HIPAA (Chapter 5) Flashcards
What does HIPAA stand for?
Health Insurance Portability and Accountability Act of 1996
What is the intent of HIPAA?
Reduce administrative costs of health care.
HIPAA is commonly associated with?
Privacy and Security rules.
What laws does HIPAA legislation encompass?
Availability, portability and renewability of health insurance.
Changes to fraud and abuse.
Tax.
Data and payment transmissions.
Application and enforcement of group health plan regulations.
What is the Administrative Simplification Section of Title II
Development of standardized transaction standards for content and transmission of data.
NPI for all providers.
Privacy and Security rules to protect data.
When did the privacy rule from the DHSS become effective?
April 15, 2003
When did the security rule from the DHSS become effective?
April 20, 2005
Privacy Rule essentials?
Individual patient controls.
Standard for access, use and disclosure of health information by providers/plans/clearing houses.
Can state laws, when more strict, pre-empt HIPAA national/federal laws.
Yes.
What does HITECH stand for?
Health Information Technology for Economical and Clinical Health.
What was HITECH for?
Standardization of Electronic Health Records
What rules does HITECH include?
Notification of breaches of unsecured information.
Increases potential civil monetary penalties for violations.
Strengthened privacy rules.
What is the “Omnibus Rule”?
The final rule in 2013 that implemented statutory amendments under HITECH.
What does HIPAA govern?
Use and disclosure of protected health information (PHI).
Who must comply with HIPAA regulations?
Covered entities directly and their business associates indirectly
What is a Covered Entity?
Health care providers that transmit any health information in electronic form, a health plan with more than 50 participants, and a clearinghouse that received, processes, and transmits health information for the purpose of payment.
What is Protected Health Information (PHI)?
Individually identifiable health information that is created, collected or stored by a covered entity and maintained in electronic or any other form .
What is the HIPAA Privacy General Rule?
A covered entity may not use or disclose PHI except as permitted or required.
What are the Individual Rights under the Privacy Rule regarding their PHI
Access and obtain all records included in the designated record set;
Amend PHI
Obtain accounting/list of disclosures;
Receive a Notice of Privacy Practices;
Communications conducted in a confidential manner;
Restrict disclosure on certain uses and disclosure;
Right to file a complaint with OCR.
What 3 elements are required for information to be considered PHI?
Information that describes past, present, or future health, condition, care treatment, of an individual, or payment for such care or treatment.
Reasonably identify individual.
Maintained in electronic or any other form.
What is De-Identified information
Information that does not contain any of the 18 specific identifying characteristics that reasonably identify a person.
Is the Covered Entity bound by the content in the Notice of Privacy
Yes - even if information in the notice is more restrictive than the regulation.
If an initial encounter (episode of care) was by phone, how long does an entity have to mail the notice to the individual?
24 hours.
Scheduling an appointment is NOT considered an episode of care.