HCCA CHPC Study Guide (Latest )
Real Questions and Accurate Answers (100%
Verified)
• Purpose of HIPAA -✓✓Protect PHI from unauthorized disclosure/use; Prevent
fraud, waste and abuse (via Administrative Simplification); Make health insurance
portable under ERISA; Move health care onto a nationally standardized electronic
billing platform.
• HIPAA CFR section -✓✓45 CFR sections 164.102 through 164.534.
• Subparts of HIPAA part 164 -✓✓Subpart A - General rules; Subpart C - Security;
Subpart D - Breach notification; Subpart E - Privacy.
• Covered Entity Determination -✓✓1. Compare if the organization meets one of
the 3 types of CE (provider, health plan, clearinghouse) and 2. Determine if the
organization electronically transmits one of the 9 defined transactions.
• Defined Transactions -✓✓Health claims or equivalent encounter information;
Health claims attachments; Enrollment and disenrollment in a health plan;
Eligibility for a health plan; Health care payment and remittance advice; Health
plan premium payments; First report of injury; Health claim status; Referral
certification and authorization.
• Business Associates -✓✓Business associates of covered entities must follow
parts of the HIPAA regulations.
• Privacy Act of 1974 -✓✓Established restrictions on how government agencies
can share information maintained in Federal systems of records that might infringe
on an individual's privacy rights.
• HIPAA Entity Designation -✓✓Not considered a HIPAA Entity Designation:
Contract arrangement with FEDEX carrier.
• Gramm-Leach-Bliley Act (GLBA) -✓✓Also known as the Financial Services
Modernization Act of 1999, includes The Financial Privacy Rule and The
,Safeguards Rule requiring all financial institutions to protect customer's personal
financial information.
• OHCA -✓✓Organized Health Care Arrangement, a clinically integrated care
setting where individuals receive health care from more than one provider.
• ACE -✓✓Affiliated Covered Entity, legally separate covered entities that share
common control/ownership and designate themselves as a single CE for the
purpose of complying with the HIPAA Privacy standards.
• ACE Example -✓✓A health system composed of several affiliated hospitals.
• Hybrid Entity -✓✓Entity that conducts both covered functions (healthcare
functions) and non-covered functions (other biz/non-healthcare functions) to elect
to be a 'hybrid entity.'
• Hybrid Entity Example -✓✓A University System that has a research laboratory
or academic medical center.
• HIPAA -✓✓Health Insurance Portability and Accountability Act, which provides
standards for the access, disclosure, transmission, and retention of PHI.
• PHI -✓✓Protected Health Information, which is any information that can be used
to identify an individual and relates to their health status, provision of health care,
or payment for health care.
• Transaction (healthcare transaction) -✓✓The transmission of information
between two parties to carry out financial or administrative activities related to
health care.
• Examples of healthcare transactions -✓✓Healthcare claims, coordination of
benefits, health plan premium payments, remittance advice (or ETF, electronic
fund transfer), referral certification and authorization.
• BA (Business Associate) -✓✓Performs functions or activities on behalf of a
covered entity that involve access by the business associate to protected health
information.
,• Examples of Business Associate functions -✓✓Claims processing, data analysis,
billing, benefit management, quality assurance, quality improvement, practice
management, legal, actuarial, accounting, accreditation, and other administrative
services.
• Business Associate contract requirement -✓✓A hospital is not required to have a
business associate contract with the specialist to whom it refers a patient and
transmits the patient's medical chart for treatment purposes.
• TPO -✓✓Treatment, Payment, and Operations; use and disclosure of PHI for
these purposes requires no specific authorization.
• HITECH -✓✓Health Information Technology for Economic and Clinical Health
Act, which made business associates directly responsible for HIPAA compliance.
• Deemed status of business associates -✓✓Contracted vendors or individuals
performing services related to handling PHI are classified as business associates by
law, regardless of their awareness of this status.
• Subcontractor as a Business Associate -✓✓A subcontractor that creates, receives,
maintains, or transmits PHI on behalf of a business associate is also considered a
business associate.
