Chapter 8 Flashcards
Privacy
Freedom from unauthorized intrusion
Health Insurance and Accountability Act (HIPPA)
A fedral law passed in 1996 to protect privacy and other health care rights for patients. The acts helps workers keep continous health insurance coverage for themselves and their dependents when they change jobs, and protect confidential medical information from unathorized disclosure and or use. It was also intended to help curb the rising cost of health care fraud and abuse.
Covered entitites
Health care providers and clearing- houses that transmit HIPAA transactions electronically. and must comply with HIPAA standards and rule.
Covered Transactions
Electonic exchanges of information between two covered entity business partners using HIPAA mandated transactions standards
Designated record set
Records Maintained by or for a HIPAA covered entity
Notice of Privacy Practices NPP
A written document detailing a health care providers privacy practices
Protected health Information PHI
Information that contains one or more patient identifiers
de-identity
To remove from health care transactions all information that identify the patients
State Preemption
If a states privacy laws are stricters than HIPAA privacy standards, the state laws take precedence
Treatment, Payment, and health care operations TPO
A HIPAA term for qualified providers, disclosure of PHI to obatin reimbursement, and activities and transactions among entities. Treatment means that a health care provider can provide care: payment means that the provder can disclose PHI to be reimbursed: health care operations refers to HIPAA approved activities and transactions.
Standards
A general requirement under HIPAA
Rule
A document that includes HIPAA standards or requirements
Transactions
Transmission of information between two parties for financial or administrative activities.
Code set
Under HIPAA terms that provide for uniformity and simplification of health care billing and record keeping.
Electronic Transmission
The sending information from one network connected computer to another
Electronic data interchange EDI
The use of uniform electronic network protocols to transfer business information between organizations via computer networks
Permission
A reason under HIPAA for disclosing patient information
Limited data set
Protected health information from which certain patient identifiers have been remnoved
Security
Policies and procedures that protect PHI from unauthorized access
Firewalls
Hardware software, or both designed to prevent unauthorized persons from accessing electronic information
Encryption
The scrambling or encoding of information before sending it electronically
Verification
The requirement under HIPAA to verify any request as legitimate before protected health information is released
Minimum necessary
Terms referring to the limited amount of patient information that may be disclosed, depending on circumstances
Third
The right to privacy is expressed in amendments to the United States Constitution. Which of the following is one of the amendments that deals with privacy issues?
Griswold v. Connecticut
.
First
Which of the following amendments guarantees that information relevant to science and medicine can freely flow throughout the international marketplace of ideas?
Which of the following privacy rights is guaranteed by the fourth amendment?
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.”
Concern about privacy has led to the enactment of federal and state laws governing the collection, storage, transmission, and disclosure of personal data. These privacy laws are based on which of the following considerations?
When information is collected about a person, that person should have the opportunity to check the information for accuracy.
Which of the following acts forbids federal agencies from allowing information to be released other than that for what it was collected?
Privacy Act
Which of the following acts guarantees that workers who change jobs can obtain health insurance and also improves the security and privacy of patient identifying information?
HIPAA
What is the major focus of the 2010 Patient Protections and Affordable Care Act?
Availability of health insurance coverage for all Americans
Which of the following was the first federal legislation to deal thoroughly and explicitly with the privacy of medical records?
HIPAA
Which of the following acts contained many key changes to HIPAA as part of the Title XIII?
ARRA
Which of he following is a circumstance that led to the 1996 passage of the federal Health Insurance Portability and Accountability Act?
The rising cost of medical care has made consumers unable to seek needed treatment.
Which of the following administrative bodies has enforcement authority for HIPAA Administrative Simplification Standards, including transactions, code sets, and identifiers?
Centers for Medicare and Medicaid Services (CMS)
According to HIPAA language, which of the following describes the term “covered entities”?
Health care providers
A physician exchanges information with a patient’s managed care plan following HIPAA guidelines. Which of the following HIPAA language describes this process?
Covered transactions
Which of the following examples would not be a HIPAA standards-covered transaction?
A patient sends an e-mail message to a physician that contains patient identification.
A hospital administrator oversees records maintained for the hospital, which is a HIPAA-covered entity. Which of the following would not be considered a designated record set?
Personnel records
A new patient in a physician’s office signs a HIPAA regulated form that details what will happen with the patient information obtained during his treatment. What is the term for this policy?
Notice of Privacy Practices
A health care provider “de-identifies” the health information in a patient’s record. Which of the following occurs with this process?
All PHI is removed from the patient record.
TPO is an important HIPAA term. Which of the following describes an aspect of this acronym?
Treatment
A hospital accounting department hires an outside accounting firm to keep track of all billing to third party payors. Which of the following is the term for this firm?
Business associate
HIPAA contains standards that health care facilities must implement within a certain time frame. How many standards are included in this legislation?
4
It is a general requirement of HIPAA to protect a patient’s personal health information. What is the term for this HIPAA requirement?
Standard
HIPAA now mandates that all health care providers must ensure that they can send and receive information using standard data formats and data content. Who is responsible for compliance with this rule?
Health care providers
HIPAA legislation mandates that facilities have code sets. To which aspect of health care provision does this term apply?
Health care billing
A hospital complies with HIPAA transaction standards. What does this process involve?
Using HIPAA-defined standards for electronic data interchange (EDI)
Since converting electronic transmissions to HIPAA standards is highly technical, health care practitioners and facilities need to rely on what type of persons to be sure they are in compliance?
IT staff
Health care providers can disclose patient information according to HIPAA legislators, but they must identify a reason for each use. Which of the following is the correct term for this reason?
Permission
Which of the following is a recommended guideline for preventing incidental disclosures of PHI without authorization from the patient?
