Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

75 Cards in this Set

  • Front
  • Back
what does hipaa stand for
Health Insurance Portability and Accountability Act of 1996
What is hipaa
laws designed to protect and enhance the rights of patients.
privacy and security regulaitons in place to deter healthcare fraud and abuse
Hipaa helps improve the __________ and __________ of health insurance
portability and continuity
Under Hipaa most dentists are condered what/
covered entity- healthcare provider who transmits health info surch as insurace claims in an electronic form, through a vendor or billing service
What are the three components of Hipaa
privacy, transaction set, and security
what does hipaa stand for
Health Insurance Portability and Accountability Act of 1996
What is hipaa
laws designed to protect and enhance the rights of patients.
privacy and security regulaitons in place to deter healthcare fraud and abuse
Hipaa helps improve the __________ and __________ of health insurance
portability and continuity
Under Hipaa most dentists are condered what/
covered entity- healthcare provider who transmits health info surch as insurace claims in an electronic form, through a vendor or billing service
What are the three components of Hipaa
privacy, transaction set, and security
What is the privacy componenet of hipaa
standards for the protection of an individual's health info (HI) and gives the patients rights over their protected heath info (PHI)
What is the transaction set component of hipaa
standardizes the electronic transfer of a patients PHI
What is the security component of Hipaa
enacts privacy and security regulations to protect a patients HI from healthcare fraud and abuse
What is health info (HI)
any info whether oral or recorded inany form or medium
What are included as health info
created or received by a healthcare provider health paln, public helath authorigy, employer, life insurer, school or university, or ehalthcare clearing house
What does health info relate to?
the past, present, or future physical or mental health or condition of an individual, the healthcare provided to a person, or the paost present, or future payment for healthcare provided to a person
What does protected health info (PHI) mean
a persons identifiable helath info that is transmitted or maintained by electronic or other media
What is included in protected health info
includes oral comm among staff members, patients, and other providers. It is not intended to prevent providers from talking with each other and to patients
What are permissible oral comm of PHI
DDS and staff may discuss pt condition ove rthe phone withthe patient, healthcare prof, or an authorized family member
DDS and staff may discuss lab test results with a pt or other provider in joint tx area
DDS and staff may discuss pt condition during training rounds in an academic or training institution
T/F The privacy regulaitons of Hipaa give the pt the right to be aware of how you will use and disclose their Hi
hipaa defines disclosure as...
tx, payment, or healthcare operations (TPO) is accomplished through Notice of Privacy Practices Acknowledge and Consent forms
Consent from pt used for what?
permits use or disclosure of PHI for Tx, payment, or helathcare operations (TPO)
use and share helath recors for tx, payment, and healthcare operations described in the notice of privacy practices.
The Consent inform pt about what?
inform the pt that oklahoma law requires that info authorization for disclosure may include info that is considered a communicable or venereal disease, including but not limited to hepatitis, syphilis, gohorrhea, HIV, and AIDS
What happens if pt refuses to sigh consent
then services cannot be provided to the pt
What is an authorization?
is a document that gives the dentist permission to use Protected health info for a specific purpose other than treatment, payment, or healthcare operations or to disclose PHI to a 3rd party
What is included in authorization
an expiration date
a purpose of use of PHI specific to the authorization
permission of uses and disclosures of PHI
What is an example of authorization
sending names and address of pt to a marketing company for dental products, no apply to newsletters
What are the special circumstances a DDS can make disclosures of PHI w/o acknowledgment, consent, or authorizaiton of pt
reason pf public health surveilance
suspected child abuse, neglect, or domestic violence investigation
healthcare fraud investigation
oversight by the secretary of HHS
law enforcement with a valid warrent, court order, or administrative request
What is inclueded in TPO?
healthcare operations
What is the tx portion of TPO
medical info used to provide medical tx and services
What is the payment portion of TPO
may use med info for payment activities such as determinign eligibility or coverage under an ins plan
billing and collection
What in incuded in the operations portion of TPO one may use med info for:
quality assessment
reviewing the competence of helathcare prof
educaitona nd training helaht care prof
arranging for legal or auditing service
business managemnt and planning
comm with pt about services such as services provided by OU providers, pt satisfaction surveys or announce a new provider/service
What standard is used when disclosing Hi
minimum necessary standard
What is the minimum necessary standard?
