Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CISSP Certification > Module #7: Healthcare > Flashcards

Module #7: Healthcare Flashcards

1
Q

Why privacy law in healthcare?

A
  • protect one’s sense of self
  • allows for more dialogue
  • safeguards against unequal treatment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How can covered entities ensure compliance with regulations that protect the privacy and security of healthcare info?

A

Covered entities include:
- health plans (health insurance co, HMO, company health plan, medicare/medicaid),

  • healthcare clearing houses (ie: billing service, HRIS)
  • healthcare providers who electronically transmit any health insurance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does HIPPA stand for?

A

Health Insurance Portability and Accountability Act of 1996

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Why was HIPPA enacted?

A
  • efficiency
  • security (Payment)
  • enforcement (dept of health and human services)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is PHI?

A

Protected Health Information (PHI) is:

  • individually identifiable health information
  • related to a physical or mental condition
  • held by an entity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is ePHI?

A

Electronic Protected Health Information (ePHI)

-PHI that is transmitted or maintained in electronic media

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What covered entities are included by ePHI?

A
  • Covered entities include:
    - -healthcare providers
    - -clearinghouses
- -business associates such as claims processing and data analysis
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

HIPPA Privacy and Security Rules 1

A
  • Compliance of specific requirements
  • Privacy and security of health information
  • Written agreement or another arrangement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

HIPPA Privacy and Security Rules 2:

What are the 6 covered entities

A

1 privacy notice: 1st date

Covered entities:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

HIPPA Privacy and Security Rules 2:

Rules defined?

A
  • ensure the confidentiality, integrity, and availability of all ePHI
  • Protect anticipated threats, hazards, uses or disclosures
  • ensure compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What happened in Feinstein’s Institute for Medical research HIPPA settlement?

A
  • ePHI was stolen off a laptop taken from an employees car.
  • Office of Civil Rights (OCR) found that their security management was not compliant
  • it failed to implement mechanisms for safeguarding ePHI
  • paid $3.9 million to settle claims
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is GINA?

Year?

Definition?

A

The Genetic Information Nondiscrimination Act

  • enacted in 2008
  • genetic testing

-protects individuals against genetic discrimination by insurance providers and employers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does GINA do for employers?

A
  • Family members who have manifested a disease

- requirements or request for genetic information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does GINA do for insurance?

A
  • implementing higher premiums based on genetic tests

- using genetic predisposition to deny coverage based on a preexisting condition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is HITECH

year?

defined?

offerings?

A

Health information Technology for Economic and Clinical Health

  • 2009
  • adoption and meaningful use of health information technology
  • incentives for healthcare providers to use and develop electronic health records and a national electronic health information exchange
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How did HITECH strengthen existing HIPPA laws?

A
  • data minimization
  • increased penalties
  • notice of breach
  • electronic health records (ERHs)
17
Q

HITECH: data minimization

A

Refers to PHI including identifiers of the individual. Any data disclosed must be the minimum amount necessary.

18
Q

HITECH: increased penalties

A

Penalties up to $1.5 million are allowable and may extend to criminal liability even if the covered entity didn’t know about the violations

19
Q

HITECH: Notice of breach

A

entities or companies that handle PHI must notify individuals, the Dept of Health and Human Services, and potentially the media when security is compromised

20
Q

HITECH: electronic health records (EHRs)

A

–linked with local hospitals and used to share
necessary medical information for treatment, payment, or healthcare operations.

–promotes the goal of a National Health Information Network.

21
Q

Cures Act name?

A

The Cures Act and Confidentiality of Substance Use Disorder Patient Records Rule of 2016

22
Q

21st Century Cures Act definition?

A

–expedites the research process for new medical devices and prescription drugs

–quickens the process for drug approval

–reforms mental health treatment

23
Q

Cures act provisions?

A
  • Prohibition of info-blocking: conduct that interferes with EHR
  • “Certificates of confidentiality” for research requirements (particularly for alcoholics and substance abuse)
  • “compassionate” sharing of mental health or substance abuse info with family or caregivers
  • Exemptions for mandatory disclosure of individual biomedical research info under the Freedom of Information Act
  • remote review of PHI under HIPAA rules
24
Q

Confidentiality of Substance Use Disorder Patient Records Rule

A
  • 1970

- privacy protections for individuals seeking medical care for alcohol and substance abuse

25
Confidentiality of Substance Use Disorder Patient Records Rule components?
``` #1 scope #2 applicability #3 Disclosure #4 Re-disclosure #5 exceptions #6 security ```
26
Confidentiality of Substance Use Disorder Patient Records Rule scope defined
-- Use and disclosure of patient-identifying info -- restricting the use of info leading to criminal charges
27
Confidentiality of Substance Use Disorder Patient Records Rule applicability defined
Federally funded programs and entities that: -- Are required by state licensing -- Use controlled substances that require licensing by the DEA
28
Confidentiality of Substance Use Disorder Patient Records Rule disclosure defined
Consent form detailing the disclosure of information
29
Confidentiality of Substance Use Disorder Patient Records Rule re-disclosure defined
-- Prohibits the re-disclosing of info if it would identify the individual as receiving treatment
30
Confidentiality of Substance Use Disorder Patient Records Rule exceptions defined
Exceptions to consent requirements: - - Emergencies - - Research - - Evaluations - - Crimes on-premises or against personnel - - Child abuse reporting - - Court Orders
31
Confidentiality of Substance Use Disorder Patient Records Rule security defined
Formal policies and procedures in place to ensure the security of information
32
COVID-19 Consumer Data Protection Act of 2020
--protections for personal information as well as a preemption clause. --The bill was submitted on May 7, 2020, and referred to the Committee on Commerce, Science, and Transportation.
33
COVID Bi-Partisan bill
regulate contact tracing apps to protect the privacy of those who do not want to be tracked as well as prohibit commercial use of any data collected.
34
True or false? HIPAA preempts stricter state laws. True False
False
35
Which is NOT a requirement under HIPAA’s Privacy Rule? A)_ A detailed privacy notice provided at the date of first service delivered B)_ Opt-out authorization for use or disclosure of personal health information outside of HIPAA guidelines C)_ Limited use and disclosure of personal health information for business associates, such as billing companies D)_Safeguards in place to protect the confidentiality and integrity of all personal health information
B)_ Opt-out authorization for use or disclosure of personal health information outside of HIPAA guidelines
36
Who is responsible for enforcing HIPAA’s Privacy and Security Rules? A)_Office for Civil Rights (OCR) B)_Office of Compliance (OOC) C)_Agency for Healthcare Research and Quality (AHRQ) D)_Health Resources and Services Administration (HRSA)
A) OCR
37
Which act is intended to expedite the research process for medical devices and prescription drugs? A)_Health Insurance Portability and Accountability Act (HIPAA) B)_Health Information Technology for Economic and Clinical Health Act (HITECH) C)_21st Century Cures Act D)_Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and Rehabilitation Act
C) 21st Century Cures Act
38
Which act introduced the first medical privacy provisions? A)_Health Insurance Portability and Accountability Act (HIPAA) B)_Health Information Technology for Economic and Clinical Health Act (HITECH) C)_21st Century Cures Act D)_Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and Rehabilitation Act
D)_Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and Rehabilitation Act
39
True or false? Health insurance providers may, under some circumstances, implement higher premiums based on genetic information.
False

CISSP Certification (14 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions