7. Healthcare Flashcards
What is a covered entity?
- health plans (such as health insurance companies,
HMOs, company health plans, and Medicare/Medicaid) - healthcare clearinghouses (such as
billing services or healthcare management information systems) - healthcare providers who electronically transmit health information.
(Controllers)
What is a Business associate?
Any person or organization, other than a member of a covered entity’s workforce, that performs services and activities for or on behalf of a covered entity if such
services and activities involve the use or disclosure of PHI.
(Processor)
What is Protected Health Information (PHI)?
Protected health information (or PHI) is any individually identifiable health information transmitted or maintained in any form or medium that relates to an individual’s past, present, or future physical or mental health or condition; the provision of healthcare to an individual; or the past, present, or future payment for the provision of healthcare to the individual.
What is Electronic Protected Health Information (ePHI) ?
Electronic protected health information (or ePHI) is any individually identifiable health information transmitted or maintained in electronic media. This distinction also helps to clarify which healthcare entities are covered by HIPAA.
What is HIPAA’s Privacy rule for Covered Entities?
- Privacy Notice- at date of first service delivery
- Opt-In Auth- for use or disclosure of PHI outside HiPPA
- Limit PHI- Use/Disclosure for business associates
- Allow Access and amend- to individuals PHI
- Implement Safeguards
- Designate a Privacy Official
What is HIPPA’s security rule or ePHI?
- Implement training and security program
- Conduct ongoing assessment of risk
- Reasonable security to protect against threats and hazards, and unauth use or disclosure
What is GINA?
Genetic Information Nondiscrimination Act
GINA prohibits employers from discriminating against an individual based on genetic information, including requiring or requesting genetic information. It prohibits
discrimination against the individual’s family members. Healthcare providers cannot implement higher premiums based on genetic information or use a genetic predisposition to deny coverage.
What is HITECH?
Health Information Technology for Economic and Clinical Health Act
is an amendment to HIPAA which promotes the adoption and meaningful use of health information technology. Further, it offers incentives for healthcare providers to use and develop electronic health records and a national electronic health information exchange.
It added:
- Data Minimization
- Increased Penalties
- Notice of Breach
- Electronic Health Records (EHR)
What are the 6 rule requirements of the Confidentiality of Substance Use Disorder Patient Records Rule?
- Scope
- Re-disclosure
- Applicability
- Exceptions
- Disclosure
- Security
What is the 21st Century Cures Act?
expedites the research process for new medical
devices and prescription drugs, quickens the process for drug approval and reforms mental health treatment. It is not a privacy law, per se, but it contains privacy provisions.
What are the 5 privacy provisions in the 21st Century Cures Act?
- Prohibition of information-blocking (conduct that would interfere with the exchange of electronic health information)
- Requirement of “Certificates of confidentiality” for research—particularly for those with alcohol and or substance abuse issues
- Guidelines for permissible “compassionate” sharing of mental health or substance abuse information with family or caregivers
o 42 CFR Part 2 regulations generally require a special court order before the records of individuals with alcohol or substance abuse issues can be shared
with law enforcement or a court - Exemptions for mandatory disclosure of individual biomedical research information under the Freedom of Information Act
- Remote review of PHI under HIPAA rules
