Module 6 - HIPAA and other healthcare Flashcards
what is Title XIII of american recovery and reinvestment act (ARRA)
Health Information Technology for Economic and Clinical health (HITECH) act
Health Information Technology for Economic and Clinical health (HITECH) imposes data breach notification requirements for unauthorized uses and disclosures of unsecured PHI - what are these for businesses
- Business Associates must report privacy and
security breaches. - Subject to the same civil and criminal
penalties as Covered Entities.
Health Information Technology for Economic and Clinical health (HITECH) imposes data breach notification requirements for unauthorized uses and disclosures of unsecured PHI - what are privacy and secruity breach notifications to individuals
- Notices sent without delay.
- No later than 60 calendar days after
discovery
$5
what is an HIE and what must they sign
Health Information Exchanges (HIE) are Business Associates and must enter into a BAA with the Covered Entity.
HIPAA and HITECH penalty tier A is what
Tier A – if the offender did not know
* $100 for each violation, total for all violations of an identical requirement during a calendar year cannot exceed $25,000.
HIPAA and HITECH penalty tier A is what
HIPAA and HITECH penalty tier D is what
Tier D – violation due to willful neglect, but was NOT corrected
* $50,000 for each violation, total for all violations of an identical requirement during a calendar year cannot exceed $1,500,000.
HIPAA and HITECH penalty tier B is what
Tier B – violation due to reasonable cause, not willful neglect
* $1,000 for each violation, total for all violations of an identical requirement during a calendar year cannot exceed $100,000
HIPAA and HITECH penalty tier C is what
Tier C – violation due to willful neglect, but was corrected
* $10,000 for each violation, total for all violations of an identical requirement during a calendar year cannot exceed $250,000.
HIPAA Final Rule: Key Facts
- Final Rule introduced Jan 17, 2013
- Modifies the following Rules:
- —- HIPAA Privacy Rule
- ———– ➢ HIPAA Privacy Rule modified as required by the
- —- Genetic Information Nondiscrimination Act (GINA).
- —- HIPAA Security Rule
- —- HIPAA Enforcement Rule
- —- HITECH Breach Notification for Unsecured PHI
Business Associates (BA)
3 rules that apply to a BA
- The changes announced expand many of the privacy
and security requirements to BAs that receive PHI,
such as contractors and subcontractors. - BAs may also be liable for the increased penalties for
noncompliance based on the level of negligence up to
a maximum penalty of $1.5 million. - The definition of a BA is expanded to include entities or
individuals that maintain PHI on behalf of a CE, even if
such entities or individuals never access PHI.
The Business Associate definition now reflects the following updates:
what 4 definitions
- Inclusion of Patient Safety Organizations (PSO).
- Inclusion of Health Information Organizations (HIO), e-prescribing gateways, and other persons that facilitate data transmission services with respect to PHI to a Covered Entity and that requires access to such PHI on a routine basis.
- Inclusion of vendors of Personal Health Records (PHR) that require routine access to such PHI.
- Inclusion of subcontractors that create, receive, maintain, or transmit PHI on behalf of the Business Associate.
what forms of medium is included when talking about PHI that is covered by HIPAA
- oral
- paper
- electronic
all forms
what does HIPAA stand for
Health Insurance Portability and Accountability Act
HIPAA security focuses on what
ePHI
