Chapter Four

Question 1

What is privacy?

Answer 1

• the absence of intrusion into a person’s life and information from external sources
• In health care terms, privacy means that the patients’ health and other information are securely held so that only authorized persons have access to that information.

Question 2

What is confidentiality?

Answer 2

personal information shared with a professional such as a physician, attorney, or therapist.

Question 3

Why is confidentiality and privacy different?

Answer 3

• privacy is a condition while confidentiality is an ethical duty
• Both privacy and confidentiality are protected by law and each has legal consequences for violation.

Question 4

What does the doctor patient relationship have?

Answer 4

an implied confidentiality agreement

• Even though implied, the new patient must sign certain documents to declare comprehension of health privacy policies and procedures.

Question 5

Hippocrates realized the value of confidentiality in medicine. How?

Answer 5

Hippocratic Oath:

• Whatever houses I may visit, I will come for the benefit of the sick, remaining free of all intentional injustice, of all mischief and in particular of sexual relations with both female and male persons, be they free or slaves.
• What I may see or hear in the course of the treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep to myself, holding such things shameful to be spoken about.

Question 6

What organization made sure it was medical information will be kept confidential?

Answer 6

Health Insurance Portability and Accountability Act of 1996 (HIPAA), it is illegal

Question 7

What does condientiality in healthcare industry mean?

Answer 7

• can be defined as keeping personal medical information private.
• This includes not only specific conditions and treatments, but the very fact that the person sought treatment in the first place
• When a healthcare professional protects a patient’s medical information, that professional is showing respect for the patient

Question 8

What happens when a patient feels respected?

Answer 8

• he or she could be more likely to trust and more fully cooperate with healthcare providers
• this includes giving the physician all information that would help the healthcare team best serve the patient

Question 9

What led to the idea of confidentiality?

Answer 9

In the 1960s, the federal government increasingly found it necessary to establish and maintain records of many types. Concerned citizens and legislators wondered about the ways private information could be used by the government.

Question 10

What happens in 1973 with the the Department of Health, Education, and Welfare (HEW)

Answer 10

issued a report titled Records, Computers, and the Rights of Citizens. This report caught the attention of legislators, who soon went to work

Question 11

what is the Privacy Act of 1974 (Public Law 93-579)

Answer 11

• was the result and was signed into law by President Gerald Ford
• The Privacy Act is not exclusive to medical information.
• It addresses a variety of private information, including how social security numbers can be shared.
• The Privacy Act only applies to U.S. citizens and permanent residents; only these individuals may sue under the statutes of the act.

Question 12

What did the privacy act of 1974 led into?

Answer 12

HIPAA

Question 13

Why in the world is confidentiality so important anyway

Answer 13

• speaking legally and ethically, a person’s healthcare information is private and personal in nature, and every patient has a stake in who views his or her medical record.
• a person might be more likely to seek healthcare if he or she is assured that medical information will be kept private. By feeling free to be open and honest, the patient reveals accurate information that can help the healthcare team provide the best care.

Question 14

What is breach?

Answer 14

to violate

Question 15

List (5) the fews that healthcare professional fails to guard personal medical info?

Answer 15

Read pages 56-57 for the reasons why

Question 16

What is HITECH?

Answer 16

• The Health Information Technology for Economic and Clinical Health Act (2009) and was signed into law February 17, 2009.
• This legislation was an economic stimulus package in which $250 million was appropriated toward technology.
• The Act, which addresses confidentiality, sought to accomplish the following in regards to healthcare technology and the American healthcare system:
  1. Improve quality, safety, and efficiency
  2. Increase coordination efforts for the benefit of the patient
  3. Improve health status
  4. Promote patient autonomy
  5. Assurance of privacy and security

Question 17

What is ransomware?

Answer 17

• is malicious software used by computer hackers to block users from data in their own computer systems.
• The hacker requires money to restore access.
• It is digital extortion

Question 18

How many ransomware attacks daily?

Answer 18

4000

Question 19

1. Who continually works to assist providers in security measures to prevent risks such as ransomware?
2. The compliance and policy development is monitored by who?

