HITECH Act: Patient Rights and Health Information Disclosure

Questions and Answers

What is a requirement for a healthcare provider to not disclose health information to a health plan?

• The individual is a minor
• The individual requests the information not be provided to the health plan (correct)
• The individual or family paid a partial amount out of pocket
• The health plan would normally obtain the information for payment or health care operations

What is the purpose of the right to request an accounting of disclosures?

• To restrict disclosure of health information to health plans
• To allow patients to request confidential communication
• To provide patients with a list of entities that have received their PHI (correct)
• To allow patients to request amendments to their PHI

What is a condition for accommodating a request for confidential communication from a health plan?

• The request must be made in writing
• The individual must state that the disclosure of the information in another manner could endanger the individual (correct)
• The request must be made by a family member
• The request must be approved by a healthcare provider

What is the result of a patient requesting a restriction on the disclosure of their health information?

The CE is under no obligation to agree to the restriction (C)

What is the purpose of the right to request restrictions on the disclosure of health information?

To allow patients to control how their health information is used and disclosed (A)

What is a requirement for a healthcare provider to accommodate a request for confidential communication?

The request must be reasonable (A)

What is the primary focus of Security in the context of health information?

Protecting the confidentiality, integrity, and availability of information and systems (A)

What is the main difference between Privacy and Confidentiality?

Privacy is concerned with protecting personal information, while Confidentiality is concerned with protecting information once it has been received (A)

What is the purpose of the Security Rule in HIPAA?

To establish the physical, technical, and administrative safeguards for protecting electronic PHI (D)

What is an Organized Health Care Arrangement (OHCA) in the context of HIPAA?

A clinically integrated setting where an individual receives healthcare from more than one health provider (A)

What is the difference between Required and Addressable Standards in the Security Rule?

Required Standards are mandatory, while Addressable Standards are optional (C)

What is the scope of Security Regulations under HIPAA?

Only electronic PHI (D)

What is the main reason for a covered entity to provide an individual with a list of all disclosures?

To comply with the privacy regulations (C)

What type of disclosure is exempt from the accounting requirement?

Disclosure to a correctional institution (A)

How many years of disclosures can an individual request in an accounting?

6 years (B)

What is the purpose of HITECH in relation to accounting of disclosures?

To provide patients with an accounting of uses and disclosures from electronic health records (C)

Where can an individual file a complaint regarding a covered entity's privacy practices?

With both the CE's Privacy Officer and the OCR of the DOH (D)

What is the purpose of the accounting of disclosures?

To provide the individual with a list of all disclosures made (A)

Flashcards are hidden until you start studying