HIPAA Lesson 2 Flashcards
CE is an acronym for?
Covered Entity
Name the three types of CE.
- Healthcare Providers
- Health Plans
- Healthcare Clearinghouses
A _________ is any person or organization that diagnoses or treats a patient.
Healthcare Provider
A ________ is the covered entity that pays the cost of medical care.
Health Plan
A company that owns, administers, and maintains a health plan for fewer than _____ employees isn’t a CE.
50
An entity that translates nonstandard information into a standard format.
Healthcare Clearinghouses
List two other names used for clearinghouses.
- Value-added Networks
2. Switches - Works like a bus station.
What questions should be asked to figure out if an organization is a CE?
- Does the person, business, or agency furnish, bill for, or receive payment for healthcare in the normal course of business? If Yes, then go to the next question.
- Is it possible to transmit the information electronically? If Yes, go to the next question.
- Then the organization is a CE.
Name the six agreements and relationships available for healthcare entities.
- Affiliated Covered Entity (ACE)
- Business Associate Contract/Agreement (BAA)
- Chain of Trust Agreement
- Data Use Agreement
- Organized Healthcare Arrangement (OHCA)
- Trading Partner Agreement
What two forms of organization relationships does the Administrative Simplification allow to help reduce costs to organizations.
- ACE
2. OHCA
Legally separate entities that are under common ownership or control may designate themselves an __________.
Affiliated Covered Entity (ACE)
An ACE has two responsibilities.
- It must state that it will operate as an ACE.
2. It must comply with all HIPAA rqmts when it creates, receive, maintains, or transmits PHI.
Affiliated entities may have ___________in charge of HIPAA compliance.
One person or team
Multiple healthcare providers (like a hospital and a group of physicians) that typically provide healthcare to a common set of patients may designate themselves as a ____________.
Organized Healthcare Arrangement (OHCA)
In an OHCA, there’s a relationship between legally _______ organizations.
Separate
The difference between an OHCA and an ACE is that OHCA doesn’t have _________ owership.
Common
OHCA’s can disclose PHI among themselves as needed, and allows _________ of compliance activities.
Centralization and Sharing
Members of OHCA must _________ develop privacy policies, procedures, and practices.
Jointly
For a CE to be a ________ entity, one part of the organization must provide healthcare, pay for healthcare, or act as a healthcare clearinghouse, while the rest of the organization must not provide any of these services.
Hybrid
_______ are people or entities who aren’t employees of a CE, and perform certain activities on the CE’s behalf that use PHI.
Business Associates (BA)
One CE can be a ____________ of another CE.
BA
BA’s can use ____________ only to help providers and health plans carry out their healthcare functions.
PHI
Disclosures to BA’s must be the ____________ to perform the services required.
Minimum Necessary
List eight types of services that BA’s perform.
- Legal
- Actuarial
- Accounting
- Consulting
- Data Aggregation
- Management
- Administrative
- Accreditation
Entities that pass along or transport PHI, but usually don’t have access to it. They don’t require PHI to perform their work.
Conduits
Give examples of conduits.
USPS, FedEx, UPS, Internet Service Providers, AT&T, Comcast
_________ are firms that process consumer-related financial transactions and not a BA.
Financial Institutions
What are the clues that you could be a BA?
- You perform services on behalf of a CE (health plan, health provider, healthcare clearinghouse.
- You are not a member of the CE’s workforce.
- The services you proved involve the use of IIHI (PHI).
- You aren’t a bank.
- You aren’t a conduit, such as UPS/Internet Provider.
___________ perform clinical, medical, and health services and exchange electronic transactions with each other rather than going through a clearinghouse.
Trading Partners
An organization that performs financial transactions (billing, claims processing, or audits) for a covered entity.
BA
USPS is considered what type of organization.
Conduit
A provider, health plan, or clearinghouse
Covered Entity
A financial institution that performs collection activities for a covered entity.
Possible BA
A hospital billing company that sends claims directly to a health plan.
Trading Partner
An organization made up of legally separate entities that are under common ownership or control.
ACE
A clinical integrated care setting in which individuals typically receive care from more than one
OHCA
A business that conducts covered and non-covered activities.
