HIPAA HIO-201 Dumps

The protected health information must be removed from the information. A substitute "key" may be supplied to allow re-identification, if needed.

Limit the information to coverage, dates of treatment, and payment amounts to avoid collecting any protected data.

Nothing. An oversight agency has the right to access this information without prior authorization.

Request that the insurance commissioner ask for an exception from HIPAA from the Department of Health and Human Services.

A written authorization is required from the patient.

Establishing an orderly hierarchy where HIPAA applies, then other Federal law, then State law.

Defining privacy to be a national interest that is best protected by Federal law

Allowing State privacy laws to provide a cumulative effect lower than HIPAA.

Mandating that Federal laws preempt State laws regarding privacy.

Establishing a "floor" for privacy protection.

Business Associate Contract

Data Backup Plan

Media Re-use

Disposal

Accountability

The date on which any automatic extension occurs.

Covered entity's signature.

A statement that federal privacy laws still protect the information after it is disclosed.

A statement that the individual has no right to revoke the authorization.

The date signed.

Eligibility status

Benefit maximums

Participating providers

Deductibles & exclusions

Co-pay amounts

The types of financial information to be disclosed.

The specific individuals or entities to which disclosure would be made.

The types of persons who would receive PHI.

The conditions that would not apply to disclosure of PHI

The criteria for reviewing requests for routine disclosure of PHI.

Covered entities must reasonably safeguard PHI, including oral communications, from any intentional or unintentional use or disclosure that is in violation of the Privacy Rule.

Covered entities must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of de-Identified data.

Covered entities are prohibited from marketing through oral communications

The Privacy Rule requires covered entities to document any information, including oral communications, which is used or disclosed for TPO purposes.

The Privacy Rule will often require major structural changes, such as soundproof rooms and encryption of telephone systems, to provide the "reasonable safeguards" of oral communications required by the regulations

Person or Entity Authentication

Technical Safeguards

Administrative Safeguards

Physical Safeguards

Transmission Security

$1,000,000 per person pet violation

$10 per person pet violation

$10,000 per person per violation

$100 per person per violation

$1000 per person per violation

Business Associate Contract

Response and Reporting

Emergency Access Procedure

Sanction policy

Risk Management

Data element

Data segment

Transaction set

Functional envelope

Interchange envelope

A list of authorized entities, together with their access rights.

Corroborating your identity.

The prevention of an unauthorized use of a resource.

Proving that nothing regarding your identity has been altered

Being unable to deny you took pan in a transaction.

Security Management Process

Transmission Security

Person or Entity Authentication

Facility Access Controls

Information Access Management

837 - Professional

834

CPT-4

837 - Institutional

CDT

Loop.

Enumerator.

Identifier

Data segment.

Code set.

Security Management Process

Device and Media Controls

Information Access Management

Audit Controls

Transmission Security

No - This would be considered an allowed "routine disclosure" between the doctor and his business partner

Yes - There is no exception to the requirement for an authorization prior to disclosure, no matter how well intentioned or documented.

Yes - a delivery service is not considered a covered entity

Yes - to be a “routine disclosure” all the parties must have their own Privacy Officer as mandated by HIPAA

Yes - this is not considered a part of "treatment", which is one of the valid exceptions to the Privacy Rule

Access Control

Audit Controls

Authorization Controls

Data Authentication

Person or Entity Authentication

"Disclosure" refers lo employing IIHI within a covered entity.

"Disclosure" refers to utilizing, examining, or analyzing IIHI within a covered entity.

"Disclosure" refers to the release, transfer, or divulging of IIHI to another covered entity.

"Disclosure" refers to the movement of information within an organization.

"Disclosure" refers to the sharing of information within the covered entity.

All Employers.

The Washington Publishing Company

Disclosure of non-identifiable demographics.

Oral disclosure of PHI.

The prevention of use of de-identified information.

Requires PKI for the provider and the patient.

Is exempt from HIPAA regulations.

Is a not-for-profit operation.

Identifies all hospitals and health care organizations.

Performs the functions of format translation and data conversion.

Risk Analysis

Risk Management

Access Establishment and Modification

Isolating Health care Clearinghouse Function

Information System Activity Review

October 16, 2003 - small health plans to begin testing without ASCA extension

October 16, 2004 - full compliance deadline for small health plans

April 16, 2004 - small health plans to begin testing with ASCA extension

April 16, 2003 - deadline to begin testing with ASCA extension

April 14, 2003; deadline to begin testing with the ASCA extension.

Is required for all Business Associate Contracts.

Must always be associated with a valid authorization.

Must be signed before providing treatment to a patient.

Must be associated with a valid Business Associate Contract.

Must describe the individual's rights under the Privacy Rule.