The document discusses the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. It covers key topics like what information is protected health information (PHI) under HIPAA, when PHI can be released without patient authorization for treatment, payment or healthcare operations, and requirements for covered entities to have privacy policies and procedures in place. It also addresses patients' rights to access and request amendments to their PHI and to receive an accounting of disclosures.
3. 1. Release of PHI for treatment, payment, or health care operations purposes is permitted under HIPAA law. 3
4. 2. The basic HIPAA privacy standard states that covered entities must have the authorization of patients to release their PHI for other than treatment purposes. 4
5. 3. Incidental use and disclosure of PHI is not prohibited under HIPAA. 5
6. 4. Under the HIPAA privacy standards, covered entities must have privacy policies and procedures in place. 6
7. 5. Protected health information includes any data that identify individuals. 7
8. 6. Health care providers who have a physical service site, like an office, must make their Notice of Privacy Practices (NPP) available at that site. 8
9. 7. If a patient does not sign an Acknowledgment of Receipt of NPP, the provider cannot treat the individual. 9
10. 8. Minors are not allowed to sign Acknowledgments of Receipt of NPP’s. 10
11. 9. With reasonable confidence that a patient has identified another person as being involved with his or her care, a covered entity can release the patient’s PHI to that person. 11
12. 10. Providers cannot send patients’ protected health information to health plans without a signed authorization. 12
14. 11. What is included in protected health information under HIPAA? The patient’s address The patient’s allergies The patient’s medical record number All of the above 14
15. 12. What is protected under HIPAA privacy standards? Patient data that are printed and mailed Patient information sent by e-mail Patient information communicated over the phone All of the above 15
16. 13. Patients always have the right to a. Withdraw their authorization to release information b. Alter the information of their medical records c. Block release of information about their communicable diseases to the state health department d. None of the above 16
17. 14. The Notice of Privacy Practice (NPP) is given to a. Patients b. Business Associates c. Other covered entities d. None of the above 17
19. 15. Accounting of Disclosures A. A patient’s written approval to release PHI B. Health information from which all identifying data have been removed. C. Accidental use or disclosure that occurs during a correct use or disclosure. D. Sharing a patient’s protected health information with another entity. E. Under HIPAA, the three purposes for which PHI may be released without authorization. F. A list of ROI of their PHI that patients can ask to review. G. A chronological record of a patient’s health care. H. A patient’s requested alteration of an item in the medical record. I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically. 19
20. 16. Authorization A. A patient’s written approval to release PHI B. Health information from which all identifying data have been removed. C. Accidental use or disclosure that occurs during a correct use or disclosure. D. Sharing a patient’s protected health information with another entity. E. Under HIPAA, the three purposes for which PHI may be released without authorization. F. A list of ROI of their PHI that patients can ask to review. G. A chronological record of a patient’s health care. H. A patient’s requested alteration of an item in the medical record. I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically. 20
21. 17. De-Identified Health Information A. A patient’s written approval to release PHI B. Health information from which all identifying data have been removed. C. Accidental use or disclosure that occurs during a correct use or disclosure. D. Sharing a patient’s protected health information with another entity. E. Under HIPAA, the three purposes for which PHI may be released without authorization. F. A list of ROI of their PHI that patients can ask to review. G. A chronological record of a patient’s health care. H. A patient’s requested alteration of an item in the medical record. I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically. 21
22. 18. Incidental use and disclosure A. A patient’s written approval to release PHI B. Health information from which all identifying data have been removed. C. Accidental use or disclosure that occurs during a correct use or disclosure. D. Sharing a patient’s protected health information with another entity. E. Under HIPAA, the three purposes for which PHI may be released without authorization. F. A list of ROI of their PHI that patients can ask to review. G. A chronological record of a patient’s health care. H. A patient’s requested alteration of an item in the medical record. I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically. 22
