HITECH Flashcards
Which of the following is a requirement in the HITECH Act for business associates?
a. Encrypt all email transmissions
b. Filter all internet traffic for viruses
c. Implement password protocols
d. Perform background checks on employees
c. Implement password protocols
Password management is a required as an administrative control.
What duty does a business associate have if it experiences a breach in security related to medical information?
a. Notify the state attorney general’s office
b. Notify the individuals whose information could have been disclosed
c. Notify the covered entity who provided the information
d. Notify HHS
c. Notify the covered entity who provided the information
The bank is required to notify the covered entity. The covered entity has the responsibility to notify the individuals and, if applicable, the government.
In which of the following circumstances is First National Bank MOST LIKELY to be covered by the HITECH regulations?
a. The bank opens a payroll account for a local hospital
b. The bank processes a lock box account for a medical clinic primarily consisting of patient payments
c. The bank makes a loan to a group of doctors to purchase office equipment, secured by the equipment
d. A medical equipment vendor opens a checking account at the bank
b. The bank processes a lock box account for a medical clinic primarily consisting of patient payments
Of all of the circumstances described, the bank is most likely to have access to patient information when processing payments that are paying for medical services. The opening of deposit accounts and making loans to customers related to the medical field does not bring the bank under the authority of the HITECH Act.
What bank products are covered under HITECH or HIPPA?
Medical lockboxes or medical banking services to healthcare providers or other covered entities under HIPPA, or ACH activities and related payment transactions
If there is a breach of information under HITECH, when must the bank report the breach?
Within 60 days
