chapter 8 law and ethics exam

Privilege communication

information held confidential within a protected relationship

Protected health information (PHI)

information containing one or more patient identifers

3 items of patient identifiers

Name, Address, Social security

One can legally release PHI under HIPPA-defined:

Permissions

Information that can be found in the Notice of Privacy Practices is a:

List provided by all covered entities that demonstrates adherence to HIPPA’s privacy practice rules

HIPPA’s security rules derives from which standard?

Standard 3

What is a breach of PHI?

Breach is any unauthorized acquisition, access, use, or disclosure of personal health information which compromises the security or privacy of such information

What is the risk analysis for purposes of protecting PHI?

Risk analysis is when CEs evaluate the likelihood and impact of potential risk to the PHI

The False Claims Act contains which distinguishing provision?

Federal False Claims Act allows individuals to bring civil actions on behalf of the U.S government for false claims made to the federal government, under a provision of the law called qui tam (Latin word meaning “to bring an action for the king and for oneself)

Four HIPPA standards and briefly describe their purpose

Standard 1: Transactions and code sets- for uniformity in reporting

Standard 2- Privacy rule- for protecting PHI during electronic transmission

Standard 3- Security Rule- For securing electronic storage and transmission against

Standard 4- National Identifier Standards- Provide uniform national identifiers for the movement of electronic transactions; the 4 identifiers are provider, health plan, employer, and individual.

How should privacy be maintained with electronic devices?

Use caution when texting, emailing, or posting on social media. Shed all confidential papers. implement strong passwords

What is a covered entity?

Health care providers who conduct administrative and financial transactions in electronic forms, includes: all employees, volunteers, trainees, and all others who are under the control of the entity

Six HIPPA-defined permissions

Disclosures to patients, disclosures to treatment, payment, or health care operations; Disclosures with opportunity to agree or object; some incidental uses and disclosures permitted without authorization; disclosures for public interest and benefit activities; limited data set disclosures

What are the key elements in a Notice of Privacy Practices?

How the CE may use and disclose an individual’s PHI; the patient’s rights with respect to the information and how the patient may exercise those rights, with clear direction on how many patients may complain to the CE; the CE’s legal duties with respect to the information; whom patients can contact further information

How might a health care provider show that their EHR was as safe as possible from a breach?

Documented risk analysis, along with evidence that problem has been fixed

Risk analysis for the security rule is

Requirement for the health care organization

Which of the following constitutes a data breach?

A medical office computer is sold without erasing the hard drive

A hacker accesses a hospital’s list of patients with HIV

A business-use laptop is stolen from a health insurance company executive while she is traveling

A breach of more than ______ records require notification to the media.

500

Medicare Fraud is not easy to estimate. Which of the following does not contribute to the challenge of determining Medicare Fraud?

Fraudulent spending is not easily separated from total health care dollars spent

The criminal healthcare fraud statue provides for:

Making it a criminal offense to defraud any health care benefit program

What is the difference between the federal Anti-Kickback Law and the Stark Law?

Stark Law prohibits physicians or their family members who own healthcare facilities from referring patients to those entities. The Federal Anti-Kickback Law covers activities where one person is paid a fee for referring patients to another entity.

Risk analysis under the security rule is completed by:

The health care organization

When a ___________ of patients records is discovered, the health care organization must notify affected individuals and the health and human services (HHS) agency and possibly the media

Breach

What is a covered entity? A covered entity is any organization that maintains personal health information.

Insurance company rehabilitation facility hospital

Which of the following organizations has the authority to administer the security rule of HIPPA?

Health and human services office of civil rights