HIM 320 EXAM 2 QUESTIONS AND
ANSWERS ALL CORRECT | 100%
GUARANTEED PASS
A list of all disclosures made of a patient's health information; Section 164.528 of the
Privacy Rule states that an individual has the right to receive an accounting of certain
disclosures made by a covered entity within the six years prior to the date on which the
accounting was requested - Answer- accounting of disclosures
The right of individuals to ask that a covered entity amend their health records, as
provided in Section 164.526 of the Privacy Rule - Answer- amendment request
An American Recovery and Reinvestment Act requirement that mandates the
notification of individuals following the unauthorized use or disclosure of their protected
health information, as the information's security or privacy may be compromised -
Answer- breach notification
As defined by HIPAA, a request that protected health information be routed to an
alternative location or by an alternative method; must be honored by health plans under
HIPAA - Answer- confidential communications
An agreement between a covered entity and a researcher stipulating that the researcher
will receive only a limited data set for research, public health, or healthcare operations -
Answer- data use agreement
An initiative created by the U.S. Department of Health and Human Services to ensure
that individuals were able to access their health records both in a timely manner and at
a reasonable cost - Answer- HIPAA right of access initaitive
Required by the Privacy Rule (45 CFR 164.530(f)), the lessening as much as possible
of harmful effects that result from the wrongful use and disclosure of protected health
information; possible courses of action may include an apology, disciplinary action
against the responsible employee or employees (although such results will not be able
to be shared with the wronged individual), repair of the process that resulted in the
breach, payment of a bill or financial loss that resulted from the infraction, or gestures of
goodwill and good public relations (such as a gift certificate) that may assuage the
individual - Answer- mitigation
, A legal doctrine that requires a covered entity to comply with federal law when federal
and state law conflict - Answer- preemption
A position mandated under the HIPAA Privacy Rule—covered entities must designate
an individual to be responsible for developing and implementing privacy policies and
procedures - Answer- privacy officer
Under the Privacy Rule, the right of an individual to request that a covered entity limit
the uses and disclosures of protected health information to carry out treatment,
payment, or healthcare operations - Answer- request restrictions
Rights protected under the Privacy Rule. To ensure the integrity of individuals' right to
complain about alleged Privacy Rule violations, covered entities are expressly
prohibited from retaliating against anyone who exercises his or her rights under the
Privacy Rule, assists in an investigation by the Department of Health and Human
Services or other appropriate investigative authority, or opposes an act or practice that
he or she believes is a violation of the Privacy Rule; individuals cannot be required to
waive the rights that they hold under the Privacy Rule in order to obtain treatment,
payment, or eligibility for enrollment or benefits - Answer- retaliation and waiver
Creates significant rights for patients to help them understand and control how their
health information is used and disclosed - Answer- HIPAA's Privacy Rule
When it comes to rights for patients, do states provide these additional rights (meaning
does it add onto HIPAA's privacy rule that gives these patient rights) - Answer- NO,
most states do not provide these additional rights
When must CEs give individuals their Notice of Privacy Practices (NPP)? what manner
should they give it in? - Answer- upon first contact (whether that be electronic, physical,
telehealth services, or electornic prescribing) with the patient to allow individuals to
decide whether to enter into the relationship
In terms of manner, if electronic, it should be done so electronically (can even be done
through email if the individual agrees) but if the provider has a physical delivery site,
they must have paper/physical copies of the notice available for individuals seeking
services from them
Ex. Of what wouldn't be first contact: call before appointment for insurance information
or surgery center calls patient to ask some questions about the procedure the next day,
this would not be considered first contact so you wouldn't need to give a NPP...would
still be in compliance with the HIPAA privacy rule
in the notice of privacy act, covered entities must inform individuals of (4) - Answer-
•How it will use and disclose PHI
ANSWERS ALL CORRECT | 100%
GUARANTEED PASS
A list of all disclosures made of a patient's health information; Section 164.528 of the
Privacy Rule states that an individual has the right to receive an accounting of certain
disclosures made by a covered entity within the six years prior to the date on which the
accounting was requested - Answer- accounting of disclosures
The right of individuals to ask that a covered entity amend their health records, as
provided in Section 164.526 of the Privacy Rule - Answer- amendment request
An American Recovery and Reinvestment Act requirement that mandates the
notification of individuals following the unauthorized use or disclosure of their protected
health information, as the information's security or privacy may be compromised -
Answer- breach notification
As defined by HIPAA, a request that protected health information be routed to an
alternative location or by an alternative method; must be honored by health plans under
HIPAA - Answer- confidential communications
An agreement between a covered entity and a researcher stipulating that the researcher
will receive only a limited data set for research, public health, or healthcare operations -
Answer- data use agreement
An initiative created by the U.S. Department of Health and Human Services to ensure
that individuals were able to access their health records both in a timely manner and at
a reasonable cost - Answer- HIPAA right of access initaitive
Required by the Privacy Rule (45 CFR 164.530(f)), the lessening as much as possible
of harmful effects that result from the wrongful use and disclosure of protected health
information; possible courses of action may include an apology, disciplinary action
against the responsible employee or employees (although such results will not be able
to be shared with the wronged individual), repair of the process that resulted in the
breach, payment of a bill or financial loss that resulted from the infraction, or gestures of
goodwill and good public relations (such as a gift certificate) that may assuage the
individual - Answer- mitigation
, A legal doctrine that requires a covered entity to comply with federal law when federal
and state law conflict - Answer- preemption
A position mandated under the HIPAA Privacy Rule—covered entities must designate
an individual to be responsible for developing and implementing privacy policies and
procedures - Answer- privacy officer
Under the Privacy Rule, the right of an individual to request that a covered entity limit
the uses and disclosures of protected health information to carry out treatment,
payment, or healthcare operations - Answer- request restrictions
Rights protected under the Privacy Rule. To ensure the integrity of individuals' right to
complain about alleged Privacy Rule violations, covered entities are expressly
prohibited from retaliating against anyone who exercises his or her rights under the
Privacy Rule, assists in an investigation by the Department of Health and Human
Services or other appropriate investigative authority, or opposes an act or practice that
he or she believes is a violation of the Privacy Rule; individuals cannot be required to
waive the rights that they hold under the Privacy Rule in order to obtain treatment,
payment, or eligibility for enrollment or benefits - Answer- retaliation and waiver
Creates significant rights for patients to help them understand and control how their
health information is used and disclosed - Answer- HIPAA's Privacy Rule
When it comes to rights for patients, do states provide these additional rights (meaning
does it add onto HIPAA's privacy rule that gives these patient rights) - Answer- NO,
most states do not provide these additional rights
When must CEs give individuals their Notice of Privacy Practices (NPP)? what manner
should they give it in? - Answer- upon first contact (whether that be electronic, physical,
telehealth services, or electornic prescribing) with the patient to allow individuals to
decide whether to enter into the relationship
In terms of manner, if electronic, it should be done so electronically (can even be done
through email if the individual agrees) but if the provider has a physical delivery site,
they must have paper/physical copies of the notice available for individuals seeking
services from them
Ex. Of what wouldn't be first contact: call before appointment for insurance information
or surgery center calls patient to ask some questions about the procedure the next day,
this would not be considered first contact so you wouldn't need to give a NPP...would
still be in compliance with the HIPAA privacy rule
in the notice of privacy act, covered entities must inform individuals of (4) - Answer-
•How it will use and disclose PHI
