1602 Limiting Access, Disclosure and Use of PHI Flashcards
Associated with this document is the following forms:
- PHI Fax Cover Sheet with disclaimer
2. Record Request Log (electronic form: \fstfd\fire- adm\admin\docs\hipaa\disclosure-breach docs)
The _______________ or his/her designee shall be responsible for: 1. Establishing and enforcing policies and procedures to ensure all TFD personnel with access to patient information limit unauthorized access, disclosure and use of PHI
- Establishing procedures to ensure PHI is appropriately de-identified for any training and/or quality assurance use
- Maintaining this document
TFD Privacy Officer
Who maintains 1602?
TFD Privacy Officer
What does (PHI) stand for?
protected health information (PHI)
___________________ shall be responsible for appropriately and adequately de-identifying and maintaining the security of PHI for use in conjunction with training and/or quality assurance activities in accordance with the guidelines set forth in this document.
TFD Peer Review Chairs and Training Staff
_____________________ shall be responsible for ensuring:
- All PHI within each station or facility is kept secure at all times 2. All PHI is properly routed to TFD Headquarters in a timely manner in accordance with the guidelines set forth in this document
- A locked PHI deposit box is available for the secure, temporary storage of completed EMIRs and other PHI in accordance with the guidelines set forth in this document
- A cross-cut shredder is maintained in each station and facility for the timely destruction of documents containing PHI in accordance with the guidelines set forth in this document
- The current month’s controlled substance log is maintained in a secure manner and kept out of sight of those not authorized to view it
Company Captains, Paramedic Supervisors and Facility Managers
The _______________ shall be responsible for ensuring the security of PHI associated with TFD personnel records in accordance with the guidelines set forth in this document.
Administrative Assistant for EMS
The ___________________ shall be responsible for:
- Ensuring the security of the EMIRs and billing related PHI contained within the file cabinets at TFD Headquarters in accordance with the guidelines set forth in this document
- PHI requested by TFD field personnel is secured electronically prior to being released in accordance with the guidelines set forth in this document
Account Technician for EMS billing or his/her designee
The __________ shall be responsible for ensuring the secure transport of PHI from TFD stations and facilities to TFD Headquarters in accordance with the guidelines set forth in this document.
TFD Messenger
What is DRS.
Designated Record Set.
What does HIPAA stand for?
Health Insurance Portability and Accountability Act.
A secondary use or disclosure that cannot reasonably be prevented, is limited in nature and occurs as a result of or in connection with another permitted use or disclosure even though reasonable safeguards were in place and the “minimum necessary” standard was applied.
Incidental Use or Disclosure
_______________includes any health-related information that is: • Individually identifiable or demographic in nature OR • Regarding past, present or future physical or mental health OR • Regarding provision of or payment for care to an individual OR • Created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health clearinghouse OR • Maintained or transmitted in any form or medium
PHI. Protected Health Information
_________________ is either electronically stored and encrypted or when maintained in hard copy is kept in a: • Locked file cabinet that is not easily moveable and has limited access to the associated keys AND • Locked or monitored room AND • Locked or monitored building
Secure PHI
Access to a patient’s entire file will not be allowed except:
a. When provided for in this and other policies and procedures; or b. When the justification for use of the entire medical record is specifically identified and documented; or
c. When authorized by the Privacy Officer