Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
75 Cards in this Set
- Front
- Back
what does hipaa stand for
|
Health Insurance Portability and Accountability Act of 1996
|
|
What is hipaa
|
laws designed to protect and enhance the rights of patients.
privacy and security regulaitons in place to deter healthcare fraud and abuse |
|
Hipaa helps improve the __________ and __________ of health insurance
|
portability and continuity
|
|
Under Hipaa most dentists are condered what/
|
covered entity- healthcare provider who transmits health info surch as insurace claims in an electronic form, through a vendor or billing service
|
|
What are the three components of Hipaa
|
privacy, transaction set, and security
|
|
what does hipaa stand for
|
Health Insurance Portability and Accountability Act of 1996
|
|
What is hipaa
|
laws designed to protect and enhance the rights of patients.
privacy and security regulaitons in place to deter healthcare fraud and abuse |
|
Hipaa helps improve the __________ and __________ of health insurance
|
portability and continuity
|
|
Under Hipaa most dentists are condered what/
|
covered entity- healthcare provider who transmits health info surch as insurace claims in an electronic form, through a vendor or billing service
|
|
What are the three components of Hipaa
|
privacy, transaction set, and security
|
|
What is the privacy componenet of hipaa
|
standards for the protection of an individual's health info (HI) and gives the patients rights over their protected heath info (PHI)
|
|
What is the transaction set component of hipaa
|
standardizes the electronic transfer of a patients PHI
|
|
What is the security component of Hipaa
|
enacts privacy and security regulations to protect a patients HI from healthcare fraud and abuse
|
|
What is health info (HI)
|
any info whether oral or recorded inany form or medium
|
|
What are included as health info
|
created or received by a healthcare provider health paln, public helath authorigy, employer, life insurer, school or university, or ehalthcare clearing house
|
|
What does health info relate to?
|
the past, present, or future physical or mental health or condition of an individual, the healthcare provided to a person, or the paost present, or future payment for healthcare provided to a person
|
|
What does protected health info (PHI) mean
|
a persons identifiable helath info that is transmitted or maintained by electronic or other media
|
|
What is included in protected health info
|
includes oral comm among staff members, patients, and other providers. It is not intended to prevent providers from talking with each other and to patients
|
|
What are permissible oral comm of PHI
|
DDS and staff may discuss pt condition ove rthe phone withthe patient, healthcare prof, or an authorized family member
DDS and staff may discuss lab test results with a pt or other provider in joint tx area DDS and staff may discuss pt condition during training rounds in an academic or training institution |
|
T/F The privacy regulaitons of Hipaa give the pt the right to be aware of how you will use and disclose their Hi
|
true
|
|
hipaa defines disclosure as...
|
tx, payment, or healthcare operations (TPO) is accomplished through Notice of Privacy Practices Acknowledge and Consent forms
|
|
Consent from pt used for what?
|
permits use or disclosure of PHI for Tx, payment, or helathcare operations (TPO)
use and share helath recors for tx, payment, and healthcare operations described in the notice of privacy practices. |
|
The Consent inform pt about what?
|
inform the pt that oklahoma law requires that info authorization for disclosure may include info that is considered a communicable or venereal disease, including but not limited to hepatitis, syphilis, gohorrhea, HIV, and AIDS
|
|
What happens if pt refuses to sigh consent
|
then services cannot be provided to the pt
|
|
What is an authorization?
|
is a document that gives the dentist permission to use Protected health info for a specific purpose other than treatment, payment, or healthcare operations or to disclose PHI to a 3rd party
|
|
What is included in authorization
|
an expiration date
a purpose of use of PHI specific to the authorization permission of uses and disclosures of PHI |
|
What is an example of authorization
|
sending names and address of pt to a marketing company for dental products, no apply to newsletters
|
|
What are the special circumstances a DDS can make disclosures of PHI w/o acknowledgment, consent, or authorizaiton of pt
|
reason pf public health surveilance
suspected child abuse, neglect, or domestic violence investigation healthcare fraud investigation oversight by the secretary of HHS law enforcement with a valid warrent, court order, or administrative request |
|
What is inclueded in TPO?
|
treatment
payment healthcare operations |
|
What is the tx portion of TPO
|
medical info used to provide medical tx and services
|
|
What is the payment portion of TPO
|
may use med info for payment activities such as determinign eligibility or coverage under an ins plan
billing and collection |
|
What in incuded in the operations portion of TPO one may use med info for:
|
quality assessment
reviewing the competence of helathcare prof educaitona nd training helaht care prof arranging for legal or auditing service business managemnt and planning comm with pt about services such as services provided by OU providers, pt satisfaction surveys or announce a new provider/service |
|
What standard is used when disclosing Hi
|
minimum necessary standard
|
|
What is the minimum necessary standard?
