Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP Certification > Module #7: Healthcare > Flashcards

Module #7: Healthcare Flashcards

1
Q

Why privacy law in healthcare?

A
  • protect one’s sense of self
  • allows for more dialogue
  • safeguards against unequal treatment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How can covered entities ensure compliance with regulations that protect the privacy and security of healthcare info?

A

Covered entities include:
- health plans (health insurance co, HMO, company health plan, medicare/medicaid),

  • healthcare clearing houses (ie: billing service, HRIS)
  • healthcare providers who electronically transmit any health insurance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does HIPPA stand for?

A

Health Insurance Portability and Accountability Act of 1996

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Why was HIPPA enacted?

A
  • efficiency
  • security (Payment)
  • enforcement (dept of health and human services)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is PHI?

A

Protected Health Information (PHI) is:

  • individually identifiable health information
  • related to a physical or mental condition
  • held by an entity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is ePHI?

A

Electronic Protected Health Information (ePHI)

-PHI that is transmitted or maintained in electronic media

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What covered entities are included by ePHI?

A
  • Covered entities include:
    - -healthcare providers
    - -clearinghouses
- -business associates such as claims processing and data analysis
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

HIPPA Privacy and Security Rules 1

A
  • Compliance of specific requirements
  • Privacy and security of health information
  • Written agreement or another arrangement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

HIPPA Privacy and Security Rules 2:

What are the 6 covered entities

A

1 privacy notice: 1st date

Covered entities:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

HIPPA Privacy and Security Rules 2:

Rules defined?

A
  • ensure the confidentiality, integrity, and availability of all ePHI
  • Protect anticipated threats, hazards, uses or disclosures
  • ensure compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What happened in Feinstein’s Institute for Medical research HIPPA settlement?

A
  • ePHI was stolen off a laptop taken from an employees car.
  • Office of Civil Rights (OCR) found that their security management was not compliant
  • it failed to implement mechanisms for safeguarding ePHI
  • paid $3.9 million to settle claims
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is GINA?

Year?

Definition?

A

The Genetic Information Nondiscrimination Act

  • enacted in 2008
  • genetic testing

-protects individuals against genetic discrimination by insurance providers and employers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does GINA do for employers?

A
  • Family members who have manifested a disease

- requirements or request for genetic information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does GINA do for insurance?

A
  • implementing higher premiums based on genetic tests

- using genetic predisposition to deny coverage based on a preexisting condition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is HITECH

year?

defined?

offerings?

A

Health information Technology for Economic and Clinical Health

  • 2009
  • adoption and meaningful use of health information technology
  • incentives for healthcare providers to use and develop electronic health records and a national electronic health information exchange
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How did HITECH strengthen existing HIPPA laws?

A
  • data minimization
  • increased penalties
  • notice of breach
  • electronic health records (ERHs)
17
Q

HITECH: data minimization

A

Refers to PHI including identifiers of the individual. Any data disclosed must be the minimum amount necessary.

18
Q

HITECH: increased penalties

A

Penalties up to $1.5 million are allowable and may extend to criminal liability even if the covered entity didn’t know about the violations

19
Q

HITECH: Notice of breach

A

entities or companies that handle PHI must notify individuals, the Dept of Health and Human Services, and potentially the media when security is compromised

20
Q

HITECH: electronic health records (EHRs)

A

–linked with local hospitals and used to share
necessary medical information for treatment, payment, or healthcare operations.

–promotes the goal of a National Health Information Network.

21
Q

Cures Act name?

A

The Cures Act and Confidentiality of Substance Use Disorder Patient Records Rule of 2016

22
Q

21st Century Cures Act definition?

A

–expedites the research process for new medical devices and prescription drugs

–quickens the process for drug approval

–reforms mental health treatment

23
Q

Cures act provisions?

A
  • Prohibition of info-blocking: conduct that interferes with EHR
  • “Certificates of confidentiality” for research requirements (particularly for alcoholics and substance abuse)
  • “compassionate” sharing of mental health or substance abuse info with family or caregivers
  • Exemptions for mandatory disclosure of individual biomedical research info under the Freedom of Information Act
  • remote review of PHI under HIPAA rules
24
Q

Confidentiality of Substance Use Disorder Patient Records Rule

A
  • 1970

- privacy protections for individuals seeking medical care for alcohol and substance abuse

25
Q

Confidentiality of Substance Use Disorder Patient Records Rule

components?

A 
#1 scope
#2 applicability
#3 Disclosure
#4 Re-disclosure
#5 exceptions
#6 security
26
Q

Confidentiality of Substance Use Disorder Patient Records Rule

scope defined

A

– Use and disclosure of patient-identifying info

– restricting the use of info leading to criminal charges

27
Q

Confidentiality of Substance Use Disorder Patient Records Rule

applicability defined

A

Federally funded programs and entities that:

– Are required by state licensing

– Use controlled substances that require licensing by the DEA

28
Q

Confidentiality of Substance Use Disorder Patient Records Rule

disclosure defined

A

Consent form detailing the disclosure of information

29
Q

Confidentiality of Substance Use Disorder Patient Records Rule

re-disclosure defined

A

– Prohibits the re-disclosing of info if it would identify the individual as receiving treatment

30
Q

Confidentiality of Substance Use Disorder Patient Records Rule

exceptions defined

A

Exceptions to consent requirements:

    • Emergencies
    • Research
    • Evaluations
    • Crimes on-premises or against personnel
    • Child abuse reporting
    • Court Orders
31
Q

Confidentiality of Substance Use Disorder Patient Records Rule

security defined

A

Formal policies and procedures in place to ensure the security of information

32
Q

COVID-19 Consumer Data Protection Act of 2020

A

–protections for personal information as well as
a preemption clause.

–The bill was submitted on May 7, 2020, and referred to the Committee on Commerce, Science, and Transportation.

33
Q

COVID Bi-Partisan bill

A

regulate contact tracing apps to protect the privacy of those who do not want to be tracked as well as prohibit commercial use of any data collected.

34
Q

True or false? HIPAA preempts stricter state laws.

True
False

A

False

35
Q

Which is NOT a requirement under HIPAA’s Privacy Rule?

A)_ A detailed privacy notice provided at the date of first service delivered

B)_ Opt-out authorization for use or disclosure of personal health information outside of HIPAA guidelines

C)_ Limited use and disclosure of personal health information for business associates, such as billing companies

D)_Safeguards in place to protect the confidentiality and integrity of all personal health information

A

B)_ Opt-out authorization for use or disclosure of personal health information outside of HIPAA guidelines

36
Q

Who is responsible for enforcing HIPAA’s Privacy and Security Rules?

A)_Office for Civil Rights (OCR)
B)_Office of Compliance (OOC)
C)_Agency for Healthcare Research and Quality (AHRQ)
D)_Health Resources and Services Administration (HRSA)

A

A) OCR

37
Q

Which act is intended to expedite the research process for medical devices and prescription drugs?

A)_Health Insurance Portability and Accountability Act (HIPAA)

B)_Health Information Technology for Economic and Clinical Health Act (HITECH)

C)_21st Century Cures Act

D)_Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and
Rehabilitation Act

A

C) 21st Century Cures Act

38
Q

Which act introduced the first medical privacy provisions?

A)_Health Insurance Portability and Accountability Act (HIPAA)

B)_Health Information Technology for Economic and Clinical Health Act (HITECH)

C)_21st Century Cures Act

D)_Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and
Rehabilitation Act

A

D)_Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and
Rehabilitation Act

39
Q

True or false?

Health insurance providers may, under some circumstances, implement
higher premiums based on genetic information.

A

False

CISSP Certification (14 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions