Health Information Privacy Flashcards
1
Q
Covered Entity
A
Entities covered under HIPAA include healthcare providers and health plans that electronically transmit health information (in connection with insurance coverage).
Doctors who accept only cash or credit cards and do not bill insurance are not covered by HIPAA.
2
Q
Business Associate
A
Businesses that use health data to help covered entities carry out their health care functions and not for the business associate’s independent use or purposes.
3
Q
HIPAA Privacy Rule
A
- Notice of Privacy Practices
- Authorizations for uses and disclosures
- Access (Portability) = 30 days turnaround (with one exception) and reasonable fee
- Accounting of disclosures
- “Minimum necessary” use or disclosure to accomplish intended purpose (data minimization)
- Safeguards (administrative, physical, technical)
- Accountability (Privacy Official)
4
Q
HIPAA Security Rule Requirements
A
- Ensure confidentiality, integrity and availability of PHI being created and used
- Protect against reasonably anticipated threats or hazards
- Protect against reasonably anticipated uses or disclosures not permitted under Privacy Rule
- Ensure workforce compliance with this Security Rule
5
Q
Considerations for Designing Program
A
- Size, complexity, and capabilities of covered entity
- Technical infrastructure, hardware, and software
- Cost of security measures
- Probability and impact of risks