HIPPA Flashcards
What is HIPAA?
Health Insuracne Portabillity and Accountability Act of 1996
What are the goals of HIPAA
protect health insurance coverage of people who change or loss of their jobs
make health insurance more affordable and accessible
give patients more control and access to their health information
protect individuals and their records in the era of electronic medical records
simplify administration of claims by using one format
combat fraud/abuse
Who needs to comply with HIPAA?
Healthcare providers, Health Plans
Business associations (claims processing, quality assurance, utilization review)
What are the major components of HIPAA?
privacy rule
security rule
breach notification rule
enforcement rule
national provider identification standard
transaction and code set standards
What is NPI
National provider identification
unique identifiers for providers, employers and insurance companies
What are Transaction and code set standards?
established a standard set of codes to be used for transactions
Streamline administration - improves efficiency and lowers costs
What is the privacy rule
sets strong national standards for the privacy of protected individual health information.
Who gets to know what about whom, when they get to know it and how: applies to all forms of PHI, oral, written and electronic
What is PHI
protected health information
anything that related to the individuals past, present or future physical or mental health or condition, provisions of health care to an individual including billing
any identifiers of the individual
What are patients rights?
to see and get a copy of their health records
to decide how PHI is used and shared
correct PHI
receive a notice of how PHI may be used and shared
What is excluded from the right to access
psychotherapy notes that are kept separate from the patients other records
What are the request procedures for HPI?
an individual or their personal representative can requires their health information at anytime, for any reason
Verify identity of requesting individual
cannot create a barrier to, or unreasonably delay an individuals access
what is timeliness and fees
access must be provided within 30 days
limited fees may be changed - labor for copying or creating summary/explanation
no free is allowed for seach and retrieval or other costs
What authorization for PHI must have
description of information that the covered entity will use or disclose
person who is authorized to use or disclose the information
the person to whom the covered entity may disclose the information
description of each purpose of the requested use or disclosure
expiration date and the patients signature and date
when can you disclose information without authorization
talk to other healthcare providers in order to take care of the patient
informal permission for family
public interest
under the privacy rule, when must you get authroization for
anything that is not for treatment, payment or operations, psychotherapy unless you are part of the treatment team and marketing
