Chapter 10 Test 4 Flashcards
Title I- Insurance Portability Title II - administrative simplification Title III- Medical Savings and Tax Deduction Title IV- Group Health Plan Provisions Title V- Revenue Offset Provisions
HiPAA Components
Insurance portability
Title I
Administrative Simplification
Title II
Medical Savings and Tax Deduction
Title III
Group Health Plan Provisions
Title IV
Revenue Offset Provisions
Title V
Protects individuals from losing their health insurance when leaving or changing jobs by providing insurance continuity (portability). It also prohibits discrimination based on a persons status or that of his or her dependents in the enrollment in health insurance plans and the amount of premiums charged.
Title I
The most relevant title to management of health information, containing provisions relating to the prevention of healthcare fraud and abuse, medical liability reform, and administrative simplification. The Privacy Rule reside is Title II along with HIPAA security regulations
Title II
Contain tax related provisions relevant to the IRS and requirements for group health plans.
Title III, IV, and V
Became effective in 2003 under HIPAA law
- Has Two goals
The Privacy Rule
Protect the privacy of one’s health information by limiting access by others.
Privacy rule Goal 1
Provide an individual with greater rights with respect to his or her health information.
Privacy rule Goal 2
______ passed in 2009
Part of ______ was the HITECH Act.
ARRA
Expanded the role of the ONC
HIT Standards Committee was created
Appointed an ONC Chief Privacy Officer
HITECH
______ Policy Committee was created to address technologies and promote EHR privacy and security
Health Information Technology (HIT)
What Law addresses Alcohol abuse?
Treatment and Rehabilitation Act of 1970
What Law addresses drug abuse?
Treatment and Rehabilitation Act of 1972
What does HIPAA give or protect?
Protected Health Information (PHI)
Insurance plans
Covered entities
Health plans
Covered entities
Intermediary billing companies
Healthcare clearinghouses
________ should be initiated to legally protect information handled by a BA
business associate agreement (BAA)
Subcontractors of BAs are also _______.
BAs
Include employees, volunteers, student interns, trainees, and anyone else working under the CE’s direct control
Contractors working on a covered entity’s premises may be considered workforce members if they routinely work there
Workforce members
Does not identify the individual
Not subject to the HIPAA privacy rule
De-identified information
Unrelated code permitted to link de-identified information back to the individual
Re-identification
Per HITECH, individually identifiable information of persons ________ is not protected by the HIPAA privacy rule.
- loses its PHI status
deceased >50 years
person who is the subject of the PHI
Individuals
persons with legal authority to act on behalf of another adult, an emancipated minor, an unemancipated minor, or deceased individual.
Personal representatives
in the place of a parent
In loco parentis
divulging, releasing or disseminating outside information about an identifiable person by a CE or a BA to another entity or person OUTSIDE the entity holding the information.
Disclosure
sharing, employment, application, utilization, examination or analysis of individually identifiable information WITHIN an entity that maintains such information.
Use
asking for all or part of individual’s PHI
Request
providing coordinating or managing healthcare or healthcare related services by one or more healthcare providers.
Treatment
billing, claims management, claims collection, review of medical necessity of care, utilization review, etc.
Payment
quality improvement, legal and auditing functions, general business management such as customer service, etc.
Operations
performs both covered and non covered functions under the privacy rule
Example: University with a Medical Center
Hybrid entity
legally separate CE affiliated by common ownership or control
Affiliated covered entity
characterized by two or more CE’s who share PHI to manage and benefit their common enterprise and are recognized by the public as a single entity
Organized health care arrangement
each covered function operates separately and must not disclose PHI to a function not involved with the individual.
Example: medical facility with self-insured health plan
Covered entity with multiple functions
Notice of Privacy Practices
Consent
Authorization
Key Privacy Rule Documents
Communication about a product or service that encourages its purchase or use
Marketing
Use or disclosure of PHI for marketing requires authorization
General rule
Activities initiated by the covered entity to generate money for the benefit of the covered entity
Fundraising