HIPPA

Question 1

What does HIPAA stand for?

Answer 1

H- Health

I- Insurance

P- Portability

A- Accountability

A- Act

Question 2

What is HIPAA and what organizations must comply with it?

Answer 2

HIPAA = Health Insurance Portability and Accountability Act of 1996 established national standards for protection of patient medical information and health care providers such as (nurses, doctors, hospitals, dentists, etc.) must comply with it. It is a federal law imposed on all healthcare organizations including hospitals, physician offices, home health agencies, nursing homes and other providers, as well as health plans and clearing houses, that protects patient health information.

Question 3

These organizations MUST comply HIPAA:

Answer 3

Hospitals, Physician offices, home health agencies, nursing homes, health plans, clearing houses

Question 4

HIPAA covers a broad range of issues. Accountability involves “Administrative simplification” which includes:

Answer 4

Privacy, security, uniform transactions, code sets, and identifiers

Question 5

The Privacy Rule Protects information known as

Answer 5

protected health information

Question 6

This protects patient information that exists in _______________________, ______________ and____________________________ formats.

Answer 6

written, oral, electronic

Question 7

The Privacy Rule limits the way in which members of the workforce may use and disclose PHI. Workforce members MUST HAVE JOB-RELATED REASONS to use and disclose

Answer 7

PHI

Question 8

Workforce members who MUST comply with the HIPAA privacy rule include:

Answer 8

Employees, volunteers, trainees, and other persons who have a job-related reason to access personal health information

Question 9

The HIPAA Privacy Rule requires that institutions provide all patients with a copy of its:

Answer 9

Notice of Privacy Practices (NOPP). Informs patients of patient rights.

Question 10

The Notice of Privacy Practices (NOPP) informs patients of their____________. Each patient must ______an acknowledgement after receiving the NOPP.

Answer 10

patient rights, sign

Question 11

A patient’s privacy rights are communicated to the patient through what notice?

Answer 11

Notice of Privacy Practices (NOPP)

Question 12

The Privacy Rule requires that institutions designate a Privacy Officer who is responsible for:

Answer 12

The development and implantation of privacy policies, privacy related training education, investigating privacy related complaints, and conducting routine audits ensure compliance

Question 13

The ______________is a key component
of the HIPAA Privacy Rule.

Answer 13

minimum necessary standard

Question 14

The standard requires covered entities to:

Answer 14

Evaluate their practices and enhance safeguards to protect access and disclosure of PHI.

Question 15

For uses of PHI, the covered entity’s policies and procedures must identify who needs access to the information:

Answer 15

To carry out their job duties, the categories or types of PHI needed, and the conditions appropriate to such access.

Question 16

The Privacy Rule permits certain incidental uses and disclosures as long as the covered entity has adhered to the following:

Answer 16

Applied reasonable safeguards and implemented the minimum necessary standard.

Question 17

What must covered entities have in place that protect against uses and disclosures nor permitted by the privacy rule?

Answer 17

Appropriate administrative, technical, and physical safeguards that protect against uses and disclosures not permitted by the Privacy Rule.

Question 18

What is HITECH?

Answer 18

Health Information Technology for Economic and Clinical Health Act

Question 19

HITECH updated the HIPAA Privacy Rule to include:

Answer 19

Protections against identity theft

Question 20

Define Business Associate and their job duties:

Answer 20

A person or entity that performs certain functions or activities that involves the use or disclosure of PHI on behalf of, or provides services to, a covered entity

Question 21

What is an example of a business associate?

Answer 21

Third party administrator that assists with claims

Question 22

What are Treatment, Payment, and Health Care Operations (TPO)?

Answer 22

TREATMENT = Means the provision, coordination, or management of health care and related services. Allows covered entities to disclose individuals PHI for treatment, payment, and healthcare operations.

Question 23

In addition to the general definition, the Privacy Rule provides examples of common payment activities which include, but are not limited to:

Answer 23

Determining eligibility or coverage under a plan and adjudicating claims, risk adjustments, billing and collection activities

Question 24

What organization is responsible for administering and enforcing HIPAA standards?

Answer 24

The department of health and human services, Office for Civil Rights

Question 25

If a covered entity’s workforce members do not follow the rules set by HIPAA, the Government has the right to:

Answer 25

Conduct an investigation and impose fines and/or jail sentences

Question 26

Unintentional HIPAA violations may result in:

Answer 26

$100 fine per violation, $25,000 for multiple violations of the same standard in a calendar year

Question 27

Knowingly making unauthorized disclosure of PHI may result in:

Answer 27

$50,000 fine, imprisonment up to one year, or both

Question 28

Offenses which include false pretenses may result in:

Answer 28

$100,000 fine, imprisonment up to 5 years, or both

Question 29

Offenses with intent to sell information may result in:

Answer 29

$250,000 fine, imprisonment up to 10 years, or both