Chapter 6: Health Insurance Portability and Accountability Act (HIPAA) Exam 1

Question 1

What does HIPAA stand for?

Answer 1

Health Insurance Portability & Accountability Act

Question 2

Origin of HIPAA

Answer 2

-1996
-Enacted by Congress
-Signed by President Bill Clinton
-Within Dpt. of Health & Human Survices
-Office for Civil Rights

Question 3

What is HIPAA

Answer 3

1. Establishes nationwide protection for patient confidentiality, electronic system security, & transmission of electronic health information
2. Guarantees patients the right to access their information
3. Outlines penalties for violations that occur

Question 4

Why do we care about HIPAA?

Answer 4

-Required to comply w/ these policies & procedures when dealing with health information
-Clients/patients trust their personal health information will be protected
-Committing HIPAA violations puts you & your employer at risk (Fines, civil/criminal penalties, bad reputation)

Question 5

HIPAA states that health information is required to be protected when created, stored, or transmitted in which ways?

Answer 5

1. Verbal Discussions
2. Written
3. Stored in Computers
4. Transfer of Data through Electronic Devices

Question 6

What is Protected Health Information (PHI) ?

Answer 6

Any individually identifiable health information

Question 7

Examples of Protected Health Information (PHI)

Answer 7

-Medical Records
-Photos & Videos
-Communications between providers
-Billing & Payment Records
-Health Plan Claims Records
-Health Insurance Policy Information

Question 8

Minimum Necessary Rule

Answer 8

Use or disclose only the minimum necessary to accomplish an intended purpose

Question 9

When does the minimum necessary rule not apply?

Answer 9

Treatment Purposes

Question 10

What instances can PHI be used/disclosed without authorization from client/patient?

Answer 10

-Treatment
-Payment
-Health Care Operations
-Public Policy Exception

Question 11

Treatment is during, coordinating, & managing health care for an individual. What does this include?

Answer 11

1. Direct treatment
2. Consultation among health care providers
3. Indirect treatment (lab testing)
4. Referrals from one provider to another

Question 12

Payment is activities by a health care provider to obtain payment for health care services. What does this include?

Answer 12

1. Billing
2. Eligibility/Coverage Determination
3. Medical Necessity Determination

Question 13

Health Care Operations

Answer 13

1. Activities directly related to treatment & payment (credentialing, auditing, & quality assessment)
2. Administrative & Managerial Activities (business planning, resolving complaints, HIPAA compliance checks)

Question 14

When dealing with PHI paperwork…

Answer 14

1. Don’t print or copy unless necessary
2. Keep in protected locations
3. Use fax cover pages
4. Properly dispose (shred, dispose in separate bins)

Question 15

When storing PHI in computers or electronic data…

Answer 15

1. Follow safe practices (strong passwords, keep logins confidential, no access to others of ID)
2. Do not leave computer unattended without locking it
3. Avoid risky practices (use of electronics in public/unsecure locations, opening suspicious emails, etc.)
4. Implement workstation certified for HIPAA access

Question 16

Type I Privacy Violation - Inadvertent or Unintentional (Negligent) Disclosure

Answer 16

-May or may not result in disclosure of PHI
-Possible disciplinary actions (verbal warning, re-education, review & signing of confidentiality agreement)
-Disciplinary actions determined by Privacy Officer, director of Human Resources, etc.

Question 17

Type II Privacy Violation - Intentional Disclosure

Answer 17

-May or may not result in disclosure of PHI
-Disciplinary actions (civil & criminals penalties can be enforced, loss of job)