HIPAA Flashcards
HIPAA Privacy rule, security rule, transaction and code sets rule
The Privacy Rule provides regulation for using and disclosing protected health information
Security rule describes security safeguards for electronic PHI
Transaction and code sets rule requires providers who transmit certain transactions electronically to use the same electronic format, code sets, and identifiers
HIPAA or State Law?
State law preempts a HIPAA regulation only when the state law is more stringent than HIPAA (whichever is the highest protection and/or provides client with greatest access and control over PHI
Who complies with HIPAA?
“Covered entities” or CEs
Health care providers, health plans, health care clearinghouse (billing, community health), therapists, any person or entity that provides, bills, or is paid for health care as a normal part of business
HIPAA - What is PHI
Protected Health Information, identifiable information, past, present or future physical and mental health condition, provision of healthcare, payment, identifying information
HIPAA “The privacy rule”
Trigger: When PHI is transmitted electronically
Client’s right to inspect and receive copies of health information
HIPAA - When can a provider deny access to PHI/Chart
a) Disclosure of PHI is reasonably likely to endanger the LIFE OR PHYSICAL SAFETY or the client or other person
b) Provider believes disclosure will cause substantial harm
c) Request made by personal representative and health care provider believes disclosure is likely to cause substantial harm to the client or other person
(Client does not have right to request a review of a denial if the information is exempt (PHI compiled for criminal, civil or administrative hearing), the covered entitiy is a correctional institution, information gathered as part of an ongoing research study and requester agreed to denial of access as part of consent, or the PHI was obtained from someone other than a health care provider under a promise of confidentiality.
HIPAA and Psychotherapy notes
Psychotherapy notes are used only by the psychologist and are not part of the documentation required to provide a client with healthcare treatment, to obtain payment, or conduct health care operations, under hIPAA clients do NOT have the right to review psychotherapy notes. Upon request, providers can provide a summary of notes if there is concern of physical harm to the client
HIPAA - Amendment
Clients have the right to request an amendment of their PHI if they believe it is incorrect. Provider may deny amendment if it is not created by the provider, the information is not part of the designated record set, the provider believes the information is accurate and complete, at which point the client must be providded with a timely, written explanation that describes the basis for the denial.
HIPAA - Request for account of disclosures
HIPAA gives clients the right to request an accounting of disclosures to third parties for a six year period
Authorization to disclosure PHI (HIPAA)
Providers are required to obtain signed written authorization in most circumstances. Authorization must include description of information
HIPAA - Notice of privacy practices (NPP)
HIPAA privacy rule requires psychologists to provide clients with a notice of privacy practices (NPP) on or before the onset of treatment, either written or via email, and must be posted in a prominent place in the psychologists office and their professional website, must make “good faith effort” to obtain written acknowledgement of receipt of notice. Clear language. Clients rights. Who the client can contact. Procedures for filing a complaint related to privacy issues.
HIPAA - Security and Transaction Rules
Security rule describes administrative, physical, and technical security standards for PHI or electronic PHI (EPHI).
HIPAA - Transaction and code sets rule
To achieve a higher equality of care and reduce administrative costs by streamlining the process of adminstrative and financial transactions
