Busy. Please wait.

show password
Forgot Password?

Don't have an account?  Sign up 

Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
Don't know
remaining cards
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
restart all cards
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how



designed to protect health information used by health insurance plan providers, covered entity—Health Insurance Portability and Accountability Act (HIPAA)
anyone or any organization required to submit to HIPAA rules covered entity
three entities classified as covered entities. HIPAA, healthcare clearinghouses, healthcare providers
A law created in 1996 to provide a standard set of rules that all covered entities must follow to protect patient health information and to help healthcare providers transition from paper to electronic health records. Health Insurance Portability and Accountability Act (HIPAA)
A business that receives healthcare information and translates that information into a standardized format to be sent to a health plan provider. healthcare clearinghouse
A healthcare clearinghouse is sometimes called a billing service
healthcare clearinghouse is a _____ that processes healthcare information middle person
The Department of Health and Human Services HHS
tasked with protecting the health of Americans and providing a means to access healthcare by Americans who are least able to help themselves, containing and treating any national health emergencies, and testing and regulating food and drug supplies The U.S. Department of Health and Human Services (HHS)
responsible for administrating Medicare and Medicaid, as well as regulating standards of electronic transactions of claims, provider, and diagnostic codes The Centers for Medicare & Medicaid Services (CMS)
The Centers for Medicare & Medicaid Services CMS
the most recent standard format for electronic claims transactions Version 5010
the most recent standard format for electronic provider and diagnostic codes ICD-10
responsible for certifying EMR/EHR solutions as HIPAA-compliant. The Office of the National Coordinator for HIT (ONC)
The Office of the National Coordinator for HIT (ONC) ONC
advances HIT security and usefulness of remote healthcare The National Institute of Standards and Technology (NIST)
The National Institute of Standards and Technology (NIST) NIST
a social insurance program to provide hospital and medical care for elderly and certain disabled citizens Medicare
a social welfare program to provide health and medical services for certain citizens and families with low incomes and few resources Medicaid
participation by states is voluntary Medicaid
administrated by states Medicaid
a set of rules for protecting e-PHI (electronic protected health information). Health Insurance Portability and Accountability Act (HIPAA)
enforces the HIPAA rules The Office of Civil Rights (OCR)
The Office of Civil Rights (OCR) OCR
HIPAA has four primary rules Privacy Rule, Security Rule, Breach Notification Rule, Enforcement Rule
called the Recovery Act, aims to help citizens through the economic recession. In healthcare, the Recovery Act provides funding to HHS branches to help preserve and improve affordable healthcare in the United States. The American Recovery and Reinvestment Act (ARRA)
ARRA The American Recovery and Reinvestment Act (ARRA)
creates incentive and opportunity for the advancement of HIT through the ONC The Health Information Technology for Economic and Clinical Health (HITECH) Act
the demonstration by healthcare entities to use HIT in a meaningful way. Meaningful use
The Health Information Technology for Economic and Clinical Health (HITECH) Act HITECH ACT
Participants in the incentive programs are called eligible providers eligible providers .
HIPAA aims to ensure _______ confidentiality, integrity, availability of e-PHI
In the event of a violation, or breach, of HIPAA rules, fines may be imposed by the _________ OCR
are required to ensure confidentiality, integrity, and availability of e-PHI they create, receive, maintain, or transmit; identify and address risks to e-PHI; and ensure compliance by their workforce Covered entities
must be obtained before e-PHI may be released or distributed to anyone HIPAA does not allow Written permission
Covered entities must use _____ to restrict access to e-PHI by its personnel role-based access control
The three types of health records public, private, legal
used for the collection of public health data to be analyzed by researchers public health record
the health record created and maintained by an individual private health record
collected and retained for use by the patient or legal services legal health record
must be retained for a minimum of six years Health records
must be unreadable, indecipherable, and unable to be reconstructed Disposed records
forms used by healthcare entities to be protected from being inappropriately responsible for harm or debt Waivers of liability
used to ensure a mutual understanding of safeguards of e-PHI between a covered entity and a contracted third party. Business associate agreements (BAA)
used to establish how e-PHI is shared and used, as well as expectations of service provided Service-level agreements (SLA)
used within a covered entity to ensure understanding of the safeguards of e-PHI among departments or personnel who may not normally be exposed to sensitive information Memoranda of understanding (MOU)
The divisions of the _____ involved in healthcare are the _____, the _____, and the _____. HHS, CMS, ONC, OCR
The new standard of medical diagnosis and inpatient procedure coding, called _____, is required to be adopted by October 1, 2013, by ______-compliant facilities. ICD-10, HIPAA
The _____ tests and certifies all _____ solutions to be _____-compliant. ONC, EMR/EHR, HIPAA
The _____ enforces ______ rules to protect ______. OCR, HIPAA, e-PHI
An _____ is used to establish how information is shared and to set expectations for service provided. SLA
Which branch of the HHS controls the electronic standards of transaction for an insurance claim? And what is the current standard? CMS (Centers for Medicare & Medicaid Services). The current standard is Version 5010
Which HHS division is responsible for enforcing HIPAA rules? OCR (Office of Civil Rights)
Do federal or state agencies administrate Medicare? Medicaid? Medicare is administrated at the federal level. Medicaid is administrated by states.
What does the HIPAA Enforcement Rule determine? establishes penalties for violations to HIPAA rules and procedures following a violation, such as investigations and hearings
What are the goals of the meaningful use of technology in healthcare? to help healthcare providers know more about their patients, make better decisions, and save money
Why would an eligible provider want to demonstrate the meaningful use of technology? receive monetary incentives.
What are possible breaches of e-PHI? theft, unauthorized access or disclosure, loss, or improper disposal of e-PHI.
What is the purpose of a public health record? used for the collection of public health data to be analyzed by researchers
What is the basic rule of thumb of record disposal? to make sure the data on an electronic device is unreadable, indecipherable, and cannot be reconstructed
Why are SLAs important and what do they establish? establish how e-PHI is shared and used, establishes expectations of service provided
While in the waiting room at the free clinic with three other patients, Nurse Jack calls out, “Patti Patient.” Patti Patient begins to walk to Nurse Jack. Before leaving the waiting room, Nurse Jack asks Patti Patient, “Has the herpes cleared up yet?” Is Yes, this is a HIPAA violation because Patti Patient’s name and medical condition were spoken to be heard by anyone in the waiting room.
To make sure that e-PHI is secure technical and physical controls are used. What other type controls must also be in place? Administrative
List an example of POC (Point of Care) testing Urine dipstick used in the emergency department, blood glucose device
Created by: Wynston