The Health Insurance Portability and Accountability Act (HIPAA)

Question 1

The Health Insurance Portability and Accountability Act (HIPAA) is a ______________ law that was signed into effect in _______.

Answer 1

• Federal
• 1996

Question 2

HIPAA was designed to protect Americans with medical conditions from ___________________ when they changed jobs or moved.

Answer 2

Losing health insurance.

Question 3

HIPAA is comprised of ___ rules.

Answer 3

3.

Question 4

The _____________ Rule: Became effective April 14, 2003. Provides regulations and safeguards regarding confidential patient information.

Answer 4

The Privacy Rule.

Question 5

The ________________ Rule: Became effective October 16, 2003. Requires that a nationally standardized format be used for all health-care transactions that are transmitted electronically, most notably all insurance claims. Practitioners who submit claims electronically must therefore either use appropriate software or contract with a health-care clearinghouse (which accepts written data, transforms it into electronic data, and then transmits it to the insurance company).

Answer 5

The Transaction Rule.

Question 6

The _______________ Rule: Became effective April 20, 2005. Addresses issues of physical security, such as locking files and encrypting e-mails.

Answer 6

The Security Rule.

Question 7

Technically, compliance with HIPAA’s rules is only required when health information is __________________________. However, once any information is transmitted electronically, HIPAA’s rules apply to the ________________ of a psychologist or institution.

Answer 7

• Transmitted in some electronic form
• Entire practice

Question 8

While issues about confidentiality and patient access to records are typically governed by state laws and regulations, HIPAA is a federal law that can ___________________ state law. However, whichever is _______________ ultimately takes precedence.

Answer 8

• Take precedence over
• More stringent

Question 9

When state law and HIPAA are contradictory, making it impossible to comply with both, ____________ takes precedence.

Answer 9

HIPAA.

Question 10

While __________________ allows the provider to deny access to records when adverse or detrimental consequences are anticipated, ______________ states that access can be denied only when the health care professional has determined that access is reasonably likely to endanger the life or physical safety of the individual or another person.

Answer 10

• CA State Law
• HIPAA

Question 11

Penalties for failure to comply with HIPAA include:

1) Administrative sanction by the Office for Civil Rights of Health and Human Services
2) Civil penalties of $____ for each violation up to a total of $__________ per year
3) Fines of up to $__________________ or ten year imprisonment, or both, for deliberate and knowing violations of patients’ privacy rights

Answer 11

• $100
• $25,000
• $250,000

Question 12

HIPAA distinguishes between __________________________ and psychotherapy notes. Most of HIPAA’s general provisions govern the former; more stringent protections govern psychotherapy notes.

Answer 12

Protected health information (PHI).

Question 13

______________________ refers to health information that identifies a patient, and that is transmitted or maintained in any form (e.g., on computer, handwritten notes, etc.). It includes information about the mental health condition of a patient (e.g., diagnosis, symptoms, prognosis, progress), the provision of services (e.g., medication, treatment modality, treatment plan, frequency of treatment), and payments. Typically, chart notes kept on a psychotherapy patient are considered to be PHI.

Answer 13

Protected Health Information (PHI).

Question 14

_______________________ refer to what have historically been termed “process notes.” These include the notes of practitioners that document or analyze the content of counseling sessions. In order for process notes to be considere “________________________,” they must be separated from the rest of an individual’s medical record (typically interpreted as physically separated).

Answer 14

Psychotherapy Notes (both blanks).

Question 15

HIPAA distinguishes between __________________ consent and __________________.

Answer 15

• Generalized consent
• Authorization

Question 16

_________________________: While patients must be informed of a practitioner’s privacy policy, they do not need to give _____________ consent. HIPAA allows for the disclosures of PHI for the purposes of treatment, payment, or to carry out health care operations. However, it is still considered the standard of practice for psychologists to obtain written permission from patients for any disclosures of confidential information.

Answer 16

• General consent
• Written

Question 17

________________________: This refers to obtaining patient permission to disclose information on a release of information form. According to HIPAA, this is not needed for disclosures, as long as any of the disclosures are for the purposes of treatment, payment, or healthcare operations. However, it is needed for any other type of disclosure (e.g., a patient’s spouse requests PHI).

Answer 17

Authorization.

Question 18

According to HIPAA, managed care organizations and other third-party reimbursement entities ___________ require the release of psychotherapy notes in order to provide reimbursement.

Answer 18

May not.

Question 19

HIPAA provides for ___ basic patients’ rights.

Answer 19

6.

Question 20

Right of _____________: Patients have the right to be informed about the psychologist’s privacy policy and the ways in which PHI may be used or disclosed, as well as patients’ rights to limit uses and disclosures. Patients should be provided with a written copy of the psychologist’s privacy policy.

Answer 20

Right of Notice.

Question 21

Right to ___________________: Psychologists are obligated to agree to “reasonable requests” to restrict use and disclosure of PHI. Psychologists are not obligated to agree to any and all limits on disclosure and use that are requested by patients.

Answer 21

Right to Request Restriction.

Question 22

Right to Receive ____________________________ by _______________________ and at Alternative Locations: Patients may elect to have psychologists mail their bills to an address other than their home address or not too call them at their home phone, in order to protect patients’ confidentiality.

Answer 22

Right to Receive Confidential Communications by Alternative Means and at Alternative Locations.

Question 23

____________________: Patients have the right to inspect and receive a copy of PHI that is in the medical record. Records may only be withheld when disclosure would jeopardize the life or physical safety of the patient or others. Patients do not have a right to inspect or obtain a copy of their _____________________.

Answer 23

• Access to Records
• Psychotherapy notes

Question 24

Right of ____________________: Patients may request changes to their PHI to improve accuracy. If a psychotherapist determines that such a change would make the PHI less accurate, the request may be denied. The record may never be expunged; instead, changes should be noted as amendments. All requests for amendments, as well as whether they were granted or denied, must be documented.

Answer 24

Right of Amendment.

Question 25

Right of __________________: Patients have the right to receive record of all the disclosures of their PHI for the past six years. This record must include information about the date of the disclosure, the party to whom the information was disclosed, and a description of what was disclosed and for what purpose. Written authorization by the patient may be used in lieu of such an accounting procedure.

Answer 25

Accounting.

Question 26

HIPAA outlines ___ duties applicable to all providers who need to be HIPAA compliant.

Answer 26

5.

Question 27

___________________________: Psychologists must have one of these, and it must be given to all patients. It must reflect compliance with HIPAA and state laws. A HIPAA compliance oficer must be designated; in most small practices this would be the practitioner him or herself.

Answer 27

Written Privacy Policy.

Question 28

_____________________: Psychologists must track disclosures of PHI.

Answer 28

Tracking Disclosures.

Question 29

______________________________: Psychologist must ensure that employees are trained and compliant with HIPAA requirements. They must obtain contractual assurances that business associates (e.g., billing companies) comply with HIPAA.

Answer 29

Compliance of Employees and Business Associates.

Question 30

_______________________________: If psychologists want psychotherapy notes to receive more stringent protections, they must maintain these notes separately from the rest of the medical record.

Answer 30

Protection for Psychotherapy Notes.

Question 31

____________________________: Access to PHI must be protected; practitioners must take appropriate and reasonable actions such as locking filing cabinets, ensuring that electronic records are protected with passwords and firewalls, and encrypting e-mails that contain PHI.

Answer 31

Safeguarding Access to PHI.