Chapter 11 Test 4

Question 1

___________ provides individuals with rights to provide some control over their health information

Answer 1

HIPAA privacy rule

Question 2

__________, covered entities with EHRs must make PHI available electronically, or must send it to designated person or entity electronically if individual requests

Answer 2

Per HITECH

Question 3

_________ must respond within 30 days after request received
30 days from receipt of request
Permitted 30-day extension if written statement includes reason for delay and date covered entity will complete its action.
Extended time permitted for records not maintained on site

Answer 3

Covered entity

Question 4

________ have the right to know about instances where his or her PHI has been disclosed

Answer 4

Individuals

Question 5

________________ includes:
Date of disclosure
Name and address of entity or person who received the information
Brief statement of the purpose of the disclosure

Answer 5

Accounting of Disclosures

Question 6

______ response to request for accounting

Answer 6

Timely

Question 7

_____ accounting within a 12-month period is free

Answer 7

First

Question 8

Must account for disclosures in past ______

Answer 8

3 years

Question 9

Per HITECH proposed rule, which is still pending, the _________ would require CEs to account for everyone who used or disclosed electronic health information in a DRS

Answer 9

access report

Question 10

______ disclosures would be displayed in access report as well as public health reporting

Answer 10

TPO

Question 11

Notice of Privacy Practices must inform individuals of ___________ at CE level and to the US Department of Health and Human Services (DHHS), along with contact information

Answer 11

right to complain

Question 12

An “unauthorized acquisition, access, use or disclosure of PHI which compromises the security or privacy of such information

Answer 12

HIPAA Breach

Question 13

_______ are deemed to have been discovered when the breach is first known or when it reasonably should have been known

Answer 13

breaches

Question 14

Individuals should be notified without delay, and within _____ of breach

Answer 14

60 days

Question 15

If more than ____ individuals are affected and written notice is unsuccessful, web postings or the use of media is recommended

Answer 15

9

Question 16

If more than ______ individuals, media outlets MUST be used and the Secretary of HHS MUST be notified immediately.

Answer 16

500

Question 17

_____ use an online breach reporting system

Answer 17

CEs

Question 18

_________ is a public interest and benefit authorization exception, but IRB or privacy board must approve variations to authorization requirement

Answer 18

Research

Question 19

__________ is the rule of law that if the federal government through Congress has enacted legislation on a subject matter it shall be controlling over state laws and/or preclude the state from enacting laws on the same subject if Congress has specifically declared it has “occupied the field.”

Answer 19

Preemption

Question 20

______ is a federal floor, or minimum, on patient privacy requirements.

Answer 20

HiPAA

Question 21

How much is it for Unknowing penalties (even with reasonable due diligence)

Answer 21

$100- $50,000

Question 22

How much is it Due to reasonable cause and not willful neglect?

Answer 22

$1,000-$50,000

Question 23

how much is it Due to willful neglect/corrected within 30 days of discovery?

Answer 23

$10,000- $50,000

Question 24

How much is it Due to willful neglect and not corrected as required?

Answer 24

$50,000

Question 25

______ for non-compliance apply to both CEs and BAs
Civil
Criminal

Answer 25

Penalties

Question 26

HIPAA Enforcement Rule implemented in _____

Answer 26

2006