What considerations do federal and state privacy laws share?
Information collected and stored about individuals should be limited to what is necessary to carry out the functions of the business or government agency collecting the information.
Access to personal information should be limited to those employees who m
Which federal laws most extensively regulate health care, including privacy?
HIPAA of 1996.
ARRA of 2009.
HITECH Act, Title XIII of ARRA.
PPACA of 2010.
HCERA of 2010.
Which HIPAA terms are health care practitioners most likely to routinely use?
Business Associate.
Covered entity.
Covered transaction.
De-Identify.
Designated record set.
Electronic data interchange (EDI).
Electronic transmission.
encryption.
Limited data set.
Minimum necessary.
Notice of privacy Practices.
Patient identifiers.
Per
What are the four HIPAA standards and rules?
1. Transactions and Code Sets:
A transaction refers to the transmission of information between two parties to carry out financial or administrative activities.
A code set is any set of codes used to encode data elements, such as tables of terms, medical c
What special requirements does HIPAA mandate for disclosing protected health information?
1. Permissions are required for releasing PHI.
2. There are special requirements for disclosing PHI.
3. There are civil and criminal penalties for unauthorized disclosure of PHI.
4. Patients have specific rights under HIPAA which include:
a. obtain one's
What recent legislation significantly changed HIPAA privacy, security, and enforcement rules?
American Recovery and Reinvestment Act (ARRA) of 2009
Health Information Technology for Economic and Clinical Health (HITECH) Act, Title XIII
What patient rights does HIPAA define?
Access to medical records and the right to copy them.
Request for amendment to designated record set.
Request for an accounting of disclosures of PHI.
Request to be contacted at an alternate location.
Requests for further restrictions on who has access to
How can you protect the privacy of your own medical records?
Read notices of privacy practices carefully.
Tell you health care provider your confidentiality concerns.
What is the truth about some common HIPAA myths?
Physicians may exchange information about a patient without written authorization.
Doctor-patient e-mails are permitted, as long as proper security is in place.
Employers may not access employees' PHI without patients' written authorization, even if the e
Privacy
Freedom from unauthorized intrusion.
HIPAA
Health Insurance Portability Accountability Act
A federal law passed in 1996 to protect privacy and other health care rights for patients. The act helps workers keep continuous health insurance coverage for themselves and their dependents when they change
Covered entities
Health care providers and clearinghouses that transmit HIPAA transactions electronically, and must comply with HIPAA standards and rules.
Covered transactions
Electronic exchanges of information between two covered-entity business partners using HIPAA-mandated transaction standards.
designated record set
Records maintained by or for a HIPAA-covered entity.
Notice of Privacy Practices (NPP)
A written document detailing a health care provider's privacy practices.
Protected Health Information (PHI)
Information that contains one or more patient identifiers.
de-identify
To remove from health care transactions all information that identifies patients.
state preemption
If a state's privacy laws are stricter than HIPAA privacy standards, the state laws take precedence.
treatment, payment, and health care operations (TPO)
A HIPAA term for qualified providers, disclosure of PHI to obtain reimbursement, and activities and transactions among entities.
Treatment
means that a health care provider can provide care;
payment
means that a provider can disclose PHI to be reimbursed;
standard
A general requirement under HIPAA.
rule
A document that includes the HIPAA standards or requirements.
transaction
Transmission of information between two parties for financial or administrative activities.
code set
Under HIPAA, terms that provide for uniformity and simplification of health care billing and record keeping.
electronic transmission
The sending of information from one network-connected computer to another.
electronic data interchange (EDI)
The use of uniform electronic network protocols to transfer business information between organizations via computer networks.
permission
A reason under HIPAA for disclosing patient information.
limited data set
Protected health information from which certain patient identifiers have been removed.
security
Policies and procedures that protect PHI from unauthorized access.
firewalls
Hardware, software, or both designed to prevent unauthorized persons from accessing electronic information.
encryption
The scrambling or encoding of information before sending it electronically.
verification
The requirement under HIPAA to verify any request as legitimate before protected health information is released.
minimum necessary
Term referring to the limited amount of patient information that may be disclosed, depending on circumstances.
HIPAA
Health Insurance Portability & Accountability Act of 1996
ARRA
American Recovery & Reinvestment Act of 2009
HITECH Act under Title XIII of ARRA
Health Information Technology for Economic and Clinical Health Act
PPACA
Patient Protection and Affordable Care Act of 2010
HCERA
Health Care and Education Reconciliation Act of 2010