Hybrid
Name the three Government HIPAA organizations
- HHS
- CMS
- OCR
HHS named six organizations to maintain the Administrative Simplification standards. They develop, maintain, and modify HIPAA transactions, code sets, and EDI standards.
Designated Standard Maintenance Organizations (DSMOs)
List the six DSMOs.
- The American National Standards Institute’s Accredited Standards Committee X12
- Health Level Seven (HL7)
- National Council for Prescription Drug Programs
- Dental Content Committee of the American Dental Association
- National Uniform Billing Committee
- National Uniform Claim Committee
This committee developed the transaction standards for EDI.
Accredited Standards Committee X12 (ASC)
Allows organizations to standardize systems and improve communication between systems. It cannot transmit images, graphics, or the special reports that sometimes accompany insurance claims.
Health Level Seven (HL7)
The ________ develops standards for prescription drug program. It works with pharmacy chains like CVS and Walgreens, pharmaceutical manufacturers, wholesale drug distributors, and pharmacy insurance plans.
National Council for Prescription Drug Programs (NCPDP)
This association sets the standards required for electronic transmission of transactions for dental treatment and diagnosing.
Dental Content Committee of the American Dental Association
This association sets the standards required for electronic transmission of transactions for billing transactions.
National Uniform Billing Committee
This association sets the standards required for electronic transmission of insurance claim transactions.
National Uniform Claims Committee
________ specializes in managing and distributing EDI information and produces documentation for organizations that develop, maintain, and implement EDI standards.
Washington Publishing Company
Congress established this committee to advise HHS on health data, statistics, and national health information policy.
National Committee on Vital and Health Statistics
______ is an advisory group to HHS. Its original mission was to address administrative costs in the nation’s healthcare system. It streamlines healthcare administration by standardizing electronic communication. It’s members solve some of the issues that prevent organizations from easily exchanging information. In addition, it publishes educational papers that help organizations understand how to comply with HIPAA.
Workgroup for Electronic Data Interchange (WEDI)
Can my organization be both a hybrid covered entity (HCE) and an affiliated covered entity (ACE)?
Yes. In fact, a hybrid covered entity can also be an organized healthcare arrangement (OHCA). Essentially, an HCE performs covered and non-covered HIPAA functions in the same building. The part of the HCE that performs HIPAA-covered functions (and therefore must comply with HIPAA) can be a simple covered entity, an ACE, or an OHCA.
In order for an organization to be a covered entity, it must send healthcare data electronically. What if a provider doesn’t perform transactions like charting and insurance billing electronically?
Before 2003, healthcare providers used paper charts, and they printed and mailed paper copies of insurance claims. Many of these providers considered themselves exempt from HIPAA.
Which type of covered entity receives data, standardizes that data, and sends it on to other organizations, such as health plans and government agencies?
Clearinghouse
What’s the name of the group of six organizations that the federal Department of Health and Human Services put in charge of developing HIPAA standards?
Designated Standard Maintenance Organizations (DSMO).
What’s the correct name for an organization that treats and diagnoses patients, submits electronic bills for healthcare services, and receives payment?
Covered entity (CE).
What is the Accredited Standards Committee X12’s role in HIPAA
That group developed the transaction standards that organizations use for electronic data interchange.
What’s the correct name for an organization that handles protected health information and performs services on behalf of a health plan, provider, or clearinghouse, but isn’t a member of that entity’s workforce?
Business associate (BA)
CMS
Centers for Medicare and Medicaid Services
OCR
Office for Civil Rights
ANSI
American National Standards Institute, 5010 Transaction standard
WPC
Washington Publishing Company
ACE
Affiliated Covered Entity
OHCA
Organized Healthcare Arrangement
BAC
Business Associate Contract
HHS
Department of Health and Human Services
DSMO
Designated Standard Maintenance Organizations
ASC
American Standards Committee
HL7
Health Level 7
NCPDP
National Council for Prescription Drug Programs
EDI
Electronic Data Interchange
WEDI
Workgroup for Electronic Data Interchange
HCE
Hybrid Covered Entity
TCS
Transactions and Code Sets
NCVHS
National Committee on Vital and Health Statistics
