| Privacy & Security in the HIPAA Statute | Who is Covered by HIPAA | What is Covered by HIPAA | HIPAA’s Other Concepts |
|---|---|---|---|
|
What is Privacy?
The right of the patient to control to whom their health information is disclosed.
|
Who are covered entities?
Health care provider, health plan and health care clearing house.
|
What is a three-part test?
For information to be PHI (Protected Health Information) it must meet a ____________.
|
What is the minimum necessary requirement?
If a business associate or covered entity only accesses a persons PHI on a “need to know” basis, they are meeting which requirement.
|
|
What is Security?
Measures that are taken to control access and protect information from unauthorized disclosure, alteration, destruction or loss.
|
What (or who) is a business associate (BA)?
A person or organization that performs functions or activities on behalf of a covered entity, but is not a part of the covered entity.
|
What is paper, electronic, imaged and oral?
PHI can exist in these four forms.
|
What is a Designated Record Set (DRS)?
Records maintained by or for a covered entity including medical records, billing records, and enrollment, payment, claims, adjudication, and case or medical management record systems.
|
|
What those who are bound to the HIPAA rule do?
Ensure workforce compliance.
|
What is a Business Associate Agreement (BAA)?
A contract that lists specific responsibilities associated with patient information, initiated by a covered entity for a person or organization to sign.
|
What is 18 elements and safe harbor method?
The information had this removed to deidentify PHI is this method.
|
What is a Legal Health Record (LHR)?
A record that could be disclosed in response to requests for legally admissible health records.
|
|
What is the focus of security?
Safeguard the information.
|
What is a work force?
Covered entities paid employees.
|
What is a Limited Data Set?
A data set that excludes the most direct identifiers of a person.
|
What is administrative, regulatory, financial and operational information?
The information not included in the DHR or LHR.
|
|
What is HIPAA, Health Insurance Portability and Accountability Act?
Enacted by Congress in 1996.
|
What is HITECH (Health Information Technology for Economic and Clinical Health)?
A BAA must meet HIPAA and __________ requirements.
|
What is 50 years?
It takes this long for health information to lose its PHI status.
|
What is disclosure, use and request?
The three ways PHI is handled, according to HIPAA.
|
Support Us on Ko-fi