HIPAA Flashcards
PHI
protected health information
info created or recieved by a covered entity, that contains pt identification such as name, address, phone number, zip code, email, etc
phi-protected health info
NPP
notice of privacy practices
the written document developed by your practice that describes how protected health info will be used and disclosed and how you will protect the privacy of ur patients and the info they give to you
notice of privacy practices
a health plan (insurance company), a healthcare clearinghouse (billing compnay) or a healthcare provider who transmits any health info in electronic format in connection w/ a transaction
covered entities
violation where phi has been accidentally or intentionally exposed
breach
a person or organization that contracts w/ our office to provide services, but is not an employee
business associate
the minimum amount of pt information you willl need to complete the work expected of you. otnly those persons authorized to see PHI should have access to it
minimum necessary
an agency w/in health and human services charged w/ monitoring, educating and public outreach in privacy compliance
office of civil rights
how you use informatoin that identifies a pt inside the medical office
use
the release, transfer, or divulging of pt information outise the medical office
disclosure
responsible for privacy issues, compliance training, resolving compliance complaints, and answering questions
privacy official
what is CMS
centers for mdicare and medicaid services formerly known as health care finanicng administration
does the hipaa privacy rule permit a covered entity or its collectoin agency to communicate w/ parties other than the pt regarding payment of a bill?
yes.
can an individual revoke his or her authorizatioN/
yes. the revocaktion must be in writing and is not effective until the covered entitity receives it
can health care providers to whom a pt is referred for the first time use PHI to set up appointmnets or schedule surgery or other procedures w/o the pts written consent
yes. the hipaa privacy rule doesn’t require covered entities to obtain an individuals consent priore to using or discloing PHI about him or her for treatmnet, payment, or health care operations
is a copy, facsimile, or electronically transmitted version of a signed authorization valid uner the privacy rule?
yes
what is the diff btwn consent and authorization
-privacy rule permits but doesn’t require a covered entity voluntarily to obtain pt consent for uses and disclosures of PHI. -authoization is required for uses and disclosures of PHI not otherwise allowed by the Rule. it is a detalied document that gives covered entities permission to use PHI for specified purposes other than treatment, payment, or health care operations or to give to a 3rd party.
what must be specified in an authorization
- description of the PHI to be used and disclosed 2. the person authorized to make the use or disclosure 3. the person to whom the covered entity may make the disclosure 4. an expiration date 5. in some cases, the purpose for which the info may be used or disclosed
