RES: HIPAA

Question 1

what does HIPAA stand for?

Answer 1

Health Insurance Portability and Accountability Act t

Question 2

when and where was HIPAA passed by the congress?

Answer 2

1996 & USA

Question 3

What does HIPAA do?

Answer 3

1. provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
2. reduces health care fraud and abuse;
3. mandates industry-wide standards for health care information on electronic billing
4. requires the protection and confidential handling of protected health information

Question 4

what is the major role of the privacy rule?

Answer 4

To assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well-being.

Question 5

this rule applies to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with transactions for which the Secretary of HHS has adopted standards under HIPAA

Answer 5

the privacy rule and administrative simplification rules

Question 6

protects all “individually identifiable health information”

Answer 6

The Privacy Rule

Question 7

information that includes demographic data,

Answer 7

Individually identifiable health information

Question 7

Individually identifiable health information i relates to:

Answer 7

• the individual’s past, present or future physical or mental health or condition,
• the provision of health care to the individua
• the past, present, or future payment for the provision of health care to the individual,

Question 8

This rule excludes from protected health information employment records that a covered entity maintains in its capacity as an employer and education and certain other records subject to, or defined in, the Family Educational Rights and Privacy Act, 20

Answer 8

privacy rule

Question 9

identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.

Answer 9

Individually identifiable health information

Question 10

because the HIPAA is a law in that applies only to healthcare in the USA, a law has been passed in the Philippines, this law was created in the philippines

Answer 10

Republic Act 10173 – Data Privacy Act of 2012

Question 11

refers to an individual whose personal, sensitive personal, or privileged information is processed;

Answer 11

Data subject

Question 11

refers to the structure and procedure by which personal data is collected and further processed in an information and communications system or relevant filing system, including the purpose and intended output of the processing;

Answer 11

Data processing systems

Question 12

This act protecting individual personal information in information and communications systems in the government and the private sector, creating for this purpose a national privacy commission, and for other purposes.

Answer 12

Republic Act 10173 – Data Privacy Act of 2012

Question 12

refers to communication by whatever means of any advertising or marketing material which is directed to particular individuals

Answer 12

Direct marketing

Question 13

is the disclosure or transfer to a third party of personal data under the custody of a personal information controller or personal information processor.

Answer 13

“Data sharing”

Question 14

refers to any set of information relating to natural or juridical persons to the extent that, although the information is not processed by equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible

Answer 14

Filing system

Question 15

refers to a system for generating, sending, receiving, storing, or otherwise processing electronic data messages or electronic documents, and includes the computer system

Answer 15

Information and communications system

Question 16

refers to all types of personal information

Answer 16

Personal data

Question 17

refers to Republic Act No. 10173, also known as the Data Privacy Act of 2012;

Answer 17

ACT

Question 18

refers to the National Privacy Commission

Answer 18

COMMISSION

Question 19

any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of his or her personal, sensitive personal, or privileged information.

Answer 19

“Consent of the data subject”

Question 20

refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed

Answer 20

Personal data breach

Question 21

refers to any information, whether recorded in a material form or not, from which the identity of an individual

Answer 21

Personal information

Question 21

refers to a natural or juridical person, or any other body who controls the processing of personal data, or instructs another to process personal data on its behalf.

Answer 21

Personal information controller

Question 21

refers to any natural or juridical person or any other body to whom a personal information controller may outsource or instruct the processing of personal data pertaining to a data subject

Answer 21

Personal information processor

Question 22

refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.

Answer 22

Processing

Question 23

refers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects

Answer 23

Profiling

Question 23

refers to any government entity created by the Constitution or law, and vested with law enforcement or regulatory authority and functions

Answer 23

Public authority

Question 23

refers to any and all forms of data, which, under the Rules of Court and other pertinent laws constitute privileged communication

Answer 23

Privileged information

Question 23

is an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity and confidentiality of personal data. It includes incidents that would result to a personal data breach, if not for safeguards that have been put in place

Answer 23

Security incident

Question 24

Penalty: Unauthorized Processing of Personal Information and Sensitive Personal Information.

Answer 24

1. imprisonment 1 yr to 3 yrs
2. fine of not less than 500k but not more than 2M
3. imprisonment 3 to 6 yrs and a fine of not less than 500k but not more than 4M

Question 25

Penalty: Accessing Personal Information and Sensitive Personal Information Due to Negligence.

Answer 25

1.imprisonment 1-3 yrs and a fine of not less than 500k but not more than 2M

2. imprisonment 3-6 yrs and a fine of not less than 500k but more not more than 4M

Question 26

Penalty: Improper Disposal of Personal Information and Sensitive Personal Information.

Answer 26

1. imprisonment: (6) mts to2 years and a fine of not less than 100k but not more than 500k
2. imprisonment :1 to 3 yrs and a fine of not less than 100k but not more than 1M

Question 27

Unauthorized Access or Intentional Breach

Answer 27

imprisonment 1 to 3 yrs and a fine of not less than 500k but not more than 2M

Question 27

Processing of Personal Information and Sensitive Personal Information for Unauthorized Purposes.

Answer 27

1. imprisonment 1yr and six 6 months to 5 yrs and a fine of not less than 500k but not more than 1M
2. imprisonment: 2-7 yrs and a fine of not less than 500k but not more than 2M

Question 28

Concealment of Security Breaches Involving Sensitive Personal Information

Answer 28

imprisonment 1 yr to 6 months to 5 yrs and a fine of not less than 500k but not more than 1M.

Question 29

Malicious Disclosure

Answer 29

imprisonment 1 yr to 6 months to 5 yrs and a fine of not less than 500k but not more than 1M.

Question 30

Unauthorized Disclosure.

Answer 30

1-3 yrs and a fine of not less than500k but not more than 1M
3-5 yrs and a fine of not less than 500k but not more than 2m

Question 31

Combination or Series of Acts.

Answer 31

3-6 YRS and a fine of not less than 1M but not more than 5M

Question 32

Extent of Liability.

Question 32

Large-Scale

Answer 32

maximum penalty in the corresponding scale of penalties provided for the preceding offenses shall be imposed when the personal data of at least one hundred (100) persons are harmed, affected, or involved, as the result of any of the above-mentioned offenses.

Question 33

what is the difference of privacy and confidentiality

Answer 33

privacy is the right of an individual to keep his or her health information private.

confidentiality- refers to the duty of anyone entrusted with health information to keep that information

Question 34

refers to the duty of anyone entrusted with health information to keep that information

Answer 34

confidentiality

Question 35

the right of an individual to keep his or her health information private.

Answer 35

privacy