HIPAA Question and answers 100% correct Breach of Confidentiality & Security - correct answer Confidentiality is considered a contract that ensures that a patient's privacy is protected. Any time that contract is broken it is considered a "breach of confidentiality" and is a violation of the law...
HIPAA/Breach CRIS Course
Breach of Confidentiality & Security - correct answer ✔Confidentiality is
considered a contract that ensures that a patient's privacy is protected. Any
time that contract is broken it is considered a "breach of confidentiality" and is
a violation of the law. Both state and federal laws are in place to safeguard
medical information. If an individual state law is in conflict with federal law,
whichever is the stricter of the two will prevail.
Examples of a Breach of Confidentiality - correct answer ✔Disclosing the
wrong patient's health information
Wrong dates of service
Wrong record type
Releasing records without a valid authorization
Elevator, cafeteria, or hallway talk about private patient information
Faxing records to an incorrect fax number
Tossing discarded copies of patient records without shredding or placement in
a recycle bin
Taking records or copies of records home for personal use
Leaving records open on counters, desks and any unauthorized area
Discussing patient information with friends or family members
Incorrect writing of mailing addresses on envelopes
Releasing any sensitive records without the special authorizations that may be
required (drug, alcohol, HIV, mental health, genetic, etc.)
Unauthorized access or viewing of computer terminals
Speaking loudly on the telephone or in the work area where someone may
overhear patient health information
,Determining a Breach - correct answer ✔According to the HITECH Act, a
disclosure is considered a breach when unsecured protected health
information is accessed, acquired or disclosed by an unauthorized entity and
is not secured by a technology standard that renders protected health
information unusable, unreadable or indecipherable to unauthorized
individuals
HIPAA Omnibus Rule - correct answer ✔States it is presumed to be a
breach unless the covered entity or business associate demonstrates that
there is a low probability that the protected health information has been
compromised based on a risk assessment of at least the following factors:
The nature and extent of the protected health information involved, including
the types of identifiers and the likelihood of re-identification.
The unauthorized person who used the protected health information or to
whom the disclosure was made.
Whether the protected health information was actually acquired or viewed.
The extent to which the risk to the protected health information has been
mitigated.
Content of Breach Notification - correct answer ✔Regardless of the method
by which notice is provided to individuals, notice of breach shall include, to the
extent possible, the following:
A brief description of what happened, including the date of the breach and the
date of the discovery of the breach, if know,n.
A description of the types of unsecured protected health information that were
involved in the breach (such as full name, Social Security number, date of
birth, home address, account number, or disability code).
The steps individuals should take to protect themselves from potential harm
resulting from the breach.
A brief description of what the covered entity involved is doing to investigate
the breach, to mitigate losses, and to protect against any further breaches.
, Contact procedures for individuals to ask questions or learn additional
information, which shall include a toll free telephone number, an e-mail
address, Web site, or postal address.
Risk Assessment - correct answer ✔If the risk assessment determines
Low Risk that the information was compromised,
then the disclosure would not have to be reported to the patient or the
Department of Health and Human Services.
High Risk that the information was compromised,
Then HIPAA requires covered entities to provide notification to affected
individuals and to the Secretary of HHS.
Who to notify of the Breach - correct answer ✔If considered a breach of
unsecured (PHI) by a business associate of a covered entity:
the business associate is required to notify the covered entity of the breach
immediately.
The covered entity is required to report the notice of the breach electronically
to the HHS
Secretary without reasonable delay and no later than 60 days from the
discovery of the
breach for breaches affecting 500 or more individuals.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Academia199. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.99. You're not tied to anything after your purchase.