Unit 4 Flashcards
HIPAA
health information portability and accountability act.
Who requires a business associate agreement
any business associate
anyone that provides services for a covered Entity that involved PHI
When are you permitting HIPPA disclosure.
- for treatment
- for payment
- Operations - clinic management
- HIpAA authorization_ must be writtien.
what is minimum necessary rule.
Covered entity must take reasonable steps to limit disclosure of PHI to the minimum extent necessary.
what are the safeguards
training;administrative
lock things: physical safeguards
paswords: technical.
What is Breach:
impermissible use or disclosure of PHI that compromizes the phI.
what does hippa not cover?
facebook posts aobout self.
what does hippa coer
medical info held by physicians, insurance, cos, billing cos.
what is not allowed for hipasa disclosure
oral consent isn’t enough
how much info may covered entity use?
only the minimum necessary PHI for purpose of payment etc.
what mus covered entity and vendo have?
Business associate agreement
how to de identify health info?
1: remove all 18 identifieers
2: determines risk to be small
what are the identifiers
name, address, dates like birth, and admission, phone numbers, email. ssn, account numbers, photos, etc.
what is a covered entity
health care provider
health plan insurers
health care clearing house
what are not covered entitees
Pharmaceutical co
medical suppliers
employers
