HIPPA

Question 1

What does HIPPA do?

Answer 1

improves efficiency and effectiveness of health care system by standardizing the electronic exchange of administrative and finanacial data
mandates specific protections for individually identifiable health information

Question 2

goals of HIPPA

Answer 2

guarentee ongoing health insurance coverage for workers who change jobs
portability of pre-existing condition exemptions between employer group health plans
preventing fraud and abuse in health care
protect patient health information
standardize electronic transactions in healthcare/stimplify administrative reporting

Question 3

covered entity

Answer 3

all health care plans
all healthcare clearinghousers (billing services)
healthcare provider who transmits any health information in electronic form in connection with a standard transaction

Question 4

why is HIPPA needed?

Answer 4

to protect sensitive data from being lost, destroyed or misused

Question 5

why is HIPPA important?

Answer 5

public trust
morally and ethically the right thing
good for business
prevents law suits
avoids financial penalties and possible imprisonment

Question 6

privacy

Answer 6

rights of an individual to limit the use and disclosure of all protected health information

Question 7

security

Answer 7

obligations of covered entities to safeguard protected health information from improper use of disclosure, especially electronically transmitted or stored information

Question 8

disclosure

Answer 8

release, transfer, provision of access to or divulging of information outside the entitiy holding the information

Question 9

use

Answer 9

sharing, employment, application, utilization, examination or analysis of individually identifiable information within an entitiy

Question 10

workforce

Answer 10

empolyees, volunteers, trainees and other persons whose conduct,, in the performance work, is under the direct control of such entity

Question 11

business associate

Answer 11

a person or entity that performs a function that requires the creation, use or disclosure of PHI on behalf of a CE but is not considered partof a workforce

Question 12

facility

Answer 12

the physical premises and the interior and exterior of a building

Question 13

security incident

Answer 13

attempted or successful unauthorized access, use, disclosure, modification or destruction of information or interference with system operations in an information system

Question 14

workstation

Answer 14

and eletronic computing device, that performs similar functions and electronic media stored in its immediate environment

Question 15

malicious software

Answer 15

software designed to damage or disrupt a system

Question 16

PHI

Answer 16

any information, including demographic information, collected from an individual that is

1. created or received by a healthcare provider, health plan, employeer or healthcare clearinghouse
2. relates to the past present or future physical or mental health or condition of a individual; provision of health-care to an individual, or to the past present or future payment for the provision of healthcare to an individual
3. identifes the individual
4. there si reasonable basis to believe that the information can be used to identify the individual

Question 17

examples of individually identifiable information (PHI)

Answer 17

name
address
empolyer
names of relatives
date of birth
phone/fax numbers
photos
cose or characteristics (occupation)
email address
SSN
medical record number
account number
certificate/liscence number
voice/fingerprints

Question 18

what is NOT considered PHI?

Answer 18

employment records of CE

FERPA

Question 19

privacy standards

Answer 19

require health care plans and providers to maintain administrative and physical safeguards to protect condifenciality of healht information and to protect against unarthorized access to that information

Question 20

when does minimum necessary apply?

Answer 20

when using or disclosing protected health infomration or when requesting protected health information from another covered entity, a CE must make reasonable efforts to limit protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or requrest

Question 21

when does minmum necessary apply?

Answer 21

anyone requesting PHI has a specific reason fofr which the PHI is needed
disclosure should be limited to that PHI needed for the specific purpose
use should be limited to the minimum necessary to perform your job

Question 22

when is minimum necessary not applied?

Answer 22

when the PHI is for diagnosis or treatment purposes

Question 23

what are patient rights for HIPPA?

Answer 23

1. to request an accounting of health information disclosures
2. request an amendment to health information
3. to inspect and copy health information
4. to receive confidential communications about tealth information
5. to request restrictions on disclosures
6. to complain to the CE and to DHHS

Question 24

if a patient requests their PHI, when must you get it to them?

Answer 24

within 30 days of patient’s request

Question 25

what must you provide under HIPPA patient rights?

Answer 25

provide a printed policy of how PHI is used and protected

must have a history of PHI disclosures for purposes other than treatment, payment or health care operations

Question 26

business associate aggreemtns include

Answer 26

1. billing or claims processing
2. medical transcritpions
3. utilization reivew
4. software vendors
5. offsite storage or document destruction

Question 27

security standards as said by HIPPA

Answer 27

development and implementation of technical safeguards including firewall systems, virus detection, data backup systems, and updated software and hardware technology

Question 28

administrative safeguards

Answer 28

1. security management process
2. assign security responsibility
3. workforce security
4. information acdess managment
5. security awarness and training
6. security incidence procedures
7. contingency planning
8. evaluation
9. business associate contracts

Question 29

physical security considerations

Answer 29

1. computers
2. patient records
3. conversations/discussion of patient’s health appointments
4. appointment book/scheduling system
5. secure rooms and files
6. FAX machines
7. contingency operations
8. facility security plan9. access controls and validation procedures
9. maitenance records
10. workshation use and security

Question 30

technical safeguards

Answer 30

1. access control
2. audit conrols
3. integrity
4. person or entity authentication
5. transmission secturity

Question 31

basics of a secure information system

Answer 31

1. access control
2. virus control
3. using approved hardware and software
4. backup procedureas

Question 32

access control

Answer 32

controlling access to information only to those who are authorized
role based access or user based access methods used to assist in ensuring minimum necessary
passwords are sued to control access and provides authentication of the user and to audit (knowing whether or not tunauthorized access attempts have occured

Question 33

how to keep your passowrd safe

Answer 33

1. keep it secret
2. commit it to memory
3. change it regularly
4. select passwords that are not easily guessed
5. never leave your system when you are logged on
6. never share your password

Question 34

viruses

Answer 34

1. can spread easily to other copmuters and systems, or to any entity that you share information electronically
2. viruses may corrupt and damage date
3. viruses may damage your operating system rendering your sytems inoperable
4. viruses may cause your printer, scanner and browser to malfunction
   6 .viruses may cause daa to be ranodmly sent contacts in your address book

Question 35

ways to avoid viruses

Answer 35

1. scan all incoming data for viruses
2. scann all outgoing data for viruses
3. ensure the virus scanning software is updated with the latest virus signatures
4. never install unauthrozied software
5. stop and report suspected viruses immediately
6. don’t attempt to fix a virus on your own

Question 36

what should your last resort be for HIPPA related ifnormation?

Answer 36

get a backup
make sure it is in a safe place
make multiple backups
make frequent backups

Question 37

how is PHI transmitted?

Answer 37

signt
face to face interactions
fax
email
phone
mail

Question 38

how do you minimize visual misuse of PHI?

Answer 38

1. clean desk
2. placing patient charts with name faced inward
3. turning minitors away from general public
4. restricting access to areas where PPHI is openly displayed
5. shredding documents before putting them in the trash
6. conduct conversations in areas apart from others
7. speak in a low clear voice
8. if referencing a document, dont’ show document to antoehr if there is finformation that the other shuld not have
9. take a survey of documents before ending conversation to make sure nothing is left behind
   etc. .

Question 39

penalties for non-compliance

Answer 39

$100 fine per day for each unmet standard
$50,000 fine + one year in prison for knowingly disclosing health info for improper use
$100,000 fine + 5 years in proson for obtaining health information
udner flase pretenses
$250,000+
10 years in proson for usign health information
to sell, transfer or use for commerical
advantage, personal gain or malicious harm