Module #7: Healthcare Flashcards
Why privacy law in healthcare?
- protect one’s sense of self
- allows for more dialogue
- safeguards against unequal treatment
How can covered entities ensure compliance with regulations that protect the privacy and security of healthcare info?
Covered entities include:
- health plans (health insurance co, HMO, company health plan, medicare/medicaid),
- healthcare clearing houses (ie: billing service, HRIS)
- healthcare providers who electronically transmit any health insurance.
What does HIPPA stand for?
Health Insurance Portability and Accountability Act of 1996
Why was HIPPA enacted?
- efficiency
- security (Payment)
- enforcement (dept of health and human services)
What is PHI?
Protected Health Information (PHI) is:
- individually identifiable health information
- related to a physical or mental condition
- held by an entity
What is ePHI?
Electronic Protected Health Information (ePHI)
-PHI that is transmitted or maintained in electronic media
What covered entities are included by ePHI?
- Covered entities include:
- -healthcare providers- -clearinghouses - -business associates such as claims processing and data analysis
HIPPA Privacy and Security Rules 1
- Compliance of specific requirements
- Privacy and security of health information
- Written agreement or another arrangement
HIPPA Privacy and Security Rules 2:
What are the 6 covered entities
1 privacy notice: 1st date
Covered entities:
HIPPA Privacy and Security Rules 2:
Rules defined?
- ensure the confidentiality, integrity, and availability of all ePHI
- Protect anticipated threats, hazards, uses or disclosures
- ensure compliance
What happened in Feinstein’s Institute for Medical research HIPPA settlement?
- ePHI was stolen off a laptop taken from an employees car.
- Office of Civil Rights (OCR) found that their security management was not compliant
- it failed to implement mechanisms for safeguarding ePHI
- paid $3.9 million to settle claims
What is GINA?
Year?
Definition?
The Genetic Information Nondiscrimination Act
- enacted in 2008
- genetic testing
-protects individuals against genetic discrimination by insurance providers and employers
What does GINA do for employers?
- Family members who have manifested a disease
- requirements or request for genetic information
What does GINA do for insurance?
- implementing higher premiums based on genetic tests
- using genetic predisposition to deny coverage based on a preexisting condition
What is HITECH
year?
defined?
offerings?
Health information Technology for Economic and Clinical Health
- 2009
- adoption and meaningful use of health information technology
- incentives for healthcare providers to use and develop electronic health records and a national electronic health information exchange
How did HITECH strengthen existing HIPPA laws?
- data minimization
- increased penalties
- notice of breach
- electronic health records (ERHs)
HITECH: data minimization
Refers to PHI including identifiers of the individual. Any data disclosed must be the minimum amount necessary.
HITECH: increased penalties
Penalties up to $1.5 million are allowable and may extend to criminal liability even if the covered entity didn’t know about the violations
HITECH: Notice of breach
entities or companies that handle PHI must notify individuals, the Dept of Health and Human Services, and potentially the media when security is compromised
HITECH: electronic health records (EHRs)
–linked with local hospitals and used to share
necessary medical information for treatment, payment, or healthcare operations.
–promotes the goal of a National Health Information Network.
Cures Act name?
The Cures Act and Confidentiality of Substance Use Disorder Patient Records Rule of 2016
21st Century Cures Act definition?
–expedites the research process for new medical devices and prescription drugs
–quickens the process for drug approval
–reforms mental health treatment
Cures act provisions?
- Prohibition of info-blocking: conduct that interferes with EHR
- “Certificates of confidentiality” for research requirements (particularly for alcoholics and substance abuse)
- “compassionate” sharing of mental health or substance abuse info with family or caregivers
- Exemptions for mandatory disclosure of individual biomedical research info under the Freedom of Information Act
- remote review of PHI under HIPAA rules
Confidentiality of Substance Use Disorder Patient Records Rule
- 1970
- privacy protections for individuals seeking medical care for alcohol and substance abuse
Confidentiality of Substance Use Disorder Patient Records Rule
components?
#1 scope #2 applicability #3 Disclosure #4 Re-disclosure #5 exceptions #6 security
Confidentiality of Substance Use Disorder Patient Records Rule
scope defined
– Use and disclosure of patient-identifying info
– restricting the use of info leading to criminal charges
Confidentiality of Substance Use Disorder Patient Records Rule
applicability defined
Federally funded programs and entities that:
– Are required by state licensing
– Use controlled substances that require licensing by the DEA
Confidentiality of Substance Use Disorder Patient Records Rule
disclosure defined
Consent form detailing the disclosure of information
Confidentiality of Substance Use Disorder Patient Records Rule
re-disclosure defined
– Prohibits the re-disclosing of info if it would identify the individual as receiving treatment
Confidentiality of Substance Use Disorder Patient Records Rule
exceptions defined
Exceptions to consent requirements:
- Emergencies
- Research
- Evaluations
- Crimes on-premises or against personnel
- Child abuse reporting
- Court Orders
Confidentiality of Substance Use Disorder Patient Records Rule
security defined
Formal policies and procedures in place to ensure the security of information
COVID-19 Consumer Data Protection Act of 2020
–protections for personal information as well as
a preemption clause.
–The bill was submitted on May 7, 2020, and referred to the Committee on Commerce, Science, and Transportation.
COVID Bi-Partisan bill
regulate contact tracing apps to protect the privacy of those who do not want to be tracked as well as prohibit commercial use of any data collected.
True or false? HIPAA preempts stricter state laws.
True
False
False
Which is NOT a requirement under HIPAA’s Privacy Rule?
A)_ A detailed privacy notice provided at the date of first service delivered
B)_ Opt-out authorization for use or disclosure of personal health information outside of HIPAA guidelines
C)_ Limited use and disclosure of personal health information for business associates, such as billing companies
D)_Safeguards in place to protect the confidentiality and integrity of all personal health information
B)_ Opt-out authorization for use or disclosure of personal health information outside of HIPAA guidelines
Who is responsible for enforcing HIPAA’s Privacy and Security Rules?
A)_Office for Civil Rights (OCR)
B)_Office of Compliance (OOC)
C)_Agency for Healthcare Research and Quality (AHRQ)
D)_Health Resources and Services Administration (HRSA)
A) OCR
Which act is intended to expedite the research process for medical devices and prescription drugs?
A)_Health Insurance Portability and Accountability Act (HIPAA)
B)_Health Information Technology for Economic and Clinical Health Act (HITECH)
C)_21st Century Cures Act
D)_Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and
Rehabilitation Act
C) 21st Century Cures Act
Which act introduced the first medical privacy provisions?
A)_Health Insurance Portability and Accountability Act (HIPAA)
B)_Health Information Technology for Economic and Clinical Health Act (HITECH)
C)_21st Century Cures Act
D)_Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and
Rehabilitation Act
D)_Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and
Rehabilitation Act
True or false?
Health insurance providers may, under some circumstances, implement
higher premiums based on genetic information.
False