|
only use/disclose info needed to accomplish the intended purpose
taking responsable safeguards to protect a person HI from disclosure |
|
When does the minimum necessary standard not apply
|
disclosure to:
healthcare provider the individual whi si the subject of the info required for Hipaa compliance in transactions info to governement required by law |
|
Minimun necessary applys to what types of communication
|
written and verbal
|
|
When does the minimum necessary apply to written comm
|
reminder cards
pt lists and schedules faxes |
|
When does the minimum necessary apply to verbal comm
|
discussions- quiet voice
voice messages- leave out details |
|
What rights do pt have under hipaa
|
access to copy chart
botain accounting of and the right to request restriction on disclosures for TPO conficential comm revoke their consent offer complaints reguarding health care info to the dentist |
|
Under the privacy rule a parent is considered what?
|
personal representative of minor child and has right to access HI
|
|
What are exeptions to parents being the personal representative of a minor
|
state or law not require parental consent prior to minor botaining care
when a court or another individual authorized by loaw consents to healthcare |
|
Does hipaa prempt state law that might authorize or prohibit a diclosure of PHI about a minor to a parent
|
No
|
|
Who has access to PHI
|
any employee or business associate that works on behaof of the practice and could have access to PHI
|
|
What is not included as business asso with access to PHI
|
referral to toehr providers, ins co, dental labs
|
|
What must a busines asso do with PHI
|
may use PHI for purpose used by provider
must safeguard PHI fom misuse must comply with all pt rights |
|
According to Hipaa what are the administrative requirements?
|
implement privacy practices in the dental office
develop policies, procedures, and documentation practices designate a privacy officer and a contact person to recieve complants Provide Hipaa training to employees provide Notice of privacy practices to pts establish complaint system |
|
What issuse are covered by the hipaa law?
|
asssuring portability of helath ins coverage
mandating a fraus and abuse control prog creating a medical savings account administrative simplification of provisions privacy |
|
Hipaa privacy legislation requires:
|
maintaining reasonable and appropriate adminstrative, technical, and physical safeguards to ensure the integrity and confidentialigy of PHI
protecting against any reasonably anticipated threats or hazards to the security or integrity of the info protecting aginst unauthorizaed uses or disclosures of the info compliance by privacy officers and employees |
|
Who enforces Hipaa
|
health and human services (HHS) Office for Civil Rights
|
|
Hipaa violations can trigger what 2 penalities
|
cival and criminal
|
|
Civil penalitites for Hipaa privacy violation can be up to __ with an annual cap of______for repeated violations of the same requirement
|
100
25000 |
|
What is a crimininal penality
|
knowing, wrongful misuse of individually identifiable HI and is punishable
|
|
what is the punishmen for knowingly misusing and misuse under false pretenses
|
knowingly misuse of individually identifiable HI up to 50,000 and/or 1 yr in prison
misuse under false pretenses up to 100,000 and or 5 yrs prison |
|
What is the punishment for offenses to sell HI for profit or malicious harm?
|
250,000 and or 10 yrs prison
|
|
Hipaa requires retention of:
|
patient acknowledgements, consents, and pt authorization
documentation of disclosures notic of privacy practices other Hipaa policies all info reguarding hipaa retained for 6 yrs for the last use |
|
Hipaa applies security standards to healWhat is the confidentthcare providers that what?
|
transmit pt HI in electronic form
|
|
Are faxes considered electron transactions?
|
No
|
|
What are included in electronic transaction claims?
|
eligibility requests, claim status inquires to health plans, other payers and clearing houses
|
|
What are 3 requirements for hipaa security rule?
|
integrity, confidentiality, availability
|
|
What is the integrity component of the hipaa security rule?
|
info that has not been altered or destroyed w/o proper authorization
|
|
What is the confidentiality component of the hipaa security rule?
|
info that is only available or disclosed to authorized persons
|
|
What is the availability component of the hipaa security rule?
|
info that can be accessed and used by authorized persons when needed
|
|
What are 3 general requirements for the security rule?
|
comprehensive, scalable, technology neurtal
|
|
In most cases what preempts state laws?
|
hipaa security regulations
|
|
When does state laws still apply?
|
state laws already exist that relate to the security of pts HI in electronic form, state laws doesn't conflict with hipaa security regulations
possible for dentist to comply with both state and hipaa security regulations |
|
What are the 5 key concepts to hipaa security?
|
general requirements
flexibility of approach standards implementation specifications Maintaince |
|
The foundation for administrative, physical, and technical safeguard is what concept of hipaa security?
|
general requiremnts
|
|
The use of reasonable measures to the size of dental practice is what concept of hipaa security?
|
flexibility
|
|
How to comply with security rule is what concept of hipaa security
|
standards
|
|
What concept of hipaa security is either required or addressable?
|
implementation spedifications
|
|
What are the 3 options if specification is addressable?
|
do it, implement specification if reasonable and appropriate, document it in writing
use alternative measure and document decision don't do it, document why the standard doesn't apply to you |
|
What concept of hipaa security requires that you review your security meauses and update or modify to ensure protection of HI in electronic form.
|
Maintance
|
|
What is never finished but may be periodically updated?
|
security
|
|
For things to do to ensure security
|
assign a security official
conduct risk assessment develop policies and procedures provide security and awareness training |
|
What component of security reviews data systems, identifies threats/vulnerabilities, evaluates security controls, and determines risk?
|
risk assessment
|