Do not place patient charts outside exam rooms unless the file is reasonably protected.
Health care practitioners and facilities may be asked to disclose PHI “for the public good.” Which of the following is a recommended guideline for this process?
Release PHI to public health authorities if child abuse or neglect is suspected.
In which of the following cases would it be forbidden to disclose PHI about a person?
When the person is the subject of an investigation.
There are eight circumstances that apply concerning the disclosure of PHI to law enforcement officials. Which of the following is not one of these circumstances?
In the case of a birth injury
To which of the following may PHI be disclosed without consulting a privacy officer for the institution?
Coroners
A health care professional provides a limited data set for research purposes. The recipient then enters into an agreement promising specified safeguards for the protected health information within the limited data set. What is the definition of a limited data set?
Protected health information with removal of certain patient identifiers
What is the initial patient action if he or she feels a health care practitioner has violated the HIPAA privacy rule?
The patient must file a written complaint with the secretary of HHS.
Standard 3 of the HIPAA legislation is the security rule. What does the term “security” mean in this situation?
Policies are put in place to protect electronic PHI from unauthorized access.
A health care practitioner uses encryption to protect patient information from unauthorized users on the Internet. Which of the following best describes this process?
Information is scrambled or encoded before sending it electronically.
Which of the following requests for patient information should not be given without patient authorization?
A pharmaceutical company requests patient information to target audiences.
HIPAA defines psychotherapy notes. Which of the following is an accurate description?
They analyze contents of conversation during counseling sessions.
A hospital administrator is reading HIPAA’s enforcement and penalty requirements to employees in an in-service session on privacy acts. Which of the following accurately describes one of these rulings?
The U.S. Department of Justice may enforce criminal sanctions that involve fines as well as prison terms.
For which of the following patient rights under the HIPAA privacy rule is it only recommended that documentation is obtained, not required?
A patient requests access to his medical record to copy it.
Which of the following statements regarding HIPAA policy is true?
An employer cannot access an employee’s health record without patient permission.
Which of the following statements is false regarding HIPAA policy?
One physician cannot send a patient’s records to another physician without patient consent.
Which of the following would be most likely not to be regulated by HIPAA?
An Internet company storing personal health records
Which statement is not true of HIPAA?
HIPAA requires that healthcare practitioners must change a medical record if a patient complains.
Which of the following is not a violation of HIPAA’s privacy rule?
A health care provider discloses information to a patient’s husband without patient consent after the patient identified him as entitled to receive the information.
The employer or employee can end the employment anytime for any reason.
.
Wrongful discharge
.
The employee is sexually harassing another employee.
.
Public policy
.
Discrimination
.
Title VII of the Civil Rights Act
.
Such conduct has the purpose or effect of unreasonably interfering with an individual’s work performance.
.
A surgical resident is offered opportunities to scrub in on a procedure if he dates the surgeon.
.
Businesses with 15 or more employees working at least 20 weeks of the year
.
Wagner Act of 1935
.
Affirmative action
.
Employees may collect punitive damages for discrimination.
.
1938 Fair Labor Standards Act
.
Recovering from substance abuse
.
Safety in the workplace
.
The Federal Register
.
Ask the employer to voluntarily remedy the situation.
.
.Investigation of fatalities or accidents
.
.The business is subject to daily fines.
.
Protection from unsafe work environments
.
Hazard Communication Standard
.
CDC
.
The employer must provide a Material Safety Data Sheet for each hazardous chemical.
.
General Duty Clause
.
Occupational Exposure to Bloodborne Pathogen Standard
.
Decontaminate work surface when spills occur and daily when work is completed
.
Dispose of chemicals in a glass or metal container
.
Five years
.
Follow maximum quality standards for lab testing.
.
The injured employee can file a claim with the government instead of suing.
.
Permanent disability indemnity in the form of weekly cash payments
.
Report the injury to a supervisor.
.
.In all but a few states the total cost is born by the employer.
.
an employee is laid off due to downsizing.
.
Wage records for the past 18 months
.
FUTA
.
Education
.
Birth date
.
Stick to a list of questions that relate specifically to the job description.
.
An employee can be insured in case he or she embezzles funds.
.
Marital status
.
The employee
.
Health care practitioners who are self-employed do not have to deduct withholding.
.
Amounts deducted for life insurance
.
Employment-at-will
.
Wrongful discharge
.
Evidence
.
Just cause
.
Public policy
.
Discrimination
.
Civil Rights Act
.
Equal Employment Opportunity Commission
.
Quid pro quo
.
Wagner Act
.
Affirmative action
.
U.S. Equal Employment Opportunity Commission (EEOC)
.
40
.
2,500
.
Pregnancy Discrimination Act
.
Americans with Disabilities
.
Genetic Information Nondiscrimination Ac
.
Medicare
.
Fair Labor Standards
.
Equal Pay
.
Retirement benefits
.
Occupational Safety and Health
.
Family Leave
.
Occupational Safety and Health
.
Agriculture
.
Top
.
Third
.
Follow-up
.
Failure to Abate
.
Hazard Communication
.
Material Safety Data Sheet (MSDS)
.
General Duty Clause
.
Chemical Hygiene Plan
.
Occupational Exposure to Bloodborne Pathogen Standard
.
Needlestick Safety and Prevention
.
Medical Waste Tracking
.
Five
.
Centers for Disease Control and Prevention
.
Clinical Laboratory Improvement
.
Workers’ compensation
.
Unemployment insurance
.
Labor dispute
.
Federal Unemployment Tax
.
Discrimination
.
Job
.
Surety bond
.
Wage and Tax
.
Four
.
Social Security taxes
.
