HITECH Act: Patient Rights and Health Information Disclosure

Questions and Answers

What is a requirement for a healthcare provider to not disclose health information to a health plan?

The individual is a minor

The individual requests the information not be provided to the health plan (correct)

The individual or family paid a partial amount out of pocket

The health plan would normally obtain the information for payment or health care operations

What is the purpose of the right to request an accounting of disclosures?

To restrict disclosure of health information to health plans

To allow patients to request confidential communication

To provide patients with a list of entities that have received their PHI (correct)

To allow patients to request amendments to their PHI

What is a condition for accommodating a request for confidential communication from a health plan?

The request must be made in writing

The individual must state that the disclosure of the information in another manner could endanger the individual (correct)

The request must be made by a family member

The request must be approved by a healthcare provider

What is the result of a patient requesting a restriction on the disclosure of their health information?

The CE is under no obligation to agree to the restriction

What is the purpose of the right to request restrictions on the disclosure of health information?

To allow patients to control how their health information is used and disclosed

What is a requirement for a healthcare provider to accommodate a request for confidential communication?

The request must be reasonable

What is the primary focus of Security in the context of health information?

Protecting the confidentiality, integrity, and availability of information and systems

What is the main difference between Privacy and Confidentiality?

Privacy is concerned with protecting personal information, while Confidentiality is concerned with protecting information once it has been received

What is the purpose of the Security Rule in HIPAA?

To establish the physical, technical, and administrative safeguards for protecting electronic PHI

What is an Organized Health Care Arrangement (OHCA) in the context of HIPAA?

A clinically integrated setting where an individual receives healthcare from more than one health provider

What is the difference between Required and Addressable Standards in the Security Rule?

Required Standards are mandatory, while Addressable Standards are optional

What is the scope of Security Regulations under HIPAA?

Only electronic PHI

What is the main reason for a covered entity to provide an individual with a list of all disclosures?

To comply with the privacy regulations

What type of disclosure is exempt from the accounting requirement?

Disclosure to a correctional institution

How many years of disclosures can an individual request in an accounting?

6 years

What is the purpose of HITECH in relation to accounting of disclosures?

To provide patients with an accounting of uses and disclosures from electronic health records

Where can an individual file a complaint regarding a covered entity's privacy practices?

With both the CE's Privacy Officer and the OCR of the DOH

What is the purpose of the accounting of disclosures?

To provide the individual with a list of all disclosures made