CIPP Study > HIPAA > Flashcards

HIPAA Flashcards

(13 cards)

Study These Flashcards
1
Q

Original Goal

A

to imporve healthcare efficiency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Privacy Rule Disclosure Requirements

A

PHI may not be disclosed except to:
- the patient
- part of treatment/payment/healthcare operations
- under valid auth from patient
- other permitted/required disclosures
* Minimum necessary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security Rule

A

ONLY APPLIES TO ePHI
- require minimum security standards (Amin/Technical/Physical safeguards)
- “reasonable and appropriate” level of security
- there are both “required” and “addressable” security controls
NIST SP 800- 662R> implement a security plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Privacy Rule Patient Rights Requirements

A
  • Privacy Notices (detailed notice of privacy rights)
  • patient access rights (to designated record set)
  • right to amend
  • right to accounting of disclosures
  • accountability requiresments (minimum necessary/disclosure limits)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Privacy Rule Safety Requirements

A

Require minimum security standards (Amin/Technical/Physical safeguards)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Enforcement

A

HHS Office of Civil Rights
- fines up to 2 million /year
- audits of CE/BA

DOJ- criminal prosecution
- prision up to 10 years

FTC- UDAP

State AG

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

HIPAA Safe Harbor Rule

A

Deidentifying data
- remove 18 idenitifiers
- after those are removed, you must not acutally know any realistic way the remaining data could still be idenitified

  • if both are true, data is cconsidered deidentified under Safe Harbor so HIPAA use/disclosure rules no long apply
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

HIPAA HBNR - HHS Secretary

A
  • 500+ = notify promptly
  • under 500 =. within 60 days of the end of the calendar year in which the breach occured
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

HIPAA HBNR - Media

A
  • CE must notify prominent media outlets in a state if breach affects more than 500 residents
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

HIPAA HBNR - Substitute Notice

A

if contact infor for 10+ affected individuals in not available, subsistute notice must be posted on orgs website

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

HIPAA HBNR - Business Associates

A
  • BAs must notifiy CE
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

HIPAA Rulemaking

A

HHS OCR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

HIPAA HBNR- Individuals

A
  • must notifiy potentially affected individuals
  • “without unreasonable delay” and “within 60 days”
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
CIPP Study
flashcards
Decks in class (32)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions