Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

113 Lecture for Lab Practicum/Prof testing 2 Spring 2014 > CVTE 113 HIPAA > Flashcards

CVTE 113 HIPAA Flashcards

1
Q

What does HIPAA stand for?

A

Health Insurance Portability and Accountability Act
1996

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Two (2) parts of HIPAA covered
in this presentation:

A
  • HIPAA Privacy
  • HIPAA Security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is HIPAA Privacy?

A

•HIPAA Privacy –

Protection for the privacy of Protected Health Information (PHI) effective April 14, 2003 (including Standardization of electronic data interchange in health care transactions, effective October 2003)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the difference between Privacy and Security?

A
  • The Privacy Rule sets the standards for how covered entities and business associates are to maintain the privacy of Protected Health Information (PHI)
  • The Security Rule defines the standards which require covered entities to implement basic safeguards to protect electronic Protected Health Information(e-PHI)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is HIPAA?

A
  • Protects the privacy and security of a patient’s health information.
  • Provides for electronic and physical security of a patient’s health information.
  • Prevents health care fraud and abuse

.•Simplifies billing and other transactions, reducing health care administrative costs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is HIPAA?

A
  • HIPAA is the Health Insurance Portability and Accountability Act of 1996, with guidelines implemented in 2003.
  • HIPAA is a Federal Law.
  • HIPAA is a response, by Congress, to healthcare reform.
  • HIPAA affects the health care industry.
  • HIPAA is mandatory.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Who has to follow the HIPAA law?

A
  • Admitting clerks
  • Caregivers from the ED to the morgue
  • Physical therapists
  • Nutritionists
  • Lab personnel
  • Receptionists in MD offices
  • Transport techs
  • Respiratory therapists
  • Billing clerks
  • Insurance agents/clerks
  • School teachers/nurses
  • Home health personnel
  • Medical records clerks
  • Website managers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Examples of Covered Entities

A
  • Providers
  • Health Plans
  • Clearinghouses for Electronic Billing
  • Business Associates (through contracts)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When is the HIPAA implementation date?

A

2003

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Where does HIPAA apply to us?

A

HIPAA applies to us all—

in all settings.

That means at school, at home,

on the shuttle buses,

as well as the hospitals and clinics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why is HIPAA important?

A

To protect our personal information from being misused in situations such as these:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does PHI stand for and what does it mean?

A

Protected Health Information (PHI) or Protected Medical Information (PMI)

This is any data about the patient that would tend to identify the individual:

name, hospital #, SSN, diagnosis, lab results, past or current photos, etc, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does PO stand for and what does it mean?

A

Privacy Officer (PO)

Each facility will have an employee who is responsible for implementing and enforcing this law. Some may have one over a multi-facility network (Seton) others one at each site (St. David’s Partnership). As a nursing student this individual (after your instructor or preceptor) could be your point of information regarding HIPAA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does CE stand for and what does it mean?

A

Covered Entity (CE)

This includes any health plan, healthcare provider, agency that processes claims, and any company that subcontracts with them are covered by this law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

7 patient rights
regarding privacy of PHI

Individuals have the right to:

A
  1. Receive notice of an agency’s privacy practices.
  2. Know that an agency will use its PHI ONLY for treatment, payment, operations (TPO), certain other permitted uses and uses as required by law
  3. Consent to and control the use and disclosure of their PHI.
  4. Access their protected health information (PHI), except for psychotherapy notes (they might be charged for copies)
  5. Request amendment or addendum to their PHI (not always granted)
  6. Receive accountings of disclosures
  7. File privacy complaints to agency officer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the “Need to know” principle?

A

PHI should be shared with as few individuals as needed to ensure patient care and then only to the extent demanded by the individual’s role.

For example, the nursing assistant “needs to know” only the facts concerning the patient’s current admission.

As a student, you will discuss PHI only as it applies to your education or your patient’s care.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How do we help to Protect PHI?

A
  • Take all reasonable steps to make sure that individuals without the ‘need to know’ do not overhear conversations about PHI.
  • DO NOT conduct discussion about PHI in elevators or cafeterias.
  • Do not let others see your computer screen while you are working. Be sure to log out when done with any computer file.
18
Q

As a student, how do you protect PHI?

As an employee, what must you use to protect PHI?

A

In the student role, you are NOT to photo duplicate or fax patient documents in the process of working with your patient’s PHI.

As an employee of an agency you must use the agency’s security procedures to transmit PHI.

19
Q

What Patient Information
Must We Protect?

A

Protected Health Information (PHI)

  1. Relates to past, present, or future physical or mental condition of an individual; provisions of healthcare to an individual; or for payment of care provided to an individual.
  2. Is transmitted or maintained in any form (electronic, paper, or oral representation).
  3. Identifies, or can be used to identify the individual.
20
Q

Examples of PHI:

A

PHI = Health Information with Identifiers

  • Name
  • Address (including street, city, parish, zip code and equivalent geocodes)
  • Name of employer
  • Any date (birth, admit date, discharge date)
  • Telephone and Fax numbers
  • Electronic (email) addresses
  • Social Security Number
  • Medical Records
21
Q

What is the law regarding PHI?

A

You may not use or disclose an individual’s protected health information,

except as otherwise permitted, or required, by law.

22
Q

How MAY we Use and Share a Patient’s PHI?

A
  • Treatment of the patient, including appointment reminders
  • Payment of health care bills
  • Business and management operations
  • Disclosures required by law
  • Public Health and other governmental reporting
23
Q

What does “Treatment” Include?

A
  • Direct patient care
  • Coordination of care
  • Consultations
  • Referrals to other health care providers
24
Q

What does “Payment” inculde?

A

“Payment” includes any activities required to bill

and collect for health care services provided to patients.

25
Q

What does “Health Care Operations” include?

A

“Health Care Operations” include business management and administrative activities, quality improvement, compliance, competency, and training.

26
Q

When can you use PHI?

A

Only to do your job!

As part of your job, you must protect the privacy of the patient’s PHI.

27
Q

What are practices you can implement

to protect PHI from being compromised?

A
  • Look at a patient’s PHI only if you need it to perform your job.
  • Use a patient’s PHI only if you need it to perform your job.
  • Give a patient’s PHI to others only when it’s necessary for them to perform their jobs.
  • Talk to others about a patient’s PHI only if it’s necessary to perform your job,

and do it discreetly.

At all times…Protect a patient’s information as if it were your own!

28
Q

For Example…

  1. You are a physician whose friend’s wife is in a coma in the hospital after an accident. He asks you to review the admitting physician’s orders and see if you concur. What can you legally do under HIPAA?

A.You can look at her chart so you can answer your friend’s questions about his wife’s condition.

B.You can ask the charge nurse on the floor to look into her records for you.

C.You can tell your friend that you can only look at his wife’s medical records if her physician, the patient, or in this case, the patient’s representative, allows you to do so. Suggest that your friend ask to discuss her treatment and progress with the attending physician.

A

C.

Under HIPAA, you are only allowed to use information required to do your job. Since you are neither the attending physician nor part of the patient’s care team, it is against the law to access the patient record or ask someone to access it on your behalf—even though you may know the person and just want to be helpful.

Remember that, if you were in a similar situation, you might not want your colleagues going through your own medical records, or those of your spouse or close friend.

29
Q

How can we protect PHI from

Public Viewing / Hearing?

A
  • Refrain from discussing PHI in public areas, such as elevators and reception areas, unless doing so is necessary to provide treatment to one or more patients.
  • Medical and support staff should take care when sharing PHI with family members, relatives, or personal representatives of patients. Information cannot be disclosed unless the patient has had an opportunity to agree with or object to the disclosure.
  • Personal representatives are those individuals who, under Louisiana law, are able to make healthcare decisions on behalf of the patient.
30
Q

For Example:

Dr. Fortissimo was eating breakfast in the Med School Cafeteria one Monday morning, and talking on his cell phone to another doctor. During the conversation, he referred to the patient by name, and described her diagnosis. The cafeteria worker at the next table heard the call. What could have been done differently to protect the patient’s privacy?

