HIPAA Regulations: Ch.9

17 Questions

What does HIPAA stand for?

Health Information Portability and Accountability Act

Which title of HIPAA addresses administrative simplification?

Title II

What does the HITECH Act provide in relation to the HIPAA Privacy Rule?

It provides important changes to the HIPAA Privacy Rule

Which of the following is not a covered entity under HIPAA?

Business associates

What is the role of the Office of the National Coordinator for Health Information Technology (ONC)?

To coordinate national efforts to implement and use health information technology

Which of the following is not a characteristic of a business associate under HIPAA?

Works for the healthcare organization

Which of the following is true regarding an individual's right to access their own protected health information (PHI)?

Covered entities are not required to provide access to psychotherapy notes.

Under the ARRA and HITECH Acts, what is required of covered entities with electronic health records (EHRs) when an individual requests access to their PHI?

They must make the PHI available or send it electronically if requested.

What is the maximum time period a covered entity can take to respond to an individual's request for access to their PHI?

30 days from receipt of the request, with a possible 30-day extension

Which of the following fees is a covered entity permitted to charge an individual for providing access to their PHI?

A reasonable fee for copying, supplies, labor, and postage

Which of the following is an exception to an individual's right to access their PHI under the HIPAA Privacy Rule?

Information compiled for civil or criminal actions

According to HIPAA regulations, what is a requirement for covered entities and business associates in terms of compensation for an individual's PHI?

Direct or indirect compensation for an individual's PHI requires authorization from that individual.

Under HIPAA, what administrative requirements must covered entities and business associates adhere to?

Designating a privacy officer and establishing privacy safeguards.

In the context of HIPAA, what actions are prohibited regarding the sale of an individual's PHI?

Receiving any form of compensation for an individual's PHI without their authorization.

What must be prominently stated when any remuneration is involved in a communication under HIPAA guidelines?

Any remuneration must be prominently stated.

In accordance with ARRA and HITECH, what is prohibited regarding an individual's PHI?

Receiving direct or indirect compensation in exchange for an individual's PHI without that individual's authorization.

What is required in a Business Associate Agreement (BAA) regarding communication standards to comply with HIPAA?

Consistent communication standards despite any payment involved.

Study Notes

HIPAA Overview

HIPAA stands for Health Insurance Portability and Accountability Act, enacted in 1996
The main goal is to improve the portability and continuity of health insurance coverage
The Act consists of five titles, including Title II, which addresses medical liability reform, health care fraud and abuse prevention, and administrative simplification

HIPAA Privacy and Security Standards

Privacy standards protect individually identifiable health information (PHI)
Security standards protect electronic PHI (ePHI) from unauthorized access, use, or disclosure
Transactions, identifiers, and code set standards regulate the exchange of health information
National provider identifiers are assigned to healthcare providers

HIPAA Applicability

HIPAA applies to covered entities, including healthcare providers, health plans, and healthcare clearinghouses
Business associates (BAs) are also subject to HIPAA, as they handle patients' health information
Examples of BAs include third-party billing companies and consultants

Individual Rights

Right of access: individuals have the right to access their own PHI in a designated record set
Right to request amendment: individuals can request corrections to their PHI
Right to accounting of disclosures: individuals can request a list of disclosures of their PHI
Right to request restrictions: individuals can request restrictions on the use of their PHI
Right to request confidential communications: individuals can request confidential communications

Access to PHI

Individuals can request access to their PHI in a designated record set
Covered entities must respond to requests within 30 days
Individuals can request electronic copies of their PHI
Covered entities can charge a reasonable fee for copying and postage
Individuals can direct that their PHI be transmitted to a third party

Sale of Information

Covered entities or BAs are prohibited from selling PHI without individual authorization
Exceptions exist for public health activities, research, and treatment

Fundraising

PHI can be used for fundraising, but individuals must be informed in the Notice of Privacy Practices
Individuals have the right to opt-out of fundraising communications
No authorization is required if only specific, limited information is disclosed

Administrative Requirements

Designation of a privacy officer is required
Standards for policies and procedures must be established
Workforce privacy training is required
Privacy safeguards must be established and practices regarding sanctions, retaliation, and waiver must be defined
Document and record retention policies must be implemented

Test your knowledge on HIPAA regulations regarding the sale of information, communication requirements, and authorization for remuneration. Questions are based on guidelines provided by AHIMA, ARRA, and HITECH.

Make Your Own Quizzes and Flashcards

Convert your notes into interactive study material.