Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPP > Medical Privacy > Flashcards

Medical Privacy Flashcards

1
Q

Confidentiality of substance use disorder patient records rule scope

A

Covers disclosure and use of patient identifying information by treatment programs for alcohol and substance abuse.

Restricts the use of any information whether written or verbal that could lead to or substantiate criminal charges against a patient concerning their alcohol or drug usage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Confidentiality of substance use disorder patient records rule applicability

A

Applies to any program that receives federal funding who holds itself out as providing alcohol or substance abuse diagnosis treatment or referral for treatment

  • an individual or entity (other than a general medical facility)
  • an identified unit in s general medical facility
  • medical personnel or other staff in a general medical facility who primary function is the provision of the above

A state licensing agency requires them to comply
The clinician uses controlled substances for detoxification requiring licensing through the DEA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Confidentiality of substance use disorder patient records rule disclosure

A

The program must obtain written patient consent before disclosing information subject to the rule.

  • must describe the type of information that will be disclosed
  • must receive a list of entities to which the information has been dislodged
  • entities must have a treating provider relationship with the patient
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Confidentiality of substance use disorder patient records rule redisclosure

A

Redisclosing information obtained from a program is prohibited when that information would identify an individual as having been treated diagnosed or referred for treatment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Confidentiality of substance use disorder patient records rule exceptions to consent requirements

A

Exceptions to the rule that allow disclosure without consent are:

  • medical emergencies
  • scientific research
  • audits and evaluations
  • court order
  • child abuse reporting
  • crimes on program premises
  • communication with a qualified service organization related to information needed by the organization to provide services to the program
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Confidentiality of substance use disorder patient records rule security of records

A

An entity lawfully holding patient identifying information must have formal policies and procedures in place to protect the security of this information. There are separate requirements for paper and electronic records

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Confidentiality of substance use disorder patient records rule violations

A

Violations are criminal and reported to the US attorneys office

  • 1st is in a fine of no more than $500
  • each subsequent offense is fined not more than $5000
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

PHI

A

Protected health information is defined as any individually identifiable health information that is transmitted or maintained in any form or medium.

It is held by a covered entity or business associate, identifies the individual, is created or received by a covered entity or an employer, related to a past present or future physical or mental condition provision of health care or payment for health care to that individual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

ePHI

A

Electronic protected health information is any PHI that is transmitted or maintained in electronic media.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are covered entities under HIPAA

A

Healthcare providers that conduct certain transactions in electronic form
Health plans (insurers)
Healthcare clearing houses (3rd parties that host handle or process medical information)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Who does HIPAA not apply too?

A

Doctors who only accept cash or credit cards and do not bill for insurance
When individuals reveal medical information with friends, purchasing books, surfing websites or posting online.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a business associate under HIPAA

A

Any person or organization that performs services and activities for or on behalf of a covered entity if these services involve the use of PHI

HIPAA privacy and security rules apply directly to BAs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the Privacy Rule or fair information privacy practices (requirements) under HIPAA

A 
Privacy notices
Authorization for uses and disclosures 
Minimum necessary use or disclosure 
Access and accounting of disclosures
Safeguards 
Accountability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

HIPAA Privacy Rule - privacy notice

A

Requires a covered entity to provide a detailed privacy notice at the dare of first delivery must include statements about individuals rights with respect to their PHI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

HIPAA Privacy Rule - authorizations for used and disclosures

A

HIPAA authorizes the use and disclosure of PHI for essential healthcare purposes treatment, payment and operations (TPO) or compliance purposes

Other uses or disclosures require the individual to opt-in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

HIPAA Privacy Rule - minimum necessary

A

Other than for treatment covered entities must limit the use and disclosure of PHI to the minimum necessary in order to accomplish the intended purpose

17
Q

HIPAA Privacy Rule - access and accountings of disclosures

A

Individuals have the right to access and copy their own PHI from a covered entity or a business associate, the right to receive an accounting of certain disclosures of their PHI that have been made, amend PHI

18
Q

HIPAA Privacy Rule - safeguards

A

Requires that covered entities implement administrative physical and technical safeguards to protect the confidentiality and integrity of all PHI

19
Q

HIPAA Privacy Rule - accountability

A

Covered entities must designate a privacy official
Personnel must be trained
Compliant procedures must be in place

20
Q

Exceptions to the privacy rule under HIPAA

A
  • De-identification - does not apply to information that has been de-identified
  • Research - can occur with the consent of the individuals, on de-identified information, or if an authorized entity such as an institutional review board approves the research
  • court hearings
  • report abuse
  • information used for public health activities
  • compliance
21
Q

HIPAA security rule requirements

A
  • Ensure the confidentiality, availability, and integrity of all ePHI
  • Protect against any reasonably anticipated use or disclosure of information that are not permitted or required by the Privacy Rule
  • Ensure compliance with the security rule by its workforce
  • Protect against reasonably anticipated threats or hazards to the security and integrity of ePHI
  • identify an individual who is responsible for the implementation and oversight of the program
  • conduct risk assessments
  • security and awareness training program
22
Q

Medical federal laws vs state laws

A

Medical federal laws do not preempt state laws that include stricter protections

23
Q

HITECH

A

The health information technology for economic and clinical health act

Enacted as part of the American recovery and reinvestment act of 2009 and was created to promote the adoption and meaningful use of health information technology and electronic health records.

Expanded and strengthens the scope of HIPAA

24
Q

What does HITECH expand upon?

A
  • notice of breach - must notify individuals within 60 days, if more than 500 people must notify HHS if more than 500 in the same jurisdiction must notify the media
  • increased penalties - up to 1.5 million and extends criminal liabilities to individuals who misuse PHI
  • limited data - all disclosure should be the minimum necessary
  • electronic health records - provides funding for greater use of EHRs
25
Q

The 21st century cures act of 2016

A

Purpose is to expedite the research process for new medical devices / prescription drugs, quickens the process for drug approval, and reform mental health treatment

26
Q

What are the privacy provisions of the 21st century cures act of 2016?

A

Certain individual biometric research information exempted from disclosure under freedom of information act
Researchers permitted to remotely view PHI
Information blocking prohibited but HIPAA’s protection of PHI remains
Certificates of confidentiality for research
Compassionate sharing of mental health or substance abuse information with family or caregivers

Violation of this act can result in a fine up to 1million

27
Q

HIPAA

A

Health insurance portability and accountability act

28
Q

Why are their strict privacy laws for healthcare?

A

Medical information is related to the inner workings of ones mind or body, and ones individual sense of self may be violated if others have unfettered access to this information.

Most doctors believe patients will be more open about their medical conditions if they have assurance that embarrassing medical facts will not be revealed.

Medical privacy can protect employees from the risk of unequal treatment by employers

CIPP (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions