HIPAA STUDY QUIDE QUESTIONS WITH
COMPLETE SOUTIONS
What is the Health Insurance Portability and Accountability Act? HIPAA - Answer-It is a
federal law signed into law on Aug. 21, 1996
*A response by Congress to health care reform
*affects the health care industry
*IS MANDATORY
Why was HIPAA proposed? - Answer-Proposed due to the growing national concerns
for health care reform
HIPPA aka - Answer-Kennedy-Kassenbaum Act
What does HIPAA do? - Answer-1. Protects the privacy and security of pt's health
information
2. Provides for electronic and physical security of pt's health information
3. Prevents health care fraud and abuse
4. Simplifies billing and other transactions, reducing health care admin costs
What are two sides of HIPAA? - Answer-HIPAA Privacy
HIPAA Security
HIPPA Privacy - Answer-Protection for the privacy of Protected Health Information (PHI)
effective April 14, 2003 (including Standardization of electronic data interchange in
health care transactions, effective October 2003)
HIPAA Security - Answer-Protection for the security of electronic Protected Health
Information (e-PHI) effective April 20, 2005
What is the difference btwn privacy and security? - Answer-The privacy rule sets the
standards for how Covered Entities and Business Associated are to maintain the
privacy of PHI
*The security rule defines the standards which require Covered Entities to implement
basic safeguards to protect e-PHI
Covered Entities - Answer-Person, business, or agency- furnished, bills, or receives
payment for health care in the normal course of business
*Also, conducts covered transactions: activities normally associated w billing
Covered transaction are transmitted in electronic form
, Who must follow the HIPAA Law? - Answer-Covered Entities
What is a covered entity? - Answer-1. a health care provider that conducts certain
transactions in electronic form
2. a health care clearinghouse
3. a health plan
TTUSCH is a Covered Entity
Who does the Covered Entity consist of? - Answer-All of us members of the HSC
workforce (faculty, residents, staff, students, volunteers). We are all responsible for
HSC's Protected Health Info(PHI) whether it is transmitted electronically, in paper
format, or transmitted orally.
What is a Business Associate (BA)? - Answer-it is a person or entity which performs
certain functions or activities involving the use and/or disclosure of PHI, but the person
or entity is not a part of the Covered Entity (CE) or its workforce
What must be signed btwn the Covered Entity and the BA? - Answer-a Business
associate agreement
Ex: transcription services, temporary staffing services, EHR vendors, billing software
vendors
Business Associate Agreement - Answer-is required to insure the BA has sufficient
safeguards for protecting the Covered Entities information containing PHY in
accordance w HIPAA
*it is the responsibility of department administration when entering into an
agreement/contract with an external entity (vendor, contractor, academic institution) to
determine if PHI will be used. If so, BAA is required
*BAA review & approval will proceed through the HSC Contracting System
Data Use Agreement (DUA) - Answer-is a written agreement used for the transfer of
data that has been developed by nonprofit, government or private industry, where the
data is nonpublic or is otherwise subject to some restrictions on its use. This is often
employed when the data contains PHI whose release would violate HIPAA
When are DUAs typically used w/i the HSC? - Answer-When sharing data btwn the
HSC and an external entity for research projects
DUA review and approval with proceed through what? - Answer-through the HSC
contracting system
COMPLETE SOUTIONS
What is the Health Insurance Portability and Accountability Act? HIPAA - Answer-It is a
federal law signed into law on Aug. 21, 1996
*A response by Congress to health care reform
*affects the health care industry
*IS MANDATORY
Why was HIPAA proposed? - Answer-Proposed due to the growing national concerns
for health care reform
HIPPA aka - Answer-Kennedy-Kassenbaum Act
What does HIPAA do? - Answer-1. Protects the privacy and security of pt's health
information
2. Provides for electronic and physical security of pt's health information
3. Prevents health care fraud and abuse
4. Simplifies billing and other transactions, reducing health care admin costs
What are two sides of HIPAA? - Answer-HIPAA Privacy
HIPAA Security
HIPPA Privacy - Answer-Protection for the privacy of Protected Health Information (PHI)
effective April 14, 2003 (including Standardization of electronic data interchange in
health care transactions, effective October 2003)
HIPAA Security - Answer-Protection for the security of electronic Protected Health
Information (e-PHI) effective April 20, 2005
What is the difference btwn privacy and security? - Answer-The privacy rule sets the
standards for how Covered Entities and Business Associated are to maintain the
privacy of PHI
*The security rule defines the standards which require Covered Entities to implement
basic safeguards to protect e-PHI
Covered Entities - Answer-Person, business, or agency- furnished, bills, or receives
payment for health care in the normal course of business
*Also, conducts covered transactions: activities normally associated w billing
Covered transaction are transmitted in electronic form
, Who must follow the HIPAA Law? - Answer-Covered Entities
What is a covered entity? - Answer-1. a health care provider that conducts certain
transactions in electronic form
2. a health care clearinghouse
3. a health plan
TTUSCH is a Covered Entity
Who does the Covered Entity consist of? - Answer-All of us members of the HSC
workforce (faculty, residents, staff, students, volunteers). We are all responsible for
HSC's Protected Health Info(PHI) whether it is transmitted electronically, in paper
format, or transmitted orally.
What is a Business Associate (BA)? - Answer-it is a person or entity which performs
certain functions or activities involving the use and/or disclosure of PHI, but the person
or entity is not a part of the Covered Entity (CE) or its workforce
What must be signed btwn the Covered Entity and the BA? - Answer-a Business
associate agreement
Ex: transcription services, temporary staffing services, EHR vendors, billing software
vendors
Business Associate Agreement - Answer-is required to insure the BA has sufficient
safeguards for protecting the Covered Entities information containing PHY in
accordance w HIPAA
*it is the responsibility of department administration when entering into an
agreement/contract with an external entity (vendor, contractor, academic institution) to
determine if PHI will be used. If so, BAA is required
*BAA review & approval will proceed through the HSC Contracting System
Data Use Agreement (DUA) - Answer-is a written agreement used for the transfer of
data that has been developed by nonprofit, government or private industry, where the
data is nonpublic or is otherwise subject to some restrictions on its use. This is often
employed when the data contains PHI whose release would violate HIPAA
When are DUAs typically used w/i the HSC? - Answer-When sharing data btwn the
HSC and an external entity for research projects
DUA review and approval with proceed through what? - Answer-through the HSC
contracting system
