Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
HIPAA
HIPAA Study Guide
| Term | Definition |
|---|---|
| HIPAA | Health Insurance Portability and Accountability Act of 1996 |
| Privacy Rule/Patient Privacy | key federal law governing the privacy and confidentiality of patient information |
| Administrative Simplification | HIPAA standardize the healthcare industry's nonuniform and seemingly inefficient business practices, such as billing |
| American and Reinvestment Act | significant funding for health information technology and as well as other stimulus funding |
| Freedom of Information Act of 1967 (FOIA) | the right of disclosure to and access by the public regarding federal agency records |
| Privacy Act 1974 | right to access and request amendments to their records |
| Conditions of Participation | regulates only providers and, narrow still, only those receiving funds from the Medicare and Medicaid programs |
| AHIMA Code of Ethis | "preserve, protect, and secure personal health information in any form or medium and hold in the highest regards health information and other information of a confidential nature..." |
| First and Second Elements | Who, What |
| Covered Entities (CEs) | covered healthcare providers, health plans, healthcare clearinghouses |
| Business Associates (BA) | person or organization other than a member of a CEs workforce that performs functions or activities on behalf of or affecting a CE that involve the use or disclosure of individually identifiable health information |
| Business Associates Agreement (BAA) | to legally protect information handled outside the CE |
| Protected Health Information (PHI) | safeguard information |
| Deidentified Information | information from which personal characteristics have been removed and that, as a result, neither identifies nor provides a reasonable basis to believ it could identify and individual |
| Safe Harbor Method | CE removes certain elements to ensure that the patient's information is truly deidentified |
| Personal Representatives | persons with legal authority to act on behalf of another adult, or someone diseased shall be treated as a personal representative under the Privacy Act |
| Designated Record Set (DRS) | group of records maintained by or for a CE |
| Disclosure of PHI | making information known |
| Treatment, Payment, and Operations (TPO) | treatment: providing, coordinating, or managing healthcare of healthcare-related services payment: broad set of activities |
| Hybrid Entity | performs both covered and non covered functions under the Privacy Rule |
| Affiliated Covered Entity | legally separate CEs affiliated by common ownership or control |
| Organized Healthcare Arrangment | characterized by two or more CEs who share PHI to manage and benefit their common enterprise and are recognized by the public as a single entity |
| Notice of Privacy Practices (NPP) | explains individual's rights and the CE's legal duties with respect to PHI |
| Consent | to use or disclose personally identifiable information for TPO |
| Psychotherapy Notes | behavioral health notes recorded by a mental health professional who documents or analyzes contents and impressions of conversations that are part of private counselling sessions |
| Facility Directory | patients being treated |
| Limited Data Set | PHI that excludes most direct identifiers of the individual and the individual's relatives, employers, and household members but does not deidentify the information |
| Redisclosuer | disclosure by healthcare organization of information that was created by and received from another entity |
| Access | right to obtain and inspect |
| Amendment Request | in writing and provide a reason for amendment |
| Accounting of Disclosure | states that an individual has the right to receive an accounting of certain disclosure made by CE. |
| Confidential Communucations | opportunity to request that communications of PHI be routed to an alternative location or by an alternative method |
| Request Restrictions | an individual may request the CE to restrict the uses and disclosures of PHI for carrying out TPO |
| Breach Notification | requirements for entities with custody pf patient information |
| Breach | "unauthorized acquisition, access, use or disclosure of PHI which compromises the security or privacy of such information" |
| Marketing | communication about a product or service that encourages the recipient to purchase or use the product or service |
| Fundraising | activities that benefit the CE, CE to use or disclose to a BA or an institutionally related foundation, without authorization, demographic and dates of healthcare provided to an individual |
| Belmont Report | "statement of basic ethical principles that should assist in resolving the ethical problems that surround the conduct of research with human subject" |
| Privacy Board | group formed by a CE to review research studies where authorization waivers are requested and to ensure the HIPAA privacy rights of research subjects |
| Compound Authorization | combine informed consent with an authorization |
| Stand-Alone Authorization | core elements of a valid authorization |
| Unconditional Authorization | CE is permitted to combine conditioned and unconditioned authorizations for research |
| Preemption | requires CE to comply with federal law when federal and state laws conflict |
| Privacy Officer | responsible for developing and implementing privacay policies and procedures |
| Mitigation | requires the lessening of the effects of a wrongful use or disclosure |
| Enforcement Rule | created standardized procedures and substantive requirements for investigation complaints and imposing civil monetary penalties for HIPAA violations |
| Security | protecting information from loss, unauthorized access, misuse, protecting confidentiality |
| Integrity | data or information that has not been altered or destroyed in an unauthorized manner |
| Confidentiality | data or information that is not made available or disclosed to unauthorized persons or processes |
| R | required |
| A | addresable |
| Physical Safeguard Standards | facility access controls, workstation use, workstation security, device and media controls |
| Technical Safeguard Standards | access control, audit controls, integrity, person or entity authentication, transmission security |
| Internal Security Threat | people within organization, employees |
| External Security Threats | individuals outside the organization |
| ePHI | electronic protected health information |
| Identity theft | crime made possible for the most part by the ease with which information can be stolen in electronic enviorments |
| Medical Identity Theft | is a type of identity theft and a type of financial fraud that involves the inappropriate or unauthorized misrepresentation of one's identity |
| Fair and Accurate Credit Transaction Act (FACTA) | requires financial institutions and creditors to develop and implement written identity theft programs that identify, detect, and respond to red flags |
| Red Flags Rule | alert, suspicious documents, suspicious personally information, unusual use of activity related to covered account, notice from customer |
| Access to ePHI | user-based access, role-based access, context-based access |
| User-based Access (UBAC) | a security mechanism used to grant users of a system access based upon the identity of the user |
| Role-based Access (RBAC) | access decisions are based on the role individual users have as part of an organization |
| Context-based Access (CBAC) | protection afforded by either a user-based or role-base access control design and takes it one step further |
| Entity Authentication | the corroboration that an entity is the one claimed |
| Unique Identifier | combination of characters and numbers assigned and maintained by security system |
| Authentication | something you know, something you have, something you are |
| Tokens | devices, such as key cards, that are inserted into doors or computers |
| Audit trials | shows who accessed, when, and what operations were performed |
| Data Encryption | ensures that data transferred from one location on a network to another are secure from eavesdropping data interception |
| Cryptography | study of encryption and decryption techniques |
| Good Privacay | email, serial combination hashing |
| Equivalent Privacy | use to protected information on wireless networks |
| Firewall | either hardware or software device that examines traffic entering and leaving a network |
| Worm | virus that stores and then replicates itself |
| Trojan Horse | destructive piece of programming code that hides in another piece of programming code that looks harmless, such as a macro or an e-mail message |
| Telehealth | connection multiple users in separate location |
| Social Media | collection of online technologies and practices that people use to share opinions |
Created by:
svue22