A.The patient’s privacy was protected; nothing was done wrong, since no PHI was mentioned.

B.It is important to be aware of your surroundings when you discuss patient information (PHI). The patient’s case should have been discussed in a more private location, or, at least, in a low voice that could not be overheard.

C.Other customers should not be allowed to eat in that section of the cafeteria so as to avoid such situations.

A

B.

Although HIPAA allows incidental uses and disclosures, this type of disclosure is not allowed. PHI includes oral communications.

The patient’s case should only have been discussed in a location that provided for the privacy of the information discussed.

31
Q

What if there is a
breach of confidentiality?

A

Breaches of the policies and procedures or of a patient’s confidentiality must be reported to the appropriate officer at the institution.

32
Q

What are the possible Disciplinary actions for breach of patient privacy?

A

There may be internal disciplinary action or civil penalties (fines and/or prison).

An employee who does not protect a patient’s privacy could lose his or her job!

33
Q

What is the policy about

Downloading/Copying/Removing PHI?

If an employee is terminated, what must they return?

A
  • Employees should not download, copy, or remove from the clinical areas any PHI, except as necessary to perform their jobs.
  • Upon termination of employment, or upon termination of authorization to access PHI, the employee must return to the University all copies of PHI in his or her possession.
34
Q

What must faxes include to protect PHI?

A

Faxing is permitted. Always include, with the faxed information, a cover sheet
containing a Confidentiality Statement:

  1. The documents accompanying the transmission contain confidential privileged information. The information is the property of the [facility name] and intended only for use by the individual or entity named above. The recipient of this information is prohibited from disclosing the contents of the information to another party.
  2. If you are neither the intended recipient, or the employee or agent responsible for delivery to the intended recipient, you are hereby notified that disclosure of contents in any manner is strictly prohibited. Please notify [name of sender] at [facility name] by calling [phone #] immediately if you received this information in error.
35
Q

Is faxing permitted?

A

yes

36
Q

What should we limit manual faxing too?

A

Limit manual faxing to urgent transmittals:

•Medical emergencies
Faxing PHI is appropriate when the information is
needed immediately for patient care

•Other situations considered urgent
(e.g., results from lab to physician)

37
Q

Information that SHOULD NOT be faxed
(except in an emergency):

A
  • Drug dependency
  • Alcohol dependency
  • Mental illness or psychological information
  • Sexually-transmitted disease (STD) information
  • HIV status
38
Q

Where should PHI not be left?

A

PHI should not be left in

conference rooms,
out on desks,
or on counters

where the information may be accessible to the public, or to other employees or individuals who do not have a need to know the protected health information.

39
Q

What is e-PHI?

A

•e-PHI (electronic Protected Health Information)
is computer-based patient health information that is used, created, stored, received or transmitted using any type of electronic information resource.

•Information is an electronic medical record, patient billing information transmitted to a payer, digital images and print outs, information when it is being sent to another provider, a payer or a researcher.

40
Q

How do we protect e-PHI?

A
  • Ensure the confidentiality, integrity, and availability of information through safeguards (Information Security)
  • Ensure that the information will not be disclosed to unauthorized individuals or processes (Confidentiality)
  • Ensure that the condition of information has not been altered or destroyed in an unauthorized manner, and data is accurately transferred from one system to another (Integrity)
  • Ensure that information is accessible and usable upon demand by an authorized person (Availability)
41
Q

What security measures do we use to protect e-PHI?

A
  • Password for access to computers/workstations
  • Email encryption
  • Workstation security measures
  • Malware controls to guard against bad software
  • Control of memory devices (e.g., flash drives)

113 Lecture for Lab Practicum/Prof testing 2 Spring 2014 (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions