CITI Health Privacy Issues for Std and Ins, Citi
Terms in this set (20)
For health information privacy and security, are the legal and regulatory requirements for students different from those for regular members of the health care workforce?
No, students must meet the same standards as a regular member of the workforce performing the same tasks.
What about the ethical standards for student uses and disclosures?
Some would say it's higher, because patients don't always benefit from students' access to their data.
Patients have to provide an additional, specific authorization for training uses and disclosures of their information.
What about reporting privacy or security problems? Are the requirements for students the same as for regular workers?
Yes. Like any other member of the workforce, students are obligated to report problems they are not in a position to correct.
In the US, privacy protections for health information come from:
Privacy protections come from all of these sources - both federal and state law, as well as the requirements of private certification organizations.
Privacy, in the health information context discussed here, refers to:
The rules about who can access health information, and under what circumstances.
Under the federal HIPAA regulations, state health privacy laws:
Remain in effect if more stringent than what HIPAA provides.
What kinds of persons and organizations are affected by HIPAA's requirements?
Health care providers, health plans, and health information clearinghouses, their business associates, and the workers for those organizations.
HIPAA privacy protections cover identifiable personal information about the "past, present or future physical or mental health condition." What does that include?
Health information in any form or medium, as long as it is identified (or identifiable) as a particular person's information.
When patients receive a copy of an organization's Privacy Notice, they are asked to sign an acknowledgment. Why?
It shows they received it.
What are organizations covered by the federal HIPAA privacy law expected to do?
Organizations are expected to do all of these things.
Which of these is not a right under HIPAA?
To control all disclosures of information in the health record.
What does HIPAA's "minimum necessary" standard require of health care workers?
All of these are covered under "minimum necessary."
HIPAA's "incidental uses and disclosures" provision excuses deviations from the minimum necessary standard. What is excused?
Truly accidental "excess" uses and disclosures, where reasonable caution was otherwise used and there was no negligence.
When a privacy problem is discovered, which of the following is/are true?
All of the above
HIPAA allows health care organizations to control many information decisions. But where the patient retains control, which of the following is/are true?
If a person has a right to make a health care decision, then he/she has a right to control information associated with that decision.
With respect to permissions for uses and disclosures, HIPAA divides up health information into three categories. Into which category does information related to" treatment, payment and health care operations" go?
Uses or disclosures that can generally occur without any specific permission from the patient.
With respect to permissions for uses and disclosures, HIPAA divides up health information into three categories. Into which category do discussions with family members go?
Uses or disclosures that require generally oral agreement only.
With respect to permissions for uses and disclosures, HIPAA divides up health information into three categories. Into which category does information related to research, marketing and fundraising go?
Uses or disclosures that generally require specific written authorization.
Which of the following are organizations required to do under HIPAA?
All of the above; Organizations are expected to do all of these things.