Chapter 11 Test 4 Flashcards
___________ provides individuals with rights to provide some control over their health information
HIPAA privacy rule
__________, covered entities with EHRs must make PHI available electronically, or must send it to designated person or entity electronically if individual requests
Per HITECH
_________ must respond within 30 days after request received
30 days from receipt of request
Permitted 30-day extension if written statement includes reason for delay and date covered entity will complete its action.
Extended time permitted for records not maintained on site
Covered entity
________ have the right to know about instances where his or her PHI has been disclosed
Individuals
________________ includes:
Date of disclosure
Name and address of entity or person who received the information
Brief statement of the purpose of the disclosure
Accounting of Disclosures
______ response to request for accounting
Timely
_____ accounting within a 12-month period is free
First
Must account for disclosures in past ______
3 years
Per HITECH proposed rule, which is still pending, the _________ would require CEs to account for everyone who used or disclosed electronic health information in a DRS
access report
______ disclosures would be displayed in access report as well as public health reporting
TPO
Notice of Privacy Practices must inform individuals of ___________ at CE level and to the US Department of Health and Human Services (DHHS), along with contact information
right to complain
An “unauthorized acquisition, access, use or disclosure of PHI which compromises the security or privacy of such information
HIPAA Breach
_______ are deemed to have been discovered when the breach is first known or when it reasonably should have been known
breaches
Individuals should be notified without delay, and within _____ of breach
60 days
If more than ____ individuals are affected and written notice is unsuccessful, web postings or the use of media is recommended
9