Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
28 Cards in this Set
- Front
- Back
What is the theshold for which the media and the Secretary of Health and Human Services should be notified of the breach? |
More than 500 individuals |
|
Who has access to personally identifiable data without authorization or subpoena? |
Public health departments for disease reporting purposes |
|
What requires an individual or a representative of a healthcare entity to appear in court or to present an object to the court? |
Subpoena |
|
Redisclosure |
Process of releasing health record documentation originally created by a different provider |
|
Under HIPAA Privacy Rule, a hospital may disclose health information without authorization or subpoena when |
The patient has been involved in a crime that may result in death |
|
The HIPAA Provacy Rule concept of "minimum necessary" does not apply to disclosures made for |
Treatment purposes |
|
Subpoena duces tecum |
The recipient must bring records to a legal proceeding |
|
Health Insurance Portability and Accountability Act |
Focuses on healthcare standards for electronic data interchsnge and data security |
|
Under HIPAA, when is the patient's written authorization required to release their healthcare information? |
For any purpose unrelated to treatment, payment, or healthcare operations |
|
Virtual Private Network (VPN) |
Uses a secure private tunnel through the internet |
|
Access Control Standard |
Ex: nurses log on with ID and password |
|
Stark Law |
Also known as federal physician self-referral act Prohibits physicians from referring medicare/medicaid patients to an entity that which they have a financial relationship |
|
What type of access safeguard is people focused? |
Administrative |
|
National Practitioner Data Bank |
Created to collect information on the legal actions (both civil & criminal) taken against licensed healthcare providers |
|
Omnibus Rule (Four Tiers) |
Tier 1: Did not know Tier 2: Reasonable Cause Willful Neglect Tier 3: breach corrected within 30 days Tier 4: Breach not corrected |
|
What type of safeguard comprose over half of all the other safeguards? |
Administrative |
|
Covered entities must respond to requests to access PHI within ______ |
30 days |
|
Security Audit |
Helps a healthcare entity proactively ensure that the information they store and maintain is only being accessed in the normal course of business |
|
Deidentified |
Information in which personal characteristics have been removed so it cannot identify an individual HIPAA methods titled Expert Determination and Safe Harbor are ways this can be achieved legally |
|
Spoliation |
When evidence (paper or electronic records) is destroyed that relates to a current or pending criminal proceeding |
|
Under HITECH, an accounting of disclosures must include disclosures made during the previous |
3 years |
|
What must be included in a patient's accounting of disclosures? |
Report of sexually transmitted disease |
|
HHS Office of Civil Rights |
Responsible for oversight and enforcement of the HIPAA privacy regulations |
|
Darling v. Charleston Community Hospital 1965 |
Legal doctrine: Corporate negligence |
|
Workforce Security Standard consists of: |
1. Authorization & Supervision 2. Workforce clearance procedures 3. Termination procedures |
|
Privileged Communication |
Designed to protect the confidentiality between two parties Ex: doctor and patient discussing her medical condition |
|
HIPAA Security Rule requires covered entities to ensure: |
1. Confidentiality 2. Integrity 3. Accuracy of PHI |
|
Administrative Safeguards |
Ex: policies, procedures, documentation |