23. 19. Minimum Necessary Standard A. A patient’s written approval to release PHI B. Health information from which all identifying data have been removed. C. Accidental use or disclosure that occurs during a correct use or disclosure. D. Sharing a patient’s protected health information with another entity. E. Under HIPAA, the three purposes for which PHI may be released without authorization. F. A list of ROI of their PHI that patients can ask to review. G. A chronological record of a patient’s health care. H. A patient’s requested alteration of an item in the medical record. I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically. 23
24. 20. Protected Health Information (PHI) A. A patient’s written approval to release PHI B. Health information from which all identifying data have been removed. C. Accidental use or disclosure that occurs during a correct use or disclosure. D. Sharing a patient’s protected health information with another entity. E. Under HIPAA, the three purposes for which PHI may be released without authorization. F. A list of ROI of their PHI that patients can ask to review. G. A chronological record of a patient’s health care. H. A patient’s requested alteration of an item in the medical record. I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically. 24
25. 21. Release of Information (ROI) A. A patient’s written approval to release PHI B. Health information from which all identifying data have been removed. C. Accidental use or disclosure that occurs during a correct use or disclosure. D. Sharing a patient’s protected health information with another entity. E. Under HIPAA, the three purposes for which PHI may be released without authorization. F. A list of ROI of their PHI that patients can ask to review. G. A chronological record of a patient’s health care. H. A patient’s requested alteration of an item in the medical record. I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically. 25
26. 22. Treatment, Payment, and Healthcare Operations (TPO) A. A patient’s written approval to release PHI B. Health information from which all identifying data have been removed. C. Accidental use or disclosure that occurs during a correct use or disclosure. D. Sharing a patient’s protected health information with another entity. E. Under HIPAA, the three purposes for which PHI may be released without authorization. F. A list of ROI of their PHI that patients can ask to review. G. A chronological record of a patient’s health care. H. A patient’s requested alteration of an item in the medical record. I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically. 26
27. 23. Amendment A. A patient’s written approval to release PHI B. Health information from which all identifying data have been removed. C. Accidental use or disclosure that occurs during a correct use or disclosure. D. Sharing a patient’s protected health information with another entity. E. Under HIPAA, the three purposes for which PHI may be released without authorization. F. A list of ROI of their PHI that patients can ask to review. G. A chronological record of a patient’s health care. H. A patient’s requested alteration of an item in the medical record. I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically. 27
28. 24. Documentation A. A patient’s written approval to release PHI B. Health information from which all identifying data have been removed. C. Accidental use or disclosure that occurs during a correct use or disclosure. D. Sharing a patient’s protected health information with another entity. E. Under HIPAA, the three purposes for which PHI may be released without authorization. F. A list of ROI of their PHI that patients can ask to review. G. A chronological record of a patient’s health care. H. A patient’s requested alteration of an item in the medical record. I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically. 28
30. 25. A laboratory communicates a patient’s medical test results to a physician by the phone. The physician is treating the patient whose results that are being reported. 30
31. 26. A physician mails a copy of a patient’s medical record to a specialist who intends to treat the patient. 31
32. 27. A hospital faxes a patient’s health care instructions to a nursing home to which the patient is to be transferred. 32
33. 28. A doctor discusses a patient’s condition over the phone with an emergency room physician who is providing the patient with emergency care. 33
34. 29. A doctor orally discusses a patient’s treatment regimen with a nurse who will be involved in the patient’s care. 34
35. 30. A physician consults with another physician about a patient’s care by e-mail. 35
36. 31. A hospital faxes an organ donor’s medical information to another hospital that is treating the organ recipient. 36
37. 32. A medical insurance specialist answers questions over the phone from a health plan about the dates of service on a submitted claim. 37
38. 33. A nineteen year-old has registered for a physician visit using an insurance card listing him as a qualified dependent on a parents’ health plan. Later, the parents call the practice to find out why their child saw the physician. The age of majority in the state is eighteen. Is releasing any information beyond verifying the patient’s visit a HIPAA-compliant action? 38