Understanding HIPAA
"war driving" equipment - questions and answers-is used to locate and exploit connections to
wireless networks
authentication - questions and answers-is the process by which a user or system is identified.
Authentication is based on one or more factors. In classic security terminology, these are
ownership factors (what someone has), knowledge factors (what someone knows) and
inherence factors (what someone is or does)
business associate - questions and answers-is a third party who provides a service for a
covered entity, and who will be exposed regularly to PHI
business association agreement - questions and answers-is established to get the business
associate to officially acknowledge that they will protect the privacy rights of the subject
individual. It allows a covered entity to prove that the associate knows that it cannot engage in
any unauthorized uses or disclosures of any PHI they may come into contact with
chain of trust - questions and answers-applies primarily to information in electronic form.
However, chain of trust applies regardless of whether information is transmitted electronically or
shipped via regular mail. Whenever you and a recipient have taken steps to ensure that
information is properly sent and received, you have established a chain of trust. A chain of trust
involves the following three elements: The creation of security mechanisms, including forms of
authentication, to determine identity as well as provide encryption to ensure data privacy
chain of trust agreement - questions and answers-is where each party promises that information
will be properly transmitted and stored. It is often a central part of a business associate
agreement. A chain of trust agreement involves identifying each time information is received
and processed along its transmission path
charts - questions and answers-are documents that include detailed information kept by the
doctor on a patient
civil penalties - questions and answers-are those that involve private parties against each other
covered entity - questions and answers-is an organization that must follow HIPAA rules.
Examples include: Health care professionals from any and all disciplines, as well as their
assistants. Clinics, pharmacies and hospitals. Health insurance companies. Health care clearing
houses. Health care providers with financial or administrative duties, including those who
transmit information in electronic form. And federal and state government employees involved
with medical professionals
, criminal penalties - questions and answers-are those penalties that would involve charges in a
criminal court. The federal government would bring these charges up and prosecute accordingly
Database - questions and answers-are places where information is stored so that it can be
easily retrieved and manipulated
de-identified information - questions and answers-contains statistics about disease penetration
into specific demographics, like gender or race. De-identified information never includes specific
names of people
Electronically Protected Information - questions and answers-is another way to refer to
confidential patient information
encryption - questions and answers-is the process of applying a specific algorithm to data to
change the appearance of the data. This process makes the data incomprehensible to those
who are not authorized to view the information
exclusion period - questions and answers-is the maximum amount of time that individuals need
to wait for coverage of a pre-existing condition. It can be no longer than 12 months, or 18
months if the individual has not enrolled during the open enrollment period
Health Insurance Portability and Accountability Act (HIPAA) - questions and answers-is a set of
mandatory laws, rules and standards meant to help individuals ensure that their medical
information is properly gathered, stored and managed. It also ensures that individuals have
access to their own medical information and that individuals are properly informed about
choices that are available to them in regards to their private information. It made a federal law in
1996, was designed to ensure that all parties associated with the health care industry clearly
understand their rights and responsibilities
HIPAA compliance officer - questions and answers-HIPAA requires that each covered entity
have an employee referred to as the "privacy officer" or the "privacy official." It is often someone
in middle or possibly senior management. Responsibilities include establishing HIPAA-compliant
procedures and policies; making sure rules and policies are posted; training individuals to
conform to HIPAA regulations; fielding questions about procedures; authorizing the transfer of
information between covered entities; handling HIPAA-related complaints from customers and
workers; requesting changes to information; and handling special circumstances, such as
processing particularly sensitive information, like AIDS data
HIPAA privacy acknowledgment form - questions and answers-explains the rights individuals
have, as well as the responsibilities health care providers have
hybrid entity - questions and answers-refers to a larger company that is designated as the
covered entity. It is designated as such because some departments and divisions in the
"war driving" equipment - questions and answers-is used to locate and exploit connections to
wireless networks
authentication - questions and answers-is the process by which a user or system is identified.
Authentication is based on one or more factors. In classic security terminology, these are
ownership factors (what someone has), knowledge factors (what someone knows) and
inherence factors (what someone is or does)
business associate - questions and answers-is a third party who provides a service for a
covered entity, and who will be exposed regularly to PHI
business association agreement - questions and answers-is established to get the business
associate to officially acknowledge that they will protect the privacy rights of the subject
individual. It allows a covered entity to prove that the associate knows that it cannot engage in
any unauthorized uses or disclosures of any PHI they may come into contact with
chain of trust - questions and answers-applies primarily to information in electronic form.
However, chain of trust applies regardless of whether information is transmitted electronically or
shipped via regular mail. Whenever you and a recipient have taken steps to ensure that
information is properly sent and received, you have established a chain of trust. A chain of trust
involves the following three elements: The creation of security mechanisms, including forms of
authentication, to determine identity as well as provide encryption to ensure data privacy
chain of trust agreement - questions and answers-is where each party promises that information
will be properly transmitted and stored. It is often a central part of a business associate
agreement. A chain of trust agreement involves identifying each time information is received
and processed along its transmission path
charts - questions and answers-are documents that include detailed information kept by the
doctor on a patient
civil penalties - questions and answers-are those that involve private parties against each other
covered entity - questions and answers-is an organization that must follow HIPAA rules.
Examples include: Health care professionals from any and all disciplines, as well as their
assistants. Clinics, pharmacies and hospitals. Health insurance companies. Health care clearing
houses. Health care providers with financial or administrative duties, including those who
transmit information in electronic form. And federal and state government employees involved
with medical professionals
, criminal penalties - questions and answers-are those penalties that would involve charges in a
criminal court. The federal government would bring these charges up and prosecute accordingly
Database - questions and answers-are places where information is stored so that it can be
easily retrieved and manipulated
de-identified information - questions and answers-contains statistics about disease penetration
into specific demographics, like gender or race. De-identified information never includes specific
names of people
Electronically Protected Information - questions and answers-is another way to refer to
confidential patient information
encryption - questions and answers-is the process of applying a specific algorithm to data to
change the appearance of the data. This process makes the data incomprehensible to those
who are not authorized to view the information
exclusion period - questions and answers-is the maximum amount of time that individuals need
to wait for coverage of a pre-existing condition. It can be no longer than 12 months, or 18
months if the individual has not enrolled during the open enrollment period
Health Insurance Portability and Accountability Act (HIPAA) - questions and answers-is a set of
mandatory laws, rules and standards meant to help individuals ensure that their medical
information is properly gathered, stored and managed. It also ensures that individuals have
access to their own medical information and that individuals are properly informed about
choices that are available to them in regards to their private information. It made a federal law in
1996, was designed to ensure that all parties associated with the health care industry clearly
understand their rights and responsibilities
HIPAA compliance officer - questions and answers-HIPAA requires that each covered entity
have an employee referred to as the "privacy officer" or the "privacy official." It is often someone
in middle or possibly senior management. Responsibilities include establishing HIPAA-compliant
procedures and policies; making sure rules and policies are posted; training individuals to
conform to HIPAA regulations; fielding questions about procedures; authorizing the transfer of
information between covered entities; handling HIPAA-related complaints from customers and
workers; requesting changes to information; and handling special circumstances, such as
processing particularly sensitive information, like AIDS data
HIPAA privacy acknowledgment form - questions and answers-explains the rights individuals
have, as well as the responsibilities health care providers have
hybrid entity - questions and answers-refers to a larger company that is designated as the
covered entity. It is designated as such because some departments and divisions in the
