questions and answers
Which rule requires HHS to issue interim final regulations for breach
notification?✔✔- Health Information Technology for
Economic and Clinical Health (HITECH) Act as Title XIII
of Division A and Title IV of Division B of the American Recovery and Reinvestment
Act of 2009 (ARRA) (Pub. L. 111-5). Subtitle D of the HITECH Act (the Act), entitled
''Privacy,'' among other provisions
Which government agency handles Personal Health Records (PHR)?✔✔FTC
Access✔✔ability or means necessary to read,
write, modify, communicate, or otherwise use data/information.
Authorized Person✔✔individual authorized by the entity or the entity's Business
Associate
to acquire, access, or use Protected Health Information ("PHI") that is within the
individual's scope of employment
Limited Data Set.✔✔PHI that excludes 16 specific
identifiers as defined in the HIPAA Privacy Rule, but includes:
- zip codes
- geographical codes
- dates of birth
- other date information
- any other
code.
Organized Healthcare Arrangement✔✔A clinically integrated care setting in which
individuals typically receive health care from more than one provider
Unauthorized✔✔An impermissible use or disclosure
of PHI under the HIPAA Privacy Rule
Unauthorized Access✔✔inappropriate viewing of a patient's medical or financial
information
without a direct need for diagnosis, treatment, payment, or other lawful use.
Unsecured Protected Health Information✔✔PHI that is not secured through the use
of a technology or methodology that renders PHI "unusable, unreadable, or
indecipherable to unauthorized"
- encryption
, _ destruction
Protected Health Information ("PHI")✔✔Individually identifiable health information
that is
(i) transmitted by electronic media
(ii) maintained in any medium such as magnetic tape, disc, optical file
(iii) transmitted or maintained in any other form or medium
(including but not necessarily
limited to paper, voice, Internet, or facsimile).
Workforce Member✔✔Employees, volunteers, students, medical residents, trainees,
and other
persons whose conduct, in the performance of work for an entity, is under the direct
control of the entity, whether or not they are paid by the
entity
Breach (as defined in HITECH 164.402✔✔The acquisition, access, use, or
disclosure of protected health information in a manner not permitted
under subpart E of this part which compromises the security or privacy of the
protected health information
Harm✔✔means poses a significant risk of financial, reputational, or other harm to the
individual.
PHI identifiers✔✔• Name
• Date of Birth or any other date smaller than a year
• Any elements of dates smaller than a year (i.e., date of admission, discharge,
death, etc.)
• Zip Code
• Medical Record Number
• Device Identification Numbers
• Social Security Number
• Any geographic subdivision smaller than a state
• Phone Numbers
• Fax Numbers
• E-mail Addresses
• Health Plan Beneficiary Number
• Any other Account Number
• Certificate/License Numbers
• Vehicle Identifiers
• WEB URLs
• Internet IP Address Numbers
• Full face photographs or comparable images
• Biometric Identifiers (fingerprint, voice prints,
retina scan, etc.)
• Any other unique number, characteristic or code
Unsecured Protected Health Information✔✔health information that is not rendered