• Business associate agreement -✓✓Obligation under HIPAA and HITECH for
individuals or entities identified as business associates to enter into a business
associate agreement with their contracted covered entities.
• Exceptions to business associate agreement mandate -✓✓For purposes of TPO,
determining health plan eligibility and enrollment, and when there is no
involvement of use/disclosure of PHI.
• Authorization to use/disclose PHI -✓✓A covered entity requires authorization to
use/disclose PHI for sales and marketing and psychotherapy notes.
• Determining HIPAA applicability -✓✓Entities that transmit health information
and fall under the three types of covered entities: health plans, clearinghouses, and
providers.
, • National baseline for health information -✓✓HIPAA created a national baseline
for health information Privacy and Security.
• HIPAA preemption -✓✓The ability of state laws to develop health information
statutes that are higher or more restrictive than Federal HIPAA rules.
• Intent of HIPAA -✓✓To improve healthcare programs and data flow between
providers to data mine for fraudulent behavior.
• Transaction & Code Set Rules -✓✓Outlined in 45 CFR 162.100 - 162.1902, these
rules specify the data flows for healthcare transactions.
• Protected Health Information (PHI) -✓✓Information that is protected under
HIPAA regulations, which can be used or disclosed for treatment, payment, and
operations without specific authorization.
• Business Associate Contract -✓✓A contract required between a physician and a
laboratory for disclosing protected health information for treatment.
• Research use/disclosure with individual authorization -✓✓Authorization that
does not expire or continue until the end of the research study.
• Combination of authorizations -✓✓Research use/disclosure with individual
authorization may be combined with an authorization for a different research
activity if treatment is conditioned on it.
• Legal permission or consent in research -✓✓Research use/disclosure with
individual authorization may be combined with other legal permissions or consents
to participate in the research.
• Part 2 regulations -✓✓Regulations that apply to certain isolated providers or
groups within a facility that provide substance use disorder (SUD) services.
• SUD services -✓✓Substance use disorder services that may be subject to Part 2
regulations if provided as a primary function.
• Mental Health Services -✓✓Services that are not subject to the standards in 42
CFR Part 2 and can be shared without consent for treatment purposes.
Real Questions and Accurate Answers (100%
Verified)
• Purpose of HIPAA -✓✓Protect PHI from unauthorized disclosure/use; Prevent
fraud, waste and abuse (via Administrative Simplification); Make health insurance
portable under ERISA; Move health care onto a nationally standardized electronic
billing platform.
• HIPAA CFR section -✓✓45 CFR sections 164.102 through 164.534.
• Subparts of HIPAA part 164 -✓✓Subpart A - General rules; Subpart C - Security;
Subpart D - Breach notification; Subpart E - Privacy.
• Covered Entity Determination -✓✓1. Compare if the organization meets one of
the 3 types of CE (provider, health plan, clearinghouse) and 2. Determine if the
organization electronically transmits one of the 9 defined transactions.
• Defined Transactions -✓✓Health claims or equivalent encounter information;
Health claims attachments; Enrollment and disenrollment in a health plan;
Eligibility for a health plan; Health care payment and remittance advice; Health
plan premium payments; First report of injury; Health claim status; Referral
certification and authorization.
• Business Associates -✓✓Business associates of covered entities must follow
parts of the HIPAA regulations.
• Privacy Act of 1974 -✓✓Established restrictions on how government agencies
can share information maintained in Federal systems of records that might infringe
on an individual's privacy rights.
• HIPAA Entity Designation -✓✓Not considered a HIPAA Entity Designation:
Contract arrangement with FEDEX carrier.
• Gramm-Leach-Bliley Act (GLBA) -✓✓Also known as the Financial Services
Modernization Act of 1999, includes The Financial Privacy Rule and The
,Safeguards Rule requiring all financial institutions to protect customer's personal
financial information.
• OHCA -✓✓Organized Health Care Arrangement, a clinically integrated care
setting where individuals receive health care from more than one provider.
• ACE -✓✓Affiliated Covered Entity, legally separate covered entities that share
common control/ownership and designate themselves as a single CE for the
purpose of complying with the HIPAA Privacy standards.
• ACE Example -✓✓A health system composed of several affiliated hospitals.
