DEH 1005 Week 3 Flashcards

HIPAA and FERPA

What does HIPAA stand for?

Health Insurance Portability and Accountability Act

What does HIPAA do?

Protects patient privacy, secures health information, and improves the efficiency of healthcare delivery

What are patient rights under HIPAA?

• Access to their health records

• Right to request corrections to medical records

• Right to obtain an accounting of disclosures of their private health information

What are the core purposes of HIPAA?

• Protect patient privacy

• Secure health information

• Improve the efficiency of healthcare delivery

What are EHRs?

Electronic health records

What are the requirements for EHRs regarding HIPAA compliance?

They must comply with HIPAA regulations to ensure the protection of ePHI

What are the benefits of EHRs?

Improved patient care, efficiency, and accuracy in health records management (Ex: speedy delivery of information both to patients and between departments. Includes X-rays being sent to ER etc.)

What does PHI stand for?

Protected health information

What qualifies as PHI?

Any information about health status, provision of health care, or payment for health care that can be linked to an individual

What are some examples of PHI?

Names, addresses, birth dates, social security numbers, medical records, any other identifying information

What does ePHI stand for?

Electronic protected health information

What department is responsible for enforcing HIPAA?

Office for Civil Rights (OCR) which is within the Department of Health and Human Services (HHR)

What are covered entitites?

Primary organizations that create, receive, or transmit PHI

What are examples of covered entities?

Health plans, healthcare providers, and clearinghouses

What are business associates?

Third-party vendor or contractors that perform services on covered entities’ behalf which requires access to PHI

What types of security safeguards are included in HIPAA?

Administrative, physical, and technical

Describe administrative safeguards

Policies and procedures to manage the selection, development, implementation, and maintenance of security measures

Describe physical safeguards

Physical measures to protect electronic systems and related buildings/equipment from threats

What is an example of a physical safeguard?

A locked cabinet with computers in it

Describe technical safeguards

Technology and policies meant to protect ePHI and control access to it

What are the various consequences for HIPAA violations?

• Fines from $100 - $50,000 per violation

• Criminal charges (possible jail time for severe violations)

• Loss of trust and business impact

What is the maximum annual penalty for HIPAA violations?

$1.5 million

What aspects of HIPAA must dental hygiene professionals understand?

• Patient records and charting

• Billing and insurance documentation

• Electronic Health Records (EHRs)

• Release of patient information forms

What does FERPA stand for?

Family Educational Rights and Privacy Act

What is required in order for educational records to be shared?

Student consent

What does PII stand for?

Personally Identifiable Information

What parameters surround the sharing of directory information?

• Schools must tell parents and eligible students about directory information and allow them a reasonable amount of time to request that the school not disclose the directory information

• Schools must notify parents and eligible students annually of their rights under FERPA

What constitutes an educational record?

Any record that contains information directly relating to a student and is maintained by an educational institution or a party acting on its’ behalf

What are a student’s rights under FERPA?

• Written permission required to release any information from a student’s educational record

• Students have a right to access records, seek to correct them, and consent to their disclosure

When can educational records be released without the student’s consent?

• When the student is a dependent student (they have been claimed as a dependent on a tax return)

• Dual enrolled students

What is directory information?

Basic, non-sensitive data that a school can release without consent

What are examples of directory information?

Student’s name, address, telephone number, date and place of birth, honors and awards, and dates of attendance

What is protected information?

Highly sensitive data that FERPA strictly forbids institutions from sharing without explicit, written student consent

What are examples of protected information?

Grades, GPA, class schedule, SSN, ID number, disciplinary records, billing/financial records

Define HIPAA

Health Insurance Portability and Accountability Act - protects patient health information

Define FERPA

Family Educational Rights and Privacy Act - protects student educational records

Define Personally Identifiable Information (PII)

Information that can be used to identify a specific individual

Define Protected Health Information (PHI)

Any health information that can be linked to a specific patient

What does HIPAA govern?

Health/medical information

What does FERPA govern?

Educational records

What is HIPAA administered by?

Department of Health & Human Services (HHS)

What is FERPA administered by?

Department of Education

What does HIPAA apply to?

Healthcare providers, insurers

What does FERPA apply to?

Schools and educational institutions

Who does HIPAA protect?

Patients

Who does FERPA protect?

Students

What is consent required for in HIPAA?

Release of PHI

What is consent required for in FERPA?

Release of educational records