Chapter 10 - HIPAA Privacy Rule: Part I Flashcards
HIPAA Privacy Rule
A key federal law governing the privacy and confidentiality of patient information. It is designed to protect privacy and give people more rights in regards to controlling who has access to their health information.
It is an addition to HIPAA, and was released April 14, 2003.
delineate
(1) to describe, portray, or set forth with accuracy or in detail
(2) to indicate or represent by drawn or painted lines
(3) to mark the outline of
Titles of HIPAA
HIPAA consists of five broad sections (titles), most of which do not specifically address the protection of patient information.
Title I: protects individuals and their dependents from losing their health insurance when leaving or changing jobs by providing insurance continuity (portability)
Title II: provisions relating to the prevention of healthcare fraud and abuse, medical liability (malpractice) reform, and administrative simplification
Title III, IV, and V: tax-related provisions
provision (law)
a dedicated section that describes or specifies an action or condition
Freedom of Information Act of 1967
a law that has provided the public the right to request access to records from any federal agency; there are some exceptions
Privacy Act of 1974
a law that provides individuals with privacy rights by requiring that federal agencies that hold personally identifiable records to safeguard the information
Drug Abuse Prevention, Treatment, and Rehabilitation Act of 1972
A federal statute designed to be a practical resource for governments, policy planners, service commissioners and treatment providers against drug abuse. The Act was introduced because of the ineffectiveness of the efforts of state and local governments and by the federal government to control and treat drug abuse in the U.S.
Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment, and Rehabilitation Act of 1970
a federal law that authorized a comprehensive Federal program to address prevention and treatment of alcohol abuse and alcoholism
commissioner
a member of a commission or an individual who has been given a commission (official charge or authority to do something)
bureau
an office or department for transacting particular business
remittance
a sum of money sent, especially by mail, in payment for goods or services or as a gift
remit
(1) cancel or refrain from exacting or inflicting (a debt or punishment)
(2) send (money) in payment or as a gift
exact (verb)
to demand and get by force or threat
subcontractor
One who takes a portion of a contract from the principal contractor or from another subcontractor.
When an individual or a company is involved in a large-scale project, a contractor is often hired to see that the work is done. The contractor, however, rarely does all the work. The work that remains is performed by subcontractors, who are under contract to the contractor, who is usually designated the general or prime contractor. Subcontractors may, in turn, hire their own subcontractors to do part of the work that they have contracted to perform.
Safe Harbor method
a method of removing identifying information from health information; it involves removing 18 identifiers, such as name, location, address, telephone, and ID numbers
designated record set (DRS)
a group of records maintained by or for a covered entity that includes medical or billing records
treatment, payment, operations (TPO)
the three functions needed for a covered entity to successfully conduct business
hybrid entity
an organization that acts both as a covered entity and also does things that are not covered by HIPAA’s Privacy Rule
(e.g. a university that educates students and has student records while also operating a medical center with medical records governed by HIPAA’s rules; the student records are not under HIPAA’s power)
affiliated covered entity
covered entities that are legally separate but connected by common ownership or control
organized healthcare arrangement (OHCA)
an arrangement characterized by two or more covered entities who share protected health information to manage and benefit their common enterprise and are recognized by the public as a single entity
Notice of Privacy Practices (NPP)
a document that must be given to a patient upon their first visit at a covered entity; it tells the patient of their privacy rights and the covered entities’ practices
Statement of Right to Revoke
a statement that informs a person of their right to revoke authorization that they previously gave, the exceptions to that right, and how to invoke that right
incidental disclosure
a secondary disclosure that cannot reasonably be prevented, is limited in nature, and that occurs as a result of another use or disclosure that is permitted by the Rule
(e.g. calling out a patient’s name in a waiting room, a patient accidentally seeing another patient’s chart when he goes into an office)
redisclosure
the act of sharing or releasing health information that was received from another source (e.g., external facility or provider) and made part of a patient’s health record or the organization’s designated record set
marketing
communication about a product or service that encourages the recipient to purchase or use that product or service
Minimum Necessary
The process that is defined in the HIPAA regulations: When using or disclosing protected health information or when requesting protected health information from another covered entity, a covered entity must make reasonable efforts to limit protected health information to the minimum necessary to accomplish the intended purpose.
