Healthcare Laws Flashcards
Reasons for healthcare laws
ones sense of self may be violated
more willing to be open about their issues
protects medical records of employees from the risk of unequal treatment
Initial purpose of Health insurance and portability act
improving efficiency in healthcare delivery
Government entity that published regulations to protect healthcare privacy
Department of health and human services
Covered Entities
Healthcare providers (hospitals, doctors), health care plans (insurers), clearing houses (where records are stored)
Misconception of entities that are covered
individuals seeking medical information via bookstore; medical
information websites, like WebMD; and health-related apps and wearables are not covered
A covered entity may share protected health information with BLANK to help the covered entity carry out its health care functions, provided it puts in place a contract with specified safeguards
Business associates (think of like processors/suppliers)
True/False: HIPAA does not preempt stricter state laws
True
Protected Health Information
Individually identifiable health
information that is transmitted or
maintained in any form.
Types of penalties for HIPAA offenses
Criminal and civil
Types of offenses
If an individual knowingly, and in violation of HIPAA
1) uses or causes to be used a unique health identifier,
2) obtains individually identifiable health information (IIHI) or
3) discloses IIHI to
another person
Electronic PHI
PHI that is transmitted or maintained in electronic media, not including paper records, paper-to-paper fax or
voice
Disclosures under HIPAA require this
Opt-in authorization
Must provide this at date of first service delivery
Privacy notice
Individual rights under HIPAA
Access, copy, and amend their PHI
Restrictions and use of deidentified health information
There are no restrictions on the use of deidentified health information provided
it neither identifies nor provides a reasonable basis to identify an individual
True/False: Research can occur with or without consent if an authorized entity approves it
True
Other reasons PHI can be shared without consent
reporting abuse or neglect, judicial
and administrative proceedings, to prevent or lessen a serious threat to health and safety, and for specialized
government functions
Health information portability and accountability act security rule requirements
Identify an individual responsible for implementation and oversight of Security Rule compliance
Conduct initial and ongoing risk assessments of potential risks and vulnerabilities of ePHI
Implement security awareness and training program for workforce
Health Information Portability and Accountability Act Privacy Rule requirements
Covered Entities must designate a privacy official who is responsible for the development and implementation
of privacy protections
Personnel must be trained
Complaint procedures must be in place
True/False: The privacy and security rules must be maintained by separate people
False
Breach definition under health information portability and accountability act
impermissible use or disclosure under the privacy rule that compromises the security or privacy of the protected health information
Who must breach notifications be sent to (if certain thresholds are met)
affected individuals
media
HHS secretary
HIPAA breach notification exceptions:
- The information was unintentionally acquired, accessed or used by a workforce member acting under the
authority of a covered entity or business associate and made in good faith and within the scope of
authority - The information was accidently disclosed between two authorized individuals
- It is believed that the unauthorized person who saw the information would not have been able to retain
it
What is the purpose of the genetic information nondiscrimination act?
Creates national limits on the use of genetic information in health insurance and employment
