Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/33

Click to flip

33 Cards in this Set

  • Front
  • Back
puprose of HIPAA
to protect and enhance the rights of patients
what 3 things does HIPPA do?
1.improve portability and continuity of health insurance coverage

2.simpligy administration of health insurance

3.Have privacy and security regulations in place to deter healthcare fraud
Under HIPAA why are most dentists considered a covered entiity?
bc most dentists transmits health info such as insurance claims in an electronic form, through a vendor or billing service
3 components of HIPAA
1.privacy-protects HI and gives patients rights over their info

2.Transaction Set-standardizes the electronic transfer of a patient's PHI

3.Security-enacts privacy and security regulations to protect a pts HI from health care fraud and abuse
HI
health information is any info whether oral or recorded in any form or medium which is:

created or recieved by a healthcare provider health plan,public health authority, employer, life insurer, school or healthcare clearinghouse

relates to the past,present, or future physical or mental hlth condition of pt; the healthcare provided to a person; or payment for healthcare provided to a person
PHI
protected health info means that a persons ID helath info that is transmitted or maintained by electronic or other media
What does PHI include?
oral communications among staff, pts and other providers

it is NOT intended to prevent providers from talking w/each other and to pts
under PHI what oral communications are allowed?
-dds and staff can disscuss PI over phone w/pt,provider, healthcare professional, or family member

-dds/staff can discuss lab results w/pt or provider in treatment area

-dds/staff can discuss pts condition during training rounds
T/F A DDS has to make soundproof room for discussing PHI
FALSE
what does HIPAA privacy regulations allow pts?
gives pt right to be aware of how you will use and disclose their HI
what does notice of privacy practices acknowlege and consent form contain?
disclosures that HIPAA defines as TPO
consent
described in notice of privacy practices

gives dr permission to use or disclose PHI for TPO

consent also informs the pt that OK law requires info that is consiered comm or venereal diseases
what if pt refuses to sign consent?
then no services can be done
authorization
gives dentist permission to use PHI for specific purpose other than TPO

an authorization is v detailed and contains

1.expiration date
2.purpose of use of PHI
reasons that DDS could make disclosures of PHI wo pt consent or authorization
1.public health surveilance
2.suspect child/domestic abus
3.healthcare fraud
4.oversight by HHS
5.law enforcemnt w/warrant
what should DDS use when disclosing HI?
minimum necessary standard

use/disclose only info that is needed to accomplish the intended purpose to safeguard persons HI
when does minimum necessary provisions not apply?
1.disclosure to healthcare provider for Tx

2.disclosure to pt

3.disclosure required for HIPAA complianc

4.disclosure info to gov

5.disclosure required by law
what does minimum necessary rule apply to?
written communication
reminder cards
fax
pts list/schedule

verbal communication
phone calls
disscussions
uder HIPAA what are the pts rights?
-to access,copy,inspects and amend their info

-right to request disclosures or restrictions on TPO

-right to revoke consent or authorization

-to complain to dentist or HHS. complain must be filed wi 180 days
under privacy rule who has access to minors HI
the parent bc they are the minor's personal representative

exception: state where no parental consent is needed
HIPAA administrative requirements
implement privacy practices in office

dev policies,procedures, and documentation practices

designate privacy officer and contact person to get complaints

give employees training in privacy of PHI

give notice of privacy practices to pts

establish complaint system

mitigate consequences if there is a breach of contract
what areas does the HIPAA law cover
assuring protability of hlth insurance coverage

mandating fraud and abuse control program

creating medical savings account

administrative simplification of provisions-privacy

maintaining administrative, and techinical safeguards to protect PHI
what can HIPAA violations trigger?
both civil and criminal penalties
civil penalties for HIPAA privacy violation
up to $100 for each offense w/annual cap of $25,000 for repeated violations of same requirement
criminal penality of HIPAA violation
criminal penlties is knowing, wronful misuse of PHI

knowing misuse=$50,000 and/or 1 yr

misuse under false pretenses up to 100,000 and/or 5 years

sell/profit or harm up to
250,000 and/or 10 years
what does HIPAA require retention of?
pt acknowledgments,consents, and pt authorizations

documentation/disclosures

notice of privacy practices

other Hipaa policies

all info reguarding HIPAA retained for 6 years from the last use
WHO does HIPAA apply to?
all hlthcare providers

-who transmit PHI in electronic form

-transactions including electronic claims
are faxes considered an electronic transaction?
no
3key definitions for security of ePHI
1.integrity-info has not been altered wo authorization

2.confidentiality-info that is only available to authorized persons

3.availability-info can be accessed and used by authorized persons when needed
HIPAA regulations preempt laws in most cases. State laws still apply only when...
1.state laws already exist that relate to security of pts' ePHI

2.State law does not conflict w/ HIPAA security

3.Possible for dentist to comply w/state and HIPAA regulations
what is a risk assessment?
review data systems

ID threats

evaluate security controls

determine risk
5 key concepts to HIPAA securtiy
1.general requiremtns
2.flexibility or approach
3.standards
4.implemntation of specifics
5.maintaince
3 options if specification is addressable
1.do it, implement specification if reasonable and document

2.use alternate measure and document desciion

3.dont do it. document why the standard does not apply to you