Chapter 7 Privacy Law and HIPAA
Chapter 7 Privacy Law and HIPAA
Teaching Strategies
• Ask students to describe their last encounter with the HIPAA regulations. Was it at their doctor’s office, the dentist or the pharmacy? Was HIPAA explained to them or was it a routine
“sign this form” encounter? Have any students not had an encounter with the HIPAA regulations when they should have, i.e., their family practitioner has not asked them to sign a HIPAA release?
• Have students give examples of where they have seen HIPAA violated recently, particularly
with regard to confidentiality of medical information. Listen carefully to their responses as
sometimes what the student thinks is a HIPAA violation is not a HIPAA violation.
• Invite a HIPAA compliance officer from a local medical practice and/or hospital to be a guest
speaker in the class.
• Have students research the updates to HIPAA by using the websites listed in the text.
Has anything changed?
• A patient arrives in the lobby and refuses to complete the sign in sheet, loudly stating that
sign in sheets are a violation of HIPAA. In another incident, a patient objects to having her
name called when it is her turn to see the physician. She says a clinic in a neighboring
city matches photographs of patients to the patients sitting in the waiting room, since
HIPAA prohibits calling out names where others can hear. Have students discuss how they are going to handle these particular situations.
• Use the two situations in the preceding bullet to begin a discussion of how a fear of HIPAA
violations and subsequent fines can lead to unsubstantiated rumors and fears. Ask students
what they can do to prevent “overkill” concerning compliance with the HIPAA privacy standard.
• The focus of HIPAA has been Standard 2 Privacy Rule. Discuss with the students the importance of the other 3 standards as part of doing the business of health.
• Have students collect privacy notices from various offices. See if there are any major differences.
• Ask students to prepare a short essay on “the importance of privacy in my life.” You will get a wide variety of responses to the topic.
Answers
Check Your Progress
1. Information collected and stored about individuals should be limited to what is necessary
to carry out the functions of the business or government agency collecting the information;
once collected, access to personal information should be limited to those employees who must use the information in performing their jobs; personal information cannot be released outside the organization collecting it unless authorization is obtained from the subject; when information is collected about a person, that person should know that the information is being collected and should have the opportunity to check the information for accuracy.
2. Health Insurance Portability and Accountability Act (HIPAA)
3. Under HIPAA, covered entities include health plans, health care clearinghouses, and all
health care providers that transmit HIPAA standard transactions electronically. Covered
transactions are electronic exchanges of information between two covered-entity business
partners using HIPAA-mandated transaction standards.
4. hospitals, long-term care facilities, clinics, physicians’ offices, health care plans, medical
laboratories, and so on.
5. physicians treating the same patient exchange medical records for the patient; a hospital forwards a patient’s medical information to an insurance company; a physician’s office forwards
a patient’s medical information to an insurance company; a physician sending patient identifiable information to a billing service; any health care provider employs another entity, such as a clearinghouse or billing agency, to send claims to payers or health plans
6. State preemption means that if a state’s privacy laws are stricter than HIPAA privacy standards and/or guarantee more patients’ rights, the state laws will take precedence.
7. Standard 1: Transactions and Code Sets—for uniformity in reporting
Standard 2: Privacy Rule—for protecting PHI during electronic transmission
Standard 3: Security Rule—for securing electronic storage and transmission against unauthorized intruders
Standard 4: National Identifier Standard—providers for uniform national identifiers for
the movement of electronic transactions. The four identifiers are: provider, health plan, employer, and individual.
8. Standard 2: Privacy Rule
9. Disclosure to authorized HHS representatives; disclosure to patient
10. Access to medical records and the right to copy them; Request for amendment to designated
record set; Request for an accounting of disclosures of PHI; Request to be contacted at an alternate location; Requests for further restrictions on who has access to PHI; Right to file a complaint.
Chapter 7 Ethics Guide
Discussion Questions
Ethical Issue #1
1. No, since Sharon’s husband has no legal or ethical reason to receive the information.
2. They should explain to family members and friends that it is illegal and unethical for them to release such information about patients.
Ethical Issue #2
1. You can explain that the privacy notice concerns the patient’s rights about release of his medical information, and ask him to take the notice with him. You should also note the refusal and your action in the chart.
Ethical Issue #3
1. Because of the possibility of unauthorized persons’ misuse of individuals’ medical information, and because such information is limited by law to those authorized to receive it.
2. Privacy for protected health information can never be completely guaranteed, because of the possibility of theft or human error.
3. The medical office records assistant has not acted ethically, behaving in a rude and inappropriate manner with the patient. Patients should be treated with respect at all times.
The physician has not acted ethically behaving in a rude and inappropriate manner with the patient. Patients should be treated with respect at all times.
The person requesting that the patient submit his request in writing has acted ethically. The person responsible for faxing a patient’s health information has not acted ethically. The mistake was probably not intentional, but checking and double-checking fax numbers before sending protected health information should be the rule.
Chapter 7 Review
Applying Knowledge
1. Health Insurance Portability and Accountability Act
2. U.S. Department of Health and Human Services (HHS)
3. Complaints are filed with HHS, through the Office for Civil Rights
4. Centers for Medicare and Medicaid Services
5. Covered entities are health care providers that transmit HIPAA standard transactions electronically and are people, businesses, or agencies that must comply with the HIPAA Standards and Privacy Rule.
6. An electronic transmission is the sending of information from one network-connected
computer to another. HIPAA addresses it because protected health information is often
transmitted electronically, and such transmissions must protect patient confidentiality.
7. to standardize and simplify the recording and transmission of health information
8. Standard 1—Transactions and Code Sets
9. Notice of Privacy Practices
10. all health records collected for a patient, including lab results, X-rays, notes, and so on
11. the law that most stridently protects patient privacy
12. to mandate protection of electronic networks and equipment from unauthorized intrusion
13. a
14. d
15. b
16. d
17. a
18. b
19. d
20. c
21. b
22. d
23. a
24. k
25. j
26. h
27. b
28. c
29. f
30. d
31. g
32. a
33. e
Case Studies
34. Give Mona a privacy notification form on which she can stipulate where she wants to
be notified, and who she authorizes to receive her health care messages.
35. Lewis can request a list of all those who have received his PHI, and his health care provider
should fulfill his request.36. No, the EMT cannot release this information—especially since the patient herself refused to
release the information—because to do so would violate the patient’s privacy.
37. No, they cannot release the information because to do so would violate the patient’s
privacy.
38. Answer depends upon the circumstances. If the child is a minor and if the information is
not about the teenager’s need for birth control or other sexual orientation health care, then the mother has the right to the information. However, if the child is not a minor and/or the information is pertinent to the daughter’s care because she (the daughter) is sexually active, then the mother is not entitled to the information. Most physicians try to cover themselves in such situations by making sure all the appropriate releases are in place when minors are accepted as patients.
Internet Activities
39. The web site inside.duke.edu is Duke University’s healthcare newsletter. Although the article on “Training the HIPAA” was written shortly after HIPAA became effective, it is a well organized website that will give the students an opportunity to see a lot of information in a concise manner.
40. Answers will vary.
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- chapter 7 learning psychology quizlet
- chapter 7 financial management course
- chapter 7 connect
- chapter 7 connect finance
- chapter 7 photosynthesis quizlet
- chapter 7 psychology quizlet
- psychology chapter 7 quiz quizlet
- chapter 7 membrane structure and function key
- chapter 7 membrane structure and function
- ar 600 20 chapter 7 and 8
- chapter 7 7 special senses quizlet
- chapter 7 7 special senses answers