CHPC Privacy Standards, Policies, And Procedures
- Questions With Correct Solutions
Organizational and informational components subject to the HIPAA
Program. Correct Answer - Health plans, health care
clearinghouses, and any health care provider that transmits health
information in electronic form in connection with transactions
defined by the rule. The Privacy Rule protects all individually
identifiable health information held or transmitted by a covered
entity or its business associate, in any form or media, whether
electronic, paper, or oral. The Privacy Rule calls this information
protected health information (PHI).
The standards, requirements, and implementation specifications
apply to a business associate.
Protected Health Information Correct Answer - PHI is
"Individually identifiable health information", including
demographic data, that relates to: an individual's past, present or
future physical or mental health condition; the provision of health
care to the individual; or the past, present, or future payment for the
provision of health care to the individual, and that identifies the
individual or for which there is reasonable basis to believe it can be
used to identify the individual.
Employment Records Correct Answer - The Privacy Rule
excludes from PHI employment records that a covered entity
maintains in its capacity as an employer and education and certain
other records subject to, or defined in, the Family Educational Rights
and Privacy Act, 20 USC sec 1232g.
What is the first administrative requirement of the Rule regarding
Policies and Procedures? Correct Answer - A covered entity or
, business associate must implement policies and procedures with
respect to PHI. Policies and procedures must be designed to comply
with the standards, implementation specifications, or other
requirements of the Rule.
How long must a covered entity or business associate maintain
privacy policies? Correct Answer - Six years from the date of
its creation or the date when it was last in effect, whichever is later.
Policy Availability Correct Answer - Policies must be available
to those persons responsible for implementing the procedures to
which the documents pertain.
How often must privacy policies be updated? Correct Answer -
Policies should be reviewed periodically and updated as needed, as
an organizational environment changes.
What are the elements of a privacy program? Correct Answer -
Notice of privacy practices, data inventories/data mapping, privacy
risk assessment, privacy policies, privacy controls, privacy officer,
privacy training, privacy audits.
What is the HITECH Act? Correct Answer - The HITECH Act
was enacted in 2009 to promote and expand the adoption of health
information technology, specifically, the use of electronic health
records (EHR) by healthcare providers. The Act also established
ONC in law and provided authority to improve health care quality,
safety, and efficiency through health IT. The Act also tightened up
the language of HIPAA and set meaningful use of interoperable EHRs
as a critical national goal and incentivized EHR adoption.
HITECH Correct Answer - Health Information Technology for
Economic and Clinical Health
- Questions With Correct Solutions
Organizational and informational components subject to the HIPAA
Program. Correct Answer - Health plans, health care
clearinghouses, and any health care provider that transmits health
information in electronic form in connection with transactions
defined by the rule. The Privacy Rule protects all individually
identifiable health information held or transmitted by a covered
entity or its business associate, in any form or media, whether
electronic, paper, or oral. The Privacy Rule calls this information
protected health information (PHI).
The standards, requirements, and implementation specifications
apply to a business associate.
Protected Health Information Correct Answer - PHI is
"Individually identifiable health information", including
demographic data, that relates to: an individual's past, present or
future physical or mental health condition; the provision of health
care to the individual; or the past, present, or future payment for the
provision of health care to the individual, and that identifies the
individual or for which there is reasonable basis to believe it can be
used to identify the individual.
Employment Records Correct Answer - The Privacy Rule
excludes from PHI employment records that a covered entity
maintains in its capacity as an employer and education and certain
other records subject to, or defined in, the Family Educational Rights
and Privacy Act, 20 USC sec 1232g.
What is the first administrative requirement of the Rule regarding
Policies and Procedures? Correct Answer - A covered entity or
, business associate must implement policies and procedures with
respect to PHI. Policies and procedures must be designed to comply
with the standards, implementation specifications, or other
requirements of the Rule.
How long must a covered entity or business associate maintain
privacy policies? Correct Answer - Six years from the date of
its creation or the date when it was last in effect, whichever is later.
Policy Availability Correct Answer - Policies must be available
to those persons responsible for implementing the procedures to
which the documents pertain.
How often must privacy policies be updated? Correct Answer -
Policies should be reviewed periodically and updated as needed, as
an organizational environment changes.
What are the elements of a privacy program? Correct Answer -
Notice of privacy practices, data inventories/data mapping, privacy
risk assessment, privacy policies, privacy controls, privacy officer,
privacy training, privacy audits.
What is the HITECH Act? Correct Answer - The HITECH Act
was enacted in 2009 to promote and expand the adoption of health
information technology, specifically, the use of electronic health
records (EHR) by healthcare providers. The Act also established
ONC in law and provided authority to improve health care quality,
safety, and efficiency through health IT. The Act also tightened up
the language of HIPAA and set meaningful use of interoperable EHRs
as a critical national goal and incentivized EHR adoption.
HITECH Correct Answer - Health Information Technology for
Economic and Clinical Health
