HIPAA Flashcards
HIPAA
FEDERAL LAW
PRIVACY RULE OF THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996
INTRODUCED 2003
DISCLOSURE
REVELATION OR DIVULGENCE OF INFO
HEALTH INFORMATION
ANY INFO IN ANY FORM OR MEDIUM CREATED OR RECEIVED BY A HCP, PLAN, PUBLIC AUTHORITY, EMPLOYER, INSURER, SCHOOL, OR CLEARINGHOUSE THAT RELATES TO ANY TIME… PHYSICAL, MENTAL CONDITION, PROVISION OF HEALTH CARE , OR PAYMENT FOR THE PROVISION OF HC
PROTECTED HEALTH INFO
INDIVIDUALLY IDENTIFIABLE HEALTH INFO TRANSMITTED BY, MAINTAINED IN ANY ELECTRONIC OR OTHER MEDIUM. EXCLUDES INFO IN EDUCATION RECORD, EMPLOYMENT RECORD HELD BY A COVERED ENTITY, AND REGARDING SOMEONE DECEASED MORE THAN 50 YEARS
PRIVACY RULE
INTRODUCED TO PROMOTE USE OF STANDARD METHODS OF MAINTAINING PRIVACY OF PHI AMONG HC AGENCIES
COVERED ENTITY
HEALTH PLAN
HEALTH CARE CLEARINGHOUSE
HEALTH CARE PROVIDER
THAT TRANSMITS PHI IN ELECTRONIC FORM
IF BREACH OF INFO OCCURS OR IS SUSPECTED, THE ENTITY MUST
COMPLETE A BREACH NOTIFICATION FORM THAT IS DIRECTED TO THE SECRETARY OF THE DEPT OF HHS
INDIVIDUALLY IDENTIFIABLE HEALTH INFO
DEMOGRAPHIC INFO CREATED OR RECEIVED BY A COVERED ENTITY THAT IDENTIFIES AN INDIVIDUAL OR OFFERS REASONABLE BASIS FOR ID AND RELATES TO ANY TIME INCLUDING FUTURE PHYSICAL OR MENTAL HEALTH CONDITION, PROVISION OF HEALTH CARE, OR PAYMENT OF HEALTHCARE
PRIVACY RULE COVERS WHAT INFO
MEDICAL RECORDS AND OTHER INDIVIDUALLY IDENTIFIABLE HEALTH INFO
HOW DO PSYCHOTHERAPY NOTES DIFFER FROM OTHER HEALTH RECORDS
HELD TO HIGHER STANDARD OF PROTECTION
NOT PART OF MEDICAL RECORD
NEVER INTENDED TO BE SHARED WITH ANYONE ELSE
HIPAA ENABLES CLIENTS TO FIND OUT WHAT
HOW THEIR INFO MAY BE USED AND HOW IT HAS BEEN DISCLOSED
PROVIDERS AND HEALTH PLANS ARE REQUIRED TO GIVE CLIENTS WHAT
NOTICE OF PRIVACY PRACTICES
PROVIDERS AND HEALTH PLANS GENERALLY CANNOT CONDITION Tx BASED ON WHAT
A CLIENT’S AGREEMENT TO DISCLOSE HEALTH INFO FOR NONROUTINE USES
WHEN CAN CLIENT INFO BE SHARED
FOR THE PURPOSE OF Tx, PAYMENT, AND OPERATIONS (PTO)
WRITTEN AUTHORIZATION
DETAILED DOCUMENT, SIGNED BY A PATIENT, THAT GIVES A COVERED ENTITY PERMISSION TO USE/DISCLOSE PHI FOR A SPECIFIC PURPOSE NOT ALLOWED UNDER HIPAA OR DISCLOSE TO A THIRD PARTY
CLIENTS MUST BE ABLE TO WHAT
EXAMINE, OBTAIN A COPY, REQUEST CORRECTIONS TO THEIR HEALTH CARE RECORDS
WHAT DOES THE PRIVACY RULE INCLUDE
STANDARDS FOR THE USE AND DISCLOSURE OF PHI BY COVERED ENTITIES
USES/DISCLOSURES NOT REQUIRING AUTHORIZATION FROM THE INDIVIDUAL
PUBLIC HEALTH PURPOSES
COMPLIANCE OVERSIGHT
REASONABLE CONCERN FOR ABUSE, NEGLECT, DOMESTIC VIOLENCE
WHAT LAWS MUST PROVIDERS FOLLOW
STATE, FEDERAL OR OTHER LAWS THAT ARE MORE RESTRICTIVE THAN HIPAA
HIPAA IS THE MINIMUM
