Chapter 11 Test 4 Flashcards

1
Q

___________ provides individuals with rights to provide some control over their health information

A

HIPAA privacy rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

__________, covered entities with EHRs must make PHI available electronically, or must send it to designated person or entity electronically if individual requests

A

Per HITECH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

_________ must respond within 30 days after request received
30 days from receipt of request
Permitted 30-day extension if written statement includes reason for delay and date covered entity will complete its action.
Extended time permitted for records not maintained on site

A

Covered entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

________ have the right to know about instances where his or her PHI has been disclosed

A

Individuals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

________________ includes:
Date of disclosure
Name and address of entity or person who received the information
Brief statement of the purpose of the disclosure

A

Accounting of Disclosures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

______ response to request for accounting

A

Timely

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

_____ accounting within a 12-month period is free

A

First

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Must account for disclosures in past ______

A

3 years

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Per HITECH proposed rule, which is still pending, the _________ would require CEs to account for everyone who used or disclosed electronic health information in a DRS

A

access report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

______ disclosures would be displayed in access report as well as public health reporting

A

TPO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Notice of Privacy Practices must inform individuals of ___________ at CE level and to the US Department of Health and Human Services (DHHS), along with contact information

A

right to complain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An “unauthorized acquisition, access, use or disclosure of PHI which compromises the security or privacy of such information

A

HIPAA Breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

_______ are deemed to have been discovered when the breach is first known or when it reasonably should have been known

A

breaches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Individuals should be notified without delay, and within _____ of breach

A

60 days

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

If more than ____ individuals are affected and written notice is unsuccessful, web postings or the use of media is recommended

A

9

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

If more than ______ individuals, media outlets MUST be used and the Secretary of HHS MUST be notified immediately.

A

500

17
Q

_____ use an online breach reporting system

A

CEs

18
Q

_________ is a public interest and benefit authorization exception, but IRB or privacy board must approve variations to authorization requirement

A

Research

19
Q

__________ is the rule of law that if the federal government through Congress has enacted legislation on a subject matter it shall be controlling over state laws and/or preclude the state from enacting laws on the same subject if Congress has specifically declared it has “occupied the field.”

A

Preemption

20
Q

______ is a federal floor, or minimum, on patient privacy requirements.

A

HiPAA

21
Q

How much is it for Unknowing penalties (even with reasonable due diligence)

A

$100- $50,000

22
Q

How much is it Due to reasonable cause and not willful neglect?

A

$1,000-$50,000

23
Q

how much is it Due to willful neglect/corrected within 30 days of discovery?

A

$10,000- $50,000

24
Q

How much is it Due to willful neglect and not corrected as required?

A

$50,000

25
Q

______ for non-compliance apply to both CEs and BAs
Civil
Criminal

A

Penalties

26
Q

HIPAA Enforcement Rule implemented in _____

A

2006