Test Flashcards
Amendment
That the data is in dispute or further clarification while retaining the original information
Authorization
Must obtain with pt agreement for the disclosure of medical records
Breach of confidentiality
Violating the law by releasing privileged or private information or to an individual without a valid authorization 
Business associate (BA)
A person or organization that performs a function or activity on behalf of a covered entity,  but it’s not a part of the covered entities workforce 
Clinical laboratory
Improvement act
States that clinical laboratories may provide clinical laboratory test records and reports only to “authorized persons” as defined primarily by state law.
Consent
A general document that may be required for treatment, payment or healthcare operations related uses.
Correction
Altering or replacing the original document 
Covered entities
Includes health plans, health care clearinghouses, and health care providers (hospitals) that transmit any health information in electronic form in connection with a transaction covered in the HIPAA Transaction Rule.
Designated record set
Defined as a group of records maintained by or for a covered entity that includes the medical and billing records and any other record that documents decisions made about individuals such as enrollment, payment, claims adjudication, case management records for a health plan, pre-procedure questionnaires or records from other facilities used in the treatment of a patient.
Disclosure
The release, transfer, or access to information outside the entity holding the information.
HIPPA
Health Insurance Portability and Accountability Act of 1996
Individually Identifiable Health Information (IIHI)
Information that is a subset of health information, including demographic information collected from an individual, in the past, present and future where there is reasonable belief that the information can be used to identify the individual (telephone number, zip code, etc.
Minimum necessary standard
Requires covered entities to make reasonable efforts to limit protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or r
Nonroutine disclosure
A disclosure for any purpose other than treatment, payment or healthcare operations (
Notice of privacy practices 
How the covered entity may use and disclose protected health information about an individual. The Notice of Privacy Practices must also include a description of the types of uses and disclosures that require patient authorization, must be displayed or posted on a healthcare facility’s website and must be signed by patients upon their first visit to a physician.
OCR
Office of Civil Rights is the Health and Human Services entity responsible for enforcing the HIPAA Privacy Rule.
Protected health information 
Means individually identifiable health information. Examples: Names, addresses, zip codes, admission & discharge dates, birth date, telephone and fax numbers, e-mail addresses, Social Security number, Medical Record Num
Psychotherapy notes
Notes of a mental health professional about counseling sessions that are maintained separate and apart from the regular health record. These notes are protected under HIPAA and can’t be disclosed without special authorization.
Qualified protective order
Prohibits uses or disclosure for other purposes and requires return or destruction of medical records
Restriction
Right of an individual (patient) to request restriction of uses and disclosures of either certain components of his/her protected health information or to certain individuals.
Subpoena by satisfactory assurance
Upon request by a health oversight committee or law enforcement agency/official, a covered entity must temporarily suspend a patient’s right to receive an accounting of disclosures to a health oversight agency or law enforcement offic
Treatment, Payment, and Operations (TPO)
Treatment” generally means the provision, coordination, or management of health care and related services among health care providers or by a health care provider with a third party
Healthcare operations
Are certain administrative, financial, legal and quality improvement activities of a covered entity that are necessary to run its business and to support the core functions of treatment and paymen
Conservators
Court orders
A court order is signed by a judge and if facility received this court order they will not need an authorization form to release records. They will just released a Records.