WHEN CAN PHI BE DISCLOSED TO COURTS
WHEN COURT ORDER HAS BEEN ISSUED IN ACCORDANCE WITH PROCEDURES SPECIFIED BY FEDERAL REGULATIONS. COURT MUST FIND GOOD CAUSE AND MUST BE LIMITED TO ESSENTIAL INFO FOR COURT PURPOSE
IF AN AGENCY RECEIVES A REQUEST FOR PHI THAT IS NOT PERMITTED WHAT MUST THEY DO
REFUSE TO MAKE DISCLOSURE AND DO IT IN A MANNER THAT DOES NOT REVEAL THAT THE INDIVIDUAL HAS EVER BEEN DIAGNOSED OR TREATMENT
WHEN CAN PHI BE DISCLOSED
- CLIENT COMMITED OR THREATENED TO COMMIT A CRIME ON PREMISES OR AGAINST PERSONELL
- RESEARCH PURPOSES
- GOVERNMENT AGENCY FUNDS OR REGULATES AND REQUESTS ACCESS- AUDITOR MUST AGREE IN WRITING TO PROTECT INFO
- REPORTING ABUSE/NEGLECT
DISCLOSURE PERMITTED WITHOUT AUTHORIZATION TO OVERSIGHT AGENCIES. MUST BE FOR WHAT PURPOSES
- OVERSIGHT OF HEALTHCARE IE LICENSURE
- GVMT BENEFIT PROGRAMS
- GVMT REGULATORY PROGRAMS
- CIVIL RIGHTS LAWS
OTHER SITUATIONS THAT MAY ALLOW DISCLOSURE OF PHI
JUDICIAL/ADMINISTRATIVE PROCEEDINGS
LAW ENFORCEMENT PURPOSES
AVERT SERIOUS THREAT TO HEALTH OR SAFETY
SPECIALIZED GVMT FUNCTIONS
CORRECTIONAL INSTITUTIONS
WORKERS COMP
CADAVERIC ORGAN, EYE, TISSUE DONATION
RELEASING PHI FOR RESEARCH
MAY USE LIMITED DATA SETS, INFORMED CONSENT
LIMITED DATA SET
PHI THAT EXCLUDES DIRECT IDENTIFIERS OF THE INDIVIDUAL OR OF RELATIVES, EMPLOYERS, HOUSEHOLD MEMBERS
INFORMED CONSENT
VOLUNTARY AUTHORIZATION WHO HAS BEEN ADVISED AND UNDERSTANDS RISKS, IS FREE OF COERCION, FOR PARTICIPATION IN A STUDY, IMMUNIZATION PROGRAM, Tx REGIMEN, OR INVASIVE PROCEDURE
ELECTRONIC DATA INTERCHANGE
TRANSFER OF ROUTINE INFO OR TRANSACTIONS FROM ONE COMPUTER TO ANOTHER IN A STANDARD FORMAT USING STANDARD COMMUNICATION PROTOCOLS
MEDICARE DIAGNOSIS RELATED GROUP (DRG) PROSPECTIVE PAYMENT SYSTEM
PAYS HOSPITALS A PREDETERMINED AMOUNT BASED ON CONDITIONS AND EXPECTED RESOURCE USE. THE COMPENSATION IS A FIXED AMOUNT
COVERED ENTITIES MUST ESTABLISH ADMIN SAFEGUARDS RELATED TO CODING AND BILLING INCLUDING
- CHAIN OF TRUST AGREEMENTS WITH THIRD PARTY VENDORS
- DOCUMENTED POLICIES/PROCEDURES FOR ALL ASPECTS OF PHI
- CONTINGENCY PLANS
- INTERNAL AUDITING
- PERSONNEL SECURITY
- RISK MANAGEMENT ANALYSES AND POLICIES
- TERMINATION PROCEDURES
- TRAINING IN HANDLING OF PHI
HOW IS ENFORCEMENT OF HIPAA DRIVEN
BY COMPLAINTS
WHO INVESTIGATES COMPLAINTS AND ENSURES CONSUMERS RECEIVE THEIR RIGHTS AND PROTECTIONS
OCR
PRIVACY OFFICER
FACILITY EMPLOYEE APPOINTED TO DEVELOP, IMPLEMENT, AND MAINTAIN PRIVACY POLICIES. ENSURES COMPLIANCE WITH HIPAA PRIVACY RULE
WHAT IS HIPAA ALSO KNOWN AS
KENNEDY KASSEBAUM ACT
5 RULES OF HIPAA
- TRANSACTIONS AND CODE SETS RULE
- UNIQUE IDENTIFIERS RULE
- SECURITY RULE
- PRIVACY RULE
- ENFORCEMENT RULE
