and a conditional authorization.

Question 11

How far back can patients request an accounting for every disclosure?

Answer 11

For the previous six years.

Question 12

What are five of the disclosure categories?

Answer 12

Any five of the following: Information about decedents, as required by law, health oversight activities, judicial and administrative proceedings, medical facility patient directories, research purposes, victims of abuse, workman’s compensation, to avert serious threats to health or safety, cadaver organ, eye, or tissue donation purposes, inmates in correctional institutions or in custody, law enforcement purposes, public health activities, specialized government functions, or neglect or domestic violence.

Question 13

Whose social security numbers needs to be removed from copies of medical records?

Answer 13

Remove all providers’ and sponsors’ SSNs.

Question 14

Where should all correspondence (request) be placed once the request has been filled?

Answer 14

In Section III of the health record.

Question 15

When should a routine request for copies of medical records be filled?

Answer 15

Within 20 days of receiving the request.

Question 16

What should you do if you receive a request for copies from an insurance company, but prepayment was not sent?

Answer 16

Use a locally developed form to identify the fees. Prepare the form in three copies; send the original to the requester, file the second copy in part three of the health record with the patient’s signed authorization for release of information, and forward the third copy to the Resource Management Office.

Question 17

When should you fax medical documentation?

Answer 17

Only when the original record or mail-delivered copies will not meet requirements for immediate patient care.

Question 18

What statement should be on the front cover when faxing medical information?

Answer 18

THIS FAX IS INTENDED ONLY FOR THE USE OF THE PERSON OR OFFICE TO WHOM IT IS ADDRESSED, AND CONTAINS PRIVILEGED, SENSITIVE OR CONFIDENTIAL INFORMATION PROTECTED BY LAW. ALL RECIPIENTS ARE HEREBY NOTIFIED THAT INADVERTENT OR UNAUTHORIZED RECEIPT DOES NOT WAIVE SUCH PRIVILEGE, AND THAT UNAUTHORIZED DISSEMINATION, DISTRIBUTION, OR COPYING OF THIS COMMUNICATION IS PROHIBITED. IF YOU HAVE RECEIVED THIS FAX IN ERROR, PLEASE DESTROY THE ATTACHED DOCUMENT(S) AND NOTIFY THE SENDER OF THE ERROR BY CALLING…”

Question 19

When should you use regular ‘Snail Mail”?

Answer 19

Utilize regular mail or messenger service for routine disclosure of information to insurance companies, attorneys, or other legitimate users.

Question 20

When is e-mailing PHI permissible?

Answer 20

Within the ‘.mil’ domain.

Question 21

What statement should be at the beginning of an e-mail when sending medical information?

Answer 21

‘FOR OFFICIAL USE ONLY. This electronic transmission contains For Official Use Only (FOUO) information which must be protected by the Privacy Act and AFI 33–332 and the Health Insurance Portability and Accountability Act and DOD 6025.18-R. The information may be exempt from mandatory disclosure under the Freedom of Information Act, 5 U.S.C. § 552. If you have received this message in error, please notify the sender by replying to this e-mail and delete all copies of this message.’

Question 22

What does it mean to sequester medical records?

Answer 22

To store and secure a health record separate from other health records for added security or for legal purposes.

Question 23

What steps should you take when sequestering medical records?

Answer 23

Place a cover sheet on the original medical record stating the record has been sequestered. Maintain a separate file on why the record has been sequestered, and the date (or occurrence of an event) when the record should be reviewed to determine the need for continued sequestering. Place a charge out in appropriate records room with a statement that the record has been sequestered. If a “Clinic Copy” is made, ensure that original documentation is forwarded to the sequestered file and a copy is placed in the “Clinic Copy.”

Question 24

What information may be released without the patients’ consent?

Answer 24

Unit assignment for personnel not assigned to routinely deployable or sensitive units and office the member is assigned to.

Question 25

What information may be release with the patients’ consent?

Answer 25

Name and rank, component occupation or job title, and present medical assessment of condition (stating condition stable, good, fair, serious, or critical).

Question 26

What is a breach?

Answer 26

An acquisition, access, use, or disclosure of PII/PHI in a manner not permitted.

Question 27

If you become aware of an actual or possible breach, whom should you report the circumstances of the event to?

Answer 27

The organization’s Breach Response Coordinator

Question 28

What are the two areas your MTF has addressed to protect integrity, confidentiality and availability of PII and PHI?

Answer 28

Physical and electronic security.

Question 29

What two forms can you use to cover personnel information in printed/paper form?

Answer 29

AF Form 3227, Privacy Act Cover Sheet or DD Form 2923, Privacy Act Data Cover Sheet.

Question 30

What is the most commonly used method for controlling electronic access?

Answer 30

The common access card.