Electronic Health Records - Ch. 10

Privacy and Security of Health Records
What do the acronyms PHI and EPHI represent?
PHI - Protected Health Information; EPHI - Protected Health Information in Electronic Format
List the 3 criteria of an electronic signature.
1. message integrity - recipient must be able to confirm document has not been altered after signing
2. Non-repudiation - signer cannot deny signing
3. User Authentication - recipient must be able to confirm signature
Compare the differences between consent and authorization.
Authorization differs from consent in that authorization requires the patient's permission to disclose PHI. Signed consent is optional
Does a provider need the patient's consent to share PHI with an authorized government agency?
List the four components of the HIPAA Administrative Simplification Subsection.
1. Transactions and Code Sets
2. Uniform Identifiers
3. Privacy
4. Security
Which part of the regulation went into effect first?
Transactions and code sets
Which part of the regulation went into effect last?
Uniform identifiers
Business Associate Agreements apply to which components of the Administrative Simplification Subsection?
Privacy and Security
What department of the U.S. government enforces HIPAA?
Department of Health and Human Services (HHS)
List the 3 categories of the Security Rule
1. Administrative safeguards - security training
2. Physical safeguards - restricting access to EPHI; off-site computer back ups
3. Technical safeguards - automated process; authentication controls
Name the covered entities under HIPAA
healthcare providers, health plans, clearinghouses
Which components of the Administrative Simplification Subsection have employee training as one of the requirements?
Privacy and Security
List the requirements for the medical office privacy policy.
must be in plain language; describes how the entity may use and disclose PHI; explain individual's rights and how to exercise said rights; explain how the individual may complain to covered entity; describe covered entity's legal duties; provide information about whom individuals may contact for further information about policies
Name 3 of the technical safeguards
1. encryption/decryption
2. unique user identification
3. automatic log-off
Who may sign an authorization to release PHI?
the patient or the patient's personal representative