In the US, privacy protections for health information come from: - ✔✔ Privacy protections come from all of these sources - both federal and state
... [Show More] law, as well as the requirements of private certification organizations.
Privacy, in the health information context discussed here, refers to: - ✔✔ The rules about who can access health information, and under what circumstances.
Under the federal HIPAA regulations, state health privacy laws: - ✔✔ Remain in effect if more stringent than what HIPAA provides.
What kinds of persons and organizations are affected by HIPAA's requirements? - ✔✔ Health care providers, health plans, and health information clearinghouses, their business associates, and the workers for those organizations.
HIPAA privacy protections cover identifiable personal information about the "past, present or future physical or mental health condition." What does that include? - ✔✔ Health information in any form or medium, as long as it is identified (or identifiable) as a particular person's information.
When patients receive a copy of an organization's Privacy Notice, they are asked to sign an acknowledgment. Why? - ✔✔ It shows they received it.
Organizations covered by the federal HIPAA privacy law are expected to - ✔✔ Protect the health information under their control, train their workers in how to protect information, and help patients exercise their rights under the law.
Which of these is not a right under HIPAA? - ✔✔ To control all disclosures of information in the health record.
What does HIPAA's "minimum necessary" standard require of health care workers? - ✔✔ Use or disclose only the minimum necessary amount of health information to accomplish a task.
HIPAA's "incidental uses and disclosures" provision excuses deviations from the minimum necessary standard. What is excused? - ✔✔ Truly accidental "excess" uses and disclosures, where reasonable caution was otherwise used and there was no negligence.
When a privacy problem is discovered, which of the following is/are true? - ✔✔ All of the above
HIPAA allows health care organizations to control many information decisions. But where the patient retains control, which of the following is/are true? - ✔✔ If a person has a right to make a health care decision, then he/she has a right to control information associated with that decision.
With respect to permissions for uses and disclosures, HIPAA divides up health information into three categories. Into which category does information related to" treatment, payment and health care operations" go? - ✔✔ Uses or disclosures that generally require oral agreement only.
With respect to permissions for uses and disclosures, HIPAA divides up health information into three categories. Into which category do discussions with family members go? - ✔✔ Uses or disclosures that require generally oral agreement only.
With respect to permissions for uses and disclosures, HIPAA divides up health information into three categories. Into which category does information related to research, marketing and fundraising go? - ✔✔ Uses or disclosures that generally require specific written authorization.
Which of the following are organizations required to do under HIPAA? - ✔✔ Appoint a Privacy Officer to administer HIPAA rules.
HIPAA allows healthcare organizations to control many information decisions. However, where the patient retains control, which of the following is true? - ✔✔ If a person has a right to make a healthcare decision, then generally that person has a right to control information associated with the decision.
Which of these is not generally a good practice for telephone use? - ✔✔ Using voicemail systems and answering machines that do not require a password or PIN for access.
Which of these is not generally a good practice for fax machine use? - ✔✔ Sensitive faxes -- inbound or outbound -- are left sitting in or around the machine.
Which of these is not a good practice for physical security? - ✔✔ To preserve good customer relations, visitors are generally allowed access to all areas of a facility unless it appears they are doing something suspicious.
Which of these is generally not a good practice with respect to oral communications (that is, talking) in organizations like healthcare facilities? - ✔✔ Use of full names in public areas or on intercom/paging systems, because there is no security issue with identifying persons in public areas and using full names helps avoid misidentification.
Information security's goals are sometimes described by the letters "CIA." Which of the following is correct definition of C, I, or A? - ✔✔ All the above
Which of the following is true? - ✔✔ Federal regulations include treatment-related uses and disclosures in a large category (along with payment and healthcare operations) that require no specific permission from patients.
When a patient enters a clinical facility, they must inevitably surrender control of their information for a broad range of uses and disclosures. In the circumstances where the patient retains control of information, which of the following is true? - ✔✔ If the person controls a decision about treatment, he/she controls information about the information associated with it.
Patients must be provided with federally-mandated Privacy Notices when they first encounter direct treatment providers. Which of the following is an implication of that for clinicians? - ✔✔ The provision of the notice just before receiving treatment means clinicians will receive some questions about privacy issues. There is an obligation to know the answers, or to be able to direct the patient to someone who does. [Show Less]