RES: HIPAA Flashcards
what does HIPAA stand for?
Health Insurance Portability and Accountability Act t
when and where was HIPAA passed by the congress?
1996 & USA
What does HIPAA do?
- provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
- reduces health care fraud and abuse;
- mandates industry-wide standards for health care information on electronic billing
- requires the protection and confidential handling of protected health information
what is the major role of the privacy rule?
To assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well-being.
this rule applies to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with transactions for which the Secretary of HHS has adopted standards under HIPAA
the privacy rule and administrative simplification rules
protects all “individually identifiable health information”
The Privacy Rule
information that includes demographic data,
Individually identifiable health information
Individually identifiable health information i relates to:
- the individual’s past, present or future physical or mental health or condition,
- the provision of health care to the individua
- the past, present, or future payment for the provision of health care to the individual,
This rule excludes from protected health information employment records that a covered entity maintains in its capacity as an employer and education and certain other records subject to, or defined in, the Family Educational Rights and Privacy Act, 20
privacy rule
identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.
Individually identifiable health information
because the HIPAA is a law in that applies only to healthcare in the USA, a law has been passed in the Philippines, this law was created in the philippines
Republic Act 10173 – Data Privacy Act of 2012
refers to an individual whose personal, sensitive personal, or privileged information is processed;
Data subject
refers to the structure and procedure by which personal data is collected and further processed in an information and communications system or relevant filing system, including the purpose and intended output of the processing;
Data processing systems
This act protecting individual personal information in information and communications systems in the government and the private sector, creating for this purpose a national privacy commission, and for other purposes.
Republic Act 10173 – Data Privacy Act of 2012
refers to communication by whatever means of any advertising or marketing material which is directed to particular individuals
Direct marketing
is the disclosure or transfer to a third party of personal data under the custody of a personal information controller or personal information processor.
“Data sharing”
refers to any set of information relating to natural or juridical persons to the extent that, although the information is not processed by equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible
Filing system
refers to a system for generating, sending, receiving, storing, or otherwise processing electronic data messages or electronic documents, and includes the computer system
Information and communications system
refers to all types of personal information
Personal data
refers to Republic Act No. 10173, also known as the Data Privacy Act of 2012;
ACT
refers to the National Privacy Commission
COMMISSION
any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of his or her personal, sensitive personal, or privileged information.
“Consent of the data subject”
refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed
Personal data breach
refers to any information, whether recorded in a material form or not, from which the identity of an individual
Personal information
refers to a natural or juridical person, or any other body who controls the processing of personal data, or instructs another to process personal data on its behalf.
Personal information controller
refers to any natural or juridical person or any other body to whom a personal information controller may outsource or instruct the processing of personal data pertaining to a data subject
Personal information processor
refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
Processing
refers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects
Profiling
refers to any government entity created by the Constitution or law, and vested with law enforcement or regulatory authority and functions
Public authority
refers to any and all forms of data, which, under the Rules of Court and other pertinent laws constitute privileged communication
Privileged information
is an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity and confidentiality of personal data. It includes incidents that would result to a personal data breach, if not for safeguards that have been put in place
Security incident
Penalty: Unauthorized Processing of Personal Information and Sensitive Personal Information.
- imprisonment 1 yr to 3 yrs
- fine of not less than 500k but not more than 2M
- imprisonment 3 to 6 yrs and a fine of not less than 500k but not more than 4M
Penalty: Accessing Personal Information and Sensitive Personal Information Due to Negligence.
1.imprisonment 1-3 yrs and a fine of not less than 500k but not more than 2M
- imprisonment 3-6 yrs and a fine of not less than 500k but more not more than 4M
Penalty: Improper Disposal of Personal Information and Sensitive Personal Information.
- imprisonment: (6) mts to2 years and a fine of not less than 100k but not more than 500k
- imprisonment :1 to 3 yrs and a fine of not less than 100k but not more than 1M
Unauthorized Access or Intentional Breach
imprisonment 1 to 3 yrs and a fine of not less than 500k but not more than 2M
Processing of Personal Information and Sensitive Personal Information for Unauthorized Purposes.
- imprisonment 1yr and six 6 months to 5 yrs and a fine of not less than 500k but not more than 1M
- imprisonment: 2-7 yrs and a fine of not less than 500k but not more than 2M
Concealment of Security Breaches Involving Sensitive Personal Information
imprisonment 1 yr to 6 months to 5 yrs and a fine of not less than 500k but not more than 1M.
Malicious Disclosure
imprisonment 1 yr to 6 months to 5 yrs and a fine of not less than 500k but not more than 1M.
Unauthorized Disclosure.
1-3 yrs and a fine of not less than500k but not more than 1M
3-5 yrs and a fine of not less than 500k but not more than 2m
Combination or Series of Acts.
3-6 YRS and a fine of not less than 1M but not more than 5M
Extent of Liability.
Large-Scale
maximum penalty in the corresponding scale of penalties provided for the preceding offenses shall be imposed when the personal data of at least one hundred (100) persons are harmed, affected, or involved, as the result of any of the above-mentioned offenses.
what is the difference of privacy and confidentiality
privacy is the right of an individual to keep his or her health information private.
confidentiality- refers to the duty of anyone entrusted with health information to keep that information
refers to the duty of anyone entrusted with health information to keep that information
confidentiality
the right of an individual to keep his or her health information private.
privacy
