What Legal Agency Is Responsible For Enforcing Hipaa

-Goal: improve portability and continuity of health insurance -Originated as plan to reduce health care administrative costs

under HIPAA, healthcare providers ensure that patient _______ is always maintained

Refers to any patient information in any form that is created or received by a covered entity, relates to a patient's health condition in the past, present, or future, and identifies the patient.

government agency that accepts and investigates complaints related to the Privacy Rule, it enforces civil violations of HIPAA privacy standards,

Government agency that investigates the most serious violations of the Privacy Rule, prosecutes criminal violations

this part of HIPAA gave certain people the ability to enroll in new healthcare plans of different types.

These types of law regulatesmany types of health insurance

Employer offered health plans are regulated by this Act of 1974

this act of 1985 allows employees who are leaving a job to elect to continue their previous employer's health coverage for a limited time.

Being able to transfer group health insurance form one job to another

The rules in this part of HIPAA cover administrative, financial, and case management policies and procedures. It contains strict requirements for the uniform transfer rules of patient confidentiality.

The electronic exchange of information between computers, especially the exchange of health information among physicians and insurance companies.

-Electronic health information transaction standards -Penalties -Privacy -Provider and health plan mandate and timetable (2 years to start) -State law preemption

allowed HIPAA to supersede state laws unless HHS decided otherwise; however, when state law is stronger, it must be followed.

HIPAA governs how many types of covered entitities.

Any health care provider, health insurance plans, or clearinghouse to which the Privacy Rule applies (those who must comply with HIPAA)

these plans include group health plans, HMOs, Medicare, Medicaid, supplemental Medicare policies, long-term policies, employee benefit plans, TRICARE, CHAMPVA, Indian Health Service, Federal Employees Health Benefits Program, approved childe health plans, high-risk plans, etc.

this includes hospitals, nursing, facilities, rehabilitation facilities, hospices, home health care, pharmacies, private practices, dental practices, labs, chiropractors, osteopaths, podiatrists, and therapists.

providers that provide direct treatment to patients

providers that include labs that handle patient test results

as a result of the privacy rule of 2003, pharmacies have direct control over the way they ______ and ______ patients information.

under this rule, information belongs to the patients, and they have the right to control who is able to view it. it applies to healthcare providers, health insurance plans, and clearing houses.

Discarded patient information must be handled with care. When patient records are to be discarded, they should be destroyed by a ________. it should never be thrown into the trash.

_______ containing patient records should be completely wiped.

medical record documents of the medical history of a patient are in ______ order

True/False. medical records cannot be considered legal documents so accuracy is not very vital when documenting that appropriate medical care has been given to each patient.

form of documentation that is undertaken for every visit is also known as an ______, visits to healthcare providers are documented thoroughly.

these records are preferred over paper records because they can be accessed more quickly, and take less room to store

these records are owned by the patient or person who has a stake in the outcome, provides an interactive patient access.

HIPAA privacy standards were established in _____ to protect personal health information.

These standards require that privacy policies be appropriate to the services provided, and a specific person within the organization oversees them. Pharmacy techs and Pharmacists are responsible for maintaining them in order to protect PHI of patients.

who may protect patients records and must also understand the legal regulations about who may have access to them?

True/False. PHI may be transmitted electronically, via the internet and other methods. It includes all of a patients basic information as well as that of relatives, employers, and health insurance providers.

a pharmacy often has a ___________ who handles disclosure of PHI. this officer usually receives referred requests from patients to access or amend their records, and strives to handle them in a timely manner.

this protects against too much information being given to any specific person or entity

a group of medical records that includes a provider's medical and billing records

using this notice, providers explain to patients how their PHI may be used and disclose, their access to his or her own information, patients full rights, and how to register complaints.

information must only be provided to the patient or person authorized by him or her; pharmacy personnel must understand how to properly interact with all family members, friends, and caretakers of the patient.

this training is required of pharmacy techs and pharmacists to be acquainted with all policies and procedures designed to protect PHI

pharmacy techs are not authorized to make medication decisions for patients-- they must follow the exact instructions of the _____ and the ________.

this concerns PHI that may be shared in order to provide treatment, process payment, and operate medical business: treatment mostly concerns discussions with other healthcare providers, payment refers mostly to health insurance, and healthcare operation includes training and accreditation. .

______ must be obtained before information can be shared with anyone if the use of patient information does not fall under TPHCO

_______'s access to their own records is governed by state law

pharmacy techs should refer issues related to the disclosure of a child's PHI to the _______ or the _______.

_____ orders can override a patients preferences regarding the release of PHI.

_____ for court appearances and testimony can authorize disclosure of PHI.

This group of people has less protection concerning the disclosure or their PHI, though state statutes may overrule HIPAA in certain circumstances

Entities that may have access to PHI generally any time they request it.

Patients have a right to view and copy their PHI withing __ days of requesting it, either free or for a reasonable fee as per HIPAA regulations.

The division of Health and Human Services responsible for enforcing the HIPAA privacy rules. Privacy is considered a civil right.

HIPAA security standards focus on what kinds of PHI.

records that may be stored in computers and related peripheral devices, and transmitted over computer networks, over the internet, and on removable media that interfaces with computers

specifies how patient information is protected on computer networks, the internet, extranet, and disks and other storage media.

HIPAA recommends this notice be included instructing anyone who receives the communication in error should immediately contact the sender and destroy the information received.

set of standards that says all providers are required by HIPAA to use the same code sets, identifiers, and transaction when healthcare information is being transmitted.

Programs that create and promote data transfer standards relating to the practice of pharmacy. Members of this program must receive education tailored to their pharmacy practice, and also receive database services.

These are used to encode data elements concerning specific diagnoses and clinical procedures. There are six code sets used for clinical information.

code set used for identifying disease and conditions

code set used for items, supplies, and non-physician services

code set used for medical procedures and services

code set used for inpatient hospital services

code set used for drug products

code set used for dental services

these are non-medical code sets. used for administrative information and include simple and complex codes

who enforces HIPAA standards and regulations, which also enforces situations of related abuse and fraud.

HIPAA rule of 2006 that clarified that both acts and omissions may constitute violations

-Dept. of Justice -Centers for Medicare and Medicaid services -Electronic Healthcare Transaction and Code set Rule -National Employer Identifier Number Rule -Office for Civil Rights -Office of Inspector General

agency that enforces non-privacy standards

agency that prosecutes fraud and abuse in the healthcare industry while overseeing Medicare and Medicaid

Program that enforces HIPAA regulations and government standards, and is conducted by the OIG and DOJ.

Act that prohibits false claims and misrepresentations, and rewards "whistle-blowers" who alert the government to cases of fraud.

incentive given to those who defraud others

referring patients to an entity in which the referrer receives some monetary compensation

plans that are designed to prevent illegal practices. they may serve as legal defense in the case of prosecution for fraud.

HIPAA- related privacy, training, and security regulations designed to focus on, correct, and maintain good healthcare practices

penalties assessed for intentional misuse of PHI, can be as high as $250,000 and up to 10 years in prison.

penalties usually given for violating privacy on an unintentional basis. can be as high as $25,000 in fines per year