Answer 19

1. HIPAA
2. Department of Health and Human Services

Question 20

Since ransomware compromises the user/owner access to its own electronic information, some recommendations for risk management include:

Answer 20

1. Conduct frequent computer system backups.
2. Test restorations should be performed periodically to validate backed up data.
3. Some ransomware may even remove or disrupt backups. Users/owners of the systems should consider backing up offline and separate from the primary network.
4. Contingency plans for: disaster recovery planning, emergency analysis to ensure that all applications and data are present and accounted for, and peri- odic testing or contingency plans to assure effectiveness.

Question 21

What is Medical Identity Theft

Answer 21

• is the stealing of a patient’s personal information (name, address, social security number, etc.) in order to use it to wrongly acquire insurance coverage and/or prescriptions.
• If the thief’s information gets integrated with a patient’s information, it can compromise the effectiveness of care given to the patient.

Question 22

The wise medical consumer (patient) should be protective by: (6)

Answer 22

1. Always carefully reviewing any medical bills or insurance statements (such as an EOB: Explanation of Benefits).
2. Reading any medical collection notices, meaning being charged for a service, not knowing of change, and not paying, making the bills past due.
3. Keeping up with benefit (insurance) financial limits.
4. Contacting healthcare providers and/or insurance companies if any information is incorrect. Waiting to contact can cost the patient.
5. Getting copies, occasionally, of the medical record and review for accuracy. Anything suspicious should be reported to whomever has the original record. Note that you may have to pay for copies, but it is worth the price to maintain patient record accuracy.
6. Keep copies of records in a secure location.

Question 23

• When was HIPAA signed into law and under who?
• What did it do?

Answer 23

• in 1996 under the William Jefferson Clin- ton administration.
• This federal law was enacted to address continuation of health insurance coverage in healthcare. This important legislation gives the patient more control over personal medical information and how it is used or released.

Question 24

Five different forms are required to protect patient information:

Answer 24

1. The privacy notice
2. The signature of patient indicating that he or she received the privacy notice
3. The patient’s permission to provide his or her medical information to otherpeople (such as a relative) or entities (such as an insurance company)
4. A trading partner agreement specifying the parties involved (i.e., physicianand patient)
5. A contractual statement between the physician or facility and the patient

Question 25

What was the two aims of HIPPA?

Answer 25

• The first aim was to improve conditions when individuals change health insurance programs, including portability.
• The second aim was to make sure that as long as there is no lapse of coverage, preexisting conditions are covered.

Question 26

What is portability?

Answer 26

that no lapse of healthcare coverage occurs when a person changes from one job to another, even when insurance carriers change.

Question 27

What is preexisting conditions?

Answer 27

• are ailments or diseases that the patient has before health insurance coverage begins.
• Preexisting conditions often limit healthcare coverage, and this component was designed to help the patient get coverage needed to receive medical care.

Question 28

Before the HIPAA laws were enacted, a person moving from one job to another had to go for a period of time with no healthcare insurance. This might happen because there was a gap between the two jobs and/or because the new insurance might take a few months to take effect. What allows preexisting allowance in the law permits continuous coverage?

Answer 28

Consolidated Omnibus Budget Reconciliation Act of 1985 (COBRA)

Question 29

What were the “add-ons” in the final HIPAA legislation

Answer 29

include protection of private medical information, standardization and simplification of forms, and strategies to prevent fraud, waste, and abuse.

Question 30

Acting upon the legislation of the Clinton administration, the George Herbert Walker Bush administration and Congress chose to introduce the law in three phases:

Answer 30

1. Implementation of federal privacy regulations
2. Implementation of insurance claims
3. Implementation of a clearinghouse of electronic medical claims

Question 31

1. Though HIPAA was written into law in 1996, phases concerning insurance and clearinghouse implementation did not take effect until when?
2. The phase concerning federal privacy legislation did not take effect until when?
3. What were the delays due to?

Answer 31

1. 2002
2. 2003
3. to complications in implementation, and had to be addressed to make the legislation practical. In other words, it was unclear whether the bill, in its original form, would be practical to carry out.

Question 32

T/F: Access to a patient’s medical record does not give automatic permission to view the record.

Answer 32

True

• If you do not need to read the record to assist in serving the patient, you should not access it at all.

Question 33

If you do not need to read the record to assist in serving the patient, you should not access it at all.

