HIPAA Flashcards
TPO
treatment
payment
health care operations
it is an exception to when authorization is required to disclose information
Consent vs authorization
Consent = treatment only
- must have consent for treatment before treating
- emergency= implied if comm not capable
vs. authorization:
admin requirements
establish system for receiving and responding to complaints
??
business associate
provide service on behalf of a private entity
clearing house= insurance complaint
must be hipaa compliant
penalties
employer determines penalty
- civil vs criminal (civil is less violation)
what did HITECH require
Requiring covered entities to notify patients and HHS (Health and Human Services) of security breaches = failure is willful neglect
Extending privacy and security rules and penalties to business associates
Expanding the requirements for business associate contracts
Broadening individual patient rights concerning their health information
Restricting some permissible uses and disclosures of health information
if breach of unsecured health care info / privacy they must notify
HHS
Pts
news media
____ % of violations of hipaa are due to EMR
65%
who is responsible for hipaa violation
the person who made the violation
are you personally liable for penalties if you inappropriatley give info out
yes
our audits being done for hipaa violations vs just patient complaint
yes
do patients get a portion of the profit from violations
yes
are red flag rules still in play
no, but identity theft still prevented regarding patients account
Red flag rules
anti fraud rules
stronger protection for privacy and security
pic id for EMR
can you release info to phi risk person??
yes
