CDEO - Chapter 2
Health ______ covered entities are organizations that pay providers on behalf of an individual receiving
medical care. These plans include health, dental, vision, and prescription drug insurers. Some examples
include health maintenance organizations (HMOs), Medicare, Medicaid, - plan
Covered entities are defined as health _____, healthcare ________, and any healthcare _________ who
transmits health - plans, clearinghouses, provider
Congress did not enact privacy legislation within the specified time governed by HIPAA. The U.S.
Department of Health and Human Services (HHS) developed a proposed rule, which was released for
comment on November 3, 1999. Many comments were received, and modifications were made to the
rule. The modifications were published and released in final form on ______. - August 14, 2002
(HIPAA) - Health Insurance Portability and Accountability Act of 1996
HIPAA was enacted on _________. - August 21, 1996
HIPAA aka as ______ bill, was originally enacted to provide rights and protections for participants and
beneficiaries of group health plans. Under this law, exclusions for preexisting conditions were limited,
and discrimination against employees and dependents based on their health status were prohibited. -
Kennedy-Kassebaum
HIPAA also established the Healthcare _____ and _____ Control Program, a far-reaching program in
healthcare, including both public and private health plans to combat both - Fraud, Abuse
HIPAA _______ provisions required that sections of the law be publicized to explain the standards for the
electronic exchange, privacy, and security of health information. - Administrative Simplification
_____ issued a privacy rule to set a national standard for the protection of certain health information. -
HHS
,The _______ standards address how an individual's protected health information (PHI) may be used. Its
purpose is to protect individual - Privacy Rule
- privacy, while promoting high-quality healthcare and public health and well-being.
The Privacy Rule was designed to be ______ and ______, to allow for the various uses and disclosures
the healthcare community must address. - flexible, comprehensive
____ covered entities are required to follow the Privacy Rule. - All
- information in an electronic format.
- and Medicare supplement insurers, as well as employer, government, and church-sponsored
group health plans. There are exceptions: An employer who solely establishes and maintains the plan
with fewer than 50 participants is exempt. Two types of government-funded programs
- are not health plans: food stamps and community health centers. Insurers providing only
worker's compensation, automobile insurance, and property and casualty insurance are not considered
to be health plans.
All healthcare ________ who electronically transmit health information through certain transactions are
covered entities. Some examples of transactions that may be submitted electronically are claim forms,
inquiries about the eligibility of benefits, and requests for authorization of referrals. Simply using
electronic technology, such as sending emails, does not mean a healthcare provider is a covered entity;
the transmission must be in connection with a standard transaction. The rule applies to all, regardless of
whether they transmit the transactions directly, or use a billing service or other third party to transmit
on their behalf. They are defined as providers of services, such as hospitals, and providers of medical or
health services, such as physicians, dentists, and other practitioners who furnish, bill, or receive payment
for healthcare. - providers
Healthcare ________ include billing services, repricing companies, and community health management
information systems that process nonstandard information, received from another entity, into a standard
(ie, standard format or data content) or vice versa. In most instances, healthcare clearinghouses receive
,individually identifiable information for processing services to a health plan or healthcare provider as a
business associate. In these cases, only certain provisions are applicable to the clearinghouses' uses and
disclosures of protected health information. - clearinghouses
_______ occur through electronic exchanges, which allow information to be transferred between two
parties for specific purposes. - Transactions
A healthcare provider will send a claim to a health _____ to request payment for the medical services he
or she provides. - plan
_____ regulations standardized transactions for Electronic Data Interchange (EDI) of healthcare data.
These transactions are: claims and encounter information, payment and remittance advice, claims
status, eligibility, enrollment and disenrollment, referrals and authorizations, coordination of benefits,
and premium payment. - HIPAA
Under _______, electronic transactions must use the adopted standard and adhere to the content and
format requirements of ASC X12N or NCPDP (used for certain pharmacy transactions) for each
transaction. An additional rule was adopted to standardize the code sets for diagnoses and procedures.
These code sets include: HCPCS (Healthcare Common Procedure Coding System—ancillary services and
procedures); CPT® (Current Procedural Terminology—physician's procedures); CDT® (Current Dental
Terminology—dental procedures); ICD-9 (International Classification of Diseases-9th revision— diagnosis
and inpatient hospital procedures); ICD-10 (International Classification of Diseases-10th Revision, which
replaced ICD-9 on October 1, 2015); and NDC (National Drug Codes). - HIPAA
In addition to the standardization of the codes used to request payment for medical services, a _______
for employers and providers must be used on all transactions. - unique identifier
_______ perform certain functions or activities, which involve the use or disclosure of individually
identifiable health information, on behalf of another person or organization, without being a member of
the entity's workforce. These services include claims processing or administration, data analysis,
utilization review, billing, benefit management, and re-pricing. - Business associates
_______ associate services to a covered entity are limited to legal, actuarial, accounting, consulting, data
aggregation, management, administrative, accreditation, or financial services. - Business
, To be considered a business associate, the persons or organizations would involve the use or disclosure
of ________ between the two parties. - protected health information
A covered entity ____ be a business associate of another covered entity. - can
HITECH - Health Information Technology for Economic and Clinical Health Act
The ______ enacted as part of the American Recovery and Reinvestment Act (ARRA) of 2009, also
specifies that an organization that provides data transmission of PHI to a covered entity and that
requires access to PHI routinely, such as a Health Information Exchange Organization, will be treated as a
business associate. - HITECH
A _______ is required between business associates to impose specified written safeguards on the
individually identifiable health information used or disclosed by the business associate. It must describe
the permitted and required uses of protected health information by the business associate, limit the
business associate from using or further disclosing the protected health information (except where
permitted by - contract
- contract or required by law), and require the business associate to follow appropriate
safeguards to prevent use or disclosure of the protected health information, except as expressly defined
in the contract.
Covered entities may not contractually authorize a business associate to make any use or disclosure of
protected health information that would violate the _______ - privacy rule
Words or phrases contained in brackets are intended as either _____ language or as ______ to the users
of these sample provisions. - optional, instructions
The following terms used in this Agreement shall have the same meaning as those terms in the _____
Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Healthcare Operations, Individual,
Minimum Necessary, Notice of Privacy Practices, Protected Health Information, Required by Law,
Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use. -
HIPAA
