HIPAA

Question 1

What does Abyde do?

Answer 1

Technology company of HIPAA experts with HIPAA education and solutions

Question 2

What does HIPAA stand for?

Answer 2

Health insurance portability and accountability act

Question 3

When was HIPAA established?

Answer 3

1996

Question 4

What is the purpose of HIPAA?

Answer 4

US Law designed to provide privacy standards to protect medical records and other health information provided by health plans, doctors, hospitals, and other health care providers

Question 5

When were Medicare/Medicaid programs created?

Answer 5

1965

Question 6

When was the Health Care Financing Administration created?

Answer 6

1977

Question 7

When was the Department of Health and Human Services born?

Answer 7

1980

Question 8

Which president signed HIPAA into law?

Answer 8

Bill Clinton 1996

Question 9

What is the order of the HIPPA rules?

Answer 9

2003 privacy rule, 2005 security rule, 2006 breach enforcement rule, 2013 omnibus rule

Question 10

What percent of covered entities are HIPAA compliant according to OCR audits?

Answer 10

6%

Question 11

What is the office for civil rights?

Answer 11

OCR issues guidance documents, records HIPAA complaints, collects fines and focuses on patient right of access and enforcement

Question 12

What is the definition of HIPAA compliant?

Answer 12

Documented proof that there is a culture of compliance within your organization

Question 13

What is the first step in an organization’s security rule compliance efforts?

Answer 13

Risk analysis— documented

Question 14

What are the two phases to compliance?

Answer 14

Security rule and privacy rule

Question 15

What goes into the privacy rule?

Answer 15

Risk mitigation, HIPAA training, policies and procedures, patient consent forms, HIPAA manual, business associate agreements, and updated risk analysis

Question 16

How often is HIPAA training conducted?

Answer 16

Minimum once per year, quiz required

Question 17

What are the first two HIPAA penalties and fees for compliant entities?

Answer 17

Tier 1 Complaint- violation could not have been reasonably avoided min. $100 and Tier 2 Compliant- violation should have been corrected min. $1000

Question 18

What are the HIPAA penalties and fees for the non compliant tiers?

Answer 18

Tier 3 Not Compliant- made attempt to correct violation min. $10,000 and Tier 4 Not Compliant- no attempt made to correct violation min. $50,000

Question 19

What is the tier 1 penalty for criminal action?

Answer 19

Tier 1- 1 year max jail time- reasonable cause or no knowledge of violation

Question 20

What is the tier 2 penalty for criminal action?

Answer 20

Tier 2- 5 years max jail time- obtained PHI under false pretenses

Question 21

What is the tier 3 penalties for criminal action?

Answer 21

Tier 3- 10 years max jail time- obtaining PHI for personal gain or with malicious intent

Question 22

What were the the takeaways from the fine examples?

Answer 22

Have policies in place for off boarding employees and know who has access to PHI and how—have a canned response for online reviews and have policies that address social media and disclosures

Question 23

Who can receive public health information during a public health emergency?

Answer 23

A public health authority figure, individuals at risk, and disaster relief organizations

Question 24

What are telehealth and cybersecurity options are HIPAA compliant?

Answer 24

Updox, Zoom for healthcare, skype for business, google G suite hangouts meet

Question 25

What is the application of HIPAA with students?

Answer 25

1) sharing among fellow students 2) you are already liable 3) PHI in a lecture setting still protected 4) professional communications should have minimum info necessary and encryption for sharing