• What is the clause in HIPPA according to this sitution?

Answer 33

need to know

Question 34

There are five primary components of the HIPAA law:

Answer 34

1. Title l: Insurance Portability
2. Title II: Administrative Simplification
3. Title III: Medical Savings and Tax Deduction
4. Title IV: Group Health Plan Provisions
5. Title V: Revenue Offset Provisions

Question 35

What is Consolidated Omnibus Budget Reconciliation Act of 1985 (COBRA)

Answer 35

• mandates that those businesses with 20 employees or more must provide employees who leave that business extended health insurance for up to 18 months.
• This insurance can be at the expense of the company but usually is paid for by the employee. Many employees are provided health insurance free of charge through the company.
• If the employee leaves that place of employment, he or she may then decide to purchase the coverage until other coverage takes effect

Question 36

What is an example of how COBRA can affect healthcare insurance?

Answer 36

Question 37

• What is the privacy rule?
• When did go into effect and when was it fully implemented?

Answer 37

• went into effect in 2001 and was fully implemented in 2003.
• It is the portion of HIPAA that refers to personal data (past, present, and future), otherwise known as protected health information (PHI)

Question 38

What is protected health information?

Answer 38

• PHI is specific medical information pertaining to the patient, such as name, date of birth, and social security number.
• One crucial treatment of PHI is that concerning the patient and health insurance companies, also known as vendors.
• Health insurance companies may obtain medical information about a patient, but only if the patient signs a release of information.

Question 39

• PHI can come in three primary forms?
• What are the exceptions to PHI?

Answer 39

• written, electronic, and oral
• including suspected abuse (including elder, child, and spousal abuse), medical research, and certain contagious diseases

Question 40

What are the limitations of PHI?

Answer 40

• It does not include information a person shares with law enforcement officials, bankers or creditors, insurance representatives, schoolteachers or administrators, or employers.
• Although it is not legally mandated, it would be professionally sound and ethical conduct for all professionals to protect the personal information of any client.
• This lack of protection might prompt many people to limit their sharing of confidential health information to the healthcare provider, who is legally obligated to keep medical information in the strictest of confidence.
• Failure to do so could result in the healthcare professional being punished, ranging from a fine to imprisonment. Keep in mind that health information includes pharmacy records and mental health records and is not limited to the con- fines of a hospital or physician’s office.

Question 41

HIPAA does not cover the following:

Answer 41

■ Financial documents (credit information, banking records)
■ Information as maintained by the Central Intelligence Agency (CIA), as outlined in the Privacy Act of 1974 (U.S. Department of Justice, 2003)
■ Educational records (including vaccinations and other information)
■ Subpoenas for medical records needed in court cases
■ The electronic database files of private companies
■ Employment records, including any employer-sponsored health program in which you may participate or information needed by your employer for the Family and Medical Leave Act (FMLA) (It is important to also know that if a company is self-insured for medical coverage of employees, the handling of insurance claims and other health-related information is covered by HIPAA.)

Question 42

It would seem that any personal record would be covered, but often information is covered by other laws such as what?

Answer 42

the Gramm-Leach-Bliley Act (GLB)

Question 43

When was the Healthcare Integrity and Protection Data Bank (HIPDB) operational and what is it?

Answer 43

• became fully operational in 2000.
• This national data bank was an aggressive move to prevent fraudulent and/or abusive healthcare practitioners and suppliers from being able to practice

Question 44

Areas being monitored, as outlined in the Social Security Act, include:

Answer 44

■ Licensure and certification actions
■ Exclusion from participation in federal and state healthcare programs (e.g., Medicare)
■ Civil judgments related to healthcare
■ Criminal convictions
■ Revocation or suspension of lab certification

Question 45

Centralized data banks such as the HIPDB were designed to do what?

Answer 45

• improve not just the ethical standards and practices of the healthcare industry, but also to provide a go-to place to prevent unethical persons from being allowed to serve patients.
• Think of the HIPDB, in some ways, as a “Better Business Bureau of Healthcare.”

Question 46

What is a release of information

Answer 46

• a document that allows the healthcare provider to share certain information—not necessarily the whole record
• Even if you are referred to a specialist by your physician, you must give your permission for your medical information to be shared with that specialist. Your medical record is private, and the document itself is considered a legal document.