• Hybrid Entity -✓✓Entity that conducts both covered functions (healthcare
functions) and non-covered functions (other biz/non-healthcare functions) to elect
to be a 'hybrid entity.'
• Hybrid Entity Example -✓✓A University System that has a research laboratory
or academic medical center.
• HIPAA -✓✓Health Insurance Portability and Accountability Act, which provides
standards for the access, disclosure, transmission, and retention of PHI.
• PHI -✓✓Protected Health Information, which is any information that can be used
to identify an individual and relates to their health status, provision of health care,
or payment for health care.
• Transaction (healthcare transaction) -✓✓The transmission of information
between two parties to carry out financial or administrative activities related to
health care.
• Examples of healthcare transactions -✓✓Healthcare claims, coordination of
benefits, health plan premium payments, remittance advice (or ETF, electronic
fund transfer), referral certification and authorization.
• BA (Business Associate) -✓✓Performs functions or activities on behalf of a
covered entity that involve access by the business associate to protected health
information.
,• Examples of Business Associate functions -✓✓Claims processing, data analysis,
billing, benefit management, quality assurance, quality improvement, practice
management, legal, actuarial, accounting, accreditation, and other administrative
services.
• Business Associate contract requirement -✓✓A hospital is not required to have a
business associate contract with the specialist to whom it refers a patient and
transmits the patient's medical chart for treatment purposes.
• TPO -✓✓Treatment, Payment, and Operations; use and disclosure of PHI for
these purposes requires no specific authorization.
• HITECH -✓✓Health Information Technology for Economic and Clinical Health
Act, which made business associates directly responsible for HIPAA compliance.
• Deemed status of business associates -✓✓Contracted vendors or individuals
performing services related to handling PHI are classified as business associates by
law, regardless of their awareness of this status.
• Subcontractor as a Business Associate -✓✓A subcontractor that creates, receives,
maintains, or transmits PHI on behalf of a business associate is also considered a
business associate.
• Business associate agreement -✓✓Obligation under HIPAA and HITECH for
individuals or entities identified as business associates to enter into a business
associate agreement with their contracted covered entities.
• Exceptions to business associate agreement mandate -✓✓For purposes of TPO,
determining health plan eligibility and enrollment, and when there is no
involvement of use/disclosure of PHI.
• Authorization to use/disclose PHI -✓✓A covered entity requires authorization to
use/disclose PHI for sales and marketing and psychotherapy notes.
• Determining HIPAA applicability -✓✓Entities that transmit health information
and fall under the three types of covered entities: health plans, clearinghouses, and
providers.
, • National baseline for health information -✓✓HIPAA created a national baseline
for health information Privacy and Security.
• HIPAA preemption -✓✓The ability of state laws to develop health information
statutes that are higher or more restrictive than Federal HIPAA rules.
• Intent of HIPAA -✓✓To improve healthcare programs and data flow between
providers to data mine for fraudulent behavior.
• Transaction & Code Set Rules -✓✓Outlined in 45 CFR 162.100 - 162.1902, these
rules specify the data flows for healthcare transactions.
• Protected Health Information (PHI) -✓✓Information that is protected under
HIPAA regulations, which can be used or disclosed for treatment, payment, and
operations without specific authorization.
• Business Associate Contract -✓✓A contract required between a physician and a
laboratory for disclosing protected health information for treatment.
• Research use/disclosure with individual authorization -✓✓Authorization that
does not expire or continue until the end of the research study.
• Combination of authorizations -✓✓Research use/disclosure with individual
authorization may be combined with an authorization for a different research
activity if treatment is conditioned on it.
• Legal permission or consent in research -✓✓Research use/disclosure with
individual authorization may be combined with other legal permissions or consents
to participate in the research.
• Part 2 regulations -✓✓Regulations that apply to certain isolated providers or
groups within a facility that provide substance use disorder (SUD) services.
• SUD services -✓✓Substance use disorder services that may be subject to Part 2
regulations if provided as a primary function.
• Mental Health Services -✓✓Services that are not subject to the standards in 42
CFR Part 2 and can be shared without consent for treatment purposes.
