Health Information Privacy

Question 1

Covered Entity

Answer 1

Entities covered under HIPAA include healthcare providers and health plans that electronically transmit health information (in connection with insurance coverage).

Doctors who accept only cash or credit cards and do not bill insurance are not covered by HIPAA.

Question 2

Business Associate

Answer 2

Businesses that use health data to help covered entities carry out their health care functions and not for the business associate’s independent use or purposes.

Question 3

HIPAA Privacy Rule

Answer 3

• Notice of Privacy Practices
• Authorizations for uses and disclosures
• Access (Portability) = 30 days turnaround (with one exception) and reasonable fee
• Accounting of disclosures
• “Minimum necessary” use or disclosure to accomplish intended purpose (data minimization)
• Safeguards (administrative, physical, technical)
• Accountability (Privacy Official)

Question 4

HIPAA Security Rule Requirements

Answer 4

• Ensure confidentiality, integrity and availability of PHI being created and used
• Protect against reasonably anticipated threats or hazards
• Protect against reasonably anticipated uses or disclosures not permitted under Privacy Rule
• Ensure workforce compliance with this Security Rule

Question 5

Considerations for Designing Program

Answer 5

• Size, complexity, and capabilities of covered entity
• Technical infrastructure, hardware, and software
• Cost of security measures
• Probability and impact of risks