HIPPA Flashcards Preview

Intro. to clinic > HIPPA > Flashcards

Flashcards in HIPPA Deck (39):
1

What does HIPPA do?

improves efficiency and effectiveness of health care system by standardizing the electronic exchange of administrative and finanacial data
mandates specific protections for individually identifiable health information

2

goals of HIPPA

guarentee ongoing health insurance coverage for workers who change jobs
portability of pre-existing condition exemptions between employer group health plans
preventing fraud and abuse in health care
protect patient health information
standardize electronic transactions in healthcare/stimplify administrative reporting

3

covered entity

all health care plans
all healthcare clearinghousers (billing services)
healthcare provider who transmits any health information in electronic form in connection with a standard transaction

4

why is HIPPA needed?

to protect sensitive data from being lost, destroyed or misused

5

why is HIPPA important?

public trust
morally and ethically the right thing
good for business
prevents law suits
avoids financial penalties and possible imprisonment

6

privacy

rights of an individual to limit the use and disclosure of all protected health information

7

security

obligations of covered entities to safeguard protected health information from improper use of disclosure, especially electronically transmitted or stored information

8

disclosure

release, transfer, provision of access to or divulging of information outside the entitiy holding the information

9

use

sharing, employment, application, utilization, examination or analysis of individually identifiable information within an entitiy

10

workforce

empolyees, volunteers, trainees and other persons whose conduct,, in the performance work, is under the direct control of such entity

11

business associate

a person or entity that performs a function that requires the creation, use or disclosure of PHI on behalf of a CE but is not considered partof a workforce

12

facility

the physical premises and the interior and exterior of a building

13

security incident

attempted or successful unauthorized access, use, disclosure, modification or destruction of information or interference with system operations in an information system

14

workstation

and eletronic computing device, that performs similar functions and electronic media stored in its immediate environment

15

malicious software

software designed to damage or disrupt a system

16

PHI

any information, including demographic information, collected from an individual that is
1. created or received by a healthcare provider, health plan, employeer or healthcare clearinghouse
2. relates to the past present or future physical or mental health or condition of a individual; provision of health-care to an individual, or to the past present or future payment for the provision of healthcare to an individual
3. identifes the individual
4. there si reasonable basis to believe that the information can be used to identify the individual

17

examples of individually identifiable information (PHI)

name
address
empolyer
names of relatives
date of birth
phone/fax numbers
photos
cose or characteristics (occupation)
email address
SSN
medical record number
account number
certificate/liscence number
voice/fingerprints

18

what is NOT considered PHI?

employment records of CE
FERPA

19

privacy standards

require health care plans and providers to maintain administrative and physical safeguards to protect condifenciality of healht information and to protect against unarthorized access to that information

20

when does minimum necessary apply?

when using or disclosing protected health infomration or when requesting protected health information from another covered entity, a CE must make reasonable efforts to limit protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or requrest

21

when does minmum necessary apply?

anyone requesting PHI has a specific reason fofr which the PHI is needed
disclosure should be limited to that PHI needed for the specific purpose
use should be limited to the minimum necessary to perform your job

22

when is minimum necessary not applied?

when the PHI is for diagnosis or treatment purposes

23

what are patient rights for HIPPA?

1. to request an accounting of health information disclosures
2. request an amendment to health information
3. to inspect and copy health information
4. to receive confidential communications about tealth information
5. to request restrictions on disclosures
6. to complain to the CE and to DHHS

24

if a patient requests their PHI, when must you get it to them?

within 30 days of patient's request

25

what must you provide under HIPPA patient rights?

provide a printed policy of how PHI is used and protected
must have a history of PHI disclosures for purposes other than treatment, payment or health care operations

26

business associate aggreemtns include

1. billing or claims processing
2. medical transcritpions
3. utilization reivew
4. software vendors
5. offsite storage or document destruction

27

security standards as said by HIPPA

development and implementation of technical safeguards including firewall systems, virus detection, data backup systems, and updated software and hardware technology

28

administrative safeguards

1. security management process
2. assign security responsibility
3. workforce security
4. information acdess managment
5. security awarness and training
6. security incidence procedures
7. contingency planning
8. evaluation
9. business associate contracts

29

physical security considerations

1. computers
2. patient records
3. conversations/discussion of patient's health appointments
4. appointment book/scheduling system
5. secure rooms and files
6. FAX machines
7. contingency operations
8. facility security plan9. access controls and validation procedures
9. maitenance records
10. workshation use and security

30

technical safeguards

1. access control
2. audit conrols
3. integrity
4. person or entity authentication
5. transmission secturity

31

basics of a secure information system

1. access control
2. virus control
3. using approved hardware and software
4. backup procedureas

32

access control

controlling access to information only to those who are authorized
role based access or user based access methods used to assist in ensuring minimum necessary
passwords are sued to control access and provides authentication of the user and to audit (knowing whether or not tunauthorized access attempts have occured

33

how to keep your passowrd safe

1. keep it secret
2. commit it to memory
3. change it regularly
4. select passwords that are not easily guessed
5. never leave your system when you are logged on
6. never share your password

34

viruses

1. can spread easily to other copmuters and systems, or to any entity that you share information electronically
2. viruses may corrupt and damage date
3. viruses may damage your operating system rendering your sytems inoperable
5. viruses may cause your printer, scanner and browser to malfunction
6 .viruses may cause daa to be ranodmly sent contacts in your address book

35

ways to avoid viruses

1. scan all incoming data for viruses
2. scann all outgoing data for viruses
3. ensure the virus scanning software is updated with the latest virus signatures
4. never install unauthrozied software
5. stop and report suspected viruses immediately
6. don't attempt to fix a virus on your own

36

what should your last resort be for HIPPA related ifnormation?

get a backup
make sure it is in a safe place
make multiple backups
make frequent backups

37

how is PHI transmitted?

signt
face to face interactions
fax
email
phone
mail

38

how do you minimize visual misuse of PHI?

1. clean desk
2. placing patient charts with name faced inward
3. turning minitors away from general public
4. restricting access to areas where PPHI is openly displayed
5. shredding documents before putting them in the trash
6. conduct conversations in areas apart from others
7. speak in a low clear voice
8. if referencing a document, dont' show document to antoehr if there is finformation that the other shuld not have
9. take a survey of documents before ending conversation to make sure nothing is left behind
etc..

39

penalties for non-compliance

$100 fine per day for each unmet standard
$50,000 fine + one year in prison for knowingly disclosing health info for improper use
$100,000 fine + 5 years in proson for obtaining health information
udner flase pretenses
$250,000+
10 years in proson for usign health information
to sell, transfer or use for commerical
advantage, personal gain or malicious harm