Lec 10 - Student HIPAA Fraud Flashcards

1
Q

What does HIPAA stand for?

A

Health Insurance Portability and Accountability Act of 1996

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

HIPAA protects what?

A

Privacy and security of certain health information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the privacy rule?

A

Establishes national standards for the protection of certain health information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is security rule?

A

Establish a national set of security standards for protecting certain health info that is held or transferred in electronic form

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

HITECH Act, 2009 - what did this do?

A

Expanded rules to business associates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Many health care providers are aware of the _________ _______ of HIPAA

A

Privacy requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

HIPAA also has significant impact on __________ of _______

A

Standardization of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Covered entities: A health care provider includes:

A
Doctors
Clinics
Psychologists
Dentists
Chiros
Nursing homes
Pharmacies
... but only if they transmit information in an electronic form in connection with a transaction for with HHS has adopted a standard
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Covered entities: What does a health plan include?

A

Health insurance companies
HMOs
Company health plans
Government programs that pay for health care, such as:
Medicare, Medicaid, and the military and veterans health care programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Covered entities: A Health Care Clearinghouse includes:

A

Entities that process NONSTANDARD health information they receive from another entity into a standard, or vice versa

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Business associates: A person or entities that performs certain functions or activities that involve the use of ______ of protected health information on behalf of, or provides services to, a ___________

A

Disclosure

Covered entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Business associates: Perform certain function of activities on behalf of the _________

A

Covered entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Covered entity workforce not ___________

A

Business associates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Business associates: may include: (6)

A

1) claims processing
2) data analysis
3) quality assurance
4) certain patient safety activities
5) utilization review
6) billing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
Business associates: T/F: Can be
Legal
Actuarial
Accounting
Consulting
Data aggregation
Information technology management
Administrative
Accreditation
Financial services
A

True……

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Business associates: Some contractors that perform services for a ______ are not business associates because the services do not involve the use or disclosure of _____

A

CE

PHI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are three HIPAA Rules?

A

Privacy Rule
Security Rule
Breach Notification Rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The privacy rule is intended to…

A

Protect privacy of all individually identifiable health information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Privacy Rule: Gives pts new rights to access their ___________, to request _______, and to learn how they have been _______.

A

Medical records
Changes
Accessed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Privacy Rule: Restricts access by _____

A

OTHERS

21
Q

Privacy Rule: Restricts access to the ________ ______ for healthcare treatment and business operations

A

Minimum needed

22
Q

Privacy Rule: Provides that all patients are informed about ____ ______ _____/_______

A

Entity privacy practices/policies

23
Q

Privacy Rule: Enables pt decisions on ________ for disclosure of PHI beyond treatment/business operations

A

Authorization

24
Q

Privacy Rule: Protects most __________________ held or transmitted by a covered entity of business associate, in any form or media, whether electronic, paper, or oral

A

INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION

25
Q

What does PHI stand for?

A

Protected health information

26
Q

What is PHI?

A

Individually identifiable health information is information including demographic information

27
Q

PHI demographic information relates to: (3)

A

1) Pt’s past, present or future physical or mental health condition
2) The provision of health care to the individual
3) The past, present, or future PAYMENT of health care to individual

28
Q

What does individually identifiable health information do?

A

IDs the individual or there is a reasonable basis to believe it can be used to ID the individual

29
Q

When PT authorizations not required for disclosure of PHI: (5)

A
  1. Info sharing needed for Tx
  2. Disclosures to family, friends, and others involved in the care of the individual as well as for notification purposes
  3. Info needed to ensure public health and safety
  4. Info need to prevent or lessen imminent danger
  5. Disclosures in facility directories
30
Q

HIPAA Privacy Rule Notices: An adequate privacy note must include all of the following (6)

A
  1. Required heading
  2. Statement of use and disclosures
  3. Statement of individual rights
  4. Statement of covered entity’s duties
  5. Explanation of how to complain
  6. Required contact info
31
Q

What is the security rule?

A

Establishes national standard to protect individuals’ ELECTRONIC personal health information that is created, received, used or maintained by covered entity.

32
Q

The security rule requires appropriate _____, ______ and _______ safeguards to ensure the ______, ______, and _________ of electronic PHI

A

Administrative
Physical
Technical

Confidentiality
Integrity
Security

33
Q

The security rule defines confidentiality to mean that _______ is not available to disclosed to unauthorized persons

A

E-PHI

34
Q

The security rule requires covered entities to maintain responsible and appropriate _____, ______, and ______ safeguards for protecting e-PHI

A

Administrative
Technical
Physical

35
Q

In security general rules, covered entities must:

Ensure the confidentiality, integrity, and availability of all e-PHI they _____, _____, _____, or ______

A

Create
Receive
Maintain
Transmit

36
Q

In security general rules, covered entities must: ID and protect against reasonably anticipated ______ to the security or integrity of the info

A

Threats

37
Q

In security general rules, covered entities must: Protect against reasonably anticipated, ___________ uses or disclosures

A

Impermissible

38
Q

In security general rules, covered entities must: Ensure _______ by their workforce

A

COMPLIANCE

39
Q

What is the breach notification rule?

A

Requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health info

40
Q

Definition of breach:

A

An impermissible use or disclosure under the privacy rule that compromises the security of privacy of the PHI

41
Q

HIPAA considerations for PT practice: (5)

A
Patient identification
Eval procedures
Sign in and out processes
Physical layout of facility
Computer security
42
Q

What are the penalties for violating HIPAA:

Breaking HIPAA’s privacy or security rules can mean either a _____ or ______ sanction

A

Civil

Criminal

43
Q

What are the penalties for violating HIPAA: What are civil penalties?

A

Usually fines

44
Q

What are the penalties for violating HIPAA: Civil penalties are usually the result of _________, not necessarily resulting in personal gain

A

Inadvertent violations

45
Q

What are the penalties for violating HIPAA: What are criminal sanctions?

A

Involve monetary penalties and jail time

46
Q

Intent and fine: Did not know or could not have known ?

A

100- 50,000

47
Q

Intent and fine: Reasonable cause and not willful neglect?

A

1,000-50,000

48
Q

Intent and fine: Willful neglect, but corrected within 30 days

A

10,000-50,000

49
Q

Willful neglect and not corrected within 30 days

A

50,000