Privacy Laws & Regulatory Compliance

0.0(0)
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/4

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

5 Terms

1
New cards

Personally identifiable info (PII)

Any data containing unique identifier that can be used to ID individual.

2
New cards

PII Best Practices

a.     Train employees to recognize non-PII data can become PII whenever additional info is made publicly available.

b.     Require all employees & contractors to complete privacy training yearly, within set time after employment.

3
New cards

Personal Health Information (PHI)

Applies to specific orgs that create & collect health info, as covered under Privacy Rule of Health Insurance Portability & Accountability Act (HIPAA).

4
New cards

Privacy Rule of HIPAA

Regulates use & disclosure of PHI for orgs.

1.   Orgs must disclose PHI to individuals within 30 days.

2.   Notify individuals of their PHI

3.   Written authorization required before disclosing PHI for treatment / payment.

4.   Ensure confidentiality of comm w. individuals

5.   Disclose minimal info to achieve purpose.

6.   Track PHI disclosures & document privacy & policy procedures.

5
New cards

Privacy Policy requirements

a.     List of PII categories operator collects

b.     List of 3rd party categories with which operator might share PII

c.     Process by which consumers can review & request changes to their PII

d.     Process by which operator notifies consumers of changes to privacy policy.