Questions and Answers
Under HIPAA, a covered entity (CE) is defined as:
The minimum necessary standard:
Which of the following would be considered PHI?
An individual's first and last name and the medical diagnosis in a physician's progress report
The HIPAA Privacy Rule applies to which of the following?
Signup and view all the answers
Which of the following statements about the HIPAA Security Rule are true?
Signup and view all the answers
The HIPAA Security Rule applies to which of the following?
Signup and view all the answers
Which of the following are fundamental objectives of information security?
Signup and view all the answers
Technical safeguards are:
Signup and view all the answers
If an individual believes that a DoD covered entity (CE) is not complying with HIPAA, he or she may file a complaint with the:
Signup and view all the answers
Which of the following are categories for punishing violations of federal health care laws?
Signup and view all the answers
Which HHS Office is charged with protecting an individual patient's health information privacy and security through the enforcement of HIPAA?
Signup and view all the answers
A covered entity (CE) must have an established complaint process.
Signup and view all the answers
Which of the following are examples of personally identifiable information (PII)?
Signup and view all the answers
The e-Government Act promotes the use of electronic government services by the public and improves the use of information technology in the government.
Signup and view all the answers
A Systems of Records Notice (SORN) serves as a notice to the public about a system of records and must:
Signup and view all the answers
Under the Privacy Act, individuals have the right to request amendments of their records contained in a system of records.
Signup and view all the answers
A breach as defined by the DoD is broader than a HIPAA breach (or breach defined by HHS).
Signup and view all the answers
Which of the following are common causes of breaches?
Signup and view all the answers
Which of the following are breach prevention best practices?
Signup and view all the answers
When must a breach be reported to the U.S. Computer Emergency Readiness Team?
Signup and view all the answers
The HIPAA Security Rule applies to which of the following?
Signup and view all the answers
A Privacy Impact Assessment (PIA) is an analysis of how information is handled.
Signup and view all the answers
HIPAA provides individuals with the right to request an accounting of disclosures of their PHI.
Signup and view all the answers
Physical safeguards are:
Signup and view all the answers
Study Notes
HIPAA Overview
- A covered entity (CE) includes health plans, health care clearinghouses, and health care providers involved in standard electronic transactions.
- The minimum necessary standard restricts uses and disclosures of Protected Health Information (PHI) to only what is essential, except for treatment-related disclosures.
Definition of PHI
- PHI includes identifiable information such as an individual’s name along with their medical diagnosis in health records.
HIPAA Privacy Rule
- The Privacy Rule governs the use and disclosure of PHI by covered entities and business associates.
HIPAA Security Rule
- The Security Rule establishes national standards for protecting electronic PHI (ePHI) through administrative, technical, and physical safeguards.
- The rule applies strictly to ePHI.
Fundamental Objectives of Information Security
- Confidentiality, Integrity, and Availability are critical aspects of health information security that need safeguarding against threats.
Technical and Physical Safeguards
- Technical safeguards consist of technology and related policies aimed at accessing and protecting ePHI.
- Physical safeguards include protective measures for electronic systems and authorized access to facilities.
Reporting and Complaints
- Individuals suspecting non-compliance with HIPAA by a Department of Defense (DoD) CE can file complaints with various offices, including the DHA Privacy Office and HHS Secretary.
Punishments for Violations
- Violations of federal healthcare laws can result in criminal penalties, civil money penalties, or sanctions.
HHS Enforcement Office
- The Office for Civil Rights (OCR) is responsible for enforcing HIPAA to protect patient health information privacy and security.
Personally Identifiable Information (PII)
- PII includes identifiable information like Social Security Numbers, home addresses, and personal medical data.
e-Government Act
- Promotes the use of electronic government services while enhancing the role of information technology in governmental operations.
Systems of Records Notice (SORN)
- A SORN communicates the existence of a records system, detailing how information will be used and necessitating updates upon changes.
Privacy Act Rights
- Individuals can request amendments to their records under the Privacy Act framework.
Breach Definitions and Causes
- DoD defines a breach more broadly than HIPAA; common breach causes include human error, theft, and unauthorized access to PHI and PII.
Breach Prevention Practices
- To mitigate breaches, access only necessary PHI/PII, promptly collect printed documents, and ensure workstations are secured when unattended.
Breach Reporting Timeline
- Breaches involving the U.S. Computer Emergency Readiness Team must be reported within one hour of discovery.
Privacy Impact Assessment (PIA)
- A PIA analyzes the management of personal information and ensures compliance with privacy policies.
Right to Accounting of Disclosures
- HIPAA grants individuals the right to request an accounting of disclosures regarding their PHI.
Summary of Safeguards
- Physical safeguards include measures protecting systems and facilities against environmental dangers and unauthorized access.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Test your knowledge on HIPAA regulations and the Privacy Act with these clinical refresher flashcards. Review key concepts such as covered entities and the minimum necessary standard to ensure compliance in healthcare settings.
