2.2 HIPPA: Privacy and Confidentiality: Professional and Legal Responsibilities Flashcards
Includes any information that identifies or could reasonably identify an individual, his or her health/condition, treatment, or provision/payment for healthcare…
PHI (personal health information)
What is defined as all individually identifiable health information created, transmitted, received, or maintained by a covered health entity?
Protected health information (PHI)
What is included in identifying information?
-name
-address
-city
-zip code
-names of relatives
-names of employer
-birth date
-telephone number
-fax and email address
-social security number
-medical record number
-health plan beneficiary number
-account number
-certificate/license number
-any vehicle or other device serial number
-Web URL, Internet protocol address
-finger or voice print
photographic images, and any other unique identifying number, characteristic, or code
What is PHI included on?
- encounter forms
- claims
- appointment schedule
- reports
- dietary cards
- requisitions
- prior authorizations
- test results
- logs
- pharmacy labels
- electronic data
Name examples of PHI in the workplace.
- Communication: switchboard, hallway conversations, dictation, shift reports, telephone conversations, and meeting discussions
- Materials: medical records, meeting minutes, white boards, clinical reports, wristbands, encounter forms, medication vials, downtime logs, printers, paper files, and notes.
- Data: claims, computer screens, EKG strips, films, email, faxes. and electronic files
When dealing with personal information, there does not have to be some middle ground between strict non-disclosure and full disclosure. True or False
False
When dealing with personal information, there has to be some middle ground between strict non-disclosure and full disclosure.
Some public and private health information must be shared to properly treat populations and individuals. True or False
True
With so much information now digitized, and therefore easily transmitted, must there be there be some protection of health information that must remain confidential to the individual?
Yes some information must remain confidential to the individual.
Health information has one level of confidentiality. True or False
False… Health information has different levels of confidentiality.
Information on HIV status or psychiatric diagnosis may have a higher level of confidentiality than something less revealing, such as a zip code. What is this an example of?
This is an example of the different levels of health information confidentiality.
Some local and state laws may have higher documentation and disclosure requirement over special health information. True or False
True
What is the synonym for Health Insurance Portability and Accountability Act
HIPPA
When was HIPPA drafted?
HIPPA was drafted in 1996.
What was HIPPA originally drafted for?
HIPPA was originally drafted to protect health insurance coverage for workers and families when they changed or lost their jobs
PHI stands for Personal Health Information T/F
False PHI stands for Protected Health Information
PHI is included on most healthcare forms, reports, and screens. T/F
True PHI is included on encounter forms, claims, appointment schedules, reports, dietary card, requisitions, prior authorizations, test results, logs, pharmacy labels, electronic data.
All health information has the same level of confidentially T/F
False Health Information has different levels of confidentiality. For example, information on HIV status or psychiatric diagnosis may have a higher level of confidentiality.
The HIPPA Security Rule requires healthcare entities to protect against any reasonably anticipated threats or hazards to PHI
True The security rule requires healthcare entities to ensure the confidentiality, integrity, and availability of all electronic protected health information
HIPPA defines which types of technologies must be used to safe guard PHI
False One thing HIPPA does not specif is the type of technology to secure patient data. This is left to the health entities to figure out. It does specify that the technologies be appropriate to their operations and be supported by a thorough security.
The HIPPA Privacy rule gives patients the right to request correction to their medical records.
True It gives them the right examine and obtain a copy of their own medical records and request corrections.
An insurer, responsible for payment, is entitled to see all data in a patient’s health record.
False Generally limits release of information to a minimum needed for treatment, payment, operations.
What data a person can see in an EHR is dependent on his or her role.
True The role you have will dictate what you have the right to access.
An employee responsible for scheduling will have access to the same EHR functions as a nurse
False The role you have dictates the amount of patient information you have the right to access and disclose, so a scheduler on needs access to demographics and insurance information
If you accidentally view information you should not have access to, report the event to your supervisor.
True
As an employee in a healthcare organization, you have the right to access the maximum information needed to care for the patient
False
If an individual access a record inappropriately, he she is protected from being fired as long as he/she has completed HIPPA training
False It is becoming common that immediate employment termination could be the consequence of reviewing information that you do not have the right and need to know
HIPPA’s Privacy and Security policies became law in
1996
The HIPPA security rule requires healthcare entities to ensure
the confidentiality, integrity, and availability of PHI
HIPPA of 1996 continues to amend with
HITECH
What is Title I under HIPPA
Protects health insurance coverage for those who lose or change jobs
What is Title II under HIPPA
Standardizes electronic data exchange and protects the confidentiality and security of health data
What are the four Parts to Title II of HIPPA
- Standards for electronic transactions
- Unique identifiers for providers, employers, and health plans
- The security rule
- The privacy rule