Question 47

What is the Patient Safety and Quality Improvement Act of 2005 (PSQIA)

Answer 47

• is another important piece of legislation in the area of patient rights.
• This law was published in 2005 but did not go into effect until January 2009.
• It launched a reporting system for violations of patient safety. To encourage reporting of any violations, the identities of people who file reports are kept private.
• By protecting those who report, it was hoped that more reports would surface to further improve safety conditions within the healthcare setting (U.S. Department of Health and Human Services, n.d.).

Question 48

The following is a direct quote from the Health and Human Services (1999) website about the PSQIA:

Answer 48

The confidentiality provisions will improve patient safety outcomes by creating an environment where providers may report and examine patient safety events without fear of increased liability risk. Greater reporting and analysis of patient safety events will yield increased data and better under- standing of patient safety events.
[The Office for Civil Rights] works in close collaboration with the Agency for Healthcare Research and Quality (AHRQ) which has respon- sibility for listing patient safety organizations (PSOs), the external experts established by the Patient Safety Act to collect and analyze patient safety information.

Question 49

there are certain instances where some medical information should be released?

Answer 49

Such instances include child abuse cases, elder abuse cases, mental health patients who may become violent, and matters concerning the greater good.

Question 50

What is child abuse?

Answer 50

• harm of a person younger than 18 years of age who is not an emancipated minor
• It can involve physical harm, emotional harm, exploitation, and neglect.

Question 51

Child abuse is defined by federal law in the following ways:

Answer 51

1. “Any recent act or failure to act on the part of a parent or caretaker which results in death, serious physical or emotional harm, sexual abuse, or exploitation.”
2. “An act or failure to act which represents imminent risk of serious harm.

Question 52

Every _ seconds in America, a report is made concerning the maltreatment of a child

Answer 52

10

Question 53

The following professionals are legally required to report suspected child abuse:

Answer 53

• Physicians
• Nurses
• Dentists
• Mental health professionals
• Social workers
• Teachers
• Day care workers
• Law enforcement personnel
• In some states, clergy, foster parents, attorneys, and camp counselors also are required to report abuse.
• In 18 states, any person who suspects abuse is required to report it.

Question 54

When a healthcare professional recognizes any sign of abuse (including sus- pect bruises or fractures, and/or the child being withdrawn or upset), he or she is legally obligated to report to the suspicions to where?

Answer 54

• the county’s Department of Human Services and the police department.
• Reports can also be made to the 24-hour Child Abuse National Hotline: 1-800-4-A-CHILD (1-800-252-2873).

Question 55

What is the general definition of elder abuse?

Answer 55

• “any harmful treatment of an elderly person.”
• Harmful treatment can include physical, emotional, or sexual abuse; neglect; financial exploitation; and self-abuse.

Question 56

According to the National Research Council Panel to Review Risk and Prevalence of Elder Abuse and Neglect (2003), how many elders have been abused?

Answer 56

It has been estimated that between 1 and 2 million Americans 65 years or older have been injured, exploited, or otherwise mistreated by someone on whom they depended for care or protection

Question 57

If a healthcare professional suspects elder abuse, he or she should immediately contact who?

Answer 57

• the local police department and the local Department of Human Services.
• In 16 states, reporting is mandated. In those states, not reporting could result in criminal charges, just as in instances of not reporting child abuse.

Question 58

Mental illness affects at least one in _ Americans

Answer 58

Five (1 in 5)

Question 59

Any healthcare professional has a legal and ethical obligation to report what?

Answer 59

even a suspicion of a mental patient in self-harm or one who is harming others

Question 60

What does it mean when the matters of greater good?

Answer 60

Though confidentiality is decidedly one of the highest priorities in healthcare, there are times when the best interest of the public outweighs the protection of a patient’s private medical information.

Question 61

What is an example of not keeping medical info in total confidence to help the greater good?

Answer 61

Alerting the public to a potential danger can help ensure their safety. In the William Gladstone case study, reporting the botulism (food poisoning) certainly helped those who attended the picnic and could have saved lives. Normally a patient’s medical information is kept in total confidence, but sometimes the benefits to the general public warrant reporting.