HIPAA Flashcards
What does HIPAA stand for?
The Health Insurance Portability and Accountability Act of 1996.
What is the purpose of HIPAA?
National standards for the protection of individually identifiable health information by three types of covered entities: health plans, health care clearinghouses, and health care providers who conduct the standard health care transactions electronically.
National standards for electronic health care transactions and code sets, unique health identifiers, and security.
What are the HIPAA Administrative Simplification provisions?
Ensure consistent electronic communication across the U.S. health care system by mandating use of standard transactions, code sets and identifiers.
Operating rules has further improved the efficiency of data exchange. (Source: AMA)
What is a HIPAA Authorization?
A HIPAA authorization is a form that must be completed by a patient or a health plan member when a Covered Entity wishes to use or disclose PHI for a purpose not permitted by the Privacy Rule.
Without HIPAA authorization, such use or disclosure of PHI would violate HIPAA Rules and is considered a serious violation of HIPAA compliance.
What is the HIPAA Privacy Rule?
Effective since April 14, 2003, the Privacy Rule sets national standards for the protection of individually identifiable health information by three types of covered entities: health plans, health care clearinghouses, and health care providers
(hhs.gov)
The Privacy Rule, a Federal law, gives you rights over your health information and sets rules and limits on who can look at and receive your health information. The Privacy Rule applies to all forms of individuals’ protected health information, whether electronic, written, or oral.
(hhs.gov)
The HIPAA Privacy Rule permits the sharing of health information by healthcare providers, health plans, healthcare clearinghouses, business associates of HIPAA-covered entities, and other entities covered by HIPAA Rules under certain circumstances.
In general terms, permitted uses and disclosures are for treatment, payment, or health care operations, and reporting issues such as domestic abuse to public health agencies.
What is the HIPAA Omnibus Rule?
Includes responsibilities imposed on covered entities, business associates and subcontractors. (Source: compliancy-group.com)
Includes regulations that will:
- Manage use of patient info in marketing
- Require healthcare providers to report data breaches that are deemed not harmful
- Require business associates and subcontractors are liable for their own breaches and requires BAs to comply with HIPAA
- Require that HIPAA privacy and security requirements are employed by BAs and subcontractors
Regulates the allowable use and disclosure of PHI, and under what circumstances PHI can be shared.
The HIPAA Privacy Rule
What is the Security Rule?
The Security Rule is a Federal law that requires security for health information in electronic form. (hhs.gov)
What is the Minimum Necessary rule?
The HIPAA Privacy Rule requires a covered entity to make reasonable efforts to limit use, disclosure of, and requests for protected health information to the minimum necessary to accomplish the intended purpose and without sacrificing the quality of health care.