| PHI | HIPAA | Education | Breach | Access |
|---|---|---|---|---|
|
False, HIPAA also applies to deceased individuals for 50 years after death
True or false- HIPAA only applies to living individuals
|
What does HIPAA stand for?
Health Information Portability and Accountability act
|
Who is required to have HIPAA compliance training?
each individual that handles PHI
|
Define Breach
an impermissible use or disclosure under the Privacy rule that comprises the security or privacy of the PHI
|
When should PHI be accessed?
Only when it is needed to do your job
|
|
List 3 examples of PHI
A person's name, DOB, physical address, phone numbers, email address, social security number, ect.
|
Who enforces the HIPAA Privacy rules?
The US department of health and human services through the office of civil rights
|
Where can employees report any HIPAA concerns?
Via fax, mail, or email to the Office for Civil Rights
|
What is considered a breach of HIPAA?
Staff who are not authorized to view PHI, failure to manage risks, theft of patient information from the records, sharing PHI online
|
True or False: There are reasons to access PHI without consent
True, medical care providers may release information to other providers or entities that are participating in the patients care
|
|
What is required before releasing any PHI?
A signed release of information
|
What is an example of incidental disclosure?
Overhearing a provider/MA conversation about another patient
|
True or False: Is HIPAA training required for any new employees that will be working with PHI but have prior knowledge of HIPAA
True
|
True or false: There are exceptions to the breach notification requirements?
True
|
What is the right of patients to their PHI?
They have the right to inspect or get a copy of their own PHI
|
|
What is the privacy rule for PHI?
The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.
|
What businesses must comply with HIPAA?
Any healthcare entity that electronically processes, stores, transmits, or receives medical records, claims or remittances
|
True or False: In the event of a conflict between HIPAA and state law, state law preempts HIPAA unless HIPAA is stricter
False
|
What is the difference between a violation and breach?
HIPAA violations can be the cause of breaches, only HIPAA breaches are reportable events
|
True or False: Family members can access other family members PHI
True only with medical power of attorney
|
|
What is PHI under HIPAA
appointment inquires, employee and education records, wearable devices, health and fitness apps
|
What are the penalties for HIPAA non-compliance?
Fines can be up to $250,000 for violations or imprisonment up to 10 years for knowing abuse or misuse of individual health information.
|
True or False: According to the Security Rule, it is never permissible to use the internet to transmit PHI
False
|
What is the minimum and maximum penalty for jail time?
1 to 10 years
|
Can you a person look up their own medical records in an EHR system that they have access to?
No, you can request copies but cannot look up your own information on a EHR
|
Support Us on Ko-fi