only use/disclose info needed to accomplish the intended purpose
taking responsable safeguards to protect a person HI from disclosure
When does the minimum necessary standard not apply
disclosure to:
healthcare provider
the individual whi si the subject of the info
required for Hipaa compliance in transactions
info to governement
required by law
Minimun necessary applys to what types of communication
written and verbal
When does the minimum necessary apply to written comm
reminder cards
pt lists and schedules
When does the minimum necessary apply to verbal comm
discussions- quiet voice
voice messages- leave out details
What rights do pt have under hipaa
access to copy chart
botain accounting of and the right to request restriction on disclosures for TPO
conficential comm
revoke their consent
offer complaints reguarding health care info to the dentist
Under the privacy rule a parent is considered what?
personal representative of minor child and has right to access HI
What are exeptions to parents being the personal representative of a minor
state or law not require parental consent prior to minor botaining care
when a court or another individual authorized by loaw consents to healthcare
Does hipaa prempt state law that might authorize or prohibit a diclosure of PHI about a minor to a parent
Who has access to PHI
any employee or business associate that works on behaof of the practice and could have access to PHI
What is not included as business asso with access to PHI
referral to toehr providers, ins co, dental labs
What must a busines asso do with PHI
may use PHI for purpose used by provider
must safeguard PHI fom misuse
must comply with all pt rights
According to Hipaa what are the administrative requirements?
implement privacy practices in the dental office
develop policies, procedures, and documentation practices
designate a privacy officer and a contact person to recieve complants
Provide Hipaa training to employees
provide Notice of privacy practices to pts
establish complaint system
What issuse are covered by the hipaa law?
asssuring portability of helath ins coverage
mandating a fraus and abuse control prog
creating a medical savings account
administrative simplification of provisions privacy
Hipaa privacy legislation requires:
maintaining reasonable and appropriate adminstrative, technical, and physical safeguards to ensure the integrity and confidentialigy of PHI
protecting against any reasonably anticipated threats or hazards to the security or integrity of the info
protecting aginst unauthorizaed uses or disclosures of the info
compliance by privacy officers and employees
Who enforces Hipaa
health and human services (HHS) Office for Civil Rights
Hipaa violations can trigger what 2 penalities
cival and criminal
Civil penalitites for Hipaa privacy violation can be up to __ with an annual cap of______for repeated violations of the same requirement
What is a crimininal penality
knowing, wrongful misuse of individually identifiable HI and is punishable
what is the punishmen for knowingly misusing and misuse under false pretenses
knowingly misuse of individually identifiable HI up to 50,000 and/or 1 yr in prison
misuse under false pretenses up to 100,000 and or 5 yrs prison
What is the punishment for offenses to sell HI for profit or malicious harm?
250,000 and or 10 yrs prison
Hipaa requires retention of:
patient acknowledgements, consents, and pt authorization
documentation of disclosures
notic of privacy practices
other Hipaa policies
all info reguarding hipaa retained for 6 yrs for the last use
Hipaa applies security standards to healWhat is the confidentthcare providers that what?
transmit pt HI in electronic form
Are faxes considered electron transactions?
What are included in electronic transaction claims?
eligibility requests, claim status inquires to health plans, other payers and clearing houses
What are 3 requirements for hipaa security rule?
integrity, confidentiality, availability
What is the integrity component of the hipaa security rule?
info that has not been altered or destroyed w/o proper authorization
What is the confidentiality component of the hipaa security rule?
info that is only available or disclosed to authorized persons
What is the availability component of the hipaa security rule?
info that can be accessed and used by authorized persons when needed
What are 3 general requirements for the security rule?
comprehensive, scalable, technology neurtal
In most cases what preempts state laws?
hipaa security regulations
When does state laws still apply?
state laws already exist that relate to the security of pts HI in electronic form, state laws doesn't conflict with hipaa security regulations
possible for dentist to comply with both state and hipaa security regulations
What are the 5 key concepts to hipaa security?
general requirements
flexibility of approach
implementation specifications
The foundation for administrative, physical, and technical safeguard is what concept of hipaa security?
general requiremnts
The use of reasonable measures to the size of dental practice is what concept of hipaa security?
How to comply with security rule is what concept of hipaa security
What concept of hipaa security is either required or addressable?
implementation spedifications
What are the 3 options if specification is addressable?
do it, implement specification if reasonable and appropriate, document it in writing
use alternative measure and document decision
don't do it, document why the standard doesn't apply to you
What concept of hipaa security requires that you review your security meauses and update or modify to ensure protection of HI in electronic form.
What is never finished but may be periodically updated?
For things to do to ensure security
assign a security official
conduct risk assessment
develop policies and procedures
provide security and awareness training
What component of security reviews data systems, identifies threats/vulnerabilities, evaluates security controls, and determines risk?
risk assessment