HIPAA Privacy Training Flashcards
HIPAA HISTORY
- HIPAA - HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT, 1996
- PRIVACY RULE, 2003
- SECURITY RULE, 2005
- HITECH ACT (INTERIM RULE) 2009
- OMNIBUS RULE (FINAL RULE) 2013
WHAT AGENCY ENFORCES HIPAA?
the Office for Civil Rights (OCR)
HOW MANY PHI IDENTIFIERS ARE THERE?
18 Identifiers
The 18 identifiers that make health information PHI are:
Names Dates, except year Telephone numbers Geographic data FAX numbers Social Security numbers Email addresses Medical record numbers Account numbers Health plan beneficiary numbers Certificate/license numbers Vehicle identifiers and serial numbers including license plates Web URLs Device identifiers and serial numbers Internet protocol addresses Full face photos and comparable images Biometric identifiers (i.e. retinal scan, fingerprints) Any unique identifying number or code
MINIMUM NECESSARY REFERS TO HOW MANY PEOPLE ARE ALLOWED TO ACCESS A PARTICULAR PATIENT’S RECORD
TRUE
WHAT DOES TPO STAND FOR?
Treatment, Payment, Health Care Operations
TPO stands for Treatment, Payment, and Operations. It is used to describe some of the circumstances in which covered entities are allowed to disclose patient information without the need to obtain authorization from patients.
WE CAN RELEASE PHI FOR ANY SUBPOENA WE RECEIVE IF IT IS ORDERED BY A JUDGE?
If a valid federal grand jury subpoena or HIPAA subpoena is received, the HIPAA Privacy Rule permits the disclosure of PHI. HIPAA assumes the judge or magistrate issuing the subpoena has considered the privacy and confidentiality rights of an individual(s) prior to signing the subpoena.
WHAT IS INCLUDED IN THE “DESIGNATED RECORD SET”?
Designated record sets include medical records, billing records, payment and claims records, health plan enrollment records, case management records, as well as other records used, in whole or in part, by or for a covered entity to make decisions about individuals.
WHAT IS INCLUDED IN AN ACCOUNTING OF DISCLOSURES?
For each disclosure, the accounting must include:
(1) The date of the disclosure;
(2) the name (and address, if known) of the entity or person who received the protected health information;
(3) a brief description of the information disclosed; and
(4) a brief statement of the purpose of the disclosure (or a copy of the written request for the disclosure).
WHAT DOES HIPAA STAND FOR?
HIPAA- HEALTH
INSURANCE
PORTABILITY AND
ACCOUNTABILITY ACT
WHAT IS A COVERED ENTITY?
- HEALTH CARE PROVIDER SUCH AS DOCTORS, NURSING HOMES, CLINICS, AND PHARMACIES
- HEALTH PLAN SUCH AS HEALTH INSURANCE COMPANIES, HMOS, COMPANY HEALTH PLANS, GOVERNMENT
PROGRAMS THAT PAY FOR HEALTH CARE, SUCH AS MEDICARE MEDICAID, AND THE MILITARY AND VETERANS HEALTH
CARE PROGRAMS. - HEALTHCARE CLEARINGHOUSE.
WHAT IS A BUSINESS ASSOCIATE (BA)
A BUSINESS ASSOCIATE (BA) IS AN ENTITY OR PERSON, OTHER THAN STAFF MEMBER OF A COVERED ENTITY (CE), WHO PERFORMS ACTIVITIES, FUNCTIONS, OR PROVIDES CERTAIN SERVICES, WHICH INVOLVE ACCESS TO PHI OR ePHI FROM THE CE.
IN OTHER WORDS, A BUSINESS ASSOCIATE IS A BUSINESS PARTNER OF A CE THAT DOES THINGS FOR OR IN THE OPERATING ENVIRONMENT OF THE CE’S BUSINESS.
BUSINESS ASSOCIATES INCLUDE:
ANSWERING SERVICES ATTORNEYS AUTOMATIC PAYMENT SOFTWARE VENDORS BILLING COMPANIES BIOMEDICAL EQUIPMENT MAINTENANCE & REPAIR SERVICES CLEARINGHOUSES COLLECTION AGENCIES COPIER & EQUIPMENT VENDOR ELECTRONIC MEDICAL RECORDS SOFTWARE VENDORS INSURANCE VERIFICATION SOFTWARE VENDORS IT PROFESSIONALS OR CONSULTANTS PRACTICE MANAGEMENT SOFTWARE VENDOR RECORD STORAGE COMPANIES TRANSCRIPTION SERVICES X-RAY DESTRUCTION COMPANIES
WHY IS HIPAA IMPORTANT?
IT IS MANDATED BY THE FEDERAL GOVERNMENT THAT COVERED ENTITIES AND BUSINESS ASSOCIATES MUST COMPLY WITH HIPAA.
AS A WORK FORCE MEMBER, YOU HAVE A LEGAL AND ETHICAL RESPONSIBILITY TO SAFEGUARD THE PRIVACY OF ALL PATIENTS PROTECTED HEALTH INFORMATION.
IF ANY STAFF MEMBER DOES NOT COMPLY WITH HIPAA YOU CAN BE WRITTEN UP AND EVEN HAVE YOUR JOB TERMINATED BY YOUR EMPLOYER.
A PERSON OR COMPANY WHO DELIBERTELY RELEASES PHI CAN FACE CRIMINAL AND/OR CIVIL CHARGES. AS WELL AS, BOTH YOU AND YOUR EMPLOYER CAN BE FACED WITH EXCESSIVE FINES AND JAIL TIME UP TO 10 YEARS.
WHAT AM I PROTECTING?
PHI - PROTECTED HEALTH INFORMATION
18 IDENTIFIERS OF PHI MUST BE PROTECTED
WHICH IS INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION TRANSMITTED OR MAINTAINED IN ANY FORM OR MEDIUM (INCLUDING ORALLY, WRITTEN, OR ELECTRONIC FORM).
WHAT IS PHI?
PHI - PROTECTED HEALTH INFORMATION
IS ANY INFORMATION ABOUT HEALTH STATUS, WHETHER PAST PRESENT, OR FUTURE, PROVISION OF HEALTH CARE, OR PAYMENT FOR HEALTH CARE THAT CAN BE LINKED TO A SPECIFIC INDIVIDUAL.
EVEN THOUGH THE PERSON’S MEDICAL RECORD IS THE MOST OBVIOUS PLACE TO FIND PHI, PHI CAN ALSO BE FOUND ON INSURANCE CARDS, OFFICE BOARDS, TELEPHONE NOTES, DICTATION TAPES, FAX MACHINES, COPY MACHINES, DELIVERY TICKETS, AND OTHER PLACES, WHEN WORKING WITH HARD COPY PHI YOU SHOULD MAKE SURE TO KEEP IT FROM THE EYES OF OTHERS. THIS MEANS IF YOU HAVE A DOCUMENT, IT SHOULD BE PUT UPSIDE DOWN SO OTHERS CAN’T SEE IT.