Privacy & HIPAA

Question 1

Clinician Duty to Warn of Foreseeable Harm (Tarasoff)

Answer 1

(1) Explicit threat of imminent serious physical harm or death

(2) To an identifiable person

(3) Patient has apparent intent & ability to carry out threat

Question 2

Permitted Disclosures of Protected
Health Information

Answer 2

1. To patient
2. For treatment, payment, or health care operations
3. To investigate HIPAA complaints
4. As otherwise required by law (e.g. law
   enforcement, public health activities)

Otherwise: Need patient authorization

Question 3

Confidentiality:

Answer 3

Professional secrecy. Assurance
that information re: subject’s identity, health, behavior, etc. won’t be disclosed
w/o her permission.

Question 4

Privacy:

Answer 4

Being free from being observed or
disturbed by others. Ability to control access to self or one’s info.

Question 5

Data security:

Answer 5

Technical mechanisms to prevent
data breaches (e.g. encryption).

Question 6

Doe v. Medlantic:

Answer 6

Unconsented, unprivileged
disclosure to 3rd party of nonpublic info that D learned w/i confidential relationship.

Question 7

HIPAA Privacy Rule includes what groups?

Answer 7

1. Health Plans
2. Health Care Clearinghouses
3. Health Care providers
4. Business Associations
5. Employers

Question 8

Protected Health Information

Answer 8

Individually identifiable health information that is:

1. Transmitted by electronic media
2. Maintained in electronic media
3. Transmitted or maintained in any other form (e.g. paper)

Question 9

Permitted disclosures of protected
health information

Answer 9

-To patient

-For treatment, payment, or health care
operations

-To investigate HIPAA complaints

-As otherwise required by law (e.g. law
enforcement, public health activities)

-Otherwise need patient authorization

Question 10

Reproductive Privacy Rule

Answer 10

-Prohibits the use or disclosure of individually identifiable health information to law enforcement when purpose of investigation is to impose liability
on patients or physicians.

-Applies only when care was legal

-Explicitly protects privacy of people who travel from abortion-restrictive state to state w/ legal abortion

Question 11

Patient Rights

Answer 11

1. Inspect PHI & obtain copies
2. Request amendments

Question 12

Other HIPAA Issues/Requirements

Answer 12

1. Notice requirement
2. Breach notification
3. Civil and criminal penalties but no private cause of action (only HHS can enforce and impose these)
   –> if you want to sue, you’d have to sue under a breach of confidentiality theory.
4. State law can impose more stringent
   requirements than HIPAA
5. HIPAA Security Rule (Technical, administrative & physical
   safeguards)