Lec 10 - Student HIPAA Fraud

Question 1

What does HIPAA stand for?

Answer 1

Health Insurance Portability and Accountability Act of 1996

Question 2

HIPAA protects what?

Answer 2

Privacy and security of certain health information

Question 3

What is the privacy rule?

Answer 3

Establishes national standards for the protection of certain health information

Question 4

What is security rule?

Answer 4

Establish a national set of security standards for protecting certain health info that is held or transferred in electronic form

Question 5

HITECH Act, 2009 - what did this do?

Answer 5

Expanded rules to business associates

Question 6

Many health care providers are aware of the _________ _______ of HIPAA

Answer 6

Privacy requirements

Question 7

HIPAA also has significant impact on __________ of _______

Answer 7

Standardization of data

Question 8

Covered entities: A health care provider includes:

Answer 8

Doctors
Clinics
Psychologists
Dentists
Chiros
Nursing homes
Pharmacies
... but only if they transmit information in an electronic form in connection with a transaction for with HHS has adopted a standard

Question 9

Covered entities: What does a health plan include?

Answer 9

Health insurance companies
HMOs
Company health plans
Government programs that pay for health care, such as:
Medicare, Medicaid, and the military and veterans health care programs

Question 10

Covered entities: A Health Care Clearinghouse includes:

Answer 10

Entities that process NONSTANDARD health information they receive from another entity into a standard, or vice versa

Question 11

Business associates: A person or entities that performs certain functions or activities that involve the use of ______ of protected health information on behalf of, or provides services to, a ___________

Answer 11

Disclosure

Covered entity

Question 12

Business associates: Perform certain function of activities on behalf of the _________

Answer 12

Covered entity

Question 13

Covered entity workforce not ___________

Answer 13

Business associates

Question 14

Business associates: may include: (6)

Answer 14

1) claims processing
2) data analysis
3) quality assurance
4) certain patient safety activities
5) utilization review
6) billing

Question 15

Business associates: T/F: Can be
Legal
Actuarial
Accounting
Consulting
Data aggregation
Information technology management
Administrative
Accreditation
Financial services

Answer 15

True……

Question 16

Business associates: Some contractors that perform services for a ______ are not business associates because the services do not involve the use or disclosure of _____

Answer 16

CE

PHI

Question 17

What are three HIPAA Rules?

Answer 17

Privacy Rule
Security Rule
Breach Notification Rule

Question 18

The privacy rule is intended to…

Answer 18

Protect privacy of all individually identifiable health information

Question 19

Privacy Rule: Gives pts new rights to access their ___________, to request _______, and to learn how they have been _______.

Answer 19

Medical records
Changes
Accessed

Question 20

Privacy Rule: Restricts access by _____

Answer 20

OTHERS

Question 21

Privacy Rule: Restricts access to the ________ ______ for healthcare treatment and business operations

Answer 21

Minimum needed

Question 22

Privacy Rule: Provides that all patients are informed about ____ ______ _____/_______

Answer 22

Entity privacy practices/policies

Question 23

Privacy Rule: Enables pt decisions on ________ for disclosure of PHI beyond treatment/business operations

Answer 23

Authorization

Question 24

Privacy Rule: Protects most __________________ held or transmitted by a covered entity of business associate, in any form or media, whether electronic, paper, or oral

Answer 24

INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION

Question 25

What does PHI stand for?

Answer 25

Protected health information

Question 26

What is PHI?

Answer 26

Individually identifiable health information is information including demographic information

Question 27

PHI demographic information relates to: (3)

Answer 27

1) Pt’s past, present or future physical or mental health condition
2) The provision of health care to the individual
3) The past, present, or future PAYMENT of health care to individual

Question 28

What does individually identifiable health information do?

Answer 28

IDs the individual or there is a reasonable basis to believe it can be used to ID the individual

Question 29

When PT authorizations not required for disclosure of PHI: (5)

Answer 29

1. Info sharing needed for Tx
2. Disclosures to family, friends, and others involved in the care of the individual as well as for notification purposes
3. Info needed to ensure public health and safety
4. Info need to prevent or lessen imminent danger
5. Disclosures in facility directories

Question 30

HIPAA Privacy Rule Notices: An adequate privacy note must include all of the following (6)

Answer 30

1. Required heading
2. Statement of use and disclosures
3. Statement of individual rights
4. Statement of covered entity’s duties
5. Explanation of how to complain
6. Required contact info

Question 31

What is the security rule?

Answer 31

Establishes national standard to protect individuals’ ELECTRONIC personal health information that is created, received, used or maintained by covered entity.

Question 32

The security rule requires appropriate _____, ______ and _______ safeguards to ensure the ______, ______, and _________ of electronic PHI

Answer 32

Administrative
Physical
Technical

Confidentiality
Integrity
Security

Question 33

The security rule defines confidentiality to mean that _______ is not available to disclosed to unauthorized persons

Answer 33

E-PHI

Question 34

The security rule requires covered entities to maintain responsible and appropriate _____, ______, and ______ safeguards for protecting e-PHI

Answer 34

Administrative
Technical
Physical

Question 35

In security general rules, covered entities must:

Ensure the confidentiality, integrity, and availability of all e-PHI they _____, _____, _____, or ______

Answer 35

Create
Receive
Maintain
Transmit

Question 36

In security general rules, covered entities must: ID and protect against reasonably anticipated ______ to the security or integrity of the info

Answer 36

Threats

Question 37

In security general rules, covered entities must: Protect against reasonably anticipated, ___________ uses or disclosures

Answer 37

Impermissible

Question 38

In security general rules, covered entities must: Ensure _______ by their workforce

Answer 38

COMPLIANCE

Question 39

What is the breach notification rule?

Answer 39

Requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health info

Question 40

Definition of breach:

Answer 40

An impermissible use or disclosure under the privacy rule that compromises the security of privacy of the PHI

Question 41

HIPAA considerations for PT practice: (5)

Answer 41

Patient identification
Eval procedures
Sign in and out processes
Physical layout of facility
Computer security

Question 42

What are the penalties for violating HIPAA:

Breaking HIPAA’s privacy or security rules can mean either a _____ or ______ sanction

Answer 42

Civil

Criminal

Question 43

What are the penalties for violating HIPAA: What are civil penalties?

Answer 43

Usually fines

Question 44

What are the penalties for violating HIPAA: Civil penalties are usually the result of _________, not necessarily resulting in personal gain

Answer 44

Inadvertent violations

Question 45

What are the penalties for violating HIPAA: What are criminal sanctions?

Answer 45

Involve monetary penalties and jail time

Question 46

Intent and fine: Did not know or could not have known ?

Answer 46

100- 50,000

Question 47

Intent and fine: Reasonable cause and not willful neglect?

Answer 47

1,000-50,000

Question 48

Intent and fine: Willful neglect, but corrected within 30 days

Answer 48

10,000-50,000

Question 49

Willful neglect and not corrected within 30 days

Answer 49

50,000