HIPAA (Chapter 5)

Question 1

What does HIPAA stand for?

Answer 1

Health Insurance Portability and Accountability Act of 1996

Question 2

What is the intent of HIPAA?

Answer 2

Reduce administrative costs of health care.

Question 3

HIPAA is commonly associated with?

Answer 3

Privacy and Security rules.

Question 4

What laws does HIPAA legislation encompass?

Answer 4

Availability, portability and renewability of health insurance.
Changes to fraud and abuse.
Tax.
Data and payment transmissions.
Application and enforcement of group health plan regulations.

Question 5

What is the Administrative Simplification Section of Title II

Answer 5

Development of standardized transaction standards for content and transmission of data.
NPI for all providers.
Privacy and Security rules to protect data.

Question 6

When did the privacy rule from the DHSS become effective?

Answer 6

April 15, 2003

Question 7

When did the security rule from the DHSS become effective?

Answer 7

April 20, 2005

Question 8

Privacy Rule essentials?

Answer 8

Individual patient controls.
Standard for access, use and disclosure of health information by providers/plans/clearing houses.

Question 9

Can state laws, when more strict, pre-empt HIPAA national/federal laws.

Answer 9

Yes.

Question 10

What does HITECH stand for?

Answer 10

Health Information Technology for Economical and Clinical Health.

Question 11

What was HITECH for?

Answer 11

Standardization of Electronic Health Records

Question 12

What rules does HITECH include?

Answer 12

Notification of breaches of unsecured information.
Increases potential civil monetary penalties for violations.
Strengthened privacy rules.

Question 13

What is the “Omnibus Rule”?

Answer 13

The final rule in 2013 that implemented statutory amendments under HITECH.

Question 14

What does HIPAA govern?

Answer 14

Use and disclosure of protected health information (PHI).

Question 15

Who must comply with HIPAA regulations?

Answer 15

Covered entities directly and their business associates indirectly

Question 16

What is a Covered Entity?

Answer 16

Health care providers that transmit any health information in electronic form, a health plan with more than 50 participants, and a clearinghouse that received, processes, and transmits health information for the purpose of payment.

Question 17

What is Protected Health Information (PHI)?

Answer 17

Individually identifiable health information that is created, collected or stored by a covered entity and maintained in electronic or any other form .

Question 18

What is the HIPAA Privacy General Rule?

Answer 18

A covered entity may not use or disclose PHI except as permitted or required.

Question 19

What are the Individual Rights under the Privacy Rule regarding their PHI

Answer 19

Access and obtain all records included in the designated record set;
Amend PHI
Obtain accounting/list of disclosures;
Receive a Notice of Privacy Practices;
Communications conducted in a confidential manner;
Restrict disclosure on certain uses and disclosure;
Right to file a complaint with OCR.

Question 20

What 3 elements are required for information to be considered PHI?

Answer 20

Information that describes past, present, or future health, condition, care treatment, of an individual, or payment for such care or treatment.
Reasonably identify individual.
Maintained in electronic or any other form.

Question 21

What is De-Identified information

Answer 21

Information that does not contain any of the 18 specific identifying characteristics that reasonably identify a person.

Question 22

Is the Covered Entity bound by the content in the Notice of Privacy

Answer 22

Yes - even if information in the notice is more restrictive than the regulation.

Question 23

If an initial encounter (episode of care) was by phone, how long does an entity have to mail the notice to the individual?

Answer 23

24 hours.
Scheduling an appointment is NOT considered an episode of care.