HIPAA, Patient Privacy & Conflict of Interest Lecture Notes

Comprehensive vocabulary flashcards covering HIPAA regulations, Protected Health Information (PHI), Conflict of Interest (COI), and Patient Rights and Responsibilities as presented in the Penn State Health lecture.

HIPAA

Health Insurance Portability & Accountability Act (1996) which protects sensitive patient health information and establishes rules for privacy and security.

Enforcement Agency for HIPAA

The U.S. Department of Health and Human Services (HHS).

Average Hospital Record Access

According to the American Health Information Management Association (AHIMA), an average of $150$ people (from nursing staff to billing clerks) have access to a patient’s medical records during a typical hospitalization.

Covered Entities

Health plans, health care providers, and health care clearinghouses that must follow HIPAA regulations.

Business Associates

Entities that perform services involving the use or disclosure of health info, such as accountants, legal consultants, and transcription services.

PHI

Protected Health Information; any health information that can identify a patient, including name, address, SSN, DOB, diagnosis, and billing details.

State Preemption

The requirement that if state law conflicts with HIPAA, you must follow the law that offers the most protection.

Notice of Privacy Practices (NPP)

The document with which a covered entity's policies and procedures must be consistent regarding PHI.

Privacy

The right of an individual to be left alone and the requirement that patients must authorize the release of information.

Confidentiality

Limiting disclosure to authorized persons and ensuring protection of records documenting communication between providers and patients.

Minimum Necessary Rule

The requirement to use the least amount of PHI needed to do your job, applying to disclosures and internal access.

Maximum HIPAA Civil Penalties

Up to $25,000$ per year per violation type.

Maximum HIPAA Criminal Penalties

Up to $250,000$ and $10$ years in prison.

Conflict of Interest (COI)

Occurs when a professional’s judgment or actions regarding a primary responsibility (like patient care) could be influenced by a secondary interest.

Dual Relationships

A form of conflict of interest where a provider treats close friends or family members.

Recusal

The act of removing yourself from certain decisions to manage or prevent a conflict of interest.

Privacy Officer

The specific individual at an employer's organization to ask if one is unsure about HIPAA rules.

Patient Rights (General Definition)

Fundamental rules of care patients are entitled to under ethical practice, hospital policy, and federal/state law, grounded in CMS, Joint Commission, and PA Department of Health.

Participation in Care

A patient right including shared decision-making, informed consent (including risks and alternatives), and the right to refuse care or request consultation.

Accounting of Disclosures

A patient right under HIPAA to receive a record of when and to whom their PHI has been shared.

Patient Responsibilities

Expectations that patients demonstrate respect for staff, provide accurate health information, follow care plans, and observe safety protocols.

PSH PC-33

The specific Penn State Health institutional policy regarding Patient Rights.

PSH ADM 120

The Penn State Health policy addressing patient bias toward healthcare workers.

AMA

Against medical advice; refers to the process and documentation required when patients choose to leave the care facility before discharge is recommended.